From time to time, we see unenlightened comments about the efficacy of laws in the fight against spam. "Laws won't stop spam" being the most common. No, they won't. What laws do is dissuade some people from undertaking shoddy mailing practices or even outright spam campaigns. Laws don't stop murder, rape and robbery either, but for those un-dissuaded who undertake such heinous crimes, we, as a society, have laws for punitive effect. They pay the price society exacts for their actions. C-28 will attenuate spam in Canada, and help us to fight spam internationally. more
Michael Geist writes: "The bills contain a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers. The first prong mandates the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so. The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers." more
Over the past few weeks, regulators have rekindled their interest in an online Do Not Track proposal in hopes of better protecting consumer privacy. ... There are a variety of possible technical and regulatory approaches to the problem, each with its own difficulties and limitations, which I'll discuss in this post. more
In a recent article, I read about increasingly intrusive tracking of online users, which has lead to a proposal at the FTC, "FTC Chairman Jon Leibowitz said the system would be similar to the Do-Not-Call registry that enables consumers to shield their phone numbers from telemarketers." Maybe I'm dense, but even if this weren't a fundamentally bad idea for policy reasons, I don't see how it could work. more
The White House has recently released a draft of the National Strategy for Trusted Identities in Cyberspace. Some of its ideas are good and some are bad. However, I fear it will be a large effort that will do little, and will pose a threat to our privacy. As I've written elsewhere, I may be willing to sacrifice some privacy to help the government protect the nation; I'm not willing to do so to help private companies track me when it's quite useless as a defense. more
A directive known as "Written Declaration 29," adopted last week by the European Parliament, calls for legislation that would require search engines to make a record of all search queries, as reported today by Startpage and Ixquick, anonymous search engine providers. "Framed as a measure to crack down on paedophiles, the controversial Declaration calls on the EU to require that search engines store all search traffic for up to two years for possible analysis by authorities." more
A couple of months ago, I wrote a post posing the question of whether or not more government regulation is required in order to secure the Internet. On the one hand, anonymity is viewed in the west as a forum for freedom of speech. The anonymity of the Internet allows dissidents to speak up against unpopular governments. However, the anonymity afforded by the Internet is not so much by design as it is byproduct of its original designers not seeing how widespread it would eventually become. more
What happens to companies when they get too big for their own good? Do they inadvertently do things that potentially harm our privacy (think Facebook)? Or, do they simply make mistakes that violate our privacy? Well, last month Google revealed that its Street View cars "mistakenly" captured content flowing over wireless networks -- a potential invasion of privacy. more
Duncan Geere reporting in Wired: "Since the slow introduction of internet monitoring systems around the world began, more and more people have attempted to preserve their privacy by signing up for VPN services like the Pirate Bay's Ipredator and Pirate Party offering Relakks. But it turns out that there's a gaping security flaw in these services that allows individual users to be identified..." more
BP and the Oil Industry are taking a lot of heat these days - much of it rightly so. Moving beyond the drama and evaluating the overall response of BP and others reinforces much of what is taught in incident response training and preparation... by showing the outcomes when one does not respond well. This is probably the most important incident that the responders involved will deal with in their professional lives. For those of us working to protect Internet Infrastructure and resources there are useful lessons as we consider what is happening in the Gulf of Mexico and their response effort. more
A recent study reveals a browser history detection method, largely dismissed as an issue with minimal impact, can in fact be used against a vast majority of Internet users with significant malicious potential. Researchers, Artur Janc and Lukasz Olejnik, analyzed real-world results obtained from 271,576 Internet users and have reported the results in a paper titled, "Feasibility and Real-World Implications of Web Browser History Detection". more
A recent decision from a federal district court addresses an issue I hadn't seen before: whether searching malware on the suspect's computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn't tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose. more
Facebook sure is getting beaten up recently. There's even a crowd-funded initiative to replace it with something open, called Diaspora -- everyone on Facebook is talking about it. Yet it wasn't even two full years ago that Facebook was the darling of the ditherati. For a while it seemed as if nearly everything Facebook did was hailed as the future of messaging, perhaps the future of the Internet - or maybe the Internet didn't matter anymore, except for Facebook. more
One of the RSS feeds that I read is Reason magazine, which is a web site for libertarians. In general, libertarians want less government intervention both in our personal lives and in the economy. The idea behind libertarians is that today's Republicans want less government intervention in our economy but are perfectly fine to have them dictate some aspects of morality. Similarly, today's Democrats want less government intervention in our personal lives but are perfectly fine with creating government bureaucracy to deliver social services. That's an oversimplified summary, but is more or less correct. About two months ago I got an article in my RSS feed where Reason was commenting on the government's response to the cyber war threats. more
At the round tables on privacy held by the Federal Trade Commission, Indiana University law school professor and member of the board of the Privacy Projects, Fred Cate said out loud what long has been silently known about consumer protections based on the notices web sites post to describe their data protection practices and the consumers' choice to click on or away. Cate said: "Choice is an illusion." There is more than a bit of substance behind the bumper sticker... more