Privacy Digest

Feds Start Moving on Net Security Hole - Via Threat Level:

Starting Thursday morning, the U.S. government is seeking comment on who should create and vouch for the internet's most crucial document -- the root zone file -- that serves as the cornerstone of the system that lets users get to websites and emails find their way to inboxes.

The non-profit ICANN, the for-profit Verisign and the Commerce Department's National Telecommunications and Information Administration all have different answers to what is a long-standing, and geopolitically charged internet governance question.

But the only thing that matters for the security of the internet is the speed that they answer the question, according to domain-name system expert
Paul Vixie.  read more »

Average privacy policy takes 10 minutes to read, research finds - Via OUT-LAW.COM :

Website privacy policies take on average 10 minutes to read and sometimes run into thousands of words, researchers have found. While some are short, others would take over half an hour to read, researchers said.

Researchers Aleecia McDonald and Lorrie Faith Cranor of Carnegie Mellon University looked at online privacy policies and how long it would take to read them. While one policy they looked at was just 144 words long, they found one policy on a popular site that ran to 7,669 words, around 15 pages of text.

The average length of privacy policies used by the 75 most popular US websites is 2,500 words, the research found. Using the reading speed of 250 words per minute which is typical for those who have completed secondary education, the average policy would take 10 minutes to read.

The length of privacy policies is often cited as one reason they are so commonly ignored. "Studies show privacy policies are hard to read, read infrequently, and do not support rational decision making," said the researchers, acknowledging the fact that the policies are rarely read.  read more »

Next President Must Preserve Free Speech on the Internet - Via CDT - PolicyBeta:

[Ed. Note: this is the second in a series of blog posts addressing a range of technology and civil liberties issues we believe America's next President and Congress will have the chance to take a fresh look at, and the opportunity to set a policy course for the Internet that will keep it open, innovative and free.]

It will be critical for the next President to do his part to uphold the Internet’s robust culture of free speech and innovation as we march further into the 21st Century. In stark contrast to the mass media of the last century, the Internet has provided, at very low cost, virtually unlimited forums for both creators and consumers of new content and technologies. This in turn has created a huge boost for participatory democracy and our economy. The next Administration must reject Congressional or agency efforts to censor content or stifle the fire of innovation on the Internet and other communications media.

All Digital Media Deserve Maximum First Amendment Protection  read more »

Opting In (or Out) is Hard to Do - Via Freedom to Tinker:

Thanks to Ed and his fellow bloggers for welcoming me to the blog. I'm thrilled to have this opportunity, because as a law professor who writes about software as a regulator of behavior (most often through the substantive lenses of information privacy, computer crime, and criminal procedure), I often need to vet my theories and test my technical understanding with computer scientists and other techies, and this will be a great place to do it.

This past summer, I wrote an article (available for download online) about ISP surveillance, arguing that recent moves by NebuAd/Charter, Phorm, AT&T, and Comcast augur a coming wave of unprecedented, invasive deep-packet inspection. I won't reargue the entire paper here (the thesis is no doubt much less surprising to the average Freedom to Tinker reader than to the average lawyer) but you can read two bloggy summaries I wrote here and here or listen to a summary I gave in a radio interview. (For summaries by others, see [1] [2] [3] [4]).

Two weeks ago, Verizon and AT&T told Congress that they would monitor for marketing purposes only users who had opted in. According to Verizon VP Tom Tauke, "[B]efore a company captures certain Internet-usage data for targeted or customized advertising purposes, it should obtain meaningful, affirmative consent from consumers."

I applaud this announcement, but I'm curious how the ISPs will implement this promise.  read more »

Commissioner Cavoukian outlines what will need to be done to protect privacy in the 21st century - Via CNW Group | OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER/ONTARIO:

TORONTO, Sept. 26 /CNW/ - Ontario Information and Privacy Commissioner Ann Cavoukian is unveiling a key white paper outlining what will need to be done to protect privacy in the future, at a special presentation at the University of Waterloo, on Monday, September 29, 2008.

"As a regulator, I have been called many things during my tenure," said the Commissioner, "but rarely have I been called a dreamer. But that is precisely the practice one must engage in if privacy is to not only survive, but thrive, well into the future. But dreaming is not enough. As a pragmatist, I must embed that dream into reality. One way of doing so is seeking to embed privacy into the design and architecture of all technologies, so that it may live well into the future. So you might call me a radical pragmatist, because I dream BIG - in technicolour; there is no black and white anymore."  read more »

New Jersey's Cablevision Hijacks DNS Error Pages - Via Slashdot:

Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." --- Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.

(Read Original Article - Via Slashdot .)

Editor: My provider, Verizon, has been doing this also for a while. But if you push hard enought they will give you alternate DNS servers without this 'feature'.

New Lobbying Group Calls for Internet Filtering - Via Threat Level:

A just-formed lobbying group of content producers, equipment makers and internet gatekeepers said Thursday that internet service providers should embrace filtering.

Behind the lobby are AT&T, Cisco Systems, Microsoft, NBC Universal, Viacom and the Songwriters Guild of America. Among other things, the lobby, called Arts+Labs, says "network operators must have the flexibility to manage and expand their networks to defend against net pollution and illegal file-trafficking which threatens to congest and delay the network for all consumers."

The creation of the lobbying group came almost two months after the Federal Communications Commission issued an open invitationto ISPs to filter for unauthorized copyright material. The Aug. 1 invite was buried in the text of the FCC's stinging rebukeof Comcast for throttling BitTorrent and other peer-to-peer traffic.

AT&T and NBChave already made it clear they support blocking streams of unauthorized works, for obvious reasons. NBC and the songwriters want to get paid for their works. and AT&T supports filtering because it could reduce high-volume, peer-to-peer traffic.

And Cisco has the means to produce filtering equipment, while Microsoft has recently secured a patentto watermark music and track it through the internet.  read more »

Comcasts Spells Out Congestion Management Plans - Via CDT - PolicyBeta:

Back in March, CDT welcomed Comcast’s announcement that it would move to a “protocol agnostic” technique for managing network congestion. No technical details were provided, but the announcement certainly seemed to imply that the new technique would steer clear of singling out particular protocols, services, or content for inferior treatment. In other words, it would avoid the kind behavior that gives Internet neutrality advocates fits and that puts network operators in a position to undermine unfettered innovation. To use a potentially loaded term, the announcement seemed to imply that the new technique would be neutral.

But we also noted that we would have to wait and see how the new technique actually works. However promising the term “protocol agnostic” might sound, it doesn’t exactly have a widely accepted meaning.

Well, Comcast has now filed with the FCC a description of the new congestion management technique it is rolling out. Based on that description, it appears to be the real deal.  read more »

Internal DHS Documents Detail Expansion of Power to Read and Copy Travelers' Papers - Via EFF.org Updates:

San Francisco - Recently obtained documents show that last year the Department of Homeland Security quietly reversed a two-decades-old policy that restricted customs agents from reading and copying the personal papers carried by travelers, including U.S. citizens. The documents were made public today by the Asian Law Caucus (ALC) and Electronic Frontier Foundation (EFF), which sued the government under the Freedom of Information Act (FOIA) to obtain policies governing the searches and questioning of travelers at the nation’s borders.

The documents show that in 2007, Customs and Border Protection (CBP) loosened restrictions on the examination of travelers' documents and papers that had existed since 1986. While CBP agents could previously read travelers' documents only if they had "reasonable suspicion" that the documents would reveal violations of agency rules, in 2007 officers were given the power to "review and analyze" papers without any individualized suspicion.  read more »

What to Listen for During Hearing on Re-write of FBI Investigation Guidelines - Via CDT - PolicyBeta:

On September 23, the Senate Select Committee on Intelligence will conduct a hearing on new Attorney General Guidelines governing FBI investigations and the collection of domestic intelligence. The Department of Justice first issued guidelines governing FBI investigations in 1974 and has loosened them virtually every time it has re-visited those guidelines.

Now, Justice is engaged in a substantial re-write. CDT was given a peek at the new guidelines while still in draft form. The real news behind the re-write is that when the dust settles, the FBI will be permitted to engage in intrusive investigative techniques without having a tip that a crime may be committed and without having evidence of a particularized threat to national security.  read more »

Won’t someone think of the children’s speech?: Internet Technical Safety Task Force - Via Wendy's Blog: Legal Tags:

I’m at Berkman for the open meeting of the Internet Technical Safety Task Force, a group convened at the pressing of state attorneys general to address children’s safety on social networking sites. The day kicked off with statements from Mass and Conn. attorneys general, to be followed by presentations from technology companies offering “solutions” and suggestions.

Live tweeting and identi.ca-ing

(Read Original Article - Via Wendy's Blog: Legal Tags.)

Comcast Unveils Its New Traffic Management Architecture - Via EFF.org Updates:

Late on Friday night, Comcast filed an overview of its new traffic management arrangements with the FCC. This is the long term replacement for its controversial practice of using forged TCP Reset packets to limit the use of peer to peer protocols.

The new system appears to be a reasonable attempt at sharing limited bandwidth amongst groups of users. Unlike TCP RST spoofing, it doesn't explicitly discriminate against some applications, and it doesn't threaten protocol developers with interoperability problems and uncertainty about network behavior.  read more »

PC World - EFF, Public Knowledge sue US gov't over secret IP pact - Via PC World :

Two digital rights advocacy groups have filed a lawsuit against the Office of the US Trade Representative (USTR) in an attempt to get the office to turn over information about a secret international treaty being negotiated to step up cross-border enforcement of copyright and piracy laws.

The Electronic Frontier Foundation (EFF) and Public Knowledge filed the lawsuit Wednesday after USTR ignored their repeated requests to turn over information about the proposed Anti-Counterfeiting Trade Agreement (ACTA).

ACTA could include an agreement for the US, Canada, the European Commission and other nations that are part of the talks to enforce each other's intellectual-property (IP) laws, with residents of each country subject to criminal charges when violating the IP laws of another country, according to a supposed ACTA discussion paper posted on Wikileaks.org in May.  read more »

U.N. agency eyes curbs on Internet anonymity - Via Politics and Law - CNET News :

A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.

The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

The potential for eroding Internet users' right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor anonymizing network.

Tell the FCC to Open Up White Spaces! - Via EFF.org Updates:

Last week, we sent out a call to action over the “white spaces” issue soon to be addressed by the FCC. Let’s take a closer look at why this issue matters.

It ought to be a no-brainer to say that the airwaves belong to everyone. We use the airwaves to carry TV and radio signals, for our cellphones and cordless phones, even for garage door openers and baby monitors. And while corporations are given license to use limited slices of the spectrum for radio and TV, the airwaves remain public property, a treasure we hold in common.

The FCC’s job is to regulate this valuable resource in the public interest. Later this fall, the FCC is expected to decide what should be done with “white spaces,” the unused areas of the spectrum that lie between channels licensed by TV and radio broadcasters. These white spaces amount to vast, unused real estate in the spectrum, a territory that will only increase in February 2009 with the discontinuation of analog TV signals.  read more »