Thursday, February 01, 2007

Technolog Matters In The News

There is a lot of news on the technology front. Doug Eisenberg runs an Internet site (Gigalaw http://www.gigalaw.com/news/index.html) that specifically focuses on the laws and events related to technology. Eisenberg has been doing this for several years and has become one of the foremost experts on the law and technology in the nation. His web site has a sign-up for e-mail delivery and anyone involved with technology should sign-up ASAP.

US Government Earns A 'D' In Cybersecurity: Trade Group Points To Three Areas That Need To Be Taken More Seriously

If the US government is earning this type of grade regarding technology security, which is a fundamental necessity to assuring that the databases they maintain are not tampered with in any way, how reliable are the databases and the systems the government is using to collect all the “secret” data about all of us (c.f. the various NSA warrantless spying programs, the Navy’s new effort to collect more data, the TSA programs to collect flight passenger data, the collection of ISP and telephone data, etc.)?

We cannot trust the government when it says, “Trust us, we will protect your rights and your privacy.” There have been breaches at top secret research centers, the VA hospitals, the Social Security Administration and the IRS. God only knows what breaches have occurred that we are not let in on because it would embarrass the CIA, the Pentagon, the DOE, the NSA or other agencies that are supposed to protecting us and collecting “intelligence”

There is an old rub that “military intelligence” is an oxymoron. Perhaps we should change that to “government data security” is an oxymoron and impossible. Then again, given the number of hacker attacks on the various corporations, including some that are in the data security business, can we really expect security when we deal on-line? Perhaps not. Which is why some of the technology laws proposed this week should really become a priority for all of us. But congress’s record on protecting us from data invasions, network breaches and governmental tyranny is not that great.

The Cyber Security Industry Alliance has given the U.S. government D grades on its cybersecurity efforts in 2006, and renewed its call for the U.S. Congress to pass a comprehensive data protection law in 2007.

The CSIA, a trade group representing cybersecurity vendors, gave the U.S. government D grades in three areas: security of sensitive information, security and reliability of critical infrastructure, and federal government information assurance.

"Government needs to take these issues very seriously," said Liz Gasster, the CSIA's acting executive director and general counsel.

Among the problems in 2006: The U.S. Department of Veterans Affairs reported a data breach involving the personal information of 26.5 million military veterans and family members. Other agencies also reported multiple lost laptops containing personal information. The CSIA called on agencies to notify citizens of data breaches.

After a rash of reported data breaches in early 2005, members of Congress introduced multiple bills requiring companies with data breaches to notify affected consumers. But a breach-notification law failed to pass, partly because of jurisdictional fights between multiple congressional committees.

A comprehensive data security bill should include breach notification, but also a requirement that all organizations holding sensitive data -- including private companies, government agencies, nonprofits, and educational institutions -- use reasonable security standards, Gasster said. The U.S. Federal Trade Commission has taken action against several companies, but a comprehensive law would give the FTC or another agency broad jurisdiction to investigate data breaches, she said.

The CSIA is optimistic a comprehensive data breach law will pass in the next year, even though it stalled in the last Congress, Gasster added. Major data breaches continue to happen, and consumers will increase the pressure on Congress to act, she predicted. In mid-January, retailer TJX Companies Inc. reported a massive data breach.

"Consumers just are not going to put up with is," Gasster said.

Here's how the CSIA generated its government cybersecurity grades:

-- Security of sensitive information, grade D: Congress ratified the Council of Europe Convention on Cyber Crime, allowing the U.S. to work with other signatories on cybersecurity investigations, but failed to pass a comprehensive law to protect sensitive personal information.

-- Security and resiliency of the critical information infrastructure, grade D: The Department of Homeland Security appointed an assistant secretary for cybersecurity and telecommunications and implemented some cybersecurity program, but it hasn’t offered a clear agenda for its top cybersecurity research and development priorities or established a survivable emergency coordination network to handle a large-scale cybersecurity disaster.

-- Federal information assurance, grade D: Government continues to offer a "mixed bag of successes and failures," the CSIA said, with progress within the White House Office of Management and Budget's enforcement of cybersecurity directives and implementation of U.S. President George Bush's Homeland Security Presidential Directive 12, requiring agencies to start issuing smart identification cards. But the government needs to do a better job in several areas, including security issues with telecommuting and releasing information on the cost of cyberattacks, the CSIA said.

In addition to a comprehensive data protection bill, CSIA called for the U.S. government to strengthen the power of agency chief information officers and called on agencies to increase testing of cybersecurity controls.


Web Giants Ask For Feds' Help On Censorship

Since the web portals themselves engage in censorship (i.e. Go Daddy’s pulling of a popular web site and all of its pages because of one complaint), it seems odd that these big corporations would want help from the US government on pushing forward a universal set of rules regarding web site censorship. Given that the US government has also engaged in censorship, firing some employees (or at least instigating that firing) because they legitimately criticized some of the US government’s security failures.

What is really going on is that these big corporations need the political clout to stop nations like China, India, Saudi Arabia, and others that persist on shutting down or blocking the activities and business of these corporations in their international commerce efforts.

While I support some form of universal Internet standards and rules, we must at least acknowledge that the folks doing the loudest barking on these issues are self-serving and more interested in lining their pockets than anything altruistic like the right to knowledge and expression. It must also be acknowledged that some of these corporations have surrendered data to the feds without a warrant or probable cause.
Google, Yahoo and Microsoft representatives on Tuesday implored the U.S. government to help set ground rules for complying with demands by foreign law enforcement agencies for user records or censorship.

But a key question that remains after the U.S. Department of State concluded its inaugural global Internet freedom conference here is how to determine when such requests are "legitimate" and warrant compliance.

That issue took center stage last year amid reports that Chinese authorities had succeeded in silencing--and in some cases imprisoning--cyberdissidents, thanks to cooperation from Yahoo and Microsoft.
"There are lots of ways in which democracies and quasidemocracies restrict access to content and information, and they conflict."
--Andrew McLaughlin, Google senior policy counsel

"It's not very simple when they just say, 'Here's the e-mail account, and we're investigating under the following 17 organized crime and terrorism statutes,'" said Andrew McLaughlin, Google's senior policy counsel. "We can't just go...snooping through e-mail accounts to figure out whether we like what they've been engaged in."

Even under U.S. law, corporations aren't expected to make moral judgments about the legitimacy of FBI or other authorities' requests for information about their users, so they shouldn't be expected to do the same on an international level, suggested Michael Samway, Yahoo's deputy general counsel. "That's why we need the government's help," he said.

Google's McLaughlin went so far as to suggest that the government "fight for our interests in the trade arena the same way they've been fighting for our interests in Detroit. Censorship should be treated as a trade barrier and be written into free-trade agreements."

State Department officials had few concrete answers themselves, though some had strong words for their international counterparts.



Net Neutrality, Broadband Taxes Top House Tech Agenda


The issue of net neutrality will benefit every consumer in the US, which is why so many high-tech firms have lined up against it. These companies want a monopoly over the lines and fiber that carry Internet accessibility and the content that goes with it. It isn't that these companies will become less profitable than they currently are, its that they do not want the competition. Right now about seven major corporations control what is called the Internet backbone. These controlling interests in the backbone also use rights of way given to the telephone and utility companies that have benefited from the largess given to them back in the early parts of the 20th century for the purposes of supplying telecommunications, electricity and gas lines to the consumers, municipalities and other governmental entities.

There is also an effort to control the VoIP markets. Which is why there is a push for new Internet taxes. These taxes will widen the digital divide between those with more money and those with not enough money to make ends meet, not to mention those in urban and suburban areas versus those in rural areas. The big high tech corporations have lined the pockets of a lot of congress critters and the laws governing accessibility and taxes always seem to benefit these companies more than us consumers. I recommend we watch these bastards carefully.
A key House Democrat on Wednesday said his 2007 goals are to enact legislation related to Net neutrality, patents, and broadband regulation and taxation, including authorizing local governments to offer their own Internet service.

Brokering a truce between Internet companies and network operators that have been battling over Net neutrality legislation is a top priority, Rep. Rick Boucher of Virginia said in his kickoff speech at an annual conference organized by the Congressional Internet Caucus Advisory Committee. Boucher is a co-chairman of the caucus.

Last year, Boucher voted for an unsuccessful amendment--fiercely opposed by broadband providers--that would have imposed strict regulations on them. He moderated his tone slightly on Wednesday, saying, "I don't want to do anything in terms of a legislative remedy that ensures an open and accessible Internet but has the effect of hobbling innovation inside the network."
Rick Boucher Rick Boucher

Boucher and Rep. Lee Terry, a Nebraska Republican, also plan to push hard over the next few months for passage of a proposal, introduced two years ago, that would create new broadband taxes. Their bill would formally allow companies that receive such subsidies to use them for deploying broadband service, which existing law does not.

Right now, telecommunications companies--including those offering wireless, pay-phone, traditional-telephone and DSL services--are taxed on a fixed percentage of their long-distance revenue and required to pay it into a multibillion-dollar fund.

Concerned that dwindling long-distance revenue has eroded the fund, the Federal Communications Commission last year extended a similar requirement to some voice over Internet protocol (VoIP) providers as well.

Boucher said his bill would spread the contribution requirements among "all who offer a network connection" and require companies to collect fees on local telephone calls as well. He said the new sources will "replenish the fund and enable it to be sustained."

It was unclear how high the new taxes would be, but companies typically pass those fees on to consumers in the form of a line item charge. The bill would also place an undisclosed cap on the amount of money distributed to companies for rolling out services in rural and high-cost areas. Boucher said he hopes that it will go to a floor vote by the end of the year.

On the other hand, network neutrality, overhauling the patent and copyright laws, and making technology and communications more available are good things.
A key House Democrat on Wednesday said his 2007 goals are to enact legislation related to Net neutrality, patents, and broadband regulation and taxation, including authorizing local governments to offer their own Internet service.

Brokering a truce between Internet companies and network operators that have been battling over Net neutrality legislation is a top priority, Rep. Rick Boucher of Virginia said in his kickoff speech at an annual conference organized by the Congressional Internet Caucus Advisory Committee. Boucher is a co-chairman of the caucus.

Last year, Boucher voted for an unsuccessful amendment--fiercely opposed by broadband providers--that would have imposed strict regulations on them. He moderated his tone slightly on Wednesday, saying, "I don't want to do anything in terms of a legislative remedy that ensures an open and accessible Internet but has the effect of hobbling innovation inside the network."

Boucher and Rep. Lee Terry, a Nebraska Republican, also plan to push hard over the next few months for passage of a proposal, introduced two years ago, that would create new broadband taxes. Their bill would formally allow companies that receive such subsidies to use them for deploying broadband service, which existing law does not.

Right now, telecommunications companies--including those offering wireless, pay-phone, traditional-telephone and DSL services--are taxed on a fixed percentage of their long-distance revenue and required to pay it into a multibillion-dollar fund.

Concerned that dwindling long-distance revenue has eroded the fund, the Federal Communications Commission last year extended a similar requirement to some voice over Internet protocol (VoIP) providers as well.

Boucher said his bill would spread the contribution requirements among "all who offer a network connection" and require companies to collect fees on local telephone calls as well. He said the new sources will "replenish the fund and enable it to be sustained."

It was unclear how high the new taxes would be, but companies typically pass those fees on to consumers in the form of a line item charge. The bill would also place an undisclosed cap on the amount of money distributed to companies for rolling out services in rural and high-cost areas. Boucher said he hopes that it will go to a floor vote by the end of the year.


Windows Vista's Hyped Security Will Be Tested

And the race to break Microsoft's claim to improved security and function is off! Everyone I know has some horror story about Microsoft products. Gates and company have made promises and wide-eyed claims that have failed to come to fruition. As I remember it, Windows XP was supposed to fix a lot of security issues. So we have heard Microsoft's claims and bragging before... I always adopt a "wait and see" approach, which is probably wise now that the hackers are off and running.
Computer hackers are off and running trying to find vulnerabilities in Microsoft Corp.'s (MSFT.O: Quote, Profile , Research) new Windows Vista operating system, putting to test the software maker's claim that it is the most secure Windows program ever.

The new version of Windows, the computer operating system that runs over 95 percent of the world's computers, became available to consumers on Tuesday after five years of development and a number of delays to improve security.

A high-profile new product like Windows Vista draws interest from the entire spectrum of the computer security industry, ranging from hackers trying to exploit a breach for criminal means to researchers looking to make a name for themselves as security experts.

"For sure, people are hammering away on it," said Jeff Moss, the organizer of Defcon, the world's largest hacking convention. "If you are a bad guy and you find a problem, you have a way to spread your malware and spyware."

Most security experts see Vista as a more secure operating system than its predecessor, Windows XP, but even Microsoft acknowledges it's not impenetrable and attackers will undoubtedly look for a way in.


Teen Accuses Record Companies Of Collusion

In an effort to turn the tables on the big record companies and their tyranny pressed upon even young kids, this story offers a novel approach to copyright infringement defense. All I can say is "Go Robert!"
A 16-year-old boy being sued by five record companies accusing him of online music piracy accused the recording industry on Tuesday of violating antitrust laws, conspiring to defraud the courts and making extortionate threats.

In papers responding to the record companies' lawsuit, Robert Santangelo, who was as young as 11 when the alleged piracy occurred, denied ever disseminating music and said it's impossible to prove that he did.

Santangelo is the son of Patti Santangelo, the 42-year-old suburban mother of five who was sued by the record companies in 2005. She refused to settle, took her case public and became a heroine to supporters of Internet freedom.

The industry dropped its case against her in December but sued Robert and his sister Michelle, now 20, in federal court in White Plains. Michelle has been ordered to pay $30,750 in a default judgment because she did not respond to the lawsuit.

Robert Santangelo and his lawyer, Jordan Glass, responded at length Tuesday, raising 32 defenses, demanding a jury trial and filing a counterclaim against the companies that accuses them of damaging the boy's reputation, distracting him from school and costing him legal fees.

His defenses to the industry's lawsuit include that he never sent copyrighted music to others, that the recording companies promoted file sharing before turning against it, that average computer users were never warned that it was illegal, that the statute of limitations has passed, and that all the music claimed to have been downloaded was actually owned by his sister on store-bought CDs.

Robert Santangelo also claims that the record companies, which have filed more than 18,000 piracy lawsuits in federal courts, "have engaged in a wide-ranging conspiracy to defraud the courts of the United States."

0 Comments:

Post a Comment

<< Home