Now what? Some Web Firms Say They Track Behavior Without Explicit Consent (pdf)

Several Internet and broadband companies have acknowledged using targeted-advertising technology without explicitly informing customers, according to letters released yesterday by the House Energy and Commerce Committee.

And Google, the leading online advertiser, stated that it has begun using Internet tracking technology that enables it to more precisely follow Web-surfing behavior across affiliated sites.

The revelations came in response to a bipartisan inquiry of how more than 30 Internet companies might have gathered data to target customers. Some privacy advocates and lawmakers said the disclosures help build a case for an overarching online-privacy law.

“Increasingly, there are no limits technologically as to what a company can do in terms of collecting information . . . and then selling it as a commodity to other providers,” said committee member Edward J. Markey (D-Mass.), who created the Privacy Caucus 12 years ago. “Our responsibility is to make sure that we create a law that, regardless of the technology, includes a set of legal guarantees that consumers have with respect to their information.”

See Responses to August 1, 2008 Letters to Network Operators Regarding Data Collection Practices

Spy v Spy

You can play at home! Spying on other peoples computers

The good ol Internet: always coming up with new solutions to old problems. Modern man suspects wife is up to something. Modern man installs PC Pandora, a spyware application that records keystrokes, takes surreptitious screen shots, and monitors chat sessions—all for the low, low price of $49.95. Success Modern man writes a congratulatory note to the company, which it posts on its “testimonials” page:

My wife of 25 years came out of the blue after Christmas this past year and requested a divorce without much explanation. I was devastated, so I purchased your product. It only took two days to find out she has been living a dark secret life for several years as a submissive love slave to a dominant male partner in the BDSM world meeting him at least once a month. She was blown out of the water when I told her everything I knew about her lifestyle even down to the name and email address of the person she is involved with. Answered all my questions. She has no clue and thinks I spent $$$$$$ on a private investigator.

Despite modern mans feelings of triumph, its hard to see any winners there. Its easier than ever to spy on our spouses, co-workers, boyfriends, and roommates. But does this make us happier and wiser or just more neurotic and creepy? […]

Gutting FISA, Retroactive Immunity — Working Out Well, I See

F.B.I.’s Use of Phone Records Shows Need to Protect the Press, Senators Say

Last week, the Federal Bureau of Investigation disclosed to the two newspapers that it had improperly obtained the phone records of reporters in their Indonesian bureaus in 2004 by using emergency records demands from telephone providers as part of an investigation. Robert S. Mueller III, the director of the bureau, made personal calls to Bill Keller, executive editor of The Times, and Leonard Downie Jr., executive editor of The Post, to apologize.

But the ranking senators on the Judiciary Committee, Patrick J. Leahy, Democrat of Vermont, and Arlen Specter, Republican of Pennsylvania, said that was not enough.

[…] The phone records were apparently obtained as part of a terrorism investigation, but the agency has not explained what it was investigating or why the reporters’ phone records were considered relevant.

Of course, the real question is why are they only worried about the First Amendment implications (and, thus, the protection of the Press) and forgetting about the Fourth?

OT: Magic, Perception and Reality

Scientists and Magicians Describe How Tricks Exploit Glitches in Perception

In a paper published last week in the journal Nature Reviews Neuroscience, a team of brain scientists and prominent magicians described how magic tricks, both simple and spectacular, take advantage of glitches in how the brain constructs a model of the outside world from moment to moment, or what we think of as objective reality.

For the magicians, including The Great Tomsoni (John Thompson), Mac King, James Randi, and Teller of Penn and Teller, the collaboration provided scientific validation, as well as a few new ideas.

For the scientists, Susana Martinez-Conde and Stephen Macknik of the Barrow Neurological Institute in Phoenix, it raised hope that magic could accelerate research into perception. “Here’s this art form going back perhaps to ancient Egypt, and basically the neuroscience community had been unaware” of its direct application to the study of perception, Dr. Martinez-Conde said.

Attention and awareness in stage magic: turning tricks into research; Macknick, King, Randi, Robbins, Teller, Thompson and Martinez-Conde; Nature Reviews: Neuroscience; 30 July 2008; doi:10.1038/nrn2473

OT: Why I Get Up In The Morning

Handle With Care

Ethical and philosophical issues have long occupied biotechnology, where institutional review boards commonly rule on proposed experiments and advisory committees must approve the use of gene-splicing and related techniques. When the federal government initiated its effort to decipher the human genome, a percentage of the budget went to consideration of ethics issues like genetic discrimination.

But such questions are relatively new for scientists and engineers in other fields. Some are calling for the same kind of discussion that microbiologists organized in 1975 when the immense power of their emerging knowledge of gene-splicing or recombinant DNA began to dawn on them. The meeting, at the Asilomar conference center in California, gave rise to an ethical framework that still prevails in biotechnology.

“Something like Asilomar might be very important,” said Andrew Light, director of the Center for Global Ethics at George Mason University, one of the organizers of a conference in Charlotte, N.C., in April on the ethics of emerging technologies. “The question now is how best to begin that discussion among the scientists, to encourage them to do something like this, then figure out what would be the right mechanism, who would fund it, what form would recommendations take, all those details.”

But an engineering Asilomar might be hard to bring off. “So many people have their nose to the bench,” Dr. Arkin said, “historically a pitfall of many scientists.” Anyway, said Paul Thompson, a philosopher at Michigan State and former secretary of the International Society for Environmental Ethics, many scientists were trained to limit themselves to questions answerable in the real world, in the belief that “scientists and engineers should not be involved in these kinds of ethical questions.”

One Look At An Online Crime Network

Global Trail of an Online Crime Ring

When prosecutors unveiled indictments last week, they made a stunning admission: the culprit was, they said, their very own informant.

Albert Gonzalez, 27, appeared to be a reformed hacker. To avoid prison time after being arrested in 2003, he had been helping federal agents identify his former cohorts in the online underworld where credit and debit card numbers are stolen, bought and sold.

But on the sly, federal officials now say, Mr. Gonzalez was connecting with those same cohorts and continuing to ply his trade, using online pseudonyms — including “soupnazi” — that would be his undoing. As they tell it, Mr. Gonzalez had a central role in a loosely organized online crime syndicate that obtained tens of millions of credit and debit card numbers from nine of the biggest retailers in the United States.

The indictments last week of 11 people involved in the group give a remarkably comprehensive picture of how the Internet is enabling new kinds of financial crimes on a vast international scale.

Tiffany Appeals

Tiffany Appeals eBay Counterfeiting Decision (pdf)

Tiffany & Co. challenged Monday a federal ruling that largely absolved eBay Inc. of policing its auction site for counterfeit items, saying the judge was wrong to leave the primary burden to the jewelry maker.

Monday’s appeal with the 2nd U.S. Circuit Court of Appeals in New York extends a case that Tiffany filed against eBay in 2004 arguing that most items listed for sale on eBay as genuine Tiffany products were fakes.

Last month, U.S. District Judge Richard J. Sullivan in New York ruled that trademark holders like the jewelry maker, rather than auction platforms like eBay, are responsible for policing their brands online.

A Little Prior Restraint

It was hard to find any mainstream coverage of this: MIT students’ report makes security recommendations to T (pdf)

The MBTA sued after learning that MIT students Zack Anderson, R.J. Ryan, and Alessandro Chiesa planned to present their findings Sunday at the DEFCON hacker convention in Las Vegas. The temporary order is valid for 10 days. Then the T must prove that the students’ research poses such a risk that an extended injunction is necessary. The T is also seeking unspecified financial damages, according to court papers.

“It’s not a light step for a judge to grant this action, and it speaks to the strength of our arguments and the merits of our position,” Grabauskas said.

But Marcia Hofmann – staff lawyer for the Electronic Frontier Foundation, a nonprofit representing the students – called the decision a “dangerous precedent for security researchers,” which could potentially discourage the investigation and improvement of technology across the country.

“That certainly would discourage security researchers from discussing their work and sharing information that might ultimately make systems more secure,” Hofmann said.

[…] The students’ report says the CharlieTicket has four main problems: Value is stored on the card, not in a central MBTA database; anyone that has a card can read and write it with low-cost technology; a cryptographic signature algorithm is not used on the data to prevent forgeries; and MBTA networks do not have any centralized card verification system.

The CharlieCard has some level of security through encryption, according to the report, but it can be duplicated.

The EFF summary page: MBTA v Anderson