January 14, 2006
Anyone's Cell Phone Records For Sale
As early as December 13th, websites such as Locatecell.com were staring to gain notice not only for selling private cell phone information for a fee, but also being successful at it. Last week the Chicago Sun-Times reported about the appearance of web sites that purported to obtain individual cell phone records in exchange for cash. According to the story, the FBI tested Locatecell.com for records associated with one agent's cell phone. They got the information back within 3 hours. This prompted the Chicago Police Department to warn its officers that their cell phone records were not confidential. This lack of confidentiality had the potential to compromise informants working with police.
Stories across the Internet show that records in one form or another can be had for prices ranging from the $110-$160 range. And when stories say "anyone," they mean it. One blog reported that another blog bought phone records for General Wesley Clark for 100 calls made over three days in November, 2005.
Sen. Charles Schumer (D-NY) called for legislation that would tighten rules about data disclosure. Other news reports indicate that federal agencies along with state attorney generals are starting to investigate the practice. The two main causes of this data leak are phone insiders selling records for money, and deception by the we site.
Both Verizon and Cingular have sued companies that have stolen customer data with Cingular winning a federal court action against a number of web sites on Friday. With the agencies and congress getting involved, this can only get more interesting.
January 13, 2006
Apple Thinks Music Marketing
Apple has a new feature in the latest version of its iTunes software, the MiniStore. What it does is suggest a range of songs a listener might want to buy based on the song being played. This behavior occurs whether the song was purchased from Apple or not. The way it works is by transmitting some information over the Internet to Apple to get the recommendations.
While this may all sound fine, the license agreement doesn't mention this at all, although a description of the service at the Apple web site does not really hide what's going on. Real Networks got hammered for this kind of stuff in the late 90's with lawsuits and removed the unique identifier from their player. Of course, times have changed. In the late 80's Lotus was also criticized for creating a CD's worth of home addresses for sale to marketers. That product never made it to market. Now, cell phone call records are available without the apparent cooperation of phone companies or courts in exchange for Yankee dollars.
Various analyses of the behavior range from a complete invasion of privacy to so what, consumers love this stuff. Privacy proponents get antsy as the song listening habits can be linked with account numbers to create a database of listening habits. Apple says it discards the information once the recommendations are made.
An article in the Chicago Tribune seems to suggest that this is the convenience that everyone has been waiting for. That is, assuming there is credit in the statements of Rob Enderle of the Enderle Group. He's quoted as saying "Surveys that deal with Generation X and younger indicate these audiences love this stuff. They are not concerned at all with the privacy aspects of this stuff. They just don't have the same sensibilities. As long as nobody uses that information against them, they don't have any problem as long as it makes the experience better."
Enhancing shopping or consumer experience has always been a buzzword type statement justifying collecting and analyzing consumer data. The logic is that consumers like this customization. In reality, marketers are trying to expand sales by identifying likely targets. Then there are the larger questions about what happens to this mountain of data later.
Apple, for its part, allows users to turn this feature off. There are buttons and preference settings that turn the MiniStore off. In this state, nothing gets sent and no recommendations are returned. So, the bottom line is, if offended, turn the feature off. The web site tells you how to do it. No word, by the way, on whether the National Security Agency or the FBI would want any of this information under the Patriot Act if you think of the data as a music library record.
While we're on the subject of future trends, there is a great article in Wired on how a futuristic view of appliances working on the net which are designed to enhance our living styles will most likely fail as consumer choices. Check it out here.
Rootkits Are In The News Again
ZDNet and others are reporting that Norton SystemWorks uses rootkit technology to hide a directory so a user wouldn't accidentally delete it. The problem with this is the same problem that plagued Sony's use of the technology: hackers can use these hidden directories to hide malware there as well. The more ironic problem, of course, is that this is coming from a trusted name in personal computer security. Symantec has issued a patch, which is linked from the story.
There is some question in terms of the reporting on this development as to whether whether this is really a rootkit. See this in eWeek, for example. Symantec refers to the item as a hidden folder rather than a rootkit. What ever the semantics (no pun intended), the net effect is an insecure spot on a computer that is not subject to a scan by virus and other spyware removal programs. The company recognizes this, hence the patch that reveals the folder's existence. This story has more statements from the company about the characterization of the threat.
The alleged Symantec "rootkit" was found by researchers at Finland-based F-Secure and Mark Russinovich of Sysinternals, who also found the Sony rootkit. Russinovich, along with Bryce Cogswell, has developed a nifty piece of freeware called RootkitRevealer which is available here. The source page has a great description of the rootkit problem and how to use the software to discover if your machine has hidden folders on it.
January 11, 2006
Microsoft File System Patent Upheld
Federal examiners have upheld patents of two of Microsoft Windows files systems.
More at CNET.
New Intel Based Macs to Run Windows (If You Want To)
But if someone took the time and effort to buy an Intel based Mac (at a premium compared to cheap Wintel machines), why? The only answer is to run software that isn't available on the Apple operating system. Apparently one of the bits of news to come out of Mac Expo is that Apple has largely given up on preventing anyone from loading Windows onto the new Intel-based Macs. With a little technical knowledge, a user could create a dual boot system. Apple has indicated that while they won't stop this from happening, they won't sell Windows or support it. It should be fun when critical system flaws are uncovered in either operating system and need to be patched.
In other news, Microsoft agreed to create a new version of Office specifically for the Intel Macs. The promise is on Microsoft's part is to run for five years.
The AP story via MSNBC is here.
Update on Telecom Harassment Law
Declan McCullagh has written a further analysis to changes in the telecom law that prohibits annoying anonymous Internet communications mentioned in yesterday's post. In FAQ form, the document is worth reading. You can find it here.
First Draft of GPL 3 Due Next Week
The first draft of the GPL Version 3 will be out in about a week. With ensuing discussion and revision, a final draft is expected to be in place in about a year. The first draft is authored by Richard Stallman, who wrote the first license, and Eben Moglen, general counsel for the Free Software Foundation.
The license is expected to make changes regarding how patents intersect with the license, how devices with DRM affect licensed software, and the use of software on servers. Much of these issues have developed in the intervening years since the second version of the license issued in 1991.
January 10, 2006
No Kidding. It's Now a Crime To Annoy Someone Via the Internet - Anonymously
Declan McCullagh writes on political news for CNET. He's noted a change in federal law signed by President Bush on January 5th that criminalizes anonymous Internet communications sent with the intent to annoy. The law in question is the Violence Against Women and Department of Justice Reauthorization Act of 2005 (H.R. 3402) which amends 47 U.S.C. 233 to include anonymous Internet Communication.
The law as currently written states in part:
(1) in interstate or foreign communications—
(C) makes a telephone call or utilizes a telecommunications device, whether or not conversation or communication ensues, without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person at the called number or who receives the communications;
The amendment (section 113 of the act) adds the following language to the statute:
[I]n the case of subparagraph (C) of subsection (a)(1), includes any device or software that can be used to originate telecommunications or other types of communications that are transmitted, in whole or in part, by the Internet (as such term is defined in section 1104 of the Internet Tax Freedom Act (47 U.S.C. 151 note)).
The penalty for violating the act is a fine and up to 2 years in prison.
McCullagh gathers the reaction of various civil liberty groups who are understandably miffed by the change in law. The question turns on the term "annoy," which is not defined. Certainly with phone calls intent to annoy can be ferreted out at least by the circumstances if not other evidence. The Internet, with its freewheeling style even in these days of commercialism and control has plenty of room for all manner of anonymous communication that can annoy. Blogs written under pseudonyms can certainly annoy politicians. Various forums offer plenty of opportunity for snide mischief under an assumed name. There are other situations.
Determining intent can be fraught with problems. Sometimes, as in whistle blower situations, anonymous Internet communication is a good thing, although those exposed will likely be annoyed. There are cases of journalists or other individuals who use the Internet to spread news that is being suppressed by foreign governments. Does this law now mean that in addition to ISP's providing the names of (annoying) individuals to the Chinese government, Beijing can also have the Department of Justice prosecute them as well? This may sound extreme, but the law is so open-ended that absurd results may not seem so absurd. Another possibility is when someone writes something and it gets republished without an attribution. Is there liability?
McCullagh sites a case in his discussion where the Supreme Court struck down a ban on distribution of anonymous political pamphlets. The case is McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995). That case concerned political speech, although a general scan of the Court's precedents before and after that case indicate that prohibition against anonymous communication generally runs afoul of the First Amendment. The McIntrye case was decided 7-2, with the late Chief Justice Rehnquist and Justice Scalia on the short end of that judgment.
It's a real question if this provision will remain a stupid but dormant law, or will there actually be prosecutions. Until this is resolved, if you intend to annoy someone on the Internet, make sure you place your name somewhere for accountability. If you identify yourself, you won't go to jail.
Read the story at CNET here.
January 9, 2006
Supreme Court Denies Appeal in Spam Case
The Supreme Court declined an appeal today from an online service that had sent thousands of unsolicited emails to University of Texas students. White Buffalo Ventures sent mail to students on behalf of a dating web site, LonghornSingles.com. When the University blocked White Buffalo after students complained, the service sued the University under the Can-Spam Act, alleging that the University's policy was pre-empted by the federal law and violated White Buffalo's First Amendment rights. The District Judge, and later the 5th Circuit disagreed. The Supreme Court's denial of appeal today leaves those rulings in place.
The White Buffalo Ventures v. University of Texas opinion from the 5th Circuit is available here from FindLaw. The citation is 420 F.3d 366. Quote the Supreme Court: "The petition for writ of certiorari is denied." The high court docket number is 05-520.
Alito Hearings Streamed on the Web
C-SPAN is running the Samuel Alito Jr. Senate Confirmation hearings on the Web. Access is through their Supreme Court web page. The site typically keeps video archives of hearings for later viewing.
For more coverage of the Alito hearings on the Law Professor Blogs Network, go here.
New Tech Lawsuits Against Apple and Sony BMG
The Apple suit is based on infringement of patents owned by Burst.com relating to video and audio delivery. Apple had been negotiating with Burst to license its technology, but those negotiations broke down. Apple then filed a declaratory action in federal court challenging the validity of Burst's patents or that Apple has infringed them. Burst had sued Microsoft at one point over similar issues and settled for $60 million in that case. The story is here and here.
The Sony BMG digital rights management debacle has spawned yet more lawsuits, this time in Canada. MTV has the story.
Britain to Track Every Car Journey
The Washington Post and Newsweek are reporting tha Britain is about to become the first nation to place cameras on virtually every major road in the country. These cameras will be able to read 3,600 license plates per hour and will be linked to computers that will analyze the images and cross-reference to police databases of suspected criminals. Police are pointing to examples where an abducted child was found in a speeding car's trunk, and another where the system flagged a car for no insurance and the stop produced a bust for heroin.
As expected, privacy experts are troubled by the implementation. London makes high use of cameras as was motivated when the IRA initiated a bombing campaign in the city. Cameras also came into play when the subways were bombed last July. The expansion of surveillance has been called "Orwellian." Privacy concerns aside, the implementation of the system is promoted on the idea of security for the nation. Australia, Canada, and some European nations are interested in the system as well.
Read the story here.
January 8, 2006
Sony Settlement Tentatively Approved.
The Washington Post is reporting that U.S. District Court Judge Naomi Reice Buchwald has tentatively approved the settlement reported earlier in the Sony BMG copy protection suit. That story is here.
Service Pack 3 for XP?
A tidbit from the Dwight Silverman Tech Blog in the Houston Chronicle points to a page on the Microsoft web site that indicates Service Pack 3 for Windows XP Home and Professional is "currently planned for 2H 2007." Vista may be coming out some time towards the end of 2006, but XP will apparently live on until Microsoft changes its mind. The Windows roadmap also shows that Service Pack 2 for Windows Server 2003 will be out the second half of 2006.