Do You Want the Goverment Sticking it's Fingers deeper into Your Data Pie ?

News Analysis: Between the imminently possible renewal of the Patriot Act and the government's squeeze on Google for data, businesses are facing a few questions: Just how much reach does the government have into your database, and how onerous is that for business?
It's an intense time for skirmishes between government and corporate America.
The Senate will take up the question of renewing the Patriot Act during the week of Jan. 30, and Google is fighting tooth and nail to keep search terms and search results out of the hands of the government.
For the private sector, the government's desire to fiddle with data raises a few questions: Just how much control does the government have over grabbing your data, and how onerous is that for business?
Regarding their effect on enterprises, the Patriot Act and the government's squeeze on Google are two different beasts.
According to Orin Kerr, an associate professor of law at the George Washington Law School who worked on legislation that eventually became the Patriot Act, the difference lies in the fact that the Patriot Act tweaked pre-existing laws—the Electronic Communications Privacy Act and the Foreign Intelligence Surveillance Act.
Conversely, the government's move on search companies doesn't implicate pre-existing law, since it's a simple subpoena.
The distinction isn't making business leaders relax, though—rather, they're tensing up as government's requests for information grow ever more obtrusive.
"Some of the stuff that's been of greatest concern to businesses with the Patriot Act request has been the increasing likelihood that the information requested would be open-ended and increasingly onerous," said Susan Hackett, senior vice president and general counsel of the Association of Corporate Counsel, in an interview with eWEEK.
Google's skirmish with the government hasn't directly affected enterprises, beyond a general sense of unease that the government won't stop with anonymous search data but will instead gain insight into what should be private research.
For example: Dr. M. Lewis Temares, vice president of IT for the University of Miami, noted that on a corporate level, he's been led to believe that the nature of his searches won't spill out into public or government discourse, given that there are things he searches for that could potentially reveal trade secrets.
"I'm [hypothetically] negotiating with Bell South with regards to their practices in terms of a future contract," Temares said.
"I use the search engine to find out what competitors are doing. All of a sudden I've got people saying personal things about their experiences, their cellular experiences, that maybe they don't want to be made public.
"The government can see we've talked about various things in regards to competitiveness," Temares said.
"That may affect on a corporate basis everything you can say with regards to private
conversations. Maybe the Federal Trade Commission [would get involved], maybe somebody said something about the government's interference. Maybe government takes it to another level: 'If he's saying something about the government…'"
The search results and terms turned over by search companies thus far have reportedly been stripped of anything that would allow them to be traced back to users, as per government agreement.
The obtrusiveness of government if it succeeds in its Google subpoena is at this point hypothetical.
The effects of the Patriot Act are not. They are hard to gauge, though, given that the Patriot Act inflicted a gag order on those it hit up for information.
"It's difficult to get a good sense of what they've been asked for, because they're under a gag order," Hackett said.
"But with conversations with folks who've shared general thoughts on this, they've drawn a distinction between requests for Mr. Smith's transactions with you from March 20 to June 30 of this year. That's reasonably defined, easy to find in your systems."
Contrast that with what increasingly concerns businesses, though, Hackett said: namely, the government coming to a corporation and requesting a large and nebulous cloud of information—requesting, say, all information on customers and transactions done in hotspot Middle Eastern countries.
"These huge, open-ended, '[You] don't know what [we're] investigating but we're putting you in charge of giving us information that we don't know if you have' investigations" are what worry businesses about the government's Google move, she said.

Battle for the Future of The Internet

The Washington Post continues to stay on top of The Coming Tug of War Over the Internet. Read the whole article, and then put your thinking caps on. If we want to maintain our access to blogs and other social, meritocratic media, we are going to have to earn it. Because the big boys want to shut it down.I wrote more about this last month and provided some links there.
Read here why we are not winning !

01/23 Update Consumers Say Feds Should Protect Their Right To Internet Services: Survey Two-thirds of Internet users worry that Internet providers may block their access to information and services, and a majority support congressional action to prevent the practice, says a new survey released this week by the Consumer Federation of America (CFA).

New Senate Broadcast Flag Bill making the rounds...

…and it sucks as much as all the previous ones.
Draft legislation in the U.S. Senate gives us a preview of the MPAA and RIAA's next target: your television and radio. (Please write your Senator about this!)
You say you want the power to time-shift and space-shift TV and radio? You say you want tomorrow's innovators to invent new TV and radio gizmos you haven't thought of yet, the same way the pioneers behind the VCR, TiVo, and the iPod did?
Well, that's not what the entertainment industry has in mind. According to them, here's all tomorrow's innovators should be allowed to offer you:
"customary historic use of broadcast content by consumers to the extent such use is consistent with applicable law."
Had that been the law in 1970, there would never have been a VCR. Had it been the law in 1990, no TiVo. In 2000, no iPod.
Fair use has always been a forward-looking doctrine. It was meant to leave room for new uses, not merely "customary historic uses." Sony was entitled to build the VCR first, and resolve the fair use questions in court later. This arrangement has worked well for all involved -- consumers, media moguls, and high technology companies.
Now the RIAA and MPAA want to betray that legacy by passing laws that will regulate new technologies in advance and freeze fair use forever. If it wasn't a "customary historic use," federal regulators will be empowered to ban the feature, prohibiting innovators from offering it. If the feature is banned, courts will never have an opportunity to pass on whether the activity is a fair use. more

USA VERSUS GOOGLE UPDATE

This is as much a cool case as it is frightning. You may recall that the Justice Department is trying to get Google to give up a large sample of its search records. Well, John Battelle reports: 'Apparently, the subpoena originally asked for a lot more than just a million addresses, as reported Thursday. From the motion the DOJ filed to force Google to comply with the subpoena: "The subpoena asks Google to produce an electronic file containing 'all URL's that were available to be located through a query on your company's search engine as of July 31 2005." and "all queries that have been entered on your company' search engine between June 1, 2005 and July 31, 2005." More Here HELLO. You think Google is going to give that over? Me ? I Don't Think So. and here is why: Privacy is for Google what security is for Microsoft. At some point Microsoft realized that a chain of security disasters was one of the few things that could knock the company off its perch. And so Bill Gates famously declared security to be job one, thousands of developers were retrained, and Microsoft tried to change its culture to take security more seriously. Likewise, privacy is Google’s Achilles Heel.

Quintura - visual search client review

Visual search engines have been around for almost a decade, and I've tried almost all of them (including the ones I had to pay for) 'The Bain' and 'Web Slueth' to name a few going back a decade. So, when I heard that Quintura was offering their new visual search engine for free, I had to try it. There is also a demo here for those not ready to install. My first impressions show a lot of promise for an initial release and you will see why too. Quintura has the ability to refine your search results in a visual way by surrounding the words from the original query with words that have been determined to be likely to be associated. Hovering over a related word shows the search query narrowed down with this extra search term. You simply delete the floating words and your query is automatically narrowed in the side pane. The interactivity is fun to play with and the presentation is beautiful. Quintura is a bit limited for the advanced researcher for the following reasons: 1. Limited number of search engines to choose from 2. Cannot add search engines unless via plugging from the Quintura site 3. Limited number of dictionaries to choose from 4. Cannot add dictionaries unless via said plugging Conclusion: I like it. I hope Quintura aggressively develops this platform. I'm sure some people would even pay to be able to customize their own plugging as well (Lexis Nexis anyone ?) In addition, I think this is a great tool for introductory search types such as children and the elderly.

Sharing Broadband to Increase Speed

This article was posted in the New York Times earlier this week. MIT Cambridge has also been working with something similar. I think this is the correct direction to go in order to expand seamless connectivity (especially in urban areas). If the TELCOs can stay out of this (yeah right)... By JOHN MARKOFF Published: January 16, 2006 SAN FRANCISCO, Jan. 15 - Two West Coast start-up companies have built new wireless technologies that take to heart Benjamin Franklin's exhortation to hang together rather than hang separately. New York Times technology reviewer David Pogue was at the 2006 Consumer Electronics Show, posting blog entries and daily video updates. Both Mushroom Networks, which was started at the University of California, San Diego, and WiBoost Inc., based in Seattle, have built prototypes of simple wireless systems that make it possible for groups of neighbors to share their D.S.L. or cable Internet connections. Both companies said that sharing high-speed lines might enable users in small neighborhood clusters to download files and Web pages up to 10 times faster. The two companies, which developed their technologies separately, are taking slightly different approaches. But in both cases, neighbors would be able to connect relatively standard wireless routers that would permit their computers to receive data in parallel from multiple D.S.L. or cable network connections. The idea is similar to adding lanes to a freeway to improve traffic flow. WiBoost, which is also the name of the company's technology system, now requires an antenna mounted outside the home. The company is exploring ways to license its technology to manufacturers and hopes to make WiBoost devices available for $200 to $300. In flat areas with minimal obstructions, the system might be able to link homes separated by several miles, with do-it-yourself installation. Mushroom Networks is conducting trials using a device called an access point aggregator that is similar to a conventional home Wi-Fi router. It is intended to be used to connect homes or businesses that are closer together. In principle, these technologies could work for a large group of neighbors, even with just a few Internet access points. That capacity - which could reduce the cost of Internet access considerably for its users - could, however, create substantial opposition from Internet service providers. Many of them are vigilant about restricting the sharing of individual network access points. Both companies said they were going to great lengths to assure service providers that they did not plan to become bandwidth Napsters, a reference to the music file-sharing company that raised havoc with the audio recording industry. The idea of linking several Internet data channels for greater speed is not a new one, but exploring a consumer application for the technology is a fresh notion, said Rene L. Cruz, a University of California computer scientist and founder of Mushroom Networks. "We're pretty excited about the concept," he said. "We're looking for validation and we're looking for market demand." The technology has merits, said George Henny, the president of Whidbey Telecom, an independent telecommunications firm based on Whidbey Island, Wash. "There is an interesting potential for this technology," he said, "and it would be fun to put it in place." The concept is related to the concept of wireless mesh networking, a technique that is used to extend Wi-Fi and related wireless networking standards over large areas by relaying Internet data among wireless receivers. In this use, the two firms are exploiting the fact that most computer networks are used in an irregular or "bursty" fashion. Even though large numbers of users download e-mail, Web pages or music and video files, most of the time the networks sit idle, waiting for a computer user to strike a key or issue a command. The capacity utilization rates of modern data networks have long been known to be remarkably low. "Our studies show that, averaged across all users, the utilization is less than 1 percent of the total capacity," said James Baker, president of WiBoost. Telephone companies may oversubscribe the capacity of their D.S.L. lines by an average of 14 to 20 times, said Mr. Cruz, and some researchers estimate that rate to be as high as 200 to 1. But because the networks are so underutilized, they can be used efficiently despite substantial oversubscription. Neither Mr. Cruz nor Mr. Baker is certain of receiving the blessing of Internet service providers, which often go to great lengths to prohibit their customers from sharing service with others. "We don't want freeloaders," said Mr. Baker. "We don't want the perception that it might be something that the I.S.P. might not like." Both companies have approached Internet providers to discuss their ideas, and they said they had received some indications of interest. One selling point stressed by both companies is that the technology is a simple way for D.S.L. providers to match the higher bandwidth offered by cable companies. Moreover, the technology could be used as a "viral" marketing technique by Internet service providers if existing customers persuaded neighbors to sign up for service to take advantage of the wireless accelerator.

The Future PC ?

Got these pictures from Rense.com. Some features are already being tested now, but I do not expect these to emerge for at least another five years.

Google stonewalls the government on privacy case. To be subpoened by Bush

1/19/2006 3:43:06 PM, by Peter Pollack Simply put, Google is an information vacuum cleaner. It crawls web sites and records their content. It records newsgroups, news feeds, books, images, catalogs, and the planet Earth. It also records itself, saving data on user searches in a constant effort to improve its proprietary search technology. The exact quantity and type of data that Google saves regarding searches and users is confidential, but based on the amount of data available through its public interface, we can safely assume that it falls somewhere between quite a bit and infinity. Understanding this, and coupling with it the fact that Google is by far the most popular search destination on the Internet, it comes as something of a creepy shock—though little surprise—that the US Government has decided to subpoena a portion of Google's database: specifically, 1 million random web addresses and all search records from an unspecified one-week period. The reason given is a case the government is putting together to defend a law called the Child Online Protection Act (COPA). Apparently, the government believes that information about Google pornography searches will support it's postion on reviving COPA, which was struck down in 2004, as it did too little while going too far. [...] there is little evidence that the Act has reduced the production of child pornography or the child sexual abuse associated with its creation. On the other hand, there is an abundance of evidence that implementation of the Act has resulted in massive suppression of speech protected by the First Amendment. For these reasons, and the other reasons set forth in the Memorandum, the Court is ineluctably led to conclude the Act is unconstitutional. Poorly written laws aren't that uncommon—they're one of the reasons we have courts. However, the goverment's insistence on standing behind this one runs much deeper than the noble desire to protect our children, and even deeper than the privacy issues inherent in releasing specific records. As those who paid attention to the Samuel Alito hearings last week are aware, one of the key concepts in American law is that of stare decisis. Stare decisis, simply put, is precedent: decisions made by a higher court must be upheld by a lower court, and courts are encouraged not to override their own precedents without very good reason. Stare decisis is the primary reason to be concerned about this issue regarding Google. Google's records are not being subpoenaed to defend or prosecute a particular crime or for national security concerns. They are being subpoenaed to do nothing more than revive a law that has already been struck down. This sets a relatively low legal standard for the release of confidential records, and if upheld, that standard could be referenced in future legal cases. The subpoena to turn over records was filed late last year, and the government indicated that some other search sites have already complied. Specifics on which sites have done so are not available, but Google refused, citing user privacy issues and concerns over maintaining their trade secrets. This set up a legal challenge which took another step forward on Wednesday, when the Bush administration asked a federal judge to order the release of Google's records. "This is exactly the kind of case that privacy advocates have long feared," said Ray Everett-Church, a South Bay privacy consultant. "The idea that these massive databases are being thrown open to anyone with a court document is the worst-case scenario. If they lose this fight, consumers will think twice about letting Google deep into their lives. [...] The government can't even claim that it's for national security. They're just using it to get the search engines to do their research for them in a way that compromises the civil liberties of other people." There are few people who would stand up to defend the cross-pollination of pornography and children. Protecting kids from such material and potential abuse is considered an important task by many, and it is understandable that the government is interested in taking active steps to prevent it. Perhaps the government should engage the much more difficult task of writing laws that won't be overturned by the courts, or promoting better parenting so such activity is prevented in the home. Either way, hammer-headed laws and dangerous (lack of) privacy precedents are the wrong answer, and are likely to result in more harm than good. More Here: Feds after Google data More from Washington Post A copy of the subpoena dated August 2005: here UPDATE: Yahoo, Microsoft and America Online all complied with a government request for data on consumers' Web searches, a Justice Department official said Thursday. Google has the largest share of U.S. Web searches with 46 percent, according to November 2005 figures from Nielsen//NetRatings. Yahoo is second with 23 percent, and MSN third with 11 percent. Sherwin Siy, staff counsel at the privacy rights advocacy organization Electronic Privacy Information Center, praised Google for fighting the administration's request. However, he said there would not even be an issue if the search engine hadn't collected the information and made it aggregatable in the first place. "This continual aggregation of people's search streams and all this information and the other data from their other services like Gmail places privacy at risk. This is something you would think Google should have anticipated," he said. "It is not a recent phenomenon that overbroad government investigations will put people's privacy at risk by digging through business records." EPIC's Siy said AOL and MSN should have fought the government's demands. "In not doing anything to protect the privacy of their customers they are not doing the right thing," he said. "They are taking the easy way out." [...] Court documents and sources maintain the information did not compromise users' privacy.

Anonym.OS: The anonymous and secure computer so easy to use you can hand it to your grandmother...

...Unfortunatly, it moves about as fast as her too :-( It's a difficult problem, entailing a great deal of attention to both security details and usability issues. The group finally unveiled their finished product at the Shmoo Con hacker conference Saturday, with mixed results. Titled Anonym.OS, the system is a type of disc called a "live CD" -- meaning it's a complete solution for using a computer without touching the hard drive. Developers say Anonym.OS is likely the first live CD based on the security-heavy OpenBSD operating system. OpenBSD running in secure mode is relatively rare among desktop users. So to keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In everything from the way it actively reports itself to other computers, to matters of technical minutia such as TCP packet length, the system is designed to look like Windows XP SP1. "We considered part of what makes a system anonymous is looking like what is most popular, so you blend in with the crowd," explains project developer Adam Bregenzer of Super Light Industry. Booting the CD, you are presented with a text based wizard-style list of questions to answer, one at a time, with defaults that will work for most users. Within a few moments, a fairly naive user can be up and running and connected to an open Wi-Fi point, if one is available. Once you're running, you have a broad range of anonymity-protecting applications at your disposal. But actually using the system can be a slow experience. Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor has recently suffered from user-base growth far outpacing the number of servers available to those users -- at last count there were only 419 servers worldwide. So Tor lags badly at times of heavy use. Between Tor's problems, and some nagging performance issues on the disc itself, Banks concedes that the CD is not yet ready for the wide audience he hopes to someday serve. "Is Grandma really going to be able to use it today? I don't know. If she already uses the internet, yes." You can try it here

Ilfak Guilfanov of GRC will make Windows 95, 98, and ME WMF Fix

Microsoft has now "reclassified" the WMF vulnerability in Windows 95, 98, and ME as non-critical (instead of just fixing it!). This means that it will probably NOT be updated and patched to eliminate the WMF handling vulnerability that those older versions of Windows apparently still have. (This vulnerability still needs to be confirmed.)Reported here So, if Microsoft does not produce an update to repair those older versions of Windows, GRC will make one available.

WMF (Windows Meta File) FLAW A New Type Of Bug

Just days after Microsoft rushed out a patch to fix a critical Windows flaw related to the processing of Windows Meta File images, two more problems with the component were flagged. The newly disclosed issues could be a conduit for denial-of-service attacks, according to a description sent to the Bugtraq mailing list on Monday. A core function of the Windows operating system, explorer.exe, will crash a vulnerable Windows PC if a user views a specially crafted WMF image, according to the description. Explorer runs the Windows user interface, including the Start menu, taskbar, desktop and file manager. Microsoft is aware of the problems, a representative for the software maker said in an e-mailed statement. The company had identified these issues before the report and is evaluating fixes for inclusion in the next service pack for the affected products, the representative said. "Microsoft's initial investigation has found that these are not security vulnerabilities but rather performance issues that could cause an application to stop responding," the representative said. Microsoft disputes that the flaws can cause Windows to stop responding, but said they may affect an application used to view a WMF image. Such applications include the Windows Picture and Fax Viewer. "(The issues) may cause the WMF application to crash, in which case the user may restart the application and resume activity," the software maker said. The issues do not allow an attacker to commandeer a Windows system, Microsoft noted. Word of the new problems comes just days after Microsoft rushed out a critical update for a vulnerability related to the rendering of WMF files. Cybercriminals were taking advantage of that flaw to attack Windows computers via malicious Web sites, Trojan horses and instant-messaging worms. More HERE Microsoft plans to scour its code to look for flaws similar to a recent serious Windows bug and to update its development practices to prevent similar problems in future products. The critical flaw, in the way Windows Meta File images are handled, is different than any security vulnerability the software maker has dealt with in the past, Kevin Kean and Debby Fry Wilson, directors in Microsoft's Security Response Center, said in an interview with CNET News.com. Typical flaws are unforeseen gaps in programs that hackers can take advantage of and run code. By contrast, the WMF problem lies in a software feature being used in an unintended way. In response to the new threat, the software company is pledging to take a look at its programs, old and new, to avoid similar side effects. "Now that we are aware that this attack vector is a possibility, customers can be certain that we will be scrubbing the code to look for any other points of vulnerability based on this kind of attack," Fry Wilson said. Microsoft has been working for years to improve its security posture, beginning with its Trustworthy Computing Initiative, launched in early 2002. The WMF problem is not a good advertisement for Microsoft's security efforts, one analyst said, as the legacy issue seemingly went undetected. "This should have been caught and eliminated years ago," Gartner analyst Neil MacDonald said. "They overlooked image format files, and that is where this WMF issue came in." Microsoft now faces a race with cybercriminals, who are likely on the prowl for the same bugs as well, experts said. The software maker is in a constant battle with miscreants who seek to attack computer users.

NO WMF Patch For Windows 98, Windows 98 Second Edition, and Windows Millennium Edition Users

In an updated security advisory, Microsoft told Windows 98 and Windows Millennium users not to expect a patch against the ongoing Metafile vulnerability because the company's obligated only to fix "critical" bugs, and this one doesn't meet the bar. Microsoft's advisory, now revised six times since its Dec. 28 debut, puts it clear to Windows 98 and Millennium customers. "Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, at this point in the investigation, an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions," the advisory read. "Per the support life cycle of these versions, only vulnerabilities of Critical severity would receive security updates." Some time ago, Windows 98 and Millennium, which were slated to roll off support in mid-2003, got a reprieve; the operating systems will be supported by Microsoft -- to a limited degree -- until June 30 of this year. By its own policies, however, Microsoft's not obliged to deliver security fixes to problems it says don't meet its "Critical" benchmark.

So, Microsoft wises up and didnt wait till next Tuesday to officially release the WMF security patch...Here is the patch!

Security Update for Windows XP (KB912919) Security Update for Windows XP x64 Edition (KB912919) Security Update for Windows Server 2003 64-bit Itanium Edition (KB912919) Security Update for Windows Server x64 Edition (KB912919) Security Bullitin: MS06-001 (not online yet)

Pew Internet and American Life Publish Report on Male and Female Internet Usage. And...

...Men Are From Google, Women Are From Yahoo Jason Lee Miller The report found that women are more enthusiastic communicators, using email in a more robust way. Not only sending and receiving more email than men, women are more likely to write to family and friends about a variety of topics, sharing news, joys and worries, planning events, and forwarding jokes and stories. While both sexes equally appreciate the efficiency and convenience of email, women are more likely than men to value the medium for its positive effects on improving relationships, expanding networks, and encouraging teamwork at the office. "Women also value email for a kind of positive, water-cooler effect, which lightens the atmosphere of office life," reads the 54-page report. The report found that women are more likely to use the Internet for emailing, getting maps and directions (after all, we men always know where we're going), looking for health and medical information, seeking support for health and personal problems, and getting religious information. Men tend to be more intense Internet users than women, being more likely to go online daily (61% of men and 57% of women) and more likely to go online several times a day (44% of men and 39% of women). Men also tend to go online in greater numbers than women but for a much broader variety of reasons. Men are more likely to use the Internet to check the weather, get news, find do-it-yourself information, acquire sports scores and information, look for political information, do job-related research, download software, listen to music, rate a product/person/service through an online reputation system, download music, use a webcam, and take a class. Note there was nothing about "nurturing relationships." Here are some stats for the number crunchers: · 67% of the adult American population goes online, including 68% of men and 66% of women · 86% of women ages 18-29 are online, compared with 80% of men that age. · 34% of men 65 and older use the Internet, compared with 21% of women that age. · 62% of unmarried men compared with 56% of unmarried women go online · 75% of married women and 72% of married men go online · 61% of childless men compared with 57% of childless women go online · 81% of men with children and 80% of women with children go online. · 52% of men and 48% of women have high-speed connections at home · 94% of online women and 88% of online men use email The Full 54 page PDF can be downloaded at this link: http://www.pewinternet.org/pdfs/PIP_Women_and_Men_online.pdf

Linux/Unix/Apple Vulnerabilities Outnumber Microsoft Windows' 3 To 1

Although it's been a spooky week for Microsoft's latest exploit discovery...Tallies kept by the U.S. government's computer security group show that Linux and Unix operating systems faced nearly three times the number of vulnerabilities in 2005 than did Microsoft's often-maligned Windows. In the US-CERT (United Stated Computer Emergency Readiness Team) year-end vulnerability summary, Linux/Unix accounted for a whopping 2,328 vulnerabilities, about 45 percent of the 5,198 total. Windows, on the other hand, sported just 812 vulnerabilities during the year, said US-CERT, or 16 percent of the total. Another 2,058 vulnerabilities affected more than one operating system.