Encajone que riled a abogados de la aislamiento gira tecnicidades sin relación

Por Jaikumar Vijayan

En un movimiento seguro ser dado la bienvenida por los abogados de la aislamiento y de las derechas civiles, un juez de la corte de districto de California el viernes levantó una prescripción permanente anterior que él tenía publicado hace dos semanas para inhabilitar el Web site polémico del whistleblower de Wikileaks.org.

Juzgue el blanco de Jeffrey de los E.E.U.U. La corte de districto para el districto norteño de California en San Francisco también declinó ampliar un orden de detención temporal que él había publicado el 15 Ene contra Wikileaks. Esa orden prohibió Wikileaks de exhibir, fijando, publicando, o el material que distribuía que un banco suizo, que había archivado un pleito contra Wikileaks, había demandado era obtenido ilegal y difamatorio.

El dominio de wikileaks.org fue reactivado hoy como resultado de la decisión.

Juzgue el blanco citó dos razones principales de rescindir sus prescripciones anteriores. En una siete-página que gobernaba, el juez observó que el demandante en el caso y el dueño del Domain Name de Wikileaks.org eran entidades extranjeras y por lo tanto fuera de la jurisdicción de la corte. Aunque no hay evidencia firme de la ciudadanía del dueño del Domain Name de wikileaks.org, los “consejos para [dueño] representado que el dueño del Domain Name wikileaks.org es un ciudadano de Australia y un residente de Kenia,” el juez observaron en su decisión. Consecuentemente la “corte es que puede manar jurisdicción del tema de la carencia sobre esta materia en su totalidad,” blanco referido del juez conocido en su decisión.

Él también observó que las prescripciones él habían publicado pedir secretario Dynadot del dominio de Wikileaks' para inhabilitar el Domain Name eran totalmente insustanciales. “El expediente actualmente antes de que la corte indique que incluso la amplia prescripción publicada en cuanto a Dynadot tenía exactamente el efecto opuesto al igual que fue pensado,” el juez conocido en su decisión. No sólo el material disputado continuó estando disponible vía los sitios numerosos del espejo, los medios que la atención generada por el caso se aseguró de que más gente sabía sobre la disponibilidad de la información sobre el Internet que antes, él dijo.

“La corte no se convence de que los demandantes han hecho una demostración adecuada que cualquier prescripción que refrena en este caso respondería a su propósito previsto,” blanco del juez dicho. “In addition, there is evidence in the record that “the cat is out of the bag” and the issuance of an injunction would therefore be ineffective to protect the professed privacy rights of the bank’s clients,” he said.

The ruling comes two weeks after Judge White issued two injunctions against Wikileaks. The injunctions were in response to a lawsuit filed by the Julius Baer Group, a Swiss bank that, according to documents on Wikileaks, was involved in offshore money laundering and tax evasion in the Cayman Islands for customers in several countries, including the U.S.

Wikileaks claimed the documents had been leaked by a bank employee. In its complaint, the Swiss bank claimed that Wikileaks published hundreds of illegally obtained documents and confidential and copyrighted information belonging to the bank. The bank sued both Wikileaks and its domain registrar Dynadot.

In response, White issued a permanent injunction ordering Dynadot to immediately disable the wikileaks.org domain name and lock it to prevent the domain from being transferred to another registrar. The injunction also required Dynadot to immediately remove all DNS hosting records for the wikileaks.org domain name. The court asked Dynadot to prevent the domain name from resolving to the Wikileaks Web site or any other Web site or server “other than a blank park page.”

The judge also issued a temporary restraining order that forbade Wikileaks from displaying, posting, publishing, or distributing any material pertaining to the bank on any site that it directly owned or over which it had any control. The order instructed Wikileaks to ensure that all of the bank’s information was removed from all Web sites it owned or controlled, to disable links to the material on such sites, and to provide the court with proof that it had complied with the orders. The judge’s order even enjoined everyone who read the order or received notice of it from publishing or even linking to the documents.

The rulings drew scathing criticism from privacy and civil rights groups that saw it as a flagrant violation of First Amendment rights. Several felt the court had overreacted in ordering the entire domain shut down, just because a relatively small number of documents it hosted were being disputed.

Earlier this week, several privacy and civil rights advocates announced their support for Wikileaks in the case. The Electronic Frontier Foundation and the American Civil Liberties Union (ACLU) filed a motion seeking the court’s permission to formally intervene in the case.

Expressing similar support was Harvard Law School’s Berkman Center for Internet & Society’s Citizen Media Law Project (CMLP). Earlier this week, the center filed a brief opposing the court’s injunctions against Wikileaks and its domain registrar Dynadot LLC. The amici curiae (friends of the court) brief, which was developed in collaboration with several media and public-interest organizations, asked the court to take back its decision and cited First Amendment concerns.

A statement issued by the EFF today expressed satisfaction at Judge White’s decision. “We’re very pleased that Judge White recognized the serious constitutional concerns raised by his earlier orders,” EFF senior staff attorney Matt Zimmerman was quoted as saying in the statement.

“Attempting to interfere with the operation of an entire website because you have a dispute over some of its content is never the right approach. Disabling access to an Internet domain in an effort to prevent the world from accessing a handful of widely-discussed documents is not only unconstitutional — it simply won’t work.”

Computerworld is an InfoWorld affiliate.

Zogby Poll - 67% View Traditional Journalism as “Out of Touch”

Internet is the top source of news for nearly half of Americans; Survey finds two-thirds dissatisfied with the quality of journalism

Two thirds of Americans - 67% - believe traditional journalism is out of touch with what Americans want from their news, a new We Media/Zogby Interactive poll shows.

JONATHAN WERVE

Using data from the Global Integrity Index, we put a U.S. court’s recent order to block access to anti-corruption site Wikileaks.org into context. In summary: The Wikileaks.org shutdown is unheard of in the West, and has only been seen in a handful of the most repressive regimes. Good thing it doesn’t work very well.

Starting in 2007, Global Integrity added specific questions about Internet censorship to the Integrity Indicators, which are a set of 304 questions addressing the practice of anti-corruption in national governments. We have always held that a free and critical media is an essential component of good governance; adding an analysis of Internet censorship was an overdue refinement.

We asked two questions:

1. Are Internet users prevented from reaching political material on the Internet?
2. Are content creators prevented from posting political material to the Internet?

The results of this work are generally encouraging. In examining a diverse group of 50 countries, a majority earn a full score on both counts. Freedom of speech is a widely held right. Moreover, Internet censorship is difficult and is often ineffective in suppressing political activity. Most governments, aside from targeted libel restrictions, don’t bother regulating online political speech at all.

A few countries, however, are deeply committed to trying to make censorship work. On this list in 2007 are Algeria, China, Egypt, Kazakhstan, Russia and Thailand. Each has it’s own flavor to the repression of online speech — Internet censorship is still in an experimentation phase, and even the most aggressive approaches don’t seem to work very well.

• Algeria has no firewalls or filters, but outlaws hosting content critical of the government, and monitors chat rooms for political speech.

• China is home to 1.3 billion people and has a highly scalable technological approach based onextensive content filters known satirically as the Great Firewall of China. China is also uses technology to discourage content creation, deploying cute animated police characters (pictured above) to remind Internet users they are being watched.

• Egypt has limited technical means to discourage content creation, so it relies on an old-fashioned technique — harassment, beatings and arrests. Hala Al-Masry used to publish in a blog entitled “Cops Without Boundaries” until the government harassed her, “unknown people” beat her father, and she and her husband were arrested and signed a commitment to shut down the blog. Similar techniques haveshut down websites of opposition parties.

• Kazakhstan has little Internet capacity. The government uses this to mask censorship — rather than block sites, it slows them down, frustrating the users of political content into looking elsewhere. The KNB (formerly the KGB) has a special program called Bolat, which slows down, but does not stop, access to sites of terrorist organizations. Popular opinion holds that it is used to slow opposition party sites as well.

• Russia has a mixed bag of state persecution and neglect, allowing a rare opening for free expression in a country with highly restricted media. However, the sophistication of the attacks that do occur is frightening, with hackers singling out individual online targets. For instance, the website of Ekho Moskvy, a liberal Moscow radio station critical of the Kremlin, was brought down by a DDoS attack last year.

• Thailand’s military junta moved aggressively to shut down message boards and the formerly-ruling party Thai Rak Thai website after taking over the country in 2006. But the junta’s censorship cops work to keep the thinnest appearance of tolerance — message boards were allowed to reopen under the condition that they did not “provoke any misunderstandings.” Message received.
  

So how does the United States fit into this picture? The court order that muzzled Wikileaks.org (covered here) was prompted not by the government but by a bank registered in the Cayman Islands. The bank used American courts and a compliant domain registrar to scrub the wikileaks.org URL from the Internet. It is extremely unlikely that this decision will stand up in an appeals court, but the larger point is that there is no reason this case should even be fought. Wikileaks should not need a legal team to explain to the courts that the First Amendment requires freedom of speech.

The whole event seems to encapsulate the constant criticism of governance in the United States: that the government has been captured by corporate interests, and that the world-leading rule of law and technocratic mechanisms in place can be hijacked to serve as tools for narrow, wealthy interests.

While there is much diversity in the style of Internet censorship among the world’s worst offenders, one common thread unites them: Internet censorship doesn’t work. Cut off one site, and a thousand more pop up. In China, censorship online is sparking criticism that off-line censorship has rarely seen.

So Wikileaks.org went offline, but Wikileaks mirror sites hosted overseas hold the same content, and the original site is still up and running from Sweden (http://88.80.13.160) without its easier-to-type URL. As it turns out, shutting down Wikileaks-the-website has focused our attention on Wikileaks-the-idea, which is spreading at the speed of light.

By Elana Schor

 The US court order shutting down the website Wikileaks today appeared to backfire on the Swiss bank that sought the legal action, as bloggers and other fans of the site gave new life to leaked documents the bank was working to suppress.

    In addition to international Wikileaks versions that were unaffected by the shutdown order, “mirror” copies of the website sprouted like weeds thanks to supporters of its mission. Run anonymously, Wikileaks aims to publish sensitive documents that often prove incriminating for governments and corporations.

    Swiss-based Bank Julius Baer obtained the order on Friday to stop Wikileaks from disseminating internal company documents that purported to show the bank’s Cayman Islands branch involved in money laundering and tax evasion.

    But the overwhelming online response to Wikileaks’s demise made the bank - and the documents themselves - the talk of the internet.

    ”Clearly, the court and Bank Julius Baer underestimated the ingenuity of the web development community,” the whistleblower protection group Project on Government Oversight wrote on its blog.

    David Ardia, director of the Citizen Media Law Project at Harvard University, said the situation had “gone 180 degrees wrong for the bank”.

    ”What this is done is, it’s really struck a chord for publishers, both online and offline,” Ardia said. “If a federal judge in California can, on the arguments of one party, order that an entire website be taken down, that’s a very scary proposition. What if these documents weren’t on Wikileaks [but] they were on YouTube, MySpace or Facebook?”

    US district court judge Jeffrey White, appointed in 2002 by George Bush, ordered the San Francisco-based web server for Wikileaks to block the domain name during an “ex parte” hearing, with the website not represented by counsel. The web server company, Dynadot, said today that it is remaining neutral on the bank’s lawsuit.

    ”However, if Julius Baer is concerned with the posting of its confidential documents on the wikileaks.org web site, it could have sought a more narrow remedy than seeking to have the entire wikileaks.org web site shut down,” Kathryn Chow-Han, in-house counsel for Dynadot, said in a statement.

    The next hearing in the case is scheduled for February 29, although Ardia said Wikileaks could move for an earlier court date after presenting new legal representation. The bank has retained Los Angeles lawyers Lavely & Singer, the favourite firm for celebrities aiming to quash publication of unwelcome photographs.

By Thomas Claburn

In keeping with its mandate to gather intelligence, the CIA is watching YouTube.

U.S. spies, now under the Director of National Intelligence (DNI), are looking increasingly online for intelligence; they have become major consumers of social media.

“We’re looking at YouTube, which carries some unique and honest-to-goodness intelligence,” said Doug Naquin, director of the remarks to the Central Intelligence Retirees’ Association last October. “We’re looking at chat rooms and things that didn’t exist five years ago, and trying to stay ahead. We have groups looking at what they call ‘Citizens Media’: people taking pictures with their cell phones and posting them on the Internet.”

In November 2005, the OSC subsumed the CIA’s Foreign Broadcast Information Service, which housed the agency’s foreign media analysts. The OSC is responsible for collecting and analyzing public information, including Internet content.

Steven Aftergood, director of the Federation of American Scientists project on government secrey, posted transcript of Naquin’s remarks on his blog. “I found the speech interesting and thoughtful,” he said in an e-mail. “I would not have thought of YouTube as an obvious source of intelligence, but I think it’s a good sign that the Open Source Center is looking at it, and at other new media.”

Not everyone in the intelligence community sees the value in open source intelligence. “[W]e still have an education problem on both ends, both with the folks who are proponents of open source but perhaps don’t know exactly why, and folks internally who are still wondering why I am sitting at the same table they are,” said Naquin.

But further acceptance of open source intelligence, of the Internet and social media, seems inevitable in the intelligence community if only because traditional media is becoming less relevant. “What we’re seeing [in] actuality is a decline, a relatively rapid decline, in the impact of the printed press — traditional media,” said Naquin. “A lot more is digital, and a lot more is online. It’s also a lot more social. Interaction is a much bigger part of media and news than it used to be.”

Despite its name the Open Source Center hasn’t proven to be particularly open with its findings. “One area where Mr. Naquin’s Center falls short, in my opinion, is in public access to its products, which is very limited,” said Aftergood. “I know that there are some copyright barriers to open publication of foreign media items. But there shouldn’t be any such barriers to release of the Center’s own analytical products. And yet they are hard to come by. I hope this is one aspect of the Center’s activities that will be reconsidered.”

 thought the creepiest things to happen to social networking was when old guys, claiming to be eighteen-years-old started roaming social networks like MySpace and FaceBook looking to hook up with fifteen-year-olds.But now there’s a whole different kind of creepiness. And this one includes old guys in white lab coats roaming through FaceBook profiles. A bunch of scholars at Harvard University and University of California have decided to turn the vastly popular FaceBook into a giant mouse maze.

If you’re a constant visitor of the site then you’ve probably added those quirky applications that let you throw your friend out window, bake them a cake, head butt – or make up your own little creative action.

Researchers have begun studying one class of students at a particular college, where applications like ‘Hot or Not’, ‘Pirates vs. Ninjas’, and cute little digital pets have become tools in determining certain aspects of social interactions online.

The story in the New York Times didn’t specify if the class being studied knew that these creeps – I mean – scholars had informed them that they were looking at every little program they added, picture they posted, and whether or not they liked the movie Fight Club or not.

Now, I understand that if you want to get a juicy perspective on youth culture – Facebook would be a good place to start. But there’s something about social science freaks digging through my profile and trying to find meaning in the fact that I just dropkicked my friend that makes me a little uncomfortable.

Most of the time, I think social networking profiles are just a plastic exterior that doesn’t necessarily represent us as an individual. It’s more like an external attachment, like a external hard drive. It isn’t really apart of us but it can be – but it’s temporary and changes without us having to change along with it. Trying to draw together some conclusion and hidden meaning in stuff like this can only end with misinterpretations.
—Eming Piansay

Alexi Mostrous and Dominic Kennedy

Security breaches that are allowing the financial details of tens of thousands of Britons to be sold on the internet are to be investigated by the country’s information watchdog.

Without paying a single penny, The Times downloaded banking information belonging to 32 people, including a High Court deputy judge and a managing director. The private account numbers, PINs and security codes were offered as tasters by illegal hacking sites in the hope that purchases would follow.

Richard Thomas, the Information Commissioner, will begin an investigation into the security breach today and Scotland Yard is also investigating. Experts said that the findings suggested that more personal data than ever before was going astray. The Times found: More than 100 websites trafficking British bank details A fraudster offering to sell 30,000 British credit card numbers for less than £1 each A British “e-passport” for sale, although the Government insists that they are unhackable.

The discovery comes as public alarm is growing about the dangers of identity theft. HM Revenue & Customs has yet to retrieve two lost CDs containing the banking details of 25 million Britons, which ministers admitted had vanished in the post a fortnight ago. At current underworld prices, these could fetch more than £100 million if they fell into the hands of hackers.

The News of the World disclosed yesterday that it had been handed two discs mislaid by the Department for Work and Pensions containing the national insurance numbers of 18,000 claimants.

Last year The Times discovered internet chatrooms where the hacked credit card details of 400 British people were being sold every day.

A spokesman for Mr Thomas said: “We will be looking at the evidence you have provided and investigating the circumstances. This looks serious and is a matter of genuine concern.

“We can take action against UK-based organisations that flout the Data Protection Act. If some of these websites are not UK-based we will work with our counterparts in the relevant country.”

Mr Thomas will address the Commons Justice Committee tomorrow on the addional powers that he says are needed to prevent breaches of data protection. He believes that reckless failure to protect information should result in prosecution and that his staff should have powers to raid government and business premises.

Hacking sites act as online bazaars for stolen personal information. They are well run, hierarchical groups structured like businesses. Some even have review sections where buyers can recommend a particular fraudster.

Geraldine Hernon, 30, of St Ives, Cambridgeshire, was shocked to hear that her credit card number, expiry date and security number were online with her address, telephone number and e-mail address. She said: “I can’t believe it. I will have to change my whole account. It is terrifying that people have the information. It is personal information. I feel really scared.”

The bank details of Robert Seabrook, QC, a deputy judge and former chairman of the Bar Council, were also freely available. He, too, described the breach as terrifying. “I am profoundly concerned,” he said. “One reads about the anxieties of data in the public domain but it is disconcerting to hear something so personal being available. If you can get this sort of thing for free who knows what is below the water line?”

Neil Munroe, the director of the credit reference agency Equifax and an expert on internet fraud, said that the depth of information obtained by The Times was greater than he had ever seen. “The detail you have got is very disturbing,” he said. “Normally we only see credit card numbers coming up but you have got e-mails, addresses, security and PINs. Everything. It is very scary.”

Senior police officers are concerned that current methods of dealing with large-scale data protection breaches are unworkable. Detective Chief Inspector Charlie McMurdie, of the Metropolitan Police e-crime unit, said: “At the moment people report internet crimes to a local police station but no one locally has the resources to investigate properly.”

Since April customers have been told to report card crimes to their banks rather than to the police. Mr McMurdie, backed by the main banks, has asked the Home Office for £1.3 million to fund a central e-crime unit.

Stolen identities

Criminals use three main methods to extract personal information

- Viruses contained in e-mails that install malicious software to collect information such as login names, bank account details and credit card numbers. Make sure you use up-to-date antivirus software

- Handheld credit card readers are used to “skim” cards and copy data that is then used to clone another one. Check your accounts regulary for unusual transactions

- Bin raiders go through rubbish bins to find discarded bank statements and utility bills. Make sure that all personal documents are shredded before you throw them out

In October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone

By Linda Leung Framingham

Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones. In its security response, Cisco says: “an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream.”

Many users resented Facebook grabbing and sharing data

Facebook members have forced the social networking site to change the way a controversial ad system worked.More than 50,000 Facebook users signed a petition calling on the company to alter or abandon its Beacon advertising technology.

When Facebook users shopped online, Beacon told friends and businesses what they looked at or bought.

Many considered the data sharing to be an intrusion that exposed them to more scrutiny than was comfortable.

Privacy please

In response to the demands, Facebook’s 55 million members will have more control over whether data about what they do online is used for Beacon.

Before the changes, Beacon was an “opt out” system and many complained that they missed the chance to avoid using it when it was introduced in early November.

Now Beacon will be an “opt in” system that only tracks data if explicit permission is granted to Facebook to do so.

More than 40 websites, including Fandango.com, Overstock.com and Blockbuster, signed up to use Beacon software on their webpages and report what Facebook users did when they visited.

Beacon embarrassed many doing Christmas shopping online

Activist site MoveOn was at the forefront of protests against Beacon and set up the petition to gather signatures on 20 November.

“It also says a lot about the ability of internet users to band together to make a difference,” said Adam Green, a spokesman for MoveOn.

Facebook apologised for its actions via a letter on its website.

“We’re sorry if we spoiled some of your holiday gift-giving plans,” read the letter. “We are really trying to provide you with new meaningful ways, like Beacon, to help you connect and share information with your friends.”

Industry commentator Om Malik said Facebook users had to be certain to opt out completely from Beacon otherwise Facebook would still collect data from partner sites - even if that data was not shared more widely.

The changes to Beacon may not be the last that Facebook has to make to the technology.

Two rights groups, the Electronic Privacy Information Center and the Center for Digital Democracy, are believed to be compiling a complaint to the US Federal Trade Commission about it.

http://news.bbc.co.uk/1/hi/technology/7120916.stm

Governments are using the Internet to spy and launch cyberattacks that target critical systems, according to McAfee’s cybersecurity report

By Jon Brodkin

Governments and allied groups worldwide are using the Internet to spy and launch cyberattacks on their enemies, targeting critical systems including electricity, air traffic control, financial markets, and government computer networks, according to McAfee’s annual report examining global cybersecurity.

This year, China has been accused of launching attacks against the United States, India, Germany and Australia, but the Chinese are not alone: 120 countries including the United States are said to be launching Web espionage operations, according to McAfee’s Virtual Criminology Report, issued today and developed with input from NATO, the FBI, the United Kingdom’s Serious Organized Crime Agency, and various groups and universities.

“Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defenses,” McAfee states. “Attacks have progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage.”

One attack against Estonia, allegedly carried out by Russia, disrupted government, news and bank servers for several weeks in April, McAfee notes. In the United States, a Pentagon computer network allegedly was hacked by China-based perpetrators in June, the McAfee report states.

The Internet is simply a great tool for gathering intelligence, both for world powers like the United States and China and small countries with limited resources, says David Marcus, security research and communications manager at McAfee Avert Labs.
He doesn’t think cyberattacks will replace conventional warfare, but says they are becoming an important augmentation, with countries using technology to spread disinformation and disrupt communications. He also predicts it will be common for governments to license cybercriminals to attack enemies in a sort of privatized model. “We’re already starting to see that with state-sponsored malware,” he says. “I only think you’re going to start seeing more than that because it’s easier to attack government X’s database than it is to nuke their troops.”

McAfee said its research also found an increasing threat to banking and other online services, and “the emergence of a complex and sophisticated market for malware.” Malware today is more complex than ever before, capable of acting as if it were genetically modified. “These ’super-strength’ threats are more resilient, are modified over and over again like recombinant DNA,” McAfee writes. “Nuwar [Storm Worm] was the first example, and experts say there will be more examples in 2008.”

VoIP is a new target of cybercriminals, and such social-networking applications as MySpace and Facebook are sure to be exploited more often, going forward, McAfee says. NATO insiders say many governments are unaware of the Web espionage threats and have left themselves open to cyberattack.

One aspect that might be overlooked is the economy that distributes the tools of cybercrime. Software flaws are sold for as much as $75,000, and criminals can buy custom-written Trojans designed to steal credit card data. Additionally, McAfee says an “underground economy already includes specialized auction sites, product advertising and even support services, but now competition is so fierce that ‘customer service’ has become a specific selling point.”

Network World is an InfoWorld affiliate.

By Louise Story and Brad Stone
The New York Times

Faced with its second mass protest by members in its short life span, Facebook, the enormously popular social networking Web site, is reining in some aspects of a controversial new advertising program.

    Within the last 10 days, more than 50,000 Facebook members have signed a petition objecting to the new program, which sends messages to users’ friends about what they are buying on Web sites like Travelocity.com, TheKnot.com and Fandango. The members want to be able to opt out of the program completely with one click, but Facebook won’t let them.

    Late yesterday the company made an important change, saying that it would not send messages about users’ Internet activities without getting explicit approval each time.

    MoveOn.org Civic Action, the political group that set up the online petition, said the move was a positive one.

    ”Before, if you ignored their warning, they assumed they had your permission” to share information, said Adam Green, a spokesman for the group. “If Facebook were to implement a policy whereby no private purchases on other Web sites were displayed publicly on Facebook without a user’s explicit permission, that would be a step in the right direction.”

    Facebook, which is run by Mark Zuckerberg, 23, who created it while an undergraduate at Harvard, has built a highly successful service that is free to its more than 50 million active members. But now the company is trying to figure out how to translate this popularity into profit. Like so many Internet ventures, it is counting heavily on advertising revenue.

    The system Facebook introduced this month, called Beacon, is viewed as an important test of online tracking, a popular advertising tactic that usually takes place behind the scenes, where consumers do not notice it. Companies like Google, AOL and Microsoft routinely track where people are going online and send them ads based on the sites they have visited and the searches they have conducted.

    But Facebook is taking a far more transparent and personal approach, sending news alerts to users’ friends about the goods and services they buy and view online.

    Charlene Li, an analyst at Forrester Research, said she was surprised to find that her purchase of a table on Overstock.com was added to her News Feed, a Facebook feature that broadcasts users’ activities to their friends on the site. She says she did not see an opt-out box.

    ”Beacon crosses the line to being Big Brother,” she said, “It’s a very, very thin line.”

    Facebook executives say the people who are complaining are a marginal minority. With time, Facebook says, users will accept Beacon, which Facebook views as an extension of the type of book and movie recommendations that members routinely volunteer on their profile pages. The Beacon notices are “based on getting into the conversations that are already happening between people,” Mr. Zuckerberg said when he introduced Beacon in New York on Nov. 6.

    ”Whenever we innovate and create great new experiences and new features, if they are not well understood at the outset, one thing we need to do is give people an opportunity to interact with them,” said Chamath Palihapitiya, a vice president at Facebook. “After a while, they fall in love with them.”

    Mr. Palihapitiya was referring to Facebook’s controversial introduction of the News Feed feature last year. More than 700,000 people protested that feature, and Mr. Zuckerberg publicly apologized for aspects of it. However, Facebook did not remove the feature, and eventually users came to like it, Mr. Palihapitiya said. He said Facebook would not add a universal opt-out to Beacon, as many members have requested.

    MoveOn.org started the anti-Beacon petition on Nov. 20, and as of last night more than 50,000 Facebook users had signed it. Other groups fighting Beacon have about 10,000 members in total. Facebook, they say, should not be following them around the Web, especially without their permission.

    The complaints may seem paradoxical, given that the so-called Facebook generation is known for its willingness to divulge personal details on the Internet. But even some high school and college-age users of the site, who freely write about their love lives and drunken escapades, are protesting.

    ”We know we don’t have a right to privacy, but there still should be a certain morality here, a certain level of what is private in our lives,” said Tricia Bushnell, a 25-year-old in Los Angeles, who has used Facebook since her college days at Bucknell. “Just because I belong to Facebook, do I now have to be careful about everything else I do on the Internet?”

    Two privacy groups said this week that they were preparing to file privacy complaints about the system with the Federal Trade Commission. Among online merchants, Overstock.com has decided to stop running Facebook’s Beacon program on its site until it becomes an opt-in program. And as the MoveOn.org campaign has grown over the past week, some ad executives have poked fun at Facebook users.

    ”Isn’t this community getting a little hypocritical?” said Chad Stoller, director of emerging platforms at Organic, a digital advertising agency. “Now, all of a sudden, they don’t want to share something?”

    Facebook users each get a home page where they can volunteer information like their age, hometown, college and religion. People can post photos and write messages on their pages and on their friends’ pages.

    Under Beacon, when Facebook members purchase movie tickets on Fandango.com, for example, Facebook sends a notice about what movie they are seeing in the News Feed on all of their friends’ pages. If a user saves a recipe on Epicurious.com or rates travel venues on NYTimes.com, friends are also notified. There is an opt-out box that appears for a few seconds, but users complain that it is hard to find. Mr. Palihapitiya said Facebook is making the boxes larger and holding them on the Web pages longer.

    Mr. Green of MoveOn.org said that his group would be tracking the effects of the latest changes before deciding if it would still push for a universal opt-out.

    The whole purpose of Beacon is to allow advertisers to run ads next to these purchase messages. A message about someone’s purchase on Travelocity might run alongside an airline or hotel ad, for example. Mr. Zuckerberg has heralded the new ads as being like a “recommendation from a trusted friend.”

    But Facebook users say they do not want to endorse products.

    ”Just because I use a Web site, doesn’t mean I want to tell my friends about it,” said Annie Kadala, a 23-year old student at the University of North Carolina at Chapel Hill. “Maybe I used that Web site because it was cheaper.”

    Ms. Kadala found out about Beacon on Thanksgiving day when her News Feed told her that her sister had purchased the Harry Potter “Scene It?” game.

    ”I said, ‘Susan, did you buy me this game for Christmas?’” Ms. Kadala recalled. “I don’t want to know what people are getting me for Christmas.”

Feeling Betrayed, Facebook Users Force Site to Honor Their Privacy
    By Ellen Nakashima
    The Washington Post

    Friday 30 November 2007

    Sean Lane’s purchase was supposed to be a surprise for his wife. Then it appeared as a news headline - “Sean Lane bought 14k White Gold 1/5 ct Diamond Eternity Flower Ring from overstock.com” - last week on the social networking Web site Facebook.

    Without Lane’s knowledge, the headline was visible to everyone in his online network, including 500 classmates from Columbia University and 220 other friends, co-workers and acquaintances.

    And his wife.

    The wraps came off his Christmas gift thanks to a new advertising feature called Beacon, which shares news of Facebook members’ online purchases with their friends. The idea, according to the company, is to allow merchants to effectively turn millions of Facebook users into a “word-of-mouth promotion” service.

    Lane called it “Christmas ruined,” and more than 50,000 other users signed a petition in recent days calling on Facebook to stop broadcasting people’s transactions without their consent.

    Last night, Facebook backed down and announced that the Beacon feature would no longer be active for any transaction unless users click “ok.” Beacon is a core element of Facebook’s attempt to parlay the personal and behavioral information it collects about its members into a more sophisticated advertising business, an effort to turn a user’s preferences into an endorsement with commercial value.

    The merging of social networking and online advertising combines two of the most powerful forces on the Internet today, and privacy advocates say it raises issues about the way personal data are disclosed for marketing purposes.

    ”Sites like Facebook are revolutionizing how we communicate with each other and organize around issues together in a 21st century democracy,” said Adam Green, a spokesman for MoveOn.org, a liberal activist group that has launched the petition drive to pressure Facebook to stop broadcasting members’ purchases and using their names as endorsements without explicit permission. “The question is: Will corporate advertisers get to write the rules of the Internet or will these new social networks protect our basic rights, like privacy?”

    The site, which was started in a Harvard dorm room, has become a Silicon Valley powerhouse, recently valued at $15 billion. It allows its users to share messages, photos and updates on their lives.

    Facebook launched Beacon as part of a wider social advertising campaign Nov. 6, with 44 announced partners, including Overstock, Travelocity, the auction site eBay, the movie ticket site Fandango, Blockbuster and the shoe site Zappos. The Beacon feature, free to advertisers, is not restricted to commerce. A person’s high score on an online game might also be posted for friends to see.

    Facebook puts a string of code called a cookie on a user’s computer, which tracks the user on Beacon partner sites. In the version that Facebook launched, a person logged into Facebook who bought, say, a movie ticket, was alerted that the Web site was sending a “story” to his profile and had a chance to opt out - both at the merchant’s site and on his own page, Facebook says.

    But privacy advocates criticized the opt-out feature - a pop-up box - because it disappeared after a few seconds and said Facebook should allow users to turn off Beacon and include an “opt in” feature for those who wish to receive the service. Last night, Facebook apparently added an “opt in” feature for each transaction, which Green called “a huge step in the right direction,” but still did not include a way to shut off the service permanently.

    Beacon is a key part of what Facebook founder and chief executive Mark Zuckerberg, 23, called “a completely new way of advertising online.” Sometimes, ads accompany the news feeds. The ads could contain a person’s photo.

    Yesterday Facebook issued an apology on MoveOn’s Facebook page: “We’re sorry if we spoiled some of your holiday gift-giving plans.”

    In a news release last night, Facebook said “we appreciate feedback from all Facebook users and made some changes to Beacon in the past day. Users now have more control over stories that get published.”

    Marketers can target paid social ads on Facebook according to criteria such as age, gender, political views and taste in movies, Zuckerberg told media and ad executives at the launch, according to Online Media Daily.

    ”What’s unique about Facebook is it’s really turning over personal profile data to advertisers,” said Jeff Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “In essence, it’s telling advertisers, we know exactly who your targets are, what their favorite entertainment is, the books they read, the kinds of social networks they have, what their political leanings are.”

    Chester’s group, along with the U.S. Public Interest Research Group, has asked the Federal Trade Commission to investigate whether Facebook and MySpace, a rival social networking site that is also targeting members for ads, are using deceptive practices to violate people’s privacy.

    MoveOn has created a blog on its Facebook page for people to post comments. The wall contained more than 800 as of yesterday.

    They include Tasha Valdez from Michigan, who wrote: “Oh my gosh, my cousin’s entire Christmas shopping list this week was displayed on the [Facebook News] feed. That’s so messed up. This has gotta stop!”

    Beacon’s risks go beyond ruining someone’s Christmas, said Mike Rogers, editor and publisher of a gay-oriented Web site, PageOneQ. “We teach young people to be very careful about what they post and all of a sudden comes along an automated system like this. What happens if a kid is on a football team and he buys a ticket to ‘Brokeback Mountain’ [a gay-themed film]?” he said, alluding to the possibility that the youth could be outed and harassed as a result.

    For Lane, spoiling his wife’s surprise was bad enough.

    Within two hours after he bought the ring on Overstock.com, he received an instant message from his wife, Shannon: Who is this ring for?

    What ring, he messaged back, from his laptop at work in Waltham, Mass.

    She said that Facebook had just put an item on his page saying he bought a ring. It included a link to Overstock, which noted that the 51 percent discount on the ring.

    Lane, 28, a technical project manager at an online printing company, was crestfallen. He had gone to lengths to keep the ring a secret, even telling Shannon he was not going to give her jewelry this year.

    Lane complained to Overstock. Company spokesman Judd Bagley said this week that on Nov. 21, Overstock abandoned its Beacon feature until Facebook changes its practice so that users must volunteer if they want to participate.

    ”I was really disappointed because for me the whole fun of Christmas is the surprise,” said Shannon Lane, 28, who married Sean a year ago in September. “I never want to know what I’m getting.”

    ———

    Staff writer Ylan Mui contributed to this report.

YouTube stops account of Egypt anti-torture activist

Cynthia Johnston

CAIRO, Nov 27 (Reuters) - The video-sharing Web site YouTube has suspended the account of a prominent Egyptian anti-torture activist who posted videos of what he said was brutal behaviour by some Egyptian policemen, the activist said.

Wael Abbas said close to 100 images he had sent to YouTube were no longer accessible, including clips depicting purported police brutality, voting irregularities and anti-government demonstrations. YouTube, owned by search engine giant Google Inc <GOOG.O>, did not respond to a written request for comment. A message on Abbas’s YouTube user page, http://youtube.com/user/waelabbas, read: “This account is suspended.”

“They closed it (the account) and they sent me an e-mail saying that it will be suspended because there were lots of complaints about the content, especially the content of torture,” Abbas told Reuters in a telephone interview. Abbas, who won an international journalism award for his work this year, said that of the images he had posted to YouTube, 12 or 13 depicted violence in Egyptian police stations.

Abbas was a key player last year in distributing a clip of an Egyptian bus driver, his hands bound, being sodomised with a stick by a police officer — imagery that sparked an uproar in a country where rights groups say torture is commonplace.

That tape prompted an investigation that led to a rare conviction of two policemen, who were sentenced to three years in prison for torture. Egypt says it opposes torture and prosecutes police against whom it has evidence of misconduct.

YOUTUBE RULES

YouTube regulations state that “graphic or gratuitous violence” is not allowed and warn users not to post such videos. Repeat violators of YouTube guidelines may have their accounts terminated, according to rules posted on the site.

Rights activists said by shutting down Abbas’s account, YouTube was closing a significant portal for information on human rights abuses in Egypt just as Cairo was escalating a crackdown on opposition and independent journalists.

The Internet has emerged in Egypt as a major forum for critics of the Egyptian government.

“The goal is not showing the violence, it is showing police brutality. If his goal was just to focus on violence without any goal, that is a problem. But Wael is showing police brutality in Egypt,” said Gamal Eid, head of the Arabic Network for Human Rights Information.

This year, for the first time, an Egyptian court convicted and jailed a blogger over his Internet writings.

A string of court rulings since September has seen at least 12 Egyptian journalists ordered jailed on charges from defaming President Hosni Mubarak to misquoting the minister of justice.

Elijah Zarwan, a prominent blogger and activist in Egypt, said he thought it was unlikely that YouTube had come under official Egyptian pressure, and was more likely reacting to the graphic nature of the videos.

“I suspect they are doing it not under pressure from the Egyptian government but rather because it made American viewers squeamish,” he said. “But to shut them down because some people might find the truth disturbing is unconscionable.” (Writing by Cynthia Johnston)

By Ralph Lopez

Google has refused to run the following sponsored ad and link paid for by the Northeast Impeachment Coalition and YaliesForImpeachment.org:

Help Impeach Cheney NOW
Nonpartisan, the time is here.
House JC 202-225-3951 Demand ACTION
YaliesForImpeachment.org

Google’s explanation is the following:

“At this time, Google policy does not permit ad text that advocates against an individual, group, or organization. In addition, this policy doe not permit the advertisement of websites that advocate against a group protected by law.”

Protected by law? Since when is the Vice President of the United States protected from free speech? Political speech is protected speech. Cheney is a public figure. Google does run ads “against” the tobacco industry. We believe this is settled law in the print and TV worlds. Any legal beagles out there please weigh in. We’ll be forwarding this to the ACLU and the general media Monday morning. Following is the full text of the email Google sent to our coordinator. An example of political speech Google DOES allow: if you type in keywords “support the president” the following ad comes up:

Elect More Republicans
The Party of Lincoln, Reagan and You. Support the RNC today.
www.gop.com

Also included is a list of impeachment-related advertising which Google allows. What’s the difference between “Impeach Bush” and “Help Impeach Cheney Now?” Our feeling is the line is drawn at political advertising which might actually wake people up, is too effective. Please circulate widely, and in the meantime, use Yahoo for your search engine.

Encrypted E-Mail Company Hushmail Spills to Feds

By Ryan Singel

Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.”

But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.

A September court document (.pdf) from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail.

The court revelation demonstrates a privacy risk in a relatively-new, simple webmail offering by Hushmail, which the company acknowledges is less secure than its signature product.

A subsequent and refreshingly frank e-mail interview with Hushmail’s CTO seems to indicate that government agencies can also order their way into individual accounts on Hushmail’s ultra-secure web-based e-mail service, which relies on a browser-based Java encryption engine.

Since its debut in 1999, Hushmail has dominated a unique market niche for highly-secure webmail with its innovative, client-side encryption engine.

Hushmail uses industry-standard cryptographic and encryption protocols (OpenPGP  and AES 256)  to scramble the contents of messages stored on their servers. They also host the public key needed for other people using encrypted email services to send secure messages to a Hushmail account.

The first time a Hushmail user logs on, his browser downloads a Java applet that takes care of the decryption and encryption of messages on his computer, after the user types in the right passphrase. So messages reach Hushmail’s server already encrypted.  The Java code also decrypts the message on the recipient’s computer, so an unencrypted copy never crosses the internet or hits Hushmails servers.

In this scenario, if a law enforcement agency demands all the e-mails sent to or from an account, Hushmail can only turn over the scrambled messages since it has no way of reversing the encryption.

However, installing Java and loading and running the Java applet can be annoying. So in 2006, Hushmail began offering a service more akin to traditional web mail. Users connect to the service via a SSL (https://) connection and Hushmail runs the Encryption Engine on their side. Users then tell the server-side engine what the right passphrase is and all the messages in the account can then be read as they would in any other web-based email account.

The rub of that option is that Hushmail has — even if only for a brief moment — a copy of your passphrase. As they disclose in the technical comparison of the two options, this means that an attacker with access to Hushmail’s servers can get at the passphrase and thus all of the messages.

In the case of the alleged steroid dealer, the feds seemed to compel Hushmail to exploit this hole, store the suspects’ secret passphrase or decryption key, decrypt their messages and hand them over.

Hushmail CTO Brian Smith declined to talk about any specific law enforcement requests, but described the general vulnerability to THREAT LEVEL in an e-mail interview (You can read the entire e-mail thread here):

The key point, though, is that in the non-Java configuration, private key and passphrase operations are performed on the server- side.

This requires that users place a higher level of trust in our servers as a trade off for the better usability they get from not having to install Java and load an applet.

This might clarify things a bit when you are considering what actions we might be required to take under a court order. Again, I stress that our requirement in complying with a court order is that we not take actions that would affect users other than those specifically named in the order.

Hushmail’s marketing copy largely glosses over this vulnerability, reassuring users that the non-Java option is secure.

Turning on Java provides an additional layer of security, but is not necessary for secure communication using this system[…]

Java allows you to keep more of the sensitive operations on your local machine, adding an extra level of protection. However, as all communication with the webserver is encrypted, and sensitive data is always encrypted when stored on disk, the non-Java option also provides a very high level of security.

But can the feds force Hushmail to modify the Java applet sent to a particular user, which could then capture and sends the user’s passphrase to Hushmail, then to the government?

Hushmail’s own threat matrix includes this possibility, saying that if an attacker got into Hushmail’s servers, they could compromise an account — but that “evidence of the attack” (presumably the rogue Java applet) could be found on the user’s computer.

Hushmail’s Smith:

[T]he difference being that in Java mode, what the attacker does is potentially detectable by the user (via view source in the browser).

“View source” would not be enough to detect a bugged Java applet, but a user could to examine the applet’s runtime code and  the source code for the Java applet is publicly available for review. But that doesn’t mean a user could easily verify that the applet served up by Hushmail was compiled from the public source code.

Smith concurs and hints that Hushmail’s Java architecture doesn’t technically prohibit the company from being able to turn over unscrambled emails to cops with court orders.

You are right about the fact that view source is not going to reveal anything about the compiled Java code. However, it does reveal the HTML in which the applet is embedded, and whether the applet is actually being used at all. Anyway, I meant that just as an example. The general point is that it is potentially detectable by the end-user, even though it is not practical to perform this operation every time. This means that in Java mode the level of trust the user must place in us is somewhat reduced, although not eliminated.

The extra security given by the Java applet is not particularly relevant, in the practical sense, if an individual account is targeted. (emphasis added) […]

Hushmail won’t protect law violators being chased by patient law enforcement officials, according to Smith.

[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.

That’s also backed up by the fact that all Hushmail users agree to our terms of service, which state that Hushmail is not to be used for illegal activity. However, when using Hushmail, users can be assured that no access to data, including server logs, etc., will be granted without a specific court order.

Smith also says that it only accepts court orders issued by the British Columbia Supreme Court and that non-Canadian cops have to make a formal request to the Canadian government whose Justice Department then applies, with sworn affidavits, for a court order.

We receive many requests for information from law enforcement authorities, including subpoenas, but on being made aware of the requirements, a large percentage of them do not proceed.

To date, we have not challenged a court order in court, as we have made it clear that the court orders that we would accept must follow our guidelines of requiring only actions that can be limited to the specific user accounts named in the court order. That is to say, any sort of requirement for broad data collection would not be acceptable.

I was first tipped to this story via the Cryptography Mailing List, and Kevin, who had been talking with Hushmail about similar matters involving another case, followed up with Smith. We both agree Hushmail deserves credit for its frank and open replies (.pdf). Such candor is hard to come by these days, especially since most ISPs won’t even tell you how long they hold onto your IP address or if they sell your web-surfing habits to the highest bidders.