Archive for the ‘web technology’ Category

c/o TechDirt , Mike Masnick

With health care reform out of the way, lots of politicians are pushing out new legislative ideas, hoping that Congress can now focus on other issues — so we’re seeing lots of bad legislation proposed. Let’s do a two for one post, highlighting two questionable bills that many of you have been submitting. The first, proposed by Senators Schumer and Graham, is technically about immigration reform, which is needed, but what’s scary is that the plan includes yet another plan for a national ID card. Didn’t we just go through this with Real ID, which was rejected by the states? Jim Harper, who follows this particular issue more than just about anyone, has an excellent breakdown of the proposal, questioning what good a national ID does, while also pointing to the potential harm of such a plan.

Then we have the big cybercrime bill put forth by.. Senators Rockefeller and Snowe (updated, since there are two separate cybersecurity bills, and its the Rockefeller/Snowe one that has people scared), that tries to deal with the “serious threat of cybercrime.” But, of course, it already has tech companies worried about the unintended consequences, especially when it requires complying with gov’t-issued security practices that likely won’t keep up with what’s actually needed:

“Despite all [the] best efforts, we do have concerns regarding whether government can rapidly recognize best practices without defaulting to a one-size-fits all approach,” they wrote.

“The NIST-based requirements framework in the bill, coupled with government procurement requirements, if not clarified, could have the unintended effect of hindering the development and use of cutting-edge technologies, products, and services, even for those that would protect our critical information infrastructure.”

They added the bill might impose a bureaucratic employee-certification program on companies or give the president the authority to mandate security practices.


This is one of those bills that sounds good for the headlines (cybercrime is bad, we need to stop it), but has the opposite effect in reality: setting up needless “standards” that actually prevent good security practices. It’s bills like both of these that remind us that technologically illiterate politicians making technology policy will do funky things, assuming that technology works with some sort of magic.

Advertisements

c/o CLG>>CNet

WASHINGTON–The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.
FBI Director Robert Mueller supports storing Internet users’ “origin and destination information,” a bureau attorney said at a federal task force meeting on Thursday.

c/o nzherald.co.nz

An internet service launched last week by Google to help cameraphone users to identify strangers in the street has been blocked because of alarm over its threat to personal privacy.

The new service, called Goggles, is a picture search which uses images rather than words to trawl the web. By taking a picture of an object and clicking “search”, owners of smartphones can recognise landmarks, identify a species of plant or animal, or obtain tasting notes for a bottle of wine.

Users focus their phone’s camera on the object, and Google compares elements of that picture against its database.

When it finds a match, it provides the name of the object pictured and a list of results linking through to the relevant web pages and news stories. Goggles is claimed to be able to recognise tens of millions of objects and places and is growing all the time.

But the most controversial aspect of the new visual search tool is its capacity to allow users to take a photo of a stranger to find out more about them.

With millions of people having an online presence, complete with photos, on websites such as Facebook, it is possible to use the search tool to identify people, obtain contact information, and learn about their tastes in music, their friends and their background.

Google has now confirmed that it is blocking this use of Goggles until the implications have been fully explored.

Marissa Mayer, the vice-president of Google’s search product and user experience, said: “We are blocking out people’s faces if people try to use Google Goggles to search for information about them.

“Until we understand the implications of the facial-recognition tool we have decided to block out people’s faces. We need to understand how this tool affects people’s privacy and we cannot change that decision until we do.”

Angela Sasse, professor of computer science at University College London, who is researching public perceptions of privacy, said Goggles created unease because it left people with fewer hiding places. “People manage their relationships by selective disclosure,” she said.

“Only people with certain mental-health conditions disclose everything all the time. These systems [such as Goggles] lose that. You might go somewhere on the assumption that you won’t be recognised. But if people find out who you are they can see where you have been.

“We have seen this problem on Facebook where people have uploaded pictures from a party, forgetting that their bosses can see them, too.”

She said people were prepared to accept risks attached to new technology, including a loss of privacy, provided they could see the benefits. But some developments got the thumbs down. When Facebook started broadcasting what people were buying, there was a backlash as the public judged the intrusion as a step too far.

Professor Sasse said Goggles could potentially be used as a marketing tool. When surveillance cameras identified the face of someone who regularly passed by, the business might send them details of a special offer.

“People tend to have a strong reaction to that,” she said.

Google has said it has the technology to recognise faces as well as millions of other objects but admitted the service is limited. Sceptics say existing face-recognition programmes are still basic and the capacity to discriminate different faces restricted.

Professor Sasse said: “There does seem to be a certain threshold of accuracy for face recognition that has not yet been reached. At present, you need a full-face shot. The scary thing is that the next generation [of software] will be able to use a large number of images snapped from different angles so this technology is going to get more accurate.”

If Goggles proves successful, it would mark a breakthrough in the use of the mobile internet. It has a database of more than one billion images and can recognise landmarks, CD covers, logos, barcodes, books, shop fronts and business cards.

It is less successful at identifying the natural world, but that is expected to improve. It is available on phones run by Google’s mobile-operating system Android, and will later be introduced to other smartphones.

– INDEPENDENT

Keeping Personal Data Private

c/o Wall Street Journal

Senator Patrick Leahy, a Democrat of Vermont, is sponsoring a bill, the Personal Data Privacy and Security Act of 2009, that would beef up cybersecurity and make people’s personal information safer. It would require entities that keep personal data to establish effective programs for ensuring that that data is kept confidential. That could include encryption of data, although the law does not specify any security method. When there is a breach, it would require that notice be given to individuals whose personal information is exposed.

The Leahy bill applies both to the private companies and to government, which is important, since both the private and public sectors have been responsible for major data breaches in the past few years. It would require data brokers — companies that collect personal data and sell it to third parties — to inform consumers about the data they have on them and allow people to correct erroneous information. The bill also makes it a crime to intentionally conceal a security breach that exposes personal data, and it increases criminal penalties for identity theft by use of electronic personal data.

One potentially troubling aspect of the bill is that it would pre-empt, or nullify, state laws in this area. That is not a problem if the bill remains in its current form. But it should not be allowed to get weaker during the legislative process. A weak federal law that pre-empts state protections would be worse than no federal law at all.

Mr. Leahy’s bill was sent to the full Senate by the Judiciary Committee this month along with another worthy, but more limited, bill introduced by Senator Dianne Feinstein, a Democrat of California. ::: MORE HERE:::

from EFFector online

The Center for Democracy and Technology and EFF are releasing “Open Recommendations for the Use of Web Measurement Tools on Federal Government Web Sites.” (Press ReleasePDF.) The document recommends repairs to the federal guidelines that regulate the use of cookies and other “persistent tracking technologies” on government websites.

Today, these regulations are problematic: They’re both too harshly bureaucratic in some cases and too relaxed in others. They’re too harsh because ordinary government webmasters are prohibited from performing even basic traffic analysis without acquiring personal approval from their agency’s head — something they say is an insurmountable bureaucratic obstacle in many federal agencies. They’re too relaxed because they don’t reach many of the tracking technologies that are in use today. In addition, in the event that the agency head does provide this sign-off, it allows a loophole which can enable the agency to use tracking technologies with almost no oversight or accountability. EFF has recently had first hand experience with this loophole since the White House has still refused to give any explanation, much less provide the actual waiver it recently issued for use of cookies on whitehouse.gov.

As an alternative, CDT and EFF are recommending a sensible way forward: Government webmasters ought to be permitted to use modern analytics tools without agency-head approval, so long as the use of those tools is carefully overseen and meets with specific strict safeguards and requirements.

Many of these safeguards will be familiar to folks who’ve read EFF’s Best Practices For Online Service Providers: Visitor data must be speedily anonymized, and it may not be used for purposes other than traffic analysis. Visitors should be given a clear option allowing them to opt-out of tracking, and agency privacy officers must carefully review and audit the processes. And, importantly, no “agency-head approval” will be sufficient to waive these requirements.

In addition to being smart policy, the adoption of these guidelines would foster smart technology. Current web anaytics systems are notorious for hoarding data irregardless of privacy concerns. The prevailing approach is to collect as much information as possible and store it for as long as possible. To make matters worse, most systems (including the popular Google Analytics) store the data on servers that the web-manager does not own or control, increasing the likelihood that the data will be captured, leaked or misused. Adoption of these recommendations would encourage analytics providers to consider safer and smarter approaches.

The Obama Administration is expected to begin revising federal website policies soon, as part of its “Open Government” initiatives. We hope these recommendations will be incorporated. The result would be a win, both for webmasters seeking data and for citizens seeking privacy.