Blog.Ivacy.com

What’s worse than an ISP throttling your peer-to-peer traffic? An ISP throttling your peer-to-peer traffic while stepping on your privacy.

Late last week, the Canadian Internet Policy and Public Interest Clinic (CIPPIC) fired a letter to the country’s privacy czar, urging an investigation into the traffic shaping practices of mega telco Bell Canada. The University of Ottawa-affiliated law clinic suspects that Bell is not just throttling BitTorrent and other peer-to-peer traffic, but illegally monitoring the activities of millions of Canuck web surfers.

Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until Feb. 9 to respond to charges.

Switzerland has warned a company that tracks file sharers for copyright violations that its tactics violate the country’s telecommunication law.

Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until Feb. 9 to respond to the Federal Data Protection and Information Commissioner (FDPIC), said Marc Schaefer, the agency’s legal advisor.

Under Swiss law, the identity of a subscriber to an ISP can only be revealed during the course of a criminal case, not a civil one, Schaefer said. The IP address of a computer controlled by the subscriber is considered “personal” information.

In order to try to claim damages from people suspected of trading songs or movies, Logistep has asked Swiss prosecutors to open criminal cases, Schaefer said. As the criminal cases progresses, Logistep receives information from prosecutors that identifies the file sharer.

If you use the internet for any purpose that might be construed as other than respectable – be afraid. Be very afraid.

Almost unreported, the UK Criminal Justice Bill is slowly wending its way toward becoming law. It includes a section (Clause 63) on “extreme pornographic images” that may, or may not, affect a very large proportion of the adult population in the UK. But that – the Bill’s uncertain scope – is part of the problem.

On Monday 21 April, the Bill returned to the House of Lords for further debate. Lib Dem peer Baroness Miller brought forward a set of amendments that would effectively have removed the extreme porn clause from the Bill.

She pointed out that the evidence linking pornography with violence was weak and that the new rules would be out of kilter with the Obscene Publications Act. In her speech, the Baroness commented that “the Minister is in danger of leading his Government into becoming the thought police… we do not have any evidence to justify an intrusion in people’s lives”.

Further, “the Government’s contention is that by viewing it [extreme porn] people are more likely to commit violent offences. Therefore, they justify walking into people’s bedrooms and turning them into criminals simply for viewing something.”

Labour peer, Lord McIntosh of Haringey added: “What does it matter to the Government whether what we have in our homes for our own purposes is for sexual arousal or not? What is wrong with sexual arousal anyway? That is not a matter for Parliament or government to be concerned about.”

The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.

Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.

A CNET News.com review of legal documents shows that courts have approved of this technique, even though it raises questions about entrapment, the problems of identifying who’s using an open wireless connection–and whether anyone who clicks on a FBI link that contains no child pornography should be automatically subject to a dawn raid by federal police.

Roderick Vosburgh, a doctoral student at Temple University who also taught history at La Salle University, was raided at home in February 2007 after he allegedly clicked on the FBI’s hyperlink. Federal agents knocked on the door around 7 a.m., falsely claiming they wanted to talk to Vosburgh about his car. Once he opened the door, they threw him to the ground outside his house and handcuffed him.

“Like most major corporations, it is our corporate responsibility to have systems in place, including software systems, to monitor threats to our network, intellectual property and our people,” Wal-Mart spokeswoman Sarah Clark said in a statement in April. Following the Gabbard firing, Wal-Mart said it conducted a review of its monitoring activities. “There have been changes in leadership, and we have strengthened our practices and protocols in this area,” Clark said.

The New York Times has up an article discussing the trend of employers tracking the ‘free time’ activities of their employees via their web presence.

“When they do go off the clock and off the corporate network, how they spend their private time should be of no concern to their employer, even if the Internet, by its nature, makes some off-the-job activities more visible to more people than was previously possible. In the absence of strong protections for employees, poorly chosen words or even a single photograph posted online in one’s off-hours can have career-altering consequences.”

The piece likens this activity to the ‘Sociological Department’ that the Ford Company ran to monitor the home lives of their workers. Overstatement, or the corp as Big Brother?

SenatorLuddite writes

“From January 20, 2008 new content laws introduced by the Federal Government will force sites to verify the age of users before accessing content intended for mature audiences (MA15+ and R18+). The laws bring internet classification into line with Film and Book classification laws and completely prohibits X18+ and RC content from the internet. ACMA (The Australian Communications and Media Authority) claims that adults will not be affected by the new laws, yet user-generated and even chatrooms are required to be assessed for classification and powers are granted to ACMA to send ‘take down’ notices to offending sites.”

markybob writes

“An open-source bittorrent client, Deluge, now provides an internal, anonymizing browser to protect its users from overzealous ISPs. The client runs on Windows, Linux and OS X. From the site: “Everyone knows that it is common practice for ISPs to do their best to either block or throttle bittorrent users. We believe that this is wrong and unethical, as there are many legal uses for bittorrent. If an ISP is throttling or blocking bittorrent traffic, you can pretty much bet that they’re tracking which users visit bittorrent-related sites so that they can better block or throttle those users.” Their forum has more info”

Last week, Ask.com announced a feature called AskEraser (good description here), which erases a user’s search history. While it’s great to see companies using privacy features for competitive advantage, EPIC examined the feature and wrote to the company with some problems:

The first one is the fact that AskEraser uses an opt-out cookie. Cookies are bits of software left on a consumer’s computer that are used to authenticate the user and maintain information such as the user’s site preferences.Usually, people concerned with privacy delete cookies, so creating an opt-out cookie is “counter-intuitive,” the letter states. Once the AskEraser opt-out cookie is deleted, the privacy setting is lost and the consumer’s search activity will be tracked. Why not have an opt-in cookie instead, the letter suggests.

The second problem is that Ask inserts the exact time that the user enables AskEraser and stores it in the cookie, which could make identifying the computer easier and make it easy for third-party tracking if the cookie were transferred to such parties. The letter recommends using a session cookie that expires once the search result is returned.

Ask’s Frequently Asked Questions for the feature notes that there may be circumstances when Ask is required to comply with a court order and if asked to, it will retain the consumer’s search data even if AskEraser appears to be turned on. Ask should notify consumers when the feature has been disabled so that people are not misled into thinking their searches aren’t being tracked when they actually are, the letter said.

Via Schneier on security

Stony Stevenson writes

“The Software & Information Industry Association (SIIA) is offering consumers up to $500 for reporting software counterfeiters who sell their goods on online auction sites like eBay. Under the plan, anyone who unwittingly buys fake software from an online fraudster can receive up to $500 if they report the scam. SIIA said the program is a ‘don’t get mad, get even’ approach to stopping software piracy. It’s ‘a way for unsuspecting buyers to get even with auction sellers who rip them off,’ said SIIA VP Keith Kupferschmid. The campaign, launched December 13, is slated to run through January 30, 2008.”