schwit1 writes "Like emails and documents stored in the cloud, your prescription medical records may have a tenuous right to privacy. In response to a lawsuit filed by the American Civil Liberties Union (ACLU) over the privacy of certain medical records, the U.S. Drug Enforcement Administration is arguing (ACLU response) that citizens whose medical records are handed over to a pharmacy — or any other third-party — have 'no expectation of privacy' for that information." Oregon mandates that pharmacies report information on people receiving certain drugs to a centralized database (ostensibly to "...help people work with their health care providers and pharmacists to know what medications are best for them."). State law does allow law enforcement to access the records, but only with a warrant. The DEA, however, thinks that, because the program is public, a citizen is knowingly disclosing that information to a third party thus losing all of their privacy rights (since you can always just opt out of receiving medical care) thanks to the Controlled Substances Act. The ACLU and medical professionals (PDF) don't think there's anything voluntary about receiving medical treatment, and that medical ethics override other concerns.

Hugh Pickens DOT Com writes "The Guardian reports that Brazilian President Dilma Rousseff launched a blistering attack on US espionage at the UN general assembly, accusing the NSA of violating international law by its indiscriminate collection of personal information of Brazilian citizens and economic espionage targeted on the country's strategic industries. 'Personal data of citizens was intercepted indiscriminately. Corporate information – often of high economic and even strategic value – was at the center of espionage activity,' said Rousseff. 'Brazilian diplomatic missions, among them the permanent mission to the UN and the office of the president of the republic itself, had their communications intercepted.' Rousseff's angry speech was a direct challenge to President Barack Obama, who was waiting in the wings to deliver his own address to the UN general assembly, and represented the most serious diplomatic fallout to date from the revelations by former NSA contractor Edward Snowden. Washington's efforts to smooth over Brazilian outrage over NSA espionage have so far been rebuffed by Rousseff, who has proposed that Brazil build its own internet infrastructure. 'Friendly governments and societies that seek to build a true strategic partnership, as in our case, cannot allow recurring illegal actions to take place as if they were normal. They are unacceptable.'"

Hugh Pickens DOT Com writes "Danny Sullivan reports that in the past month, Google has quietly made a change aimed at encrypting all search activity to provide 'extra protection' for searchers, and possibly to block NSA spying activity. In October 2011, Google began encrypting searches for anyone who was logged into Google. The reason given was privacy. Now, Google has flipped on encryption for people who aren't even signed-in. In June, Google was accused of cooperating with the NSA to give the agency instant and direct access to its search data through the PRISM spying program, something the company has strongly denied. 'I suspect the increased encryption is related to Google's NSA-pushback,' writes Sullivan. 'It may also help ease pressure Google's feeling from tiny players like Duck Duck Go making a "secure search" growth pitch to the media.'"

chicksdaddy writes "In an important move, the U.S. Food & Drug Administration (FDA) has released final guidance to mobile application developers that are creating medical applications to run on mobile devices. Some applications, it said, will be treated with the same scrutiny as traditional medical devices. The agency said on Monday that, while it doesn't see the need to vet 'the majority of mobile apps,' because they pose 'minimal risk to consumers,' it will exercise oversight of mobile medical applications that are accessories to regulated medical devices, or that transform a mobile device into a regulated medical device. In those cases, the FDA said that mobile applications will be assessed 'using the same regulatory standards and risk-based approach that the agency applies to other medical device.' The line between a mere 'app' and a 'medical device' is fuzzy. The FDA said it will look to the 'intended use of a mobile app' when determining whether it meets the definition of a medical 'device.' The Agency may study the labeling or advertising claims used to market it, or statements by the device maker and its representatives. In general, 'when the intended use of a mobile app is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment or prevention of disease, or it is intended to affect the structure of any function of the body of man, the mobile app is a device.'"

On September 9, The Internet Society issued a position paper in which it said the group "...is alarmed by continuing reports alleging systematic United States government efforts to circumvent Internet security mechanisms," and went on to say, "The Internet Society President and CEO, Lynn St. Amour, said, 'If true, these reports describe government programmes that undermine the technical foundations of the Internet and are a fundamental threat to the Internet’s economic, innovative, and social potential. Any systematic, state-level attack on Internet security and privacy is a rejection of the global, collaborative fabric that has enabled the Internet's growth to extend beyond the interests of any one country.'" Those are tough words from an international organization that usually spends its time bringing the Internet to people in out-of-the-way villages and sponsoring the Internet Engineering Task Force. You can join the Internet Society for as little as $0 per year, and possibly help beat back some of the U.S. government eavesdropping and encryption circumvention efforts. And if you can make it to San Francisco on October 2, you can attend a (free) Internet Society discussion. Meanwhile, today's Slashdot interviewee is Paul Brigner, the Internet Society Regional Bureau Director for North America, who talks about the Internet Society in general, as well as the group's reaction to the U.S. government's online surveillance.

hackingbear writes "Beijing has made the landmark decision to lift a ban on internet access within the Shanghai Free-trade Zone to foreign websites considered politically sensitive by the Chinese government, including Facebook, Twitter and newspaper website The New York Times. The new free trade zone would also welcome bids from foreign telecommunications companies for licenses to provide internet services within the new special economic zone to compete with the state-owned China Mobile, China Telecom and China Unicom; the big three telcos didn't raise complaints as they knew it was a decision endorsed by top Chinese leaders including Premier Li Keqiang, who is keen to make the free-trade zone a key proving ground for significant financial and economic reforms, the sources added. The decision to lift the bans, for now, only applies to the Zone and not elsewhere in China. 'In order to welcome foreign companies to invest and to let foreigners live and work happily in the free-trade zone, we must think about how we can make them feel like at home. If they can't get onto Facebook or read The New York Times, they may naturally wonder how special the free-trade zone is compared with the rest of China,' said one of the government sources who declined to be named due to the highly sensitive nature of the matter."

New submitter newbie_fantod writes "Ignoring the fact that the surest way to get a child to do something is to tell them not to, the RIAA and MPAA have developed an anti-piracy curriculum for kindergarten through grade 6. The pilot project is scheduled for testing in California schools later this year." Mitch Stoltz, an EFF attorney, isn't impressed: “It suggests, falsely, that ideas are property and that building on others’ ideas always requires permission,” Stoltz says. “The overriding message of this curriculum is that students’ time should be consumed not in creating but in worrying about their impact on corporate profits.”

An anonymous reader writes "France has proposed the European Union study taxing companies for transferring personal data outside of the bloc ... The proposal is part of a series France has made ahead of an EU summit next month ... Both transfers of data inside companies, such as sending information on employees from a European subsidiary to a non-EU parent, and between companies are affected. Transfer of personal data often happens when companies outsource certain tasks such as customer sales and help lines to offshore call centres."

Hugh Pickens DOT Com writes "Reuters reports that nineteen companies caught writing fake reviews on websites such as Yelp, Google Local and CitySearch have been snared in a year-long sting operation by the New York Attorney General and will pay $350,000 in penalties. The Attorney General's office set up a fake yogurt shop in Brooklyn, New York, and sought help from firms that specialize in boosting online search results to combat negative reviews. Search optimization companies offered to post fake reviews of the yogurt shop, created online profiles, and paid as little as $1 per review to freelance writers in the Philippines, Bangladesh and Eastern Europe. To avoid detection the companies used 'advanced IP spoofing techniques' to hide their true identities. 'This investigation into large-scale, intentional deceit across the Internet tells us that we should approach online reviews with caution,' said Attorney General Eric Schneiderman. 'More than 100 million visitors come to Yelp each month, making it critical that Yelp protect the integrity of its content,' said Aaron Schur, Yelp's Senior Litigation Counsel."

McGruber writes "Today, Former FBI agent Donald John Sachtleben has agreed to plead guilty to leaking secret government information about a bomb plot to the Associated Press. In May, Sachtleben agreed to plead guilty to unrelated charges of possessing and distributing child pornography, and to pay restitution to an identified victim portrayed in the images and videos he allegedly possessed." The deal includes a prison sentence of three years and seven months, and "If accepted by a judge, the prison sentence would be the longest ever handed down in a civilian court for a leak of classified information to a reporter."

colinneagle writes "Members of an FAA advisory panel are reportedly meeting this week to make changes to the ban on the use of electronic devices on an airplane during takeoff and landing. The new regulations will allow the use of electronic devices to access content stored on the devices, including e-books, music, podcasts, and video. Sending emails, connecting to Wi-Fi, and making phone calls will still be prohibited. The announcement is expected to be made later this month, and the rules put into effect next year, according to the report."

Hugh Pickens DOT Com writes "Bruce Schneier writes that lots of people discount the seriousness of the NSA's actions by saying that it's just metadata — after all the NSA isn't really listening in on everybody's calls — they're just keeping track of who you call. 'Imagine you hired a detective to eavesdrop on someone,' writes Schneier. 'He might plant a bug in their office. He might tap their phone.' That's the data. 'Now imagine you hired that same detective to surveil that person. The result would be details of what he did: where he went, who he talked to, what he looked at, what he purchased — how he spent his day. That's all metadata.' When the government collects metadata on the entire country, they put everyone under surveillance says Schneier. 'Metadata equals surveillance; it's that simple.'"

NewYorkCountryLawyer writes "In a recent 56-page decision (PDF) in Capitol Records v. Vimeo, LLC, a federal court in Manhattan found Vimeo to be covered by the Digital Millenium Copyright Act, rejecting Capitol Records' arguments that it was not entitled to the statute's "safe harbor". However, Vimeo is not yet out of the woods in this particular case, as the Court found factual issues — requiring a trial — as to 10 of the videos on the question of whether they were uploaded at the direction of Vimeo users, and as to 55 of the videos whether Vimeo had actual knowledge, or red flag knowledge, as the existence of an infringement."

necro81 writes "Hyperlinks are not forever. Link rot occurs when a source you've linked to no longer exists — or worse, exists in a different state than when the link was originally made. Even permalinks aren't necessarily permanent if a domain goes silent or switches ownership. According to new research from Harvard Law, some 49% of hyperlinks in Supreme Court documents no longer point to the correct original content. A second study on link rot from Yale stresses that for the Court footnotes, citations, parenthetical asides, and historical context mean as much as the text of an opinion itself, which makes link rot a threat to future scholarship."

cold fjord writes "The Hill reports, 'The National Security Agency has posted a job opening for a privacy and civil liberties officer. The position was first mentioned last month, when President Obama outlined his plans to bring more transparency to the NSA surveillance programs. A White House press release said the agency was "taking steps to put in place a full time Civil Liberties and Privacy Officer."' — From the NSA job posting: 'The NSA Civil Liberties & Privacy Officer (CLPO) is conceived as a completely new role, combining the separate responsibilities of NSA's existing Civil Liberties and Privacy (CL/P) protection programs under a single official. The CLPO will serve as the primary advisor to the Director of NSA for ensuring that privacy is protected and civil liberties are maintained by all of NSA's missions, programs, policies and technologies. This new position is focused on the future, designed to directly enhance decision making and to ensure that CL/P protections continue to be baked into NSA's future operations, technologies, tradecraft, and policies. The NSA CLPO will consult regularly with the Office of the Director of National Intelligence CLPO, privacy and civil liberties officials from the Department of Defense and the Department of Justice, as well as other U.S. government, private sector, public advocacy groups and foreign partners. '"

Last year, Canonical drew heat for the troublesome privacy implications that people like Richard Stallman saw in its in-built search-and-shopping facilities. An anonymous reader now writes "Long story short — Canonical now makes the user's data anonymous."

rroman writes "RSA has recommended developers not to use Dual_EC_DRBG random number generator (RNG), which has been known to be weak and slow since 2006. The funny thing is, that even though this has been known for so long, it is the default RNG in BSafe cryptographic toolkit, which is product of RSA."

An anonymous reader writes "The National Security Agency sent a letter to its employees, affiliates and contractors to reassure them that the NSA is not really an abusive and unchecked spying agency engaged in illegal activity." Whatever you think of the commentary, you can read the original, attached to the linked story.

cold fjord writes with this Business Week report: "LinkedIn Corp. ... was sued by customers who claim the company appropriated their identities for marketing purposes by hacking into their external e-mail accounts and downloading contacts' addresses. The customers, who aim to lead a group suit against LinkedIn, asked a federal judge in San Jose, California, to bar the company from repeating the alleged violations and to force it to return any revenue stemming from its use of their identities to promote the site ... 'LinkedIn's own website contains hundreds of complaints regarding this practice,' they said in the complaint filed Sept. 17. ... LinkedIn required the members to provide an external e-mail address as their username on its site, then used the information to access their external e-mail accounts when they were left open ... 'LinkedIn pretends to be that user and downloads the e-mail addresses contained anywhere in that account to LinkedIn's servers,' they said. 'LinkedIn is able to download these addresses without requesting the password for the external e-mail accounts or obtaining users' consent.'" "This puts an interesting twist on LinkedIn's recent call for transparency," adds cold fjord. (More at Bloomberg.)

judgecorp writes "Another British bank — Barclays — has been hit by a fraud attempt using a stealthily-planted KVM (keyboard, video, mouse) device. Unlike the previous attempt on Santander, the crooks got away with £1.3 million, but were subsequently apprehended by the Metropolitan Police's Central e-Crimes Unit."