Slashdot

sopssa sends in a TechCrunch story that begins "Several federal and regional government officials in Germany are trying to put a ban on Google Analytics, the search giant's free software product that allows website owners and publishers to get detailed statistics about the number, whereabouts, and search behavior of their visitors (and much more)." Here's Google's translation of the article from Zeit Online (original in German). A German lawyer cited there says that penalties for websites that uses Google Analytics could amount to €50,000 (about $75,000). Reader sopssa adds, "The amount of data Google collects from everywhere on the Internet is indeed huge, and website owners should be using a local open source alternative to keep visitor data private."

superglaze writes "UK mobile broadband providers currently have no way of telling which subscribers are file-sharing which copyrighted content, ZDNet UK reports. This represents something of a problem for new laws that have been proposed to crack down on unlawful file-sharing. According to the article, databases (tracking IP address mappings) could be built to make it possible to identify what specific users are downloading, but the industry is loathe to fund this sort of project itself. Also, as an analyst points out in the piece, users of prepaid phone cards are mostly anonymous in the UK, which creates another challenge for the government's plans. And if that isn't enough, connection-sharing apps like JoikuBoost would make identification pretty much impossible anyway."

Sockatume writes "The UK's Human Genetics Commission has published its report on the collection of DNA by the Police forces in England and Wales. Currently, Police collect DNA from every suspect in a case which could lead to a criminal record, and retain that material, which the European Court of Human Rights has ruled illegal. The government plans to keep all DNA samples for suspects from England, Wales and Northern Ireland for up to six years, except for DNA from individuals arrested during terrorism-related investigations, which will be retained forever. The report states that the police frequently performed arrests solely to collect DNA, that certain demographics (such as young, black men) were 'very highly over-represented,' that there was 'very little concrete evidence' that the DNA database had any actual use in investigating crime, and that the database contained material from individuals arrested in Scotland and Northern Ireland, outside its remit. Of the 4.5m individuals in the database, a fifth have never received any convictions or cautions from the Police. The report recommends that an independent advisory body oversee the database, and that laws be passed to limit the uses of the database, while tracking those with access to it, and making misuse of the information a criminal offence."

No. 24601 writes "A Quebec woman on long-term sick leave, due to a diagnosis of depression, lost her health benefits after her insurance provider found photos of her on Facebook smiling and looking cheerful at parties and out on the beach. Besides all the obvious questions, how did the insurance company access her locked Facebook profile?"

After the report last week that Brazil's e-voting machines had withstood the scrutiny of a team of invited hackers, reader ateu writes with news that a hacker has shown that the Linux-based voting machines aren't perfectly safe; he was able to eavesdrop on them (translated from Portuguese) by means of Van Eck phreaking.

Bourdain writes with news out of the University of Arkansas, where researchers are looking for ways to combat counterfeit RFID tags. Passive tags typically wait for a reader to transmit a signal of the appropriate strength and frequency before sending their own transmission. The scientists found that the amount of power required to trigger this varies quite a bit from one tag to the next, especially when many different frequencies are sampled. This and other physical characteristics give the tag its own "fingerprint" that is independent of the signal information stored in its memory, which the researchers say will facilitate the detection of cloned tags.

CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."

Presto Vivace writes "Brian Krebs of the Washington Post reports on a study jointly released Tuesday by the Ontario Information and Privacy Commissioner and the Future of Privacy Forum. It seems that in the process of collecting all that feedback about energy use, utility companies will inevitably collect a great deal of information about us. From the article: 'Instead of measuring energy use at the end of each billing period, smart meters will provide this information at much shorter intervals, the report notes. Even if electricity use is not recorded minute by minute, or at the appliance level, information may be gleaned from ongoing monitoring of electricity consumption such as the approximate number of occupants, when they are present, as well as when they are awake or asleep. For many, this will resonate as a "sanctity of the home" issue, where such intimate details of daily life should not be accessible.'"

DesScorp writes "Over the past few years, the City of Chicago has installed video cameras all over the city. Now the Wall Street Journal reports that the city has not only installed its own cameras for law enforcement purposes, but with the aid of IBM, has built a network that possibly links thousands of video surveillance cameras all over Chicago. Possibly, because the city refuses to confirm just how many cameras are in the network. Critics say that Chicago is becoming the city of Big Brother. 'The city links the 1,500 cameras that police have placed in trouble spots with thousands more—police won't say how many—that have been installed by other government agencies and the private sector in city buses, businesses, public schools, subway stations, housing projects and elsewhere. Even home owners can contribute camera feeds. Rajiv Shah, an adjunct professor at the University of Illinois at Chicago who has studied the issue, estimates that 15,000 cameras have been connected in what the city calls Operation Virtual Shield, its fiber-optic video-network loop.' There are so many camera feeds coming in that police and officials can't monitor them all, but when alerted to a situation, can zoom in on the area affected. The ACLU has requested a total number of video feeds and cameras, but as of yet, this information has not been supplied."

wiedzmin writes "DeCODE Genetics, a genetics research firm from Iceland, has filed for bankruptcy in the US, and Saga Investments, a US venture capital firm, has already put in a bid to buy deCODE’s operations, raising privacy concerns about the fate of customer DNA samples and records. The company hasn’t disclosed how many clients signed up for its service, but provides a number of customer testimonials on its site, including Dorrit Mousaieff, Iceland’s first lady."

angry tapir writes "Workers at T-Mobile UK have been selling customer data to brokers who worked for the competition, according to T-Mobile and the UK's Information Commissioner's Office. Criminal charges are being prepared. 'Many thousands' of customers' account details, millions of records, were sold to several brokers for substantial amounts of money, the ICO said. In an announcement (PDF) from the ICO, the agency does not name the operator involved, but T-Mobile acknowledged that it had alerted ICO about the data breach. The BBC reports that after the other mobile operators said they were not the subject of the investigation, T-Mobile confirmed its involvement."

ndogg writes "Earlier this year, there was much ado about a Ron Paul staffer, Steve Bierfeldt, being detained by the TSA for carrying large sums of money. The ACLU sued on his behalf, and the TSA changed its rules, now stating that its officers can only screen for unsafe materials. With that, the ACLU dropped its suit. '[Ben Wizner, a staff lawyer for the ACLU, said] screeners get a narrow exception to the Fourth Amendment, which prohibits unreasonable searches, strictly to keep weapons and explosives off planes, not to help police enforce other laws.'"

Jason Levine writes "Wolfgang Werlé and Manfred Lauber killed a German actor in 1990. Now that they are out of prison, German law states that they can't be referred to by name in relation to the killings. Therefore, they have sued to get Wikipedia to remove their names from the Wikipedia article about the killings. The German edition of Wikipedia has already complied, but the English edition is citing US freedom of speech and a lack of presence in Germany as reasons why they don't need to remove the name. In a bit of irony, their lawyer e-mailed the NY Times: 'In the spirit of this discussion, I trust that you will not mention my clients' names in your article.'"

Reader whencanistop writes with some details on an upcoming EU law that slipped under the radar as it was part of the package containing the "three strikes" provision, which attracted all the attention and criticism. "A couple of weeks ago we discussed the EU cookie proposal, which has now been passed into law. While the original story broke on the Out-law blog from a law perspective ('so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point'), there has now been followup from a couple of industry insiders. Aurelie Pols of the Web Analytics Association has blogged on how this will affect websites that want to monitor what people are looking at on their sites, while eConsultancy has blogged on how this will impact the affiliate industry. In all of this the general public is being ignored — the people who, if the law is actually implemented, will have to proceed through ridiculous screens of text every time they access a website. I know most of you guys hate cookies in general, but they are vital for websites to know how people are accessing the sites so they can work out how to improve the experience for the user."

alphadogg writes "Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the US. The flaws they've found 'represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,' the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago. Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack."

LegalReader writes "An Illinois judge has decided that an anonymous commenter on a newspaper website will be unmasked, even though the mother of a teen about whom 'Hipcheck16' allegedly made 'deeply disturbing' comments hasn't yet decided whether to sue over the posting."

DesScorp writes "In a case that tests whether online and independent journalism has the same protections as mainstream journalism, the Justice Department sent Indymedia a grand jury subpoena. It requires a list of all visitors on a day, and further, a gag order to Indymedia 'not to disclose the existence of this request.' CBS reports that 'Kristina Clair, a 34-year-old Linux administrator living in Philadelphia who provides free server space for Indymedia.us, said she was shocked to receive the Justice Department's subpoena,' and that 'The subpoena from US Attorney Tim Morrison in Indianapolis demanded "all IP traffic to and from www.indymedia.us" on June 25, 2008. It instructed Clair to "include IP addresses, times, and any other identifying information," including e-mail addresses, physical addresses, registered accounts, and Indymedia readers' Social Security Numbers, bank account numbers, credit card numbers, and so on.' Clair is being defended by the Electronic Frontier Foundation."

PeterAitch writes "The UK government's Home Office has put a hold on their surveillance project to track details of everybody's email, mobile phone, text, and Web use after being warned of problems with privacy as well as technical feasibility and high costs." Four hours before the above Guardian story was filed, the BBC reported that the same Home Office insisted that it will push ahead with plans "to compel communication service providers to collect and retain records of communications from a wider range of internet sources, from social networks through to chatrooms and unorthodox methods, such as within online games."

2muchcoffeeman writes "The Associated Press tells the story of Michael Fiola, a former Massachusetts government employee who was arrested in 2007 after child porn was found on his state-issued laptop computer. He was eventually cleared of all charges after some digging by the defense found that the laptop was infected with malware that was 'programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half. Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.' The article also discusses the technical aspects of how it could happen and about similar cases in the United Kingdom in 2003."

pdclarry writes "Storm8, a maker of some top iPhone games, allegedly stole users' mobile phone numbers, according to a lawsuit filed on November 4. The suit claims that best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. There have been other reports of applications copying personally identifiable customer information in the past. The complaint seeks class-action status."