|
|
Spyware and Privacy News
Archive
January - December 2002
Welcome to our Spyware and Privacy News Archives section. Here
you will find links to additional information and up to date news
and editorial articles about regarding-line privacy. This section
is a supplement to our other sections which have lots of great
information about privacy, legal rights, and unethical advertising
practices. We hope that you will enjoy checking out the remainder
of our site to find out how about scammers and advertisers are
collecting & selling data on consumers and stealing web traffic
and how web site owners. Since many legal cases take months or
years to complete the stories are picked up and continued in other
months as the case develops and progresses.
(Update: Newsbytes.com has been taken over by the Washington
Post Company. The links to articles that were in the Newsbytes
archives are no longer active. Many of the articles are still
available on line through other news sources. Please feel free
to search google for additional links to articles originally appearing
on Newsbytes.
December 2002
Year in Privacy: Citizens Lose
Commentary by Lauren Weinstein | Also by this reporter Page
1 of 1
02:00 AM Dec. 30, 2002 PT
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety."
Ben Franklin wrote those words over 200 years ago, and, as we
reach the end of 2002, the state of important liberties around
the world appears to be degenerating rapidly, particularly in
the area of privacy concerns.
http://www.wired.com/news/privacy/0,1848,56954,00.html
Lax Security: ID Theft Made Easy
By Michelle Delio | Also by this reporter Page 1 of 2 next »
02:00 AM Dec. 02, 2002 PT
The people charged last week with stealing the identities of
at least 30,000 Americans weren't criminal masterminds.
They simply took advantage of sloppy security practices that
allowed them easy and unrestricted access to sensitive data.
http://www.wired.com/news/privacy/0,1848,56623,00.html
HACKER HEIST HAD A 'KINK' IN IT: FEDS
By DAN MANGAN NY Post
December 21, 2002
A 24-year-old Queens man hacked into the computers of about
15 people and tried to steal their financial information by
laying a trap at various Kinko's stores throughout the city,
prosecutors said. Jiang's scheme was detected when a subscriber
heard his home computer turn on without him doing anything.
As he watched, the computer tried to open an online payment
service account. The victim also saw his computer accessing
the Web site for his American Express Corporate card.
http://www.nypost.com/news/regionalnews/27562.htm
New network worm spreading: CERT
December 19 2002
The Computer Emergency Response Team's Coordination Center says
it has received plenty of reports to date to indicate that thousands
of systems are scanning in a manner consistent with known behaviour
of the new Windows network worm which was discovered on 16 December.
http://www.theage.com.au/articles/2002/12/19/1040174335472.html
E-card virus warning for Christmas
By Lyndsey Steven
CNN
Thursday, December 19, 2002
Safe surfing: A virus could ruin your Christmas. Sophisticated
computer viruses are hiding behind some Christmas e-cards, wrecking
the season of goodwill, analysts warn. Thousands of European
companies fall prey to viruses every month, and this figure
is rising as more employees send Christmas cards through cyberspace.
A new virus called Yaha was identified by London-based watchdog
Message Labs on December 13. Meanwhile new versions of the existing
Trojan, Bride B and Happy 99 viruses are also spreading in the
Christmas boom. http://www.cnn.com/2002/TECH/12/17/ecard.virus/index.html
Prestige Spreads E-Mail Bug
Sunken Oil Tanker Near Spain Could Muck Up the Net
By Becky Worley, Tech Live
Dec. 16
The threat of massive ecological damage has given the sunken
Prestige oil tanker worldwide media coverage. Now, a virus writer
hoping to capitalize on the ship's sinking has created a worm
distributed via an attachment that promises pictures of the
ship.
http://abcnews.go.com/sections/scitech/TechTV/techtv_prestigevirus021216.html
Briton admits creating notorious computer viruses
21 December, 2002
LONDON (Reuters) - A British man admitted on Friday to creating
three computer viruses which he spread around the globe, including
one rated the world's third most prolific.
http://asia.reuters.com/
New 'Iraq oil' network worm found
ITworld.com 12/17/02
Paul Roberts, IDG News Service, Boston Bureau
A new network worm that spreads through shared folders on machines
running Microsoft Corp.'s Windows NT, 2000 and XP operating
system has been detected, according to advisories posted by
a number of antivirus software makers Tuesday. Unlike other
worms that spread through mass e-mailing, Lioten scans the Internet
for vulnerable Windows machines that are sharing folders with
other users on a home or business network.
http://www.itworld.com/Sec/3832/021217iraqworm/
November 2002
Fraud Case: Greed Bred Sloppiness
By Michelle Delio
02:00 AM Nov. 27, 2002 PT
NEW YORK -- Unbridled greed proved the ultimate undoing of an
identity theft crime ring that ripped off thousands of Americans,
according to law enforcement officials.
The criminals' repeated data downloads coupled with escalating
consumer complaints eventually aroused curiosity at credit reporting
agencies, leading to the arrest of three men who officials said
were the primary perpetrators of the scam.
http://www.wired.com/news/privacy/0,1848,56593,00.html
Parents Abuse Kids' Good Credit
Associated Press Page 1 of 1
11:42 AM Nov. 25, 2002 PT
CHICAGO -- It was her first credit card application, or so she
thought, prompted by an offer on her Ohio college campus for
a free T-shirt.
But a rejection letter uncovered troubling news someone had
already opened four credit cards in her name and racked up $50,000
in debt.
http://www.wired.com/news/privacy/0,1848,56570,00.html
Mass Theft of Identities Alleged
30,000 Victimized; U.S. Charges Computer Worker
By Brooke A. Masters
Nov 26, 2002
A computer help-desk employee with access to sensitive passwords
from banks and credit companies has been charged with stealing
financial information on thousands of Americans in what federal
prosecutors said yesterday could be the largest case of identity
fraud ever detected.
Philip Cummings, 33, appeared in U.S. District Court in Manhattan
to face charges that he and another man downloaded the personal
information of 30,000 people over three years. The two would
get reports from the major credit reporting bureaus using Cummings's
access to passwords belonging to Ford Motor Credit Co., Washington
Mutual Bank and other financial institutions.
Federal prosecutors allege that they then sold lists of credit
card numbers, checking accounts and other personal information
to scam artists, splitting a fee of $60 per name. Authorities
said early efforts to track down victims have so far turned
up $2.7 million in losses.
"With a few keystrokes, these men essentially picked the
pockets of tens of thousands of Americans and in the process
took their identities, stole their money and swiped their security,"
Manhattan U.S. Attorney James B. Comey said at a news conference
announcing the arrests.
Credit companies have long relied on big central databases to
help lenders decide which applications to approve, and the federal
government is now looking at tapping the same information to
improve homeland security.
But the ease with which Cummings and his confederate are alleged
to have stolen and sold highly valuable information raises major
questions about the security of such efforts, privacy experts
said.
Cummings worked at Teledata Communications Inc. -- a Long Island,
N.Y., company that provides lenders with software, terminals
and support to help them tap the major credit databases kept
by Equifax Inc., Experian Information Solutions Inc. and TransUnion
LLC. His ability to pull credit information did not initially
raise eyebrows among the credit agencies, according to court
documents and officials familiar with the case. Instead, the
agencies began to investigate only after consumers questioned
why the agencies were issuing credit reports without their authorization.
"Whatever controls there are on the systems that make data
available clearly aren't working," said Robert Gellman,
a privacy consultant in the District. "Identity theft is
not a retail operation anymore, it's a wholesale business."
According to a criminal complaint unsealed yesterday, help-desk
employees generally had access to password and access-code information.
Beginning in 2000, Cummings took requests from up to 20 people
in the Bronx and Brooklyn, running specific names for $60 apiece,
the complaint said. The victims were generally not customers
of Ford or the financial institutions that supplied the passwords.
Cummings and his accomplice accessed the credit bureaus' databases
from a personal laptop, according to court documents. Between
April 2001 and February 2002, they used a password from the
Ford Motor Credit branch in Grand Rapids, Mich., to download
more than 13,000 credit reports. When consumers began to complain
about unauthorized credit checks, Ford changed the password,
reported the problem to the FBI and sent letters to people whose
information had been accessed, officials said.
But the accused moved on, the complaint said. Using the same
New Rochelle, N.Y., phone numbers, they posed as a Washington
Mutual branch in Florida, a Dollar Bank in Cleveland, an apartment
company in Houston and the Community Bank Chaska of Chaska,
Minn. They downloaded hundreds of reports at a time, the complaint
said.
Some victims have reported unauthorized charges on their credit
cards, money lost from their bank accounts, or use of their
identities on credit card and loan applications, federal officials
said.
If convicted of wire fraud, Cummings faces up to 30 years in
prison, plus up to five years in jail for conspiracy. He was
released by a federal magistrate in New York after posting a
$500,000 bond, and his attorney declined to comment, according
to the Associated Press.
"The defendants took advantage of an insider's access to
sensitive information much in the same way that a gang of thieves
might get the combination to the bank vault from an insider.
But the potential windfall was probably far greater than the
contents of a bank, and . . . they didn't even need a getaway
car," said Kevin P. Donovan, the head of the FBI's New
York field office.
Marty Abrams, executive director of the Center for Information
Policy Leadership, said the case demonstrates how identity theft
has grown from a petty crime to a major national problem. "It's
an expanding crime, and it's one that really bugs consumers.
It's also one that law enforcement is still trying to get its
arms around," he said.
Edmund Mierzwinski, consumer program director of the U.S. Public
Interest Research Group, said the problem will grow worse unless
companies take it more seriously.
http://www.washingtonpost.com/
MSNBC: What's Real, What's a Scam? EBay Users Wondering
Story Highlights: "EBay.com users are being peppered by
e-mails saying there has been a security problem at the Web
site, and requesting new account and password information..."
"The problem: Some of the e-mails are legitimate, some
are scams, and it's hard to tell the difference. And a recent
programming glitch at eBay may actually have made life easier
for the con artists..." SCAM ARTISTS HAVE spent years
fishing for passwords to accounts on everything from eBay to
AOL by sending out e-mail to users, asking them to “update”
their account information. The e-mail then contains a link to
a Web site that’s designed to look legitimate, but is actually
controlled by the hacker.
More on this story at:
http://www.msnbc.com/news/837882.asp?0cv=TA01
EBay: Some accounts compromised
By Bob Sullivan
MSNBC
Nov. 19 — EBay.com has begun sending notices out to some
customers, with a warning that their accounts with the online
auctioneer have been compromised. Con artists often try to “hijack”
eBay accounts in order to use them for fraudulent sales. That
way, the con artist can take advantage of a legitimate eBay
user’s good ratings. Hijacking has been going on for years,
and it can be as simple as a criminal correctly guessing an
obvious password. Criminals also trick users into divulging
their passwords, using spam to send out fake “please update
your password” notices that include a link to a look-alike
eBay site that’s really run by the con artists. http://www.msnbc.com/news/837329.asp?0si=-&cp1=1
BugBear Tops Virus Charts as Klez Refuses To Die
"The nasty BugBear worm finally displaced the irksome Klez-H
as the most common virus circulating on the Internet this month..."
"That's according to monthly statistics from managed services
firm MessageLabs, which show it blocked 576,286 copies of BugBear
over the last four weeks..."
More on this story at:
http://www.theregister.co.uk/content/56/27876.html
New Virus Spreads via E-Mail and File-Sharing Networks
ABC News Story Highlights: "There's another new virus on
the loose, only this one poses as a fix for other viruses and
spreads on popular peer-to-peer (P2P) file sharing networks..."
"The Merkur worm is a Visual Basic script that spreads
through file sharing networks such as KaZaA, Bearshare and eDonkey,
as well as through mIRC, an Internet Relay Chat program..."
More on this story at:
http://abcnews.go.com/sections/scitech/TechTV/techtv_merkurworm021030.html
CNN: E-Mail Greeting Card Hides Porn
Story Highlights: "The e-mail looks harmless enough: A
link to a greeting card that appears to be sent by a friend..."
"But clicking on the link can place porn images on a desktop
, download a barrage of x-rated ads, or send similar e-cards
to those listed in Outlook's address book..."
More on this story at:
http://www.cnn.com/2002/TECH/ptech/10/28/security.net/index.html
PCWorld: PayPal Users Targeted by E-Mail Scam -- Again
Story Highlights: "Users of online payment service PayPal
have again been targeted by scam artists trying to steal their
personal data , including name, address, home and work telephone
numbers, and credit card information..." "Last week,
a reader e-mailed 'Computerworld' saying he had received a message
allegedly from 'CustomerService@paypal.com' with the subject
'PayPal Security Update.' Last month, PayPal users were hit
by a similar scam..."
More on this story at:
http://www.pcworld.com/news/article/0,aid,106412,00.asp
Bill Could Jail Hackers for Life
Story Highlights: "A last-minute addition to a proposal
for a Department of Homeland Security bill would punish malicious
computer hackers with life in prison...""The U.S.
House of Representatives on Wednesday evening voted 299 to 121
to approve the bill, which would reshape large portions of the
federal bureaucracy into a new department combining parts of
22 existing federal agencies, including the Secret Service,
the Coast Guard, and the FBI’s National Infrastructure
Protection Center..."
More on this story at:
http://www.msnbc.com/news/834875.asp
October 2002
BugBear Tops Virus Charts as Klez Refuses To Die
"The nasty BugBear worm finally displaced the irksome Klez-H
as the most common virus circulating on the Internet this
month..." "That's according to monthly statistics
from managed services firm. MessageLabs, which show it blocked
576,286 copies of BugBear over the last four weeks..."
More on this story at:
http://www.theregister.co.uk/content/56/27876.html
New Virus Spreads via E-Mail and File-Sharing Networks
ABC News Story Highlights: "There's another new virus on
the loose, only this one poses as a fix for other viruses and
spreads on popular peer-to-peer (P2P) file sharing networks..."
"The Merkur worm is a Visual Basic script that spreads
through file sharing networks such as KaZaA, Bearshare and eDonkey,
as well as through mIRC, an Internet Relay Chat program..."
More on this story at:
http://abcnews.go.com/sections/scitech/TechTV/
CNN: E-Mail Greeting Card Hides Porn
Story Highlights: "The e-mail looks harmless enough: A
link to a greeting card that appears to be sent by a friend..."
"But clicking on the link can place porn images on a desktop
, download a barrage of x-rated ads, or send similar e-cards
to those listed in Outlook's address book..."
More on this story at:
http://www.cnn.com/2002/TECH/ptech/10/28/security.net/index.html
PCWorld: PayPal Users Targeted by E-Mail Scam -- Again
Story Highlights: "Users of online payment service PayPal
have again been targeted by scam artists trying to steal their
personal data , including name, address, home and work telephone
numbers, and credit card information..." "Last week,
a reader e-mailed 'Computerworld' saying he had received a message
allegedly from 'CustomerService@paypal.com' with the subject
'PayPal Security Update.' Last month, PayPal users were hit
by a similar scam..."
More on this story at:
http://www.pcworld.com/news/article/0,aid,106412,00.asp
Stop the Spam, Cry Spammers
Spam has become so bad in the United States that even advertisers
have admitted that restrictions are needed. The Direct Marketing
Association, which once opposed any federal anti-spam legislation,
says it will now lobby for federal and state laws to control
the growth of million-message batches of e-mail...
http://www.vnunet.com/News/1136270
Filtering Tools Offer Hope Against Spam Onslaught
There is finally a small glimmer of hope for suffering electronic
mail users, many of whom are slowly drowning in a giant vat
of spam. Filtering tools that block unsolicited e-mail are becoming
widely available and, while far from perfect, are good enough
to reduce torrents of spam to a somewhat tolerable trickle...
See the Full Story:
http://www.newsfactor.com/
MSNBC: 'Bugbear' Worm Threat Level Raised
Story Highlights: "BugBear is apparently biting. Most antivirus
firms on Wednesday raised their threat assessment of the new
computer worm, which was discovered on Monday morning..."
"Bugbear packs a treacherous payload: it installs a keylogger
on infected systems, so it can watch everything a victim types
and steal information like passwords and account numbers..."Full
Story on MSNBC
More on this story at:
http://www.msnbc.com/news/
The Register: Help! MS Issues Another Critical Security
Fix
Story Highlights: "Microsoft has released a patch to fix
critical flaws within Windows Help Facility which could enable
attackers to execute arbitrary code on a victim's PC..."
"The HTML Help facility in Windows includes an ActiveX
control which provides much of its functionality..."Full
Story on The Register
More on this story at:
http://www.theregister.co.uk/content/
The Register: Klez-H Enjoying Its Final Days of Infamy?
Story Highlights: "The nasty BugBear worm made a race for
infamy at the end of the month, but that old favourite Klez-H
still made it to the top of the virus charts last month..."
"That's according to monthly statistics from managed services
firm MessageLabs, which stopped 576,100 copies of the viruses
in September. It's the fifth month in a row Klez-H has topped
the chart..."Full Story on The Register
More on this story at:
http://www.theregister.co.uk/
CNN: Busboy: I Stole IDs of Rich Via Web
Story Highlights: "A restaurant busboy pleaded guilty Thursday
to stealing the identities of more than 200 wealthy American
celebrities and executives in a bid to loot their bank accounts..."
"But he told the court he acted out of a sick compulsion,
not greed..."
More on this story at:
http://www.cnn.com/2002/TECH/10/04/
Wired: Hackware Author Arrested - Maybe
Story Highlights: "When Scotland Yard jubilantly announced
the arrest of a London-based malware author nicknamed Torner
last month, most Internet users probably drew a blank..."
"But to Teresa Hall and a group of other system administrators
and Internet users, Torner was public enemy No. 1..."
More on this story at:
http://www.wired.com/news/technology/
Microsoft Discloses Security Flaws
Microsoft has warned that a security flaw in the help tool of
most versions of the Windows operating system could allow a
hacker to take control of a user's PC. In its security bulletin,
the company rated the security flaw as "critical"
and recommended that users install an available patch immediately...
See the Full Story:
http://www.newsfactor.com/
ABCNews: Scammers Target PayPal
Story Highlights: "Users of the online payment service
PayPal have been hit with two scams to steal passwords, and
ultimately cash..." "PayPal has taken steps to fight
the scams, but critics say the company should have warned its
users more thoroughly to never release password information..."
More on this story at:
http://abcnews.go.com/sections/
ComputerWorld: Online Payment Service PayPal Hit by
Scam
Story Highlights: " During the past two weeks, online payment
service PayPal Inc. has been targeted by scam artists trying
to get the personal information of its users, including credit
card data, user names and passwords..." "On Sept.
16, an unsophisticated scam e-mail, slugged 'PayPal Verification,'
was sent requesting users to log into their PayPal accounts
'asap' to confirm they were still active users of the service..."
More on this story at:
http://www.computerworld.com/securitytopics/
The Register: U.S. P2P Hacking Bill Draws Support, Critics
Story Highlights: "US lawmakers last week sat down with
proponents and opponents of a controversial bill that would
allow copyright holders to use techniques critics compare to
'hacking' to prevent content being pirated on peer-to-peer networks..."
"At a hearing of the House Judiciary Committee's Subcommittee
on Courts, the Internet and Intellectual Property, a senior
record industry executive and the bill's sponsors argued that
the bill is the best way to stop P2P being used to pirate, while
a public domain lobbyist said the bill was too vague and potentially
dangerous..."
More on this story at:
http://www.theregister.co.uk/
PCWorld: Hole in Open Souce File Viewers Lets Hackers
In
Story Highlights: "A security flaw in commonly distributed
file-viewing programs may make it possible for attackers to
use Adobe Systems PDF and PostScript files to run malicious
code on machines using the Unix or Linux operating systems..."
"The open source viewing programs, named gv, kghostview
and ggv, are used to view PDF and PostScript files and are commonly
packaged with popular versions of the Linux operating systems
including those by Red Hat and the Debian Project, as well as
common flavors of Unix such as those by Sun Microsystems..."
More on this story at:
http://www.pcworld.com/news/article/
Amazon To Tune Privacy Policy
Two years after it angered privacy advocates by altering its
privacy policy, Amazon.com has told a group of state attorneys
general that it will change the guidelines again to make them
more consumer-friendly...
See the Full Story:
http://www.newsfactor.com/
September 2002
New Kazaa Could Ignite More Controversy
The owner of the widely used Kazaa file-swapping software, Sharman
Networks, has launched a significantly expanded version of its
controversial P2P (peer-to-peer) application. Additionally,
the company has signed an agreement with a European Internet
service provider that will actively promote Kazaa. Users have
downloaded the previous version of Kazaa about 119 million times,
according to Sharman. The program enables users to download
digital media files of all kinds from the hard drives of other
Kazaa users. Billions of audio, video and other files have been
downloaded by users scattered around the world. The new version
includes a search tool that allows users to search for ordinary
Web pages. P2P industry observers noted that this utility could
mean Web surfers will spend more time using Kazaa. In conjunction
with the launch of this feature, Sharman Networks will begin
selling keywords to Web merchants and others who want to promote
their goods and services by displaying them prominently in Web
search results. The new Kazaa also includes a playlist tool
that enables users to download entire albums as easily as they
previously downloaded single songs.
http://www.ecommercetimes.com/
New Kazaa Could Ignite More Controversy
The owner of the widely used Kazaa file-swapping software, Sharman
Networks, has launched a significantly expanded version of its
controversial P2P (peer-to-peer) application. The updated version
includes a playlist tool that enables users to download entire
albums as easily as they previously downloaded single songs...
See the Full Story:
http://www.newsfactor.com/p
Wired: How a Bank Got E-Mail Scammed
Story Highlights: "Ann Marie Poet's new business partner
called himself Dr. Mbuso Nelson, and said he was an official
with the Ministry of Mining in South Africa..." "Nelson
popped into Poet's life out of nowhere one day, offering to
pay $4.5 million to the 59-year-old secretary for her assistance
in transferring $18 million from a bank in South Africa to the
United States..."
More on this story at:
http://www.wired.com/news/
ZDNET: When Is Hacking a Crime?
Story Highlights: "Kevin Finisterre admits that he likes
to hew close to the ethical line separating the 'white hat'
hackers from the bad guys, but little did he know that his company's
actions would draw threats of a lawsuit from Hewlett-Packard..."
"This summer, the consultant with security firm Secure
Network Operations had let HP know of nearly 20 holes in its
Tru64 operating system. But in late July, when HP was finishing
work to patch the flaws, another employee of Finisterre's company
publicly disclosed one of the vulnerabilities and showed how
to exploit it..."
More on this story at:
http://zdnet.com.com/
How Secure Is E-Commerce?
Most e-commerce transactions currently are secured by a technology
that encrypts data exchanges over the Internet. While this technology
is generally viewed as effective, an increasing number of vulnerabilities
and other issues have cropped up...
See the Full Story:
http://www.newsfactor.com/
Fighting Back: Dissatisfied Online Shoppers Take Action
Peeved consumers who claim online auction sites are unresponsive
to fraud are increasingly taking matters into their own hands.
These cyber vigilantes are filing more police reports, attempting
more often to track down merchants on their own, and putting
up more Web sites to warn others of merchants they say are unscrupulous...
See the Full Story:
http://www.newsfactor.com/
The Register: MS Silently Fixes Password Sniffing Bug with XP
SP1
Story Highlights: "Keystrokes, including passwords, can
be sniffed when using Windows Terminal Server or the XP remote
control feature..." "MS has rolled a fix silently
into SP1 without making any public statement on this serious
problem..."
More on this story at:
http://www.theregus.com/
Washington Post: A Short History of Computer Viruses
and Attacks
Story Highlights: "1945: A moth is found trapped between
relays in a computer operated by the U.S. Navy. From then on,
problems with computers are referred to as 'bugs,' and the process
of removing them is called 'debugging...'" "1949:
Hungarian scientist John von Neumann (1903-1957) devises the
theory of self-replicating programs..."
More on this story at:
http://www.washingtonpost.com/wp-dyn/
ABCNews: Date Rape Drug Sweep
Story Highlights: "Attorney General John Ashcroft announced
a major crackdown on Internet drug traffickers today, disclosing
that 115 dealers of the 'date rape' drug GHB had been arrested
in 84 cities in the United States and Canada..." 'This
takedown is a dose of harsh reality for drug traffickers who
seek to exploit the vast markets and anonymity of cyberspace,'
Ashcroft said..."
More on this story at:
http://abcnews.go.com/sections/scitech/
Web Ads, From Roach To Rich
You might hope that pop-up ads go the way of Pets.com and other
doomed dot-coms, six feet under in the Internet graveyard. But,
alas, pop-ups appear destined to survive, because some advertisers
say the darned things work.
by Leslie Walker
http://www.washingtonpost.com/
Groups Say Microsoft Is Violating Antitrust Deal
http://www.washingtonpost.com/
Richard M. Smith, cybersecurity consultant - from an
open on line discussion
http://discuss.washingtonpost.com/
Cybersecurity and You: Five Tips Every Consumer Should
Know
http://www.washingtonpost.com/
A Cybersecurity Primer: Links and Resources for Computer
Users
http://www.washingtonpost.com/
A Short History of Computer Viruses and Attacks
http://www.washingtonpost.com/
Key Players in U.S. Government's Cybersecurity Efforts
http://www.washingtonpost.com/
Bank of America, Wells Fargo Sue CA Counties Over Opt-In
Privacy Laws
Bank of America and Wells Fargo jointly filed a federal lawsuit
on September 10, 2002 against San Mateo County and Daly City
over new financial privacy laws. Both the County and Daly City
recently passed ordinances that would require banks to get customers'
permission before disclosing personal information to a third
party (opt-in). The banks are seeking court injunctions that
would block both local ordinances from taking effect January
1, 2003. "Their lawsuit is not going to work," said
San Mateo County Supervisor Mike Nevin, who championed the County
privacy ordinance. "We're on solid legal ground."
Wells Fargo spokeswoman Donna Uchida called the recently adopted
privacy laws "unfair" because loopholes will make
some financial institutions exempt. Uchida also said the laws
dip into areas covered under federal banking regulations. The
County has 20 days to respond to the banks' legal attack and
could seek a dismissal of the case in the courts. Daly City's
city attorney, Stanley Gustavson, said the city would also defend
its new privacy law, which is similar to the County's. "The
purpose of the ordinance is laudable," Gustavson said.
Prior to adopting the privacy ordinances, County Supervisors
and Daly City lawmakers attempted to hammer out a compromise
with banks on the proposals. The banking industry recently spent
millions lobbying California legislators to defeat a privacy
bill authored by state Sen. Jackie Speier. Despite the lawsuit,
both Bank of America and Wells Fargo insist they do not share
customer information with third parties. "We're absolutely
committed to protecting the privacy of our customers,"
according to Uchida. Other counties around the state have shown
interest in passing local consumer privacy laws, including San
Francisco, Alameda, Contra Costa and Los Angeles counties.
http://www.sanmateocountytimes.com/
NY Survey Firm Sued by State AG for Misleading Students,
Selling Data
The state of New York sued a high school surveying firm for
allegedly tricking students into providing names and other personal
information for sale to direct marketers on a broad scale. The
state AG's office described the move as the first salvo in a
broader investigation of student privacy intrusion. The AG's
office charged that Student Marketing Group Inc. set up a nonprofit
front, the Educational Research Center of America, to deceive
teachers and students. Educational Research distributed a survey
that collected personal data - including addresses, age, gender,
religious affiliation, grade point average and career interests
- from 90,000 students in the state in the past two years and
hundreds of thousands more nationwide. Teachers and students
were told that the information would be provided to colleges
and universities to help students gain admission and financial
aid. However, the data were sold not only to colleges but also
to direct marketers of credit cards, magazines, music videos,
cosmetics and other products, the state charged in its lawsuit
filed in state Supreme Court in Manhattan. New York AG Eliot
Spitzer, who is seeking both damages of $500 per mailing and
a court order barring Student Marketing Group from using the
data, said students were given "absolutely no intimation"
that their responses would be sold commercially. Spitzer said
his office is participating with other state AGs in an investigation
of "larger entities" engaging in similar practices.
Source:
"New York State Sues Survey Firm For Allegedly Tricking
Students,"
Daniel Golden, The Wall Street Journal, 08/30/02.
Consumer Groups Petition FTC to Toughen Stance on Spam
On September 4, 2002, in a formal petition, three consumer groups
urged the FTC to issue new rules expanding its definition of
unfair and deceptive trade practices to combat unsolicited bulk
commercial e-mail (spam). The Telecommunications Research and
Action Center, the National Consumers League and Consumer Action
called on the FTC to include in its definition of unfair and
deceptive trade practices the misrepresentation of a commercial
e-mail's sender, subject or content; failing to provide reliable
contact information or a reliable opt-out system; or sending
e-mail to someone who previously opted-out or to whom sending
spam is otherwise prohibited by law. The FTC currently focuses
on combating fraudulent claims made within unsolicited commercial
e-mail. "Spam is not one of those things market forces
will correct magically on its own," said Ken McEldowney,
executive director of Consumer Action. Increasing amounts of
spam may cause consumers to "turn their backs on the enormous
education power of the Web," McEldowney said. As part of
the effort, the groups posted the petition at BanTheSpam.com
and urge consumers to submit spam "horror stories"
to be forwarded to the FTC as evidence that increased action
is needed. According to Susan Grant, vice president of public
policy at the National Consumers League, 21% of bogus loan offers,
24% of work-at-home schemes, 28% of phony credit card offers,
36% of business-opportunity scams, and nearly all of the so-called
Nigerian money scams are initiated by unsolicited e-mail. In
response, the FTC issued a statement from J. Howard Beales,
director of the Commission's bureau of consumer protection.
"The FTC is concerned about the proliferation of spam affecting
consumers, and we look forward to reviewing the petition,"
Beales said. "In every spam proposal we have seen, vigorous
law enforcement is key."
Source:
"Consumer Groups Unite in Call for New FTC Spam Rules,"
Ken Magill, DM
News, 09/05/02.
http://www.dmnews.com/cgi-bin/
Bill Requiring Federal Agencies to Gauge Privacy Impact
Passes House Committee
The House Judiciary committee on September 10, 2002 approved
the Federal Agency Protection of Privacy Act, a bill that would
require federal agencies to take privacy more seriously. The
committee approved the bill by voice vote, which means it goes
to the full House for a possible floor vote within the next
month. Authored by Rep. Bob Barr (R-GA), the bill requires federal
agencies to prepare and publish a "privacy impact analysis"
of any proposed regulation. Because it would not actually prohibit
privacy-intrusive proposals, it is seen as a modest proposal
that enjoys support from both Republicans and Democrats. "Americans
deserve to know how government regulations will impact their
personal privacy, and this legislation reforms the regulatory
process to make sure that occurs," Barr said after the
vote. "This bill will not only make the federal government
more accountable to the American people, but it will also serve
to slow the growing erosion of citizens' privacy rights."
The measure would permit Americans who are "adversely affected"
by agencies that did not prepare privacy impact statements to
sue for relief in federal court. It does not apply to private
firms or state and local government agencies. A Barr aide said
the bill was expected to go to the House floor for a vote before
a scheduled adjournment in early October 2002. Sen. Max Cleland
(D-GA) has introduced a similar bill in the Senate, but no hearings
have been held so far. Barr lost in the Republican primary last
month but plans to stay involved in the nationwide debate over
privacy.
Source:
"Bill Urges Rules for Policing Privacy," Declan McCullagh,
CNET
News.com, 09/10/02.
http://news.com.com/2100-1023-957419.html
August 2002
DoubleClick to Open Cookie Jar
By Joanna Glasner | Also by this reporter Page 1 of 1
02:00 AM Aug. 27, 2002 PT
For years, ad-serving cookies have crept about the Web like
silent, virtual stalkers -- tracking surfers as they hop from
site to site in the name of targeted marketing.
Now, Net users may finally get a glimpse of some of the data
such tracking applications collect.
http://www.wired.com/news/business/0,1367,54769,00.html
DoubleClick Adopts Privacy-Friendly Policies in $450,000
Settlement with State AGs
In order to ward off an investigation into its privacy practices,
online ad provider DoubleClick agreed on August 26, 2002 to
adhere to stiff privacy restrictions and to pay a $450,000 settlement.
The 30-month investigation, by attorneys general (AGs) from
10 states, peered into DoubleClick's practices of gathering
Web users' personal information and surfing habits. DoubleClick,
which sells its services to advertisers and major Internet sites,
deposited unique "cookie" files on a user's computer
that tracked the machine's online travels, allowing the company
to display Web ads tailored to a person's shopping and surfing
preferences. Under the settlement, DoubleClick will adopt privacy-related
restrictions that include giving consumers access to their online
profiles, verifying its compliance with the agreement, and paying
$450,000 for states' investigative costs and consumer education.
Additionally, Web sites that allow DoubleClick to profile its
visitors must disclose DoubleClick's activities in the site's
privacy policy. "These rules go beyond normal U.S. Internet
privacy practices into strong privacy," said Ari Schwartz
of the Center for Democracy and Technology. "This sends
a message to other companies that are into advertising online.
These are rules they'll have to take into account." Schwartz
said. New York AG Eliot Spitzer, whose office led the probe,
said the settlement could help rebuild confidence in e-commerce.
"When an online contractor can invisibly track nearly every
online consumer, consumers deserve to know the privacy cost
of surfing the Web," Spitzer said. AGs from Arizona, California,
Connecticut, Massachusetts, Michigan, New Jersey, New Mexico,
Vermont and Washington also took part.
Source:
"DoubleClick Changes Ad Policy," Jim Krane, The Associated
Press,
08/26/02.
Ziff Davis Media Will Pay $100,000 Settlement for Security
Breach
Ziff Davis Media Inc. agreed on August 28, 2002 to pay three
states a total of $100,000 after an Internet security breach
that exposed the personal information of thousands of magazine
subscribers online, New York AG Eliot Spitzer announced. The
publishing company also must pay $500 to each U.S. customer
who provided credit card information while the data was exposed,
totaling about $25,000. "There were some problems with
unauthorized charges and people who had to cancel credit cards,''
said Julie Brill, an assistant AG in Vermont. "We felt
consumers needed to be compensated in some manner. We're hoping
nobody lost any money at all, but they had to spend time to
deal with the problem.'' California is the third state involved
in the settlement. The New York-led investigation stemmed from
a magazine promotion Ziff Davis ran in November 2001 on its
Electronic Gaming Monthly Web site. Insufficient online security
allowed anyone surfing the Internet to access about 12,000 subscription
orders for the magazine, one of nine the company publishes.
Only 50 of those subscribers paid by credit card. Five people
reported that someone used that data to fraudulently charge
items, such as computer software, to their accounts, said Spitzer
spokeswoman Juanita Scarlett. "The company's privacy policy
promised reasonable security, but it was not effective in this
case,'' Spitzer said. "With identity theft on the rise,
consumers expect online businesses to recognize the sensibility
of personal contact and credit card information and to take
reasonable measures to protect that information.'' The information
remained easily available for about a month, until "good
Samaritans'' who viewed the material alerted subscribers via
e-mail, Scarlett said.
Source:
"Ziff Davis Agrees to Pay Settlement," The Associated
Press, 08/28/02
Fax.com and Cox Communications Face $2.2 Trillion Lawsuit
for Junk Faxes
A coalition of California activists filed a $2.2 trillion set
of lawsuits against fax marketer Fax.com on August 22, 2002,
saying millions of "junk faxes" are clogging the nation's
fax machines, jamming communications and possibly endangering
lives. The suits, filed in both California state and federal
court, seek class action status and punitive damages against
privately held Fax.com, its telecommunications provider, Cox
Business Services, a division of Cox Communications Inc., and
Fax.com's advertisers. The lawsuits accuse all the named companies
of violating federal laws prohibiting "junk" faxes.
Mark Zielazinski, chief information officer at El Camino Hospital
said they have been bombarded with junk fax advertisements sent
by computer "war dialing" programs that can target
numerous fax machines simultaneously. "We have between
80 and 100 different fax machines in the hospital. In one fax
machine which we monitored for a period of about four months
we received over 500 junk faxes." Fax.com's president,
Kevin Katz, said the suit was aimed at intimidating his company's
customers. He also said the suits ignored the public service
Fax.com performs by mass faxing missing children alerts. However,
in a decision earlier this month, the Federal Communications
Commission proposed fining Fax.com $5.38 million for sending
unsolicited advertisements by fax, the largest fine ever proposed
for such a violation. The activists will seek a minimum statutory
remedy of $500 per fax from every advertiser who used Fax.com
to send out unsolicited advertisements over the past four years
and treble damages of $1,500 per unsolicited fax from Fax.com
and Cox Communications.
Source:
"Lawsuits Seek $2.2 Trillion over 'Junk' Faxes," Andrew
Quinn, Reuters,
08/22/02.
Judge Rules Web Tracking Firm Pharmatrak Did Not Violate
Privacy Laws
A federal court has ruled that Pharmatrak Inc., a now-defunct
company that tracked visits to pharmaceutical company Web sites
using "cookies" and "Web bugs," did not
violate federal wiretap, computer hacking or privacy statutes.
The August 13, 2002 ruling by Judge Joseph L. Tauro of the U.S.
District Court for Massachusetts found in favor of Pharmatrak
and its pharmaceutical clients, including Pfizer Inc., Pharmacia
Corp. and American Home Products. Pharmatrak went out of business
shortly after the first individuals filed lawsuits against the
company in Massachusetts in August 2000, said Seymour Glanzer,
who represented Pharmatrak. Other plaintiffs filed complaints
in New York, and the suits were consolidated in the Massachusetts
district in June 2001. The plaintiffs alleged that Pharmatrak
and its clients "secretly intercepted and accessed Internet
users' electronic communications with various health-related
and medical-related Internet Web sites" and collected information
about visitors' Web browsing habits without their knowledge
or consent. Pharmatrak offered a product called "NETcompare"
that allowed drug company clients to gauge monthly Web site
traffic and track browsing activity. The company maintained
that it did not collect "personally identifiable information."
"It is possible that many individual users were unaware
that, in addition to their browser communicating with a pharmaceutical
defendant's Web site, it was also communicating with Pharmatrak,"
Judge Tauro wrote. But in granting defendants' motion for summary
judgement, the court held that there was no evidence to support
the plaintiffs' allegations. Glanzer said the decision reflects
"an important legal milestone in that, hopefully, (it)
will act as a deterrent to the initiation of lawsuits of this
kind that do not advance privacy rights at all."
Source:
"Web Tracking Firm, Drug Makers Win Privacy Lawsuit,"
Karen Pallarito,
Reuters, 08/22/02.
http://story.news.yahoo.com/
July 2002
Woman Files Privacy Lawsuit After Receiving Prozac
Sample in Mail
A Florida woman who received an unexpected trial pack of once-a-week
Prozac in the mail filed suit on July 1, 2002 against her doctors,
the Walgreen Company pharmacy chain and drug manufacturer Eli
Lilly & Company for invading her privacy and other alleged
violations of Florida law. "I found it appalling and frightening
to receive free samples of a very powerful medication by mail
when I didn't know the package was coming," said the woman,
identified as 'S.K.' in the suit. Attorney Gary Farmer Jr. said
the privacy issue comes to the forefront because other people
could have access to the package and accompanying literature
and deduce the kind of illness the recipient has. S.K. had not
taken Prozac in seven years and never had a prescription for
it in Florida. Accompanying the sample was a letter from her
doctors, which read, in part: "We are very excited to be
able to offer you a more convenient way to take your antidepressant
medication. For your convenience, enclosed you will find a FREE
one-month trial of Prozac Weekly." According to Michael
Polzin of Walgreens, "We filled an actual prescription
for the Prozac and used coupons given to us by Eli Lilly to
get paid." Polzin would not disclose how much Lilly sends
Walgreens for each four-pack of Prozac capsules. However, Farmer
said that his client was not aware that a prescription had been
written, and he could not find any record of such a prescription
in her records maintained at Holy Cross Medical Group. The Florida
AG office is currently investigating whether Lilly violated
the state's unfair-trade law and will forward the case to the
Florida Board of Medicine. The patent for Prozac expired in
2001 and weekly Prozac was developed as an easier dosing regimen
to help bolster sales in the face of generic competitors.
Sources:
"Free Sample of Prozac Triggers Privacy Lawsuit,"
Glenn Singer, Sun-Sentinel, 7/02/02.
http://www.sun-sentinel.com/business/
"Florida Probes Lilly's Mailings of Prozac Samples to Patients,"
Thomas M. Burton, The Wall Street Journal, 7/08/02.
Lilly Settles with State AGs Over Prozac E-Mail that
Revealed Addresses
Eight states will divide $160,000 in a settlement with Eli Lilly
and Company over allegations the drug maker unintentionally
released e-mail addresses of more than 600 people taking Prozac.
Lilly settled a suit over the matter with the Federal Trade
Commission (FTC) January 2002, promising better safeguards.
It was the first time the FTC had prosecuted an unintentional
violation of a Web site's privacy policies. On July 25, 2002,
Massachusetts Attorney General Thomas Reilly said the company
would pay $160,000 to Massachusetts and seven other states:
California, Connecticut, Idaho, Iowa, New York, New Jersey and
Vermont. The people taking Prozac had signed up at a Lilly Web
site for an automated e-mail reminding them to take their dose
of the company's anti-depressant. In June 2001, an e-mail announcing
the end of the service included the e-mail addresses of all
669 subscribers. The agreement did not specify how the money
would be divided. Sarah Nathan, a spokeswoman for Reilly, said
those whose e-mail addresses were released would not get restitution
because the states do not know their names and do not want them
brought to light again. "As we have said from the onset,
Lilly sincerely regrets that one of our employees made a mistake,
which resulted in the disclosure of individual e-mail addresses
to all subscribers of our Medi-Messenger service," Lilly
said in a statement. "As a result, we promptly put into
place additional measures to prevent it from ever happening
again." Those measures include appointing a director of
global privacy, periodic reporting to the FTC, and new security
measures that "place personal information from our customers
in an environment as secure as Lilly's trade secrets."
Source:
"States Settle with Lilly on E-Mail," The Associated
Press, 07/25/02. http://www.computerworld.com/securitytopics/l
FCC Allows Opt-Out for Phone Companies' Affiliate Sharing
of Customer Info
According to rules adopted by the FCC on July 16, 2002, telephone
companies will be allowed to share, without consent, private
customer data with affiliates that offer communications-related
services. Consumers will have to opt-out of having their information
used for marketing purposes, including where, when and to whom
they place calls, and the types of services subscribers use
and how frequently they use them. The FCC left the door open
for companies to use an opt-in approach if they chose, but the
agency refused to mandate that method. However, the agency said
consumers must approve (opt-in) when a telephone company wants
to share their private information with unrelated third parties
or affiliated companies that do not provide communications-related
services. The decision drew a sharp rebuke from Commissioner
Michael Copps, the lone Democrat on the panel, who argued that
companies would be allowed to sell information without customer
consent to the highest bidder who has only the faintest association
with providing telecommunications services. "Everyone should
understand that this decision is neither narrow nor pro-privacy,"
said Copps. "When the stakes for misuse are so high, the
commission should be extraordinarily vigilant." The adopted
rules will replace regulations that were struck down in 1999
by a federal appeals court that found they ran afoul of free
speech rights guaranteed by the U.S. Constitution. Those rules
required carriers to first get consent from customers before
using or disclosing their data. The court also said at that
time that the agency had not fully weighed the opt-out approach.
Source:
"FCC OKs Sharing of Phone Company Customer Data,"
Jeremy Pelofsky,
Reuters, 07/16/02.
http://www.reuters.com/news_article.jhtml
http://www.ispworld.com/Reuters
http://news.cnet.com/investor/news/newsitem/
TRUSTe Introduces Seal to Identify Legitimate Commercial
E-Mail
TRUSTe is fighting spam by launching a program called "Trusted
Sender," which places a seal on e-mail that identifies
the commercial sender as legitimate and one that practices responsible
e-mail marketing. "Complaints about spam are among the
top complaints of consumers. They don't like it when they have
50 to 60 unwanted messages to delete," says Fran Maier,
executive director of TRUSTe. The first of the Trusted Sender
labels will begin appearing on e-mail during July 2002, says
Vincent Schiavone, president and chief executive officer of
ePrivacy Group, a computer privacy consulting firm that is working
with Truste on the program. The aim of the Trusted Sender program
is to supplement the technology of blocking spam by getting
e-mail senders to agree to a code of conduct. "Technology
alone doesn't work. You need policies and standards and procedures,"
says Schiavone. An e-mail sender earns the Trusted Sender label
if it accurately identifies itself, the topic of the e-mail,
and the actual address from which it was sent. The sender should
also have honest policies for allowing recipients to remove
themselves from the e-mailing list. TRUSTe will act as a trusted
third party between e-mail sender and recipient, verifying consumer
preferences for e-mail and mediating disputes with consumers
regarding unsolicited e-mail they want stopped. Shinya Akamine,
president and CEO of Postini, an e-mail management service for
enterprise customers, says Trusted Sender is a good idea and
may get some legitimate e-mail marketers to subscribe to make
sure their legitimate messages get through. But Akamine doubts
that the truly nefarious spammers would join the program. "The
nasty companies who are selling the herbal remedies or the low-rate
mortgages are not going to join. And consumers are not being
spammed by American Express or The Gap."
Source:
"'Trusted Sender' Seal Aims to Weed out the Honest E-Mails
from Spam,"
Robert Mullins, Silicon Valley/San Jose Business Journal, 07/19/02.
http://sanjose.bizjournals.com/sanjose/stories/
U.S. Appeals Court Rejects TransUnion Challenge of
FTC Privacy Regulations
On July 16, 2002, the U.S. Court of Appeals for the District
of Columbia Circuit ruled in favor of a decision upholding federal
regulations on the privacy of consumers' financial information.
The decision affirmed a lower court ruling that favored the
rules issued by the Federal Trade Commission (FTC) to implement
the privacy provisions of the 1999 GLB Act. GLB restricts dissemination
of personal data. In a challenge, TransUnion, a credit reporting
agency (CRA), argued the regulations unlawfully restricted a
CRA's ability to disclose and re-use certain consumer data.
The company contended the regulations' limits on re-use of data
were inconsistent with the 1999 law. It also contended the regulations'
definition of the statutory term "personally identifiable
financial information" was too broad. In 2001, a U.S. district
judge rejected the challenge and affirmed the FTC's rules. The
appeals court upheld that decision. "While the FTC could
have defined 'financial' more narrowly, the meaning it chose
is nevertheless a permissible one," the appeals court said.
TransUnion expressed disappointment with the appeals court decision.
"We believe there are genuine benefits to consumers and
businesses from the free flow of information," said Clark
Walter, a company spokesman. "But the court has spoken.
This decision will have no impact on TransUnion's business because
we have discontinued the use of credit header data in products
and services." (Identifying information, such as names,
addresses, Social Security numbers, and phone numbers, is known
as "credit header" data. The information is located
at the top of a credit report.) Nevertheless, Walter said, there
will be an effect from the ruling because credit headers "form
the backbone of products that perform many socially beneficial
uses."
Source:
"U.S. Appeals Court Upholds Government Rules On Personal
Data," Dow
Jones, 07/16/02.
FTC Charges Two in Telemarketing Fraud Scheme
A federal district court has ordered a temporary halt to an
Arizona-based telemarketing operation which, according to the
FTC, has used deceptive and unfair practices to bilk consumers
across the country out of millions of dollars. The FTC has alleged
that two individual defendants, Harvey Sloniker and Tye Sloniker,
telemarketed non-existent products and services through a maze
of interrelated companies. At the Commission's request, the
court froze the defendants' assets and appointed a temporary
receiver pending a hearing on the FTC's motion for a preliminary
injunction. The complaint, filed in the U.S. District Court
for the District of Arizona, alleges that since at least 1998,
the Slonikers and their various companies have been engaged
in deceptive telemarketing on behalf of a string of third-party
client companies. According to the FTC, the defendants operated
numerous telemarketing boiler rooms known as "contract
rooms" that employed large numbers of telemarketers trained
to deceive consumers. From these contract rooms, the FTC alleged,
the defendants sold non-existent credit cards and bogus identity
theft and telemarketing fraud protection services to consumers
for hefty advance fees. The complaint alleges, in part, that
these actions violated the FTC Act and the Telemarketing Sales
Rule. According to the complaint, the defendants are not affiliated
with any banks, financial institutions or consumer protection
agencies, and no consumers ever received the promised credit
cards or the promised bonus products or services.
Source:
"FTC Files Suit Against Massive Telemarketing Fraud Operation,"
The Federal Trade Commission, 07/18/02.
http://www.ftc.gov/opa/2002/07/slonikers.htm
Washington State Files Third Suit Under Anti-Spam Law
The state of Washington filed suit July 11, 2002 against two
men under its anti-spam law, an action one privacy advocate
called proof that the state is serious about stanching the flood
of unsolicited e-mail. The suit, Washington vs. Meltzer, alleges
that two Minnesota residents sent e-mails to Washington residents
with subject lines such as "Payment Past Due," "Check
Unclaimed" and "URGENT -- Account Update." In
the "From" field of the e-mails were the phrases "Collection
Department" or "Payment Department." The e-mails
actually sought to sell debt-consolidation services to the recipients.
Those falsehoods and deceptions meant the e-mails violated Washington's
Unsolicited Electronic Mail Act, said the office of Washington
Attorney General Christine Gregoire. "This action serves
as notice to spammers that they could face lawsuits if they
send deceptive messages to Washington consumers," Gregoire
said. The suit is the third filed against spammers by Washington,
which so far is the only state to sue senders of unwanted e-mail,
though fully half the states have anti-spam laws on their books.
The case against Samuel and Adam Meltzer and their companies,
Chippynet.com and Mobydns.com, is seeking $500 for each e-mail
sent to an individual and $1,000 for every e-mail handled by
an ISP under the law, said Assistant State Attorney General
Paula Selis. It is also seeking compensation for damage caused
by sending the spam through an ISP, such as outages that cost
them customers and good will. The total will be determined at
trial, which is set for December 2003, Selis said.
Source:
"The State Goes after Deceptive E-Mailers: Latest Lawsuit
Signals Drive to Stem Flood of Illegal Messages," Dan Richman,
Seattle
Post-Intelligencer, 07/12/02.
EarthLink Wins $24 Million Judgement Against Spammer
EarthLink has won more than $24 million in a claim against a
spammer. However, the company claims the real victory is in
preventing its members from being spammed. EarthLink filed its
claim against Tennessee resident K.C. "Khan" Smith
in August 2001, accusing him of violating federal and state
Racketeering Influenced and Corrupt Organizations (RICO) statutes,
the federal Computer Fraud and Abuse Act of 1984, the federal
Electronic Communications Privacy Act of 1986 and various state
laws. The ISP moved for summary judgment in a federal court,
and the judge ruled in EarthLink's favor after Khan failed to
show up for the hearing or contest the claim. "While we
don't know if we'll recover any monetary damages, for us, the
victory is in being able to take steps that help stop spam,"
EarthLink spokeswoman Carla Shaw said.
Source:
"EarthLink Wins Spammer Suit," Margaret Kane, CNET
News.com, 07/19/02.
http://news.com.com/2100-1023-945148.html
JUNE 2002
Cursor Company's Conduct Cursed
By Brian McWilliams
02:00 AM Jun. 06, 2002 PT
In a last-ditch effort to shake their company's reputation as
a purveyor of spyware, the co-founders of Comet Systems have
thrown themselves into a lion's den of privacy vigilantes.
In recent days, Jamie Rosen and Tom Schmitter have been attempting
to defend the Comet Cursor, their much-maligned free program
for customizing cursors, in an online forum for users of Lavasoft's
Ad-aware, a much-respected free program for removing spyware.
http://www.wired.com/news/privacy/0,1848,52985,00.html
Gator sued over pop-up ads
By Stefanie Olsen
CNET News.com
June 27, 2002, 2:10 PM PT
A group of publishers this week sued the Gator online advertising
network in a bid to bar the company from serving pop-up ads
on their Web sites without their permission.
The suit was filed Tuesday in federal court in Alexandria, Va.
The Washington Post, The New York Times, Dow Jones and seven
other publishers allege that Gator's ads violate their copyrights
and steal revenue.
Redwood City, Calif.-based Gator is "essentially a parasite
on the Web that free rides on the hard work and the investments
of plaintiffs and other Web site owners," according to
the filing. "In short, Gator sells advertising space on
the plaintiffs' Web sites without (their) authorization and
pockets the profits from such sales."
http://zdnet.com.com/2100-1106-940104.html
May 2002
Hotmail Policy Raises Privacy Concerns
New view of Passport data leaves some customers unhappy with
what they see.Tom Mainelli, PCWorld.comFriday, May 17, 2002Hotmail
users can now get a better look at their personal account settings--but
some of the service's estimated 110 million active users may
not like what they find.
http://www.pcworld.com/news/
DoubleClick Receives OK on Privacy Settlement
May 22, 2002 By Christopher Saunders
Over the objections of consumer and privacy advocates, DoubleClick
on Tuesday received court approval to settle state and federal
lawsuits concerning its privacy and data-collection practices.
http://www.atnewyork.com/news/article.php/1143021
Minn. Bill Considers Internet Privacy
Posted on Fri, May. 17, 2002
PATRICK HOWE Associated Press Writer ST. PAUL (AP) -
Minnesota would become the first state to give Internet users
control over whether their service providers disclose or sell
their personal information under a bill headed to the House
and Senate for final votes. Under the bill, service providers
would have to tell Minnesota consumers whenever they plan to
disclose information such as the Web sites a person has visited,
their e-mail or home addresses or telephone numbers. They would
also have to say what the information would be used for. A second
part of the bill follows the lead of about 30 other states that
have adopted rules to try to control unwanted e-mail. It would
require companies sending unsolicited advertisements to include
the letters "ADV" in the subject line of e-mails -
"ADV-ADULT" for material of a sexual nature - to make
it easier to filter out.
http://www.siliconvalley.com/
Spam, Privacy Bills Head to Senate Floor
May 17, 2002
By Christopher Saunders
Two controversial bills aimed at curbing spam and beefing up
consumer online privacy protections are set to proceed to the
Senate for debate, after being approved Friday morning by the
Senate Commerce Committee. As a result of a unanimous Committee
vote, the latest version of S. 630, "Controlling the Assault
of Non-Solicited Pornography and Marketing Act," or CAN-SPAM,
has come closer to becoming law than any other bill aimed at
curbing unsolicited commercial e-mail. At the same time, a divided
Committee also approved S. 2201, "The Online Personal Privacy
Act," the approval of which initially had been challenged
by Republicans. But an agreement by the bill's sponsor, Sen.
Ernest "Fritz" Hollings (D-S.C.), to support CAN-SPAM
evidently lent the bill enough bi-partisan support to continue.
http://www.internetnews.com/IAR/article.php/12_1140761
Congressman set to introduce Web privacy bill
Posted on Mon, May. 06, 2002 WASHINGTON (Reuters) - A U.S. lawmaker
said Monday that he would introduce this week a long-awaited
consumer privacy bill covering Internet commerce. Florida Republican
Rep. Cliff Stearns said he would introduce the measure Wednesday,
nearly nine months after releasing an outline of what the bill
would contain. ``Congress needs to address the American people's
concern with the online and offline collection and use of personal
information,'' Stearns said in a statement.
http://www.philly.com/mld/philly/business/technology/3210263.htm
Online privacy bill under attack
04/26/2002Updated 10:36 AM WASHINGTON (AP) A Senate effort to
limit what businesses can do with information they collect from
customers online is under attack from Internet companies, and
is receiving only tepid support from consumer advocates. The
proposed online privacy legislation, introduced last week by
Sen. Ernest Hollings, D-S.C., who chairs the Senate Commerce
Committee, would require businesses to tell visitors to their
Web sites what information is being gathered about them and
how it will be used. Online businesses would then have to get
consumers' permission before sharing with third parties sensitive
information such as bank accounts, medical information, political
or religious affiliation or Social Security numbers. Anyone
who finds sensitive data was misused and can prove harm can
sue for up to $5,000 for each use of the information.
http://www.usatoday.com/life/cyber/tech/2002/04/26/online-privacy.htm
Hollings Online Privacy Bill Amended and Sent to Senate
Floor
On May 17, 2002, the Senate Commerce, Science and Transportation
Committee (Committee) voted 15-8 to report the Online Personal
Privacy Protection Act of 2002 (S.2201) to the Senate. Before
proceeding with the mark-up, Senator Fritz Hollings, the bills
original sponsor, submitted a Managers Amendment (Amendment)
making several substantive changes to the bill. Even with these
changes, described below, the bill would still impose burdensome
notice and collection obligations on online service providers
and operators of commercial websites providers for all personally
identifiable information.
http://www.crblaw.com/newsarticle.asp?year=2002&file=Hollingsbill.html
Hackers Steal 13,000 Experian Credit Reports
Hackers posing as employees of the Ford Motor Credit Company
have in recent months harvested a trove of 13,000 credit reports
with data on consumers in affluent neighborhoods across the
country. Computer intruders used an authorization code from
Ford Credit to get the credit reports from Experian, one of
three major reporting agencies. "I've never seen anything
of this size," said Donald Girard, a spokesman for Experian.
"Privacy is the hallmark of our business. We're extraordinarily
concerned about the privacy issue here, and the trust factor."
The inquiries gave the intruders access to each victim's personal
and financial information, including address, Social Security
number, bank and credit card accounts and ratings of creditworthiness.
Representatives of Ford Credit said they did not know how the
hackers acquired the code, which was used by the company's office
in Grand Rapids, MI. The intruders focused on addresses in affluent
neighborhoods, often in numeric sequence, said Rich Van Leeuwen,
executive vice president of Ford Credit. The company sent letters
via certified mail to all 13,000 people, urging them to contact
Experian and the two other credit reporting giants, Equifax
and TransUnion, and to report any evidence of abuse to the F.B.I.
The company has also worked with Experian to set up a phone
line to let victims get their credit reports and help them resolve
discrepancies. Although the unauthorized inquiries began in
April 2001, Ford first heard about the problem in February 2002.
Only 400 of the 13,000 victims were customers of Ford Credit.
Girard said that Experian had received 2,700 calls since the
letters started going out in May 2002. "It just shows that
today, even big companies can be victimized," said Girard.
"It's a never-ending struggle against the bad guys."
Source:
"13,000 Credit Reports Stolen by Hackers," John Schwartz,
The New York Times, 05/17/02.
Comcast Sued for Recording Customer Browsing Habits
Comcast is being sued over accusations it violated a federal
privacy law by recording the Web browsing activities of each
of its 1 million high-speed Internet subscribers. On May 21,
2002, lawyer Steven Goren filed a class-action complaint against
Comcast and its cable subsidiary. The suit argues that Comcast
violated the 1984 Cable Act, which prohibits companies from
collecting personal information from customers without obtaining
"prior written or electronic consent." Goren is seeking
attorney's fees plus damages of at least $100 per day for every
Comcast subscriber during the period from December 2001 to February
13, 2002 - the date Comcast pledged to stop the practice. Comcast
started recording each customer's visit to Web sites as part
of a technology overhaul to save money and speed up its network.
The company pledged to stop after a consumer backlash and after
Rep. Ed Markey (D-MA) criticized the tracking in a letter to
Comcast President Brian Roberts. Comcast said it respects the
privacy of its Internet subscribers and "has not in any
way compromised their privacy or linked Internet usage data
to personally identifying information about any specific subscriber."
Comcast has said customers must agree to the company's subscriber
and privacy policies, which give Comcast permission to review
usage information "in aggregate form" to improve its
network speeds. The 1984 law allows cable operators to collect
private information if it can show it needs the information
to operate its service. But outside experts, including the vendor
whose software Comcast was using, said Comcast was recording
more information about the online activities of customers than
necessary for the technology enhancements.
Source:
"Comcast Sued Over Web Recordings," Ted Bridis, Associated
Press, 05/25/02.
http://www.consumerprotection.com/
April |
