— You have Obamail — Regulator, heal thyself — Horse bolted
You have Obamail There’s just so much email account hacking going on… first Sarah Palin, and now Barack Obama. What’s with that?
Regulator, heal thyself We hear from Wellington that the Telecommunications Commissioner, Ross Patterson, is temporarily stepping down from the Commerce Commission due to alcohol-related health issues. Being very appreciative of the openness he has brought to the office, and to this announcement, we wish the good doctor all the best and look forward to having him back in the regulatory trenches soon.
Horse bolted What’s “deeply flawed” and “will not work”, yet is the law of the land now? Section 92A of the new Copyright (New Technologies) Amendment Act of course. Described by Associate Commerce Minister Judith Tizard as a bill that “will maintain the balance between protection, access and use already established in the original Act [that precedes the Amendment]”, the CNTAA instead appears to “undermine the legal rights of Internet users”, according to Ralph Chivers, CEO of the Telecommunications Carriers Forum or TCF. The TCF reaction is understandable, as it is its members that will be the Internet Police from now on. That’s right: ISPs will police their users’ behaviour, and disconnect those found infringing on… what exactly? This is not defined in the amendment, so you and I could be disconnected just like that. Ten days ago, lawyer Rick Shera from Lownes Jordan posted this in a comment on Steven Price’s Media Law Journal blog, summing up how Section 92A is supposed to work: “… my current bete noir in this area is s92A of the Copyright Act, recently introduced by the Copyright (New Technologies) Amendment Act (but not yet in force). It is far worse than the notice and takedown section 92C referred to by Sebastian above. "It is suggested by rights holding organisations that this new section envisages what they refer to as a “three strikes and you’re out” process. So that, after an ISP receives (and matches the IP address to its customer and then logs) three infringement allegations, it is supposed to terminate the alleged infringer’s internet account. Innocent until proven guilty? Yeah right.” The rights holders are the judge and jury, and the ISP the executioner. You have no say in the process. It’s not like Tizard or the MPs who voted for the bill weren’t aware of the madness it contained, as there have been more than enough submissions and media coverage to alert them to it — and it’s hard to believe that they themselves didn’t understand the consequences of the law they wrote. Why then pass the law as it stands? Is this how we should be represented in Parliament? — ICT groups slam 'legislative minefield' of Copyright Act — InternetNZ sees Copyright Amendment Act as a missed opportunity — Hon Judith Tizard: Copyright (New Technologies) Amendment Bill Passes Third Reading
Robert X Cringely
Smoke, mirrors, and Google's privacy policies Hi, my name's Cringely, and I am powerless over my Google addiction. ("Hi, Cringely.") If there actually were a 12-step group called Googler's Anonymous, I think millions of us would join — as long as it wasn't run by Google. Last week, with the grace and solemnity of a god descending to earth to bestow favour upon us puny humans, Google announced changes to its data retention policy: starting next year the search giant would now only hold onto all of your search data and your IP address for 9 months instead of 18 months. And thus the bowing and scraping in the mainstream press began: all hail mighty Google, lord of all data. Except that Surveillance State blogger Chris Soghoian looked a little more closely at what Google actually plans to do, and asked them to elaborate a bit. Here's what they told him: After nine months, we will change some of the bits in the IP address in the logs; after 18 months we remove the last eight bits in the IP address and change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.... It is difficult to guarantee complete anonymization [sic], but we believe these changes will make it very unlikely users could be identified.... We hope to be able to add the 9-month anonymisation process to our existing 18-month process by early 2009, or even earlier. As Soghoian points out, even after Google changes "some of the bits" (ie, one or two numbers at the end), reconnecting the dots between the unique ID Google's tracking cookie drops on your machine and your full IP address is trivial. The announcement was designed to make headlines and appease regulators while doing nothing to release Google's stranglehold on your data. Their solution? Kill your cookies. The Register's Cade Metz quoted an anonymous Google spokesperson (how's that for irony?), who said: "We have focused on IP addresses, because we recognise that users cannot control IP addresses in logs. On the other hand, users can control their cookies.....When a user clears cookies, s/he will effectively break any link between the cleared cookie and our raw IP logs once those logs hit the 9-month anonymisation point. Moreover, we are still continuing to focus on ways to help users exert better controls over their cookies." Of course, clearing your cookies means losing all your log in information or selectively parsing the cookies you want and the cookies you don't want — either option is a total pain. The private browsing modes of the latest generation of browsers may help slightly (though IE8's apparently leaks like a sieve), but only after Google has had its way with your data for more than a year. Maybe it really is time to start a Googler's Anonymous group. Or for Google to make amends for its half-hearted attempts at protecting customer privacy.