Thursday, July 14, 2005

Tackling spam - some freedom of expression problems

Wendy McElroy explains that new US anti-spam / child protection laws could criminalise perfectly ordinary email mailing lists, while attempting to comply with the laws will involve handing a list of recipients over to the government for vetting:
Both Utah and Michigan have created a 'child protection registry' for email addresses that belong to children or to which children have access. It functions like a 'no call list.' Spamfo.co explains, 'Once an email address is on the registry, commercial emailers are prohibited from sending it anything containing advertising, or even just linking to advertising, for a product or service that a minor is otherwise legally prohibited from accessing, such as alcohol, tobacco, gambling, prescription drugs, or adult-rated material.' In short, e-newsletters (such as ifeminists.net) are not permitted to send to registered email addresses if those newsletters include URLs to news sites that, in turn, link to child-inappropriate commerical information or products such as casino or viagra ads, tobacco or alcohol for sale.

Many credible news sources -- especially British ones, it seems -- offer links to adult-themed sites or products. These links can change constantly, which means that it is impossible to check a URL and 'clear' it of so-called objectionable links or ads.

Moreover, e-mailing to registered addresses is illegal even if the newsletter was requested, and the legal penalties for doing so are imposed without notifying the offender so that he/she can rectify the situation. What are those penalties? To quote Prof. Mitchell again, 'Under these laws...that email sender faces strict liability which can include up to 3 years in prison, and fines of $30,000 or more. In addition, ISPs and the individuals whose email addresses are on the registry have a right of action against the sender, as does the state attorney general.'

The only protection is for the emailer to make sure that a particular address is not 'illegal' by matching his/her mailing list against the registries. That process requires at least two things that I am unwilling to do: 1) turn my mailing list over to the government; and 2) pay a per-address fee.
There's more on these new laws from Declan McCullagh at News.com.

Linking as copyright infringement?

From ZDNet Australia:
It took almost two years but major record labels in Australia have finally won a legal battle against a Queensland man and his Internet Service Provider for alleged music piracy.

Stephen Cooper, operator of the mp3s4free Web site, was found guilty of copyright infringement by Federal Court Justice Brian Tamberlin.

Although Cooper didn't host pirated recordings per se, the court found he breached the law by creating hyperlinks to sites that had infringing sound recordings.
More analysis at The Register.

Saturday, July 09, 2005

Your personal information is for sale - Mobile phones edition

The Washington Post reports on the open sale of mobile phone (cell phone) records in the US. Excerpt:
Think your mate is cheating? For $110, Locatecell.com will provide you with the outgoing calls from his or her cell phone for the last billing cycle, up to 100 calls. All you need to supply is the name, address and the number for the phone you want to trace. Order online, and get results within hours.

Carlos F. Anderson, a licensed private investigator in Florida, offers a similar service for $165, for all major telephone carriers.

"This report provides all the calls with dates, times, and duration on the billing statement," according to Anderson's Web site, which adds, "Incoming Calls and Call Location are provided if available."

[...]

Such records could be used by criminals, such as stalkers or abusive spouses trying to find victims.

[...]

"Information security by carriers to protect customer records is practically nonexistent and is routinely defeated," said Robert Douglas, a former private investigator and now a privacy consultant who has tracked the issue for several years.

Experts say data brokers and private investigators who offer cell phone records for sale probably get them using one of three techniques.

They might have someone on the inside at the carrier who sells the data. Spokesmen for the telephone companies said strict rules prohibiting such activity make this unlikely. But Joel Winston, associate director of the Federal Trade Commission's Financial Practices Division, said other types of data-theft investigations have shown that "finding someone on the inside to bribe is not that difficult."

Another method is "pretexting," in which the data broker or investigator pretends to be the cell phone account holder and persuades the carrier's employees to release the information. The availability of Social Security numbers makes it easier to convince a customer service agent that the caller is the account holder.

Finally, someone seeking call data can try to get access to consumer accounts online.
I've written before about similar problems in Ireland.

Thursday, July 07, 2005

Your personal information is for sale - Russian edition

There's a fascinating story in the Globe and Mail about the sale of personal data in Moscow. Excerpt:
"What do you need?" he says. "We have everything."

In Moscow these days, among people who deal in stolen information, the category of everything is surprisingly broad.

This Gorbushka vendor offers a hard drive with cash transfer records from Russia's central bank for $1,500 (Canadian). The information was reportedly stolen by hackers earlier this year and purchased by companies looking for details about their competitors. Such information, the vendor admits, is fairly specialized. A more popular item is tax records, including home addresses and declared incomes. The vendor asks $215.

Russians routinely lie about their earnings to avoid taxes; nonetheless, an increasing number of criminals are relying on pirated tax information to help them choose wealthy targets.

When gunmen broke into the gated home of Mikhail Pogosyan, head of Russian aerospace giant Sukhoi, in a brazen robbery last week, the businessman immediately blamed the proliferation of his personal details on the black market.

"Before, robberies of such people happened very seldom, just by chance," says a Sukhoi spokesman, Alexei Poveschenko. "Criminals preferred not to deal with VIPs, but now it's different. On every corner you can buy a database with all kinds of information: income, telephones, cars, residence registration."

[...]

At the Gorbushka kiosk, sales are so brisk that the vendor excuses himself to help other customers while the foreigner considers his options: $43 for a mobile phone company's list of subscribers? Or $100 for a database of vehicles registered in the Moscow region?

The vehicle database proves irresistible. It appears to contain names, birthdays, passport numbers, addresses, telephone numbers, descriptions of vehicles, and vehicle identification (VIN) numbers for every driver in Moscow.
via Semantic Bits

Wednesday, July 06, 2005

High Court to hear application for disclosure of filesharer's identities

The application for disclosure will be held this Friday (8th July). The hearing is open to the public, so feel free to come along if you're interested in learning more about the privacy / online anonymity / data protection issues.

The case (2005 2014P EMI RECORDS IRELAND LIMITED V EIRCOM LTD) is in the Commercial List so it should be before Mr Justice Kelly in Court 9 (in the main Four Courts building) at 10.30.

From the Irish Times (subscription only):
The High Court was told yesterday that Eircom and BT are not opposing the "substantive" proceedings by four music companies aimed at securing the names of persons who have uploaded thousands of music tracks onto file-sharing networks.

The proceedings could lead to actions for damages being brought against those persons.

Yesterday, while not opposing the action, John Gordon SC for BT Communications Ireland Limited said he wanted to make submissions as to how the court should exercise its discretion regarding the form of order in the case. It is believed those submissions will relate to how the rights of the music companies should be balanced against consumers.

[...]

Mr Gordon said he proposed to file an affidavit by tomorrow for the purposes of assisting the court as to how its should exercise its discretion in the matter.

His client was not opposing the proceedings, but believed the submissions would assist the court in exercising its discretion in the correct manner in relation to how consumers were affected.
Edited to add: ENN reports on this story also.