Worker Privacy: You Have None - The vast majority of U.S. employers monitor workers' internet use, a practice that goes almost completely unregulated. Here's a look at your privacy rights in the workplace. By Joanna Glasner. [Security Blanket]

According to another recent publication in Wired Online Magazine, there is an upcoming debate on the rights of businesses to track the internet and e-mail activities of their employers, whether or not they are “on the clock.” Many times, the employee may not even be aware that supervisors are reading their personal e-mails and monitoring their websurfing. In fact, only two states require that employees be notified if their actions are being tracked.

The idea that someone can be tracked by their employers without knowledge brings back another familiar question: where does the line of privacy end? When the national government is looking to investigate people that are a threat to national security, they are able to track their activities online and else where, but defense of the tracking is for the purpose of an accurate investigation. When someone is being tracked by their employers, and possibly fired for their actions while online, does this infringe on the privacy rights of the employee?

In my opinion, no. If an employee tries to avoid work or procrastinate, surf the web, e-mail friends while not completing their necessary duties at work, they should be fired. With the development of technologies to allow “play time” at work, there should be a certain amount of surveillance to prevent such actions. With modern computers and PDAs with interactive games, an employee can appear to be intently working on a project on their computer while actually shopping for socks online. The idea seems great to employees who don’t want to work, but for the company, there is a possibility of a huge drop in productivity if their employees spend hours surfing the web instead of working. If a company hires someone to fill a certain position or job, pays them for that job, and grants them access to the internet to complete that job, they should be held accountable for completing it to the best of their capacity.

I agree that companies should have the right to monitor the actions of their employees online – but only while the employee is on company time. If for some reason, the employee has to take work home and access certain company intranets or use company laptops, they should not be monitored. At that point, there is a certain amount of privacy that should be granted. Once the employee leaves company time or location, they are on their own personal time that they may or may not use as time to catch up on work. If they do choose to access work data off time, they should not be tracked and should not face consequences for personal use of computers, etc.

On the same principal, an employee should be allowed to blog or chat about their company freely while not on company time. While it may not be a wise decision to speak poorly about your company in any public forum, there is a certain amount of freedom of speech that should be considered. However, once again these blogs should not be posted while on company time.

RFID (radio frequency identification) tags have stirred up quite a bit of controversy and debate. RFID tags are small wireless devices that emit unique identifiers when requested by RFID readers or sensors. Both the government and the private sector are supporting the use of RFID tags for many purposes, from government identification cards to consumer products. The controversy over the proposal to embed RFID chips into United States passports is mainly heated by concerns over privacy and security. Privacy advocates were concerned that passports would reveal a person’s identity without their knowledge or consent. These concerns were applied to other realms such as police surveillance and the ability of stores to identify their customers. In response to the overwhelming amount of negative feedback by the public, the State Department issued new regulations for the RFID passports.

These new regulations contain two features that address the concerns over privacy and security. Criticism and disruption are key aspects to innovation and progress. The government properly accepted this criticism and worked to improve the situation by including a radio shield in the cover of passports, as well as an access control feature, so the passport holder has control over who access the information on the chip. The only feature that the passports lack is a “collision-avoidance system not based on unique serial numbers.” It is important that the criticism continues so that this lack of technical skill illustrated in the collision-avoidance ID can be improved upon. As Schneier says, “The only way to vet its design, and convince us that RFID is necessary, would be to open it up to public scrutiny.”

It is extremely important for these RFID systems to be secure because they will most definitely become increasingly common. Technology only improves, so the increased use of RFID chips and tracking devices is inevitable. Currently, RFID tags are still expensive so they aren’t widely used in consumer products. However, as companies strive for more sophisticated means of tracking products and profiling consumers, the increased demand and production of RFID technologies will decrease prices. The market for RFID tags is rapidly developing, estimated to reach $10 billion annually within the decade. Of course, there should be proper legislation which guarantees that consumers be informed of products with these tracking chips before they buy them.

The use of RFID tags in consumer products may seem alarming, but it would have beneficial aspects and would probably be much more efficient. Manufacturers prefer RFID because the technology offers more convenience and durability than bar codes, and holds more useful information. Businesses using RFID tags claim no interest in gathering information on consumers; they simply want to use the devices to increase efficiency and reduce data entry. RFID tags could be manufactured so that they are eradicated once they leave a store. And without access to a store database that connects the data to a person, it would be hard for law enforcement to obtain personal information about someone based on RFID tags embedded in consumer products. Through proper legislation, privacy could be ensured. Again, this vision of chips embedded into many various things that we use every day may sound alarming, but it is already happening, so there is no stopping it. All we can do is continue to scrutinize its faults, so that it can be improved and used to our benefit and not harm.

Face It: Privacy Is Endangered - A new photo-tagging service uses facial-recognition technology to identify the people in your party pix. When similar systems start crawling the web, we'll all be looking for a change of face. Commentary by Jennifer Granick. [Security Blanket]

With the privacy concerns that is already started to become prevalent as it is easier and easier to find everything about a person online, including their birth certificate (vitalchek.com), credit history (equifax.com), and even background checks that’ll tell stuff like addresses, property ownership, legal judgments, etc. (intelius.com), and of course whatever other random facts you could find on google. This is already bad enough, but now there is this new threat on our already near-extinct notion of having any privacy.

It comes in the form of a new technology that can recognize faces in pictures. This is first being used on a photo-sharing site called Riya, but it can be easily deployed throughout the Internet. So even if you have been careful to keep information about yourself from being easily accessible online, such as not joining facebook.com or keeping your blog anonymous if you have one, you would end up online anyways if people took pictures with you in it, and upload the pictures online. Even if you don’t upload pictures of yourself online it might end up there anyways because of camera-happy friends and acquaintances. So in the future it might be possible to know what a person looks like just by simply googling for them. You would also know who they hang out with, and what places they have been. It is intimate details like this that I don’t what to be spread all around the Internet, and makes me fear about the future of privacy.

Some people might say that this technology would be good for law enforcement, allowing computers to sort through images captured on the cameras that’s becoming increasing ubiquitous over the years, and identify criminals and terrorists. This couldn’t have been possible before because its simply too time consuming for humans to look through that many images and video feeds. But even if the technology is 99 percent perfect at identifying someone, this will still cause thousands of false positives, and greatly inconvenience both citizens and law enforcement. Somehow I am just not satisfied with trading away my personal rights of privacy, just to be a little safer from criminals. With the way things are going now, privacy, as we know it, may not even exist in the near future.

Wanting to have your personal information private isn’t the only reason to be concerned about privacy. If you have too much information online it makes that much easier for people to use that data to masquerade as you to apply for credit cards under your name, withdraw money from your checking account, get a loan using your name, etc. Then they would spend all the money and leave you with a whole bunch of bad credit under your name. This crime, called identity thief, has become the fastest growing crime in the United States. People that have this happen to them often need to spend considerable time and money to clean up the mess, to get their credit rating back to the right place.

Judges Reject Cell-Phone Tracking - Law enforcement's attempts to keep tabs on suspects by following their mobile-phone signals face scattered resistance in court. Could this be the start of a judicial backlash? By Ryan Singel. [Security Blanket]

How much government accessibility into our lives is too much? Currently, litigation is taking place to allow federal investigators to track citizens using their cell phones, “in real time,” without agents having to show “probable cause.” Normally, investigators need to show probable cause to a judge if the tracking device they are using discloses facts pertaining to private places. This new law would change all that. Two cases, one near where I live, in Long Island and another in my home state of Texas have been launched regarding the use of cell phones as tracking devices.

Luckily, for the third time in recent months, Wired Magazine article reports, another federal judge has been hesitant at granting federal agents such open access to tracking. Basically, judges have concluded that as with normal searching or tracking of any suspect or citizen, investigators utilizing cell phones as tracking devices must “jump through the same hoops,” that are required for getting a regular search warrant. Countering the decision, assistant U.S. Attorney Thomas Brown stated that “a cell phone user voluntarily transmits a signal to the cell phone company, and thereby ‘assumes the risk’ that the cell phone provider will reveal to law enforcement the cell-site information.” Personally, I think that while this is true, it does not make it acceptable for law enforcement to begin tracking individuals with reckless abandon, which is what they seem to want to do. As the laws stand right now, when investigators utilize cell phone towers as a means of tracking individuals, they are only given an approximation of a user’s location and movements in public areas. More often than not, this is perfectly sufficient and investigators are able to get all the information they need. Increasing the access would open up a whole new era of government surveillance reminiscent of Orwell’s “1984.”

Also, according to the article, investigators would like not only to be able to track individuals without seeking search warrants, but they are also petitioning to be able to retrieve the “dialing information of incoming and outgoing calls.” The magistrate in the Long Island case, James Orenstein, wrote in his decision, “"When the government seeks to turn a mobile telephone into a means for contemporaneously tracking the movements of its user, the delicately balanced compromise that Congress has forged between effective law enforcement and individual privacy requires a showing of probable cause." To me, this sums it all up perfectly. It’s about privacy and our right as Americans to enjoy it. In the information and digital age, it seems more and more difficult to maintain the high levels of privacy we once enjoyed. Now people can “google” us and find out our entire history. Hackers can get into our computer systems to find out all our personal information, and now investigators are trying to extended and push their already far-reaching limits, to gain information on people’s lives without having to ask first. It’s really as simple as that. How much privacy do we really have? The judiciary is becoming more and more invasive by the year. Do you feel like Big Brother is watching you?

Advancing technology is plunging the world of ideas into a runaway arms race. More ideas are being created, and more emphasis and wealth placed on the ownership of those ideas. As the same time, courts are expanding what can be patented. This forces many companies into a defensive maneuver to patent ideas they would not have otherwise. This in turn forces others to do the same. It has never been so crucial that our ideas are anchored in the law. I was involved with Wired magazine when Wired invented the click-through ad banner on the web. Even if any of us had known this idea was patentable, I do not think we would have patented it. If we invented it now, we would have been practically forced to patent it just so some other company wouldn’t. However, patents do not give you much protection if you are the little guy, especially in this case when you are up against a large corporation involved with a government agency. This situation is fairly complicated but I’ll try to briefly explain it for those who are not informed.
Philip French and two colleagues, Charles Monty and Steven Can Keiren, designed and patented a device called the Crater Coupler, which is a connector used to seamlessly link one pipe or cable to another, without standard hardware like nut threads or bolted flanges. After spending a year developing the technology with Lucent Technologies to use in an underwater environment, Lucent informed French that because the application was being used by a government agency for ’secret purposes’ they would not have to pay French for continued use of his design. Lucent eventually offered the inventors $100,000 for the right to produce 1,000 wetmate couplers. French, who had recently retired, was satisfied with the offer but his partners were not, so they bought him out for $30,000. The partners then sued Lucent for alleged patent infringement, trade-secret theft and breach of contract. The patent infringement charge was dismissed because, under federal law, a “company can’t be sued for infringement if the development was for the exclusive use of the government.” The government intervened and asserted the state secret privilege when the plaintiffs tried to subpoena 26,000 documents to support their claim. Crater was not allowed to pursue legal inquiry regarding the government’s use of their coupler because it could clue in adversaries of the United States to highly classified operations and programs which could greatly damage national security.
The state secrets privilege has been cited in a number of cases. Some of these for seemingly unjust purposes, but the privilege has led to the termination of litigation in almost every case in which it is invoked. I agree with Weaver that although it is a rare occasion that the privilege is invoked for evil purposes, the real problem is that we cannot tell when that is the case. As Coffin asserts, the increased use of the state secrets privilege illustrates that “information is a weapon in the modern day and age,” which is a major concern for national security.
I think that in a case like this one, Philip French made a wise decision to take his $30,000 and split, rather than trying to fight the government in a battle he could not win.

Sue Companies, Not Coders - A former U.S. cybersecurity czar now advocates holding programmers liable for the security holes in their code. He's soooo close to getting it right. Commentary by Bruce Schneier. [Security Blanket]

Companies should be the one’s that is held liable for buggy and insecure programs, not the programmers that work for them. Only then would they actually release programs that work correctly and is secure, and not release programs known to be faulty, expecting to release patches for said programs later on. Since software companies have no real incentive to release secure programs right off the bat, other than the avoidance of the occasional bad publicity, they will continue to sell insecure programs. With the threat of litigation, software companies will find that it would be more profitable to spend the time and money to make more secure programs, than to have to face lawsuits from unhappy customers.

The problem of insecure software has gotten worse and worse over the years, especially with the advent of the Internet. The Internet allows a way for hackers to get on your computer and to exploit a flaw in a program in your computer to do malicious deeds. Also with the Internet, companies know that it’ll be a lot easier to distribute patches now that they can do it online, so companies know they can just release a patch online if their software is flawed. This has the effect of companies being less concerned about the quality of their software and so they spend less time debugging before selling the program.

Even when there is a program that is continuously insecure, for example Microsoft’s Internet Explorer, usually the company has such a monopoly on the market that it would be inconvenient for users to switch to another program, so they just accept the faulty program because they have no alternatives, or is unwilling to try another program because they’re afraid to learn how to use a new program. The companies might also have a good public relations team, so that they can spin whatever new flaw that’s found on their software into something less damaging to the company’s image.

Sue Companies, Not Coders - A former U.S. cybersecurity czar now advocates holding programmers liable for the security holes in their code. He's soooo close to getting it right. Commentary by Bruce Schneier. [Security Blanket]

It seems like in recent weeks we have seen several high-profile cases in which large technology corporations have come under fire for the development of faulty hardware and programs. In this article, Bruce Schneier gives several interesting reasons why and also offers up some good solutions. I think his most interesting point is, “the problem with this analysis is that most of the costs of insecure software fall on the users. In economics, this is known as an externality: an effect of a decision not borne by the decision maker.” He also states early in the article, “Companies find that it's cheaper to weather the occasional press storm, spend money on PR campaigns touting good security, and fix public problems after the fact than to design security right from the beginning.” It’s tragic, but seems to be very, very accurate. In the end, Schneier states that it's more effective to sue the companies that are producing and marketing the insufficient programs, and that doing such will fix the problem of "externality" he talks about. If you’ve been keeping up with the Sony RootKit case and the Black Hat Bug, this is a good article to check out.

FBI Pushing Patriot Act Powers - As the Patriot Act comes up for renewal, lawmakers react to a Washington Post report of the FBI's use -- and possible abuse -- of the law to gain access to private phone and financial records of ordinary citizens. [Security Blanket]

The Patriot Act has gotten out of hand. I am a person that stands by the rights to observe your computer actions for marketing reasons – even stand by the idea of spywear to a certain extent. But the idea that the US government wants to monitor not only what internet sites I view, but what books I check out from the library, my financial records from the bank, who I talk to on the phone, who I instant message and even what I say…it’s just too much.

According to a recent article in Wired Online, the Federal Bureau of Investigations attempts to regulate the searching of personal information by requiring “national security letters.” These letters are designed in a similar idea to a warrant for a police investigation. If the FBI is interested in tracking a suspects’ every move, they must first have a national security letter issued for that person. It basically outlines what will be observed and what they are being observed for. The idea behind these letters is good: you can allow investigations for suspected terrorists’, bombers, white house invaders, etc, but only under a complete checks and balances system.

However, there is a glitch. Since the attacks on the World Trade Center on September 11, 2001 the number of letters issued has increased 100 fold – they issue over 300,000 letters each year! This means two things, one, that the person responsible for issuing the letters is trigger-happy and lets nearly every request to investigate get a letter, and two, the Department of Homeland security is investigating a lot more people than just the terrorists out there. Probably, people who are completely innocent are having every move, purchase, read, comment and idea noted, tracked, and analyzed by big brother. This means that likely, I am going to have a national security letter made to investigate me after writing this blog!

Thankfully, there is some suspicion resounding in government. Republicans and democrats alike are beginning to question to effects of the Patriot Acts on our society as an entity governed by the ideas of freedom and independence set forth in the Constitution. Senator Chuck Hagel, a Republican from Nebraska implied that “the government’s expanded power highlights the risks of balancing national security against individual rights.” Similarly, Senator Joseph Bidden, a Democrat from Delaware said that, “We should be looking at that very closely. It appears to me that this is, if not abused, being close to abused."

I agree completely that we, as citizens should keep a careful eye on the movements within the Federal Bureau of Investigations. We are responsible to follow the news and the legislative votes. We are the ones who cannot let our government take steps against the will of its citizens. Join the fight against the invasion of privacy and unnecessary monitoring of innocent people. There are other, more effective ways to combat terrorism within the United States than through the Patriot Acts.

*****Please note that I am role playing. In the possibility that someone outside of this class views this blog, PLEASE realize that these are not my personal beliefs*****

Dark Cloud Hovers Over Black Hat - New corporate ownership won't exempt the bleeding-edge security conference from future Ciscogates, and clashing court decisions leave the outcome up for grabs. Commentary by Jennifer Granick. [Security Blanket]

Hey guys, here's a follow-up to the article I published yesterday. It's an interesting read.

Black Hat Organizer Unbowed - As Ciscogate closes, the man behind the Black Hat security conference reflects on the impact of the controversy on computer security research and network safety across the globe. Wired News interview by Kim Zetter. [Security Blanket]

Recently, Cisco Systems released its patch for what is known as the “Black Hat Bug,” a fatal flaw that can disrupt operating systems running Cisco routers. Cisco routers are drives which move traffic through much of the internet and are utilized in many corporate networking systems. The controversy surrounding the Black Hat bug stems essentially from the way in which Cisco handled the publicity regarding the incident and dealt with the researchers who uncovered the flaw. In addition, Cisco and the Black Hat bug have ignited a debate on full disclosure and company privacy in the internet age.
Mike Lynn, a computer security researcher is at the center of the controversy. He and his team found the problem with the Cisco routers, and were immediately praised for their efforts to disclose and share the problem with various corporate IT departments. Last July, Lynn was a speaker at a security conference held in Las Vegas regarding the Black Hat bug and other unrelated security glitches. He demonstrated how the bug worked and the havoc it could wreak on the routing system.
As a companion to the talk at the conference, Internet Security Solutions and Mike Lynn and his team had put together a security booklet in which Cisco had included reading material regarding their routers and CD-ROMs with information about product security. However, just a day before the conference, Cisco representatives did an about-face and pulled all the material out of the books and CD-ROMs, claiming that the material had proprietary source code that could essentially drive the company to ruin. People working the conference then spent hours removing all the CD-ROMs from the booklets and everything seemed to be fixed. The founder of the Black Hat conference, Jeff Moss states in his interview with Wired Magazine, “The (revised) CDs were starting to show up, and it looked like everything was fine. Cisco was happy, ISS was happy, and it looked like we dodged that bulled.”
However, much to Lynn and Moss’s surprise, almost immediately following the conference, FBI agents began investigating Lynn for “theft of trade secrets.” ISS was responsible for opening the investigation and the accusations stemmed from the inclusion of the source codes in the CD-ROMs and the disclosure of the bug in the first place. The legal investigation and wrangling finally came to a close a few weeks ago and the FBI case is now officially closed.
From reading about and researching this case, I wholeheartedly believe that Cisco’s altering of the CD-ROM and ISS’s charge of “trade secret theft,” and all the legal wrangling that ensued really had nothing to do with “proprietary information,” and had everything to do with trying to quiet criticism of their product. It seems like more and more companies are trying to cover up fatal flaws in their systems or trying to offer quick fixes for bugs in an effort to quietly brush things under the rug and avoid a public uproar. We saw it just recently with the Sony RootKit case. In this case, Cisco wanted to avoid loss of profit and respect in the tech world, so when someone blew the whistle on the flaws in their routers, they immediately tried to silence and punish the research team that found the problems. Such practices by big corporations threat the advancement of innovation and consumer confidence. Moss states in the article that this can happen to anyone who blows the whistle on a big company and “it’s just going to be a big stifling of innovation, and it’s going to drive researchers underground.” Technology corporations should either build perfect devices, or be prepared to be honest with the public when they are not perfect.

Spyware: What You Need to Know - Internet users hear about the dangers of spyware all the time. But what are these vile applications that install themselves on computers and web browsers, and what can a person do to avoid or eradicate them? By Kim Zetter. [Security Blanket]

In her article “Spyware: What You Need To Know,” Wired Magazine writer Kim Zetter states that spyware “can turn your system against you, slow your browser to a crawl and inhabit your computer like some grotesque parasite. It can cling to your windows registry with its grasping mandible and suck away its very life.” While the statement is quite dramatic, it is actually very accurate. Spyware is an increasingly serious and malicious problem that all PC users must address.
Spyware is defined by the Anti-Spyware Coalition, whose members include Yahoo! and Dell, as “any application that impairs user’s control over material changes that affect their user experience, privacy or system security.” It is generally downloaded onto a user’s PC when downloading free programs, such as shareware and peer-to-peer networking programs, from the internet. Once in the PC’s registry, spyware tracks the user’s every click when they are surfing the internet, reporting back to the website’s owner about his or her preferences and most visited websites. In altering the computer’s registry and browser settings, spyware leaves everything more susceptible to identity theft from hackers across the web. Spyware can also be installed on your computer when you simply click on the “x” in the right hand corner to close a pop-up add on your computer’s desktop.
Once Spyware is installed on one’s PC, he or she will often people inundated with pop-up ads, even when no one is surfing the internet. A user’s browser’s homepage often changes with his or her knowledge, or sometimes a tool-bar is added seemingly out of nowhere. These are direct results of “Trojan horse” viruses that are also a part of spyware. In addition, random programs such as “My Daily Horoscope,” appear mysteriously on the Control Panel’s Program List.
While the practice may seem unethical and is definitely annoying, it is not completely illegal—yet. Many of the freeware that user’s download from the internet come with “User’s End License Agreements” that contain clauses regarding the installation of third-party programs on a PC. Basically, if users want something for free, they have to be willing to accept the advertising programs that make it free. More and more, lawmakers are bringing new statues and proposing legislation to Congress that seek define what’s illegal and unethical in the world of internet advertising and create a more enjoyable internet experience for all users.
Ridding your PC of spyware is a tedious, long process. It generally cannot be removed like normal, legitimate programs from the control panel and when user’s attempt to remove the spyware in this way, residual programs are often left in the computer’s registry that eventually spawn more spyware attacks. The easiest way to remove spyware is by using a program that specifically targets it such as “Spybot Search & Destroy” or “Ad-Aware” by Lavasoft. PC users looking to rid their computer of harmful spyware must be weary of which program they choose however, as bold advertisers are now using seemingly legitimate spyware programs as a means to install more spyware on PC’s.

The amount of damage the Sony XCP copy restriction software has caused is absolutely outrageous. This software has infected “more than half a million networks, including military and government sites.” Not only is the damage caused outrageous, but also the very idea and reason behind the software. It was created to protect music on at least twenty CDs from illegal copying, but instead it blocks a number of legal uses as well. If I actually go to the store and buy a CD, I should definitely be able to listen to that music on my ipod, which is in no way illegal. It prohibits the paying customers from copying or burning the music onto another CD, or even transferring those files to their own ipod. They can’t even listen to the CD on their own computer without facing restrictions and certain agreements
This software punishes the user for doing exactly what the music wants, which is to be fluid: to be mixed, morphed, rearranged and archived. The punishment is the hidden software that causes your computer to be slow, susceptible to crashes and third party attacks. And if this is not bad enough, they also ignore your privacy rights, because the secret feature of XCP alerts Sony when one of the CDs is placed in your computer. By restricting this fluidity, Sony has shown that they do not understand what music wants, and the direction that technology is taking it. Rather than accepting the stage of freedom and sharing that music has been going through, they have overreacted in their attempts to restrict or stop this inevitable stage. Obviously it has proven extremely unsuccessful. Musicians and corporations need to cater to the desires of their consumers, rather than punishing them for wanting more personalized and flexible music.
As my legal columnist Jennifer Granick suggests, if the users are not warned about the possible damage the software could cause, it is a criminal charge. But of course, it is highly unlikely that such a large and profitable corporation, like Sony, will be rightly charged for their crimes. The harm their software has done is practically irreversible, and worst of all, Sony does not seem to upset about it. Not only their actions, but also Sony’s reactions and sluggish response to the problems they have caused so many people have not been taken lightly. Sony’s solution so far has been withdrawing the XCP CDs, while Microsoft provides a patch and anti-spyware programs to infected machines. Sony’s feeble attempts to supposedly make up for the havoc they have wreaked on half a million networks in about one hundred sixty-five countries spanning the globe are simply not enough.In their efforts to make more money, they have done an injustice to the listeners and to the music.
More than anything, they are blindly trying to restrict the future of music. In their efforts to have control over the music and user’s ability to copy, they fail to see that the real revolution of music is lies in exactly what they are trying to stop—liquidity.

Real Story of the Rogue Rootkit - Antivirus software makers are nowhere to be found when Sony's CD Trojan horse comes knocking. Mere incompetence can't explain that. Commentary by Bruce Schneier. [Security Blanket]

Yet another mega-corporation tries to circumvent the law. Not only is it illegal for Sony to put this type of program into people's computers, but Sony is also trying to restrict people from using the music files that they paid for the ways that they could under fair use laws. This is an extraordinary breach of ethical and privacy rights on the part of Sony. If an individual tries to pull this off, they would have been jailed for sure, but somehow it's ok for corporations to do it.

For those of you that have not heard about this XCP rootkit that Sony has unleashed on the world, here's a brief description: certain music CDs released by Sony BMG, Sony’s music division, contains software that, when installed on someone’s computer, will restrict how many times the computer can burn a copy of that CD and prevent the user from copying the music files to another location.

Those restrictions might already be pretty bad themselves, but it’s the way Sony achieve these ends that has everyone in an uproar. If a user wants to listen to the music CD on their computer, they have to agree to an undecipherable EULA, and the CD installs a proprietary music player, along with the XCP rootkit.

This rootkit is dangerous because it gains control of the computer’s operating system at it’s highest level, mimicking as an important part of the operating system that, if a user tries to remove it, the action may very well damage Windows and make it inoperable. The reason it is called a rootkit is because it uses a special process that hides itself within the system, ‘cloaking’ it and rendering it undetectable by even anti-virus scanners. This very reason makes it a security risk because malicious programs such as virus and spyware can use the XCP rootkit to make themselves undetectable nearly impossible to get rid of, short of a complete reformat and reinstall of the entire operating system.

Anti-virus companies and even Microsoft was slow to respond to this threat to computer security, only because a multinational corporation, and not some two-bit hackers, released this rootkit. But thanks to technology blogs that spread the story, which was picked up by the mainstream media, Microsoft finally caved in to public pressure, stated that they considered the XCP rootkit to be malware, and released a patch to remove the clocking portion of the rootkit.

Sony also responded by recalling all CDs that contain the rootkit, and by temporarily halting the production of CDs that contain the XCP rootkit. Sony is doing this now to mainly to protect itself from the public relations nightmare the rootkit has spawned, and the pending litigation that both the states of California and New York is bringing to Sony. Basically Sony is trying to cover its own ass after being caught with its hand in the cookie jar.

What is scary, besides the fact that this rootkit has already infected about half a million computers around the world, is the attitude of the executives at Sony. It’s a damning indication of the lack of respect Sony has for it’s customers when Thomas Hesse, Sony BMG's president of global digital business, was quoted as saying, "Most people don't even know what a rootkit is, so why should they care about it?"

I’m disturbed by how willing Sony was to intrude peoples’ computers simply for their own agendas. It makes me wonder just how trustworthy corporations are in general these days. We should all be diligent whenever another multinational corporation wants to install anything on our computers.

'UnGoogleables' Hide From Search - Meet the privacy-conscious folks who carefully manage to evade the omniscient eye of the monster search engine and its web-crawling minions, living one stray e-mail or election ballot away from discovery. By Ann Harrison. [Security Blanket]

I believe that inforamtion sharing through online search engines like Google is a wonderful development that should be cherished. The thought of an all-compasing database of information covering almost all people and topics twenty years ago would have been a dream. Today, the dream is a reality.

Anything that we could ever want is at the access of our fingertips or voice command. We can order dinner, search for movie times, apply for jobs, and conveniently, run background checks on our neighbors. Well, as close to a background check as we have come in the twenty first century – we can Google them.

Need to check out if a babysitter is qualified before you leave them alone with your children? Questioning whether your new girlfriend is really a doctor? Want to research details a car’s history before you decide to buy it? Simple answer, Google ‘em.

There are, however some people out there who believe that their information should not be shared. They think that this access to unlimited information about a person or place is an invasion of privacy. They are taking actions to prevent their identity presence in online resources like Google. If their privacy is worth the extra fuss, then so be it, they should limit their information shared. But for the record, I think that these actions are ridiculous.

Yes, there is a certain amount of doubt that can be assumed by a stranger "googling" your name to find your history, but the type of information released on these sites is limited and often reveals little more than your profession, organizations that you're involved in, and newspaper articles that you have been mentioned in. Your bank account number, social security number, family history, and address are not likely to show up through a Google search unless you want them to.

On the other hand, the information provided online is a hugely valuable resource. In a world when best friends were strangers that you met on a subway a month ago, first dates are people that introduced themselves in a bar, and job applicants could be concealing a serious criminal record, I believe that Google gives us a stable, reliable insight into a world of strangers.

Google doesn’t have an agenda against anyone, it reveals what others have said about you or what you have involved yourself in. It doesn’t make the information, it merely searches through information that has already been written, chances are that you are aware of the original publication. Providing others with access to information gives them security to continue to develop trust. Google, along with other search engines like Yahoo, MSN Search, and Ask Jeeves help people.

So, to those who question Google: if you are worried about someone finding information about you that you don’t want them to know, DON’T DO IT! Clearly, you’re scared of having a secret revealed to the public, and if you’re really that worried about it, don’t involve yourself in activities or organizations that could use the internet accessed by search engines, use a false name, or change your name all together. But if you are worried about it, don’t attack the providers: Google helps more people that it hurts.

There are few amnendments that we, as regular bloggers, are choosing to act upon.
We will continue to submit three 500 word blogs on the set dates, with two 100 word comment blogs each week.
However, when selecting an article to blog or comment on, we have decided to blog on any article we wish within the list - the articles may or may not overlap with the articles of other blogger members.
We also would like to add an additional optional blogger, Mariela Hristova, to our blog. If she wishes to comment on any of our blogs, we would love to have her opinions and different ideas.

These amendments have been passed unanimously by the Security Blanket Bloggers, 2005.

My name is Kevin J. Kelly. I am an imaginative, curious and above all, eclectic man. I am 53 years old with brownish hair, which is slightly thinning, and a silvery beard. I live in Pacifica, California with my wife Gia-Miin Fuh and our three children. Generally, I wear all-terrain sandals, sometimes with wool socks, lightweight pants that conveniently unzip around the knees to become shorts, and a comfortable t-shirt, maybe even a tie dyed one. I always sport my trusty Swatch watch, which I have relied on for many years. Extremely inquisitive and unorganized, I often mumble to myself, thinking out loud, and rely heavily on online Post-It notes. Because I am so interested in a plethora of topics, I am easily distracted and at times forgetful. I like to think that I do not take myself too seriously and have a good sense of humor, cracking jokes during meetings and such. I am extremely personable and encourage others to offer their feedback and insight regarding my research. As a futurist, I understand the need to be knowledgeable about history. I am the ultimate magazine junkie, which is beneficial since I am the editor of Wired magazine. When I read books, I prefer science non-fiction, but I really love books on tape. I have a passion for photography and can be spotted snapping photos in the nature preserve near my house or observing the activities of the ducks in the pond. I am extremely compassionate and optimistic. Despite the hype over new gizmos and gadgets, I prefer objects that have withstood the test of time, unimpressed by newness for newness’ sake. I like to share these objects with friends, which I display on my Cool Tools website. Check it out. I enjoy the simple pleasures in life and spend in moderation, shopping at one of his favorite places, Costco. I love hiking and riding bikes with my family. I love to visit various hot springs to relax and contemplate the future of technology and the world.

Perhaps the best way to introduce myself is through a story that someone once wrote about me - they probably did a better job of describing my oddities than I could have...

Kevin Kelly stepped slowly into an internet café on the notorious corner of Haight and Ashbury Streets in San Francisco. The area, known for its intellectual discussions, cyberpunks, and hazed futuristic daydreams of twenty-year olds seemed an awkward fit for the 6-foot middle aged man with salt-and-pepper hair and a well-trimmed beard.
He strolled toward the counter and politely asked the clerk for a chi green tea and a fast-speed internet connection for his Mac laptop. Being handed his order, he turned around with his tea and cable and paused. He realized that everyone in the café was watching him; not out of skepticism, but out of recognition, even awe.
The patrons had been intently focused on configuring their zip drives, immersing themselves in new age magazines Wired and the latest Whole Earth Review, or clamoring loudly on their keyboards as they chatted to friends online. Now, while many recognized the innovative thinker immediately and sat dumbfounded, others had to flip to the front of their magazines and re-read the headline “Kelly Strikes Again: Launches First Ever Cyberthon” before realizing that the man wearing a Hawaiian shirt and sandals before them was the Kevin Kelly, saint of the cyberculture and lord of or future society.
After raising a hand briefly in an attempt to say “hey” to his audience, Kelly stepped toward a table, hooked up his laptop, and began work on his next enlightened thought in hopes that everyone would soon return to their activities and stop staring at him.

I hope that this gives you a little perspective of my personality, but if you want more information you should talk to my beloved wife and children, if you dare.

My name is Leila Jean Smith. After an hour long ride from campus to my dark, worn studio apartment on the lower east side, I clambered off the bus, books, laptop and bags of groceries in tow. It was a cold Friday afternoon in the big and unforgiving city of New York; the sky was gray and cast a dark, juxtaposing shadow over a city normally associated with boundless opportunities. I came to the city a year and a half ago from Texas after a failed relationship, a childhood dotted by abuse and neglect and a series of broken dreams. New York was a fresh start, albeit a difficult one. It's hard to be small-town in such a big city.

After climbing up the stairs, I trudged in. My cat, Big Cat always greets me right when I walk in, and I always scoop him up in my arms and hold him against my chest to feel his purring against my heart. Usually at this time of day, I plop down in front of the TV and watch the news or I open up my laptop and surf around various websites to try and find new friends in my neighborhood. That's actually how I met my boyfriend, Jack.

I enjoy reading, all things geeky, and long walks on the beach.

James Long poses a striking figure at six feet, four inches tall. He has dark piercing eyes that radiates intelligence and seems alert of its surroundings, yet at the same time is always deep in thought. Long brown hair frames his face, which features a square jaw and high cheekbones. Since he exercises regularly, he appears fit and trim in the khaki shorts and dark colored polo shirts he frequently wears. James has been a fan of Apple computers his entire life, ever since his father gave him the Apple II when he was young. So it is no surprise he would carry around an Apple Powerbook wherever he goes, to check email and stock prices when he has a spare moment. He has a habit of cracking his knuckles that he picked up from a friend during his high school days, so he would do that often when he is thinking about something or if he is feeling nervous.

James enjoys a good cup of coffee at the local café that has been a favorite of his for years. Often he would spend hours in that café to read a good book, study up on the latest news and trends in technology by visiting websites on his Powerbook, or just sit back and watch the scenery that’s outside the café window. He is also an avid motorcycle rider, a practice he picked up during his rebellious college years. Sometimes he would strap on his helmet and ride away on his Kawasaki Ninja EX500 for an hour or so, just to clear his mind and enjoy the open road.

James really dislikes dealing with people that annoy him, and people that are arrogant and prideful. But he himself is pretty arrogant, the product of a graduate Ivy League education at Princeton. So his greatest weaknesses may be his arrogance and hypocrisy. The fact that his greatest strengths are his intelligence and sharp analytical mind does not help overcome these weaknesses too much, but other than that, he is generally very helpful and giving towards people.

The major goals that James wants to accomplish in his lifetime are less government restrictions of information online, and the continuance and protection of anonymity and privacy in cyberspace so people have the freedom to express whatever they want without fear of reprisals. He also strongly supports the notion that all people should be able to access information online equally, regardless of race, gender, location, or socio-economic status, and everyone would be able to express whatever he or she wants. Information should not only be reserved for the wealthy people in developed countries. The Internet should be the ultimate leveling field when it comes to information and idea exchange.