May 2005


News & Culture & Politics28 May 2005 12:36 am

According to DMNews, Orson Swindle is stepping down from his position as a commissioner of the U.S. Federal Trade Commission. A Republican appointee, Swindle has been a leading force in anti-spam, anti-malware, Internet privacy, and other cutting-edge Internet consumer issues.

While some may not have always agreed with Commissioner Swindle when he occasionally balked at stronger consumer protection measures, there is no doubt that during his tenure at the FTC, his gentle yet firm — and occasionally forceful — guidance more often than not helped common sense and reason get a fair airing at the agency. His “kindly grandfather” appearance always belied his quiet power, his raucous sense of humor, and the astonishing heroism that has marked his life.

I count myself lucky to have been there the day he broke up a potential fist-fight at an anti-spam workshop, an incident that will go down in the annals of Washington lore. But it was just another day in the remarkable life of this outstanding public servant. I know I join many in wishing him the best in whatever life has in store for him next.

Punditry28 May 2005 12:15 am

Here are a few recent articles in which I’ve been quoted, for your reading pleasure. Enjoy your holiday weekend!

When a lawyer gets hit by spammers, expect a lawsuit
CNET News.com – May 27, 2005
… Ziegler is one of the few individuals to sue an alleged spammer, said Ray Everett-Church, co-founder of the Coalition Against Unsolicited Commercial E-mail and …

Lawmakers Must Forge Right Spyware Weapon
eSecurityPlanet.com – May 25, 2005
… we’ll see some bill come out of the meat grinder here that will have pieces and parts of all of these bills,” says Ray Everett-Church, a principal with PrivacyClue LLC, a privacy and anti-spam consultancy …


Turning the Tide of Spam

BusinessWeek – May 23, 2005
… “This is a stark reminder to spammers of the kind of punishment that can await them,” says Ray Everett-Church, chief counsel at the Coalition Against …

Cell phones can deliver pizza coupons
Cincinnati Enquirer, OH – May 20, 2005
… “If this type of thing proves successful, there will be other guys who don’t follow the rules,” says Ray Everett-Church, a principal partner at San Jose, Calif …

The War On Spam Takes A Novel Turn
Information Week – May 17, 2005
… Ray Everett-Church, chief privacy officer for ePrivacy Group and counsel for the Coalition Against Unsolicited Commercial E-Mail, observes that the Internet …

Malware & Politics24 May 2005 11:34 pm

On Monday, the U. S. House of Representatives passed two separate pieces of “spyware” legislation, only one of which actually promises to do anything to help consumers terrorized by unwanted spyware and adware.

[Author’s Note: From this point forward, I’m going to try and use the term “malware” to collectively describe the follies, felonies, and frauds, that constitute much of the behavior of the spyware and adware industries. If you want to know more about why I’m using the term malware, please read my explanation.]

As reported by CNet News.com’s ace DC bureau chief Declan McCullagh (who is apparently moving out here to SF soon; congrats Declan! and yay for us who enjoy his company!), the two bills take a very different tack, and together amount to exactly 200% more spyware legislation than the U.S. Senate managed to approve last year!

The first bill, H.R. 29, sponsored by Rep. Mary Bono (R-Ca.), identifies many of the most annoying and damaging features of “spyware,” “adware,” and anything else that falls into the semantic morass in between. It also focuses on issues of end-user notice and consent, two areas where most adware and spyware have chronic deficiencies. This bill would also empower the Federal Trade Commission to continue looking into malware issues, and require them to create regulations to guide future enforcement.

The second bill, H.R. 744, sponsored by Rep. Bob Goodlatte (R-Va.) and Rep. Zoe Lofgren (D-Ca.), is a far narrower bill, focused primarily on only that software used to steal personal information for the purpose of committing fraud or to intentionally crash someones computer. As such, the bill would offer virtually no protection for those consumers who are besieged by software, whose intention may not be, but whose actual consequences are crashed computers and frustrated end-users.

I’m still digesting the final version of the Bono bill and trying to determine what actual effect it might have on protecting end-users from the excesses of the adware and spyware industries. But my initial reading of the Goodlatte-Lofgren bill is that to the extent it prohibits unauthorized access to private data, it offers consumers nothing in the way of new protections over existing law. However, the language does a masterful job of completely avoiding any impact on some of the worst players in the malware business… many of whom I’ve written about extensively in this blog.

Why does the Goodlatte-Lofgren bill completely miss the boat?

First, the bill focuses on anyone who, “intentionally obtains… personal information with the intent to defraud or injure… or cause damage to a protected computer…” Of course, the makers of most spyware and adware don’t “intentionally” crash people’s computers, even though their software routinely does it. Indeed, according to Microsoft’s anti-malware team leader, Jason Garms:

“The primary problem that users have with spyware is that their systems crash or are really slow or don’t behave in the way they expect them to,” Garms said. “We try to figure out how many of the crashes that are reported to us are actually attributable to spyware, and it turns out that at least one-third of those machines had spyware installed on them, so it is a big problem.”

Second, the Goodlatte-Lofgren bill focuses on “intentional” gathering of personal information for purposes of committing fraud (which is already illegal). Most malware companies are proud that they only gather “aggregated” or “anonymous” data while their software is monitoring your Internet activities. They don’t need your Social Security number to cause an annoying pop-up ad; they don’t need your mother’s maiden name to hijack your default search engine. Thus, by limiting the reach of penalties to only those bad guys who are already committing fraud, they have created a loophole through which you can drive the entire malware industry.

So, pound for pound, I think the Bono bill is looking like a better piece of legislation. It doesn’t buy into the adware companies’ word-games and instead focuses on the actual harm visited upon consumers. The Bono bill reads like a laundry list of the annoying, frustrating, and intentionally harmful things that I have personally witnessed while trying to exorcise the demon-spawn of companies like Claria, WhenU, CoolSavings, QooLogic, 180 Solutions, and others, from the computers of my friends and family.

Meanwhile, the semantic battle over “adware” vs. “spyware” has Microsoft seeking protection from the frivolous, harassing lawsuits that have become the stock-in-trade of many of the most notorious malware companies. It seems that whenever malware companies perceive a threat, they try to kill the messenger. CNet pointed out a few of those incidents, such as Claria’s lawsuit against PC Pitstop, New.net’s suit against the maker of Ad-Aware, and threats against the tireless anti-spyware advocate Ben Edelman.

Malware & Privacy24 May 2005 12:06 am

In today’s DMNews, everbody’s favorite television background noise, the Weather Channel (weather.com), announced that it was partnering with adware company CoolSavings to infest the Desktop Weather 4.0 application with offers to “opt in for samples, trial offers, travel brochures and free newsletters from CoolSavings.”

It’s not clear from the marketing-speak what, exactly, the Desktop Weather application will have in it. For example, it may simply be offering links to opt-in emails. But given the history of CoolSavings as purveyors of unwanted adware, I’m not hopeful.

The real news, however, is that many more companies, including some names you should know, are getting into bed with adware companies like CoolSavings. According to DMNews:

The company signed similar arrangements with RealNetworks, for people who download RealPlayer, and with Netscape, for those who download its Netscape Browser, as part of seven distribution agreements it will announce this year.

As I’ve noted previously, the real and growing scandal in the adware and spyware world is not that these companies are becoming more brazen in their activities. The scandal is the disconcerting number of otherwise upstanding, mainstream companies who are getting in bed with some of the most notorious names in the field.

So what’s one to do if you want your local weather information displayed on your computer desktop, but doesn’t want to risk unwanted adware or spyware? Do what I do: use the Weather Widget, which is included in the free download of Konfabulator.

Konfabulator is a free desktop utility that allows you to plug in a wide variety of “widgets” (yes, that’s what they call ’em) that are created and distributed freely by dozens of dedicated developers the world over. downloads, as easy to install as moving the “.widget” file to your “My Widgets” directory, and let you put lots of useful things right on your desktop. And the “widget” philosophy is one of simple function, simple configuration, and clean and beautiful design.

They have just launched a new version called Konfabulator:2, which is a pay version. But as far as I know you can still use the regular old free version. (Please correct me if I’m wrong…)

I think I’m going to pay for the upgraded version because, a) it’s always the right thing to do to pay for software that you actually use, and b) you have to reward people for making cool stuff… otherwise they might go find other work doing things that you can’t afford! Meanwhile, from what I can tell, the Konfabulator Weather Widget appears to draw its weather data from the same data feeds at Weather.com, and does so without risking installing strange and unwanted adware on your machine.

So give it a try!

Privacy23 May 2005 04:03 pm

Suddenly, stuffing your nestegg under your mattress isn’t looking like such a crazy idea. Today’s debacle? Two more banks, Wachovia and Bank of America, have announced more than 100,000 more customers may be affected by data thieves.

According to an AP wire story, this brings the total number of potential victims to nearly 700,000, or so says the police in Hackensack, NJ, where the investigation has been underway for several weeks.

Meanwhile, in a separate incident, MCI announced that a laptop containing the names and Social Security numbers of 16,500 current and former MCI employees was stolen from the car of an MCI financial analyst.

Privacy & Sillycon Valley Biz19 May 2005 03:30 pm

GoogleGoogle’s CEO Eric Schmidt defended the company’s privacy screw-ups at a Gartner Symposium on Wednesday. Reported by CNet, Schmidt responded to a question about Google’s privacy sensitivity, or lack thereof. According to Schmidt, they are guided by the company’s founding motto, “Don’t be evil.”

In response to a question about how Google treats consumer privacy, he tried to illustrate how the company’s don’t-be-evil philosophy trumps technology by recounting a meeting he attended with company co-founders Larry Page and Sergei Brin. In it, a business executive suggested a particular change at Google.

“One of the engineers says, ‘That’s evil.’ It was like setting off a bomb in the middle of the table,” Schmidt said. The concern was taken seriously: “You can pull the ripcord and stop the production line.”

He added that after a long debate, the engineer’s assessment prevailed over the business executive’s idea. “They concluded it was (evil), and this poor person was thrown out the room.”

Unfortunately, Schmidt’s story is indicative of a culture that doesn’t understand the dynamics of privacy problems. When some random engineer in a meeting decides that something poses a privacy problem, and raises the issue, it’s a happy event. But in my lengthy experience, it’s also a rare event.

It’s not the job of that engineer to raise obstacles to other people’s ideas. Indeed, the smart engineer will learn that after shooting down some big-wig’s idea, he’s a lot less likely to get invited to as many meetings. “Oh, no! That wouldn’t happen at a cool and funky place like Google,” I can hear someone say. Yeah, right.

As I’ve pointed out on numerous occasions, many of Google’s privacy blow-ups aren’t nearly as dire as some might make them out to be. But the sheer frequency of these privacy missteps has contributed to an image of a company that, at best, has a tin-ear when it comes to privacy matters, and at worst, is actually evil.

Touting a corporate motto of “Don’t be evil,” is cute. But “Don’t be evil,” is significantly different from, “Be good.” Google-up a definition of “amoral” and you’ll see what I mean.

“Don’t be evil,” is a passive statement. In a company guided by such a passive directive, it’s a tacit admission that, from time to time, the company is going to do something evil without realizing it. Sure the company can go back and fix stuff, and Google has shown its willingness to be reactive when their latest creation turns into Frankenstein’s monster. But by then the damage is done: trust is further frayed.

When it comes to privacy matters, reactive is bad. Being passive is a prescription for disaster. Privacy protection requires being proactive. In a business where it’s this easy to stumble into trouble, shouldn’t somebody have the job of watching out for the pitfalls in the first place, instead of mobilizing afterwards to dig yourself out of the hole?

To the best of my knowledge, Google still doesn’t have a Privacy Officer, or anyone else similarly situated whose job it is to be the curmudgeon, to look at everything askance, to not merely wait for somebody to discover a problem but to go looking for trouble and blow the time-out whistle.

Yes, it’s nice to think that everybody in an organization is going to be constantly vigilant, and will uncover the privacy risks associated with anything the company does. But with a new privacy-related problem arising on an almost weekly basis, clearly the “neighborhood watch” approach isn’t working. It’s time for Google to hire themselves a dedicated privacy cop.

Privacy & Tech19 May 2005 02:48 pm

FingerscannerEngadget found an interesting news item about the grocery store chain Cub Foods, introducing a biometric interface to an “electronic wallet.” Touch here and your account is automagically debited.

Perhaps a greater use of finger scanning will reduce the incidence of trading in fingers.

:)

Malware & Privacy16 May 2005 06:06 pm

Claria (nee Gator)Check out my May column for eSecurityPlanet.com, part of the Jupiter Media family of news sites. This column is a revision and update to a recent blog posting right here on PrivacyClue.com! Yes, yes, my content recycling continues. But trust me, it’s even better the second time around! ;)

Also, I’m on The David Lawrence Show tonight, instead of the usual Tuesday night. Listen live via the web, or download the audio afterwards for only a measly quarter.

News & Culture & Politics12 May 2005 12:53 pm

Neil Horsley and DateThe folks at Reason have links to a truly remarkable piece of audio in which Sean Hannity’s lapdog, Alan Colmes, gets radical anti-abortion activist Neil Horsley to admit that he used to have sex with his family’s mule. Apparently beastiality is a fact of life on family farms in Georgia, according to Horsley, and youngsters will have sex with anything if “it’s warm and it’s damp and it vibrates”… I don’t exactly know what this Horsley twit thought he was accomplishing by discussing the free love livestock lifestyle, but it’s a pretty remarkable piece of radio. Congrats to Alan Colmes! And thanks to NewsHounds for transcribing and documenting the eye-opening view into what anti-abortion radicals do in their off-hours.

Friends & Family & Good Eats12 May 2005 10:22 am

Crown Candy Kitchen in St. LouisMy father sent me an interesting item from AOL this morning. (Unfortunately it’s buried on the AOL proprietary service so I can’t give you a URL.) But it was a fun little write up about one of the menu items at famous St. Louis eatery, the Crown Candy Kitchen. An institution in one of the decrepit corners of St. Louis (which could well be seeing a renaissance by now — I haven’t been there in almost a decade :( ), Crown is known for great homemade candy, but especially for one of the best bowls of chili in the Midwest.

Burger at Dooley's in St. LouisWhen I was a teenager, I lived for two years in the St. Louis suburb of Ballwin. (Go Parkway South Patriots!) Sometimes when my Dad had work to do on weekends, he would take my brother and me downtown to his office, and after he was done with work we’d try out different lunch places. Crown was a favorite, along with Dooley’s, an odd little pub and burger joint where the outstanding burgers are topped with a huge dollop of whipped processed cheddar cheese (the orange blob in the picture).

Ah… good times! Thanks Dad for a blast from the past, and for introducing us to these great institutions in the first place.

Next Page »