EFFector 19.29: AOL's Data Valdez Violates Users' Privacy

[David Farber <dave () farber net>]

Begin forwarded message:

From: EFFector list <editor () eff org>
Date: August 8, 2006 6:02:41 PM EDT
To: eff-all () eff org
Subject: [E-B] EFFector 19.29: AOL's Data Valdez Violates Users' Privacy
Reply-To: EFFector list <editor () eff org>

EFFector Vol. 19, No. 29  August 8, 2006  editor () eff org

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

In the 390th Issue of EFFector:

 * AOL's Data Valdez Violates Users' Privacy
 * Surveillance, DRM Bills Held In Check, For Now
 * Senate Sneaks Through Cybercrime Treaty
 * Voting Security Attacked In Court Again
 * EFF Partners with Craigslist for Nonprofit Boot Camp,
August 19
 * Thank You, DefCon!
 * miniLinks (12): Going Digital
 * Administrivia

For more information on EFF activities & alerts:
 <http://www.eff.org/>

Make a donation and become an EFF member today!
 <http://eff.org/support/>

Tell a friend about EFF:
 http://action.eff.org/site/Ecard?ecard_id=1061

effector: n, Computer Sci. A device for producing a desired
change.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* AOL's Data Valdez Violates Users' Privacy

As recently reported by the blog TechCrunch and now the
major media, AOL intentionally released three months of
search queries by 658,000 AOL users. Though AOL has removed
the data from its site and rightly apologized, the grave
damage is already done. The data is available all over the
Net, and AOL may have violated its own privacy policy as
well as existing federal law. Congress should heed the
lessons of this Data Valdez and enhance protections for your
privacy.

Particularly considering the uproar over the Department of
Justice's demands for just this kind of information from
Google only months ago, AOL's actions demonstrate a shocking
disregard for user privacy. Search terms can expose the most
intimate details of a person's life and, in doing so, cause
great harm.

Consider just a few hypothetical situations. Would you want
your employer or credit company knowing that you searched
for "how to file for bankruptcy"? Would you want anyone to
know you searched for "HIV positive clinic," "breast cancer
health services," or another illness-related query? What
about "rape victim" or "depression" plus "counseling"? What
about searches that reference your political or religious
affiliation, or your sexual orientation?

Though the data was associated with random ID numbers, that
information could still be connected back to an individual
given enough clues. Consider, for instance, what vanity
searches for one's own name or MySpace profile could reveal.

This incident highlights the dangers of allowing search
companies to store this kind of personal data. We're still
investigating, but it appears this disclosure may violate
the Electronic Communications Privacy Act (ECPA), which
strictly regulates disclosure of your Internet
communications, along with AOL's own privacy policy.
Regardless, Congress should take note of this latest Data
Valdez by creating stronger, crystal clear legal protections
for user information and by limiting data retention.

DeepLink Follow-up, "Weblogs, Inc. CEO Tells His AOL Bosses
To 'Not Keep Logs of Search Data'":
<http://www.eff.org/deeplinks/archives/004866.php>

News.com article about the disclosure:
<http://news.com.com/2100-1030_3-6102793.html? 
part=rss&tag=6102793&subj=news>

EFF Article, "Subpoenas and Privacy":
<http://www.eff.org/deeplinks/archives/004385.php>

For this post:
<http://www.eff.org/deeplinks/archives/004865.php>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Surveillance, DRM Bills Held In Check, For Now

Before the Senate began its recess last week, Senator Arlen
Specter tried to rush his awful surveillance bill out of
committee. After being contacted by concerned constituents
like you and groups like EFF, sympathetic Senators on the
committee intervened to stop a vote. Specter is committed to
bringing this bill back, so it's important to keep your
calls and letters to the Senate Judiciary Committee coming:
<http://action.eff.org/fisa>

Meanwhile, despite rumors to the contrary, Senator Ted
Stevens did not bring his telecom reform bill to a Senate
vote. Unfortunately, the latest version still includes the
audio and broadcast flag DRM mandates. These provisions
would put Hollywood and federal bureaucrats in charge of
restricting digital television and radio devices. Tell
Congress to reject the tech mandates and protect innovation:
<http://action.eff.org/broadcastflag>
<http://action.eff.org/audioflag>

Worse still, Stevens' bill now includes a dangerous
provision that would allow the imprisonment of webmasters
who don't litter their sites with burdensome warnings
labels. Though the proposal requires all "sexually explicit"
sites to bare these labels, it won't impact the majority of
adult websites because they are hosted outside United States
jurisdiction. Yet this proposal does damage free speech
online and violate the First Amendment, forcing sex
education, teenage advocacy groups', and other legitimate
websites to describe their lawful content inappropriately.

This provision has also sneaked into a Senate appropriations
bill. When Congress returns from recess, we'll keep you
updated on these bills and on how you can help fight them.

For the Center for Democracy and Technology's letter to
Stevens about the web labeling provision:
<http://www.cdt.org/speech/20060803labeling.pdf>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Senate Sneaks Through Cybercrime Treaty

After substantial pressure from the White House, the Senate
ratified the sweeping Convention on Cybercrime treaty.
Ratifying the Cybercrime treaty introduces not just one bad
Internet law into this country, but also invites the
enforcement of all the world's worst Internet laws.

The treaty requires that the U.S. government help enforce
other countries' "cybercrime" laws -- even if the act being
prosecuted is not illegal in the United States. Countries
that have laws limiting free speech on the Net could oblige
the FBI to uncover the identities of anonymous U.S. critics
or monitor their communications on behalf of foreign
governments. American ISPs would be obliged to obey other
jurisdictions' requests to log their users' behavior without
due process or compensation.

Instead of this one-way enforcement ratchet, Congress should
be focusing on strengthening protections for your rights.

ZDNet's Declan McCullagh on the treaty:
<http://news.zdnet.com/2100-1009_22-5973735.html>

For the original version of this post:
<http://www.eff.org/deeplinks/archives/004864.php>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Voting Security Attacked In Court Again

Despite all of our efforts to dispel the false dichotomy
between secure voting and accessible voting, a shrinking but
vocal minority of the disability rights community continues
to take steps to prevent more secure voting by claiming that
it will violate their rights. In PVA v. McPherson, a few
such groups has filed suit in federal court to force
Californians back into insecure voting systems without
verifiable paper trails. This argument was wrong when
rejected by a federal judge in 2004, and it's still wrong
now.

Secure, accessible voting can and should be our shared
goals. In fact, EFF represented the Handicapped Voters of
Volusia County (HAVOC) in Florida who insisted that their
voting systems have a paper trail. They wanted to make sure
their votes were counted as cast, too.

Many secure voting systems are also broadly accessible to
voters with disabilities.  Our favorite current solution is
the new generation of optical scan systems, led by the
AutoMARK. Another option is the voter-verified paper trail
attached to DRE electronic voting systems. While the current
crop of voter-verified e-voting systems still aren't
perfect, they are better than systems with no paper trail at
all.

EFF and a broad coalition of voting activists will likely
participate in the PVA v. McPherson case, as we did in the
similar 2004 case, Benavidez v. Shelly.

To read the complaint in PVA v. McPherson:
<http://moritzlaw.osu.edu/blogs/tokaji/PVA-Complaint.pdf>

To learn about e-voting cases:
<http://www.eff.org/Activism/E-voting/>

For the original version of this post:
<http://www.eff.org/deeplinks/archives/004863.php>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* EFF Partners with Craigslist for Nonprofit Boot Camp,
August 19

EFF is proud to partner with the Craigslist Foundation for
its 2nd Annual Nonprofit Boot Camp, a conference aimed at
fostering nonprofit leadership and collaboration. Join more
than 1,300 emerging nonprofit leaders to get educated in all
aspects of successfully starting and running a nonprofit,
find inspiration, and get connected with peers and valuable
resources.

Registration includes the conference and evening Networking
Reception, as well as breakfast, lunch, and dinner. Learn
more and register online at:
<http://www.craigslistfoundation.org/eflyer06/npbc06.htm>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Thank You, DefCon!

A huge thank you to the folks at DefCon and everyone who
participated last week in the dunk tank, parties, and other
shenanigans that raised funds for EFF. And special thanks to
Vegas 2.0 for their excellent pre-DefCon fundraising bash.
Every penny goes to keeping up the fight for your digital
rights, and, this year, we raised more funds (and had more
fun!) than ever before. We look forward to seeing you all
again next year.

For more info about DefCon:
<http://www.defcon.org/>

For more info about the Vegas 2.0 Summit:
<http://www.vegassummit.org/>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
The week's noteworthy news, compressed.

~ Going Digital
Warner announced that 11% of their sales are digital...
<http://www.recordoftheday.com/cgi-bin/rotd-mb/rotd_config.pl? 
read=84487>

~ Kicking and Screaming
... even as they still persist in suing P2P tech companies.
<http://technollama.blogspot.com/2006/08/music-industry-
sues-limewire.html>

~ Privacy Rights Clearinghouse Praised
Beth Givens gets some exposure on her excellent privacy
work...
<http://www.signonsandiego.com/news/business/ 
20060801-9999-1b1givens.html>

~ Not that Kind of Privacy Clearinghouse
...while AOL Research releases twenty million searches by
over 500,000 users.
<http://www.ipdemocracy.com/archives/2006/08/07/index.php#a001836>

~ Cybercrime Treaty Passed
Allows the global application of other nation's online
surveillance laws...
<http://news.com.com/2102-7348_3-6102354.html>

~ Hong Kong Passes New Spying Law
...allowing, one day, the harmonization of Chinese and USA
surveillance regimes?
<http://news.bbc.co.uk/1/hi/world/asia-pacific/5249708.stm>

~ A Five Minute Guide Against DRM
Linux Journal gives unvarnished arguments against digital
rights management...
<http://www.linuxjournal.com/node/1000073>

~ Committee Offers Brochure To Sell Telecom Bill
...while the Senate provides (then hastily hides) a
glamorous brochure for its DRM-laden telecom bill.
<http://www.publicknowledge.org/node/574>

~ Copyrighting Fashion
Copyright hits the fashion industry?
<http://www.publicknowledge.org/node/576>

~ Netting Net Neutrality
Hacking the Net Neutrality debate, Dan Kaminsky premieres a
tool at DefCon to detect content-biased networks.
<http://www.boingboing.net/2006/08/03/test_for_network_neu.html>

~ First to File, Last to Pass
The latest Leahy-Hatch Patent Bill takes yet another look at
patent reform.
<http://www.techdirt.com/articles/20060807/0323215.shtml>

~ Single Laugh Licensing
Meanwhile, IP lawyers show comedians how to sue over joke
infringement.
<http://living.scotsman.com/performing.cfm?id=1126262006>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
  <http://www.eff.org/>   

Editor:
Derek Slater, Activist
 derek () eff org       

Membership & donation queries:
 membership () eff org

General EFF, legal, policy, or online resources queries:
 information () eff org

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent the
views of EFF. To reproduce signed articles individually,
please contact the authors for their express permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.

Current and back issues of EFFector are available via the
Web at:
  <http://www.eff.org/effector/>

Click here to unsubscribe or change your subscription
preferences:
  http://action.eff.org/site/CO? 
i=z2cLqq3IjjBkVuB3X0tuC15RQ0mrfGpz&cid=1041

Click here to change your email address:
  http://action.eff.org/addresschange

This newsletter is printed on 100% recycled electrons.

To unsubscribe from all future email, paste the following URL into  
your browser:
http://action.eff.org/site/CO?i=JZR4nHir76dDLfJ_7-- 
PFzqRNdUhPCN9&cid=1041


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/