[ remailer ]

The American Hospital Association will host two teleconference calls to explain the proposed changes to federal rules regarding their obligation to protect the patient medical records privacy. Among the proposed changes are new rules third parties who may gain access to or collect patient information must protect patient privacy. Many non-health care providing entities that collect medical information claim to be "HIPAA compliant," which means they elect to adopt policy that reflect federal regulations that HIPAA covered entities must follow. AHA to Explain Proposed Privacy Rule

The American Hospital Association will host two teleconference calls to explain the proposed changes to federal rules regarding their obligation to protect the patient medical records privacy. Among the proposed changes are new rules third parties who may gain access to or collect patient information must protect patient privacy. Many non-health care providing entities that collect medical information claim to be "HIPAA compliant," which means they elect to adopt policy that reflect federal regulations that HIPAA covered entities must follow.

AHA to Explain Proposed Privacy Rule

[+]

iPhone SDK changes would restrict access to customer personal data collected by third party applications that had been sharing customer data with analytics companies. Apple's privacy policy outlines the purpose for data collection, retention, use, and limitations on sharing to purposes related to the product or services sought by customers. It further states that the company "safeguard[s] your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction." The Apple statement on the issue suggests that application developers for the Apple iPhone possibly used code from existing application developer programs, which contained third party data sharing instructions. Jobs: iPhone ad SDK changes for user privacy, not anti-competitive, Daniel Eram Dilger, Apple Insider, June 2, 2010

iPhone SDK changes would restrict access to customer personal data collected by third party applications that had been sharing customer data with analytics companies. Apple's privacy policy outlines the purpose for data collection, retention, use, and limitations on sharing to purposes related to the product or services sought by customers. It further states that the company "safeguard[s] your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction." The Apple statement on the issue suggests that application developers for the Apple iPhone possibly used code from existing application developer programs, which contained third party data sharing instructions.

Jobs: iPhone ad SDK changes for user privacy, not anti-competitive, Daniel Eram Dilger, Apple Insider, June 2, 2010

[+]

Senators Schumer (D-NY) and Cornyn (R-TX) introduced the Mobile Device Identification Act that if passed would require all pre-paid phone users to provide an ID as a condition of purchase. The bill targets users of pre-paid cellphones and would require phone companies to keep the information on file, as they are required do now for land line users. Abuse of telephone land line users' call detail information of the past include pretexting, where individuals pretending to be the user gains access to information or the warrantless wiretapping by the National Security Agency raise questions regarding the protection of the data collected. The bill is a reaction to the Time Square attempted car bomb attacker who used a pre-paid cellphone to purchase the car. New proposal would require identification to buy prepaid cellphones, By Ellen Nakashima, Washington Post, Wednesday, May 26, 2010; 4:00 PM

Senators Schumer (D-NY) and Cornyn (R-TX) introduced the Mobile Device Identification Act that if passed would require all pre-paid phone users to provide an ID as a condition of purchase. The bill targets users of pre-paid cellphones and would require phone companies to keep the information on file, as they are required do now for land line users. Abuse of telephone land line users' call detail information of the past include pretexting, where individuals pretending to be the user gains access to information or the warrantless wiretapping by the National Security Agency raise questions regarding the protection of the data collected. The bill is a reaction to the Time Square attempted car bomb attacker who used a pre-paid cellphone to purchase the car.

New proposal would require identification to buy prepaid cellphones, By Ellen Nakashima, Washington Post, Wednesday, May 26, 2010; 4:00 PM

[+]

From NPR: Based on surveys Barnes collected, the top five worries of parents are, in order: Kidnapping School snipers Terrorists Dangerous strangers Drugs But how do children really get hurt or killed? Car accidents Homicide (usually committed by a person who knows the child, not a stranger) Abuse Suicide Drowning Why such a big discrepancy between worries and reality? Barnes... [+]

If you're a typical wired American, you've got a bunch of tech tools you like and a bunch more you covet. You have a cell phone that can easily text. You've got a laptop configured just the way you want it. Maybe you have a Kindle for reading, or an iPad. And when the next new thing comes along, some... [+]

Back in 2007, I wrote an essay, "Portrait of the Modern Terrorist as an Idiot," where I said: The JFK Airport plotters seem to have been egged on by an informant, a twice-convicted drug dealer. An FBI informant almost certainly pushed the Fort Dix plotters to do things they wouldn't have ordinarily done. The Miami gang's Sears Tower plot was... [+]

Trailrunner7 writes "Threatpost has a guest column by Robert Hansen (aka Rsnake) about the long-term effects of snake-oil security products. 'I've talked about this a few times over the years during various presentations but I wanted to document it here as well. It's a concept that I've been wrestling with for 7+ years and I don't think I've made any headway in convincing anyone, beyond a few head nods. Bad security isn't just bad because it allows you to be exploited. It's also a long term cost center. But more interestingly, even the most worthless security tools can be proven to "work" if you look at the numbers.'" Read more of this story at Slashdot. Trailrunner7 writes "Threatpost has a guest column by Robert Hansen (aka Rsnake) about the long-term effects of snake-oil security products. 'I've talked about this a few times over the years during various presentations but I wanted to document it here as well. It's a concept that I've been wrestling with for 7+ years and I don't think I've made any headway in convincing anyone, beyond a few head nods. Bad security isn't just bad because it allows you to be exploited. It's also a long term cost center. But more interestingly, even the most worthless security tools can be proven to "work" if you look at the numbers.'"

Read more of this story at Slashdot.

[+]

CWmike writes "Hewlett-Packard is reported to be suing former CEO Mark Hurd, who was named co-president of rival Oracle on Monday. The Wall Street Journal first reported the news, and has now posted the full text of the suit on Google Docs. Among other things, it says, 'In his new positions, Hurd will be in a situation in which he cannot perform his duties for Oracle without necessarily using and disclosing HP's trade secrets and confidential information to others.'" Read more of this story at Slashdot. CWmike writes "Hewlett-Packard is reported to be suing former CEO Mark Hurd, who was named co-president of rival Oracle on Monday. The Wall Street Journal first reported the news, and has now posted the full text of the suit on Google Docs. Among other things, it says, 'In his new positions, Hurd will be in a situation in which he cannot perform his duties for Oracle without necessarily using and disclosing HP's trade secrets and confidential information to others.'"

Read more of this story at Slashdot.

[+]

Trailrunner7 writes "The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country's top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task. 'We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,' Alexander said. 'The challenge before us is large and daunting. But we have an obligation to meet it head-on.' It's unlikely that any of Alexander's comments Tuesday will do much to quiet the criticisms of the Obama administration's security efforts thus far. Speaking mostly in generalities, Alexander emphasized the administration's commitment to the Comprehensive National Cybersecurity Initiative, a plan developed by the Bush administration and recently partially de-classified by Obama administration officials." Read more of this story at Slashdot. Trailrunner7 writes "The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country's top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task. 'We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,' Alexander said. 'The challenge before us is large and daunting. But we have an obligation to meet it head-on.' It's unlikely that any of Alexander's comments Tuesday will do much to quiet the criticisms of the Obama administration's security efforts thus far. Speaking mostly in generalities, Alexander emphasized the administration's commitment to the Comprehensive National Cybersecurity Initiative, a plan developed by the Bush administration and recently partially de-classified by Obama administration officials."

Read more of this story at Slashdot.

[+]

Australia has rejected mandatory use of censorware in an effort to stop child pornography. Sayeth Communications Minister Helen Coonan: "The biggest issue is not so much the money but such an expensive scheme would not necessarily solve the problem and small to medium ISPs (internet service providers) would be driven out of business for little or no benefit," Senator Coonan said. "What does work is greater information and parental supervision and that is the kind of program that the government is promoting." Australia has rejected mandatory use of censorware in an effort to stop child pornography. Sayeth Communications Minister Helen Coonan:

"The biggest issue is not so much the money but such an expensive scheme would not necessarily solve the problem and small to medium ISPs (internet service providers) would be driven out of business for little or no benefit," Senator Coonan said. "What does work is greater information and parental supervision and that is the kind of program that the government is promoting."

[+]

BoingBoing has a story today on how Microsoft's new blogging tool, MSN Spaces, does word-based blocking of your blog entries. Sad and funny. I saw two stories in the blogosphere today on MSN Spaces -- one a video demo of how to post to it, which I yawned past, and this censorship story, which I'm, well, blogging myself. BoingBoing has a story today on how Microsoft's new blogging tool, MSN Spaces, does word-based blocking of your blog entries. Sad and funny. I saw two stories in the blogosphere today on MSN Spaces -- one a video demo of how to post to it, which I yawned past, and this censorship story, which I'm, well, blogging myself.[+]

As reported by Eric Umansky: Two Army spokespeople have now explained to me that it is indeed the Army’s intention to purposely block service-members from viewing non-Pentagon casualty sites. (Other services apparently have similar policies and do use filtering software.) As reported by Eric Umansky:

Two Army spokespeople have now explained to me that it is indeed the Army’s intention to purposely block service-members from viewing non-Pentagon casualty sites. (Other services apparently have similar policies and do use filtering software.)

[+]

This morning, the Third Circuit Court of Appeals in Philadelphia issued its highly anticipated ruling in a hotly contested cell phone location privacy case. EFF filed a friend-of-the-court brief and participated at oral argument in the case, arguing that federal electronic privacy law gives judges the discretion to deny government requests for cell phone location data when the government fails to show probable cause that a crime has been committed. The Third Circuit today agreed with EFF, holding that federal law allows judges the discretion to require that the government obtain a probable cause search warrant before accessing cell phone location data. The Court further agreed with EFF that location information that can be used to demonstrate or infer that someone or something was in a private space such as the home may be protected by the Fourth Amendment, rejecting the government's argument that the privacy of location records held by phone companies is never constitutionally protected. Although the court did not definitively rule on the Fourth Amendment status of cell phone location information, it made clear that under some circumstances the privacy of such data could be constitutionally protected, and that judges have the discretion to require a warrant to avoid potentially unconstitutional seizures of location data. The appeals court has remanded the case back to the original magistrate judge that initially denied the government's request to obtain cell phone location data without probable cause, asking the lower court to shore up its original decision with new fact-finding into the government's need for the requested data and the precision of that data in identifying a person's location. EFF looks forward to participating in those proceedings and opposing any attempt by the government to appeal today's decision. Thanks to our colleagues at the Center for Democracy and Technology, the American Civil Liberties Union and the ACLU of Pennsylvania for participating with us as friends-of-the-court in this case, and special thanks to Professor Susan Freiwald of the University of San Francisco Law School, who also submitted a brief and participated at oral argument along with EFF's Kevin Bankston. [+]

Copyright trolls are nothing new, and Righthaven is just the latest group of lawyers to try to turn copyright litigation into a business model. What these lawyers have in common is that they seek to take advantage of copyright's draconian damages in order to bully Internet users into forking over money. To anyone who has watched the file-sharing lawsuits of the last few years or the current BitTorrent cases brought by a DC law firm, the Righthaven saga is developing into a familiar, unfortunate story. It also has some especially troubling twists. The basic pattern: Righthaven has brought over a hundred lawsuits in Nevada federal court claiming copyright infringement. They find cases by (a) scouring the Internet for parts of newspaper stories posted online by individuals, nonprofits, and others, (b) buying the copyright to that particular newspaper story, and then (c) proceeding to sue the poster for copyright infringement. Like the RIAA and USCG before them, Righthaven is relying on the fact that their victims may face huge legal bills through crippling statutory damages and the prospect of paying Righthaven's legal fees if they lose the case. Consequently, many victims will settle with Righthaven for a few thousand dollars regardless of their innocence, their right to fair use, or other potential legal defenses. However, Righthaven is unlike other copyright trolls in some key ways: Righthaven is going after bloggers using text news stories for comment or discussion. Many lawsuit targets are using the newspaper articles to augment discussions about current events. Reposting all or part of news stories is part and parcel of digital commentary and discussion and usually the goal of the reposting is to share the uncopyrightable facts included in the article, not the copyrighted expression, like the specific turns of phrase used by the author. By targeting news, Righthaven's lawsuits could have a chilling effect on individuals' attempts to engage their communities in free and open discussion. Righthaven is fighting the basic mode of Internet debate. Other copyright trolls have involved controversy over file-sharing programs and encoded digital media, like music and movies. But Righthaven is taking aim at folks who are using elementary "copy & paste" functionalities. Online discussion survives and thrives on showing others the original text before adding a commentary or response. Accurate quoting is a virtue of Internet discussion that can minimize mischarcterization and support progress in a debate. Righthaven lawsuits are demanding that courts freeze and transfer the defendants' domain names. Imagine if a single copyright infringement on Huffingtonpost.com or Redstate.com could result in forfeiture of the entire domain. Effectively asking for control of all of a website's existing and future content -- instead of only targeting the allegedly infringing material -- is an overreaching remedy for a single copyright infringement not validated by copyright law or any legal precedent. This also indicates that the attorneys are willing to make overreaching claims in order to scare defendants into a fast settlement. Righthaven goes straight for litigation. Righthaven isn't sending cease and desist letters or DMCA takedown notices that would allow the targeted bloggers or website operators to remove or amend only the news articles owned by Righthaven. Instead, Righthaven starts with a full-fledged lawsuit in federal court with no warning. It's sue first and ask questions later, which smacks of a strategy designed to churn up legal costs and intimidate defendants into paying up immediately, rather than a strategy aimed at remedying specific copyright infringements. Righthaven is claiming that its activities are intended to have a "deterrent effect" on the reposting of news stories online, but it's hard to resist viewing Righthaven's actions as purely business-related. In addition to the sharp legal tactics discussed above, Righthaven appears to only buy copyrights that it believes can be used for lawsuits and otherwise has no involvement in the practice of journalism. Righthaven also appears to be soliciting other newspapers to sign on with it. But newspaper publishers who think that suing bloggers a story at a time will save journalism are sorely mistaken. Newspaper publishers have actually been having meaningful discussions about innovative business models to support real journalism. Sadly, Righthaven -- if it continues to attract clients -- threatens to derail those conversations with a sideshow proven to distract from progress. But no matter where a newspaper may stand on the debate about journalism's future, we think it is abundantly clear that a "sue the audience" tactic is nowhere near worth considering. Newspapers should resist the temptation to put themselves into the same position as the music industry circa 2004, where futile lawsuits distracted them from the incorporating new technology and creating new ways to market product to fans. EFF is watching Righthaven and other copyright trolls closely for overbroad tactics that hurt free speech and fair use, and abuse the legal system. We're looking for good cases to defend and will deliver more news and analysis as the issue develops. [+]

San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of public interest groups and law professors have asked a California appeals court to protect craigslist from a lawsuit that could spur websites to be less helpful in responding to complaints about user behavior. In Scott P. v. craigslist, Inc., the plaintiff complained about a series of craigslist ads he said were written by impersonators. While craigslist removed the ads within minutes of his phone calls, the plaintiff sued, contending that craigslist broke a promise to "take care of it" when the impersonators posted additional ads. In cases like these, federal law -- specifically Section 230 of the Communications Decency Act -- shields Internet forums like craigslist from liability. Section 230 was designed to encourage parties to pursue action against those who created the questionable content instead of the platform that hosted it. But the California Superior Court has ruled that this case can continue because of the plaintiff's allegations that craigslist said it would help. Craigslist filed a writ petition with the Court of Appeal for the State of California Wednesday, arguing that the trial court should have dismissed the case because of Section 230's protections for forum hosts. In an amicus letter filed today in support of craigslist, EFF argues that the lower court reasoning could create a hole in Section 230, discouraging forum owners from helping users. "Section 230 was a deliberate effort by Congress to encourage service providers to find innovative ways to self-regulate," said EFF Senior Staff Attorney Kurt Opsahl. "Yet craigslist is facing the prospect of extended litigation because it tried to do just that. Allowing this litigation to continue could result in websites being less helpful to users with complaints." Additionally troublesome is the specter of further lawsuits, which could convince other Internet innovators not to host user content at all. "Congress created Section 230 to allow for online interactivity without a flood of lawsuits. But this case could undermine the immunity that the law created," said Opsahl. "If litigation can survive merely because a plaintiff asserts that the site made a vague promise, sites may decide that allowing comments or user generated content is not worth the legal exposure. Then we'll lose the vibrant online environment that Section 230 helped create in the first place." Joining EFF in the letter to court were the Center for Democracy and Technology, the Citizen Media Law Project, and law professors Eric Goldman, David S. Levine, David G. Post, and Jason Schultz. Separately, a group of Internet companies, including Yahoo!, Amazon, Facebook, Twitter, Google and Linkedin filed another amicus brief in support of craigslist. For the full amicus letter: http://www.eff.org/files/filenode/craigslist_v_sup/EFFletter9210.pdf For more on this case: http://www.eff.org/cases/craigslist-v-superior-court-california Contact: Kurt Opsahl Senior Staff Attorney Electronic Frontier Foundation kurt@eff.org [+]