TechImpact / it happens there first

While I am certain there will be more prolific evaluations on the legality of this situation on Groklaw or you can read and evaluate the docket yourself, I feel compelled to look at the potential repercussions of the recent Viacom v Google ruling. For those who are not aware, a judge has just ordered Google to hand over every record of every user who has ever watched video on YouTube. This includes IP address ( the address that identifies your computer on the internet ), as well as login details. That's right, personally identifiable information being handed over to a third party.

To consider the badness of this action, you have to realize that Google does not just host search and video services. Many of us have used them for web analytics for our own sites, ad sense, and online shopping. No the court is not asking to hand over all of that data, but in an era where cds with thousands of credit cards and laptops with pension account information are lost or stolen on a daily basis, it suddenly makes all of that information we have left in Google's databases a lot more insecure. The login information in the logs more than likely does not include a password, but even a username can cut the brute force time of a hack in half. Not to mention that a lot of people still use dictionary based passwords -- and these logs are suddenly a walking time bomb in insecure hands.

What's worse, is that the place we have entrusted this information to, isn't the one at fault for its dissemination, its the courts fault.

As a side note, the EFF has written briefs requesting that this extreme breach of privacy not be pursued, but given the desperation of everyone involved in entertainment industry, I feel those requests have found deaf ears.

by Chris Gamble

InfoWorld reports that a new bill is in the Senate to combat spyware ... or does it?

S. 1625 named the Counter Spy Act prohibits taking over computers with zombies or to take information for identify theft. Except these new rules for our safety (which are already illegal under other bills)

"do not apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by or at the direction of a telecommunications carrier, cable operator, computer hardware or software provider, financial institution or provider of information services or interactive computer service..." -- (Section 6a)

And of course the 10th commandment or exemption provides for these activites when used for "(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."

Info World provides a much more in-depth legal analysis, but for the purposes of IT management and security, this does not bode well.

Consider #1 -- Vendor at the end of its life and running out of cash. Given the choice of going out of business peacefully, or start dragging your customers through the muck -- what would most companies choose. Now consider this, would you as an IT professional want them to have that choice?

Consider #2 -- The latest BSA program to check copyrights had perforated your network. This is quite legal under this new law, but as no software is perfect, it has been piggy backed by a malicious hacker. There is no option to sue the BSA, and we can only hope that the hacker is in a country with extradition.

Consider #3 -- Your vertical market software is supported via an off-shore support contract. Your American vendor has every right to watch your network, but what ethics is their foreign vendor obligated to?

Not sure about you, but just those three scare the hell out of me -- and would cause grave concern in any lapel flag wearing Senator. So why has this thing progressed so far?

by Chris Gamble