An Italian court in Milan has just convicted three Google executives of criminal charges. The court found them liable for an online video that they did not appear in, film, or have any role in posting, and which the company promptly removed when complaints about it were raised. The Italian court, however, still held them responsible for the video and sentenced them to suspended six-month sentences. Experts say the case sets a dangerous precedent, and could dramatically restrict online content in Italy.

Thousands of people post videos each hour on YouTube and Google Video, and various court cases have questioned whether Google, which owns YouTube, is liable for every video that infringes on someone’s copyright or is deemed offensive to its viewers. Google has argued that it’s only liable if offensive material stays up on its site despite complaints against it, and says that if the company takes complained-about videos down, it has no legal liability–like the rules it faces under U.S. law. Italy apparently disagrees.

The case pertains to a video that was posted to Google Video in 2006 showing four youths in Turin bullying a 17-year old who suffers either from Down Syndrome or autism (reports vary). The video received 12,000 views before the Italian police brought it to Google’s notice. The company immediately took it down, and Google then helped the cops find the person who uploaded it, resulting in the identification (and school expulsion) of the four bullies. But the Google executives, who include David Drummond, Google’s senior vice president and chief legal officer, and George Reyes, Google’s former chief financial officer, were charged and convicted for criminal defamation and a failure to protect the privacy of the bullied teen.

(more…)

When we last left the Lower Merion School District, its officials had circled the wagons and refused to openly discuss the lawsuit charging school administrators with remotely accessing the webcams in the laptops loaned out to students, and doing so without the students’ or their parents’ knowledge. The school stayed pretty quiet about it over the weekend, but spokesman Doug Young says that the district has suspended the practice amid the lawsuit and the accompanying protests by students, the community and privacy advocates [The New York Times].

That might not be enough to quell the swell of anger over Lower Merion’s policy. The district, which loans out Apple laptops to all it students, admits remotely activating the webcams 42 times over the course of the last 14 months, but says all of those instances were attempts to find missing or stolen computers. However, this whole fracas started after school administrators tried to use a photo taken of student Blake Robbins as evidence to corroborate charges that the young man had engaged in some sort of mischief. Robbins told CBS News that the school accused him of selling drugs and tried to back up the charge with images from the webcam.

Robbins’ parents filed suit in U.S. District Court, but that won’t be the end of Lower Merion’s legal troubles. The FBI has launched a query into the incident. Risa Vetri Ferman, the Montgomery County district attorney, said Friday that she might also investigate [ABC News].

Related Content:
80beats: Lawsuit: Webcams in School-Issued Laptops Used to Spy on Students at Home
80beats: Facebook CEO: People Don’t Really Want Privacy Nowadays, Anyway
80beats: Should Online Advertisers Be Allowed To Track Your Bedroom Habits?

Image: Wikimedia Commons / Andrew Plumb

Good idea: High school issuing laptops to its students so they can access school materials at any time. Bad idea: High school administrators using the webcams in those computers to spy on the students at home.

Ridiculous as it may sound, that’s exactly what a lawsuit (pdf) in U.S. District Court alleges a Pennsylvania school did. The parents of Blake J. Robbins sued Lower Merion School District, saying that administrators remotely accessed the webcam to spy on their son. Nowhere in any “written documentation accompanying the laptop,” or in any “documentation appearing on any Web site or handed out to students or parents concerning the use of the laptop,” was any reference made “to the fact that the school district has the ability to remotely activate the embedded webcam at any time the school district wished to intercept images from that webcam of anyone or anything appearing in front of the camera,” the complaint states [Courthouse News].

(more…)

There’s nothing like the launching a company from your college dorm room that achieves global Internet hegemony within a few years to make you think you can offer royal pronouncements about how the world has changed.

OK, so that was a bit melodramatic. But Facebook CEO Mark Zuckerberg earned some howls and guffaws in the last few days over his statements saying that, in a nutshell, people aren’t terribly interested in privacy anymore. Specifically, he said:

“In the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that’s evolved over time.”

(more…)

It’s a classic case of bolting the barn door after the horses are gone. Politicians are angry that the “crotch bomber” (who tried to blow up an airplane of Christmas day) got through airport security with his explosives undetected, and have demanded that full-body scanners be placed in all airports. So far, 19 U.S. airports are using the scanners, and the Transportation Security Administration (TSA) hopes to put hundreds more in airports across the country.

Proponents of this technology argue that it’s worth sacrificing privacy (and modesty) for safety. But in their rush to do something policymakers be ignoring five big problems with rolling out this technology:

1. Manufacturers aren’t willing to fill orders. According to a spokesperson for Smiths Detection, a manufacturer of millimeter-wave body scanners, the scanner technology has not yet been certified as fit for purpose by national governments – and manufacturers will not invest in mass production until it has [New Scientist]. Until the TSA and the European Union certify the technology, don’t expect manufactures to rush into production, seeing as how the scanners cost around $125,000 each.

2. They won’t actually catch that many threats. According to a spokesperson for QinetiQ, another body scanner manufacturer, airport body scanners would be “unlikely” to detect many of the explosive devices used by terrorist groups [BBC News]. QinetiQ said the technology probably wouldn’t have detected the Christmas day underwear bomb. Neither would the scanners have caught the explosives from the 2006 airliner liquid bomb plot, nor the explosives used in the 2005 London Tube train bombing. The body scanners aren’t very useful for detecting liquids and plastics and can only help spotlight irregularities under a person’s clothes, said the spokesperson. Singling out every irregularity for further screening will place a heavy burden on airport security (read: bring a pillow with you to the airport).

(more…)

The Christmas Day airplane bombing attempt has renewed the debate over full body scanners at airports. The Transportation Security Administration in recent years has tried out a series of “whole-body imagers” to look for threats that typical metal detectors can’t find. These systems are the only way that smuggled explosives, like the one officials say was brought on the Christmas flight, can be reliably found [Wired.com].

Privacy advocates are calling the full body scanners a “digital strip search” (take a look at this TSA image of a full body scan and you’ll get the idea). But some security advocates say that either patting down every passenger or taking full body scans are the only options to ensure certain dangerous items are kept off airplanes.

(more…)

Don’t let anyone treat you badly because of your genes. As of this weekend, it will be against the law.

The Genetic Information Nondiscrimination Act (GINA) prevents both employers and insurance companies from requiring genetic tests or from using your family’s medical history against you. The biggest change resulting from the law is that it will–except in a few circumstances—prohibit employers and health insurers from asking employees to give their family medical histories. The law also bans group health plans from the common practice of rewarding workers, often with lower premiums or one-time payments, if they give their family medical histories when completing health risk questionnaires [The New York Times]. The law also bars employers from requiring genetic testing or using such information to make decisions on hiring, firing or promoting employees.

To alleviate the privacy concerns of people that have had genetic testing, Congress stepped in and passed GINA last year. The act takes effect Nov. 21 for all employers with 15 or more employees. It applies to group health insurers whose plan years begin on or after Dec. 7, and it took effect for individual health insurance plans last May. The act does not apply to life insurers. The act would ban a company from not promoting a 49-year-old to chief executive because it knew his father and grandfather died of heart attacks at age 50 [The New York Times]. It is still legal for employers to glean information about an employee’s medical history from family obituaries, or to inquire why an employee missed work to care for a sick relative under the Family Medical Leave Act. However, it will now be illegal to use this information to somehow penalize the employee.

Related Content:
DISCOVER: Top 100 Stories of 2008 #29: A New Law Bans Genetic Discrimination
80beats: NYC Uses DNA to Indict Suspects to Be Named Later
80beats: Genetic Testing of African Refugees Raises Outcry From Scientists
80beats: DNA Sampling of Innocent-Until-Proven-Guilty People Is on the Rise

Image: flickr / IRRI Images

Many medical devices come equipped with wireless communication systems these days, allowing doctors to customize their operations or to see their patents’ information. But fitting pacemakers or implanted defibrillators with WiFi also opens the door to hackers‘ attacks. Hackers could potentially steal personal information, remotely drain batteries, or cause a dangerous malfunction, so researchers are working on ways to block them. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it [Technology Review]. The plan is to only allow access to a medical device from wireless reading devices within 10 feet, and only then after a series of authentication steps. However, in the event of an emergency, the medical device would grant access to anyone within a few inches of the device. In other words, to anyone close enough to assist.

The research team also has to consider how much power their security measures will drain from the devices, which is a not-so-trivial point for a  battery-operated pacemaker. But Claude Castelluccia, who was involved with designing the security system, said that because the device won’t respond to requests that come from outside the predetermined distance, it would also be harder for an attacker to wear down the battery by forcing it to process one request after another [Technology Review]. To test their system, researchers recently implanted a medical device in the stomach of a cow, and they’re currently shopping their patented technology to potential developers.

Related Content:
Hackers Infiltrate Pentagon’s $300 Billion Fighter Jet Project
Cyber Attack Hits Government Web Sites; North Korea Is Blamed
“Soupnazi” Hacker Pleads Guilty to Stealing Millions of Credit Card Numbers

Image: flickr / library_mistress

The self-proclaimed spam king of the Internet, Sam “Spamford” Wallace, was ordered to pay Facebook $711 million in civil damages for slinging spam on the social networking site. Wallace allegedly accessed Facebook accounts without obtaining permission, and used them to make bogus wall posts and spam the account holders’ friends. Those actions run afoul of the CAN-SPAM Act of 2003, which sets guidelines for commercial e-mails, which are enforced by the Federal Trade Commission (FTC) [PC World]. The judge also referred Wallace to the U.S. Attorney’s Office with a request that he be prosecuted for criminal contempt, which means he could actually face jail time if convicted.

If you’ve ever received an unsolicited email (and who hasn’t), chances are good that it came from Wallace’s company, Cyber Promotions, which was once the largest source of spam. So not surprisingly, this isn’t the first time Spamford has run afoul of the law. In May, 2008, MySpace won a $230 million judgment against Wallace for sending junk messages. Wallace was also fined $4 million by the Federal Trade Commission in 2006 for his excessive pop-up ads [CNN]. Officials at Facebook said they don’t expect to see much of the $711 million, seeing as how Wallace is bankrupt and may soon have to send out his spam as hand written letters from behind bars.

Related Content:
80beats: Happy 40th Birthday, Internet! (Um, Again.)
80beats: Twitter Security Breach Reveals Confidential Company Documents
80beats: Attack That Took Down Twitter May’ve Been Aimed at Just One Blogger

Image: flickr / benstein

Looking for an easy, cheap way to spy on your neighbors? Researchers are working on a device that may be just the thing, which uses a simple wireless network to “see” through a wall and detect people moving around in the room beyond. But paranoid apartment-dwellers will be glad to know that the system still has plenty of limitations. At the moment the system can only track movement within a three-foot range, and it can only sense motion–it can’t put together a picture of what or who’s moving.

The system relies on the variations of radio signals in a wireless network. The signal strength at any point in a network is the sum of all the paths the radio waves can take to get to the receiver. Any change in the volume of space through which the signals pass, for example caused by the movement of a person, makes the signal strength vary. So by “interrogating” this volume of space with many signals, picked up by multiple receivers, it is possible to build up a picture of the movement within it [Technology Review]. The paper describing the technology has been posted on the arXiv pre-print server, and has not yet been peer-reviewed.

The device could be more than a boon for voyeurs or robbers. The researchers argue that the technology could be used in search and rescue operations, with emergency teams using the same radio technology used by Wi-Fi networks to build a web of sensors around a disaster site, revealing the location of victims and survivors [Telegraph].

Related Content:
Science Not Fiction: Knight Rider: Seeing Through Walls With Infrared Glasses?
80beats: Light-Bending Scientists Take a Step Closer to Invisibility

Image: Joey Wilson and Neal Patwari

Scientists in the United Kingdom are outraged over a new program that seeks to determine asylum seekers’ nationalities through DNA and the isotopes present in their hair and fingernails. “Horrifying,” “naïve,” and “flawed” are among the adjectives geneticists and isotope specialists have used to describe the “Human Provenance pilot project,” launched quietly in mid-September by the U.K. Border Agency [Science Insider]. The experts say the tests simply aren’t accurate enough to pinpoint a person’s country of origin.

The program will be tried out on asylum seekers from the Horn of Africa, and will seek to establish whether applicants from Kenya or Ethiopia are masquerading as refugees from war-torn Somalia. Yet scientists say the Border Agency’s goals confuse ancestry or ethnicity with nationality. David Balding, a population geneticist at Imperial College London, notes that “genes don’t respect national borders, as many legitimate citizens are migrants or direct descendants of migrants, and many national borders split ethnic groups” [Science Insider].

(more…)

The 28-year-old hacker Albert Gonzalez who stole credit and debit card numbers from millions of people pleaded guilty on Friday to 19 counts of conspiracy, fraud, and aggravated identity theft. Gonzalez, also known by his handles “Soupnazi” and “Segvec,” reached a deal with the federal government on charges brought against him in Massachusetts and New York, where he and his co-conspirators stole more than 40 million card numbers from retailers like T.J. Maxx and Barnes & Noble. Gonzalez and his co-conspirators sold the numbers to others for fraudulent use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs [PC World], according to the Department of Justice.

Gonzalez faces a prison sentence of 15 to 25 years in Massachusetts and a maximum sentence of 20 years in New York, but based on the terms of his plea agreements the sentences will be served concurrently. Gonzalez also agreed to pay restitution for the loss suffered by his victims, and to forfeit more than $2.7 million, plus real estate, a 2006 BMW, a Tiffany diamond ring and Rolex watches, the DOJ said. Included in the forfeited currency is more than $1 million in cash, which Gonzalez had buried in a container in his backyard [PC World]. He’ll be sentenced in December for the Massachusetts and New York cases, but that’s far from the end of his legal troubles.

(more…)

Every time you go online, your privacy is at stake. As you surf Web sites and enter search terms, large Internet companies and ad networks are collecting data about you, your hobbies, your habits, and your purchases in order to figure out which ads to display for you next. The companies argue that this practice, known as behavioral advertising, produces ads that are far more relevant to users than simply spamming them with whatever is selling that week, but privacy advocates are concerned about the amount of data that is being collected and what might be happening with that data behind the scenes [CNET].

Earlier this year a congressional committee held hearings on the topic, and asked for input from privacy groups. On Tuesday, representatives from a range of privacy and consumer protection groups asked the House Commerce Committee to prohibit online marketers from collecting sensitive data, require them to inform users what the data is being collected for and give individuals the right to see data collected about them [Wired.com]. U.S. Representative Rick Boucher of Virginia is expected to introduce a privacy bill this fall, and privacy advocates are hopeful that he’ll incorporate their ideas.

The off-limits “sensitive data” could include information about an Internet user’s race, political activity, and sexual orientation, as well as medical and financial data. The privacy groups also said in their recommendations (pdf) that data should not be collected from any user under the age of 18, if age could be determined. They also suggest that Web sites and advertisers only retain behavioral data for 24 hours, after which they must receive consent from users or get rid of it [The Wall Street Journal], in what amounts to an “opt-in” system for consumers.

(more…)

A 28-year-old hacker has been charged in what federal prosecutors are calling the largest case of identity theft ever seen. The man, Albert Gonzalez, worked with two unnamed Russian conspirators to run wild through the computer networks of a handful of prominent corporations, including 7-Eleven, the supermarket chain Hannaford Brothers, and the payment processor Heartland Payment Center. The size of the heist—130 million credit and debit card numbers, according to prosecutors—have many people wondering: How exactly is such a massive theft carried out?

The Justice Department’s indictment (pdf) describes how Gonzales (a.k.a. “segvec” and “soupnazi,” among other aliases) and his co-conspirators pulled it off. They began the job by scanning lists of Fortune 500 companies for likely targets, and then visited retail outlets to scope out the payment systems used at checkout counters and to look for vulnerabilities. Then they would write specific codes to corrupt their data systems and launch a virus from computers in the United States and Europe to pull hundreds and thousands of credit card numbers, and sort through them using a “sniffer,” which is basically a data analysis system that decodes big chunks of information [The Atlantic].

(more…)

Young baseball players in Latin America with big dreams of coming to the United States to play in the big leagues have to do more than work on their batting and fielding these days–they may also have to prove that they are who they say they are. Baseball has been beset by a series of assumed identity scandals; for example, the young baseball phenom, Esmailyn Gonzalez, received a $1.4-million bonus when he signed with the Washington Nationals in 2006. This February, the player who was misrepresenting himself as only 19 years old turned out to be a 23-year-old by the name of Carlos David Alvarez Lugo [Scientific American].

To combat the problem, Major League Baseball investigators have begun giving DNA tests to some prospects to determine whether they are actually related to the people they identify as their parents, and aren’t just borrowing them along with the birth certificate of a younger man. A statement from Major League Baseball said that it used DNA testing in the Dominican Republic “in very rare instances and only on a consensual basis to deal with the identity fraud problem that the league faces in that country.” The statement added that the results of the tests were not used for any other purpose [The New York Times]. But the testing raises ethical questions, and could even be declared illegal when a new law takes effect later this year.

(more…)