Social Transmission and Viral Culture, by Jonah Berger, assistant professor of Marketing and Katherine L. Milkman, assistant professor of Operations and Information Management at the Wharton School, University of Pennsylvania.

Anatomy of a Large-Scale Social Search Engine, by Damon Horowitz and Sepandar D. Kamvar [via Abi Morgan]

The quarterly APWG (AntiPhishing Working Group) Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by email submissions. APWG also measures the evolution, proliferation and propagation of crimeware drawing from the research of our member companies. In the last half of this report you will find tabulations of crimeware statistics and related analyses."

Follow up to previous postings on Follow up to previous postings on missing White House emails during Bush administrations, from the National Security Archive: "Pursuant to a settlement reached between the National Security Archive and the White House Executive Office of the President (EOP), the White House today issued a letter describing critical aspects of the EOP unclassified network e-mail preservation and archiving system now used in the White House. Among other specifics, the letter describes:

• Automated capture and preservation of all e-mail and Blackberry messages sent or received on the EOP’s unclassified network;
  
• Documents segregated into component-specific repositories and broad search capabilities that improve the ability to find e-mail records in response to legal or administrative needs;
  
• Blocking of access to personal and external Web-based e-mail systems from White House unclassified workstations;
  
• Controls against unauthorized deletion of e-mails and an accounting of any deleted e-mails;
  
• Systematic emergency recovery backups of the system; and
  
• Automatically generated audit reports and system health-check dashboard reports to assist in the identification of problems."

Annual Report PandaLabs 2009

The New York Review of Books - Who's in Big Brother's Database? By James Bamford - The Secret Sentry: The Untold History of the, National Security Agency, by Matthew M. Aid, Bloomsbury.

News release: "Today, Citizens for Responsibility and Ethics in Washington (CREW) and the National Security Archive (NSA) reached a final settlement of their long-running lawsuits challenging the failure of the Bush White House and the National Archives and Records Administration (NARA) to take any action after confronted with evidence that millions of emails had gone missing from Bush White House servers over a two and one-half year period. The lawsuits followed CREW’s revelation in April 2008 that the White House had discovered the problem in the fall of 2005. Nevertheless, the Bush White House failed to recover or restore the missing emails and knowingly continued to use a broken system for preserving electronic records. Under the terms of the settlement, the Executive Office of the President (EOP) will restore a total of 94 days of missing emails, which will then be sent to NARA for preservation and eventual access under either the Presidential Records Act or the Federal Records Act."

Official Google Blog: "In an effort to provide you with greater transparency and control over their own data, we've built the Google Dashboard. Designed to be simple and useful, the Dashboard summarizes data for each product that you use (when signed in to your account) and provides you direct links to control your personal settings. Today, the Dashboard covers more than 20 products and services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude and many more. The scale and level of detail of the Dashboard is unprecedented, and we're delighted to be the first Internet company to offer this — and we hope it will become the standard. [Includes a quick video] to learn more and then try it out for yourself at www.google.com/dashboard."

National Law Journal: "The economy has employers extra jittery about company secrets getting out, so nervous that they're hiring staff just to monitor outbound e-mails. That's the conclusion of a recent study by Proofpoint, an Internet security and data loss prevention company, which found that 38 percent of large U.S. employers are monitoring outbound e-mail to prevent data leaks, up from 29 percent in 2008."

UK Cybercrime Report 2009

Peek: Mobile E-Mail On A Budget - Conrad J. Jacoby discusses his experiences using the Peek mobile e-mail device (Time Magazine's 2008 Gadget of the Year), which he believes is genuinely useful and an excellent value for its cost.

In following this January 9, 2009 memo, Legal Issues Relating to the Testing, Use and Deployment of an Intrusion-Detection System (EINSTEIN 2.0) to Protect Unclassified Computer Networks in the Executive Branch, this DOJ memo released September 18, 2009: Legality of Intrusion-Detection System To Protect Unclassified Computers Networks In Executive Branch - "Operation of the EINSTEIN 2.0 intrusion-detection system complies with the Fourth Amendment to the Constitution, title III of the Omnibus Crime Control and Safe Streets Act of 1968, the Foreign Intelligence Surveillance Act, the Stored Communications Act, and the pen register and trap and trace provisions of chapter 206 of title 18, United States Code, provided that certain log-on banners or computer-user agreements are consistently adopted, implemented, and enforced by executive departments and agencies using the system. Operation of the EINSTEIN 2.0 system also does not run afoul of state wiretapping or communications privacy laws."

Boston.com: "Mayor Thomas M. Menino’s administration, prompted by public records requests from the Globe, has acknowledged that city employees were routinely deleting e-mails, a potential violation of the state public records law. The acknowledgement came after the Globe filed several requests for e-mails sent and received by Menino’s Cabinet chief of policy and planning, Michael J. Kineavy. He is one of Menino’s most powerful and trusted advisers, intimately involved in nearly everything at City Hall, but a search of city computers found just 18 e-mails he had sent or received between Oct. 1, 2008, and March 31 of this year. The unusually low figure prompted administration officials to question him about what happened to the rest of the e-mails he was presumably sending and receiving during that period. Kineavy, who is also one of the mayor’s chief political advisers and a strategist on Menino’s reelection campaigns since 1993, told them that he deletes all his e-mails on a daily basis, in such a way that they are not saved on city backup computers, administration officials said."

Official Gmail Blog: "Gmail's web interface had a widespread outage [September 1, 2009], lasting about 100 minutes. We know how many people rely on Gmail for personal and professional communications, and we take it very seriously when there's a problem with the service. Thus, right up front, I'd like to apologize to all of you — today's outage was a Big Deal, and we're treating it as such. We've already thoroughly investigated what happened, and we're currently compiling a list of things we intend to fix or improve as a result of the investigation."

Google Apps Status Dashboard: "This page offers performance information for Google Apps services. Unless otherwise noted, this status information applies to consumer services as well as services for organizations using Google Apps."

Via Slate: Seeking How the brain hard-wires us to love Google, Twitter, and texting. And why that's dangerous, by Emily Yoffe. "...Actually all our electronic communication devices—e-mail, Facebook feeds, texts, Twitter—are feeding the same drive as our searches. Since we're restless, easily bored creatures, our gadgets give us in abundance qualities the seeking/wanting system finds particularly exciting...If humans are seeking machines, we've now created the perfect machines to allow us to seek endlessly."

DoD Web 2.0 Guidance Forum - Value of Web 2.0 Capabilities: "In examining how the Department of Defense should take maximal advantage of Web 2.0 capabilities (including social networking services, social media, wikis, blogs, RSS feeds, etc.), we are looking at how Web 2.0 capabilities can be used to improve current and future Department operations. Operations in this sense include both broad business and warfighting processes. Specifically, we are looking for insight from various Defense interest groups and think tanks, including Veterans groups, industry groups and individuals who have insights they can share regarding how Web 2.0 capabilities can be used to transform how the Defense Department operates."

News release: "House Judiciary Committee Chairman John Conyers, Jr. (D-Mich.) today released over 700 pages of on-the-record interview transcripts of Karl Rove and Harriet Miers on the U.S. attorney firings and the Bush administration’s politicization of the Department of Justice. Conyers also released over 5,400 pages of Bush White House and Republican National Committee e-mails on these subjects. The released materials reveal that White House officials were deeply involved in the U.S. attorney firings and the administration made a concerted effort to hide that fact from the American people. "After all the delay and despite all the obfuscation, lies, and spin," Conyers said, "this basic truth can no longer be denied: Karl Rove and his cohorts at the Bush White House were the driving force behind several of these firings, which were done for improper reasons. Under the Bush regime, honest and well-performing U.S. attorneys were fired for petty patronage, political horsetrading and, in the most egregious case of political abuse of the U.S. attorney corps.."
Interviews of White House Officials

• Rove Interview
  
• Miers Interview
  
• White House Documents
  
• RNC Documents
  
• Related postings on U.S. Attorney firings

Follow up to July 28, 2009 posting New Data On Cell Phone Use and Driving Distraction, news today that Illinois became the 17th state to ban text messaging while driving.

News release: "The U.S. Postal Service ended its third quarter (April 1 – June 30) with a net loss of $2.4 billion, including a non-cash adjustment that increased workers’ compensation expense by $807 million. Ongoing electronic diversion and the widespread economic recession continued to reduce mail volume, resulting in a $1.6 billion decrease in revenue for the quarter. Despite cost reductions against the fiscal 2009 plan of more than $6 billion and actions to grow revenue, the Postal Service (USPS) projects a net loss of more than $7 billion at fiscal year-end. The organization’s financial situation is compounded by its obligation to pay $5.4 billion to $5.8 billion annually to prefund retiree health benefits. This requirement, established in the Postal Accountability and Enhancement Act of 2006, is an obligation that no other government agency has to pay."

Wireless Internet Use, by John Horrigan, July 22, 2009

News release: "The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice [on June 24, 2009], demanding the public release of the surveillance guidelines that govern investigations of Americans by the Federal Bureau of Investigation (FBI). The FBI's Domestic Investigative Operational Guidelines went into effect in December of 2008 and detail the Bureau's procedures and standards for implementing the Attorney General's Guidelines on approved surveillance strategies...The FBI's general counsel has acknowledged that "the expansion of techniques available [to the Bureau] has raised privacy and civil liberties concerns." Investigations can include the electronic collection of information from online sources and computer databases, as well as the use of grand jury subpoenas to obtain telephone and email subscriber information. Other recent policy changes allow the FBI to engage in free-ranging investigation of Internet sites, libraries, and religious institutions." [Darlene Fichter]

Review of HTC Magic (G2) vs iPhone 3G (and 3G S): Techie expert extraordinaire Nicholas Moline compares the upcoming T-Mobile G2 (HTC Magic) with the iPhone 3G, which has the new iPhone 3.0 Software. Nick ran detailed and thorough tests of each Smartphone's usability and functionality, and he highlights the respective range of features, including bar code readers, removable memory, cameras, GPS, touchscreens, email, web access, and lots more. He also shares his thoughts about which gadget delivers the best applications for users.

2009 Trust, Security & Passwords Survey Research Brief: "This global "snooping" survey is the third in a series of benchmark studies focused on identifying security and privacy trends among IT workers. Results are intended to raise awareness about the risks associated with powerful, and often unmanaged, privileged users and passwords. While seemingly innocuous, these accounts provide workers with "keys to the kingdom," allowing them to access critically sensitive information, no matter where it resides."

News release: "Six federal agencies issued a set of frequently asked questions (FAQs) today to help financial institutions, creditors, users of consumer reports, and issuers of credit cards and debit cards comply with federal regulations on identity theft and discrepancies in changes of address. The “Red Flags and Address Discrepancy Rules,” which implement sections of the Fair and Accurate Credit Transactions Act of 2003, were issued jointly on November 9, 2007, by the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), Office of Thrift Supervision (OTS), and Federal Trade Commission (FTC)."

News release: "A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet."

URL shorteners, such as TinyURL, bit.ly and notlong.com allow users to share and post links in a quicker manner with less likelihood of misdirection. They also add an intermediary between the reader and the site of origin, and the risk of countless dead links if and when the business model of the respective services ceases to sustain a viable return.

News release: " The Online Trust Alliance (OTA) gave leading government agencies and online retailers a failing grade in preventing deceptive email and phishing scams based on its newly released analysis of email authentication adoption. While adoption has grown over the past year, OTA found approximately 56 percent of the top .gov sites – including Whitehouse.gov, FBI.gov, Treasury.gov and DHS.gov – still are not protecting U.S. citizens through the use of email authentication. At the same time, progress has been made by other government agencies including the Census Bureau, CIA, FDIC, VA and FTC."

• Top 25 Government Domains Report Card
  
• Internet Retailer 300 Report Card
  
• OTA email authentication resources

E-Discovery Update: E-Discovery in the $50,000 Case - Conrad J. Jacoby's focus for this column is smaller legal disputes that may involve electronic evidence, including divorce proceedings and child custody matters, as well as criminal cases, all of which may require review of cell phone call records, SMS and e-mail exchanges.

"The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a one-year period. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The fourteenth version of the report, released April 14, 2009, is now available."

"In December 2003, the Internet Fraud Complaint Center (IFCC) was renamed the Internet Crime Complaint Center (IC3) to better reflect the broad character of such criminal matters having a cyber (Internet) nexus. The 2008 Internet Crime Report is the eighth annual compilation of information on complaints received and referred by the IC3 to law enforcement or regulatory agencies for appropriate action. From January 1, 2008 – December 31, 2008, the IC3 website received 275,284 complaint submissions. This is a (33.1%) increase when compared to 2007 when 206,884 complaints were received. These filings were composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet."

News release: "The Internal Revenue Service issued its 2008 list of the 12 most egregious tax schemes and scams, highlighted by Internet phishing scams and several frivolous tax arguments. Topping this year’s list of scams is phishing, which encompasses numerous Internet-based ploys to steal financial information from taxpayers. New to the “Dirty Dozen” this year is a scheme, which IRS auditors discovered, that relates to unreasonable and/or excessive fuel tax credit claims."

Collaboration Through Wikis at Hicks Morley - Heather Colman explains how wikis were an ideal KM solution for her law firm. Quick and easy to set up, requiring little IT support, wikis support central data repositories and provide features including search capabilities, email, RSS, and also allow users to create a taxonomy of subject tags to classify information.

News release: "Over half of the adult internet population is between 18 and 44 years old. But larger percentages of older generations are online now than in the past, and they are doing more activities online, according to surveys taken from 2006-2008. Contrary to the image of Generation Y as the "Net Generation," internet users in their 20s do not dominate every aspect of online life. Generation X is the most likely group to bank, shop, and look for health information online. Boomers are just as likely as Generation Y to make travel reservations online. And even Silent Generation internet users are competitive when it comes to email (although teens might point out that this is proof that email is for old people)."

Intel: "On January 28, 2009, the United States, Canada, and 27 European countries will celebrate Data Privacy Day together for the second time. Designed to raise awareness and generate discussion about data privacy practices and rights, Data Privacy Day activities in the United States have included privacy professionals, corporations, government officials, and representatives, academics, and students across the country. One of the primary goals of Data Privacy Day is to promote privacy awareness and education among teens across the United States. Data Privacy Day also serves the important purpose of furthering international collaboration and cooperation around privacy issues."

"Welcome to the new WhiteHouse.gov. A short time ago, Barack Obama was sworn in as the 44th president of the United States and his new administration officially came to life. One of the first changes is the White House's new website, which will serve as a place for the President and his administration to connect with the rest of the nation and the world.

Millions of Americans have powered President Obama's journey to the White House, many taking advantage of the internet to play a role in shaping our country's future. WhiteHouse.gov is just the beginning of the new administration's efforts to expand and deepen this online engagement. Just like your new government, WhiteHouse.gov and the rest of the Administration's online programs will put citizens first. Our initial new media efforts will center around three priorities:

Communication...This site will feature timely and in-depth content meant to keep everyone up-to-date and educated. Check out the briefing room, keep tabs on the blog (RSS feed) and take a moment to sign up for e-mail updates from the President and his administration so you can be sure to know about major announcements and decisions.

Transparency...The President's executive orders and proclamations will be published for everyone to review, and that’s just the beginning of our efforts to provide a window for all Americans into the business of the government. You can also learn about some of the senior leadership in the new administration and about the President’s policy priorities.

Participation...One significant addition to WhiteHouse.gov reflects a campaign promise from the President: we will publish all non-emergency legislation to the website for five days, and allow the public to review and comment before the President signs it."

Follow up to previous postings on missing White House emails, today's news release: "At a hearing today concerning the risks posed by the presidential transition to the recovery of millions of missing e-mails from the Executive Office of the President (EOP) in the National Security Archive's lawsuit seeking restoration of those e-mails, the White House acknowledged that it has done little to recover e-mail files from computer workstations and nothing to collect external media storage devices that could hold e-mails. These admissions came despite the issuance of a report and recommendation in April 2008 by a federal magistrate judge calling for the White House to locate and preserve data from the workstations and external media storage devices. Earlier today the court issued an order requiring steps to be taken to secure files from individual computer workstations, memory sticks, zip drives, DVDs and CDs."

Metadata - What Is It and What Are My Ethical Duties?: Jim Calloway explains why every lawyer needs to understand a few basic things about metadata. He contends that the legal ethics implications of metadata “mining” are no longer just of interest to the lawyers processing electronic discovery, or the ethics mavens.

Editorial - Exit Stonewalling: "...E-mail messages that have gone suspiciously missing are estimated to number in the millions. These could illuminate some of the administration’s darker moments, including the lead-up to the Iraq war, when intelligence was distorted, the destruction of videotapes of C.I.A. torture interrogations, and the vindictive outing of the C.I.A. operative Valerie Plame Wilson. The deep-sixed history also includes improper business conducted by more than 50 White House appointees via e-mail at the Republican Party headquarters. Historians and archivists are suing the administration. We should be grateful for their efforts. Entire days of e-mail records have turned up conveniently blank at the offices of President Bush and Vice President Dick Cheney."

New York Times: "The National Archives has put into effect an emergency plan to handle electronic records from the Bush White House amid growing doubts about whether its new $144 million computer system can cope with the vast quantities of digital data it will receive when President Bush leaves office on Jan. 20. The technical challenge was an inevitable result of the explosion in cybercommunications, which will make the electronic record of the Bush years about 50 times as large as that left by the Clinton White House in 2001, archives officials estimate. The collection will include top-secret e-mail tracing plans for the Iraq war..."

News release: "The federal bank, credit union, and thrift regulatory agencies today announced publication of a revised identity theft brochure – You Have the Power to Stop Identity Theft – to assist consumers in preventing and resolving identity theft. The updated brochure focuses primarily on Internet "phishing" by describing how phishing works, offering ways to protect against identity theft, and detailing steps to follow for victims of identity theft. The brochure includes contact information for three major credit bureaus, where to report suspicious e-mails, and where to access additional information."

Washington Post: "Armed with millions of e-mail addresses and a political operation that harnessed the Internet like no campaign before it, Barack Obama will enter the White House with the opportunity to create the first truly "wired" presidency. Obama aides and allies are preparing a major expansion of the White House communications operation, enabling them to reach out directly to the supporters they have collected over 21 months without having to go through the mainstream media."

News release: "A court ruled today that the National Security Archive may proceed with its effort to force the White House to recover millions of Bush Administration Executive Office of the President (EOP) e-mail records before the presidential transition. Rejecting the government's motion to dismiss the Archive's lawsuit, the Court ruled that the Federal Records Act permits a private plaintiff to bring suit to require the head of the EOP or the Archivist of the United States to notify Congress or ask the Attorney General to initiate action to recover destroyed or missing e-mail records...The National Security Archive originally filed its case against the Executive Office of the President and the National Archives and Records Administration to preserve and restore missing e-mail federal records in September 5, 2007. A subsequent lawsuit filed by Citizens for Responsibility and Ethics in Washington has been consolidated with the Archive's lawsuit. A chronology of the litigation is available here."

Spamalytics: An Empirical Analysis of Spam Marketing Conversion, October 2008 - Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson† Stefan Savage

News release: "Online scammers are taking advantage of tough economic times. While e-mails phishing for sensitive data are nothing new, scammers are taking advantage of upheavals in the financial marketplace to confuse consumers into parting with valuable personal information. The Federal Trade Commission urges caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or mortgage. In fact, these messages may be from “phishers” looking to use personal information – account numbers, passwords, Social Security numbers – to run up bills or commit other crimes in a consumer’s name. Consumers are warned not to take the bait. The FTC has advice about how to stay on guard against this type of scam. To learn more, see the consumer alert Bank Failures, Mergers and Takeovers: A ‘Phish-erman’s Special.

News release: "The Federal Trade Commission’s Web site that helps consumers stay on guard against Internet fraud is revamping to provide extra tools for cyber safety. The FTC’s announcement of the newly designed and improved site comes on the first day of October, which is National Cyber Security Awareness Month. Since the September 2005 launch of www.OnGuardOnline.gov and its Spanish-language counterpart, www.AlertaEnLínea.gov, more than 8.1 million visitors have learned about computer security at these sites. Now, with the help of 22 federal agencies, industry organizations, and non-profit groups, the FTC has introduced a variety of new features to help consumers avoid Internet fraud, secure their computers, and protect their personal information...The articles, games, and videos on the site provide information on 16 topics, including social networking, phishing, spam scams, and laptop security."

News release: "A new national survey shows that 62% of adults who are currently employed use the internet or email at work and they have mixed views about the impact of technology on their work lives. On the one hand, they cite the benefits of increased connectivity and flexibility that the internet and all of their various gadgets afford them at work. On the other hand, many workers say these tools have added stress and new demands to their lives."

Follow up on postings related to the White House visitor logs, this news release: "U.S. District Court Judge Colleen Kollar-Kotelly issued a preliminary injunction in CREW, et al. v. Cheney et al., requiring Vice President Cheney, the Office of the Vice President, the Executive Office of the President, that archivist and the National Archives and Records Administration to preserve all vice presidential records, broadly defined to encompass all records relating to the vice president carrying out his constitutional, statutory or other official or ceremonial duties."

Being Wired or Being Tired: 10 Ways to Cope with Information Overload: "Sarah Houghton-Jan explores different strategies for managing and coping with various types of informational overload." Ariadne, Issue 56 July 2008.

USA.gov: "The National Archives and Records Administration (NARA) issued e-mail archiving applications guidance July 31 for certain e-mails that are considered records under the Federal Records Act. The bulletin informs agencies that e-mail archiving technologies may not necessarily meet all of the Federal Records Act requirements."

Surveillance made easy, NewScientist.com news service, Laura Margottini: "This data allows investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time."

So said the UK Home Office last week as it announced plans to give law-enforcement agencies, local councils and other public bodies access to the details of people's text messages, emails and internet activity. The move followed its announcement in May that it was considering creating a massive central database to store all this data, as a tool to help the security services tackle crime and terrorism."

Related links:
• UK House of Commons, Communications Data Bill: "The purpose of the Bill is to: allow communications data capabilities for the prevention and detection of crime and protection of national security to keep up with changing technology through providing for the collection and retention of such data, including data not required for the business purposes of communications service providers; and to ensure strict safeguards continue to strike the proper balance between privacy and protecting the public.
• Siemens - Lawful Interception (Monitoring Center, Intelligence Platform) - "Authorized groups need to have direct access to communications between suspects, whether it is individuals, groups or organizations. Only then can they take appropriate action, detect, prevent and anticipate crimes and guarantee peace and security."

Official Google Enterprise Blog: "In July, our Postini datacenters saw the biggest volume of email virus attacks so far in 2008, with a peak of nearly 10 million messages on July 24. One of the more prominent attacks in the month involved a spoofed UPS package-tracking link that was intended to lure recipients into clicking on it and downloading malware. Our zero-hour virus protection technology first started catching these emails on July 20."

News release: "The Federal Trade Commission today released a staff report on a Roundtable Discussion on Phishing Education that it hosted in April. Approximately 60 experts from business, government, the technology sector, the consumer advocacy community, and academia met at the FTC to discuss strategies for outreach to consumers about avoiding phishing. Phishers use deceptive spam that appears to come from legitimate, well-known sources to trick consumers into divulging sensitive or personal information, such as credit account numbers or passwords, often through a link to a copycat of the purported source’s Web site."

Bill Summary - H.R. 5811: The Electronic Message Preservation Act. Rep. Henry A. Waxman, Chairman, Committee on Oversight and Government Reform

Committee on Oversight: "Rep. Henry A. Waxman, Rep. Wm. Lacy Clay, and Rep. Paul W. Hodes released a new GAO report that finds that senior federal officials are failing to comply with requirements to preserve e-mail records. On Wednesday, the House is expected to consider legislation (H.R. 5811) to modernize the Federal Records Act and the Presidential Records Act to ensure the preservation of these important federal records.

The new GAO report, Federal Records: National Archives and Selected Agencies Need to Strengthen E-Mail Management, finds:

• All four of the agencies examined — the Department of Homeland Security, the Department of Housing and Urban Development, the Environmental Protection Agency, and the Federal Trade Commission — are relying on outdated and unreliable “print and file” systems for preserving e-mail records.
  
• Senior agency officials did not fully comply with key requirements for preserving e-mail records. GAO reviewed the practices of 15 senior agency officials in the four agencies and found that a majority of these officials failed to manage their e-mail records in accordance with regulatory requirements. E-mails were not retained in adequate recordkeeping systems, making the e-mail records easier to lose, harder to find, and vulnerable to deletion or other tampering. Inadequate oversight and training within agencies contributed to the inconsistent compliance with preservation requirements..."

Follow up - related postings on missing White House emails, today's news: News release: "Today, D.C. District Court Judge Colleen Kollar-Kotelly issued an opinion in CREW v. Office of Administration, finding that the Office of Administration (OA) is not an agency subject to the Freedom of Information Act (FOIA). In May 2007, CREW sued OA for records regarding missing White House e-mail and the office’s assessment of the scope of the problem. After initially agreeing to provide records, OA changed course and claimed it was not an agency and, therefore, had no obligation to comply with the FOIA. OA made this claim despite the fact that even the White House’s own website described OA as an agency and included regulations for processing FOIA requests."

New York Times: "Some of the biggest technology firms, including Microsoft, Intel, Google and I.B.M., are banding together to fight information overload. Last week they formed a nonprofit group to study the problem, publicize it and devise ways to help workers — theirs and others — cope with the digital deluge."

Proofpoint’s Outbound Email and Data Loss Prevention in Today’s Enterprise, 2008 report - ["the survey was fielded in the US, UK, France, Germany and Australia to explore global concerns.]

"Email remains the most important medium for communications both inside and outside the enterprise. But the convenience and ubiquity of email as a business communications tool has exposed enterprises to a wide variety of legal, financial and regulatory risks associated with outbound email. Enterprises continue to express a high level of concern about creating, managing and enforcing outbound messaging policies (for email and other communication protocols) that ensure that messages leaving the organization comply with both internal rules, best practices for data protection and external regulations. In addition, organizations remain very concerned about ensuring that email (and other electronic message streams) cannot be used to disseminate confidential or proprietary information...The results show that data protection concerns are not confined to the US and that globally, email, webmail, FTP, blogs message boards, media sharing sites and social networking sites are a source of concern as well as real-world risk for IT professionals working in large enterprises."

• Abstinence Education: Assessing the Accuracy and Effectiveness of Federally Funded Programs, GAO-08-664T, April 23, 2008
• Antidumping and Countervailing Duties: Congress and Agencies Should Take Additional Steps to Reduce Substantial Shortfalls in Duty Collection, GAO-08-391, March 26, 2008
• Federal Records: Agencies Face Challenges in Managing E-Mail, GAO-08-699T, April 23, 2008: "Federal agencies are increasingly using electronic mail (e-mail) for essential communication. In doing so, they are potentially creating messages that have the status of federal records, which must be managed and preserved in accordance with the Federal Records Act. To carry out the records management responsibilities established in the act, agencies are to follow implementing regulations that include specific requirements for e-mail records. In view of the importance that e-mail plays in documenting government activities, GAO was asked to testify on issues relating to the preservation of electronic records, including e-mail."
• Homeland Security: Enhanced National Guard Readiness for Civil Support Missions May Depend on DOD's Implementation of the 2008 National Defense Authorization Act, GAO-08-311, April 16, 2008
• Human Capital: Workforce Diversity Governmentwide and at the Small Business Administration, GAO-08-725T, April 23, 2008
• Intelligence, Surveillance, and Reconnaissance: DOD Can Better Assess and Integrate ISR Capabilities and Oversee Development of Future ISR Requirements, GAO-08-374, March 24, 2008
• National Transportation Safety Board: Progress Made in Management Practices, Investigation Priorities, Training Center Use, and Information Security, But These Areas Continue to Need Improvement, GAO-08-652T, April 23, 2008
  Permanent Link

News release: "Today, the White House sought clarification from the court concerning its ability to restore missing records from backup tapes that are currently being preserved. The White House inquiry comes as the National Security Archive continues to await a ruling by the United States District Court for the District of Columbia on its pending motion to extend an e-mail preservation order against the Executive Office of the President (EOP) and to depose relevant witnesses about the state of the White House's e-mail archiving system.

A new bill to establish procedures to assure the preservation of electronic federal and presidential records was introduced this week by Rep. Henry A. Waxman (D-CA), Rep. Wm. Lacy Clay (D-MO), and Rep. Paul W. Hodes (D-NH) (H.R. 5811), but that bill would have no effect on the e-mails that are the subject of the pending lawsuit. A new chronology of events in the White House e-mail lawsuits was also published on the Web today by the Archive.

Jerry Crimmins, Chicago Daily Law Bulletin, April 10, 2008: " The University of Chicago Law School has removed Internet access in most of its classrooms because of a growing problem of students surfing the Web on laptops during lectures...Law students' use of laptops to surf the Web, read and write e-mail and play computer games during class has brought changes at a number of schools, including Harvard, Yale and Stanford."

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, news today from AP: "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, today's news release: "Today, in response to a request by the National Security Archive, which along with Citizens for Responsibility and Ethics in Washington (CREW) has sued the White House challenging its failure to preserve millions of missing email, Magistrate Judge Facciola issued a show cause order in CREW, et al. v. EOP. Judge Facciola's order requires the White House to show cause by close of business Friday, March 21, why it should not be ordered to create and preserve a forensic copy of any media that has been used or is being used by any former or current employee between March 2003 and October 2005, the period of time for which email is missing. He entered the Order based at least in part on the White House's own admission that it did not preserve back-up tapes prior to October 2003."

VOIP-News: "Email, IM (instant messaging) and even VoIP solutions like Skype and Vonage have taken over communications in both the business and social worlds. These systems work well because they're a much-needed solution for high phone bills, static-filled communications and dropped cell-phone calls. Internet-based communication methods also give users optimum remote access, since all one needs to use VoIP or send an IM is an Internet connection. But with this increase in popularity comes serious security issues. VoIP technology is still relatively new, and hackers are finding new ways to rip off service providers and their customers. Just who might be spying on your online communications? You might be surprised."

Electronic Frontier Foundation: "Three powerful House Commerce Committee Chairmen strongly urged their colleagues Thursday to defer acting on requests for retroactive immunity and to demand more information from the White House and the telecommunications companies in the wake of disclosures by another whistleblower that the government apparently has been granted an open gateway to customer information and calls by a major telecommunications company."

• March 6, 2008 Dear Colleague letter, written by John Dingell, Chairman of the House Committee on Energy and Commerce; Ed Markey, Chairman of the House Subcommittee on Telecommunications and the Internet; and Bart Stupak, Chairman of the Subcommittee on Oversight and Investigations: "..Yesterday another whistleblower stepped forward with troubling charges that at least one major wireless telecommunications giant may have given a Congressional entity access to every communications coming through that company's infrastructure, including every e-mail, Internet use, document transmission, video and text message, as well as the ability to listen in on any phone call."


• Related postings on domestic surveillance program

News release: "Speaker Nancy Pelosi released the following statement February 29, 2008 in response to a letter she received late this afternoon from U.S. Attorney General Michael Mukasey stating that the Administration is refusing to enforce contempt of Congress citations against former White House Counsel Harriet Miers and White House Chief of Staff Joshua Bolten:

“By ordering the U.S. Attorney to take no action in response to congressional subpoenas, the Bush Administration is continuing to politicize law enforcement, which undermines public confidence in our criminal justice system. Anticipating this response from the Administration, the House has already provided authority for the Judiciary Committee to file a civil enforcement action in federal district court and the House shall do so promptly. The American people demand that we uphold the law. As public officials, we take an oath to uphold the Constitution and protect our system of checks and balances and our civil lawsuit seeks to do just that.”

2007 Electronic Monitoring & Surveillance Survey - Over Half of All Employers Combined Fire Workers for E-Mail & Internet Abuse, February 28, 2008

Committee Holds Hearing on Electronic Records Preservation at the White House, Chairman Waxman's Opening Statement, February 26, 2008:
"...When President Clinton left office and President Bush came into office, the White House had in place a system for archiving White House e-mails that complied with the Presidential Records Act...In its place, the White House adopted a system that one of its own experts described as “primitive” and carried a high risk that "data would be lost." The system also had serious security flaws. Until the problem was corrected in 2005, all officials in the White House had access to the archive system and the ability to delete or alter existing information. The White House’s own analysis of its system identified over 700 days in which e-mail records seem either impossibly low or completely nonexistent. This 2005 analysis was prepared by a team of 15 White House officials and contractors."

• Supplemental Information for Full Committee Hearing on White House E-mails: "The Committee has been investigating White House compliance with the Presidential Records Act. In preparation for this hearing, the Committee received more than 20,000 pages of intemal e-mails and other documents from the White House and the National Archives and Records Administration. The Committee also interviewed or received written answers to questions from six current or former officials in the White House responsible for preserving White House records.


• Testimony of Alan R. Swendiman, Special Assistant to the President and Director, Office of Administration


• Testimony of Theresa Payton, Chief Information Officer, Office of Administration


• Testimony of Allen Weinstein, Archivist of the United States


• Interrogatory of Steven McDevitt


• Sources for Supplemental Information


• Previous postings on missing White House email
Permanent Link

"On Tuesday, February 26, 2008, at 10:00 a.m., in room 2154 of the Rayburn House Office Building, the full Committee on Government Oversight and Reform will hold a hearing entitled Electronic Records Preservation at the White House."

A Portrait of Early Internet Adopters: Why People First Went Online --and Why They Stayed, by Amy Tracy Wells, Research Fellow, Pew Internet & American Life Project, February 20, 2008

"This Registry of USG Recommended Biometric Standards (Registry) supplements the NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards. This Registry is based upon interagency consensus on biometric standards required to enable the interoperability of various Federal biometric applications, and to guide Federal agencies as they develop and implement related biometric programs. Version 1.0 of this Registry document is being presented to the public for review, with comments due by March 10, 2008. The Subcommittee will review all comments received, make necessary adjustments, and finalize the Registry through normal NSTC approval processes. The Subcommittee will continuously review the content of this document, and release updated versions as required to assist agencies in the implementation and reinforcement process of biometric standards to meet agency-specific mission needs."

"Cisco® today announced key findings from its annual global study on remote workers' security awareness and online behavior, indicating how they can inadvertently heighten risks for themselves and the companies they work for. The study's findings are prompting Cisco security executives to offer recommendations to information technology (IT) professionals on how to protect their companies against threats and maximize the business benefits of distributed and mobile workforces."

Follow up to previous postings on the controversy surrounding missing White House email, this press release: "Today, in light of the emerging details of the disappearance of millions of White House emails, Citizens for Responsibility and Ethics in Washington (CREW) sent a letter to Attorney General Michael B. Mukasey asking that he appoint a special counsel to investigate the matter. Specifically, CREW asked for an investigation into whether the White House violated federal record-keeping laws by knowingly failing to preserve and restore millions of emails and by deliberately failing to use an effective and appropriate record-keeping system for the preservation of federal and presidential electronic records. The White House is subject to two sets of federal laws governing how it must maintain and preserve its records, the Federal Records Act (FRA) and the Presidential Records Act (PRA)."

Press release: "The FBI has recently developed information indicating cyber criminals are attempting to once again send fraudulent e-mails to unsuspecting recipients stating that someone has filed a complaint against them or their company with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau."
Related resources:

"Criminals are hard at work thinking up creative ways to get malware on your computer, warns the Federal Trade Commission. With appealing Web sites, desirable downloads, and compelling stories, these criminals try to lure consumers to links that will download malware, especially on computers that don’t use adequate security software. Then, they use the malware – malicious software – to steal personal information, send spam, and commit fraud. A new publication from the FTC has information that could help consumers protect their computers against malware and reclaim their computer and electronic information if malware is already on their computer. The publication, Minimizing the Effects of Malware, provides tips on spotting malware, and urges consumers to act immediately if they suspect their computer is affected by malware."

Press release: "The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond. The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up."

What if the Internet went down...and didn't come back up? By Lynn Greiner, CIO.com, 01/22/08

Press release: "Congresswoman Betty McCollum (MN-04), has sent a letter to the Government Accountability Office asking that it reopen its investigation of the privacy and national security risks posed by government agencies reselling used magnetic data tapes that may once have contained large amounts of sensitive personal and government information. Researchers working for Imation, an Oakdale, MN-based corporation that produces magnetic data tapes, were able to recover a wide range of sensitive information from used data tapes that were supposedly wiped clean before being re-sold. Using readily available equipment and information, Imation investigators found out where the tapes originated and recovered bank account numbers, expense reports, employee tax and benefit information, and other sensitive data."

Follow up to postings on the investigation into missing White House emails, news that CREW has completed an analysis [Word documents] of the national news events that took place on the dates for which there are missing White House email."

Follow up to previous postings on missing White House emails, from the House Oversight Committee: "On February 15, the Committee will hold a hearing to investigate White House compliance with the Presidential Records Act. Statements made at the January 17 White House press briefing contradict information provided to the Committee, which revealed that a 2005 White House analysis found no archived mail for hundreds of days between 2003 and 2005. The following officials have been invited to testify: Fred Fielding, Counsel to the President; Alan Swendiman, Director, Office of Administration; Allen Weinstein, Archivist of the United States."

Follow up to previous postings on missing White House emails, today's Press release from Citizens for Responsibility and Ethics in Washington (CREW): "Yesterday’s midnight filing by the White House in CREW v. Executive Office of the President, a lawsuit challenging the failure of the White House to preserve and restore millions of missing emails, raises some very troubling questions...The White House has now admitted that it does not have an effective system for storing and preserving emails. This is no mere technicality; it is this failure that led to the likely destruction of over 10 million email. What the White House has not explained is why it abandoned the electronic record-keeping system used by the prior administration -- a system that properly preserved White House email -- but did not replace it with another effective and appropriate system."

Press release: "Becta [British Educational Communications and Technology Agency], the education technology agency, has published a key report on Microsoft Vista and Office 2007 and on document interoperability which analyses the suitability of both software packages for adoption by schools and colleges."

Follow up to postings on missing White House E-mail, from the National Security Archive: "In an Order issued today, Magistrate Judge Facciola of the United States District Court for the District of Columbia ordered the White House to answer questions about over 5 million missing e-mails generated between 2003-2005. Noting that the need for information the missing e-mails is "time-sensitive" because of the risk that stored copied of the e-mails "are increasingly likely to be deleted or overridden with the passage of time," the Court demanded answers in a sworn declaration by January 13, 2008 about the location of the missing e-mails."

Press release: "In a new report, the Federal Trade Commission staff describes findings from its July 2007 workshop, “Spam Summit: The Next Generation of Threats and Solutions” and proposes follow-up action steps that stakeholders can adopt to mitigate the harmful effects of malicious spam and phishing. In addition to proposing action steps for stakeholders, the report provides an overview of the agency’s decade-long role in protecting consumers from the threats of fraudulent spam and phishing. The report also announces results from staff’s 2007 Harvesting and Filtering Study, which suggest that Internet service providers’ spam filters continue to serve an integral role in reducing the amount of spam that reaches consumers’ in-boxes."

Press release: "Proofpoint, Inc., the leading provider of unified email security and data loss prevention solutions, today reported spam trends for data collected during the month of November 2007, finding that, on average, spam continues to represent nearly 90% of the total email volume received by large enterprises. Attachment-based spam made a comeback with the prevalence of image-based spam, PDF spam and Microsoft Word document spam all increasing over October levels."

McAfee Virtual Criminology Report - Cybercrime: The Next Wave - The annual McAfee global cyber trends study into organized crime and the Internet in collaboration with leading international security experts, November 2007.

Prepared Statement of Senator Max Baucus (D-Mont.) Regarding the Finance Committee Investigation of Avandia, November 15, 2007: "We place a great deal of trust in pharmaceutical companies to make safe and effective products.The health of millions of Americans, from young children to retirees, depends on the careful work of these drug manufacturers. Today, Senator Grassley and I are placing in the Congressional Record a Senate Finance Committee staff report which describes a very disturbing series of events related to the safety of the diabetes drug Avandia. The report presents evidence that a pharmaceutical company allegedly tried to intimidate a doctor who raised concerns about Avandia’s link to heart problems. This occurred after the doctor gave speeches at two scientific meetings where he warned of the cardiovascular risks to those using Avandia, a drug designed to control glucose levels in diabetics. To make matters worse, the company in question denied trying to intimidate the doctor in the
press. That claim is seriously challenged by emails presented in the staff report."

Press release: "Today, U.S. District Judge Henry Kennedy granted Citizens for Responsibility and Ethics in Washington's (CREW) request for a temporary restraining order to prevent the White House from destroying back-up copies of millions of deleted emails while the lawsuit is pending. CREW brought this lawsuit against the Executive Office of the President and the National Archives and Records Administration challenging their failure to restore and preserve millions of emails deleted from White House servers and to institute an effective electronic record-keeping system. When the White House refused to give adequate assurances that it would preserve back-up copies of the deleted emails -- the only source of these important historical records [see Federal Records Act] -- CREW sought a temporary restraining order."

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act: "The National Security Archive filed a motion on Friday, October 26, seeking expedited discovery against the Executive Office of the President to find out what e-mails are missing from the White House e-mail system or backup tapes. Archive General Counsel Meredith Fuchs explained, “The pressing need for the information arises out of troubling representations by the EOP and its components about its document preservation obligations and the location of its backup tapes. We need information so we can take steps to preserve all possible sources of e-mails deleted from the White House servers.” Also on Friday, a similar motion was filed in a virtually identical lawsuit brought by Citizens for Responsibility and Ethics in Washington (CREW) on September 25, 2007.

The Archive filed this case on September 5, 2007, against the Executive Office of the President (EOP) and its components seeking to recover at least 5 million federal e-mail records improperly deleted by the EOP. After the government failed to provide adequate assurances that backups and copies of the missing e-mail would be preserved throughout this litigation, on October 11, 2007, CREW filed a motion for a temporary restraining order against the White House defendants in its case. A hearing in CREW’s case was held before Magistrate Judge Facciola on October 17, 2007. Magistrate Judge Facciola issued a Report and Recommendation on October 19, 2007, advising the Court to grant a temporary restraining order. The government has filed objections to Magistrate Judge Facciola’s Report and Recommendation, and CREW has responded to the government’s objections."

Follow up to October 17, 2007 posting, Court Indicates Order on Missing White House Email Forthcoming, from CREW: "Today, in CREW v. EOP, Magistrate Judge John Facciola issued a report and recommendation in which he concluded that a temporary restraining order should be issued by District Court Judge Henry Kennedy preventing the White House from destroying any back-up copies – in whatever medium - created to preserve data. CREW sought this order to ensure that back-up copies of the millions of email deleted from White House servers between March 2003 and October 2005 were preserved pending resolution of CREW's lawsuit challenging as contrary to law those deletions and the failure of the White House to have an effective electronic record-keeping system in place. The court refused to accept the last-minute proffer of the White House to provide a declaration in lieu of a court order, explaining that a declaration is not sufficient because a violation is not punishable by contempt. The White House has 10 days in which to file an objection to this recommendation, after which Judge Kennedy will issue an order."

Follow up to previous posting, Group Issues Report on Missing White House Emails and Violations of the Presidential Records Act, from AP today news that "U.S. Magistrate John M. Facciola indicated Wednesday [that he] may order the Bush administration to preserve copies of all White House e-mails, a move that a government lawyer argued strongly against."

Press release: "With a full twelve months under our belt, today OpenDNS published the first-ever PhishTank annual report. The report looks at the more than 300,000 phishes you’ve submitted and helped verify over the course of one year. While some of the report’s findings come as no surprise (e.g., PayPal and eBay round out the top of the list of most spoofed brands), some are alarming. Perhaps the most important finding, and the one that drove us to come up with a fix, is that U.S. telecoms are hosting more phishes than telecoms in any other country."

Follow up to previous postings on missing White House e-mails and violations of the Presidential Records Act, this press release: "The National Security Archive today sued the White House seeking the recovery and preservation of more than 5 million White House e-mail messages that were apparently deleted from White House computers between March 2003 and October 2005. The lawsuit filed this morning in U.S. District Court for the District of Columbia names as defendants the Executive Office of the President and its components that are subject to the Federal Records Act, including the White House Office of Administration (OA), and the National Archives and Records Administration (which is responsible for long-term preservation of federal and presidential records), under the records laws and the Administrative Procedure Act."

Follow up to previous postings re the ongoing Congressional investigation into missing White House emails, news from Bloomberg that "an [unidentified] outside contractor...conducted daily audits of the [White House] e-mail system..." and yet "5 million e-mails from March 2003 to October 2005 are missing..."

"Today Chairman Waxman wrote [Letter to Fred Fielding] to request information from the White House Office of Administration about reports that millions of e-mails that may have been lost from the White House e-mail system."

PC World: Study Finds Spam's Achilles Heel - "Researchers say they've discovered a critical weakness in the spam infrastructure."

"Today Chairman Waxman and Ranking Member Davis sent a letter to the White House requesting specific documents related to the death of U.S. Army Corporal Patrick Tillman, who was killed by friendly fire in Afghanistan in 2004. The White House has made available for staff review approximately 400-450 pages, which had previously been redacted or withheld. Following this review, the Committee is requesting that the White House provide the Committee several internal e-mail communications as well as drafts of the President's remarks about Corporal Tillman at the White House Correspondents' Dinner."

"Over 50 per cent of UK business users are unable to walk away from their emails when on holiday or off sick, according to new research announced at the Inbox/Outbox 2007 event." Ian Williams, vnunet.com 20 Jul 2007

Spam Summit: The Next Generation of Threats and Solutions: "A two-day conference that will bring together experts from the business, government, and technology sectors, consumer advocates, and academics to explore consumer protection issues surrounding spam, phishing and malware. The agenda and a list of participants can be found here."

Press release: "Google Inc. announced today that it has signed a definitive agreement to acquire Postini, a global leader in on-demand communications security and compliance solutions serving more than 35,000 businesses and 10 million users worldwide. Postini's services -- which include message security, archiving, encryption, and policy enforcement -- can be used to protect a company's email, instant messaging, and other web-based communications. Under the terms of the agreement, Google will acquire Postini for $625 million in cash, subject to working capital and other adjustments, and Postini will become a wholly-owned subsidiary of Google. The agreement is subject to customary closing conditions and is expected to close by the end of the third quarter 2007."

Follow up to previous postings on Connecticut librarians and FBI NSL gag order, via Wired Blog, Librarians Describe Life Under An FBI Gag Order: "Two Connecticut librarians on Sunday [at the 2007 ALA Annual Conference in Washington, DC] described what it was like to be slapped with an FBI national security letter and accompanying gag order."

MessageLabs Intelligence Report: Increased Number of Spam Spikes and New Image Spam Techniques Cause Trouble for Businesses: "Analysis of [May 2007] data showed that spammers continue to innovate and employ new methods to elude traditional anti-spam solutions. Rather than embedding images in the body of an email message, spammers are now hosting images on sites that do not require registration and include links to those sites or an HTML image in the email message."

NEWS.COM Special Report: Wardens of the WebTalkBack: Global security challenge falls to an elite corps, June 25, 2007

The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010 - "In this detailed white paper, IDC researches and analyzes the impact of ever-increasing amounts of digital information generated worldwide. It defines the digital universe and forecasts its growth to an incredible 988 exabytes (or 988 billion gigabytes) in the year 2010. Get a clear picture of what this expanding universe means to you and your organization. Find out what’s driving growth—from files and e-mail to voice data and images. And learn about strategies for managing the rapidly expanding digital universe."

EFF press release: "The government must have a search warrant before it can secretly seize and search emails stored by email service providers, according to a landmark ruling Monday in the 6th U.S. Circuit Court of Appeals. The court found that email users have the same reasonable expectation of privacy in their stored email as they do in their telephone calls -- the first circuit court ever to make that finding."

Administration Oversight, White House Use of Private E-mail Accounts: "The Oversight Committee has been investigating whether White House officials violated the Presidential Records Act by using e-mail accounts maintained by the Republican National Committee and the Bush Cheney ‘04 campaign for official White House communications. This interim staff report provides a summary of the evidence the Committee has received to date, along with recommendations for next steps in the investigation."

The information the Committee has received in the investigation reveals:

Daniel Pulliam at Govexec.com reported, "Eighteen agencies have been asked by the Office of Special Counsel to preserve electronic information dating back to January 2001 as part of its governmentwide investigation into alleged violations of the law that limits political activity in federal agencies. The OSC task force investigating the claims has asked agencies, including the General Services Administration, to preserve all e-mail records, calendar information, phone logs and hard drives going back to the beginning of the Bush administration."

Image Spam: By the Numbers, by Scott Berinato: "Image Spam—an e-mail solicitation that uses graphical images of text to avoid filters—is not new. Recently, though, it reached an unprecedented level of sophistication and took off. A year ago, fewer than five out of 100 e-mails were image spam, according to Doug Bowers of Symantec. Today, up to 40 percent are. Meanwhile, image spam is the reason spam traffic overall doubled in 2006, according to antispam company Borderware. It is expected to keep rising."

Press release: "Tens of thousands of consumers are unwitting accomplices of illegal spammers and at the mercy of identity thieves, warns the Federal Trade Commission. These consumers’ computers have been secretly hijacked by criminals who install spam-sending software and spyware on the computers when consumers open malicious e-mail attachments or visit a malicious Web site. After gaining access to consumers’ computers, the criminals can track consumers’ Internet surfing, steal personal information, and turn the computers into spam “zombies” that are part of a “botnet” made up of thousands of home computers through which spammers route spam. In a new consumer alert, Botnets and Hackers and Spam (Oh, My!), the FTC urges consumers to secure their personal information and stop assisting spammers."

Source: "Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations. PI is based in London, and has an office in Washington, D.C. Together with members in 40 countries, PI has conducted campaigns throughout the world on issues ranging from wiretapping and national security activities, to ID cards, video surveillance, data matching, police information systems, and medical privacy, and works with a wide range of parliamentary and inter-governmental organisations such as the European Parliament, the House of Lords and UNESCO."

Follow-up to previous postings on the U.S. attorney firings, this May 25, 2007 ress release: "Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Arlen Specter (R-Pa.) sent the following letter to Karl Rove’s attorney seeking access to e-mails related to the panel’s ongoing investigation into the firings of U.S. Attorneys and politicization within the Department of Justice."

Press release: "The volume of spam is growing in Americans' personal and workplace emailaccounts, but email users are less bothered by it.
Spam continues to plague the internet as more Americans than ever say they are getting more spam than in the past. But while American internet users report increasing volumes of spam, they also indicate that they are less bothered by it than before. Users have become more sophisticated about dealing with spam; fully 71% of email users use filters offered by their email provider or employer to block spam... Spam has not become a significant deterrent to the use of email, as some observers speculated it might when unsolicited email first began flooding users' inboxes several years ago. But it continues to degrade the integrity of email. Some 55% of email users say they have lost trust in email because of spam."

Press release: "Senator Patrick Leahy (D-Vt.), chairman of the Judiciary Committee, Wednesday issued a subpoena to Attorney General Alberto Gonzales (6 pages, PDF) compelling the Department of Justice to provide all Karl Rove e-mails in its possession related to the panel’s ongoing investigation into the mass firings of federal prosecutors. Rove, a senior political advisor to President Bush, and the White House political operation -- which Rove heads – have been linked to the project that resulted in the unprecedented firings of several well-performing federal prosecutors, according to information gathered by the Committee through documents, interviews and testimony. Several of the dismissed prosecutors have testified under oath and said in public that they were unaware of performance problems and believe political influence was a factor in their firings. Leahy requested the e-mails first at the Committee’s oversight hearing with the Attorney General on April 19, 2007, and then again in a letter to the Attorney General on April 25, 2007. The Attorney General has failed to respond to those earlier requests."

Justice Department Lists E-Mails and Memos Being Withheld in Firings of U.S. Attorneys: "The Justice Department released a list of internal documents Thursday focusing on lawmakers' concerns and media questions about the firings of eight federal prosecutors, but the department resisted congressional demands for copies of the memos. The list of 159 e-mails and memos, spanning nearly three months, at the least demonstrates concern about how the dismissals were being publicly received before they erupted into a firestorm that has resulted in calls for Attorney General Alberto Gonzales to resign."

On April 16, 2007 Barbara Fullerton, Manager, Librarian Relations, 10-K Wizard, Sabrina Pacifici, Editor & Publisher, LLRX.com and beSpacific.com and Aaron Schmidt, Director, North Plains Public Library, presented their always popular round-robin Gadgets presentation at Computers in Libraries 2007.

Follow-up to postings on the escalating interest in the U.S. Attorney firings, this press release: "Citizens for Responsibility and Ethics in Washington (CREW) released a report [April 12, 2007], WITHOUT A TRACE: The Missing White House Emails and the Violations of the Presidential Records Act, detailing the legal issues behind the story of the White House e-mail scandal. WITHOUT A TRACE covers the following areas:

Press release, Worldwide Email Usage 2007–2011 Forecast: Resurgence of Spam Takes Its Toll, March 2007: "This IDC study examines how email is being used and will be used for business and personal purposes. In its eighth year, this annual study of email usage provides email solution providers and their customers with insights on how email usage is changing based on a 10+ year perspective (2000–2010)..."Spam volumes will continue to grow faster than expected due to the success of image-based spam in bypassing antispam filters and of email sender identity spoofing in getting higher response rates. Instant messaging, joined by free and low-cost VoIP calling, will result in slower email growth, especially among teens and young adults," said Mark Levitt, program VP, Collaborative Computing and the Enterprise Workplace, IDC."

Following up on this April 10, 2007 posting, House Judiciary Committee Subpoenas AG Gonzales, and related links on the U.S. Attorney firings, today this press release from Rep. Waxman's House Oversight and Government Reform Committee: "Following briefings from the White House and Republican National Committee that revealed an extensive volume of e-mails regarding official government business may have been destroyed by the RNC, Chairman Waxman directs government agencies to preserve e-mails received from or sent to non-governmental e-mail accounts used by White House staffers. The Committee also requests that government agencies provide an inventory of all e-mails involving these accounts. The briefing received by the Committee raises serious concerns about the White House compliance with the Presidential Records Act, which requires that the President "take all such steps as may be necessary to assure that the activities, deliberations, decisions, and policies that reflect the performance of his constitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are maintained as Presidential records."
Related documents: This press release includes links to letters from the Chairman to 16 agency heads, which duplicate the text of a letter to Attorney General Gonzales. Each letter is three pages, PDF.

Press release: "Former 9/11 Commission counsel Janice Kephart announces the launch of an online Identity Document Security Library, consisting of legal, technical and policy pieces regarding identity document security. Kephart, a nationally recognized border security expert, created the library to serve as a 'one-stop-shop' information portal for those seeking objective, credible information on the issue of identity document security...The issue of identity, and information about identity, underlies the 9/11 Commission's border work, whose recommendations included the creation of minimum standards for state-issued driver licenses and IDs. Kephart's recently issued white paper, Identity and Security: Moving Beyond the 9/11 Staff Report on Identity Document Security, maintains that securing identities and identity documents is perhaps the single most effective measure the United States can take to lay a foundation for national and economic security and public safety."

"Citing evidence that senior White House officials are using RNC and other political email accounts to avoid leaving a record of official communications, Chairman Waxman directs the Republican National Committee and the Bush-Cheney ’04 Campaign to preserve the emails of White House officials and to meet with Committee staff to explain how the accounts are managed and what steps are being taken to protect the emails from destruction and tampering."

Documents and Links:

Follow up to related postings on firings of U.S. attorneys:

SEC press release: "The Securities and Exchange Commission this morning suspended trading in the securities of 35 companies that have been the subject of recent and repeated spam email campaigns (see examples). The trading suspensions - the most ever aimed at spammed companies - were ordered because of questions regarding the adequacy and accuracy of information about the companies. The trading suspensions are part of a stepped-up SEC effort - code named "Operation Spamalot" - to protect investors from potentially fraudulent spam email hyping small company stocks with phrases like, "Ready to Explode," "Ride the Bull," and "Fast Money." It's estimated that 100 million of these spam messages are sent every week, triggering dramatic spikes in share price and trading volume before the spamming stops and investors lose their money."

"The Pew Internet & American Life Project has just released a report that 34% of internet users have logged onto the internet using a wireless connection either around the house, at their workplace, or some place else. The report profiles these wireless users and describes their intensive use of the internet, especially in exchanging emails and getting news online."

Via PBS: Airing on Friday, February 16, 2007 (check for time in your area), "NOW reports on new evidence suggesting the existence of a secret government program that intercepts millions of private e-mails each day in the name of terrorist surveillance. News about the alleged program came to light when a former AT&T employee, Mark Klein, blew the whistle on what he believes to be a large-scale installation of secret Internet monitoring equipment deep inside AT&T's San Francisco office. The equipment, he contends, was created at the request of the U.S. government to spy on e-mail traffic across the entire Internet. Though the government and AT&T refuse to address the issue directly, Klein backs up his charges with internal company documents and personal photos."

Declan McCullagh reported last week on the reintroduction of numerous antispyware and ID theft bills, many of which reflect the same language as previous versions of related legislation. The article has links to major bills as well as respective legislative background.

"The Federal Bureau of Investigation (FBI) has launched a service that sends out electronic mail (e-mail) alerts when new and vital information is posted on the FBI.gov Web site. Subscribers select which topics that they want updates on, such as new electronic scams (e-scams) and warnings, most wanted terrorists, top ten fugitives, and local and national press releases. The alerts are transmitted as soon as updates are posted to the FBI's Web site or published in their daily, weekly, or monthly digests. The FBI views this service as a means of furthering American citizens' safety by keeping them informed. No personal information is required to sign up for this service, just an e-mail address to where the alerts will be sent. To sign up for the service please visit the www.FBI.gov."

LexisNexis press release: "Most office workers use workplace technology for personal reasons; many may be ignoring employer policies, new research shows...Despite the fact that nearly one-half (45%) of office workers have been explicitly informed their at-work technology usage is monitored, a majority still use their employers’ technology resources for personal reasons, according to a new survey conducted by Harris Interactive®..."

Press release, January 4, 2007: "Cisco today announced a definitive agreement to acquire the privately held company, IronPort Systems, Inc. of San Bruno, Calif. IronPort is a leading provider of messaging security appliances, focusing on enterprise spam and spyware protection."
Related news:

Press release: A "survey, conducted by Harris Interactive®, found that about three in four online adults (74 percent) view e-mail communications from a company they frequently patronize to be valuable or very valuable. In addition, 30 percent of online adults have purchased a particular good or service as a result of receiving such e-mails, and of these, 85 percent have done so within the past year."

Federal Computer Week reported that the Department of Defense has banned the use of Outlook and receipt of HTML email due to threats posed by spyware and viruses.

"The world of Legal Technology has...had its share of ups and downs in 2006, with companies spying on their boards, the treasury department spying on money transfers, and the government spying on, well, everyone! With all the spying going on, data security was certainly on everyone's mind in 2006, and several key stories arose out of the inability of companies and government agencies to protect their customer and employee data. The new Federal Rules of Civil Procedure also added to the mix with new requirements for companies and other potential litigants to keep in mind as they generate gigabytes and gigabytes of information every day." [Link]

Press release: "U.S. Deputy Attorney General Paul J. McNulty announced today during a speech at a meeting of the Lawyers for Civil Justice in New York that the Department of Justice is revising its corporate charging guidelines for federal prosecutors throughout the country. The new guidance revises the Thompson Memorandum, which was issued in January 2003 by then-Deputy Attorney General Larry D. Thompson and titled the “Principles of Federal Prosecution of Business Organizations.” The memo provides useful guidance to prosecutors in the field through nine factors to use when deciding whether to charge a corporation with criminal offenses. The guidance continues to require consideration of the factors from the Thompson memo but adds new restrictions for prosecutors seeking privileged information from companies. Specifically, it creates new approval requirements that federal prosecutors must comply with before they can request waivers of attorney-client privilege and work product protections from corporations in criminal investigations."

Press release: "The Commission today called on all regulatory authorities and stakeholders in Europe to step up the fight against spam, spyware and malicious software. Despite existing EU legislation to outlaw spam in Europe, Europe continues to suffer from illegal online activities from inside the EU and from third countries, the Commission underlines in a new Communication. The Communication stresses that although internet safety is on the political agenda for some time, national authorities should step up their actions to prosecute illegal online activities."

November 27, 2006 statement: "Last week, CDT and the ACLU joined a friend-of-the-court brief written by the Electronic Frontier Foundation, urging a federal appeals court to extend to e-mail the same constitutional protection accorded to telephone calls and regular mail. Remarkably, the constitutional status of e-mail has never been decided, and the Justice Department claims that opened e-mail and older stored e-mail can be obtained from service providers without a court order and without notice to the e-mail user. In the case, Warshak v. U.S., a lower federal court ruled that government agents could not force disclosure of email from a service provider unless they provided the relevant subscriber notice and an opportunity to object."

"Up to 80% of spam targetted at Internet users in North America and Europe is generated by a hard-core group of around 200 known professional spam gangs whose names, aliases and operations are documented in Spamhaus' Register Of Known Spam Operations (ROKSO) database. This TOP 10 chart of ROKSO-listed spammers is based on those Spamhaus views as the highest threat, the worst of the career spammers causing the most damage on the Internet currently. Spamhaus flags these as a priority for Law Enforcement Agencies."

Effective October 25, 2006 the public may request records from state and local agencies ["any New York State or municipal department, board, bureau, division, commission, committee, public authority, public corporation, council, office or other governmental entity performing a governmental or proprietary function is subject to the Law"], via email in New York.

AmLaw Tech Survey: Law Firms Play Variations on Old Themes - "The 11th annual survey finds firms expanding IT while adopting new versions of old standards."

Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information, Conference of Chief Justices, Approved August 2006.

The Foley Follies: What Can Be Learned From The History of Congressional Sex Scandals, And How Can the Page Program Be Reformed?, by John W. Dean

Press release: California "Attorney General Bill Lockyer today filed felony charges against former Hewlett-Packard Chairwoman Patricia C. Dunn and four other defendants, alleging they committed criminal offenses related to the use of false pretenses to access individuals' phone records during the company's probe of boardroom leaks to the media."

Press release: Physician-Patient E-mail Disconnect: "Only about one in four physicians (24%) reported that e-mail was used in their practice to communicate clinical issues with patients in 2004-05, up from one in five physicians in 2000-01, according to a national study released today by the Center for Studying Health System Change (HSC).

Press release, September 11, 2006: "The Customer Respect Group, an international research and consulting firm that focuses on how corporations treat their online customers, today released findings from its Annual Review of the Largest 100 US Companies... as defined by Fortune Magazine in April 2006. The average rating for the companies was 5.7 on a 10-point scale, in line with the average rating assessed across all website evaluations in 2006. In 2005, the largest 100 companies slightly exceeded the overall average rating...The largest 100 US companies appear to be gathering more personally identifiable information. The use of that information is also changing. Fewer companies are sharing personal data with outside organizations, but more than half continue to send unsolicited marketing emails to those that supply personal information for other reasons." A list of top scoring companies is included in this release, and access to the full Scorecard of the Largest 100 US Companies requires registration.

From the Antiphishing Working Group, the June Phishing Activity Trends Report.

Consumer Alert: New Phishing Attack Claims to be FDIC

Inappropriate Use of Email by Employees and System Configuration Management Weaknesses Are Creating Security Risks, July 31, 2006, Reference Number: 2006-20-110 (20 pages, PDF). "We found e-mail messages that violated the IRS' personal use policy in the electronic mailboxes of 71 (74 percent) of 96 employees."

GSA press release: "The U.S. General Services Administration’s (GSA) Office of Citizens Services & Communications is warning the public to avoid falling victim to a recent e-mail scheme that targets users by sending unsolicited e-mails allegedly from FirstGov, the citizen portal operated by GSA. These scam e-mails tell recipients that because of recent fraudulent activities on Money Access Online they need to confirm their account has not been stolen or hacked. The e-mails then direct recipients to click on a link and enter information related to personal credit card accounts."

Press release: "According to MarkMonitor's AntiFraud Operations Center™ (AFOC), domain-based phishing attacks now represent 73 percent of all attacks, up from 35 percent just 18 months ago." Related reference in this press release to an academic paper titled, Why Phishing Works.

The Subcommittee on Financial Institutions and Consumer Credit, chaired by Rep. Spencer Bachus (AL), held a hearing today entitled "ICANN and the Whois Database: Providing Access to Protect Consumers from Phishing." Government officials contend that access to Whois data is essential in the effort to combat cybercrimes, while privacy advocates maintain that access to data on domain name holders facilitates phishing, spam and other types of fraud.

Press release: "E-mail mismanagement continues to take a hefty toll on U.S. employers, with costly lawsuits--and employee terminations--topping the list of electronic risks. As recent court cases demonstrate, e-mail can sink businesses--legally and financially. Last year, the inability to produce subpoenaed e-mail resulted in million dollar--even billion dollar--lawsuits against U.S. companies. In fact, 24% of organizations have had employee e-mail subpoenaed, and 15% of companies have gone to court to battle lawsuits triggered by employee e-mail. That's according to the 2006 Workplace E-Mail, Instant Messaging & Blog Survey from American Management Association (AMA) and The ePolicy Institute."

WSJ free feature: Seeking a Safer Internet - New Tools Flag Sites With Spyware, Spam - But the Technology Is Far From Perfect

Outbound Email and Content Security in Today's Enterprise, 2006 (free reg. reg'd): "Enterprises are becoming increasingly concerned about creating, managing and enforcing outbound email policies that ensure that messages leaving the organization comply with both internal rules as well as external regulations."

Press release: "The United States Patent and Trademark Office (Office) is undertaking to collect Internet e-mail addresses for each registered patent attorney and patent agent. Gathering these e-mail addresses will facilitate and increase the ability of the Office to communicate with registered practitioners. The Office anticipates implementing automated notifications to registered practitioners of notices and IT system alerts."

"Irrepressible.org will harnass the power of the internet to mobilise people all over the world to take a stand against repression." [Link] "...Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information. The Internet is a new frontier in the struggle for human rights. Governments – with the help of some of the biggest IT companies in the world – are cracking down on freedom of expression. Amnesty International, with the support of The Observer, is launching a campaign to show that online or offline the human voice and human rights are impossible to repress."

An interesting article in today's National Law Journal (free) discusses issues associated with the integrity of digital evidence, including email, photos, and metadata.

SEC press release: "The Securities and Exchange Commission today filed a civil injunctive action against Morgan Stanley & Co. Incorporated for failing to produce tens of thousands of e-mails during the Commission's IPO and Research Analyst investigations from Dec. 11, 2000, through at least July 2005. The Commission alleges in its complaint that Morgan Stanley did not diligently search for back-up tapes containing responsive e-mails until 2005. Morgan Stanley also failed to produce responsive e-mails because it over-wrote back-up tapes."

Building and Implmenting a Successful Information Security Policy, by John J. Pak, May 8, 2006 (25 pages, PDF).

Follow the E-Mail Trail - What you can learn from the data embedded in e-mail headers, by Mark A. Berman and Aaron Zerykier, The National Law Journal.

CSO Fundamentals: The ABCs of Phishing and Pharming

Press release: EFF Files Evidence in Motion to Stop AT&T's Dragnet Surveillance

Press release, April 3, 2006: "The European Commission is today publishing a study which examines the scientific publication system in Europe. Scientific publication ensures that research results are made known, which is a pre-condition for further research and for turning this knowledge into innovative products and services. Scientific publication is also an important part of certifying the quality of the work done. Given the scarcity of public money to provide access to scientific publications, there is a strong interest in seeing that Europe has an effective and functioning system for scientific publication that speedily delivers results to a wide audience. Today’s report, drawn up for the Commission by a panel of experts, makes a number of recommendations for future action, including improving access to publicly-funded research."

Following up on my February 20, 2006 posting, Report on the Response to Hurricane Katrina, today GPO made available a PDF copy of the Final Report.

New York Times interview with DHS Director Michael Chertoff,by Deborah Solomon, April 2, 2006: Chertoff states, "I don't use e-mail. One reason is when you write an e-mail, you have to be mindful of the fact that nothing ever disappears. It can be deleted, but it is still in the system somewhere...They can get me. They don't need to e-mail me. There's a thing called a telephone."

Press release: "An estimated 3.6 million households, or about 3 percent of all households in the nation, learned that they had been the victim of at least one type of identity theft during a six-month period in 2004, the Justice Department’s Bureau of Justice Statistics (BJS) announced today. Forty-eight percent had experienced an unauthorized use of credit cards; 25 percent had other accounts, such as banking accounts, used without permission; 15 percent experienced the misuse of personal information and 12 percent experienced multiple types of theft at the same time. These findings represent six-month estimates based on interviews conducted from July through December 2004 for the BJS National Crime Victimization Survey."

ComputerWorld reports on enterprisewide search applications implemented by large corporations for a range of tasks, including competitive intelligence, e-discovery, and generating intranet content. Solutions such as FAST, Autonomy and Endeca index formats including text, audio and video.

Press release: "Neil Holloway, president of Microsoft Europe, Middle East and Africa (EMEA), unveiled a global law enforcement campaign that will target cybercriminals behind phishing attacks. Microsoft Corp. announced that by the end of June 2006 it will have initiated legal actions on more than 100 cases in EMEA against individuals suspected of committing online fraud; 53 of these will have already started by the end of March 2006...The legal actions are linked to a larger Microsoft(R) program, the Global Phishing Enforcement Initiative (GPEI), launched by the company to coordinate and expand its many anti-phishing efforts worldwide to fight phishers through consumer protection, partnerships and prosecution."

Press release: "Attorney General Eliot Spitzer today announced a settlement to address what may have been the largest breach of privacy in internet history. The settlement with Datran Media, a leading e-mail marketer, follows an investigation that identified the improper disclosure of the personal information of more than six million American consumers."

Press release: "In New York on March 9, 2006, attorneys with the Center for Constitutional Rights (CCR) filed a significant motion for summary judgment in the challenge to the legality of the NSA Domestic Spying Program (CCR v. Bush), asserting that the Bush Administration has already admitted enough incriminating facts to prove the NSA Program is illegal."

Follow-up to National Journal Article Claims Curtailed Gov't Surveillance Program Still Active, from today's New York Times, Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data: "...by fundamentally changing the nature of surveillance, high-tech data mining raises privacy concerns that are only beginning to be debated widely. That is because to find illicit activities it is necessary to turn loose software sentinels to examine all digital behavior whether it is innocent or not."

Follow-up to Correspondence on Libby Indictment Mentions Missing Emails, this report by Jason Leopold states, "The White House turned over last week 250 pages of emails from Vice President Dick Cheney’s office...Sources close to the probe said the White House "discovered" the emails two weeks ago and turned them over to Fitzgerald last week. The sources added that the emails could prove that Cheney lied to FBI investigators when he was interviewed about the leak in early 2004. Cheney said that he was unaware of any effort to discredit Wilson or unmask his wife's undercover status to reporters."

Related legal documents on Libby case:

"Summary: NARA is revising our regulations to provide for the appropriate management and disposition of very short-term temporary e-mail, by allowing agencies to manage these records within the e-mail system." Federal Register, February 21, 2006 (Volume 71, Number 34)] [Rules and Regulations][Page 8806-8808].

New York Times: Too Many New Gadgets, Too Much Information at Risk: Loss, theft and viruses are major issues as corporate use of handheld devices and pocket PCs increases. Pre-emptive security options are available however, as this article describes.

They Haven’t Got Mail - The Katrina hearings haven’t only revealed critical information about White House responses to the hurricane. They’ve also uncovered the online secrets of Donald Rumsfeld and Michael Chertoff: "...congressional investigations of government responses to Hurricane Katrina have revealed that two of the nation's key crisis managers, the secretaries of Defense and Homeland Security, do not use e-mail...Spokesmen for the two officials maintain that Rumsfeld and Chertoff were kept informed during Katrina the same way as they keep in touch during other crises: through aides and a variety of other communications methods..."

The Christian Science Monitor: US plans massive data sweep - Little-known data-collection system could troll news, blogs, even e-mails. Will it go too far?

Press release: Mail and News Are Main Internet Attractions Some e-commerce picking up; blogs still marginal, by Lydia Saad: "A recent Gallup Poll examining Americans' online habits finds e-mail use almost universal among the three-quarters of U.S. adults who use the Internet. Checking the news and weather ranks second on the list of 13 Internet activities measured, although not as many Americans surf for news frequently as e-mail frequently."

Late last night AP reported that Special Counsel Patrick J. Fitzgerald stated in legal correspondence [the full text of which is available here in PDF] related to discovery in the Libby CIA leak indictment, that White House email from 2003 failed to be properly archived. The article quotes the response of noted government secrecy expert Steven Aftergood to this disclosure as follows - "Bottom line: Accidents happen and there could be a benign explanation, but this is highly irregular and invites suspicion."

This New York Times essay, A Growing Web of Watchers Builds a Surveillance Society, by David Shenk, offers especially cautionary insight in light of the growing public and political response to revelations about the government's domestic surveillance program.

Pew Internet & American Life Project press release, January 22, 2006: "Internet access is the norm for most Americans, up to age 70, and all age cohorts of internet users (ages 12 and older) are equally likely to use email; about 90% of all internet users send or receive email. Given the many other variations in internet use among different age groups, it is notable that this basic communications tool is almost universally used. Internet users ages 12 to 28 years old have embraced the online applications that enable communicative, creative, and social uses. Teens and Generation Y (age 18-28) are significantly more likely than older users to send and receive instant messages, play online games, create blogs, download music, and search for school information."

Press release: "A wide-ranging look at the way American women and men use the internet shows that men continue to pursue many internet activities more intensively than women, and that men are still first out of the blocks in trying the latest technologies. At the same time, there are trends showing that women are catching up in overall use and are framing their online experience with a greater emphasis on deepening connections with people."

New York Times: The Agency That Could Be Big Brother: "...the N.S.A. has suddenly taken center stage in a political firestorm. The controversy over whether the president broke the law when he secretly ordered the N.S.A. to bypass a special court and conduct warrantless eavesdropping on American citizens has even provoked some Democrats to call for his impeachment."

RSS Aggregation - Part 1: The Partnership

Effectiveness and Enforcement of the CAN-SPAM Act: A Federal Trade Commission Report to Congress, December 2005 (116 pages, PDF):

Following up on related postings in the past several days, see the following references, resources, statements and news:

This text will self-destruct in 40 seconds - Next year self-deleting emails and photo messages too.: "Staellium UK said that its StealthText service will allow business executive dealing in sensitive information to send texts which will delete themselves from the recipient's mobile phone as soon as the person has read them."

The USC Annenberg School Center for the Digital Future has released the 2005 Digital Future Report ($). The report highlights are available free (19 pages, PDF), and note an increased use of the Internet for political campaigns, the continued popularity of email, and a significant expansion in the use of broadband access to the Internet.

FTC press release: "According to a new study released today by the Federal Trade Commission, spammers continue to harvest email addresses from public areas of the Internet, but Internet Service Providers' anti-spam technologies can block the vast majority of spam sent to these email addresses. The FTC staff report also found that consumers who must post their e-mail addresses on the Internet can prevent them from being harvested by using a technique known as masking."

Press release: "Search engine use shoots up in the past year and edges towards email as the primary internet application...from September 2004 to September 2005 the average daily use of search engines jumped from 49.3 million users to 60.7 million users – an increase of 23%.
This means that the use of search engines is edging up on email as a primary internet activity on any given day. The Pew Internet Project data show that on a typical day, email use is still the top internet activity. On any given day, about 52% of American internet users are sending and receiving email."

A new, joint federal law enforcement and industry initiative to fight Internet fraud, called LooksTooGoodToBeTrue, was launched today (press release, 5 pages, PDF). "This website was developed to arm you with information so you don’t fall victim to these Internet scam artists." The site provides consumers with documentation on: Types of Fraud; Victim Stories; FAQs & Tips; Information Regarding Phishing Scams; a Fraud Risk Test; and Links to help prevent you from being scammed.

Related references:

As reported by Stars and Stripes today, "On Tuesday, the U.S. Navy and Marine Corps blocked all access to commercial e-mail services, such as Yahoo!, Hotmail, America Online and Google, from overseas government computers...The block includes access to e-mail services from computers at base libraries and liberty centers that are connected to an official government network."

Press release from Trend Micro, October 11, 2005: "Trend Micro, Inc., a leader in antivirus and Internet content security, today announced key findings from a study that reveals that more than 87 percent of corporate end users are aware of spyware, and yet 53 percent of survey respondents demand greater education from IT to better understand the threat. The findings indicate that awareness does not translate to knowledge, and as a result users are looking to their IT departments departments to play a more protective role."

The Complete Guide to E-mail, Inc. Magazine, October 2005: "What follows is a guide to the biggest e-mail concerns, particularly security, compliance, and archiving. We'll give you tools for building an e-mail policy now, which can save headaches later, and also advice on buying the right system."

"Kath Straub, Ph.D., CUA, Chief Scientist, looks at recent research on how people detect, and often miss, Web site fraud.."
Fine-tuning your Internet deception detectors is a brief, straight forward, practical guide to "how Internet deception works."

Reuters reported on a WSJ article focused on the SEC's ongoing enforcement proceedings against Morgan Stanley which may now include a civil penalty in excess of $10 million for not retaining relevant e-mail.

Google has been the topic of several articles in the New York Times this week. Yesterday the focus was on corporate expansion, and today there is news about Google Desktop 2, an IM application called Google Talk, and Gmail for everyone (all of these services are free).
See also:

From the Reconnex August Insider Threat Index: "Ninety-one percent of companies who completed a Reconnex 48-Hour e-Risk Assessment in the month of July had credit card numbers entering or leaving their network and eight-two percent exposed social security numbers. Most concerning was the amount of personal data including name and SSNs exposed directly in the subject lines of emails, in clear, open text. The origin of the vast majority of these disclosures stemmed from human resources departments who often accidentally exposed employees' personal information when they communicate with partners in health insurance, payroll, workers compensation and other third-party processors. The personal data revealed by co-workers often included employee names, date of birth, social security numbers (SSN) and even sometimes bank routing information. This personal data was usually sent via Excel spreadsheets and in clear text. Sometimes the individual Excel spreadsheets contained thousands to tens of thousands of individuals personal data."

This free feature today from the Wall Street Journal introduced me to a phrase that describes a new and virulent wave of web email scams, referred to as "spear phishing." Recipients are government and corporate employees targeted by hackers, posing as institution members, seeking personal data. Efforts are described which try to train employees to recognize these attacks and prevent data breaches.

Press release from Unisys: "Survey results from Unisys Corporation launched [August 3, 2005] reveal that UK consumers' apathetic attitude to fraud could be helping to perpetuate the rapidly growing identity theft industry, which is now estimated to be costing UK businesses £1.3 billion per year."

From CDT: "A Federal Appeals Court on Thursday reversed a troubling ruling that prevented the Justice Department from prosecuting an e-mail service provider who allegedly intercepted and read his customers' messages. In the case of United States v. Councilman, the full First Circuit Court of Appeals ruled 5-2 to reverse the opinion of a three-judge panel that Bradford Councilman did not violate the law by allegedly copying and reading his customers' e-mail. The ruling sends an important message that e-mail is subject to protection, both against government wiretapping without a warrant and against misuse by service providers."

Law Firm Fends Off IM Threats

IBM press release: "IBM reported that virus-laden emails and criminal driven security attacks increased by 50 percent in the first half of 2005 - underscored by a significant rise in 'customized' attacks on the government, financial services, manufacturing and healthcare industries. This substantial increase, along with a decrease in less profitable threats, such as spam and simple computer viruses, indicates a growth in targeted attacks against specific organizations and industries -- apparently created with the purpose of stealing critical data, identities or extorting money."

Top Etailers' Compliance With CAN-SPAM's Opt-Out Provisions: A Report by the Federal Trade Commission's Division of Marketing Practices (July 2005).

"The focus of this white paper is to describe the basic workings of a new capability, the Microsoft® Phishing Filter, that will be included in the upcoming release of Internet Explorer 7. The Microsoft Phishing Filter will not only help provide consumers with a dynamic system of warning and protection against potential phishing attacks, but — more important — it will also benefit legitimate ISPs and Web commerce site developers that want to try to ensure that their brands are not being 'spoofed' to propagate scams and that their legitimate outreach to customers is not confusing or misinterpreted by filtering software." [the document is in Word, and available at this Link]

The EDRI-gram newsletter reported on the release of the new EU Commission explanatory memorandum on data retention, July 20, 2005 (16 pages, PDF).

July 25, 2005: The Customer Respect Group Announces Third Quarter 2005 Results of Online Customer Respect Study of Largest Airline, Travel Firms: "Competitive Pressures Seen Driving Overall Improvements; But 38 Percent of Firms Continue to Share Personal Data."

Spyware - Guidance on Mitigating Risks From Spyware FIL-66-2005, July 22, 2005

New Bush Statement on Rove Conflicts with Executive Order: "Rep. Waxman explains that the President's responsibility under E.O. 12958 to protect national security secrets requires the President to act before Special Prosecutor Patrick Fitzgerald completes his criminal investigation and to apply different standards and sanctions."

Alert Overview: "The United States Computer Emergency Readiness Team (US-CERT) has received reports of an email based technique for spreading trojan horse programs. A trojan horse is an attack method by which malicious or harmful code is contained inside apparently harmless files. Once opened, the malicious code can collect unauthorized information that can be exploited for various purposes, or permit computers to be used surreptitiously for other malicious activity. The emails are sent to specific individuals rather than the random distributions associated with a phishing attack or other trojan activity...These attacks appear to target US information for exfiltration. This alert seeks to raise awareness of this kind of attack, highlight the important need for government and critical infrastructure systems owners and operators to take appropriate measures to protect their data, and provide guidance on proper protective measures."

"The Anti-Spyware Coalition has released the first draft of the consensus document Spyware Definitions and Supporting Documents for a 30 day public comment period."

From WSJ free content today, Cooper Email Identifies Rove As a Source

Related references:

Communicating with Congress: How Capitol Hill is Coping with the Surge in Citizen Advocacy; "The Internet and e-mail have made it easier and cheaper than ever before for citizens to communicate with their Members of Congress. In 2004, Congress received 200 million communications, four times more than in 1995 -- the direct result of Internet-based communications. This increased citizen participation in the legislative process has had both positive and negative effects. Nearly 80% of congressional staff surveyed believe that the Internet has made it easier for constituents to become involved in public policy. However, neither the senders nor the receivers of congressional communications have learned how to use the new tools that the Internet has provided truly effectively."

"This report is the first of a four part Communicating with Congress series, which aims to provide information and guidance that will lead to better and more meaningful communications between Members of Congress and those they represent."

A press release on the new Pew Internet and American Life Project Report released this afternoon: "Spyware and the threat of unwanted programs being secretly loaded onto computers are becoming serious threats online. Nine out of ten internet users say they have adjusted their online behavior out of fear of falling victim to software intrusions. Unfortunately, many internet users' fears are grounded in experience - 43% of internet users, or about 59 million American adults, say they have had spyware or adware on their home computer. Although most do not know the source of their woes, 68% of home internet users, or about 93 million American adults, have experienced at least one computer problem in the past year that are consistent with problems caused by spyware or viruses."

From the FTC: The US SAFE WEB Act - Protecting Consumers from Spam, Spyware, and Fraud, released July 1, 2005

FTC press release: "In a report to Congress required by the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ("CAN-SPAM Act"), the Federal Trade Commission says it does not recommend requiring unsolicited commercial e-mail to include a label in the subject line as a means to reduce spam...The report says that although subject line labeling may appear to offer a simple legislative fix for the problem of spam, the Commission doubts that it would materially help consumers or ISPs to block unwanted commercial e-mail or to segregate commercial e-mail from other e-mail messages. The Report states that subject line labeling requirements enacted by numerous states and foreign countries have not been effective to reduce spam."

An e-mail exchange has been passed on to thousands across the UK after a sticky incident at a law firm.

Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems GAO-05-231, May 13, 2005. Highlights.

Keep Spam on Ice - Instead of sweating over a custom anti-spam server and software combo, consider the appliances on the market, by Brett Burney.

Enron Offers an Unlikely Boost to E-Mail Surveillance

2005 Electronic Monitoring & Surveillance Survey: Many Companies Monitoring, Recording, Videotaping—and Firing—Employees

Press release from FTC, May 12, 2005: Agency Seeks Comment on Definitions and Substantive Provisions Under the CAN-SPAM Act. The Federal Trade Commission published a Federal Register notice today seeking public comment on certain definitions and substantive provisions under the...CAN-SPAM Act.

From Computerworld Today, "Australia's Workplace Surveillance Bill 2005, which will go through the country's parliament on Wednesday, makes it a criminal offense to read employee e-mails."

This NewScientist.com article suggests that Teamwork will beat the spammers by using a social network to identify spam in a dynamic, collaborative effort.

House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security, Oversight Hearing on the "Implementation of the USA PATRIOT Act: Section 212--Emergency Disclosure of Electronic Communications to Protect Life and Limb," May 5, 2005

Judge Sentences Man to 9 Years in Prison for Using Fake Internet Addresses to Send Mass E-Mail Ads. Links to relevant legal documents available from JURIST Paper Chase.

The ramifications of personal use of workplace email continues to resonate. The Wall Street Journal follows-up with Snooping E-Mail by Software Is Now a Workplace Norm, also available free to readers. The article details how customized programs allow companies to monitor and review employee email and IMs using broad and specific criteria that encompass administrative and compliance issues.

This sentence is worth remembering: "Don't ever put anything in an e-mail that you wouldn't want to read on the jumbotron at Times Square." So says Alan Murray in his WSJ article, Indiscreet E-Mail Claims a Fresh Casualty (available free today).

From the Pew Internet and American Life press release: "The internet became an essential part of American politics in 2004. Fully 75 million Americans – 37% of the adult population and 61% of online Americans – used the internet to get political news and information, discuss candidates and debate issues in emails, or participate directly in the political process by volunteering or giving contributions to candidates."

As the citizens of additional states join the list of those eligable for free credit reports, problems associated with this program have been noted. The World Privacy Forum recently issued an extensive report documenting fraudulent activities that are complicating consumer access to the reports. In addition, the group reviews how use of the legitimate sites providing the credit reports may result in exposure to unwanted marketing, spam and related privacy intrusions.

Stever Robbins offers advice on how to author effective, efficient, and focused business email messages. He also recommends how to read and respond to email. Thoughtful, well constructed and brief responses, which you have taken time to consider before hitting the "send" key, will increase the value of this communications tool. And don't forget that sometimes it is easier to just use the phone. [D.C.]

A survey reviewing the time spent by business owners around the world dealing with email related issues indicates that U.S., India and the Phillipines top the list, averaging two hours per day.

On February 23, 2005 the UK Home Office launched ITsafe "to provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack."

Memorandum of Understanding On Mutual Enforcement Assistance In Commercial Email Matters Between the Federal Trade Commission of the United States of America and the Agencia Espanola de Proteccion de Datos [Link]

Killing Phish.

From the National Association of State Chief Information Officers (NASCIO), Welcome to the Jungle: The State Privacy Implications of Spam, Phishing and Spyware (15 pages, PDF).

Despite all the heralding of email's demise, it is still an essential desktop program in the workplace and for many home users as well. This Washington Post article, via MSNBC News, reviews free and low cost alternatives to Outlook.

Press release: "Today IBM announced the results from its 2004 Global Business Security Index Report and provided an early look at potential security threats in 2005. Based on early indicators, a new and troubling trend this year may be the aggressive spread of viruses and worms to handheld devices, cell phones, wireless networks, and embedded computers, which include car and satellite communication systems." [thanks David Ries]

FCC press release: "On February 7, with the cooperation of wireless carriers, the Commission published on its Web site a list of mail domain names used to send messages to wireless service. This list is to protect cellular and wireless consumers from unwanted commercial electronic mail messages by alerting marketers to which Internet domain names are used in the electronic addresses of wireless service subscribers."

As a follow-up to my posting on February 1, Junk Email Careens Out of Law's Control, more bad news about the spam explosion in a survey released by the Center for Excellence in Service at the Robert H. Smith School of Business, University of Maryland. According to the press release, "Spam's price tag now reaches $21.58 billion annually in lost productivity," and in the aggregate, "22.9 million hours a week are wasted on spam."

Law Barring Junk E-Mail Allows a Flood Instead. Another article joins the chorus complaining about the failure of the CAN-SPAM Act to stem the tide of junk email, and highlights how industry, government and advocacy groups continue to do battle against the threats. From the perspective of the spammers however, it is a lucrative business, facilitated by using offshore servers as well as "network zombies."

From ComputerWorld: "Earthlink claims victory in another spam case - The spammers sent out more than 250 million e-mail messages."

Press release from Georgia Governor: "The goal of the Georgia Slam Spam E-mail Act is to hold accountable those who abuse the Internet and harass our citizens with fraudulent, misleading and unwanted commercial e-mail...The Governor's legislation provides serious penalties for the use of false or misleading practices, such as forging headers, using misleading subject headlines or falsely stating that the information in the e-mail was requested."

From the press release: "Texas Attorney General Greg Abbott filed the state's first lawsuit against one of the world's largest spam operations in an effort to crack down on the massive flow of illegal e-mail into Texas consumers' in-boxes."

Why A Utah Court Was Right to Hold That, Under Utah Law, Pop-up Ads Are Not "Spam" by Anita Ramasastry.

This Wired article focuses on California legislation that went into effect this new year that provides the state's consumers with a range of privacy protections, including unlisted cell phone numbers, rental cars without electronic
surveillance technology activated, and the right to sue email spammers.

From the FCC, Consumer and Governmental Affairs Bureau Domain Name Data Entry (For Wireless Providers Only): "The purpose of the domain name registry is to protect cellular and other commercial mobile service (CMRS) wireless consumers from unwanted commercial electronic mail messages, by identifying, for those who send commercial electronic mail messages, Internet domain names uses to transmit electronic messages to CMRS consumers."

AP reports that Judge Charles R. Wolle, U.S. District Court for the Southern District of Iowa, awarded CIS Internet Services $1 billion in a case involving three companies accused of flooding the service with up to 10 million spam emails per day.

Press release: FTC Issues Final Rule Defining What Constitutes a "Commercial Electronic Mail Message"

Press release - FDIC Issues Study on Identity Theft and Seeks Comments on Possible Guidance to Bankers: "Fraudsters are taking advantage of the reliance on single-factor authentication for remote access to online banking, and the lack of e-mail and Web site authentication, to perpetrate account hijacking."

According to a press release from MX Logic, Inc., an "email defense solutions" provider, in November, CAN-SPAM compliance reached a record high of 6% of total traffic subject to the law.

A new white paper by Dr. Carsten Sørensen of the London School of Economics (in conjunction with Microsoft UK), titled The Future Role of Trust in Work - The Key Success Factor for Mobile Productivity. According to InfoWorld, the report indicates "that managers are using technologies such as e-mail, mobile phones, and SMS (Short Messaging Service) to keep tabs on employees when in actuality they are reducing workers' productivity and the amount of time that they spend serving customers."

Exclusive: MSN Desktop Search Revealed includes screens shots of the new utility that will be released in December as part of the MSN Toolbar Suite. (via Slashdot)

Proposed rule, National Archives and Records Administration (NARA), Federal Register, November 3, 2004:

Industry anti-spam alliance members Earthlink, Yahoo, AOL and Microsoft, have filed new complaints against spammers in four states. [Link]

Appeals Court Re-Opens E-Mail Snooping Case: "Privacy advocates and the U.S. Department of Justice (DoJ) will get their day in court, again, to appeal a three-judge panel ruling that allows e-mail providers to store and copy their customers' e-mails."

As posted on the online military personnel records request system from the National Archives:

"The FTC today issued a assessing whether and how a system that rewards members of the public for tracking down spammers would or could help improve enforcement of the CAN-SPAM Act. That Act, which became effective on January 1, 2004, required the FTC to conduct a study and provide a report to Congress on a CAN-SPAM bounty system." [Link]

From today's WSJ, via Yahoo ($), this article, The Doctor Is Online: Secure Messaging Boosts the Use of Web Consultations, merits review. It addresses the issues of privacy, consultation fees and insurance coverage associated with secure messaging systems options now available for doctor-patient communications.

Hackers hijack federal computers

From Crypto-Gram: Websites, Passwords, and Consumers.

Google Inc · S-1/A · On 8/13/4.

WholeSecurity Launches Web Caller-ID: Industry's First Behavioral Anti- Phishing Solution.

FTC press release:

AOL, Yahoo Add New Antispam Tools - Services try different approaches to sender authentication to halt spam.

Consumers still falling for phish: "Fake e-mails fool users 28 percent of the time, study finds." See these additional resources:

"Representative Jay Inslee, a Washington Democrat, and three other congressmen introduced the E-mail Privacy Act of 2004 on Thursday. The bill would require that e-mail be subject to federal wiretap law that requires a court order for real-time interception of communications." [Link]

The Information Architecture of Email

From the press release today: "State Attorney General Eliot Spitzer today announced the settlement of a lawsuit against email marketer Scott Richter and his company, OptInRealBig.com, LLC. The suit alleged that unsolicited emails, or spam, sent on defendants' behalf contained falsified headers, falsified routing information, and deceptive subject lines, and were illegally routed through a worldwide network of more than 500 vulnerable computers."

From the press release: "In the first state enforcement action taken since the January 1 inception of the federal CAN SPAM Act, AG Reilly is alleging that DC Enterprises, an unincorporated business, and company principal Willliam T. Carson of Weston, Florida, have sent thousands of misleading email messages from a business address in Newton, where the company has no physical presence."

From ZDNet: "A federal court in California has turned down a request to stop SpamCop from keeping tabs on mass e-mailer OptInRealBig, saying the blocklist operator is protected under the Communications Decency Act."

A Buyer's Guide to Spam Filtering (19 pages, PDF)

From VeriSign's press release today: "VeriSign's Anti-Phishing Solution protects enterprises through a five-tiered solution that helps prevent, detect and respond to attacks, thereby mitigating and eliminating identity theft and email fraud attempts."

Anti-Spam Technical Alliance Publishes Industry Recommendations To Help Stop Spam:

AP reports that an ex-AOL software engineer allegedly stole a list of 92 million customer screen names (online identification/user names) last year, which he then sold, and the information was subsequently used in various spam related mass emailings, in violation of the CAN-SPAM Act.

This PCWorld.com article highlights some of the current and emerging applications and standards that can be implemented in an effort to respond to the deluge of spam, as discussed at the recent E-Mail Technology Conference. What caught my eye was this paraphrased statement from Dr. Vinton Cerf: "He gave the example of an exchange that might entail a three-day e-mail chain, but which could be handled in a five-minute phone call."

A Global Push to Protect Information Online

From the FTC press release: "The Federal Trade Commission today told Congress that, at the present time, a National Do Not Email Registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively. In a report (60 pages, PDF) filed in response to a statutory mandate, the FTC also said that anti-spam efforts should focus on creating a robust e-mail authentication system that would prevent spammers from hiding their tracks and thereby evading Internet service providers’ anti-spam filters and law enforcement."

City to delete its old e-mail: "After 90 days, messages will be gone from system; Public-records questions raised; Workers will have to find and save official material."

The Changing Face of E-Mail: Speakers at the recent INBOX conference discussed a wide range of applications/solutions to address the information overload that has become an intrinsic part of enterprise email use.

Who Got the Message? There's a Way to Know:

When Software Fails to Stop Spam, It's Time to Bring In the Detectives.

An essential component of an effective intranet is a powerful, versatile and user friendly search engine. This article focuses on enterprise-wide deployment of Google for this function, and what portends to be the growth in marketing this successful search product.

Maryland Governor Robert Ehrlich signed the Maryland Spam Deterrence Act (HB 1320), which "prohibits a person from sending multiple commercial electronic mail (e-mail) messages under specified circumstances from a protected computer. Violators are subject to criminal and civil liability."

From ZDNet: "The California state Senate on Thursday approved a bill that takes aim at Google's new Gmail service, placing strict limits on e-mail providers seeking to scan customer messages for advertising and other purposes." See SB 1822.

On May 25, California State Senator Liz Figueroa offered an amended version of SB 1822 which struck language that would have presented substantial obstacles to Gmail's operation in the state.

Gartner Study Finds Significant Increase in E-Mail Phishing Attacks:

An online survey conducted in April indicates "that 75% of accountholders are less likely to respond to email from their banks, and over 65% said they were less likely to sign-up or continue to use their bank’s online services." These results reflect growing consumer concern with phishing and email fraud, occurrences of which are increasingly the focus of news articles.

Record Broken: 82% of U.S. Email is Spam

From the text of a May 3 letter sent by EPIC, the Privacy Rights Clearinghouse, and the World Privacy Forum, to California Attorney General Bill Lockyer:

FTC press release: "The FTC has cracked down on two spam operations that have clogged the Internet with millions of deceptive messages and violated federal laws...Both operations have been identified by the anti-spam organization Spamhaus as among the largest spammers in the world."

FTC Working to Protect Consumers and Businesses from Information Security Breaches

Huge Surge In Phishing Scams As Fraudsters Seek Financial Gain

The CAN-SPAM Act: Requirements for Commercial Emailers

PCWorld reports on EarthLink's plan to implement a software application called ScamBlocker, beginning April 19, at no cost to customers. Phishing employs a combination of email solicitations and fake websites to lure unsuspecting users into compromising their personal and financial data.

S.B. 604, the Maryland Spam Deterrent Deterrence Act, passed the Maryland legislature late Monday night, and awaits signature by Gov. Ehrlich. Penalties include a term of up to five years in prison and a fine of up to a $10,000.

As reported today by the WSJ, as well as via AP, privacy concerns raised in the U.S. and abroad about Google's new Gmail, still in beta, have resulted in the company considering alowing users to opt-in/opt-out of being served targeted ads, currently a component of the free email service.

FDIC Issues Warning About Fraudulent E-mails:

From the World Privacy forum, this press release and letter (pdf) on behalf of a coalition of over two dozen privacy and advocacy groups, addressing Google's new webmail service, Gmail, specific to the retention and repurposing of user data for e-commerce and law enforcement applications.

From the DOJ Criminal division, this Special Report on "Phishing, "the creation of fraudulent e-mails and websites used to deceive individuals into divulging their personal financial data."

When Instant Messages Come Bearing Malice. According to this article, there are over 160 million instant messaging (IM) accounts worldwide, and users are increasingly the target of spam, hackers and phishing.

As posted yesterday, AOL, Microsoft, Yahoo and Earthlink filed lawsuits against defendants they allege are in violation of the CAN-SPAM Act.

Text of Federal Register Notice, March 11, 2004, Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act; Proposed Rule.

Microsoft press release, March 10, 2004:

House Government Reform Hearing: You've Got Mail - But is it Secure? An Examination of Internet Vulnerabilities Affecting Businesses, Governments and Homes. October 16, 2003. Serial No. 108-95. GPO Stock No. 552-070-30848-2.

FTC Searches for a More Explicit E-Mail Warning.

The Committee on House Administration has taken the lead in testing a digital mail system by Pitney Bowes. The closure of Senate office buildings on February 3 due to the discovery of ricin has significantly raised interest in security measures to minimize the risk of such future threats.

Network Associates Spam Survey Shows That Spam Significantly Affects Security, Performance, Profitability and Overall Productivity

The FTC is seeking public comment on yet another effort to combat spam, as mandated by the CAN-SPAM Act.

From the Federal Trade Commission, a new alert, Who's Spamming Who? Could it be You? details how your email address can be used to send unsolicited email without your knowledge, along with security measures you can use to secure your computer.

Neil Squillante published a new article, Is Your Company CAN-SPAM Compliant?, that includes "Eight Not-So-Simple Rules for CAN-SPAM-Compliant Email."

Press release: U.S. Department of Homeland Security Improves America's Cyber Security Preparedness--Unveils National Cyber Alert System:

The Mydoom email worm's impact has been felt by most of us already, and threatens to continue its relentless pace around the world for another couple of days. The apparent target of the worm, the UNIX software solutions provider The SCO Group, has offered a $250,000 reward to locate the worm's creator.

Going Upstream to Fight Spam. Creative proposals continue to percolate, but a workable solution to truly quelling the tide of spam is proving elusive, with significant costs to ISPs and consumers.

Inbox trauma: New junk-fighting tools falter

Treasury breaks word on e-mail anonymity:

Spam Is Still Flowing Into E-Mail Boxes - Senders Evade Federal Law Banning Junk Messages.

From today's New York Times, an article on how House members are purchasing email lists to spam constituents (with the caveat that the messages include an opt-out option) in an effort to build a list of potential voters comprised of those who have chosen to opt-in and receive future messages.

New York State Attorney General Eliot Spitzer announced the state is suing Synergy6, Inc. and Delta Seven Communications, LLC, whose principals are accused of disseminating over one billion spam messages each week.

Congress approves anti-spam legislation

With the expiration of an October 31 deadline for implementing the Directive on Privacy and Electronic Communications, the European Commission indicated that legal action against nine member states may be necessary to ensure their compliance. The directive addresses e-privacy issues that include spam, the use of cookies, and the protection of customer data by ISPs.

From tech research firm Gartner: Spam Will Likely Worsen Despite U.S. Law.

On November 25, the Senate unanimously approved the CAN-SPAM Act (S. 877), inclusive of technical changes agreed upon with the House, which is expected to approve the bill once again in December, clearing it for signature by the President. However, not everyone on the Hill is satisfied with the bill, in particular Representatives from California whose tough new anti-spam law which is effective January 1, 2004 will be pre-empted by this legislation, which they contend offers their constituents less protection. In addition, the new Texas anti-spam law (H.B. No. 1282), that went into effect September 1, 2003 will also be pre-empted by the federal legislation.

The 10 Biggest Spam Myths:

This afternoon, after considerable negotiation and recent reports of hightened pressure to reach an agreement, the House of Representatives voted 392-5 to accept an amended version, the pdf text of which is available via CNET, of the Senate's CAN-SPAM Act of 2003 (S. 877).

From Free Range Librarian by K. G. Schneider, Getting Started with RSS: The No-Brainer Method.

Cybersecurity & Consumer Data: What's at Risk for the Consumer? - Subcommittee on Commerce, Trade, and Consumer Protection, November 19, 2003.

The USPTO granted patent 6,643,686 on November 4, 2003. It is "a system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam). InternetNews.com quotes the executive director of the SpamCon Foundation as seeing the technology as a "...potentially...effective tool against spam..."

The American Records Management Association Education Foundation sponsored a research project by John C. Montaña, J.D., titled Legal Obstacles to E-Mail Message Destruction (42 pages, pdf), published October 19, 2003. The report addresses risk management associated with e-mail retention, the definition and legal status of e-mail, state, federal and foreign government laws associated with the use of e-mail as a public record and for e-commerce transactions.

The CAN-SPAM Act of 2003: Real Reform or Political Pork? by Neil J. Squillante:

From InfoWorld, this useful review of the following anti-spam applications for use on the enterprise level: Brightmail Anti-Spam Enterprise Edition Version 5.1, FrontBridge TrueProtect E-mail Security Suite, Postini Perimeter Manager Enterprise Edition, Proofpoint Protection Server 1.2.1, and SpamAssassin 2.44, an open source spam filter included with Red Hat Linux 9.

New worm variant targets identity data:

From The Yale Journal of Law & Technology (YJoLT):

Spammers Can Run but They Can't Hide:

Internetnews.com reports that the Internet Committee of the National Association of Attorneys General sent a letter to House leaders indicating their opposition to the CAN SPAM Act, under consideration by the House and already passed by the Senate. The reasons included "that the amended act has so many loopholes, exceptions and standards of proof that it won't protect consumers," and "that the law wouldn't deter spammers, but merely foster more litigation."

"As from today EU Member States must comply with the Directive on Privacy and Electronic Communications, which sets EU standards for the protection of privacy and personal data in electronic communications. The Directive includes basic obligations to ensure the security and confidentiality of communications over EU electronic networks, including internet and mobile services. It sets out specific conditions for installing so-called “cookies” on users' personal computers and for using location data generated by mobile phones. Notably, the Directive also introduces a 'ban on spam' throughout the EU." [Link]

A team of researchers from the School of Information Management and Systems University of California, Berkeley released a new study today, How Much Information? 2003, that chronicles the information explosion over the past several years. According to the team, during the period of 1999 to 2002, "new stored information grew about 30% a year." Additional facts:

Internetnews.com reports that Speaker of the House Dennis Hastert may push forward with a full floor vote on the Can Spam Act (passed by the Senate on October 22) tomorrow. The goal of passing an anti-spam bill by the end of the year is questionable in light of objections to various provisions of the Act.

Today California Attorney General Bill Lockyer announced that the state won a judgment of $2 million against a spammer (The People of the State of California v. PW Marketing, Santa Clara County Superior Court) in what will be a model for future cases involving unsolicited email. As I posted previously, the state's new anti-spam law (in effect on January 1, 2004) prohibits an individual or entity, either from within the state or from outside the state, from distributing unsolicited commercial email advertising.

From the Pew Internet Project, a new report released October 22, Spam: How it is hurting email and degrading life on the Internet:

The CAN-SPAM Act of 2003, S. 877, which was approved by the Senate Commerce Committee by voice vote on June 19, yesterday passed the full Senate by a vote of 97-0. An amendment to authorize the Federal Trade Commission to implement a nationwide "Do Not E-mail" registry was proposed and agreed to.

The BBC reports that Microsoft Office 2003, available tomorrow, will include new e-mail privacy and security features, including the ability to designate specific readers, prevent message forwarding and printing, and a "time-stamp" which results in email deletion on a specified date.

Bret McDanel, a former employee of Tornado Development, Inc., served a 16 month sentence for violating the Computer Fraud & Abuse Act. After leaving Tornado, a provider of Unified Messaging (UM) solutions, he sent an email to thousands of the company's customers detailing a corporate email security flaw. End of story? Apparently not, as today AP reported that Assistant U.S. Attorney Ronald L. Cheng (LA) requested that the court reverse Mr. McDanel's conviction, stating that an "error" had been made, as McDanel did "not intentionally impair the [email] system by reporting its security flaws."

From the press release:

"More than nine out of 10 (92 percent) managers check up on their employees' use of e-mail and the Internet at work, according to a new survey of 192 companies by Bentley College's Center for Business Ethics." [Link via Techdirt]

U.S. Court of Appeals, 9th Circuit, 10/06/03, 02-70518, Brand X Internet Services v. FCC.

Spam Fighters Turn to Identifying Legitimate E-Mail: "...many e-mail software experts now contend that the most powerful way to clean people's mailboxes is to focus not on catching the spam, but on identifying the legitimate mail."

The following new articles were published this week on LLRX.com:

From Spam Laws, the text of

According to a BBC News article from September 18: "The UK has made spam a criminal offence to try to stop the flood of unsolicited messages. Under the new law, spammers could be fined £5,000 in a magistrates court or an unlimited penalty from a jury." This law comes via the Minister of State for Energy, e-Commerce and Postal Services, Stephen Timms.

Interesting article about several companies that provide their anti-spam software to dozens of ISPs, which is in turn used to block billions and billions of unwanted emails each month on the enterprise and home user level.

Lost in the Mail:

Giving E-mail back to the users: Using digital signatures to solve the spam problem:

According to this Washington Post article, the nation's largest ISPs are responding to the recent escalation of email viruses (Blaster and SoBig.F) innundating customer accounts by planning to implement scanning applications to screen all attached documents. With as many as half of all incoming emails infected with viruses, AOL, Comcast, Microsoft, and Covad have already begun scanning, while EarthLink and BellSouth have indicated they plan to do so this fall. The process is costly, on both the IT side as well as in terms of additional customer support requirements.

Day Three of the W32/SoBig.F virus, which is hitting home users hardest. Counterpane Internet Security has identified 1,500 malicious file attachments associated with the virus, and counting. For more information, see the following links:

Today I was spammed several hundred times, causing me to enable the overdrive level of my spam blocker. This is a first for me, but I know that unfortunately I was not alone, and sure hope tomorrow will be a quieter day in the e-mail realm. For my previous postings on spam, click here.

Spam and political campaigns are developing a synergy, to which the growing number us who have been on the receiving end, through no effort on our part, can attest. So I was quite interested when I learned about a new website, Political Spam. This independently operated site, from Richard Paul Welty, was launched in early July, and reports on spam sent by all the various Presidential campaigns and related organizations, solicits their responses when queried about the mailings, and invites copies of offending e-mails from readers. There is also a related weblog.

U.S. District Judge Royce C. Lamberth last week held the Environmental Protection Agency in contempt for destroying electronic documents in violation of a court order issued as a result of a Freedom of Information Act request. [Link]

The Inbox Defense Task Force is "a non-profit legal research organization dedicated to tracking down the true identities of spammers." The organization lists the following goals on its website:

GSA Launches USA Services: "New Initiative Rapidly Connects Citizens with the Federal Government Service Answers Citizens' Web, E-mail and Telephone Questions in 2 Days or Less."

Diverging Estimates of the Costs of Spam: "Spam is costing the U.S. economy billions in network resources, diminished productivity and forgone Internet sales. But how many billions?"

Judge Orders UBS to Pay to Retrieve E-Mail - "A federal judge ordered UBS to pay the majority of the costs involved in restoring e-mail evidence sought by a former employee who is accusing the bank of sex discrimination."

From the Sacramento Bee: "By some estimates, 200 to 300 spammers, sometimes loosely organized into gangs, are responsible for almost 90 percent of spam -- unsolicited "junk" e-mail. They play a high-tech cat-and-mouse game and increasingly use overseas servers to inundate AOL, Microsoft Network, EarthLink and other Internet service providers."

E-Mail Rules: A Business Guide to Managing Policies, Security, and Legal Issues for E-Mail and Digital Communication, by Nancy Flynn, Randolph Kahn, May 2003.

Federal Trade Commissioner Orson Swindle addressed the importance of safe computing practices at a press conference to re-launch GetNetWise, a public service Web site offering resources to make informed decisions about using the Internet. The media briefing is sponsored by the Internet Education Foundation.

From Internet.com: "Sen. Charles Schumer (D.-N.Y.) said Wednesday he will seek to amend the current spam bill pending before the Senate to include requiring the Federal Trade Commission (FTC) to create a Do Not Spam list comparable to the FTC's popular Do Not Call registry."

The FTC's Do Not Call Registry has garnered considerable press and more than 25 million registrants. A recent survey from Insight Express indicates that consumers are eager for a similar program to address spam: "83 percent of consumers said that the government should roll out a similar 'do not spam' list that they can use to register their e-mail addresses to stem junk e-mail messages." However, "Experts in email and privacy at ePrivacy Group caution that creating an effective "do-not-spam" list to match the new national "do-not-call" list will require major changes to current email technology."

White House E-Mail System Becomes Less User-Friendly: "Those who want to send a message to the president must now navigate as many as nine Web pages and fill out a form that asks if they support White House policy."

On the heels of the huge response (24.5 million registrants in 14 days) to the FTC's Do Not Call Registry to block telemarketing solicitations, comes word that this program cannot be replicated to fight spam.

The June 30 decision by the California Supreme Court in Intel Corp. v. Hamidi has spurred California Rep. Chris Cox to announce that this "most peculiar ruling ... needs legislative correction." His comments were made during a House Committee on Energy and Commerce hearing on Legislative Efforts to Combat Spam, held July 9.

July 8, 2003 - Legislative hearing on H.R. 2214, the "Reduction in Distribution of Spam Act of 2003."

From a July 1, 2003 Washington Post article:
"...marketers and an array of service providers expanding their collection and use of consumers’ e-mail addresses and other personal information, despite broad assurances to protect individual privacy and honor consumers’ choices about how much marketing they want to receive."

From Boston.internet.com: "In a blow for chipmaker Intel, the California Supreme Court Monday found that senders of spam e-mails cannot be sued under state law forbidding property trespass. The 4 to 3 ruling reversed a lower court injunction preventing former Intel engineer Ken Hamidi from sending e-mails critical of Intel to thousands of its employees." See my previous posting, California Supreme Court Reviews E-Mail Case, which links to numerous resources on this case.

Perk, and peril, in employees' attachment to e-mail: "For much of the working population, e-mail is not only available but indispensable, a tool not just for work but for maintaining personal bonds....many workers are accustomed to using a work computer and e-mail address to stay in touch with friends and family in the course of the day. Yet with the convenience comes risk. Although many people are aware that they may be sacrificing privacy by using workplace e-mail, they are sometimes indiscreet in what they write."

Congress Finds Rare Unity in Spam, to a Point. Promises abound that this will be the year when Congress enacts anti-spam legislation, as bi-partisan support, consumer demand and corporate frustration have reached a crescendo. See my related postings on current legislation here and here, and this June 20 article, Senate Once Again Backs Stringent Penalties for Spam Senders: "With minimal discussion and debate, the Senate Commerce Committee unanimously approved a bill to make it illegal for anyone to use fraudulent or deceptive return e-mail addresses, fake e-mail headers or use false subject lines."

According to this National Association of Securities Dealer's June 18 press release:

AMA 2003 E-Mail Rules, Policies and Practices Survey (8 pages, pdf), from the American Management Association:

From Internet Magazine, news of the publication, by the UK Information Commissioner, responsible for data protection & freedom of information, of the third part of the Employment Practices Data Protection Code - Monitoring at Work, the Do's & Don't for workplace monitoring. Links to these documents, and to the other parts of the guide, are available here. Also see the Trades Union Congress website, called workSMART, that provides resources on workplace monitoring and internet policies.

Introduced 6/11/2003, by Sen Charles E. Schumer (NY), S. 1231, A bill to eliminate the burdens and costs associated with electronic mail spam by prohibiting the transmission of all unsolicited commercial electronic mail to persons who place their electronic mail addresses on a national No-Spam Registry, and to prevent fraud and deception in commercial electronic mail by imposing requirements on the content of all commercial electronic mail messages.

Related news:

WeCanStopSpam is a Wiki with a clearly stated agenda, providing links to free spam filters, commentary on solutions to the spam problem, and signatures to make spamming more difficult.

In The End of History, How e-mail is wrecking our national archive, Fred Kaplan laments the lack of a paper trail for government documents, and the resulting impact on our society in terms of research, context and content that contribute to the public's ability to access and evaluate the conduct of our democracy.

According to an article in today's New York Times, the industry sponsored National Cyber Security Alliance will release a study later today focused on the security and privacy risks associated with broadband internet connections.

The study, Clear and Present Danger, In-Home Study on Broadband Security Among American Consumers, is now available here (37 page pdf).

Professor David E. Sorkin, of The John Marshall Law School Center for Information Technology & Privacy Law, will teach a seminar this summer on the Regulation of Spam and Email Marketing. This is apparently the first such law school course to focus on unsolicited commercial e-mail (UCE).

The New York Times News Tracker Service through which readers may create and schedule the delivery of topic/search specific e-mail, will be migrated from free to fee. The cost: $19.95 per year for tracking ten alerts.

However, as noted by Jonathan Dube, Yahoo! Alerts remains free.

From Declan McCullagh, Spam blockers may wreak e-mail havoc, and a series of informative postings (all available at this one link) at his Politechbot.com site, on spam blacklists/blocklists.

In related news, see also:

H.R. 2214: To prevent unsolicited commercial electronic mail. Sponsor: Rep. Richard Burr (R-NC), introduced 5/22/2003. This Act may be cited as the "Reduction in Distribution of Spam Act of 2003."

Summary from Spam Laws: "The bill would require all commercial e-mail messages to be identified as such (but not with a standard label, except for unsolicited explicit messages), and to include the sender's physical address and an opt-out mechanism. It would prohibit the use of false or misleading headers in commercial messages. State laws that prohibit unsolicited commercial e-mail, regulate opt-out procedures, or require subject-line labels would be pre-empted; laws that merely regulate falsification of message headers would remain in effect."

In related news, see also:

Updated WinZip Alters Zip Format. "WinZip 9.0, from the market leader among file-compression utilities, has entered public beta with scheduled release later this year, bringing with it a new .zip format--which means some of its functions will not be compatible with earlier versions or other programs."

Via Politechbot, the text of the Reduction in Distribution of Spam Act of 2003, (43 pages, pdf) introduced May 22 by Rep. Richard Burr, (R-NC) in another effort to stem the tide of unsolicited commercial e-mail (UCE). For other related information on state and federal anti-spam legislation that I have posted, see this link. Also see Internet.com's Special Report, Spam Reaches Epidemic Levels.

Sen. Debra Bowen's bill, SB 12, "would...prohibit a person or entity from initiating an unsolicited commercial e-mail advertisement either from California or to a California electronic mail address. The bill would also make it unlawful for a person or entity to collect electronic mail addresses posted on the Internet, or to sell or provide a list of e-mail addresses, to be used to initiate the transmission of unsolicited commercial e-mail advertisements from California or to a California e-mail address." For more information, see this SFGATE.com article.

Today the Senate Committee on Commerce, Science, & Transportation held a hearing on Spam (Unsolicited Commercial E-Mail). "Description: Members will hear testimony relating to potential legislative, technical, and other approaches to curtailing unwanted spam. Senator McCain will preside." The committee provides the full-text of available testimony via this main link.

See also, Microsoft Proposes Law on Junk E-Mail, Spammer Urges Congress to Pass Anti-Spam Law, and Gates Sends Letter on Spam to Congress.

From InfoWorld, a review of an open source anti-spam application that may be useful to a wide user community. "SpamBayes knows spam - Outlook add-in really works to block spam, and it's free." For more information, see the SpamBayes website, and this technical background document.

From the Journal of the American Medical Association (JAMA), this new survey (abstract only available free), Use of the Internet and E-mail for Health Care Information concludes that "Although many people use the Internet for health information, use is not as common as is sometimes reported."

"Senator Charles E. Schumer today urged the Federal Trade Commission (FTC) to issue a consumer advisory alert, warning all consumers to be wary of products advertised through the unsolicited commercial e-mail known as spam." See the press release here.

From Spamabuse.net, this link to spam e-mail blocking and filtering applications/services (free and commercial) available to Windows, Mac and Linux users.

Judge Thomas W. Thrash Jr., U.S. District Court, Northern District of Georgia, granted EarthLink an injunction and a $16.4 million judgment against Howard Carmack, who engaged in ID theft and fraud to deliver over 800 million spam e-mails last year via the hundreds of accounts he established with the ISP. How much EarthLink can expect to collect....nil.

For reference, see the Computer Fraud and Abuse Act of 1986, 18 USC 1030.

In a related update, see this May 14 article from News.com, 'Buffalo Spammer' nabbed in New York which says that "New York state authorities have arrested the e-mail marketer "Buffalo Spammer," in the state's first criminal case against a junk mailer."

The majority of states attorneys general expressed their opposition to federal anti-spam legislation during the course of the FTC's three-day Spam Forum currently underway in Washington, D.C. "The states are concerned because both proposals (on the federal level - the CAN SPAM Act and the REDUCE Spam Act) would supersede any state laws, even if those state laws are stronger, said Washington Attorney General Christine Gregoire. Some state laws, for example, allow people to sue spammers. That right would vanish, the attorneys general said if some of the legislation Congress is now considering became law."

See also these related articles: Experts: Spam Volume Threatening E-Mail's Future, and Spam Solutions Hard to Find, and Business Users Offer Clear Definition of Spam and Overwhelmingly Support New Anti-Spam Bill in Congress. In addition, please see the text of Senator Charles E. Schumer's (NY) speech to the Spam Forum here.

On April 29, Governor Mark R. Warner of Virginia signed two bills constituting the Virginia Computer Crimes Act (SB 1139 - became ch. 1016 and HB 2290 -became ch. 987), which in this press release is lauded as the "toughest such law in the United States,"...as..."half the world’s Internet traffic passes through the Commonwealth of Virginia." Twenty-six states have enacted anti-spam legislation, while the federal government continues to propose legislation, none of which has yet passed.

From PCWorld, "Some legal observers say that the Virginia law, which could land spammers in prison, faces enforcement problems."

Spammers obviously continue to irritate a very raw nerve, and Capitol Hill is piling on. Recent federal legislation from Senators Wyden and Burns, Senator Schumer, and now Senator Lofgren's announcement of the introduction of the Restrict and Eliminate Delivery of Unsolicited Commercial E-mail (REDUCE) Spam Act, added to state legislative efforts, indicate that the battle has not been forsaken. See also this summary of the Reduce Spam Act.

The Internet heavy-weight trio of AOL, MSN and Yahoo have also joined the fight, as the cost of spam continues to escalate, and to infuriate users and services providers alike.

Senator Charles E. Schumer announced the release of a new study (The Dark Side of E-Commerce: The EMail Spam Epidemic) indicating that "New York City residents receive 8.25 million junk emails a day and spend 4.2 million hours a year eliminating spam messages." This announcement also stated the Senator plans to introduce new legislation to combat spam, which would include criminal penalties of $5,000 or more for repeat violators. UPI reports on the bill here. See also my recent posting on the Can-Spam legislation introduced by Senators Wyden and Burns.

For an interesting perspective on just how long we have been plagued by spam, take a look at this article, Reflections on the 25th Anniversary of Spam by Brad Templeton, founder and publisher of ClariNet Communications Corp., the world's first ever ".com" company.

This new report from the FTC, False Claims in Spam (16 page pdf), states that is the first extensive review of deceptive and unfair practices that appear in unsolicited commercial e-mail (UCE). The study analyzed 1,000 spam e-mails drawn from a pool of 11,000 such messages, and concluded that at least one form of deception was evident in 66% of the aggregate.

See also these two related agency reports, Spam Email: Harvesting Your Email Address and Remove Me Surf. In addition, in related news, Web Sites Shut Down in Spam Fight.

The Department of Homeland Security had the daunting task of implementing an e-mail system that integrates 22 separate agencies. According to Federal Computer Week, the system will be launched this weekend.

The New York Times published an extensive article on the challenges posed by the adroit and aggressive junk e-mail industry that has to date overcome all challenges preventing the delivery of their unwelcome messages to our home and work e-mail accounts.

According to this article in PC World, "the U.S. Department of Agriculture Forest Service is currently considering a regulation that would let it ignore any public comments on its rule-making process sent to it through Web-based forms." The agency also intends to ignore comments sent using form letters and postcards that result from lobbying/advocacy efforts. Furthermore, the Forest Service does not participate in the e-gov initiative Regulations.gov, the portal through which users may "find, review, and submit comments on Federal documents that are open for comment and published in the Federal Register."

For reference, the origin of these proposed changes were buried here: National Forest System lands; projects and activities; notice, comment, and appeal procedures, December 18, 2002 Federal Register, for which the comment period has already passed.

Rep. Henry Waxman, Ranking Member, House Committee on Government Reform, Minority Office, sent a letter to the Committee on Energy and Commerce requesting an investigation into accusations that over the course of two years, Philip Morris destroyed e-mail relevant to the DOJ case filed against the company in 1999, alleging deceptive practices.

See also this resource, Document Destruction by Philip Morris, that includes links to correspondence (in pdf) between the DOJ and Philip Morris, the Deposition of Michael Wallmeyer, Philip Morris Information Services Specialist, and the transcript of the February 5, 2003 Status Hearing.

Sen. Conrad Burns (R-Mont.) and Sen. Ron Wyden (D-OR) introduced the CAN-SPAM bill on April 9 (S. 877), "to regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet." See the Burns press release here. The two Senators also co-sponsored the CAN-SPAM Act of 2001 (S. 630).

Also see one of my previous postings on spam here for links and statistics about the public response to spam and related institutional costs.

The Federal Energy Regulatory Commission (FERC) announced on April 7 that all Enron e-mails posted on the Commission's website would be removed temporarily (until April 24). The e-mails are part of a FERC database comprising over 85,000 Enron related documents and over 150,000 document images. This action was in response to Enron's petition to the Court of Appeals for the Fifth Circuit seeking to remove personal information about company employees that appears in the e-mail messages, all of which were available for public viewing. See also this Reuter's article.

On April 2, the California Supreme Court heard oral argument in the appeal of Intel v Hamidi. Hamidi is a former Intel employee who after his termination, on six separate occasions, used the company's internal e-mail address listing to send messages to 30,000 employees.

See also these related articles: Intel e-mail issue divides court and Trespassing or Free Speech?

The Center for Democracy and Technology (CDT) published a new report, Why Am I Getting All This Spam? (16 pages in PDF), which documents the volume of spam received over the course of six months by hundreds of accounts created specifically to research this issue. Although the report offers no absolute methods for beating spam, it does provide useful insights into how users are targeted and by whom, and offers the warning that "e-mail addresses posted on Web sites or in newsgroups attract the most spam."

Discovery is hampered in an investigation into cost over-runs and project mismanagement on Boston's Big Dig project, "the largest, most complex and technologically challenging highway project in Amerian history."

Apparently project managers instituted a policy of deleting all project related e-mail messages after thirty days, as reported during a Massachusetts State House Hearing.

A new organization, the Internet Research Task Force, comprised of 13 Research Groups, one of whose goal is to fight spam, launched their website last week. The Anti-Spam Research Group (ASRG) has an email list at asrg@ietf.org.

The National Consumers League, Internet Fraud Watch published two surveys on Web e-mail scams: Top 10 Internet Scams 2001 (includes data on Type of Complaint, Percentage of Total Complaints and Average Loss), and Ages of Consumers Who Filed Complaints, 2001 (includes Percentage of Total Complaints). The surveys are available in tabular format on this webpage.

The longest continuously running global e-mail scam, in operation since the 1980s, is the Nigerian e-mail fraud. Doubtless you have received such e-mails on a daily basis if you are not using blocking software. For more information, see this United States Secret Service site on what is known as Advance Fee Fraud (AFF) or "4-1-9" fraud, which refers to the section of the Nigerian Penal Code on fraud schemes.

See also this article from CNN today, Latest ID theft scam: Fake job listings. Monster.com e-mailed its users and stated "regrettably, from time to time, false job postings are listed online and used to illegally collect personal information from unsuspecting job seekers."

This Securities and Exchange Commission press release states that the agency filed suit in the U.S. District Court for the Eastern District of New York against Samuel Aaron Meltzer ("Meltzer"), referred to as a "professional Internet spammer," for committing securities fraud via the Web (SEC v. Meltzer, E.D. N.Y., Action No. CV 03 770, Judge Denis R. Hurley, 2/18/03). Meltzer is alleged to have used spam and more than two dozen websites to promote penny stocks about which he made "made false and misleading representations." The complaint is here. The current docket in this case is available here.

This PCWorld article, Are Spammers Hiding Behind Students? indicates that students at Tufts University accepted payment to route spam through the institution's network. See also: Tufts student to be disciplined for using university network for spam.

The Washington Post reports that ISP giants and rivals Microsoft and AOL are working together to help craft legislation on the federal and state level to fight the uncontrollable tide of spam that plagues their respective subscribers, which total over 140 million. To provide some perspective on the enormity of the problem, AOL alone claims to block about 780 million spam e-mails bound for customers each day.

In related news, a survey by Assurance Systems concluded that "opt-in" e-mail is routinely blocked by major ISPs, with AOL ranking third on the list with an 18% non-delivery rate.

Palo Alto California's Mayor Dena Mossar announced a settlement of lawsuits brought against the City Council by The Palo Alto Weekly and the San Jose Mercury News concerning e-mail correspondence that was not disclosed to the public.

The Council held a closed door meeting on October 30, 2002 during which time they disseminated e-mail concerning what they determined was a private issue.
The Council has now released all the e-mails, and in a futher move, "will make available copies of e-mails from September 1 to the present time, sent by Council Members to staff and staff responses concerning items on the council agenda." The San Diego Union heralded the Council as "a trailblazer in open governance."

From PC Magazine, this review and comparison of ten popular applications to combat spam on your home PC, as well as a six applications for use by IT departments and ISPs.

The FTC announced a free, three day forum, April 30-May 2, open to the public, consisting of fourteen separate panels, each addressing different aspects of the spam email issue including legislation, security, privacy, law enforcement, and blocking software. The text of the Federal Register notice on this forum is available here, and references a recent article about the growing proliferation of spam at home and at work.

The Colorado House Committee on Technology and Information has introduced a new bill, HB 03-1200, to amend the Junk E-Mail Law to include a no-solicitation list similar to the telemarketing no-call list. The full-text of the Colorado Statute is here.

Global web access was disrupted on Saturday by an attack of a worm called SQL Slammer that affects Microsoft SQL Server 2000. Other consequences included a delay in e-mail delivery and all of Bank of America's ATMs were