E-Mail
May 11, 2013
* FOIA Request to DOJ Yields Expansively Redacted Response

ABCNews: "The Department of Justice complied with the letter of the law and responded to a Freedom of Information Act request from the ACLU seeking insight into the Obama Administration’s policy on intercepting text messages from cell phones. But -- it didn’t release any actual information. Or even any words or letters. As one Reddit comment put it, “[the document is] so transparent it’s completely invisible.” Instead, the Justice Department released 15 pages that were entirely redacted, shaded over in heavy black from top to bottom. All that was visible is the subject of the memo: “Guidance for the Minimization of Text Messages over Dual-Function Cellular Telephones” It is all part of a larger legal battle between civil rights activists and the federal law enforcement about electronic communications. The ACLU has argued that current government surveillance practices on electronic communications violate citizens’ Fourth Amendment rights, which are meant to protect Americans from unlawful searches and seizures. With the FOIA request they were trying to determine if the FBI had properly complied with a 2010 appeals court decision that concerned when email providers must turn over messages to law enforcement and whether the guidelines apply to text messages."

April 25, 2013
* Publicly Available Social Media Monitoring and Situational Awareness Initiative Update

Privacy Impact Assessment for the Office of Operations Coordination and Planning - Publicly Available Social Media Monitoring and Situational Awareness Initiative, DHS, Update April 1, 2013

  • "To monitor social media, National Operations Center Media Monitoring analysts only use publicly available search engines, content aggregators, and site-specific search tools to find items of potential interest to DHS. Once the analysts determine an item or event is of sufficient value to DHS to be reported, they extract only the pertinent, authorized information, and put it into a specific web application (Media Monitoring Capability (MMC) application) to build and format their reports. The unused information for each item of interest is not stored or filed for reference and is lost when the webpage is closed or deleted. The MMC application also facilitates tracking previous reports to help avoid duplicative reporting and ensures further development of reporting on ongoing issues. It allows analysts to electronically document details using a customized user interface, and disseminate relevant information in a standardized format. Using the MMC application, NOC MMC analysts can efficiently and effectively catalog the information by adding meta - tags such as location, category, critical information requirement, image files, and source information. The application empowers NOC MMC analysts to have a better grasp of the common operating picture by providing the means to quickly search for an item of interest using any of the above - mentioned meta-tags as well as enabling them to respond to requests for information from other collaborating entities in a timely fashion."
  • April 24, 2013
    * DHS Releases Revises Privacy Impact Assessment on Internet Monitoring Program

    EPIC: "The Department of Homeland Security has released a Privacy Impact Assessment for Einstein 3 - Accelerated. Einstein 3 is a government cybersecurity program that monitors Internet traffic. The monitoring includes scanning email destined for .gov networks for malicious attachments and URLs. According to DHS, the basis of the government’s authority to perform the monitoring is National Security Presidential Directive 54. EPIC is pursuing FOIA litigation to force the government to release the Directive to the public. For more information, see EPIC v. NSA - Cybersecurity Authority."

    April 21, 2013
    * FTC Survey for 2011 Shows an Estimated 25.6 Million Americans Fell Victim to Fraud

    News release: "The Federal Trade Commission today released a statistical survey of fraud in the United States during 2011, which showed that an estimated 25.6 million adults – 10.8 percent of the adult population – were fraud victims...While fast-growing online commerce has benefited consumers with greater choice and convenience, the survey indicates that, as of 2011, the Internet was also the place where consumers most often learned about fraudulent offers. The Internet category, which included email, social media, auction sites and classified ads, was followed by print advertising, and TV and radio. Most consumers bought fraudulent items via the Internet; telephone purchases ranked second."

    April 16, 2013
    * New Internet Security Threat Report from Symantec

    2013 Internet Security Threat Report - "Key Findings:

    • 42% increase in targeted attacks in 2012.
    • 31% of all targeted attacks aimed at businesses with less than 250 employees.
    • One waterhole attack infected 500 organizations in a single day.
    • 14 zero-day vulnerabilities.
    • 32% of all mobile threats steal information.
    • A single threat infected 600,000 Macs in 2012.
    • Spam volume continued to decrease, with 69% of all email being spam.
    • The number of phishing sites spoofing social networking sites increased 125%.
    • Web-based attacks increased 30%.
    • 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems."

    * Experian reveals a quarter of time online is spent on social networking

    Experian reveals a quarter of time online is spent on social networking: London, 16 April 2013 – "Insights from Experian, the global information services company, reveals that if the time spent on the Internet was distilled into an hour then a quarter of it would be spent on social networking and forums across UK, US and Australia. In the UK 13 minutes out of every hour online is spent on social networking and forums, nine minutes on entertainment sites and six minutes shopping."

    April 03, 2013
    * FireEye Advanced Threat Report – 2H 2012

    "This report provides a detailed, current look at the nature of advanced threats targeting organizations today. Drawing on data gathered by FireEye® from several thousands of appliances at customer sites around the world, across 89 million events, this report provides an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations' networks today. Key findings include:

  • On average, a malware event occurs at a single organization once every three minutes. Malware activity has become so pervasive and attacks so successful at penetrating legacy defenses—network firewalls, Intrusion Prevention Systems (IPS), and anti-virus (AV), that once every three minutes organizations on average will experience a malicious e-mail file attachment or web link, as well as malware communication—or callback—to a command and control (CnC) server. Across industries, the rate of malware activity varies, with technology experiencing the highest volume with about one event per minute."
  • March 25, 2013
    * Cloud Computing: Constitutional and Statutory Privacy Protections

    CRS - Cloud Computing: Constitutional and Statutory Privacy Protections, Richard M. Thompson II, Legislative Attorney. March 22, 2013

  • "...cloud computing is a web-based service that allows users to access anything from e-mail to social media on a third-party computer. For instance, Gmail and Yahoo are cloud-based email services that allow users to access and store emails that are saved on each respective service’s computer, rather than on the individual’s computer. As more communications are facilitated through these cloud-based programs, it is no surprise that government and law enforcement would seek to access this stored information to conduct criminal investigations, prevent cyber threats, and thwart terrorist attacks, among other purposes. This prompts the following questions: (1) What legal protections are in place for information shared and stored in the cloud? (2) What legal process must the government follow to obtain this information? and (3) How do these rules differ from those applied in the physical world?"
  • February 26, 2013
    * ACLU - New Document Sheds Light on Government’s Ability to Search iPhones

    "Cell phone searches are a common law enforcement tool, but up until now, the public has largely been in the dark regarding how much sensitive information the government can get with this invasive surveillance technique. A document submitted to court in connection with a drug investigation, which we recently discovered, provides a rare inventory of the types of data that federal agents are able to obtain from a seized iPhone using advanced forensic analysis tools. The list, available here, starkly demonstrates just how invasive cell phone searches are—and why law enforcement should be required to obtain a warrant before conducting them."

    February 24, 2013
    * New on LLRX - LegalTech 2013: Old habits die hard, but die they do

    Via LLRX.com - LegalTech 2013: Old habits die hard, but die they do - Attorney Nicole Black's article on the LegalTech 2013 conference, sponsored every year by American Lawyer Media, updates all of us who could not attend on the latest legal technologies and innovations.

    February 23, 2013
    * Commentary - The Saga of Barrett Brown: Inside Anonymous and the War on Secrecy

    The Saga of Barrett Brown: Inside Anonymous and the War on Secrecy, By Christian Stork, February 21, 2013

  • "Alleged “hacktivist” Barrett Brown, the 31-year old mislabeled “spokesman” for the shadowy hacker collective known as Anonymous, faces federal charges that could put him away for over a hundred years...His crime: making leaked e-mails accessible to the public—documents that shine a light on the shadowy world of intelligence contracting in the post-9/11 era. A critically acclaimed author and provocative journalist, Brown cannot be too easily dismissed as some unruly malcontent typing away in the back of a gritty espresso lounge. He is eccentric. And he was clearly high on something, if only his own hubris, when he made a threatening video that put him in the feds’ crosshairs. But that’s not the real reason for the government’s overreaction. Evidence indicates it has a lot more to do with sending a message to the community he comes from, which the government sees—correctly—as a threat."

  • January 28, 2013
    * Google’s approach to government requests for user data

    Google Official Blog: "..January 28, is Data Privacy Day, when the world recognizes the importance of preserving your online privacy and security. If it’s like most other days, Google—like many companies that provide online services to users—will receive dozens of letters, faxes and emails from government agencies and courts around the world requesting access to our users’ private account information. Typically this happens in connection with government investigations. It’s important for law enforcement agencies to pursue illegal activity and keep the public safe. We’re a law-abiding company, and we don’t want our services to be used in harmful ways. But it’s just as important that laws protect you against overly broad requests for your personal information...Today, for example, we’ve added a new section to our Transparency Report that answers many questions you might have. And last week we released data showing that government requests continue to rise, along with additional details on the U.S. legal processes—such as subpoenas, court orders and warrants—that governments use to compel us to provide this information."

    December 12, 2012
    * Commentary - The life span of email

    Curt Hopkins for The Daily Dot: "When a user “deletes” an email in the normal fashion, it becomes invisible to that user and is immediately a candidate to be overwritten. But until it is in fact overwritten, it exists. And it may persist longer on company servers. So, even if it is taken off your computer, it may still be available on the host’s server. Given that email-hosting companies are legally obliged to turn over user information to law enforcement and intelligence authorities with warrants—and these days even without them—the impossibility of being certain of a deletion means you must presume that any email you compose will be available remain accessible forever."

  • See also “A Pace Not Dictated by Electrons”: An Empirical Study of Work Without Email
  • November 14, 2012
    * EPIC - Google Transparency Report Reveals Risks of Cloud-based Computing

    "According to a recent report from Google, the company received 20,938 requests for user data in the first half of 2012, up from 18,257 requests in the second half of 2011. The United States accounted for 7,969 requests in the 2012 report. And of these requests, Google provided user data to the US government in 90% of the cases. Over the last several years, Google has pursued an aggressive effort to promote computing services that store personal data on Google's servers even as the number of government requests has grown. And earlier this year, Google reduced safeguards for Gmail users, over the objections of many lawmakers and users when it consolidated privacy policies across its various Internet services. In 2009, EPIC L3[urged] the Federal Trade Commission to look more closely at the privacy risks of cloud-based services. For more, see EPIC - "Cloud Computing"."

    July 02, 2012
    * Managing Discovery of Electronic Information: A Pocket Guide for Judges

    Managing Discovery of Electronic Information: A Pocket Guide for Judges, Second Edition. Barbara J. Rothstein, Ronald J. Hedges, and Elizabeth C. Wiggins. Federal Judicial Center, 2012

  • "ESI currently includes e-mail messages, word processing files, web pages, and databases created and stored on computers, magnetic disks (such as computer hard drives), optical disks (such as DVDs and CDs), and flash memory (such as “thumb” or “flash” drives), and increasingly on “cloud” based servers hosted by third parties that are accessed through Internet connections. The technology changes rapidly, making a complete list impossible. Federal Rules of Civil Procedure 26 and 34, which went into effect on December 1, 2006, use the broad term “electronically stored information” to identify a distinct category of information that, along with “documents” and “things,” is subject to discovery rights and obligations."
  • June 27, 2012
    * EPIC Calls On FTC to Investigate Facebook Email Changes

    "EPIC has asked the Federal Trade Commission to review Facebook's decision to change the default email address of Facebook users. The company recently removed email addresses, selected by users, with a @facebook.com address assigned by Facebook. EPIC asked the FTC to review this practice as it finalizes the terms of a settlement with Facebook. "Facebook's willingness to disregard user choice...raise[s] important questions about the company's ability to comply with the terms of the proposed Consent Order," EPIC wrote. EPIC also said that the change is a deceptive business practice because Facebook did not tell users that their preferred email address could be removed by the company. And EPIC noted that the change would result in user email being sent to Facebook's servers that would otherwise have gone to the user's email service. The FTC's settlement with Facebook follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. The settlement would bar Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement."

    April 16, 2012
    April 04, 2012
    * EFF: UK Government Proposes Law Monitoring Every Email, Phone Call, and Text Message

    EFF: "On Sunday, the United Kingdom’s Prime Minister David Cameron and the Interior Ministry were forced to defend a sweeping wiretapping proposal, which would aim to monitor every single email, text message, and phone call flowing through the whole country. The proposal would likely force all UK Internet Service Providers (ISPs) to install “black boxes” on their systems that use Deep Packet Inspection (DPI) technology, which would give authorities access to all communications data without a warrant or any judicial oversight. Law enforcement would have access to IP addresses, email addresses, when you send an email, to whom you send it, and how frequently—as well as corresponding data for phone calls and text messages. The government has claimed this proposal is needed to fight “terrorism and serious crimes,” but of course, it would be available to law enforcement for all purposes."

    March 15, 2012
    * FBI FAct Sheet on Internet Fraud

    FBI Fact Sheet on Internet Fraud: Includes information on: Avoiding Internet Auction Fraud, Avoiding Non-Delivery of Merchandise, Avoiding Credit Card Fraud, Avoiding Investment Fraud, Avoiding Business Fraud, Avoiding the Nigerian Letter or “419” Fraud, Common Fraud Scams, Investment-Related Scams, Internet Scams, and Fraud Target: Senior Citizens.

    January 30, 2012
    * Domain-based Message Authentication, Reporting & Conformance

    "DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate."

    January 01, 2012
    * UK Lord Chief Justice extends Live Text-Based Communication from Court

    Guidance on Live, Text-Based Communications from Court: "This Practice Guidance (the Guidance) applies to court proceedings which are open to the public and to those parts of the proceedings which are not subject to reporting restrictions. It is issued (as Guidance and not a Practice Direction) following a consultation relating to the use of live, text-based communications. Those consulted included the Judiciary, the Secretary of State for Justice, the Attorney General, the Director of Public Prosecutions, the Bar Council, the Law Society, the Press Complaints Commission, and the Society of Editors in addition to interested members of the public via the Judiciary website.
    2) The Guidance clarifies the use which may be made of live text-based communications, such as mobile email, social media (including Twitter) and internet enabled laptops in and from courts throughout England and Wales. For the purposes of this Guidance these means of communication are referred to, compendiously, as live, text-based communications."

    December 15, 2011
    * UK clarifies law on information held in private email accounts

    News release: "The Information Commissioner’s Office (ICO) has today published new guidance making it clear that information concerning official business held in private email accounts is subject to the Freedom of Information Act. Information Commissioner, Christopher Graham said:

  • “It should not come as a surprise to public authorities to have the clarification that information held in private email accounts can be subject to Freedom of Information law if it relates to official business. This has always been the case – the Act covers all recorded information in any form. It came to light in September that this is a somewhat misunderstood aspect of the law and that further clarification was needed. That’s why we’ve issued new guidance today with two key aims – first, to give public authorities an authoritative steer on the factors that should be considered before deciding whether a search of private email accounts is necessary when responding to a request under the Act. Second, to set out the procedures that should generally be in place to respond to requests. Clearly, the need to search private email accounts should be a rare occurrence; therefore, we do not expect this advice to increase the burden on public authorities.”
  • December 01, 2011
    * BJS: Identity Theft Reported by Households, 2005-2010

    Identity Theft Reported by Households, 2005-2010: "Presents data on the nature of and trends in identity theft victimization among U.S. households from the National Crime Victimization Survey (NCVS). The NCVS defines identity theft as the misuse or attempted misuse of an existing credit card or another existing account or the misuse of personal information to open a new account or for other fraudulent purposes. Findings are based on experiences of all household members age 12 or older as reported by the head of household. The data brief examines changes in the percentage of households experiencing identity theft from 2005 to 2010. It describes differences in the types of identity theft experienced by households in 2010 compared to 2005, as well as changes in the demographic characteristics of victimized households. The brief also presents estimates on the monetary losses attributed to household victims of identity theft. Highlights include the following:

    • In 2010, 7.0% of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization.
    • Among households in which at least one member experienced one or more types of identity theft, 64.1% experienced the misuse or attempted misuse of an existing credit card account in 2010.
    • From 2005 to 2010, the percentage of all households with one or more type of identity theft that suffered no direct financial loss increased from 18.5% to 23.7%."

    October 24, 2011
    * FTC Gives Final Approval to Settlement with Google over Buzz Rollout

    News release: "Following a public comment period, the Federal Trade Commission has accepted as final a settlement with Google, and authorized the staff to provide responses to the commenters of record. The settlement resolves charges that Google used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010. The agency alleged that the practices violate the FTC Act. The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. The Commission vote approving the final settlement was 4-0.

  • In the Matter of Google Inc., a corporation, FTC File No. 102 3136
  • September 22, 2011
    * Symantec Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests

    News release: "Symantec Corp. announced the findings of its 2011 Information Retention and eDiscovery Survey which examined how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request. The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines."

    August 28, 2011
    * Pew: 65% of online adults use social networking sites

    65% of online adults use social networking sites - Women maintain their foothold on SNS use and older Americans are still coming aboard. Mary Madden, Senior Research Specialist, Kathryn Zickuhr, Research Specialist, 8/26/2011

  • "Two-thirds of adult internet users (65%) now say they use a social networking site like MySpace, Facebook or LinkedIn, up from 61% one year ago. That’s more than double the percentage that reported social networking site usage in 2008 (29%). And for the first time in Pew Internet surveys it means that half of all adults (50%) use social networking sites. The pace with which new users have flocked to social networking sites has been staggering; when we first asked about social networking sites in February of 2005, just 8% of internet users – or 5% of all adults – said they used them. Looking at usage on a typical day, 43% of online adults use social networking, up from 38% a year ago and just 13% in 2008. Out of all the “daily” online activities that we ask about, only email (which 61% of internet users access on a typical day) and search engines (which 59% use on a typical day) are used more frequently than social networking tools."
  • August 25, 2011
    * Symantec Intelligence Report - August 2011

    "Symantec Corp. announced the results of the August 2011 Symantec Intelligence Report, now combining the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. This month’s analysis reveals that once more spammers are seeking to benefit from fluctuations in the turbulent financial markets, most notably by sending large volumes of spam relating to certain “pink sheets” stocks in an attempt to “pump” the value of these stocks before “dumping” them at a profit. In a pump-and-dump stock scam, spammers promote certain stocks in order to inflate the price as much as possible so that they may then be sold before their valuation crashes back to reality. The spam for these scams tries to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket. Most of these claims are either misleading or false. A successful pump-and-dump spam campaign will artificially drive up the price of the stock to a point where the scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which in turn reduces the interest in the stock, helping to drive its valuation back to the original low price."

    August 14, 2011
    * Pew Findings: Search and email remain the top online activities

    Search and email still top the list of most popular online activities - Two activities nearly universal among adult internet users, by Kristen Purcell

  • "A May 2011 Pew Internet survey finds that 92% of online adults use search engines to find information on the Web, including 59% who do so on a typical day. This places search at the top of the list of most popular online activities among U.S. adults. But it is not alone at the top. Among online adults, 92% use email, with 61% using it on an average day. Since the Pew Internet Project began measuring adults’ online activities in the last decade, these two behaviors have consistently ranked as the most popular. Even as early as 2002, more than eight in ten online adults were using search engines, and more than nine in ten online adults were emailing."
  • July 14, 2011
    * New FTC Video Helps Businesses Comply with CAN-SPAM Rule

    News release: "Say “spam” and most business executives think of annoying e-mail messages, like the ones that hold out a phony offer to split $50 million that’s sitting in a foreign bank. Of course, this type of message is covered by the Federal Trade Commission’s CAN-SPAM Rule, which is designed to protect consumers from deceptive commercial e-mail. But CAN-SPAM covers e-mails from legitimate businesses, too, such as e-mail notifying customers about a new product line or a special sale. To help explain what the CAN-SPAM Rule covers, the FTC has produced a new video for businesses with a seven-point checklist for sending commercial e-mail messages. For example, e-mail marketers must use accurate headers and subject lines and provide a method for consumers to stop getting e-mails. In addition to the video, the FTC also offers a brochure, The CAN-SPAM Act: A Compliance Guide for Business."

    June 24, 2011
    * Truth About Wireless Phones and the National Do-Not-Call List

    FCC: "You may be one of many consumers who have received emails saying you’re about to be assaulted by unwanted telemarketing calls to your wireless phone. Rest assured that placing telemarketing calls to wireless phones is -- and always has been -- illegal in most cases. Why the Confusion? The confusion seems to stem from recent discussions in the wireless phone industry about establishing a wireless 411 phone directory, much like your traditional (wired) 411 phone directory. A number of email campaigns seem to suggest that if your wireless telephone number is listed in a wireless 411 directory, it will be available to telemarketers, and you will start to receive sales calls. In addition, some of these email campaigns suggest that there is a separate do-not-call “cell phone registry,” which you must call to have your wireless phone number covered by the do-not-call rules. This information is wrong."

    June 12, 2011
    * NOAA announces agency-wide move to cloud-based unified messaging technology

    News release: "NOAA announced an $11.5 million, three-year award to Earth Resources Technologies, Inc. for cloud-based unified messaging services. The agency-wide transition will modernize e-mail and calendar infrastructure, integrate collaborative tools and facilitate synchronization with mobile devices to better support NOAA’s mission and its nationwide workforce. As the largest federal agency to adopt cloud technology to date, NOAA will migrate 25,000 mailboxes to the cloud rather than utilizing in-house servers. NOAA’s decision to pursue the cloud solution supports the Obama administration’s direction to pursue a “cloud first” approach. “The cost to the taxpayer will be 50 percent less than an in-house solution,” said NOAA Chief Information Officer Joseph Klimavicz. “As the new standard, cloud computing has great value allowing us to ramp up quickly, avoid redundancy and provide new services and capabilities to large groups of customers.”

    June 11, 2011
    * MSNBC Posts Integrated Palin E-Mail collection

    "This collection contains over 24,000 e-mails from former Alaska Governor Sarah Palin’s administration and was obtained in June 2011, more than two and a half years after the public records request for these materials. Crivella West, at its own expense, converted the paper copies of the e-mails produced back into searchable digital copies and made the digital copies available to the public without charge. In addition, Crivella West has provided analytical tools to organize the documents to help users uncover information of interest. Crivella West is continuing its collaboration with msnbc.com, Mother Jones and Pro Publica."

  • Search
  • All Documents List
  • June 01, 2011
    * Google Issues Advisory - Ensuring your information is safe online

    Official Google Blog: "...Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.) Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."

    April 28, 2011
    * GSA Plans RFP for $2.5 Billion in Cloud Computing to Support IT Reform Plan

    Jason Miller, Executive Editor, Federal News Radio: "The General Services Administration is about to give the Obama administration's policy that requires agencies to use cloud computing a big boost. GSA plans on releasing a request for proposals May 10 for e-mail-as-a-service that could be worth $2.5 billion. Vivek Kundra, the federal chief information officer, said Wednesday there are $20 billion in systems across the government that could move to the cloud, and email and collaboration software are among the easiest first steps. We already are seeing 15 agencies that have identified 950,000 e-mail boxes across 100 email systems that are going to move to the cloud," he said during an update on the administration's 25-point IT reform plan at the White House. "This represents a huge opportunity for [vendors] to aggressively compete for these new opportunities in the cloud space and provide the government with the best value and most innovative technologies." Among those 15 agencies already on their way are the Agriculture Department and GSA. USDA is moving 120,000 employees to Microsoft's cloud, while GSA picked Unisys, which partnered with Google, to move as many as 30,000 employees to a new email system."

    April 26, 2011
    * Commentary: Welcome to the age of data: Watch your back!

    Welcome to the age of data: Watch your back! by Molly Wood

  • "This week's iPhone location tracking scandal is just the latest glaring spotlight on how much of your personal information is gushing out the door, whether unprotected on your own devices and ripe for the picking, or into corporate and botnet servers worldwide. Personal information is the currency of the post-technological age, and the cost of "free" has never been higher. Your data, on an increasingly minute and personal level, powers every Web or network-based company, from start-up to monolith. Google maintains literally acres of servers dedicated to storing your communications--from e-mail to texts to the transcripts of your voice mail; your browsing and shopping habits; your blog posts; your photos; your calendar appointments; and of course, your intensely personal search histories. If you're logged in to a Google service, that information is all tied to your IP address. Only the thinnest of artificial technical barriers--a sort of loose privacy honor system--keeps Google from combining the data into a scarily accurate digital version of you (like the first digital Cylon, if you will). But pity poor Google, which must gather all this information by increasingly intrusive means, like the DoubleClick ad cookie that tracks your browsing all across the Web, surreptitious Wi-Fi sniffing, and sending location information about you back to its data centers even when you're not running location apps. On the other side of the aisle lies Facebook, which has cleverly cajoled 500 million users (and growing) into giving up virtually all the same information for free. Profiles, Places, Deals, and of course, the ever-present Like button, which lets you easily record your preferences for everything from opinions to shoes to celebrities and bands...you can almost imagine Facebook whispering a little "thank you" every time you click that little blue button."

  • April 07, 2011
    * Epsilon Data Breach Threatens E-mail Privacy of Millions

    Via EPIC: "Epsilon, a large marketing firm, has lost the names and e-mail addresses of customers of Walgreens, JP Morgan Chase, Capitol One, Tivo, and other large companies. The firm announced the data breaches late last week. Data service providers, such as Epsilon, are not well known by consumers and are not typically regulated. Epsilon provides data analytics, targeting, profiling of customers, as well as e-mail tracking services. Previously, EPIC provided comments to the Federal Trade Commission and testimony to the United States Congress on the need for comprehensive privacy protection for customer data."

    April 05, 2011
    * Symantec Internet Security Threat Report: Trends for 2010

    Symantec Internet Security Threat Report Trends for 2010, Volume 16, Published April 2011

  • "Spam and phishing data is captured through a variety of sources, including the Symantec Probe Network, a system of more than 5 million decoy accounts; MessageLabs™ Intelligence, a respected source of data and analysis for messaging security issues, trends and statistics; as well as other Symantec technologies. Data is collected in more than 86 countries from around the globe. Over 8 billion email messages, as well
    as over 1 billion Web requests are processed per day across 16 data centers. Symantec also gathers phishing information through an extensive antifraud community of enterprises, security vendors, and more than 50 million consumers. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the Symantec Internet Security Threat Report, which gives enterprises and consumers the essential information to secure their systems effectively now and into the future."
  • "Symantec recorded over 3 billion malware attacks in 2010 and yet one stands out more than the rest - Stuxnet. This attack captured the attention of many and led to wild speculation on the target of the attacks and who was behind them...."
  • March 06, 2011
    * NARA 2010 Records Management Self-Assessment Report

    An Assessment of Records Management Programs in the Federal Government National Archives and Records Administration, February 22, 2011

  • "Federal records are national assets. They are essential to Government transparency and accountability, and the people who use Federal records – American citizens, Government officials, researchers – must have confidence in their integrity, authenticity, and reliability. Towards this ideal, a number of laws and regulations are in place to govern the creation, maintenance, and disposition of Federal records. Agency employees at all levels, and in all aspects of their work, are required to practice proper Federal records management. They have to document their actions (and by extension the actions of the Government), retain records in a usable format for as long as necessary, and ensure the preservation and availability of permanent records. Agencies must have robust records management programs, with leadership and support from senior officials, and professional staff and adequate resources, to help their employees do this."
  • Nextgov: "After investigating itself for almost a year, the Justice Department reported to the National Archives and Records Administration that it is unable to determine whether any e-mails related to its notorious 2002 "torture memos" were improperly destroyed. The department's finding, which it delivered to NARA in February, appears to close a troubling case of lax records management by a federal agency. Officials at NARA accepted the explanation of the Justice Department's chief records keeper of why thousands of e-mails vanished when they were needed for an investigation and closed the agency's examination of the matter."
  • February 15, 2011
    * SEC OIG - Investigation of Failure of SEC's LA Regional Office to Uncover Fraud in Westridge Capital Management

    Investigation of the Failure of the SEC's Los Angeles Regional Office to Uncover Fraud in Westridge Capital Management Notwithstanding Investment Adviser Examination Conducted in 2005 and Inappropriate Conduct on the Part of Senior Los Angeles Official, Case No. OIG-533 [redacted, dated October 26, 2010 and released February 2011]

  • "In all, the OIG searched over 68,000 e-mails. We obtained and reviewed e-mails for the period from January to May 2005 for all examiners who had any involvement with the 2005 Westridge IA examination. We also obtained and reviewed all e-mails for the period from February 2009 to August 2009 for examiners who worked on either the 2009 Westridge IA examination or the 2009 WG Trading BD examination."
  • See also Written Testimony of H. David Kotz Inspector General of the Securities and Exchange Commission Before the Subcommittee on Financial Services and General Government, Committee on Appropriations, U.S. House of Representatives, Thursday, February 10, 2011: "The Office’s investigations unit has conducted numerous comprehensive investigations into significant failures of the SEC in accomplishing its regulatory mission, as well as investigations into allegations of violations of statutes, rules and regulations, and other misconduct by Commission employees and contractors. Several of these investigations involved senior-level Commission officials and represent matters of great concern to the Commission, Congressional officials and the general public. Where appropriate, we have reported evidence of improper conduct and made recommendations for disciplinary actions, including removal of employees from the Federal service, as well as recommendations for improvements in agency policies, procedures and practices."
  • February 12, 2011
    * Advanced sign-in security for your Google account

    Official Google Blog: "Has anyone you know ever lost control of an email account and inadvertently sent spam—or worse—to their friends and family? There are plenty of examples...that demonstrate why it's important to take steps to help secure your activities online. Your Gmail account, your photos, your private documents—if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely-held information...2-step verification requires two independent factors for authentication, much like you might see on your banking website: your password, plus a code obtained using your phone. Over the next few days, you'll see a new link on your Account Settings page."

    February 05, 2011
    * Reports that White House e-mail system used in UK cyberattack

    Federal Computer Week: "The White House's unclassified e-mail system is back up after an eight-hour outage, but the e-mail security problems may go deeper. It was disclosed February 4, 2011 that some officials alleged White House e-mails were the source of a cyberattack against British officials two months ago. Officials from the United Kingdom said today that alleged White House e-mail accounts were the source of a malware attack against U.K. government officials in late December, according to news report."

  • "The UK Government highlighted attacks upon UK cyberspace as a priority risk in its National Security Strategy published in October 2010. The setting for the Foreign Secetary's speech is the 47th Munich Security Conference on 4 February. The UK delegation is led by Prime Minister David Cameron. [Read Foreign Secretary's speech in full - snipped here: "Government systems are being targeted too. ZEUS is a well-known piece of malware that attempts to steal banking information and other personal details. In late December a spoofed email purporting to be from the White House was sent to a large number of international recipients who were directed to click on a link that then downloaded a variant of ZEUS. The UK Government was targeted in this attack and a large number of emails bypassed some of our filters. Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common."
  • January 05, 2011
    * Google Wins Injunction in Cloud Computing Bid Protest Against Interior

    Follow up to Google Files Bid Protest Against Dept. of Interior Over Hosted Email and Collaboration Services, news that Google wins: Interior forbidden to award noncompetitive contract to Microsoft - "U.S. Federal Claims Court Judge Susan Braden ruled on Jan. 3 that negotiations for a sole source contract with Microsoft “commenced many months prior to July 15, 2010,” when department officials decided Microsoft's software was their standard for e-mail and computer operating systems. Meanwhile, Google had been trying to get considered for the work as well."

    January 02, 2011
    * Google: Free calling in Gmail extended through 2011

    Google Voice Blog: "When we launched calling in Gmail back in August, we wanted it to be easy and affordable, so we made calls to the U.S. and Canada free for the rest of 2010. In the spirit of holiday giving and to help people keep in touch in the new year, we’re extending free calling for all of 2011. In case you haven’t tried it yet, dialing a phone number works just like a regular phone. Look for “Call phone” at the top of your Gmail chat list and dial a number or enter a contact’s name. To learn more, visit gmail.com/call. Calling in Gmail is currently only available to U.S. based Gmail users."

    December 30, 2010
    * Help Net Reports Significant Decline of Spam

    Help Net: "In October Commtouch reported an 18% drop in global spam levels (comparing September and October). This was largely attributed to the closure of Spamit around the end of September. Spamit is the organization allegedly behind a fair percentage of the worlds pharmacy spam. Analysis of the spam trends to date reveals a further drop in the amounts of spam sent during Q4 2010. December’s daily average was around 30% less than September’s. The average spam level for the quarter was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%."

    December 28, 2010
    * Forbes: WikiLeaks And The New Corporate Disclosure Crisis

    WikiLeaks And The New Corporate Disclosure Crisis - Stephanie Nora White and Rebecca Theim: "If the scandals that have plagued corporate America in the past two years haven't gotten you thinking about your own company's vulnerabilities, then the latest revelations out of WikiLeaks certainly should. In an interview with Forbes' Andy Greenberg, WikiLeaks founder Julian Assange declared that half the documents that have been fed to the organization are from corporations, and that sometime early next year his organization plans what presumably will be the first of many corporate disclosures. It will begin with information about one of the nation's leading banks. The target is rumored to be Bank of America, and the bank's stock tumbled 3% shortly after the rumors were publicized. Got your attention now? WikiLeaks is promising to give a voice to the disenfranchised, disgusted and disillusioned within Corporate America, those who have knowledge of company behavior ranging from distasteful to criminal. "Companies turn people into leakers by their failure to listen, look and respond," says business consultant and author Margaret Heffernan, whose forthcoming book, Willful Blindness: Why We Ignore the Obvious at Our Peril, will tackle the issue. In other words, it will no longer be a company's general counsel who will decide if and when something is disclosed to the public. Now, it's any insider with a flash drive who's troubled or disgruntled by an organization's conduct. And the types of information WikiLeaks is disclosing can be more damaging--and memorable--than a traditional corporate crisis."

    December 16, 2010
    * Pew: Generations 2010 - Rise in Email Use, Decline in Blogging

    Generations 2010, Kathryn Zickuhr, Web Coordinator, 12/16/2010

  • "There are still notable differences by generation in online activities, but the dominance of the Millennial generation that we documented in our first “Generations” report in 2009 has slipped in many activities. Milliennials, those ages 18-33, remain more likely to access the internet wirelessly with a laptop or mobile phone. In addition, they still clearly surpass their elders online when it comes to many communication- and entertainment-related activities, such as using social network sites and playing games online. However, internet users in Gen X (those ages 34-45) and older cohorts are more likely than Millennials to engage in several online activities, including visiting government websites and getting financial information online. Finally, the biggest online trend is that, while the very youngest and oldest cohorts may differ, certain key internet uses are becoming more uniformly popular across all age groups. These online activities include seeking health information, purchasing products, making travel reservations, and downloading podcasts."
  • December 02, 2010
    * GSA First Fed to Choose Google Hosted E-Mail Service

    Follow up to Google Files Bid Protest Against Dept. of Interior Over Hosted Email and Collaboration Services news that "the U.S. General Services Administration will become the first federal agency to use a hosted e-mail service, choosing Google, Unisys and others to offer the service."

  • GSA Becomes First Federal Agency to Move Email to the Cloud Agencywide
  • November 28, 2010
    * Internet Crime Complaint Center - Holiday Shopping Tips

    Holiday Shopping Tips: "This holiday season the FBI reminds shoppers that cyber criminals aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims, including conducting fraudulent auction sales, reshipping merchandise purchased with stolen credit cards, and selling fraudulent or stolen gift cards through auction sites at discounted prices...If you have received a scam email, please notify the IC3 by filing a complaint at http://www.IC3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage at http://www.fbi.gov/cyberinvest/escams.htm."

    November 02, 2010
    * Google Buzz Class Action Settlement

    Email I received Tuesday evening, 9:49pm ET: "Google rarely contacts Gmail users via email, but we are making an exception to let you know that we've reached a settlement in a lawsuit regarding Google Buzz, a service we launched within Gmail in February of this year. Shortly after its launch, we heard from a number of people who were concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case. The settlement acknowledges that we quickly changed the service to address users' concerns. In addition, Google has committed $8.5 million to an independent fund, most of which will support organizations promoting privacy education and policy on the web. We will also do more to educate people about privacy controls specific to Buzz. The more people know about privacy online, the better their online experience will be. Just to be clear, this is not a settlement in which people who use Gmail can file to receive compensation. Everyone in the U.S. who uses Gmail is included in the settlement, unless you personally decide to opt out before December 6, 2010. The Court will consider final approval of the agreement on January 31, 2011. This email is a summary of the settlement, and more detailed information and instructions approved by the court, including instructions about how to opt out, object, or comment, are available at http://www.BuzzClassAction.com."

    * Google Files Bid Protest Against Dept. of Interior Over Hosted Email and Collaboration Services

    The complaint, Google Inc. vs. The United States, filed Ocotber 29, 2010 in the U.S. Court of Federal Claims, is here. "This action protests the terms of U.S. Department of the Interior ("DOI") Request for Quotation 503786 ("RFQ") for hosted email and collaboration services and DOI's supporting "Limited Source Justification", and seeks preliminary and permanent injunction against the DOI proceeding with the RFQ, or any related procurement, solicitation or task order, without first complying with applicable statutory and regulatory requirements..."

  • TechSpot, via TechDirt: "...Google Apps was not on the government's table and the search giant is arguing that restricting the Request for Quotation (RFQ), a document asking companies to design a solution and quote a price, to Microsoft is "unduly restrictive of competition." The US is defending its position by claiming that Google was not considered in the RFQ because Redmond offered two things that Mountain View didn't: Unified Mail/Messaging, and "enhanced security." In the RFQ, the Department of Interior (DOI) specifically stated that the solution had to be part of the Microsoft Business Productivity Online Suite according to the 37-page court filing. Google pointed out to the DOI that Microsoft has had downtime issues in the past and insisted that Google Apps is a suitable alternative."
  • ["The contract, worth nearly $60 million, seeks to consolidate 13 different e-mail systems into a single web-based platform."]
  • Google's lawsuit: bigger target is security seal of approval from feds
  • October 11, 2010
    * Global 'Digital Life' research project reveals major changes in online behaviour

    News release: "The largest ever global research project into people’s online activities and behaviour - Digital Life - was launched today, ‘digital day’ by TNS, the world’s biggest custom research company. Covering nearly 90 per cent of the world’s online population through 50,000 interviews with consumers in 46 countries, the study reveals major changes in the world’s online behaviour. Core data from the study is being made publicly available via this interactive website...Among the key findings of the study are:

    • Globally, people who have on-line access have digital sources as their number one media channel. 61% of online users use the internet daily against 54% for TV, 36% for Radio and 32% for Newspapers.
    • Online consumers in rapid growth markets have overtaken mature markets in terms of engaging with digital activities. When looking at behaviour online, rapid growth markets such as Egypt (56%) and China (54%) have much higher levels of digital engagement than mature markets such as Japan (20%), Denmark (25%) or Finland (26%). This is despite mature markets usually having a more advanced internet infrastructure.
    • Activities such as blogging and social networking are gaining momentum at huge speed in rapid growth markets. The research shows four out of five online users in China (88%) and over half of those in Brazil (51%) have written their own blog or forum entry, compared to only 32% in the US. The Internet has also become the default option for photo sharing among online users in rapid growth markets, particularly in Asia."

    October 03, 2010
    * Users Now Offered Option to Turn Off Gmail’s Conversation View

    Official Gmail Blog: "...you can now get Gmail served up sans conversation view. Go to the main Settings page, look for the “Conversation View” section, select the option to turn it off, and save changes. If you change your mind, you can always go back."

    September 05, 2010
    * NielsenWire: How Americans Spend Mobile Internet Time

    "This alternative way of slicing the data still shows Email to be, by far, the dominant sector in terms of mobile time, although this dominance shrinks by a few delta points to 38.5% from 41.6%. Search is another that nets out with a smaller share, although by less than a percentage point from 7.1% to 6.3%. The share held by Social Networking remains very similar but News & Current Events comes out much stronger using the site-level analysis at a 7.2% share of time compared to 4.4% of time using the category-level analysis. Share of time on Portals shows something more dramatic, with a change from 11.6% to 4.6% share of time, but this doesn’t mean that people are spending any less time on Portal sites. Nielsen classifies both channels and brands into categories and so a category-level analysis includes both brands (e.g. Google) as well as channels under than brand (e.g. Google News). Using the initial methodology means that all Google time would be assigned to Portals (because Google is a portal) but using the site-level method means the Google News element would be assigned to the News & Current Events sector. Thus, the Portal element is limited to more general and entry pages rather than including content-specific sectors such as news."

    September 01, 2010
    * Google Launches Priority Inbox

    Official Google Blog: "People tell us all the time that they’re getting more and more mail and often feel overwhelmed by it all. We know what you mean—here at Google we run on email. Our inboxes are slammed with hundreds, sometimes thousands of messages a day—mail from colleagues, from lists, about appointments and automated mail that’s often not important. It’s time-consuming to figure out what needs to be read and what needs a reply...we’re happy to introduce Priority Inbox (in beta) — an experimental new way of taking on information overload in Gmail."

  • See related article via NPR
  • July 11, 2010
    * New on LLRX.com: Testing the Accuracy of Database Information Produced in Civil Discovery

    Testing the Accuracy of Database Information Produced in Civil Discovery: Conrad J. Jacoby identifies the trend that increasingly electronically stored information ("ESI") requested in litigation discovery originates in databases or other structured data repositories. Previously, this data was stored in discrete e-mail messages, spreadsheets, and word processing files that have long made up the bulk of most ESI document productions. Businesses creating and managing their accumulated information have discovered that they are able to extract far more utility if they store their data in a single repository and in a standardized format.

    July 07, 2010
    * The Independent Climate Change E-mails Review July 2010

    Follow up to postings on the Intergovernmental Panel on Climate Change (IPCC), this news release: "The Independent Climate Change Email Review, undertaken by Sir Muir Russell and his team, has issued its report on issues arising from the publication of hacked emails from the University of East Anglia's Climatic Research Unit."

    The Independent Climate Change E-mails Review, July 2010. From the Executive Summary:

    • "Climate science is a matter of such global importance, that the highest standards of honesty, rigour and openness are needed in its conduct. On the specific allegations made against the behaviour of CRU scientists, we find that their rigour and honesty as scientists are not in doubt.
    • In addition, we do not find that their behaviour has prejudiced the balance of advice given to policy makers. In particular, we did not find any evidence of behaviour that might undermine the conclusions of the IPCC assessments.
    • But we do find that there has been a consistent pattern of failing to display the proper degree of openness, both on the part of the CRU scientists and on the part of the UEA, who failed to recognise not only the significance of statutory."

    June 19, 2010
    * French National Commission on Computing and Liberty: Google WiFi Snooping Captured Emails and Passwords

    Follow up to Several State Attorneys General Announce Probes of Google Wireless Data Collection, via EPIC: "The French National Commission on Computing and Liberty (CNIL) has released preliminary results (French) (English) of the Google Street View investigation in France. According to the CNIL, Google "saved passwords for access to mailboxes" and obtained content of electronic messages. The CNIL is pursuing the investigation to determine whether Google engaged in "unfair and unlawful collection of data" as well as "invasion of privacy and individual liberties." Investigations are now underway in at least 18 countries and five states in the US. EPIC has prepared a preliminary survey of Investigations of Google Street View."

    June 17, 2010
    * Supreme Court Rules Against Text Message Privacy, Permits Search of Public Employee's Pager

    EPIC: "The Supreme Court has issued a ruling in City of Ontario v. Quon, a case concerning the reasonablenees of a search of a public employee's pager. EPIC filed a "friend of the court" brief in the case, arguing that data minimization practices should be followed for electronic searches, and that the search, which uncovered personal texts unrelated to the purpose of the search, was therefore unreasonable. EPIC urged the Supreme Court to apply the approach set out in Comprehensive Drug Testing v. United States, which allows a government agency to undertake appropriate searches without unnecessarily violating privacy interests. The Court ruled that the search was reasonable, reversing the Ninth Circuit's decision that such a search be conducted through the least intrusive means possible. For more information, see EPIC: City of Ontario v. Quon."

    May 24, 2010
    * A Mindful Approach to Email

    The Chronicle - Is Email Checking You? by Natalie Houston

  • "Email is a fact of modern professional life. It's just a communications tool. But the very features that constituted email's improvements over earlier communications modes, such as postal mail or landline telephones, have also created problems for many users."
  • April 26, 2010
    * A Day Without Media - Research by ICMPA and students at Phillip Merrill College of Journalism, University of Maryland

    "24 Hours: Unplugged - What is is like to go without media? What if you had to give up your cell phone, iPod, television, car radio, magazines, newspapers and computer (i.e. no texting, no Facebook or IM-ing)? Could you do it? Is it even possible? Well, not really, if you are an American college student today. According to a new ICMPA [International Center for Media and the Public Agenda] study, most college students are not just unwilling, but functionally unable to be without their media links to the world." [See Table of Contents on right side of page to navigate the study]

    April 23, 2010
    * Symantec Internet Security Threat Report April 2010

    "The Symantec Internet Security Threat Report provides an annual overview and detailed analysis of Internet threat activity, malicious code, and known vulnerabilities. The report also discusses trends in phishing, spam and observed activities on underground economy servers...report sathe ys the U.S. was top country for malicious activity, making up 19% total."

    April 20, 2010
    * Google Launches Government Requests Tool

    Official Google Blog: "...it's no surprise that Google, like other technology and telecommunications companies, regularly receives demands from government agencies to remove content from our services. Of course many of these requests are entirely legitimate, such as requests for the removal of child pornography. We also regularly receive requests from law enforcement agencies to hand over private user data. Again, the vast majority of these requests are valid and the information needed is for legitimate criminal investigations. However, data about these activities historically has not been broadly available. We believe that greater transparency will lead to less censorship. We are today launching a new Government Requests tool to give people information about the requests for user data or content removal we receive from government agencies around the world. For this launch, we are using data from July-December, 2009, and we plan to update the data in 6-month increments. Read this post to learn more about our principles surrounding free expression and controversial content on the web."

    * Symantec White Paper: Problems with Microsoft Outlook Personal Storage Tables

    Death to PST Files, A Symantec Hosted Services Whitepaper: "Email is one of your company’s most critical—and most widely used—assets. According to a 2009 study by The Radicati Group, the average corporate email user sends and receives 167 email messages per day. The report estimates that this number will increase to 219 messages per day by 2013. This steady flow of email messages means managing email is more difficult than ever. A company must provide employees constant access to their email accounts and manage copies of every important email to comply with regulatory requirements. If a company is faced with a lawsuit, it must have the ability to easily place legal holds on emails and conduct efficient e-discovery. Since email is the source of so much vital information, users are reluctant to delete old messages, which turns their email system into a personal email filing cabinet. In essence, users create their own email archives using PST files. Most companies impose quotas that limit the amount of storage each person can use for emails. Without these quotas, server disk drives would overflow and email systems would crash."

    April 19, 2010
    * NYT: Cyberattack on Google Said to Hit Password System

    Follow up to Google Announces "A new approach to China", from the New York Times: "Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s web services, including e-mail and business applications."

    * DOJ Releases Email Retention Policy In Response to FOIA Request from CREW

    Follow up to Missing White House E-Mails Still Factor in Torture Memo Investigation, this CREW news release: "On Friday, April 16, CREW received an initial response to its Freedom of Information Act request of the Department of Justice’s Office of Legal Counsel (OLC) related to the failure of former OLC official John Yoo to preserve any of his emails. In response to CREW’s request for record keeping guidance issued to OLC staff, OLC produced two memos, both of which require OLC staff to retain all emails “that are important to understanding a decision of the Office.” There can be no question Mr. Yoo’s failure to preserve any emails directly contravenes OLC’s record keeping guidance. Click here to read CREW's FOIA request."

    April 14, 2010
    * EFF, Yahoo and Google Argue for Fourth Amendment Protection of Email

    News release: "The Electronic Frontier Foundation (EFF) along with Google and numerous other public interest organizations and Internet industry associations joined with Yahoo! in asking a federal court Tuesday to block a government attempt to access the contents of a Yahoo! email account without a search warrant based on probable cause. The Department of Justice is seeking the emails as part of a case that is under seal, and the account holder has apparently not been notified of the request. Government investigators maintain that because the Yahoo! email has been accessed by the user, it is no longer in "electronic storage" under the Stored Communications Act (SCA) and therefore does not require a warrant, even though that same legal theory has been flatly rejected by the one Circuit Court to address it. Yahoo! is challenging the government request before a federal magistrate judge in Denver, arguing that the SCA and Fourth Amendment require the government to get a search warrant before compelling Yahoo! to disclose the email. In an amicus brief filed in support of Yahoo! Tuesday, EFF says that the company is simply following the law and protecting the constitutional privacy rights of its customers."

    April 11, 2010
    * DOT and States Team Up to Limit Accidents Caused by Texting While Driving

    New release: "As part of its continuing effort to combat distracted driving, U.S. Transportation Secretary Ray LaHood announced that the U.S. Department of Transportation (USDOT) is kicking off pilot programs in Hartford, Connecticut and Syracuse, New York to test whether increased law enforcement efforts can get distracted drivers to put down their cell phones and focus on the road. The pilot programs, which are similar to previous efforts to curb drunk driving and increase seat belt use among drivers, are the first federally funded efforts in the country to specifically focus on the effects of increased enforcement and public advertising on reducing distracted driving. Drivers caught texting or talking on a hand-held cell phone will be pulled over and ticketed. The message is simple, Phone in One Hand. Ticket in the Other....Research by the National Highway Traffic Safety Administration shows that in 2008 alone, nearly 6,000 people were killed and more than a half million people were injured in crashes involving a distracted driver nationwide. Almost 20 percent of all crashes that same year involved some type of distraction."

  • Governors Highway Safety Association: Cell Phone and Texting Laws, April 2010

  • March 30, 2010
    * Advocacy Groups, Companies Call for an Update of the Privacy Framework for Law Enforcement Access to Digital Information

    News release: "A broad coalition of privacy groups, think tanks, technology companies and academics today issued principles for updating the key federal law that defines the rules for government access to email and private files stored in the Internet “cloud.” The coalition cited the need to preserve traditional privacy rights in the face of technological change while also ensuring that law enforcement agents can carry out investigations and that industry has the clarity needed to innovate. To set a consistent standard in line with the traditional rules for law enforcement access in the offline world, the group’s recommendations focus on the Electronic Communications Privacy Act (ECPA). Passed in 1986 and not significantly updated since, it establishes standards for government access to email and other electronic communications in criminal investigations."

  • The group’s principles are detailed here: "... Customers are, at best, confused about the security of their data in response to an access request from law enforcement. Companies are uncertain of their responsibilities and unable to assure their customers that subscriber data will be uniformly protected. The current state of the law does not well serve law enforcement interests either as resources are wasted on litigation over applicable standards, and prosecutions are in jeopardy should the courts ultimately rule on the Constitutional questions. The solution is a clear set of rules for law enforcement access that will safeguard end-user privacy, provide clarity for service providers, and enable law enforcement officials to conduct effective and efficient investigations."
  • * New Jersey Supreme Court Rules in Favor of Employee Email Privacy

    EPIC: "The New Jersey Supreme Court ruled in favor of a female employee whose employer read emails that she sent while using Yahoo Mail on a company-owned laptop. The employee, Marina Stengart, had exchanged emails with her attorney regarding a possible discrimination lawsuit against the employer. The employer then pulled the emails off of the laptop's hard drive and used them to prepare a defense to the discrimination suit. The New Jersey Supreme Court found that "Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them." The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief."

    March 12, 2010
    * 2010 Rosemary Award for Worst Open Government Performance Goes to Federal Chief Information Officers' Council

    News release: "The Rosemary Award for worst open government performance, named after President Nixon’s secretary who erased 18½ minutes of a crucial Watergate tape, this year goes to the Federal Chief Information Officers Council, the senior federal officials (responsible for $71 billion a year of IT purchases) who have never addressed the failure of the government to save its e-mail electronically, according to the citation today by the National Security Archive. Formed by Executive Order in 1996 and codified in law by Congress in the 2002 E-Government Act, the CIO Council describes itself as the “principle interagency forum for improving practices in the design, modernization, use, operation, sharing, and performance of Federal Government information resources.” Yet neither the Council’s founding documents, its 2007-2009 strategic plan, its transition memo for the Obama administration, nor its current Web site even mention the challenge of electronic records management for e-mail. Last month, the Justice Department investigation of former senior officials John Yoo and Jay Bybee over their authorship of the so-called “torture memos” revealed that “most of Yoo’s email records had been deleted and were not recoverable.” The Yoo deletions represent only the latest red flag about government e-mail preservation – dating back to the January 1989 attempt by the Reagan administration to destroy its e-mail backup tapes, thwarted by the National Security Archive’s lawsuit."

    March 09, 2010
    * CRS: Social Networking and Constituent Communications: Member Use of Twitter During a Two-Month Period in the 111th Congress

    Social Networking and Constituent Communications: Member Use of Twitter During a Two-Month Period in the 111th Congress, February 03, 2010

  • "Beginning with the widespread use of e-mail by Congress in the mid-1990's, the development of new electronic technologies has altered the traditional patterns of communication between Members of Congress and constituents. Many Members now use e-mail, official websites, blogs, YouTube channels, and Facebook pages to communicate with their constituents--technologies that were either non-existent or not widely available 15 years ago. These technologies have arguably served to enhance the ability of Members of Congress to fulfill their representational duties by providing greater opportunities for communication between the Member and individual constituents, supporting the fundamental democratic role of spreading information about public policy and government operations. In addition, electronic technology has reduced the marginal cost of constituent communications; unlike postal letters, Members can reach large numbers of constituents for a relatively small fixed cost. Despite these advantages, electronic communications have raised some concerns. Existing law and chamber regulations on the use of communication media such as the franking privilege have proven difficult to adapt to the new electronic technologies. This report examines Member use of one specific new electronic communication medium: Twitter. After providing an overview and background of Twitter, the report analyzes patterns of Member use of Twitter during August and September 2009. This report is inherently a snapshot in time of a dynamic process. As with any new technology, the number of Members using Twitter and the patterns of use may change rapidly in short periods of time. Thus, the conclusions drawn from this data can not be easily generalized nor can these results be used to predict future behavior. The data show that 205 Representatives and Senators are registered with Twitter (as of September 30, 2009) and issued a total of 7,078 "tweets" during the data collection period of August and September 2009. With approximately 38% of House Members and 39% of Senators registered with Twitter, Members sent an average of 116 tweets per day collectively. Members' use of Twitter can be divided into eight categories: position taking, policy, district or state activities, official congressional action, personal, media, campaign activities, and other. The data suggest that the most frequent type of tweets were district or state tweets (24%), followed by policy tweets (23%), media tweets (14%), and position-taking tweets (14%)."
  • March 03, 2010
    * Merkle View from the Social Inbox 2010 - Email Prevails

    Merkle View from the Social Inbox 2010 - Actionable Information for Marketers From the Annual Consumer Email & Digital Media

  • "The rapid adoption of social networking, one of the leading applications of social media, is changing online personal communication. Sites such as Facebook have grown exponentially in popularity across demographics. But the recent growth did not seem to have a dramatic impact on the time consumers spent with personal email as compared to last year, according to Merkle’s annual View from the Inbox study of email and related digital media. The findings from this study, an online survey of 3,281 U.S. adults age 18+ conducted during the fall of 2009, have implications for marketers who are interested in social marketing strategy."
  • February 18, 2010
    * NetWitness Discovers Massive ZeuS Compromise

    News release: "NetWitness, the world leader in advanced persistent threat detection and real-time network forensics, announced today that its analysts have discovered a dangerous new ZeuS botnet affecting 75,000 systems in 2,500 organizations around the world. The newly-discovered infestation, dubbed the "Kneber botnet" after the username linking the infected systems worldwide, gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information to miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities. NetWitness first discovered the Kneber botnet in January during a routine deployment of the NetWitness advanced monitoring solutions. Deeper investigation revealed an extensive compromise of commercial and government systems that included 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files, and dossier-level data sets on individuals including complete dumps of entire identities from victim machines."

  • The “Kneber” BotNet - A ZeuS Discovery and Analysis: At its core, ZeuS is a botnet system designed to steal information from an infected host. Unlike a traditional keylogger system, which records every keystroke, ZeuS can specifically target information desired by the criminal miscreant."
  • February 17, 2010
    * EPIC Files Complaint With FTC Allegeding Google Buzz Privacy Violations

    Follow up to Google Buzz Social Media Integrated into Gmail, news that "EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Google Buzz. Last week, Google tried to transform its popular email service into an untested social networking service. As a consequence, Google displayed social networking lists based on a user's most frequent address book contacts. The change was widely criticized. EPIC's complaint cites clear harms to service subscribers, and alleges that the change in business practices "violated user expectations, diminished user privacy, contradicted Google's privacy policy, and may have violated federal wiretap laws."

    February 16, 2010
    * Security Labs Report Jul 2009-Dec 2009 Recap

    Security Labs Report Jul 2009-Dec 2009 Recap - "This report has been prepared by the M86 Security Labs team. It covers key trends and developments in Internet security over the last six months, as observed by the security analysts at M86 Security Labs. M86 Security Labs is a group of security analysts specializing in Email and Web threats, from spam to malware.
    Key Points of this report:

  • Spam volumes increased dramatically in 2009, to over 200 billion per day with the vast majority sent through Botnets of infected computers. In the second half of 2009, 78% of all spam originated from the top 5 botnets alone by volume.
  • Malicious spam dramatically increased in volume, reaching 3 billion messages per day, compared to 600 million messages per day in the first half of 2009.
  • Even with adequate protection from Antivirus software, Zero Day Vulnerabilities left users vulnerable to potential attacks 40% of the time (in the 2nd half of 2009)."
  • February 13, 2010
    * 2010 Identity Fraud Survey Report: Identity Fraud Continues to Rise

    2010 Identity Fraud Survey Report: Consumer Version

  • "More than 11 million adult consumers became victims of identity fraud in 2009, up from nearly 10 million in 2008. The number of fraud victims rose for the second year in a row. On the other hand, victims’ out-of-pocket costs and the time required to resolve fraud have decreased. Out-of-pocket costs can include unreimbursed losses, lost wages due to time taken off work, and possible legal fees for those victims attempting to prosecute. Banks have stepped up their efforts in counteracting fraud and minimizing the cost and inconvenience suffered by consumers. Most victims don’t experience any out-of-pocket costs, but those who did suffered an average cost of $373. The average time to resolve the fraud for these victims was 21 hours. Due to the zero-liability fraud protection offered by most banks and credit card companies, most victims will only have to pay out-of-pocket expenses to cover their time in resolving fraud, not for reimbursing fraudulent charges...This report provides easy to follow guidelines and recommendations for consumers to protect themselves against this $54 billion crime."

  • February 09, 2010
    * Google Buzz Social Media Integrated into Gmail

    Official Google Blog: "Google Buzz is a new way to start conversations about the things you find interesting. It's built right into Gmail, so you don't have to peck out an entirely new set of friends from scratch — it just works. If you think about it, there's always been a big social network underlying Gmail. Buzz brings this network to the surface by automatically setting you up to follow the people you email and chat with the most. We focused on building an easy-to-use sharing experience that richly integrates photos, videos and links, and makes it easy to share publicly or privately (so you don't have to use different tools to share with different audiences). Plus, Buzz integrates tightly with your existing Gmail inbox, so you're sure to see the stuff that matters most as it happens in real time."

  • Update: See the following critiques on the privacy issues with the new Buzz - via Foreign Policy, Wrong kind of buzz around Google Buzz and via CNET, Google Buzz: Privacy nightmare and Google Buzz: A Privacy Checklist, PCWorld
  • February 08, 2010
    * Social Transmission and Viral Culture

    Social Transmission and Viral Culture, by Jonah Berger, assistant professor of Marketing and Katherine L. Milkman, assistant professor of Operations and Information Management at the Wharton School, University of Pennsylvania.

  • "People often share news, opinions, and information, and social transmission shapes both individual behavior and collective outcomes. But why are certain things more viral than others? An analysis of over 7,500 New York Times articles published over six months suggests that individual-level psychological processes (e.g., emotion) act as a selection mechanism on culture, shaping what becomes viral. Even controlling for external drivers of attention (e.g., the time an article spent on the Times’ homepage), awe-inspiring articles are more likely to be among the newspaper’s most e-mailed stories on a given day. Practically useful, surprising, positive, and affect-laden articles are also more likely to be viral. The magnitudes of these relationships are considerable. These results underscore the importance of considering how individual-level psychological processes shape collective outcomes such as the transmission and prominence of culture."
  • February 02, 2010
    * Research Paper: Anatomy of a Large-Scale Social Search Engine

    Anatomy of a Large-Scale Social Search Engine, by Damon Horowitz and Sepandar D. Kamvar [via Abi Morgan]

  • "We present Aardvark, a social search engine. With Aardvark, users ask a question, either by instant message, email, web input, text message, or voice. Aardvark then routes the question to the person in the user’s extended social network most likely to be able to answer that question. As compared to a traditional web search engine, where the challenge lies in finding the right document to satisfy a user’s information need, the challenge in a social search engine like Aardvark lies in finding the right person to satisfy a user’s information need. Further, while trust in a traditional search engine is based on authority, in a social search engine like Aardvark, trust is based on intimacy. We describe how these considerations inform the architecture, algorithms, and user interface of Aardvark, and how they are reflected in the behavior of
    Aardvark users.
  • * Phishing Activity Trends Report, 3rd Quarter / 2009

    The quarterly APWG (AntiPhishing Working Group) Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by email submissions. APWG also measures the evolution, proliferation and propagation of crimeware drawing from the research of our member companies. In the last half of this report you will find tabulations of crimeware statistics and related analyses."

    January 17, 2010
    * Obama White House E-mail Archiving Plan Revealed

    Follow up to previous postings on Follow up to previous postings on missing White House emails during Bush administrations, from the National Security Archive: "Pursuant to a settlement reached between the National Security Archive and the White House Executive Office of the President (EOP), the White House today issued a letter describing critical aspects of the EOP unclassified network e-mail preservation and archiving system now used in the White House. Among other specifics, the letter describes:

    • Automated capture and preservation of all e-mail and Blackberry messages sent or received on the EOP’s unclassified network;
    • Documents segregated into component-specific repositories and broad search capabilities that improve the ability to find e-mail records in response to legal or administrative needs;
    • Blocking of access to personal and external Web-based e-mail systems from White House unclassified workstations;
    • Controls against unauthorized deletion of e-mails and an accounting of any deleted e-mails;
    • Systematic emergency recovery backups of the system; and
    • Automatically generated audit reports and system health-check dashboard reports to assist in the identification of problems."

    January 11, 2010
    * Panda Security Publishes Virus Yearbook 2009

    Annual Report PandaLabs 2009

  • "The last 12 months really have marked a turning point in the history of IT security. This has been for several reasons, yet without doubt the main one has been the way in which criminal organizations have consolidated underground business models. In 2009, hackers have made more money than in any previous year, underlined not least by the total number of new and different malware samples received by PandaLabs throughout the year, exceeding by far the forecasts we made in 2008. At time of writing, there are over 40 million malware samples in our Collective Intelligence system, and we are still receiving an average of 55,000 new samples every day. This trend, which began in 2008 and has been consolidated in 2009, will continue to determine the daytoday activity of anti-malware laboratories during 2010...In this report we will take a look at how malware is evolving worldwide and we will try to analyze the main trends of 2010. Without revealing too much, let’s just say the future doesn’t look too bright."
  • January 09, 2010
    * Book Review - The Secret Sentry: The Untold History of the National Security

    The New York Review of Books - Who's in Big Brother's Database? By James Bamford - The Secret Sentry: The Untold History of the, National Security Agency, by Matthew M. Aid, Bloomsbury.

  • "...this library expects few visitors. It's being built by the ultra-secret National Security Agency — which is primarily responsible for "signals intelligence," the collection and analysis of various forms of communication—to house trillions of phone calls, e-mail messages, and data trails: Web searches, parking receipts, bookstore visits, and other digital "pocket litter." Lacking adequate space and power at its city-sized Fort Meade, Maryland, headquarters, the NSA is also completing work on another data archive, this one in San Antonio, Texas, which will be nearly the size of the Alamodome. Just how much information will be stored in these windowless cybertemples? A clue comes from a recent report prepared by the MITRE Corporation, a Pentagon think tank. "As the sensors associated with the various surveillance missions improve," says the report, referring to a variety of technical collection methods, "the data volumes are increasing with a projection that sensor data volume could potentially increase to the level of Yottabytes (1024 Bytes) by 2015."["Data Analysis Challenges" (December 2008), p. 13.] Roughly equal to about a septillion (1,000,000,000,000,000,000,000,000) pages of text, numbers beyond Yottabytes haven't yet been named. Once vacuumed up and stored in these near-infinite "libraries," the data are then analyzed by powerful infoweapons, supercomputers running complex algorithmic programs, to determine who among us may be—or may one day become—a terrorist. In the NSA's world of automated surveillance on steroids, every bit has a history and every keystroke tells a story."

  • December 14, 2009
    * CREW, National Security Archive and Obama Administration Settle Lawsuit Over Missing Bush White House Email

    News release: "Today, Citizens for Responsibility and Ethics in Washington (CREW) and the National Security Archive (NSA) reached a final settlement of their long-running lawsuits challenging the failure of the Bush White House and the National Archives and Records Administration (NARA) to take any action after confronted with evidence that millions of emails had gone missing from Bush White House servers over a two and one-half year period. The lawsuits followed CREW’s revelation in April 2008 that the White House had discovered the problem in the fall of 2005. Nevertheless, the Bush White House failed to recover or restore the missing emails and knowingly continued to use a broken system for preserving electronic records. Under the terms of the settlement, the Executive Office of the President (EOP) will restore a total of 94 days of missing emails, which will then be sent to NARA for preservation and eventual access under either the Presidential Records Act or the Federal Records Act."

    November 04, 2009
    * Google Launches Privacy Dashboard for Users Signed Into Accounts

    Official Google Blog: "In an effort to provide you with greater transparency and control over their own data, we've built the Google Dashboard. Designed to be simple and useful, the Dashboard summarizes data for each product that you use (when signed in to your account) and provides you direct links to control your personal settings. Today, the Dashboard covers more than 20 products and services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude and many more. The scale and level of detail of the Dashboard is unprecedented, and we're delighted to be the first Internet company to offer this — and we hope it will become the standard. [Includes a quick video] to learn more and then try it out for yourself at www.google.com/dashboard."

    October 06, 2009
    * Study Says Employers Increasingly Monitoring Outbound Emails

    National Law Journal: "The economy has employers extra jittery about company secrets getting out, so nervous that they're hiring staff just to monitor outbound e-mails. That's the conclusion of a recent study by Proofpoint, an Internet security and data loss prevention company, which found that 38 percent of large U.S. employers are monitoring outbound e-mail to prevent data leaks, up from 29 percent in 2008."

  • Outbound Email and Data Loss Prevention in Today’s Enterprise, 2009

  • October 02, 2009
    * UK Cybercrime Report 2009

    UK Cybercrime Report 2009

  • "UK cybercrime has rebounded to worrying levels, not seen since 2006, as a result of the recession and consumer complacency, according to Garlik’s annual UK Cybercrime report, now in its third year. The report, which analyses publicly available data to build a comprehensive view of cybercrime in the UK, revealed that during 2008 cybercriminals adapted to the social and economic changes in the UK to exploit victims in new ways and commit over 3.6 million criminal acts online (that’s over one every 10 seconds). In addition, the researchers believe that there is a growing complacency amongst consumers, demonstrating poor understanding of their responsibility to protect their personal information against fraud. One of the most significant changes in cybercrime has been the 207% increase in account takeover fraud indicating that criminals have now shifted their efforts from opening new accounts with stolen identities to accessing existing accounts. Savvy criminals have got round the drying up of available credit in the current economic climate to maintain their illegal activities. The report also highlights that online banking fraud has increased by a staggering 132%, with losses totalling £52.5 million, compared to £22.6 million in the previous year. This sharp rise can be mostly attributed to nearly 44,000 phishing websites specifically targeting banks and building societies in the UK. The total number of cybercrimes has increased annually between 2006 and 2008, however, the good news is that sexual offences have decreased as a category each year. All other categories dipped in 2007 but then in 2008 bounced back above their 2006 figure."
  • September 24, 2009
    * New on LLRX.com - Peek: Mobile E-Mail On A Budget

    Peek: Mobile E-Mail On A Budget - Conrad J. Jacoby discusses his experiences using the Peek mobile e-mail device (Time Magazine's 2008 Gadget of the Year), which he believes is genuinely useful and an excellent value for its cost.

    September 19, 2009
    * Legality of Intrusion-Detection System To Protect Unclassified Computers Networks In Executive Branch

    In following this January 9, 2009 memo, Legal Issues Relating to the Testing, Use and Deployment of an Intrusion-Detection System (EINSTEIN 2.0) to Protect Unclassified Computer Networks in the Executive Branch, this DOJ memo released September 18, 2009: Legality of Intrusion-Detection System To Protect Unclassified Computers Networks In Executive Branch - "Operation of the EINSTEIN 2.0 intrusion-detection system complies with the Fourth Amendment to the Constitution, title III of the Omnibus Crime Control and Safe Streets Act of 1968, the Foreign Intelligence Surveillance Act, the Stored Communications Act, and the pen register and trap and trace provisions of chapter 206 of title 18, United States Code, provided that certain log-on banners or computer-user agreements are consistently adopted, implemented, and enforced by executive departments and agencies using the system. Operation of the EINSTEIN 2.0 system also does not run afoul of state wiretapping or communications privacy laws."

  • Department of Homeland Security Privacy Impact Assessment EINSTEIN 2, May 19, 2008. United States Computer Emergency Readiness Team (US-CERT): "EINSTEIN 2, will incorporate network intrusion detection technology capable of alerting the United States Computer Emergency Readiness Team (US‐CERT) to the presence of malicious or potentially harmful computer network activity in federal executive agencies’ network traffic. EINSTEIN 2 principally relies on commercially available intrusion detection capabilities to increase the situational awareness of the US‐CERT. This network intrusion detection technology uses a set of pre‐defined signatures based upon known malicious network traffic."
  • September 13, 2009
    * Boston City Employees Routinely Deleted Most Emails - Public Records Violation

    Boston.com: "Mayor Thomas M. Menino’s administration, prompted by public records requests from the Globe, has acknowledged that city employees were routinely deleting e-mails, a potential violation of the state public records law. The acknowledgement came after the Globe filed several requests for e-mails sent and received by Menino’s Cabinet chief of policy and planning, Michael J. Kineavy. He is one of Menino’s most powerful and trusted advisers, intimately involved in nearly everything at City Hall, but a search of city computers found just 18 e-mails he had sent or received between Oct. 1, 2008, and March 31 of this year. The unusually low figure prompted administration officials to question him about what happened to the rest of the e-mails he was presumably sending and receiving during that period. Kineavy, who is also one of the mayor’s chief political advisers and a strategist on Menino’s reelection campaigns since 1993, told them that he deletes all his e-mails on a daily basis, in such a way that they are not saved on city backup computers, administration officials said."

    September 03, 2009
    * Google Explains Email Outage and Comments Fly

    Official Gmail Blog: "Gmail's web interface had a widespread outage [September 1, 2009], lasting about 100 minutes. We know how many people rely on Gmail for personal and professional communications, and we take it very seriously when there's a problem with the service. Thus, right up front, I'd like to apologize to all of you — today's outage was a Big Deal, and we're treating it as such. We've already thoroughly investigated what happened, and we're currently compiling a list of things we intend to fix or improve as a result of the investigation."

  • Google Gaffe: Gmail Outage Shows Pitfalls of Online Services: "Google’s Gmail system was down for 2.5 hours earlier this week, the sixth such outage in the past eight months. It isn’t unusual that an e-mail system crashes, but most such occurrences are limited to one organization. When Gmail, a service Google touts to businesses as more reliable and easier to use than Microsoft Exchange and Lotus Notes/Domino, goes down, it makes headlines – as well it should."
  • September 01, 2009
    * Google Apps Status Dashboard

    Google Apps Status Dashboard: "This page offers performance information for Google Apps services. Unless otherwise noted, this status information applies to consumer services as well as services for organizations using Google Apps."

    August 16, 2009
    * Commentary Focuses on Powerful Brain "Seeking" Systems and Internet Usage

    Via Slate: Seeking How the brain hard-wires us to love Google, Twitter, and texting. And why that's dangerous, by Emily Yoffe. "...Actually all our electronic communication devices—e-mail, Facebook feeds, texts, Twitter—are feeding the same drive as our searches. Since we're restless, easily bored creatures, our gadgets give us in abundance qualities the seeking/wanting system finds particularly exciting...If humans are seeking machines, we've now created the perfect machines to allow us to seek endlessly."

    August 15, 2009
    * DoD Web 2.0 Guidance Forum

    DoD Web 2.0 Guidance Forum - Value of Web 2.0 Capabilities: "In examining how the Department of Defense should take maximal advantage of Web 2.0 capabilities (including social networking services, social media, wikis, blogs, RSS feeds, etc.), we are looking at how Web 2.0 capabilities can be used to improve current and future Department operations. Operations in this sense include both broad business and warfighting processes. Specifically, we are looking for insight from various Defense interest groups and think tanks, including Veterans groups, industry groups and individuals who have insights they can share regarding how Web 2.0 capabilities can be used to transform how the Defense Department operates."

    August 11, 2009
    * House Judiciary Committee Releases Rove and Miers Interview Transcripts and Over 5,400 Pages of Bush White House Documents

    News release: "House Judiciary Committee Chairman John Conyers, Jr. (D-Mich.) today released over 700 pages of on-the-record interview transcripts of Karl Rove and Harriet Miers on the U.S. attorney firings and the Bush administration’s politicization of the Department of Justice. Conyers also released over 5,400 pages of Bush White House and Republican National Committee e-mails on these subjects. The released materials reveal that White House officials were deeply involved in the U.S. attorney firings and the administration made a concerted effort to hide that fact from the American people. "After all the delay and despite all the obfuscation, lies, and spin," Conyers said, "this basic truth can no longer be denied: Karl Rove and his cohorts at the Bush White House were the driving force behind several of these firings, which were done for improper reasons. Under the Bush regime, honest and well-performing U.S. attorneys were fired for petty patronage, political horsetrading and, in the most egregious case of political abuse of the U.S. attorney corps.."
    Interviews of White House Officials

    August 06, 2009
    * Ban on Texting While Driving Expands to 17 States

    Follow up to July 28, 2009 posting New Data On Cell Phone Use and Driving Distraction, news today that Illinois became the 17th state to ban text messaging while driving.

  • CNN: "Illinois will join a growing list of states looking to curb accidents linked to texting. Oregon and New Hampshire banned texting drivers in July, and Alaska, Arkansas, California, Colorado, Connecticut, Louisiana, Maryland, Minnesota, New Jersey, North Carolina, Tennessee, Utah, Virginia, Washington and the District of Columbia already have laws in place. Four U.S. senators announced their plan to push for a federal ban on July 29. U.S. Department of Transportation Secretary Ray LaHood said the Obama administration will convene a summit to discuss how it can end accidents caused by distracted drivers.
  • August 05, 2009
    * Postal Service Ends Third Quarter with $2.4 Billion Loss

    News release: "The U.S. Postal Service ended its third quarter (April 1 – June 30) with a net loss of $2.4 billion, including a non-cash adjustment that increased workers’ compensation expense by $807 million. Ongoing electronic diversion and the widespread economic recession continued to reduce mail volume, resulting in a $1.6 billion decrease in revenue for the quarter. Despite cost reductions against the fiscal 2009 plan of more than $6 billion and actions to grow revenue, the Postal Service (USPS) projects a net loss of more than $7 billion at fiscal year-end. The organization’s financial situation is compounded by its obligation to pay $5.4 billion to $5.8 billion annually to prefund retiree health benefits. This requirement, established in the Postal Accountability and Enhancement Act of 2006, is an obligation that no other government agency has to pay."

  • Complete USPS third-quarter results include operating revenue of $16.3 billion, a decrease of nearly $1.6 billion, or 9 percent, from the same period last year, and operating expenses of $18.7 billion, a reduction of $294 million, or 1.5 percent, from the third quarter of last year. Details are contained in the Postal Service Form 10-Q report, available at http://www.usps.com/financials/ (click Form 10-Q under Quarter Reports)."
  • July 30, 2009
    * Pew Survey on Wireless Internet Use

    Wireless Internet Use, by John Horrigan, July 22, 2009

  • "An April 2009 survey by the Pew Research Center’s Internet & American Life Project shows that 56% of adult Americans have accessed the internet by wireless means, such as using a laptop, mobile device, game console, or MP3 player. The most prevalent way people get online using a wireless network is with a laptop computer; 39% of adults have done this. The report also finds rising levels of Americans using the internet on a mobile handset. One-third of Americans (32%) have used a cell phone or Smartphone to access the internet for emailing, instant-messaging, or information-seeking. This level of mobile internet is up by one-third since December 2007, when 24% of Americans had ever used the internet on a mobile device. On the typical day, nearly one-fifth (19%) of Americans use the internet on a mobile device, up substantially from the 11% level recorded in December 2007. That’s a growth of 73% in the 16 month interval between surveys."
  • July 05, 2009
    * EFF Demands Public Release of FBI Surveillance Rules

    News release: "The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice [on June 24, 2009], demanding the public release of the surveillance guidelines that govern investigations of Americans by the Federal Bureau of Investigation (FBI). The FBI's Domestic Investigative Operational Guidelines went into effect in December of 2008 and detail the Bureau's procedures and standards for implementing the Attorney General's Guidelines on approved surveillance strategies...The FBI's general counsel has acknowledged that "the expansion of techniques available [to the Bureau] has raised privacy and civil liberties concerns." Investigations can include the electronic collection of information from online sources and computer databases, as well as the use of grand jury subpoenas to obtain telephone and email subscriber information. Other recent policy changes allow the FBI to engage in free-ranging investigation of Internet sites, libraries, and religious institutions." [Darlene Fichter]

    June 21, 2009
    * New on LLRX.com: Review of HTC Magic (G2) vs iPhone 3G (and 3G S)

    Review of HTC Magic (G2) vs iPhone 3G (and 3G S): Techie expert extraordinaire Nicholas Moline compares the upcoming T-Mobile G2 (HTC Magic) with the iPhone 3G, which has the new iPhone 3.0 Software. Nick ran detailed and thorough tests of each Smartphone's usability and functionality, and he highlights the respective range of features, including bar code readers, removable memory, cameras, GPS, touchscreens, email, web access, and lots more. He also shares his thoughts about which gadget delivers the best applications for users.

    June 14, 2009
    * Cyber-Ark 2009 Trust, Security & Passwords Survey Research Brief

    2009 Trust, Security & Passwords Survey Research Brief: "This global "snooping" survey is the third in a series of benchmark studies focused on identifying security and privacy trends among IT workers. Results are intended to raise awareness about the risks associated with powerful, and often unmanaged, privileged users and passwords. While seemingly innocuous, these accounts provide workers with "keys to the kingdom," allowing them to access critically sensitive information, no matter where it resides."

    June 11, 2009
    * Federal Agencies Issue Frequently Asked Questions on Identity Theft Rules

    News release: "Six federal agencies issued a set of frequently asked questions (FAQs) today to help financial institutions, creditors, users of consumer reports, and issuers of credit cards and debit cards comply with federal regulations on identity theft and discrepancies in changes of address. The “Red Flags and Address Discrepancy Rules,” which implement sections of the Fair and Accurate Credit Transactions Act of 2003, were issued jointly on November 9, 2007, by the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), Office of Thrift Supervision (OTS), and Federal Trade Commission (FTC)."

  • Frequently Asked Questions: Identity Theft Red Flags and Address Discrepancies
  • June 07, 2009
    * FTC Shuts Down Notorious Rogue Internet Service Provider

    News release: "A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet."

  • Federal Trade Commission v. Pricewert LLC also d/b/a 3FN.net, Triple Fiber Network, APS Communications, and APS Communication
  • May 31, 2009
    * Impact of URL Shorteners - Food for Thought

    URL shorteners, such as TinyURL, bit.ly and notlong.com allow users to share and post links in a quicker manner with less likelihood of misdirection. They also add an intermediary between the reader and the site of origin, and the risk of countless dead links if and when the business model of the respective services ceases to sustain a viable return.

  • See also 11 Ways to Shorten and Lengthen a Tweet
  • May 25, 2009
    * U.S. Government Agencies and Internet Retailers Receive Failing Grade in

    News release: " The Online Trust Alliance (OTA) gave leading government agencies and online retailers a failing grade in preventing deceptive email and phishing scams based on its newly released analysis of email authentication adoption. While adoption has grown over the past year, OTA found approximately 56 percent of the top .gov sites – including Whitehouse.gov, FBI.gov, Treasury.gov and DHS.gov – still are not protecting U.S. citizens through the use of email authentication. At the same time, progress has been made by other government agencies including the Census Bureau, CIA, FDIC, VA and FTC."

    April 27, 2009
    * New on LLRX.com: E-Discovery in the $50,000 Case

    E-Discovery Update: E-Discovery in the $50,000 Case - Conrad J. Jacoby's focus for this column is smaller legal disputes that may involve electronic evidence, including divorce proceedings and child custody matters, as well as criminal cases, all of which may require review of cell phone call records, SMS and e-mail exchanges.

    April 15, 2009
    * Symantec Internet Security Threat Report Volume XIV: April, 2009

    "The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a one-year period. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The fourteenth version of the report, released April 14, 2009, is now available."

  • Internet Security Threat Report Volume XIV: April, 2009 - Analysis of threat activity January - December 2008.
  • Executive Summary: April, 2009
  • March 30, 2009
    * FBI's Internet Crime Complaint Center - 2008 Internet Crime Report

    "In December 2003, the Internet Fraud Complaint Center (IFCC) was renamed the Internet Crime Complaint Center (IC3) to better reflect the broad character of such criminal matters having a cyber (Internet) nexus. The 2008 Internet Crime Report is the eighth annual compilation of information on complaints received and referred by the IC3 to law enforcement or regulatory agencies for appropriate action. From January 1, 2008 – December 31, 2008, the IC3 website received 275,284 complaint submissions. This is a (33.1%) increase when compared to 2007 when 206,884 complaints were received. These filings were composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet."

    March 17, 2009
    * Phishing Scams, Frivolous Arguments Top the 2008 “Dirty Dozen” Tax Scams

    News release: "The Internal Revenue Service issued its 2008 list of the 12 most egregious tax schemes and scams, highlighted by Internet phishing scams and several frivolous tax arguments. Topping this year’s list of scams is phishing, which encompasses numerous Internet-based ploys to steal financial information from taxpayers. New to the “Dirty Dozen” this year is a scheme, which IRS auditors discovered, that relates to unreasonable and/or excessive fuel tax credit claims."

    January 28, 2009
    * New on LLRX.com: Collaboration Through Wikis at Hicks Morley

    Collaboration Through Wikis at Hicks Morley - Heather Colman explains how wikis were an ideal KM solution for her law firm. Quick and easy to set up, requiring little IT support, wikis support central data repositories and provide features including search capabilities, email, RSS, and also allow users to create a taxonomy of subject tags to classify information.

    * Pew Survey: Generations Online in 2009

    News release: "Over half of the adult internet population is between 18 and 44 years old. But larger percentages of older generations are online now than in the past, and they are doing more activities online, according to surveys taken from 2006-2008. Contrary to the image of Generation Y as the "Net Generation," internet users in their 20s do not dominate every aspect of online life. Generation X is the most likely group to bank, shop, and look for health information online. Boomers are just as likely as Generation Y to make travel reservations online. And even Silent Generation internet users are competitive when it comes to email (although teens might point out that this is proof that email is for old people)."

  • Generations Online in 2009 and related PowerPoint Presentation
  • * Data Privacy Day 2009

    Intel: "On January 28, 2009, the United States, Canada, and 27 European countries will celebrate Data Privacy Day together for the second time. Designed to raise awareness and generate discussion about data privacy practices and rights, Data Privacy Day activities in the United States have included privacy professionals, corporations, government officials, and representatives, academics, and students across the country. One of the primary goals of Data Privacy Day is to promote privacy awareness and education among teens across the United States. Data Privacy Day also serves the important purpose of furthering international collaboration and cooperation around privacy issues."

    January 20, 2009
    * Dramatic Change Comes to WhiteHouse.gov

    "Welcome to the new WhiteHouse.gov. A short time ago, Barack Obama was sworn in as the 44th president of the United States and his new administration officially came to life. One of the first changes is the White House's new website, which will serve as a place for the President and his administration to connect with the rest of the nation and the world.

    Millions of Americans have powered President Obama's journey to the White House, many taking advantage of the internet to play a role in shaping our country's future. WhiteHouse.gov is just the beginning of the new administration's efforts to expand and deepen this online engagement. Just like your new government, WhiteHouse.gov and the rest of the Administration's online programs will put citizens first. Our initial new media efforts will center around three priorities:

    Communication...This site will feature timely and in-depth content meant to keep everyone up-to-date and educated. Check out the briefing room, keep tabs on the blog (RSS feed) and take a moment to sign up for e-mail updates from the President and his administration so you can be sure to know about major announcements and decisions.

    Transparency...The President's executive orders and proclamations will be published for everyone to review, and that’s just the beginning of our efforts to provide a window for all Americans into the business of the government. You can also learn about some of the senior leadership in the new administration and about the President’s policy priorities.

    Participation...One significant addition to WhiteHouse.gov reflects a campaign promise from the President: we will publish all non-emergency legislation to the website for five days, and allow the public to review and comment before the President signs it."

  • Online specialists praise, question White House Web site
  • January 14, 2009
    * White House Acknowledged Scope of Missing E-mails in Court Today

    Follow up to previous postings on missing White House emails, today's news release: "At a hearing today concerning the risks posed by the presidential transition to the recovery of millions of missing e-mails from the Executive Office of the President (EOP) in the National Security Archive's lawsuit seeking restoration of those e-mails, the White House acknowledged that it has done little to recover e-mail files from computer workstations and nothing to collect external media storage devices that could hold e-mails. These admissions came despite the issuance of a report and recommendation in April 2008 by a federal magistrate judge calling for the White House to locate and preserve data from the workstations and external media storage devices. Earlier today the court issued an order requiring steps to be taken to secure files from individual computer workstations, memory sticks, zip drives, DVDs and CDs."

  • "The United States District Court for the District of Columbia today granted the National Security Archive's emergency motion for an extended preservation order to protect missing White House e-mails. With the transition from the Bush Administration to the Obama Administration taking place in six days, and all the records of the Bush White House scheduled for a physical transfer to the National Archives and Records Administration (NARA) on that same day, the Court has directed the Executive Office of the President (EOP) to search all its computer work stations and has ordered EOP employees to surrender any media in their possession that may contain e-mails from March 2003 to October 2005."
  • January 05, 2009
    * New on LLRX: Metadata - What Is It and What Are My Ethical Duties?

    Metadata - What Is It and What Are My Ethical Duties?: Jim Calloway explains why every lawyer needs to understand a few basic things about metadata. He contends that the legal ethics implications of metadata “mining” are no longer just of interest to the lawyers processing electronic discovery, or the ethics mavens.

    January 04, 2009
    * New York Times Editorial - Bush Legacy of Secrecy and Consequences

    Editorial - Exit Stonewalling: "...E-mail messages that have gone suspiciously missing are estimated to number in the millions. These could illuminate some of the administration’s darker moments, including the lead-up to the Iraq war, when intelligence was distorted, the destruction of videotapes of C.I.A. torture interrogations, and the vindictive outing of the C.I.A. operative Valerie Plame Wilson. The deep-sixed history also includes improper business conducted by more than 50 White House appointees via e-mail at the Republican Party headquarters. Historians and archivists are suing the administration. We should be grateful for their efforts. Entire days of e-mail records have turned up conveniently blank at the offices of President Bush and Vice President Dick Cheney."

    December 27, 2008
    * Release of Bush White House Data to National Archives Overwhelms Infrastructure

    New York Times: "The National Archives has put into effect an emergency plan to handle electronic records from the Bush White House amid growing doubts about whether its new $144 million computer system can cope with the vast quantities of digital data it will receive when President Bush leaves office on Jan. 20. The technical challenge was an inevitable result of the explosion in cybercommunications, which will make the electronic record of the Bush years about 50 times as large as that left by the Clinton White House in 2001, archives officials estimate. The collection will include top-secret e-mail tracing plans for the Iraq war..."

    December 22, 2008
    * Federal Financial Regulators Issue Revised Identity Theft Brochure

    News release: "The federal bank, credit union, and thrift regulatory agencies today announced publication of a revised identity theft brochure – You Have the Power to Stop Identity Theft – to assist consumers in preventing and resolving identity theft. The updated brochure focuses primarily on Internet "phishing" by describing how phishing works, offering ways to protect against identity theft, and detailing steps to follow for victims of identity theft. The brochure includes contact information for three major credit bureaus, where to report suspicious e-mails, and where to access additional information."

  • Brochure: You Have the Power to Stop Identity Theft
  • November 12, 2008
    * Will E-Mail Supporter Database Be Foundation of New President's Web Initiatives?

    Washington Post: "Armed with millions of e-mail addresses and a political operation that harnessed the Internet like no campaign before it, Barack Obama will enter the White House with the opportunity to create the first truly "wired" presidency. Obama aides and allies are preparing a major expansion of the White House communications operation, enabling them to reach out directly to the supporters they have collected over 21 months without having to go through the mainstream media."

    November 10, 2008
    * Court Rules In Favor of Effort to Recover White House Emails Before Transition

    News release: "A court ruled today that the National Security Archive may proceed with its effort to force the White House to recover millions of Bush Administration Executive Office of the President (EOP) e-mail records before the presidential transition. Rejecting the government's motion to dismiss the Archive's lawsuit, the Court ruled that the Federal Records Act permits a private plaintiff to bring suit to require the head of the EOP or the Archivist of the United States to notify Congress or ask the Attorney General to initiate action to recover destroyed or missing e-mail records...The National Security Archive originally filed its case against the Executive Office of the President and the National Archives and Records Administration to preserve and restore missing e-mail federal records in September 5, 2007. A subsequent lawsuit filed by Citizens for Responsibility and Ethics in Washington has been consolidated with the Archive's lawsuit. A chronology of the litigation is available here."

    * Spamalytics: An Empirical Analysis of Spam Marketing Conversion

    Spamalytics: An Empirical Analysis of Spam Marketing Conversion, October 2008 - Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson† Stefan Savage

  • "The “conversion rate” of spam — the probability that an unsolicited e-mail will ultimately elicit a “sale” — underlies the entire spam value proposition. However, our understanding of this critical behavior is quite limited, and the literature lacks any quantitative study concerning its true value. In this paper we present a methodology for measuring the conversion rate of spam. Using a parasitic infiltration of an existing botnet’s infrastructure, we analyze two spam campaigns: one designed to propagate a malware Trojan, the other marketing on-line pharmaceuticals. For nearly a half billion spam e-mails we identify the number that are successfully delivered, the number that pass through popular anti-spam filters, the number that elicit user visits to the advertised sites, and the number of “sales” and “infections” produced.
  • October 10, 2008
    * Consumers Warned to Avoid Fake E-mails Tied to Bank Mergers

    News release: "Online scammers are taking advantage of tough economic times. While e-mails phishing for sensitive data are nothing new, scammers are taking advantage of upheavals in the financial marketplace to confuse consumers into parting with valuable personal information. The Federal Trade Commission urges caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or mortgage. In fact, these messages may be from “phishers” looking to use personal information – account numbers, passwords, Social Security numbers – to run up bills or commit other crimes in a consumer’s name. Consumers are warned not to take the bait. The FTC has advice about how to stay on guard against this type of scam. To learn more, see the consumer alert Bank Failures, Mergers and Takeovers: A ‘Phish-erman’s Special.

    October 01, 2008
    * FTC's Cyber Security Site Gets an Upgrade

    News release: "The Federal Trade Commission’s Web site that helps consumers stay on guard against Internet fraud is revamping to provide extra tools for cyber safety. The FTC’s announcement of the newly designed and improved site comes on the first day of October, which is National Cyber Security Awareness Month. Since the September 2005 launch of www.OnGuardOnline.gov and its Spanish-language counterpart, www.AlertaEnLínea.gov, more than 8.1 million visitors have learned about computer security at these sites. Now, with the help of 22 federal agencies, industry organizations, and non-profit groups, the FTC has introduced a variety of new features to help consumers avoid Internet fraud, secure their computers, and protect their personal information...The articles, games, and videos on the site provide information on 16 topics, including social networking, phishing, spam scams, and laptop security."

    September 24, 2008
    * Pew Report: Most working Americans now use the internet or email at their jobs

    News release: "A new national survey shows that 62% of adults who are currently employed use the internet or email at work and they have mixed views about the impact of technology on their work lives. On the one hand, they cite the benefits of increased connectivity and flexibility that the internet and all of their various gadgets afford them at work. On the other hand, many workers say these tools have added stress and new demands to their lives."

  • Networked Workers: Most workers use the internet or email at their jobs, but they say these technologies are a mixed blessing for them, September 24, 2008
  • September 22, 2008
    * Court Orders VP Cheney to Preserve Documents in Citizens Group Lawsuit

    Follow up on postings related to the White House visitor logs, this news release: "U.S. District Court Judge Colleen Kollar-Kotelly issued a preliminary injunction in CREW, et al. v. Cheney et al., requiring Vice President Cheney, the Office of the Vice President, the Executive Office of the President, that archivist and the National Archives and Records Administration to preserve all vice presidential records, broadly defined to encompass all records relating to the vice president carrying out his constitutional, statutory or other official or ceremonial duties."

    August 31, 2008
    * Librarian's Advice on 10 Ways to Cope with Information Overload

    Being Wired or Being Tired: 10 Ways to Cope with Information Overload: "Sarah Houghton-Jan explores different strategies for managing and coping with various types of informational overload." Ariadne, Issue 56 July 2008.

    August 27, 2008
    * NARA issues records management information for e-mail

    USA.gov: "The National Archives and Records Administration (NARA) issued e-mail archiving applications guidance July 31 for certain e-mails that are considered records under the Federal Records Act. The bulletin informs agencies that e-mail archiving technologies may not necessarily meet all of the Federal Records Act requirements."

    August 24, 2008
    * UK Government Plans Massive Personal Data Collection Effort

    Surveillance made easy, NewScientist.com news service, Laura Margottini: "This data allows investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time."

    So said the UK Home Office last week as it announced plans to give law-enforcement agencies, local councils and other public bodies access to the details of people's text messages, emails and internet activity. The move followed its announcement in May that it was considering creating a massive central database to store all this data, as a tool to help the security services tackle crime and terrorism."

      Related links:
    • UK House of Commons, Communications Data Bill: "The purpose of the Bill is to: allow communications data capabilities for the prevention and detection of crime and protection of national security to keep up with changing technology through providing for the collection and retention of such data, including data not required for the business purposes of communications service providers; and to ensure strict safeguards continue to strike the proper balance between privacy and protecting the public.
    • Siemens - Lawful Interception (Monitoring Center, Intelligence Platform) - "Authorized groups need to have direct access to communications between suspects, whether it is individuals, groups or organizations. Only then can they take appropriate action, detect, prevent and anticipate crimes and guarantee peace and security."
    August 12, 2008
    * Google Reports Virus Email Activity At All Time High In July 2008

    Official Google Enterprise Blog: "In July, our Postini datacenters saw the biggest volume of email virus attacks so far in 2008, with a peak of nearly 10 million messages on July 24. One of the more prominent attacks in the month involved a spoofed UPS package-tracking link that was intended to lure recipients into clicking on it and downloading malware. Our zero-hour virus protection technology first started catching these emails on July 20."

    July 14, 2008
    * FTC Issues Staff Report on Roundtable Discussion About Phishing Education

    News release: "The Federal Trade Commission today released a staff report on a Roundtable Discussion on Phishing Education that it hosted in April. Approximately 60 experts from business, government, the technology sector, the consumer advocacy community, and academia met at the FTC to discuss strategies for outreach to consumers about avoiding phishing. Phishers use deceptive spam that appears to come from legitimate, well-known sources to trick consumers into divulging sensitive or personal information, such as credit account numbers or passwords, often through a link to a copycat of the purported source’s Web site."

  • Roundtable Discussion On Phishing Education: A Staff Report By the Federal Trade Commission’s Division of Consumer and Business Education and Division of Marketing Practices (July 2008)
  • July 09, 2008
    * House Passes Bill to Preserve Electronic Records

    Bill Summary - H.R. 5811: The Electronic Message Preservation Act. Rep. Henry A. Waxman, Chairman, Committee on Oversight and Government Reform

  • "Investigations by the Oversight Committee have revealed significant deficiencies in the preservation of e-mail by the White House and federal agencies. H.R. 5811, the Electronic Message Preservation Act, introduced on April 15, 2008, by Reps. Waxman, Clay, and Hodes, modernizes the requirements of the Presidential Records Act and the Federal Records Act to ensure that these vital records are preserved for historians."
  • Related Legislation - Electronic Communications Preservation Act
  • July 08, 2008
    * New GAO Report Reveals Agencies are Not Complying with Requirements to Preserve E-mails

    Committee on Oversight: "Rep. Henry A. Waxman, Rep. Wm. Lacy Clay, and Rep. Paul W. Hodes released a new GAO report that finds that senior federal officials are failing to comply with requirements to preserve e-mail records. On Wednesday, the House is expected to consider legislation (H.R. 5811) to modernize the Federal Records Act and the Presidential Records Act to ensure the preservation of these important federal records.

    The new GAO report, Federal Records: National Archives and Selected Agencies Need to Strengthen E-Mail Management, finds:

    • All four of the agencies examined — the Department of Homeland Security, the Department of Housing and Urban Development, the Environmental Protection Agency, and the Federal Trade Commission — are relying on outdated and unreliable “print and file” systems for preserving e-mail records.
    • Senior agency officials did not fully comply with key requirements for preserving e-mail records. GAO reviewed the practices of 15 senior agency officials in the four agencies and found that a majority of these officials failed to manage their e-mail records in accordance with regulatory requirements. E-mails were not retained in adequate recordkeeping systems, making the e-mail records easier to lose, harder to find, and vulnerable to deletion or other tampering. Inadequate oversight and training within agencies contributed to the inconsistent compliance with preservation requirements..."

    June 16, 2008
    * Court Rules White House E-Mail Not Subject to FOIA

    Follow up - related postings on missing White House emails, today's news: News release: "Today, D.C. District Court Judge Colleen Kollar-Kotelly issued an opinion in CREW v. Office of Administration, finding that the Office of Administration (OA) is not an agency subject to the Freedom of Information Act (FOIA). In May 2007, CREW sued OA for records regarding missing White House e-mail and the office’s assessment of the scope of the problem. After initially agreeing to provide records, OA changed course and claimed it was not an agency and, therefore, had no obligation to comply with the FOIA. OA made this claim despite the fact that even the White House’s own website described OA as an agency and included regulations for processing FOIA requests."

    June 14, 2008
    * Nonprofit Industry Group Will Study Info Overload

    New York Times: "Some of the biggest technology firms, including Microsoft, Intel, Google and I.B.M., are banding together to fight information overload. Last week they formed a nonprofit group to study the problem, publicize it and devise ways to help workers — theirs and others — cope with the digital deluge."

    June 04, 2008
    * Outbound Email and Data Loss Prevention in Today's Enterprise, 2008

    Proofpoint’s Outbound Email and Data Loss Prevention in Today’s Enterprise, 2008 report - ["the survey was fielded in the US, UK, France, Germany and Australia to explore global concerns.]

    "Email remains the most important medium for communications both inside and outside the enterprise. But the convenience and ubiquity of email as a business communications tool has exposed enterprises to a wide variety of legal, financial and regulatory risks associated with outbound email. Enterprises continue to express a high level of concern about creating, managing and enforcing outbound messaging policies (for email and other communication protocols) that ensure that messages leaving the organization comply with both internal rules, best practices for data protection and external regulations. In addition, organizations remain very concerned about ensuring that email (and other electronic message streams) cannot be used to disseminate confidential or proprietary information...The results show that data protection concerns are not confined to the US and that globally, email, webmail, FTP, blogs message boards, media sharing sites and social networking sites are a source of concern as well as real-world risk for IT professionals working in large enterprises."

    April 23, 2008
    * New GAO Reports: Abstinence Education, Antidumping and Countervailing Duties, E-Mail Management by Federal Agencies, NTSB
    • Abstinence Education: Assessing the Accuracy and Effectiveness of Federally Funded Programs, GAO-08-664T, April 23, 2008
    • Antidumping and Countervailing Duties: Congress and Agencies Should Take Additional Steps to Reduce Substantial Shortfalls in Duty Collection, GAO-08-391, March 26, 2008
    • Federal Records: Agencies Face Challenges in Managing E-Mail, GAO-08-699T, April 23, 2008: "Federal agencies are increasingly using electronic mail (e-mail) for essential communication. In doing so, they are potentially creating messages that have the status of federal records, which must be managed and preserved in accordance with the Federal Records Act. To carry out the records management responsibilities established in the act, agencies are to follow implementing regulations that include specific requirements for e-mail records. In view of the importance that e-mail plays in documenting government activities, GAO was asked to testify on issues relating to the preservation of electronic records, including e-mail."
    • Homeland Security: Enhanced National Guard Readiness for Civil Support Missions May Depend on DOD's Implementation of the 2008 National Defense Authorization Act, GAO-08-311, April 16, 2008
    • Human Capital: Workforce Diversity Governmentwide and at the Small Business Administration, GAO-08-725T, April 23, 2008
    • Intelligence, Surveillance, and Reconnaissance: DOD Can Better Assess and Integrate ISR Capabilities and Oversee Development of Future ISR Requirements, GAO-08-374, March 24, 2008
    • National Transportation Safety Board: Progress Made in Management Practices, Investigation Priorities, Training Center Use, and Information Security, But These Areas Continue to Need Improvement, GAO-08-652T, April 23, 2008
    April 17, 2008
    * Ruling on Preservation of White House E-Mails Awaited

    News release: "Today, the White House sought clarification from the court concerning its ability to restore missing records from backup tapes that are currently being preserved. The White House inquiry comes as the National Security Archive continues to await a ruling by the United States District Court for the District of Columbia on its pending motion to extend an e-mail preservation order against the Executive Office of the President (EOP) and to depose relevant witnesses about the state of the White House's e-mail archiving system.

    A new bill to establish procedures to assure the preservation of electronic federal and presidential records was introduced this week by Rep. Henry A. Waxman (D-CA), Rep. Wm. Lacy Clay (D-MO), and Rep. Paul W. Hodes (D-NH) (H.R. 5811), but that bill would have no effect on the e-mails that are the subject of the pending lawsuit. A new chronology of events in the White House e-mail lawsuits was also published on the Web today by the Archive.

  • Related postings on missing White House emails
  • April 12, 2008
    * University of Chicago Law Removes Classroom Web Access

    Jerry Crimmins, Chicago Daily Law Bulletin, April 10, 2008: " The University of Chicago Law School has removed Internet access in most of its classrooms because of a growing problem of students surfing the Web on laptops during lectures...Law students' use of laptops to surf the Web, read and write e-mail and play computer games during class has brought changes at a number of schools, including Harvard, Yale and Stanford."

    March 21, 2008
    * White House Discloses Destruction of Computer Hard Drives

    Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, news today from AP: "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."

    March 18, 2008
    * Judge Orders White House to Show Cause Why Missing Email Should Not be Recovered

    Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, today's news release: "Today, in response to a request by the National Security Archive, which along with Citizens for Responsibility and Ethics in Washington (CREW) has sued the White House challenging its failure to preserve millions of missing email, Magistrate Judge Facciola issued a show cause order in CREW, et al. v. EOP. Judge Facciola's order requires the White House to show cause by close of business Friday, March 21, why it should not be ordered to create and preserve a forensic copy of any media that has been used or is being used by any former or current employee between March 2003 and October 2005, the period of time for which email is missing. He entered the Order based at least in part on the White House's own admission that it did not preserve back-up tapes prior to October 2003."

  • National Security Archive: Memorandum of Points and Authorities in Support of Emergency Motion to Extend TRO/Preservation Order and for Depositions, March 11, 2008
  • March 14, 2008
    * VoIP: Who Might Be Spying on Your Communications?

    VOIP-News: "Email, IM (instant messaging) and even VoIP solutions like Skype and Vonage have taken over communications in both the business and social worlds. These systems work well because they're a much-needed solution for high phone bills, static-filled communications and dropped cell-phone calls. Internet-based communication methods also give users optimum remote access, since all one needs to use VoIP or send an IM is an Internet connection. But with this increase in popularity comes serious security issues. VoIP technology is still relatively new, and hackers are finding new ways to rip off service providers and their customers. Just who might be spying on your online communications? You might be surprised."

    March 06, 2008
    * Trio of Commerce Chairmen Call for Further Investigation Based on Latest Domestic Surveillance Allegations

    Electronic Frontier Foundation: "Three powerful House Commerce Committee Chairmen strongly urged their colleagues Thursday to defer acting on requests for retroactive immunity and to demand more information from the White House and the telecommunications companies in the wake of disclosures by another whistleblower that the government apparently has been granted an open gateway to customer information and calls by a major telecommunications company."

    • March 6, 2008 Dear Colleague letter, written by John Dingell, Chairman of the House Committee on Energy and Commerce; Ed Markey, Chairman of the House Subcommittee on Telecommunications and the Internet; and Bart Stupak, Chairman of the Subcommittee on Oversight and Investigations: "..Yesterday another whistleblower stepped forward with troubling charges that at least one major wireless telecommunications giant may have given a Congressional entity access to every communications coming through that company's infrastructure, including every e-mail, Internet use, document transmission, video and text message, as well as the ability to listen in on any phone call."

    • Related postings on domestic surveillance program

    March 02, 2008
    * Pelosi: Response to Administration Decision Not to Enforce Contempt Citations of Miers and Bolten

    News release: "Speaker Nancy Pelosi released the following statement February 29, 2008 in response to a letter she received late this afternoon from U.S. Attorney General Michael Mukasey stating that the Administration is refusing to enforce contempt of Congress citations against former White House Counsel Harriet Miers and White House Chief of Staff Joshua Bolten:

    “By ordering the U.S. Attorney to take no action in response to congressional subpoenas, the Bush Administration is continuing to politicize law enforcement, which undermines public confidence in our criminal justice system. Anticipating this response from the Administration, the House has already provided authority for the Judiciary Committee to file a civil enforcement action in federal district court and the House shall do so promptly. The American people demand that we uphold the law. As public officials, we take an oath to uphold the Constitution and protect our system of checks and balances and our civil lawsuit seeks to do just that.”

  • AP: Mukasey Refuses Probe of Bush Aides Mukasey Refuses to Order Grand Jury Probe of Bush Chief of Staff, Ex-White House Counsel
  • * 2007 Electronic Monitoring and Surveillance Survey

    2007 Electronic Monitoring & Surveillance Survey - Over Half of All Employers Combined Fire Workers for E-Mail & Internet Abuse, February 28, 2008

  • "From e-mail monitoring and Website blocking to phone tapping and GPS tracking, employers increasingly combine technology with policy to manage productivity and minimize litigation, security, and other risks. To motivate compliance with rules and policies, more than one fourth of employers have fired workers for misusing e-mail and nearly one third have fired employees for misusing the Internet, according to the 2007 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and The ePolicy Institute."
  • February 26, 2008
    * Committee Holds Hearing on Electronic Records Preservation at the White House

    Committee Holds Hearing on Electronic Records Preservation at the White House, Chairman Waxman's Opening Statement, February 26, 2008:
    "...When President Clinton left office and President Bush came into office, the White House had in place a system for archiving White House e-mails that complied with the Presidential Records Act...In its place, the White House adopted a system that one of its own experts described as “primitive” and carried a high risk that "data would be lost." The system also had serious security flaws. Until the problem was corrected in 2005, all officials in the White House had access to the archive system and the ability to delete or alter existing information. The White House’s own analysis of its system identified over 700 days in which e-mail records seem either impossibly low or completely nonexistent. This 2005 analysis was prepared by a team of 15 White House officials and contractors."

    February 25, 2008
    * Committee to Hold Hearing on Electronic Records Preservation at the White House

    "On Tuesday, February 26, 2008, at 10:00 a.m., in room 2154 of the Rayburn House Office Building, the full Committee on Government Oversight and Reform will hold a hearing entitled Electronic Records Preservation at the White House."

  • Related postings on missing White House email
  • February 20, 2008
    * A Portrait of Early Internet Adopters: Why People First Went Online --and Why They Stayed

    A Portrait of Early Internet Adopters: Why People First Went Online --and Why They Stayed, by Amy Tracy Wells, Research Fellow, Pew Internet & American Life Project, February 20, 2008

  • "In our survey, we asked these long time internet users why they first went online. The majority of respondents noted "to communicate with colleagues." When asked what their favorite application was at the time they first went online, most said email. This is not much different from what we found in a survey in February-March 2007: 56% of respondents reported sending email yesterday -- the day before they were contacted in the survey."
  • February 17, 2008
    * Registry of USG Recommended Biometric Standards

    "This Registry of USG Recommended Biometric Standards (Registry) supplements the NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards. This Registry is based upon interagency consensus on biometric standards required to enable the interoperability of various Federal biometric applications, and to guide Federal agencies as they develop and implement related biometric programs. Version 1.0 of this Registry document is being presented to the public for review, with comments due by March 10, 2008. The Subcommittee will review all comments received, make necessary adjustments, and finalize the Registry through normal NSTC approval processes. The Subcommittee will continuously review the content of this document, and release updated versions as required to assist agencies in the implementation and reinforcement process of biometric standards to meet agency-specific mission needs."

    February 06, 2008
    * Cisco Study on Remote Workers Reveals Need for Greater Diligence Toward Security

    "Cisco® today announced key findings from its annual global study on remote workers' security awareness and online behavior, indicating how they can inadvertently heighten risks for themselves and the companies they work for. The study's findings are prompting Cisco security executives to offer recommendations to information technology (IT) professionals on how to protect their companies against threats and maximize the business benefits of distributed and mobile workforces."

    February 04, 2008
    * Call for Special Counsel to Investigate Missing White House Emails

    Follow up to previous postings on the controversy surrounding missing White House email, this press release: "Today, in light of the emerging details of the disappearance of millions of White House emails, Citizens for Responsibility and Ethics in Washington (CREW) sent a letter to Attorney General Michael B. Mukasey asking that he appoint a special counsel to investigate the matter. Specifically, CREW asked for an investigation into whether the White House violated federal record-keeping laws by knowingly failing to preserve and restore millions of emails and by deliberately failing to use an effective and appropriate record-keeping system for the preservation of federal and presidential electronic records. The White House is subject to two sets of federal laws governing how it must maintain and preserve its records, the Federal Records Act (FRA) and the Presidential Records Act (PRA)."

    * FBI Identifies Recurring Fraudulent E-mail Scam

    Press release: "The FBI has recently developed information indicating cyber criminals are attempting to once again send fraudulent e-mails to unsuspecting recipients stating that someone has filed a complaint against them or their company with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau."
    Related resources:

  • FBI's New E-Scams & Warnings website

  • The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • January 31, 2008
    * Minimizing the Effect of Malware on Your Computer: FTC Offers Information on Protecting, Reclaiming Your Computer

    "Criminals are hard at work thinking up creative ways to get malware on your computer, warns the Federal Trade Commission. With appealing Web sites, desirable downloads, and compelling stories, these criminals try to lure consumers to links that will download malware, especially on computers that don’t use adequate security software. Then, they use the malware – malicious software – to steal personal information, send spam, and commit fraud. A new publication from the FTC has information that could help consumers protect their computers against malware and reclaim their computer and electronic information if malware is already on their computer. The publication, Minimizing the Effects of Malware, provides tips on spotting malware, and urges consumers to act immediately if they suspect their computer is affected by malware."

    * IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting

    Press release: "The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond. The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up."

    January 27, 2008
    * Tech Writers Speculates on World Without Internet

    What if the Internet went down...and didn't come back up? By Lynn Greiner, CIO.com, 01/22/08

  • "Imagine, if you will, a world with no Internet. No e-mail. No e-commerce. And no BlackBerrys. E-mail would be supplanted by snail mail; cell phones by land lines. Now imagine what the future would look like. Futurists say virtual business services of all sorts, accounting, payroll and even sales would come to a halt, as would many companies.
  • January 24, 2008
    * Sensitive Data Retrieved From Used Government Tapes

    Press release: "Congresswoman Betty McCollum (MN-04), has sent a letter to the Government Accountability Office asking that it reopen its investigation of the privacy and national security risks posed by government agencies reselling used magnetic data tapes that may once have contained large amounts of sensitive personal and government information. Researchers working for Imation, an Oakdale, MN-based corporation that produces magnetic data tapes, were able to recover a wide range of sensitive information from used data tapes that were supposedly wiped clean before being re-sold. Using readily available equipment and information, Imation investigators found out where the tapes originated and recovered bank account numbers, expense reports, employee tax and benefit information, and other sensitive data."

    January 21, 2008
    January 18, 2008
    * Chairman Waxman Schedules Hearing to Examine Preservation of White House E-mails

    Follow up to previous postings on missing White House emails, from the House Oversight Committee: "On February 15, the Committee will hold a hearing to investigate White House compliance with the Presidential Records Act. Statements made at the January 17 White House press briefing contradict information provided to the Committee, which revealed that a 2005 White House analysis found no archived mail for hundreds of days between 2003 and 2005. The following officials have been invited to testify: Fred Fielding, Counsel to the President; Alan Swendiman, Director, Office of Administration; Allen Weinstein, Archivist of the United States."

  • Letter to Fred Fielding

  • Letter to Allen Weinstein

  • White House Press Briefing by Tony Fratto for January 17, 2008: "...I'm saying we have no evidence that shows that anything at all is missing. And you're saying, well, have you found the missing emails -- and we say we have no evidence that anything is missing..."
  • January 16, 2008
    * White House Filing in CREW Lawsuit Verfies Deficiences in Email Archiving System

    Follow up to previous postings on missing White House emails, today's Press release from Citizens for Responsibility and Ethics in Washington (CREW): "Yesterday’s midnight filing by the White House in CREW v. Executive Office of the President, a lawsuit challenging the failure of the White House to preserve and restore millions of missing emails, raises some very troubling questions...The White House has now admitted that it does not have an effective system for storing and preserving emails. This is no mere technicality; it is this failure that led to the likely destruction of over 10 million email. What the White House has not explained is why it abandoned the electronic record-keeping system used by the prior administration -- a system that properly preserved White House email -- but did not replace it with another effective and appropriate system."

  • National Security Archive: White House Admits No Back-Up Tapes for E-mail Before October 2003
  • January 12, 2008
    * British Educational Communications and Technology Agency Report on Windows Vista and Microsoft Office 2007

    Press release: "Becta [British Educational Communications and Technology Agency], the education technology agency, has published a key report on Microsoft Vista and Office 2007 and on document interoperability which analyses the suitability of both software packages for adoption by schools and colleges."

  • Microsoft Vista and Office 2007: full report, Published: 9 January 2008, Publication ID: BEC1-15529, 40 pages, PDF
  • January 08, 2008
    * Magistrate Judge Rules White House Must Answer Questions About Missing White House E-mails

    Follow up to postings on missing White House E-mail, from the National Security Archive: "In an Order issued today, Magistrate Judge Facciola of the United States District Court for the District of Columbia ordered the White House to answer questions about over 5 million missing e-mails generated between 2003-2005. Noting that the need for information the missing e-mails is "time-sensitive" because of the risk that stored copied of the e-mails "are increasingly likely to be deleted or overridden with the passage of time," the Court demanded answers in a sworn declaration by January 13, 2008 about the location of the missing e-mails."

  • Via CREW, document library related to Judge Issues Order Demanding Answers from the White House on Back-Ups of 10 Million Missing Emails
  • December 28, 2007
    * FTC Issues Staff Report on Malicious Spam and Phishing

    Press release: "In a new report, the Federal Trade Commission staff describes findings from its July 2007 workshop, “Spam Summit: The Next Generation of Threats and Solutions” and proposes follow-up action steps that stakeholders can adopt to mitigate the harmful effects of malicious spam and phishing. In addition to proposing action steps for stakeholders, the report provides an overview of the agency’s decade-long role in protecting consumers from the threats of fraudulent spam and phishing. The report also announces results from staff’s 2007 Harvesting and Filtering Study, which suggest that Internet service providers’ spam filters continue to serve an integral role in reducing the amount of spam that reaches consumers’ in-boxes."

  • Spam Summit: The Next Generation of Threats and Solutions (39 pages, PDF)
  • * Proofpoint Reports Spam Email Trends for November 2007

    Press release: "Proofpoint, Inc., the leading provider of unified email security and data loss prevention solutions, today reported spam trends for data collected during the month of November 2007, finding that, on average, spam continues to represent nearly 90% of the total email volume received by large enterprises. Attachment-based spam made a comeback with the prevalence of image-based spam, PDF spam and Microsoft Word document spam all increasing over October levels."

    November 29, 2007
    * Annual McAfee Virtual Criminology Report

    McAfee Virtual Criminology Report - Cybercrime: The Next Wave - The annual McAfee global cyber trends study into organized crime and the Internet in collaboration with leading international security experts, November 2007.

  • "For this report we consulted with more than a dozen security specialists at top institutions such as NATO, the FBI, SOCA, the Center for Education and Research in Information Assurance and Security (CERIAS), the International Institute for Counter -Terrorism in Israel and the London School of Economics. These experts are also on the front lines in the fi ght against cybercrime every day, and we asked for their insights on the state of this dangerous underworld - as well as their predictions on where it’s going next...the experts agree that cybercrime has evolved significantly in complexity and scope. Espionage. Trojans. Spyware. Denial-of-service attacks. Phishing scams. Botnets. Zero-day exploits. The unfortunate reality is that no one is immune from this malicious industry’s reach — individuals, businesses, even governments. As the world has flattened, we’ve seen a signifi =cant amount of emerging threats from increasingly sophisticated groups attacking organizations around the world. And it’s only going to get worse..."

  • November 20, 2007
    * Senate Finance Committee Releases Report on Investigation of Avandia

    Prepared Statement of Senator Max Baucus (D-Mont.) Regarding the Finance Committee Investigation of Avandia, November 15, 2007: "We place a great deal of trust in pharmaceutical companies to make safe and effective products.The health of millions of Americans, from young children to retirees, depends on the careful work of these drug manufacturers. Today, Senator Grassley and I are placing in the Congressional Record a Senate Finance Committee staff report which describes a very disturbing series of events related to the safety of the diabetes drug Avandia. The report presents evidence that a pharmaceutical company allegedly tried to intimidate a doctor who raised concerns about Avandia’s link to heart problems. This occurred after the doctor gave speeches at two scientific meetings where he warned of the cardiovascular risks to those using Avandia, a drug designed to control glucose levels in diabetics. To make matters worse, the company in question denied trying to intimidate the doctor in the
    press. That claim is seriously challenged by emails presented in the staff report."

  • Committee Staff Report: “The Intimidation of Dr. John Buse and the Diabetes Drug Avandia”, November 2007
  • November 12, 2007
    * Judge Issues Restraining Order to Preserve White House E-Mail

    Press release: "Today, U.S. District Judge Henry Kennedy granted Citizens for Responsibility and Ethics in Washington's (CREW) request for a temporary restraining order to prevent the White House from destroying back-up copies of millions of deleted emails while the lawsuit is pending. CREW brought this lawsuit against the Executive Office of the President and the National Archives and Records Administration challenging their failure to restore and preserve millions of emails deleted from White House servers and to institute an effective electronic record-keeping system. When the White House refused to give adequate assurances that it would preserve back-up copies of the deleted emails -- the only source of these important historical records [see Federal Records Act] -- CREW sought a temporary restraining order."

  • Citizens for Responsibility and Ethics in Washington v. Executive Office of the Presidentet al., November 12, 2007
  • October 28, 2007
    * Archive Seeks to Discover Full Extent of Missing E-Mails at White House

    Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act: "The National Security Archive filed a motion on Friday, October 26, seeking expedited discovery against the Executive Office of the President to find out what e-mails are missing from the White House e-mail system or backup tapes. Archive General Counsel Meredith Fuchs explained, “The pressing need for the information arises out of troubling representations by the EOP and its components about its document preservation obligations and the location of its backup tapes. We need information so we can take steps to preserve all possible sources of e-mails deleted from the White House servers.” Also on Friday, a similar motion was filed in a virtually identical lawsuit brought by Citizens for Responsibility and Ethics in Washington (CREW) on September 25, 2007.

    The Archive filed this case on September 5, 2007, against the Executive Office of the President (EOP) and its components seeking to recover at least 5 million federal e-mail records improperly deleted by the EOP. After the government failed to provide adequate assurances that backups and copies of the missing e-mail would be preserved throughout this litigation, on October 11, 2007, CREW filed a motion for a temporary restraining order against the White House defendants in its case. A hearing in CREW’s case was held before Magistrate Judge Facciola on October 17, 2007. Magistrate Judge Facciola issued a Report and Recommendation on October 19, 2007, advising the Court to grant a temporary restraining order. The government has filed objections to Magistrate Judge Facciola’s Report and Recommendation, and CREW has responded to the government’s objections."

    October 19, 2007
    * Judge Recommends White House Cease Destruction of Backup Emails

    Follow up to October 17, 2007 posting, Court Indicates Order on Missing White House Email Forthcoming, from CREW: "Today, in CREW v. EOP, Magistrate Judge John Facciola issued a report and recommendation in which he concluded that a temporary restraining order should be issued by District Court Judge Henry Kennedy preventing the White House from destroying any back-up copies – in whatever medium - created to preserve data. CREW sought this order to ensure that back-up copies of the millions of email deleted from White House servers between March 2003 and October 2005 were preserved pending resolution of CREW's lawsuit challenging as contrary to law those deletions and the failure of the White House to have an effective electronic record-keeping system in place. The court refused to accept the last-minute proffer of the White House to provide a declaration in lieu of a court order, explaining that a declaration is not sufficient because a violation is not punishable by contempt. The White House has 10 days in which to file an objection to this recommendation, after which Judge Kennedy will issue an order."

    October 17, 2007
    * Court Indicates Order on Missing White House Email Forthcoming

    Follow up to previous posting, Group Issues Report on Missing White House Emails and Violations of the Presidential Records Act, from AP today news that "U.S. Magistrate John M. Facciola indicated Wednesday [that he] may order the Bush administration to preserve copies of all White House e-mails, a move that a government lawyer argued strongly against."

    October 11, 2007
    * PhishTank Annual Report: U.S. telecoms hosting phishes; OpenDNS offering a solution

    Press release: "With a full twelve months under our belt, today OpenDNS published the first-ever PhishTank annual report. The report looks at the more than 300,000 phishes you’ve submitted and helped verify over the course of one year. While some of the report’s findings come as no surprise (e.g., PayPal and eBay round out the top of the list of most spoofed brands), some are alarming. Perhaps the most important finding, and the one that drove us to come up with a fix, is that U.S. telecoms are hosting more phishes than telecoms in any other country."

    September 05, 2007
    * Archive Sues to Recover 5 Million Missing White House E-mails

    Follow up to previous postings on missing White House e-mails and violations of the Presidential Records Act, this press release: "The National Security Archive today sued the White House seeking the recovery and preservation of more than 5 million White House e-mail messages that were apparently deleted from White House computers between March 2003 and October 2005. The lawsuit filed this morning in U.S. District Court for the District of Columbia names as defendants the Executive Office of the President and its components that are subject to the Federal Records Act, including the White House Office of Administration (OA), and the National Archives and Records Administration (which is responsible for long-term preservation of federal and presidential records), under the records laws and the Administrative Procedure Act."

    August 31, 2007
    * Bloomberg Reports White House E-Mails Lost Despite Daily Audits

    Follow up to previous postings re the ongoing Congressional investigation into missing White House emails, news from Bloomberg that "an [unidentified] outside contractor...conducted daily audits of the [White House] e-mail system..." and yet "5 million e-mails from March 2003 to October 2005 are missing..."

    August 30, 2007
    * Committee Requests Information on Reports of Lost White House E-mails

    "Today Chairman Waxman wrote [Letter to Fred Fielding] to request information from the White House Office of Administration about reports that millions of e-mails that may have been lost from the White House e-mail system."

  • Related postings on White House e-mail investigation
  • August 13, 2007
    * Team of University of California Researchers Identify "Spamscatter" Technique

    PC World: Study Finds Spam's Achilles Heel - "Researchers say they've discovered a critical weakness in the spam infrastructure."

  • Spamscatter: Characterizing Internet Scam Hosting Infrastructure, David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the USENIX Security Symposium, Boston, MA, August 2007.

  • See also The New Yorker, Damn Spam, The losing war on junk e-mail,
    by Michael Specter, August 6, 2007: "Nearly two million e-mails are dispatched every second, a hundred and seventy-one billion messages a day. Most of those messages have something to sell...Spam’s growth has been metastatic, both in raw numbers and as a percentage of all mail. In 2001, spam accounted for about five per cent of the traffic on the Internet; by 2004, that figure had risen to more than seventy per cent. This year, in some regions, it has edged above ninety per cent—more than a hundred billion unsolicited messages clogging the arterial passages of the world’s computer networks every day."
  • July 24, 2007
    * Committee Requests Specific Tillman Documents from the White House

    "Today Chairman Waxman and Ranking Member Davis sent a letter to the White House requesting specific documents related to the death of U.S. Army Corporal Patrick Tillman, who was killed by friendly fire in Afghanistan in 2004. The White House has made available for staff review approximately 400-450 pages, which had previously been redacted or withheld. Following this review, the Committee is requesting that the White House provide the Committee several internal e-mail communications as well as drafts of the President's remarks about Corporal Tillman at the White House Correspondents' Dinner."

  • Related postings on the death of Corporal Tillman
  • July 22, 2007
    * UK Inbox-Outbox 2007 Survey

    "Over 50 per cent of UK business users are unable to walk away from their emails when on holiday or off sick, according to new research announced at the Inbox/Outbox 2007 event." Ian Williams, vnunet.com 20 Jul 2007

  • Mesmo Consultancy: Inbox-Outbox 2007 Survey, Summary of Findings
  • July 10, 2007
    * FTC Spam Summit: The Next Generation of Threats and Solutions

    Spam Summit: The Next Generation of Threats and Solutions: "A two-day conference that will bring together experts from the business, government, and technology sectors, consumer advocates, and academics to explore consumer protection issues surrounding spam, phishing and malware. The agenda and a list of participants can be found here."

    July 09, 2007
    * Google Purchases Online Security Firm Postini

    Press release: "Google Inc. announced today that it has signed a definitive agreement to acquire Postini, a global leader in on-demand communications security and compliance solutions serving more than 35,000 businesses and 10 million users worldwide. Postini's services -- which include message security, archiving, encryption, and policy enforcement -- can be used to protect a company's email, instant messaging, and other web-based communications. Under the terms of the agreement, Google will acquire Postini for $625 million in cash, subject to working capital and other adjustments, and Postini will become a wholly-owned subsidiary of Google. The agreement is subject to customary closing conditions and is expected to close by the end of the third quarter 2007."

    June 25, 2007
    * Reverberations in Case Involving FBI NSLs and Connecticut Librarians

    Follow up to previous postings on Connecticut librarians and FBI NSL gag order, via Wired Blog, Librarians Describe Life Under An FBI Gag Order: "Two Connecticut librarians on Sunday [at the 2007 ALA Annual Conference in Washington, DC] described what it was like to be slapped with an FBI national security letter and accompanying gag order."

  • From the conference program: Lifting the Gag: Patron Privacy and the Patriot Act: "When a federal lifetime gag order prevented our speakers from revealing that the FBI had demanded library records, they refused to comply. Represented by the ACLU, they successfully sued the government. Of the thousands who have received National Security Letters, Mr. Chase, Ms. Bailey and two colleagues are the only ones free to discuss the experience. They will discuss their personal and professional roles in defending patron privacy. Speakers: Peter Chase, Library Director, Plainville Public Library; Barbara Bailey, Director, Wells Turner Public Library"
  • * Report Tracks May 2007 Spam Spikes

    MessageLabs Intelligence Report: Increased Number of Spam Spikes and New Image Spam Techniques Cause Trouble for Businesses: "Analysis of [May 2007] data showed that spammers continue to innovate and employ new methods to elude traditional anti-spam solutions. Rather than embedding images in the body of an email message, spammers are now hosting images on sites that do not require registration and include links to those sites or an HTML image in the email message."

  • The full report can be downloaded here.
  • June 24, 2007
    * Special Report Examines Role of Info Industry Big Three in Web Security

    NEWS.COM Special Report: Wardens of the WebTalkBack: Global security challenge falls to an elite corps, June 25, 2007

  • "The job of policing the Web has been left to the corporate world by default. The burden weighs heavily on a trio of companies in particular: Google, Yahoo and Microsoft--the three firms with the most traffic on the Web. Their work, alone or in concert, will likely define what kind of security can be expected for e-mail, purchases, bill payment, other financial transactions and practically anything else involving personal information of the most sensitive nature."
  • June 22, 2007
    * The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010

    The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010 - "In this detailed white paper, IDC researches and analyzes the impact of ever-increasing amounts of digital information generated worldwide. It defines the digital universe and forecasts its growth to an incredible 988 exabytes (or 988 billion gigabytes) in the year 2010. Get a clear picture of what this expanding universe means to you and your organization. Find out what’s driving growth—from files and e-mail to voice data and images. And learn about strategies for managing the rapidly expanding digital universe."

  • Related review, Backbone Magazine: Data explosion—each of us sent six exabytes of e-mail last year, June 7, 2007 - "In 2006, the amount of digital information created, captured and replicated worldwide was equal to 161 billion gigabytes, or 161 exabytes [...the 161 exabytes generated in 2006 total approximately three million times more information than is contained in all the books ever written.] If you took that information and bound it in books the size of the latest Harry Potter novel, you’d get 12 stacks of books that each stretched from the Earth to the Sun."
  • June 18, 2007
    * Court Protects Email from Secret Government Searches

    EFF press release: "The government must have a search warrant before it can secretly seize and search emails stored by email service providers, according to a landmark ruling Monday in the 6th U.S. Circuit Court of Appeals. The court found that email users have the same reasonable expectation of privacy in their stored email as they do in their telephone calls -- the first circuit court ever to make that finding."

  • the full ruling in Warshak v. United States. The decision is also available from court, here.

  • EFF's resources on the case, including its amicus brief
  • * Oversight Committee Investigation of Use of RNC E-Mail Accounts by White House Officials

    Administration Oversight, White House Use of Private E-mail Accounts: "The Oversight Committee has been investigating whether White House officials violated the Presidential Records Act by using e-mail accounts maintained by the Republican National Committee and the Bush Cheney ‘04 campaign for official White House communications. This interim staff report provides a summary of the evidence the Committee has received to date, along with recommendations for next steps in the investigation."

    The information the Committee has received in the investigation reveals:

  • "The number of White House officials given RNC e-mail accounts is higher than previously disclosed..."

  • "White House officials made extensive use of their RNC e-mail accounts."

  • "There has been extensive destruction of the e-mails of White House officials by the RNC."

  • "There is evidence that the Office of White House Counsel under Alberto Gonzales may have known that White House officials were using RNC e-mail accounts for official business, but took no action to preserve these presidential records."


  • Documents and Links
  • Investigation of Possible Violations of the Presidential Records Act

  • Deposition of Susan Ralston

  • Errata Sheet for Deposition of Susan Ralston

  • Related postings on U.S. Attorney firings
  • June 17, 2007
    * Office of Special Counsel Directs 18 Agencies to Preserve E-Mail for Investigation

    Daniel Pulliam at Govexec.com reported, "Eighteen agencies have been asked by the Office of Special Counsel to preserve electronic information dating back to January 2001 as part of its governmentwide investigation into alleged violations of the law that limits political activity in federal agencies. The OSC task force investigating the claims has asked agencies, including the General Services Administration, to preserve all e-mail records, calendar information, phone logs and hard drives going back to the beginning of the Bush administration."

    June 15, 2007
    * Article Identifies Image Spam and Explains Rising Use

    Image Spam: By the Numbers, by Scott Berinato: "Image Spam—an e-mail solicitation that uses graphical images of text to avoid filters—is not new. Recently, though, it reached an unprecedented level of sophistication and took off. A year ago, fewer than five out of 100 e-mails were image spam, according to Doug Bowers of Symantec. Today, up to 40 percent are. Meanwhile, image spam is the reason spam traffic overall doubled in 2006, according to antispam company Borderware. It is expected to keep rising."

    June 13, 2007
    * FTC Offers Information on Botnets, Hackers, and Spam

    Press release: "Tens of thousands of consumers are unwitting accomplices of illegal spammers and at the mercy of identity thieves, warns the Federal Trade Commission. These consumers’ computers have been secretly hijacked by criminals who install spam-sending software and spyware on the computers when consumers open malicious e-mail attachments or visit a malicious Web site. After gaining access to consumers’ computers, the criminals can track consumers’ Internet surfing, steal personal information, and turn the computers into spam “zombies” that are part of a “botnet” made up of thousands of home computers through which spammers route spam. In a new consumer alert, Botnets and Hackers and Spam (Oh, My!), the FTC urges consumers to secure their personal information and stop assisting spammers."

  • See also the government consortium resource, OnGuard Online
  • June 10, 2007
    * Privacy Ranking Report of Internet Service Companies

    Source: "Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations. PI is based in London, and has an office in Washington, D.C. Together with members in 40 countries, PI has conducted campaigns throughout the world on issues ranging from wiretapping and national security activities, to ID cards, video surveillance, data matching, police information systems, and medical privacy, and works with a wide range of parliamentary and inter-governmental organisations such as the European Parliament, the House of Lords and UNESCO."

  • Background report from Privacy International - "A Consultation report: This report has been prepared by Privacy International following a six-month investigation into the privacy practices of key Internet based companies. The ranking lists the best and the worst performers both in Web 1.0 and Web 2.0 across the full spectrum of search, email, e-commerce and social networking sites.
    The analysis employs a methodology comprising around twenty core parameters. We rank the major Internet players but we also discuss examples of best and worst privacy practice among smaller companies. The report was compiled using data derived from public sources (newspaper articles, blog entries, submissions to government inquiries, privacy policies etc), information provided by present and former company staff, technical analysis and interviews with company representatives. Because the 2007 rankings are a precedent, Privacy International will regard the current report as a consultation report and will establish a broad outreach for two months to ensure that any new and relevant information is taken into account before publishing a full report in September."

  • Interim results are available here in PDF format, 6 pages

  • Related: An Open Letter from Privacy International to Google, 10/06/2007
  • May 25, 2007
    * Leahy, Specter Ask Rove Lawyer To Voluntarily Provide “Lost” E-Mails Related To Panel's Probe

    Follow-up to previous postings on the U.S. attorney firings, this May 25, 2007 ress release: "Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Arlen Specter (R-Pa.) sent the following letter to Karl Rove’s attorney seeking access to e-mails related to the panel’s ongoing investigation into the firings of U.S. Attorneys and politicization within the Department of Justice."

    May 23, 2007
    * Pew Research Survey on Spam 2007

    Press release: "The volume of spam is growing in Americans' personal and workplace emailaccounts, but email users are less bothered by it.
    Spam continues to plague the internet as more Americans than ever say they are getting more spam than in the past. But while American internet users report increasing volumes of spam, they also indicate that they are less bothered by it than before. Users have become more sophisticated about dealing with spam; fully 71% of email users use filters offered by their email provider or employer to block spam... Spam has not become a significant deterrent to the use of email, as some observers speculated it might when unsolicited email first began flooding users' inboxes several years ago. But it continues to degrade the integrity of email. Some 55% of email users say they have lost trust in email because of spam."

  • Here is a link to the complete report.
  • May 02, 2007
    * Judiciary Chairman Issues Subpoena For 'Lost' Karl Rove E-Mails

    Press release: "Senator Patrick Leahy (D-Vt.), chairman of the Judiciary Committee, Wednesday issued a subpoena to Attorney General Alberto Gonzales (6 pages, PDF) compelling the Department of Justice to provide all Karl Rove e-mails in its possession related to the panel’s ongoing investigation into the mass firings of federal prosecutors. Rove, a senior political advisor to President Bush, and the White House political operation -- which Rove heads – have been linked to the project that resulted in the unprecedented firings of several well-performing federal prosecutors, according to information gathered by the Committee through documents, interviews and testimony. Several of the dismissed prosecutors have testified under oath and said in public that they were unaware of performance problems and believe political influence was a factor in their firings. Leahy requested the e-mails first at the Committee’s oversight hearing with the Attorney General on April 19, 2007, and then again in a letter to the Attorney General on April 25, 2007. The Attorney General has failed to respond to those earlier requests."

  • Related postings on U.S. Attorney firings
  • April 27, 2007
    * DOJ Releases Additional Emails and Document Related to U.S. Attorney Firings

    Justice Department Lists E-Mails and Memos Being Withheld in Firings of U.S. Attorneys: "The Justice Department released a list of internal documents Thursday focusing on lawmakers' concerns and media questions about the firings of eight federal prosecutors, but the department resisted congressional demands for copies of the memos. The list of 159 e-mails and memos, spanning nearly three months, at the least demonstrates concern about how the dismissals were being publicly received before they erupted into a firestorm that has resulted in calls for Attorney General Alberto Gonzales to resign."

    April 17, 2007
    * Gadgets Presentation from 2007 Computers in Libraries Conference

    On April 16, 2007 Barbara Fullerton, Manager, Librarian Relations, 10-K Wizard, Sabrina Pacifici, Editor & Publisher, LLRX.com and beSpacific.com and Aaron Schmidt, Director, North Plains Public Library, presented their always popular round-robin Gadgets presentation at Computers in Libraries 2007.

    April 15, 2007
    * Group Issues Report on Missing White House Emails and Violations of the Presidential Records Act

    Follow-up to postings on the escalating interest in the U.S. Attorney firings, this press release: "Citizens for Responsibility and Ethics in Washington (CREW) released a report [April 12, 2007], WITHOUT A TRACE: The Missing White House Emails and the Violations of the Presidential Records Act, detailing the legal issues behind the story of the White House e-mail scandal. WITHOUT A TRACE covers the following areas:

  • "Presidential Records Act (PRA): Enacted in 1978, requires the president to preserve all presidential records, which are defined as those records relating to the "activities, deliberations, decisions, and policies that reflect the performance of [the president’s] constitutional, statutory, or other official or ceremonial duties..."

  • Clinton Administration Policy: In 1993, then-Assistant to the President and Staff Secretary John Podesta sent a memo to all presidential staff explaining that the PRA required all staff members to maintain all records, including emails. Podesta stated that the use of external email networks was prohibited because records would not be saved as required. The 1997 White House Manual and a 2000 memo issued by Mark Lindsay, then Assistant to the President for Management and Administration echoed this policy, requiring staff to use only the White House email system for official communications.

  • Bush Administration Policy: The Bush Administration has refused to make public its record-keeping policy. A confidential source provided CREW with a 2002 document indicating the use of “non-EOP messaging-enabled mechanisms should not be used for official business.”

  • Bush Administration Practice: In the wake of the scandals surrounding Jack Abramoff and the fired U.S. Attorneys, emails were released showing that top White House staffers routinely used Republican National Committee (RNC) email accounts to conduct official business.

  • PRA Violations: 1) The administration failed to implement adequate record-keeping systems to archive presidential email records; 2) two confidential sources independently informed CREW that the administration abandoned a plan to recover more than five million missing emails; 3) White House staff used outside email accounts to conduct presidential business, ensuring that emails were not adequately preserved.

  • Hatch Act...The Hatch Act prohibits White House staff from using official resources for purely “political” purposes. “Political” refers to the president’s role as either a candidate for office or as the leader of his party. Email communications regarding presidential appointments for U.S. Attorney and Interior Department positions clearly fall within the PRA as making appointment is an official presidential function and does not relate to the president’s role as party leader."


  • Related documents and articles on the U.S. Attorney firings and the Presidential Records Act:
  • NARA: "The Presidential Records Act (PRA) of 1978, 44 U.S.C. ß2201-2207, governs the official records of Presidents and Vice Presidents created or received after January 20, 1981. The PRA changed the legal ownership of the official records of the President from private to public, and established a new statutory structure under which Presidents must manage their records."

  • The Presidential Records Act of 1978: A Review of Executive Branch Implementation and Compliance, Subcommittee on Information Policy, Census, and the National Archives, March 1, 2007

  • On Thursday, March 1, 2007 the Subcommittee on Information Policy, Census, and National Archives held a hearing to examine issues relating to implementation of the Presidential Records Act of 1978, including the history of the act, the role of the National Archives and Records Administration in releasing Presidential records to the public, and the likely impact of Executive Order 13233 on research. See also H.R. 1255: The Presidential Records Act Amendments of 2007

  • Albuquerque Journal, April 15, 2007: Domenici Sought Iglesias Ouster

  • WSJ free feature: Gonzales Deputy, in Crossfire, Looks for Quiet Exit - McNulty Seeks Job In Private Sector; Scrutiny Intensifies

  • USNews.com Special Report: U.S. Attorney Firings Investigation
  • April 13, 2007
    * Worldwide Email Usage 2007–2011 Forecast

    Press release, Worldwide Email Usage 2007–2011 Forecast: Resurgence of Spam Takes Its Toll, March 2007: "This IDC study examines how email is being used and will be used for business and personal purposes. In its eighth year, this annual study of email usage provides email solution providers and their customers with insights on how email usage is changing based on a 10+ year perspective (2000–2010)..."Spam volumes will continue to grow faster than expected due to the success of image-based spam in bypassing antispam filters and of email sender identity spoofing in getting higher response rates. Instant messaging, joined by free and low-cost VoIP calling, will result in slower email growth, especially among teens and young adults," said Mark Levitt, program VP, Collaborative Computing and the Enterprise Workplace, IDC."

    April 12, 2007
    * Waxman Asks Government Agencies to Preserve E-mails from RNC Accounts

    Following up on this April 10, 2007 posting, House Judiciary Committee Subpoenas AG Gonzales, and related links on the U.S. Attorney firings, today this press release from Rep. Waxman's House Oversight and Government Reform Committee: "Following briefings from the White House and Republican National Committee that revealed an extensive volume of e-mails regarding official government business may have been destroyed by the RNC, Chairman Waxman directs government agencies to preserve e-mails received from or sent to non-governmental e-mail accounts used by White House staffers. The Committee also requests that government agencies provide an inventory of all e-mails involving these accounts. The briefing received by the Committee raises serious concerns about the White House compliance with the Presidential Records Act, which requires that the President "take all such steps as may be necessary to assure that the activities, deliberations, decisions, and policies that reflect the performance of his constitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are maintained as Presidential records."
    Related documents: This press release includes links to letters from the Chairman to 16 agency heads, which duplicate the text of a letter to Attorney General Gonzales. Each letter is three pages, PDF.

    March 29, 2007
    * White House Use of Non-Government Issued Email Accounts Under Scrutiny

  • "Rep. Waxman Requests Information on White House E-Mail Policies Following new revelations that White House officials have been conducting official business using nongovernmental e-mail accounts, Chairman Waxman asks White House Counsel Fred Fielding for information and a briefing regarding White House e-mail policies."

  • Computerworld: "For official government business, staff members in the Bush White House use government-issued e-mail accounts where all communications are then stored, archived and preserved for eventual inclusion in the National Archives. But for several years, some high-ranking Bush staff members have also apparently been using outside e-mail accounts for nongovernmental, political communications. Those accounts, through the Republican National Committee (RNC) and the 2004 Bush-Cheney re-election campaign, allowed the officials to keep up with both their official and political responsibilities while not violating the Hatch Act. That law forbids many government officials from engaging in political activities from their workplaces."

  • ABA Journal eReport: Alberto Gonzales and E-Mails: Is Silence Golden? The U.S. attorney general doesn’t send e-mails—and he’s not alone.
  • March 26, 2007
    * Identity and Security: Moving Beyond the 9/11 Staff Report on Identity Document Security

    Press release: "Former 9/11 Commission counsel Janice Kephart announces the launch of an online Identity Document Security Library, consisting of legal, technical and policy pieces regarding identity document security. Kephart, a nationally recognized border security expert, created the library to serve as a 'one-stop-shop' information portal for those seeking objective, credible information on the issue of identity document security...The issue of identity, and information about identity, underlies the 9/11 Commission's border work, whose recommendations included the creation of minimum standards for state-issued driver licenses and IDs. Kephart's recently issued white paper, Identity and Security: Moving Beyond the 9/11 Staff Report on Identity Document Security, maintains that securing identities and identity documents is perhaps the single most effective measure the United States can take to lay a foundation for national and economic security and public safety."

    * Oversight Committee Directs RNC to Preserve White House Emails

    "Citing evidence that senior White House officials are using RNC and other political email accounts to avoid leaving a record of official communications, Chairman Waxman directs the Republican National Committee and the Bush-Cheney ’04 Campaign to preserve the emails of White House officials and to meet with Committee staff to explain how the accounts are managed and what steps are being taken to protect the emails from destruction and tampering."

    Documents and Links:

  • Letter to Mike Duncan [Chairman, Republican National Committee]

  • Letter to Marc Racicot [Former Chairman, Bush/Cheney '04]

  • E-mails Showing Use of Non-Governmental Accounts for Official Business

  • March 13, 2007
    * House Judiciary Committee Releases Documents Regarding Attorney General Firings

    Follow up to related postings on firings of U.S. attorneys:

  • 3/13/2007 - Chairman Conyers Calls on White House, Justice Department to Provide Answers about the Firing of U.S. Attorneys

  • 3/13/2007 - DOJ-Released Documents Regarding Atty. General Firings, Part I

  • 3/13/2007 - DOJ-Released Documents Regarding Atty. General Firings, Part II

  • 3/13/2007 - DOJ-Released Documents Regarding Atty. General Firings, Part III

  • 3/13/2007 - DOJ-Released Documents Regarding Atty. General Firings, Part IV

  • Transcript of Media Availability with Attorney General Alberto R. Gonzales, March 13, 2007: "ATTORNEY GENERAL GONZALES: "...I believe in the independence of our U.S. Attorneys. They are the face of the Department. They are my representative in the community. I acknowledge their sacrifice. I acknowledge their courage to step into the arena on behalf of the American people. Secondly, the Attorney General, all political appointees, such as U.S. Attorneys, serve at the pleasure of the President of the United States. Third, I believe fundamentally in the constitutional role of the Senate in advice and consent with respect to U.S. Attorneys and would, in no way, support an effort to circumvent that constitutional role."
  • March 08, 2007
    * SEC Suspends Trading Of 35 Companies Touted In Spam Email Campaigns

    SEC press release: "The Securities and Exchange Commission this morning suspended trading in the securities of 35 companies that have been the subject of recent and repeated spam email campaigns (see examples). The trading suspensions - the most ever aimed at spammed companies - were ordered because of questions regarding the adequacy and accuracy of information about the companies. The trading suspensions are part of a stepped-up SEC effort - code named "Operation Spamalot" - to protect investors from potentially fraudulent spam email hyping small company stocks with phrases like, "Ready to Explode," "Ride the Bull," and "Fast Money." It's estimated that 100 million of these spam messages are sent every week, triggering dramatic spikes in share price and trading volume before the spamming stops and investors lose their money."

    March 02, 2007
    * Upcoming GAO Report Details Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE) Program

  • Washington Post, February 28, 2007: New Profiling Program Raises Privacy Concerns: "The Department of Homeland Security is testing a data-mining program that would attempt to spot terrorists by combing vast amounts of information about average Americans, such as flight and hotel reservations."

  • Christian Science Monitor, February 9, 2006: US plans massive data sweep - Little-known data-collection system could troll news, blogs, even e-mails. Will it go too far?


  • Related government documents:
    House Report 109-699 - Making Appropriations for The Department of Homeland Security for the Fiscal Year Ending September 30, 2007: "The ADVISE program is designed to extract relationships and correlations from large amounts of data to produce actionable intelligence on terrorists. A prototype is currently available to analysts in Intelligence and Analysis using departmental and other data, including some on U.S. citizens. The conferees understand up to $40,000,000 has been obligated for ADVISE. The ADVISE program plan, total costs and privacy impacts are unclear and therefore the conferees direct the Inspector General to conduct a comprehensive program review and report within nine months of enactment of this Act."

    February 26, 2007
    * Pew Internet and American Life Project Survey of Wireless Internet Access

    "The Pew Internet & American Life Project has just released a report that 34% of internet users have logged onto the internet using a wireless connection either around the house, at their workplace, or some place else. The report profiles these wireless users and describes their intensive use of the internet, especially in exchanging emails and getting news online."

    February 15, 2007
    * PBS NOW Reports on Alleged Domestic E-Mail Surveillance Program

    Via PBS: Airing on Friday, February 16, 2007 (check for time in your area), "NOW reports on new evidence suggesting the existence of a secret government program that intercepts millions of private e-mails each day in the name of terrorist surveillance. News about the alleged program came to light when a former AT&T employee, Mark Klein, blew the whistle on what he believes to be a large-scale installation of secret Internet monitoring equipment deep inside AT&T's San Francisco office. The equipment, he contends, was created at the request of the U.S. government to spy on e-mail traffic across the entire Internet. Though the government and AT&T refuse to address the issue directly, Klein backs up his charges with internal company documents and personal photos."

  • Related postings on the alleged AT&T domestic surveillance program
  • February 12, 2007
    * New Congress Tries Once Again to Pass PC Privacy and ID Theft Legislation

    Declan McCullagh reported last week on the reintroduction of numerous antispyware and ID theft bills, many of which reflect the same language as previous versions of related legislation. The article has links to major bills as well as respective legislative background.

    February 08, 2007
    * FBI Launches E-Mail Alerts on Public Website

    "The Federal Bureau of Investigation (FBI) has launched a service that sends out electronic mail (e-mail) alerts when new and vital information is posted on the FBI.gov Web site. Subscribers select which topics that they want updates on, such as new electronic scams (e-scams) and warnings, most wanted terrorists, top ten fugitives, and local and national press releases. The alerts are transmitted as soon as updates are posted to the FBI's Web site or published in their daily, weekly, or monthly digests. The FBI views this service as a means of furthering American citizens' safety by keeping them informed. No personal information is required to sign up for this service, just an e-mail address to where the alerts will be sent. To sign up for the service please visit the www.FBI.gov."

    January 24, 2007
    * Use of Workplace Technology Continues Despite Policies

    LexisNexis press release: "Most office workers use workplace technology for personal reasons; many may be ignoring employer policies, new research shows...Despite the fact that nearly one-half (45%) of office workers have been explicitly informed their at-work technology usage is monitored, a majority still use their employers’ technology resources for personal reasons, according to a new survey conducted by Harris Interactive®..."

    January 10, 2007
    * Cisco Announces Agreement to Acquire IronPort

    Press release, January 4, 2007: "Cisco today announced a definitive agreement to acquire the privately held company, IronPort Systems, Inc. of San Bruno, Calif. IronPort is a leading provider of messaging security appliances, focusing on enterprise spam and spyware protection."
    Related news:

  • News.com - "Cisco Systems' purchase of e-mail security specialist IronPort Systems is another sign that big-name vendors are taking over the spam fight, analysts say."

  • Press release: "RSA, The Security Division of EMC, announced today that its 24x7 Anti-Fraud Command Center (AFCC) has uncovered a new phishing kit being sold and used online by fraudsters. This new kit, a Universal Man-in-the-Middle Phishing Kit, is designed to facilitate new and sophisticated attacks against global organizations in which the victims communicate with a legitimate web site via a fraudulent URL set by the fraudster. This allows the fraudster to capture victims' personal information in real-time."
  • December 26, 2006
    * Survey Shows Majority of Online Adults Use E-mail for E-Commerce Transactions

    Press release: A "survey, conducted by Harris Interactive®, found that about three in four online adults (74 percent) view e-mail communications from a company they frequently patronize to be valuable or very valuable. In addition, 30 percent of online adults have purchased a particular good or service as a result of receiving such e-mails, and of these, 85 percent have done so within the past year."

    December 25, 2006
    * DoD Blocks Use of HTML Email and Outlook

    Federal Computer Week reported that the Department of Defense has banned the use of Outlook and receipt of HTML email due to threats posed by spyware and viruses.

    December 21, 2006
    * The Best (and Worst!) of Legal Technology 2006 From FindLaw

    "The world of Legal Technology has...had its share of ups and downs in 2006, with companies spying on their boards, the treasury department spying on money transfers, and the government spying on, well, everyone! With all the spying going on, data security was certainly on everyone's mind in 2006, and several key stories arose out of the inability of companies and government agencies to protect their customer and employee data. The new Federal Rules of Civil Procedure also added to the mix with new requirements for companies and other potential litigants to keep in mind as they generate gigabytes and gigabytes of information every day." [Link]

    December 12, 2006
    * U.S. Deputy AG Mcnulty Revises Charging Guidelines for Prosecuting Corporate Fraud

    Press release: "U.S. Deputy Attorney General Paul J. McNulty announced today during a speech at a meeting of the Lawyers for Civil Justice in New York that the Department of Justice is revising its corporate charging guidelines for federal prosecutors throughout the country. The new guidance revises the Thompson Memorandum, which was issued in January 2003 by then-Deputy Attorney General Larry D. Thompson and titled the “Principles of Federal Prosecution of Business Organizations.” The memo provides useful guidance to prosecutors in the field through nine factors to use when deciding whether to charge a corporation with criminal offenses. The guidance continues to require consideration of the factors from the Thompson memo but adds new restrictions for prosecutors seeking privileged information from companies. Specifically, it creates new approval requirements that federal prosecutors must comply with before they can request waivers of attorney-client privilege and work product protections from corporations in criminal investigations."

  • Prepared Remarks of Deputy Attorney General Paul J. McNulty at the Lawyers for Civil Justice Membership Conference Regarding
    the Department's Charging Guidelines in Corporate Fraud Prosecutions
    , New York, December 12, 2006

  • John Coffee Says McNulty Memo Went a Bridge Too Far in Tying Hands of Prosecutors in Corporate Crime Investigations, 21 Corporate Crime Reporter 1, December 26, 2006
  • November 29, 2006
    * New EU Communication on Spam

    Press release: "The Commission today called on all regulatory authorities and stakeholders in Europe to step up the fight against spam, spyware and malicious software. Despite existing EU legislation to outlaw spam in Europe, Europe continues to suffer from illegal online activities from inside the EU and from third countries, the Commission underlines in a new Communication. The Communication stresses that although internet safety is on the political agenda for some time, national authorities should step up their actions to prosecute illegal online activities."

  • Related press release: "Sophos, a world leader in IT security, has published its latest report on the top twelve spam relaying countries over the third quarter of 2006. Sophos experts believe that a possible reason for America's increasing lead in relayed spam when compared to its closest rival, China, is the emergence of over 300 strains of the mass-spammed Stratio worm."
  • November 28, 2006
    * Coalition Urges Court to Give E-mail Full Constitutional Protection

    November 27, 2006 statement: "Last week, CDT and the ACLU joined a friend-of-the-court brief written by the Electronic Frontier Foundation, urging a federal appeals court to extend to e-mail the same constitutional protection accorded to telephone calls and regular mail. Remarkably, the constitutional status of e-mail has never been decided, and the Justice Department claims that opened e-mail and older stored e-mail can be obtained from service providers without a court order and without notice to the e-mail user. In the case, Warshak v. U.S., a lower federal court ruled that government agents could not force disclosure of email from a service provider unless they provided the relevant subscriber notice and an opportunity to object."

  • Amicus Brief [PDF] November 27, 2006

  • Order [PDF] November 27, 2006

  • Warshak Brief [PDF] November 27, 2006

  • Government Brief [PDF] November 27, 2006
  • November 20, 2006
    * Spamhaus List of World's Top 10 Spammers

    "Up to 80% of spam targetted at Internet users in North America and Europe is generated by a hard-core group of around 200 known professional spam gangs whose names, aliases and operations are documented in Spamhaus' Register Of Known Spam Operations (ROKSO) database. This TOP 10 chart of ROKSO-listed spammers is based on those Spamhaus views as the highest threat, the worst of the career spammers causing the most damage on the Internet currently. Spamhaus flags these as a priority for Law Enforcement Agencies."

    October 26, 2006
    * Public May Now Request and Obtain New York Records Via Email

    Effective October 25, 2006 the public may request records from state and local agencies ["any New York State or municipal department, board, bureau, division, commission, committee, public authority, public corporation, council, office or other governmental entity performing a governmental or proprietary function is subject to the Law"], via email in New York.

  • See the Freedom of Information Law - FAQ EMAIL REQUESTS
  • October 18, 2006
    * New AmLaw Tech Survey

    AmLaw Tech Survey: Law Firms Play Variations on Old Themes - "The 11th annual survey finds firms expanding IT while adopting new versions of old standards."

    October 10, 2006
    * Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information

    Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information, Conference of Chief Justices, Approved August 2006.

    October 06, 2006
    October 04, 2006
    * CA AG Files Charges Against Former HP Chair and Others For Corporate Spying

    Press release: California "Attorney General Bill Lockyer today filed felony charges against former Hewlett-Packard Chairwoman Patricia C. Dunn and four other defendants, alleging they committed criminal offenses related to the use of false pretenses to access individuals' phone records during the company's probe of boardroom leaks to the media."

  • Felony Complaint (7 pages, PDF)

  • Supporting Declaration and Arrest Warrants (17 pages, PDF)


  • Related documents and links:
  • Hearing - Internet Data Brokers and Pretexting: Who Has Access to Your Private Records?, September 29, 2006

  • From ZDNet, a timeline of articles on the HP Leak Probe

  • October 03, 2006
    * Physicians Use of Email Communication With Patients Remains Low

    Press release: Physician-Patient E-mail Disconnect: "Only about one in four physicians (24%) reported that e-mail was used in their practice to communicate clinical issues with patients in 2004-05, up from one in five physicians in 2000-01, according to a national study released today by the Center for Studying Health System Change (HSC).

    September 30, 2006
    * Hastert Issues Preliminary Report on Ex-Rep Foley's Improper Email Exchanges

  • Roll Call, September 29, 2006: "Foley Interviewed About Page Last Year; Democrats Not Told - Ex-Rep. Mark Foley (R-Fla.), who resigned Friday after reports of his improper communications with a former male House page were made public, was interviewed about some of those contacts by the chairman of the House Page Board and the then-Clerk of the House last year."

  • "Following is the full text of the release issued Saturday [September 30, 2006] by Speaker Dennis Hastert's (Ill.) office regarding events leading up to Rep. Mark Foley's (R-Fla.) resignation.
    INTERNAL REVIEW OF CONTACTS WITH THE OFFICE OF THE SPEAKER REGARDING THE CONGRESSMAN MARK FOLEY MATTER

    On Friday, September 29, the Speaker directed his Chief of Staff and Outside Counsel to conduct an internal review to determine the facts and circumstances surrounding contact with the Office of the Speaker regarding the Congressman Mark Foley matter. The following is their preliminary report." [Link to full text]

  • Press release: "Citizens for Responsibility and Ethics in Washington (CREW) calls upon the House of Representatives to appoint an outside counsel to investigate the House leadership's role in covering up Rep. Mark Foley’s (R-FL) inappropriate email exchanges with a sixteen-year-old former House page."


  • House Committee on Standards of Official Conduct

  • The Hill: "Foley, who served on the Ways and Means Committee, also chaired the Missing and Exploited Children Caucus." [note: the caucus website is currently offline]

  • Joint Statement from Speaker Dennis Hastert, Majority Leader John Boehner and Majority Whip Roy Blunt on the Congressman Mark Foley Matter, September 20, 2006

  • CNN: Foley in alcoholism treatment center, October 2, 2006

  • AP: FBI Examining Foley's E-Mail to Teens, October 2, 2006
  • September 12, 2006
    * Large Companies Collecting More Personal Information

    Press release, September 11, 2006: "The Customer Respect Group, an international research and consulting firm that focuses on how corporations treat their online customers, today released findings from its Annual Review of the Largest 100 US Companies... as defined by Fortune Magazine in April 2006. The average rating for the companies was 5.7 on a 10-point scale, in line with the average rating assessed across all website evaluations in 2006. In 2005, the largest 100 companies slightly exceeded the overall average rating...The largest 100 US companies appear to be gathering more personally identifiable information. The use of that information is also changing. Fewer companies are sharing personal data with outside organizations, but more than half continue to send unsolicited marketing emails to those that supply personal information for other reasons." A list of top scoring companies is included in this release, and access to the full Scorecard of the Largest 100 US Companies requires registration.

    August 25, 2006
    * June Phishing Trends Report Available

    From the Antiphishing Working Group, the June Phishing Activity Trends Report.

    August 15, 2006
    * FDIC Issues New Consumer Phishing Alert

    Consumer Alert: New Phishing Attack Claims to be FDIC

  • "The FDIC is aware of a phishing e-mail that has the appearance of being sent from the FDIC. The name "Federal Deposit Insurance Corporation" appears on the "From" line and the subject is, "IMPORTANT: Notification of Federal Deposit Insurance Corporation." This e-mail claims that the FDIC has received an application from the receipt's bank to insure their checking or savings account against fraud, phishing and identity theft. The e-mail further instructs the recipient to enroll in "the FDIC protection system" by clicking on a link to a spoofed FDIC Web page."
  • August 10, 2006
    * Treasury IG Report Details Increased Security Risks from Non Business Use of Email

    Inappropriate Use of Email by Employees and System Configuration Management Weaknesses Are Creating Security Risks, July 31, 2006, Reference Number: 2006-20-110 (20 pages, PDF). "We found e-mail messages that violated the IRS' personal use policy in the electronic mailboxes of 71 (74 percent) of 96 employees."

    July 29, 2006
    * GSA Alerts Public to Recent E-mail Scheme

    GSA press release: "The U.S. General Services Administration’s (GSA) Office of Citizens Services & Communications is warning the public to avoid falling victim to a recent e-mail scheme that targets users by sending unsolicited e-mails allegedly from FirstGov, the citizen portal operated by GSA. These scam e-mails tell recipients that because of recent fraudulent activities on Money Access Online they need to confirm their account has not been stolen or hacked. The e-mails then direct recipients to click on a link and enter information related to personal credit card accounts."

    July 23, 2006
    * MarkMonitor Reports Domain-Based Phishing Attacks Now Represent 73 Percent of All Phishing Scams

    Press release: "According to MarkMonitor's AntiFraud Operations Center™ (AFOC), domain-based phishing attacks now represent 73 percent of all attacks, up from 35 percent just 18 months ago." Related reference in this press release to an academic paper titled, Why Phishing Works.

  • beSpacific postings on ID theft and cybercrime
  • July 18, 2006
    * Hearing on Phishing Remedies

    The Subcommittee on Financial Institutions and Consumer Credit, chaired by Rep. Spencer Bachus (AL), held a hearing today entitled "ICANN and the Whois Database: Providing Access to Protect Consumers from Phishing." Government officials contend that access to Whois data is essential in the effort to combat cybercrimes, while privacy advocates maintain that access to data on domain name holders facilitates phishing, spam and other types of fraud.

  • Prepared Testimony
  • July 17, 2006
    * 2006 Workplace E-Mail, Instant Messaging & Blog Survey

    Press release: "E-mail mismanagement continues to take a hefty toll on U.S. employers, with costly lawsuits--and employee terminations--topping the list of electronic risks. As recent court cases demonstrate, e-mail can sink businesses--legally and financially. Last year, the inability to produce subpoenaed e-mail resulted in million dollar--even billion dollar--lawsuits against U.S. companies. In fact, 24% of organizations have had employee e-mail subpoenaed, and 15% of companies have gone to court to battle lawsuits triggered by employee e-mail. That's according to the 2006 Workplace E-Mail, Instant Messaging & Blog Survey from American Management Association (AMA) and The ePolicy Institute."

    June 14, 2006
    * Consumer Efforts to Ward Off Span and Spyware Still Fall Short

    WSJ free feature: Seeking a Safer Internet - New Tools Flag Sites With Spyware, Spam - But the Technology Is Far From Perfect

    June 02, 2006
    * New Report on Enterprise Outbound Email Security

    Outbound Email and Content Security in Today's Enterprise, 2006 (free reg. reg'd): "Enterprises are becoming increasingly concerned about creating, managing and enforcing outbound email policies that ensure that messages leaving the organization comply with both internal rules as well as external regulations."

    June 01, 2006
    * OED Notice of Collection of Practitioners’ E-mail Addresses

    Press release: "The United States Patent and Trademark Office (Office) is undertaking to collect Internet e-mail addresses for each registered patent attorney and patent agent. Gathering these e-mail addresses will facilitate and increase the ability of the Office to communicate with registered practitioners. The Office anticipates implementing automated notifications to registered practitioners of notices and IT system alerts."

    May 28, 2006
    * Amnesty International Launches Campaign Against Net Censorship

    "Irrepressible.org will harnass the power of the internet to mobilise people all over the world to take a stand against repression." [Link] "...Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information. The Internet is a new frontier in the struggle for human rights. Governments – with the help of some of the biggest IT companies in the world – are cracking down on freedom of expression. Amnesty International, with the support of The Observer, is launching a campaign to show that online or offline the human voice and human rights are impossible to repress."

    May 24, 2006
    May 15, 2006
    * Reliability and Integrity of Digital Evidence Often in Question

    An interesting article in today's National Law Journal (free) discusses issues associated with the integrity of digital evidence, including email, photos, and metadata.

    May 10, 2006
    * Morgan Stanley Sued for Repeated E-Mail Production Failures

    SEC press release: "The Securities and Exchange Commission today filed a civil injunctive action against Morgan Stanley & Co. Incorporated for failing to produce tens of thousands of e-mails during the Commission's IPO and Research Analyst investigations from Dec. 11, 2000, through at least July 2005. The Commission alleges in its complaint that Morgan Stanley did not diligently search for back-up tapes containing responsive e-mails until 2005. Morgan Stanley also failed to produce responsive e-mails because it over-wrote back-up tapes."

    May 08, 2006
    * Strategies to Create and Manage A Corporate Info Security Policy

    Building and Implmenting a Successful Information Security Policy, by John J. Pak, May 8, 2006 (25 pages, PDF).

  • See also Current IT: Issues Survey Report, 2006 - Security and Identity Management edges out Funding IT as the top strategic challenge, while Disaster Recovery/Business Continuity reemerges. by Barbara I. Dewey, Peter B. DeBlois, and the EDUCAUSE Current Issues Committee.

  • April 30, 2006
    * Methods To Trace Identity of E-Mail Sender Assist Litigation

    Follow the E-Mail Trail - What you can learn from the data embedded in e-mail headers, by Mark A. Berman and Aaron Zerykier, The National Law Journal.

    April 09, 2006
    * Practical Guide to Recognizing and Responding to Phishing Attacks

    CSO Fundamentals: The ABCs of Phishing and Pharming

    April 08, 2006
    * EFF Files Files Evidence in Motion In Case Against ISP for Alleged Domestic Surveillance of Customers

    Press release: EFF Files Evidence in Motion to Stop AT&T's Dragnet Surveillance

  • "The Electronic Frontier Foundation (EFF) on Wednesday filed the legal briefs and evidence supporting its motion for a preliminary injunction in its class-action lawsuit against AT&T... "The evidence that we are filing supports our claim that AT&T is diverting Internet traffic into the hands of the NSA wholesale, in violation of federal wiretapping laws and the Fourth Amendment," said EFF Staff Attorney Kevin Bankston. "More than just threatening individuals' privacy, AT&T's apparent choice to give the government secret, direct access to millions of ordinary Americans' Internet communications is a threat to the Constitution itself. We are asking the Court to put a stop to it now."
  • the notice of motion for preliminary injunction

  • the motion to lodge under temporary seal

  • For more on EFF's suit

  • April 04, 2006
    * EC Publishes Study on Scientific Publication System in Europe

    Press release, April 3, 2006: "The European Commission is today publishing a study which examines the scientific publication system in Europe. Scientific publication ensures that research results are made known, which is a pre-condition for further research and for turning this knowledge into innovative products and services. Scientific publication is also an important part of certifying the quality of the work done. Given the scarcity of public money to provide access to scientific publications, there is a strong interest in seeing that Europe has an effective and functioning system for scientific publication that speedily delivers results to a wide audience. Today’s report, drawn up for the Commission by a panel of experts, makes a number of recommendations for future action, including improving access to publicly-funded research."

  • Study on the economic and technical evolution of the scientific publications markets in Europe (112 pages, PDF)
  • * GPO Provides Access to Final Report on the Response to Hurricane Katrina

    Following up on my February 20, 2006 posting, Report on the Response to Hurricane Katrina, today GPO made available a PDF copy of the Final Report.

  • Congressional Reports: H. Rpt. 109-377 – A Failure of Initiative: Final Report of the Select Bipartisan Committee to Investigate the Preparation for and Response to Hurricane Katrina. The Select Bipartisan Committee to Investigate the Preparation for the Response to Hurricane Katrina provides its Final Report regarding the local, State, and Federal government emergency plans, coordination, and response to Hurricane Katrina, together with additional views. The Full Report (569 pages) is available as a single ZIP file. Documents within the ZIP file and in the browse table below are available in PDF format.
  • April 03, 2006
    * DHS Director Does Not Use Email

    New York Times interview with DHS Director Michael Chertoff,by Deborah Solomon, April 2, 2006: Chertoff states, "I don't use e-mail. One reason is when you write an e-mail, you have to be mindful of the fact that nothing ever disappears. It can be deleted, but it is still in the system somewhere...They can get me. They don't need to e-mail me. There's a thing called a telephone."

    April 02, 2006
    * DOJ Report: Identity Theft, 2004

    Press release: "An estimated 3.6 million households, or about 3 percent of all households in the nation, learned that they had been the victim of at least one type of identity theft during a six-month period in 2004, the Justice Department’s Bureau of Justice Statistics (BJS) announced today. Forty-eight percent had experienced an unauthorized use of credit cards; 25 percent had other accounts, such as banking accounts, used without permission; 15 percent experienced the misuse of personal information and 12 percent experienced multiple types of theft at the same time. These findings represent six-month estimates based on interviews conducted from July through December 2004 for the BJS National Crime Victimization Survey."

  • Identity Theft, 2004 (NCJ 212213), by BJS statistician Katrina Baum.
  • March 20, 2006
    * Enterprise Search Makes Inroads in Tackling Corporate Info Overload

    ComputerWorld reports on enterprisewide search applications implemented by large corporations for a range of tasks, including competitive intelligence, e-discovery, and generating intranet content. Solutions such as FAST, Autonomy and Endeca index formats including text, audio and video.

    * Global Phishing Enforcement Initiative Launched By Microsoft

    Press release: "Neil Holloway, president of Microsoft Europe, Middle East and Africa (EMEA), unveiled a global law enforcement campaign that will target cybercriminals behind phishing attacks. Microsoft Corp. announced that by the end of June 2006 it will have initiated legal actions on more than 100 cases in EMEA against individuals suspected of committing online fraud; 53 of these will have already started by the end of March 2006...The legal actions are linked to a larger Microsoft(R) program, the Global Phishing Enforcement Initiative (GPEI), launched by the company to coordinate and expand its many anti-phishing efforts worldwide to fight phishers through consumer protection, partnerships and prosecution."

    March 15, 2006
    March 13, 2006
    * NY Announces Settlement in Largest Privacy Breach to Date

    Press release: "Attorney General Eliot Spitzer today announced a settlement to address what may have been the largest breach of privacy in internet history. The settlement with Datran Media, a leading e-mail marketer, follows an investigation that identified the improper disclosure of the personal information of more than six million American consumers."

  • Assurance of Discontinuance
  • * Taxpayers Alerted to Escalation in Phishing Scams

  • U.S. Treasury Inspector General for Tax Administration: Taxpayers Beware of Widespread Phishing Schemes Involving the IRS

  • IRS: Phishing, Identity Theft and Scams
  • March 12, 2006
    * Rights Group Files Motion Challenging Legality of Domestic Surveillance Program

    Press release: "In New York on March 9, 2006, attorneys with the Center for Constitutional Rights (CCR) filed a significant motion for summary judgment in the challenge to the legality of the NSA Domestic Spying Program (CCR v. Bush), asserting that the Bush Administration has already admitted enough incriminating facts to prove the NSA Program is illegal."

  • Summary Judgement

  • Statement of Material Facts Not In Dispute

  • Notice of Motion

  • Goodman Affirmation
  • February 26, 2006
    * NSA Expands Data Mining Progam With Purchase of New Tech Tools

    Follow-up to National Journal Article Claims Curtailed Gov't Surveillance Program Still Active, from today's New York Times, Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data: "...by fundamentally changing the nature of surveillance, high-tech data mining raises privacy concerns that are only beginning to be debated widely. That is because to find illicit activities it is necessary to turn loose software sentinels to examine all digital behavior whether it is innocent or not."

  • Related postings on data mining

  • Related postings on domestic surveillance
  • February 25, 2006
    * Missing White House E-Mails Pertaining to Libby Case Located

    Follow-up to Correspondence on Libby Indictment Mentions Missing Emails, this report by Jason Leopold states, "The White House turned over last week 250 pages of emails from Vice President Dick Cheney’s office...Sources close to the probe said the White House "discovered" the emails two weeks ago and turned them over to Fitzgerald last week. The sources added that the emails could prove that Cheney lied to FBI investigators when he was interviewed about the leak in early 2004. Cheney said that he was unaware of any effort to discredit Wilson or unmask his wife's undercover status to reporters."

    Related legal documents on Libby case:

  • AP: "Lawyers for Vice President Dick Cheney's former top aide asked a federal judge Thursday to dismiss his indictment on grounds that the special prosecutor in the CIA leak case lacked authority."

  • Libby Motion to Dismiss, Thursday, February 23, 2006 (PDF)

  • Exhibits (PDF)

  • Exhibits A to D (PDF)

  • Exhibit E (PDF)

  • Exhibit F (PDF)

  • Exhibits G to I (PDF)

  • Proposed order (PDF)

  • February 21, 2006
    * NARA Final Rule on Disposition of Short-Term E-Records

    "Summary: NARA is revising our regulations to provide for the appropriate management and disposition of very short-term temporary e-mail, by allowing agencies to manage these records within the e-mail system." Federal Register, February 21, 2006 (Volume 71, Number 34)] [Rules and Regulations][Page 8806-8808].

    * Security Issues Escalate With Popularity of Handheld Devices

    New York Times: Too Many New Gadgets, Too Much Information at Risk: Loss, theft and viruses are major issues as corporate use of handheld devices and pocket PCs increases. Pre-emptive security options are available however, as this article describes.

    February 19, 2006
    * Top Defense and Homeland Security Officials Shun Email

    They Haven’t Got Mail - The Katrina hearings haven’t only revealed critical information about White House responses to the hurricane. They’ve also uncovered the online secrets of Donald Rumsfeld and Michael Chertoff: "...congressional investigations of government responses to Hurricane Katrina have revealed that two of the nation's key crisis managers, the secretaries of Defense and Homeland Security, do not use e-mail...Spokesmen for the two officials maintain that Rumsfeld and Chertoff were kept informed during Katrina the same way as they keep in touch during other crises: through aides and a variety of other communications methods..."

  • House Releases Lengthy, Scathing Report on Govt's Flawed Response to Katrina, and other related postings on Katrina.
  • February 08, 2006
    February 06, 2006
    * Gallup Internet Poll Reports E-mail Remains Dominant With Blogs Making Decent Showing

    Press release: Mail and News Are Main Internet Attractions Some e-commerce picking up; blogs still marginal, by Lydia Saad: "A recent Gallup Poll examining Americans' online habits finds e-mail use almost universal among the three-quarters of U.S. adults who use the Internet. Checking the news and weather ranks second on the list of 13 Internet activities measured, although not as many Americans surf for news frequently as e-mail frequently."

    February 02, 2006
    * Correspondence on Libby Indictment Mentions Missing Emails

    Late last night AP reported that Special Counsel Patrick J. Fitzgerald stated in legal correspondence [the full text of which is available here in PDF] related to discovery in the Libby CIA leak indictment, that White House email from 2003 failed to be properly archived. The article quotes the response of noted government secrecy expert Steven Aftergood to this disclosure as follows - "Bottom line: Accidents happen and there could be a benign explanation, but this is highly irregular and invites suspicion."

    January 25, 2006
    * Surveillance Increasingly Woven Into Fabric of Online World

    This New York Times essay, A Growing Web of Watchers Builds a Surveillance Society, by David Shenk, offers especially cautionary insight in light of the growing public and political response to revelations about the government's domestic surveillance program.

  • After Subpoenas, Internet Searches Give Some Pause
  • Survey finds solid opposition to release of Google data to feds

  • January 22, 2006
    * 90% of Net Users Send and Receive Email

    Pew Internet & American Life Project press release, January 22, 2006: "Internet access is the norm for most Americans, up to age 70, and all age cohorts of internet users (ages 12 and older) are equally likely to use email; about 90% of all internet users send or receive email. Given the many other variations in internet use among different age groups, it is notable that this basic communications tool is almost universally used. Internet users ages 12 to 28 years old have embraced the online applications that enable communicative, creative, and social uses. Teens and Generation Y (age 18-28) are significantly more likely than older users to send and receive instant messages, play online games, create blogs, download music, and search for school information."

  • Data Memo, Generations Online (6 pages, PDF)
  • December 28, 2005
    * Pew Internet Survey Indicates Men and Women Now Online in Equal Numbers

    Press release: "A wide-ranging look at the way American women and men use the internet shows that men continue to pursue many internet activities more intensively than women, and that men are still first out of the blocks in trying the latest technologies. At the same time, there are trends showing that women are catching up in overall use and are framing their online experience with a greater emphasis on deepening connections with people."

  • Report: How Women and Men Use the Internet (54 pages, PDF)

  • See also this Pew Research Center Commentary, What Was and Wasn't on the Public's Mind...And How Opinions Changed During 2005
  • December 25, 2005
    * NSA's Post 9/11 Domestic Data Mining and Surveillance Programs

    New York Times: The Agency That Could Be Big Brother: "...the N.S.A. has suddenly taken center stage in a political firestorm. The controversy over whether the president broke the law when he secretly ordered the N.S.A. to bypass a special court and conduct warrantless eavesdropping on American citizens has even provoked some Democrats to call for his impeachment."

    December 24, 2005
    * Microsoft Announces Details of RSS Integration With Outlook

    RSS Aggregation - Part 1: The Partnership

    December 20, 2005
    * FTC Reports on CAN-SPAM Act Effectiveness and Enforcement

    Effectiveness and Enforcement of the CAN-SPAM Act: A Federal Trade Commission Report to Congress, December 2005 (116 pages, PDF):

  • "In addition to the analysis of effectiveness and enforcement, the report proposes three steps that could improve the efficacy of the CAN-SPAM Act. First, Congress should enact the US SAFE WEB Act, to improve the FTC's ability to trace spammers and sellers who operate outside of the United States. Second, we should continue education efforts to ensure that consumers are aware of the various ways they can protect themselves from spam, spyware, and sexually-explicit material. Third, we need continued improvement of anti-spam technology, and in particular, tools that prevent spammers from operating anonymously."
  • December 19, 2005
    * Administration Responds to Concerns About Domestic Surveillance Citing Exemption

    Following up on related postings in the past several days, see the following references, resources, statements and news:

  • Electronic Surveillance: 50 USC 1801 - 50 USC 1811.

  • Foreign Intelligence Surveillance Act

  • Foreign Intelligence Surveillance Act Orders 1979-2004

  • Congressional Record: December 16, 2005 (Senate)[Page S13736-S13749]. Statement of Sen. Feinstein: "...Let me be clear. Domestic intelligence collection is governed by the Foreign Intelligence Surveillance Act, known as FISA. This law sets out a careful set of checks and balances that are designed to ensure that domestic intelligence collection is conducted in accordance with the Constitution, under the supervision of judges and with accountability to the Congress of the United States. Specifically, FISA allows the Government to wiretap phones or to open packages, but only with a showing to a special court--the FISA court--and after meeting a legal standard that requires that the effort is based on probable cause to believe the target is an agent of a foreign power..."

  • AP: Gonzales: Congress authorized domestic spying: "Responding to a congressional uproar, the Bush administration said Monday that a secret domestic surveillance program had yielded intelligence results that would not have been available otherwise in the war on terror."

  • Gonzales: War powers authorized eavesdropping

  • Press Conference of the President, The East Room, 10:32 A.M. EST, December 19, 2005: "...consistent with U.S. law and the Constitution, I authorized the interception of international communications of people with known links to al Qaeda and related terrorist organizations. This program is carefully reviewed approximately every 45 days to ensure it is being used properly. Leaders in the United States Congress have been briefed more than a dozen times on this program. And it has been effective in disrupting the enemy, while safeguarding our civil liberties."

  • Lawmakers Call for Domestic Spying Probe
  • December 12, 2005
    * UK Firm Promotes Self Destructing Text Messages

    This text will self-destruct in 40 seconds - Next year self-deleting emails and photo messages too.: "Staellium UK said that its StealthText service will allow business executive dealing in sensitive information to send texts which will delete themselves from the recipient's mobile phone as soon as the person has read them."

  • Details
  • December 09, 2005
    * Digital Future Project Releases New Report on Future of the Internet

    The USC Annenberg School Center for the Digital Future has released the 2005 Digital Future Report ($). The report highlights are available free (19 pages, PDF), and note an increased use of the Internet for political campaigns, the continued popularity of email, and a significant expansion in the use of broadband access to the Internet.

  • Digital Future reports from 2000-2004
  • December 02, 2005
    * Microsoft Offers App to Assist With EMail Management

  • Microsoft Research News and Highlights: "SNARF, the Social Network and Relationship Finder, developed by Microsoft Research and available for download, is designed to help computer users cope...with too many emails. SNARF, a complement to e-mail programs such as Outlook, filters and sorts e-mail based on the type of message and the user's history with an e-mail correspondent. The result: a collection of alternative views of your e-mail that can help you make sense of the deluge."

  • SNARF Help and Guide
  • November 28, 2005
    * New FTC Study Shows Progress in Combating Spam

    FTC press release: "According to a new study released today by the Federal Trade Commission, spammers continue to harvest email addresses from public areas of the Internet, but Internet Service Providers' anti-spam technologies can block the vast majority of spam sent to these email addresses. The FTC staff report also found that consumers who must post their e-mail addresses on the Internet can prevent them from being harvested by using a technique known as masking."

  • Email Address Harvesting and the Effectiveness of Anti-Spam Filters (10 pages, PDF)

  • Related resource: Email Masking Techniques
  • November 21, 2005
    * Pew Data Shows Surge In Search Engine Use

    Press release: "Search engine use shoots up in the past year and edges towards email as the primary internet application...from September 2004 to September 2005 the average daily use of search engines jumped from 49.3 million users to 60.7 million users – an increase of 23%.
    This means that the use of search engines is edging up on email as a primary internet activity on any given day. The Pew Internet Project data show that on a typical day, email use is still the top internet activity. On any given day, about 52% of American internet users are sending and receiving email."

  • Search Engine Use, November 2005 (9 pages, PDF)
  • October 31, 2005
    * Feds and Industry Join Forces to Fight Spam

    A new, joint federal law enforcement and industry initiative to fight Internet fraud, called LooksTooGoodToBeTrue, was launched today (press release, 5 pages, PDF). "This website was developed to arm you with information so you don’t fall victim to these Internet scam artists." The site provides consumers with documentation on: Types of Fraud; Victim Stories; FAQs & Tips; Information Regarding Phishing Scams; a Fraud Risk Test; and Links to help prevent you from being scammed.

    Related references:

  • Consumer Reports WebWatch Finds Identity Theft Fears, Trust Concerns Turning Significant Number of U.S. Web Users Away, October 26, 2005

  • Leap of Faith: Using the Internet Despite the Dangers - Results of a National Survey of Internet Users for Consumer Reports WebWatch (42 pages, PDF)


  • October 19, 2005
    * Access to Commercial Email Services Abroad Blocked By Armed Forces

    As reported by Stars and Stripes today, "On Tuesday, the U.S. Navy and Marine Corps blocked all access to commercial e-mail services, such as Yahoo!, Hotmail, America Online and Google, from overseas government computers...The block includes access to e-mail services from computers at base libraries and liberty centers that are connected to an official government network."

    October 17, 2005
    * Business Awareness of Spyware Does Not Result in Minimizing Threat

    Press release from Trend Micro, October 11, 2005: "Trend Micro, Inc., a leader in antivirus and Internet content security, today announced key findings from a study that reveals that more than 87 percent of corporate end users are aware of spyware, and yet 53 percent of survey respondents demand greater education from IT to better understand the threat. The findings indicate that awareness does not translate to knowledge, and as a result users are looking to their IT departments departments to play a more protective role."

    October 14, 2005
    * Guide to Making Your Enterprisewide Email System Safer

    The Complete Guide to E-mail, Inc. Magazine, October 2005: "What follows is a guide to the biggest e-mail concerns, particularly security, compliance, and archiving. We'll give you tools for building an e-mail policy now, which can save headaches later, and also advice on buying the right system."

    October 06, 2005
    * Guide to Recognizing Web Fraud

    "Kath Straub, Ph.D., CUA, Chief Scientist, looks at recent research on how people detect, and often miss, Web site fraud.."
    Fine-tuning your Internet deception detectors is a brief, straight forward, practical guide to "how Internet deception works."

    August 30, 2005
    * SEC May Fine Broker-Dealer Over E-Mail Retention Violations

    Reuters reported on a WSJ article focused on the SEC's ongoing enforcement proceedings against Morgan Stanley which may now include a civil penalty in excess of $10 million for not retaining relevant e-mail.

    August 25, 2005
    * Google Continues to Capture Headlines With Free Services and Upgraded Features

    Google has been the topic of several articles in the New York Times this week. Yesterday the focus was on corporate expansion, and today there is news about Google Desktop 2, an IM application called Google Talk, and Gmail for everyone (all of these services are free).
    See also:

  • Google's Grand Ambitions - Its lips are sealed, but its moves rattle everyone from Microsoft to eBay

  • Free Wi-Fi? Get Ready for GoogleNet - "A trail of hidden clues suggests Google is building its own Internet -- and might be looking to let everyone connect for free."

  • August 22, 2005
    * Risk Assessment Survey Indicates Data Breaches Involving Personal Info Are Routine

    From the Reconnex August Insider Threat Index: "Ninety-one percent of companies who completed a Reconnex 48-Hour e-Risk Assessment in the month of July had credit card numbers entering or leaving their network and eight-two percent exposed social security numbers. Most concerning was the amount of personal data including name and SSNs exposed directly in the subject lines of emails, in clear, open text. The origin of the vast majority of these disclosures stemmed from human resources departments who often accidentally exposed employees' personal information when they communicate with partners in health insurance, payroll, workers compensation and other third-party processors. The personal data revealed by co-workers often included employee names, date of birth, social security numbers (SSN) and even sometimes bank routing information. This personal data was usually sent via Excel spreadsheets and in clear text. Sometimes the individual Excel spreadsheets contained thousands to tens of thousands of individuals personal data."

  • Insider Threat Index August 2005 (6 pages, PDF)
  • August 17, 2005
    * Organizations Seek Ways to Empower Employees To Fight Web Scams

    This free feature today from the Wall Street Journal introduced me to a phrase that describes a new and virulent wave of web email scams, referred to as "spear phishing." Recipients are government and corporate employees targeted by hackers, posing as institution members, seeking personal data. Efforts are described which try to train employees to recognize these attacks and prevent data breaches.

    August 15, 2005
    * UK Survey on ID Theft Doesn't Register High Level of Concern

    Press release from Unisys: "Survey results from Unisys Corporation launched [August 3, 2005] reveal that UK consumers' apathetic attitude to fraud could be helping to perpetuate the rapidly growing identity theft industry, which is now estimated to be costing UK businesses £1.3 billion per year."

    August 12, 2005
    * Federal Appeals Court Rules on E-Mail Wiretapping Case

    From CDT: "A Federal Appeals Court on Thursday reversed a troubling ruling that prevented the Justice Department from prosecuting an e-mail service provider who allegedly intercepted and read his customers' messages. In the case of United States v. Councilman, the full First Circuit Court of Appeals ruled 5-2 to reverse the opinion of a three-judge panel that Bradford Councilman did not violate the law by allegedly copying and reading his customers' e-mail. The ruling sends an important message that e-mail is subject to protection, both against government wiretapping without a warrant and against misuse by service providers."

  • Opinion by First Circuit Court of Appeals [52 pages, PDF] August 11, 2005

  • Reaction Of Sen. Patrick Leahy To The 1st Circuit’s Reversal Of The Earlier Councilman Decision On Online Privacy
  • August 09, 2005
    * Law Firm Implements Secure IM System

    Law Firm Fends Off IM Threats

    August 05, 2005
    * Government and CorporateTargets of Phishing Attacks Subject To Increased Security Risks

    IBM press release: "IBM reported that virus-laden emails and criminal driven security attacks increased by 50 percent in the first half of 2005 - underscored by a significant rise in 'customized' attacks on the government, financial services, manufacturing and healthcare industries. This substantial increase, along with a decrease in less profitable threats, such as spam and simple computer viruses, indicates a growth in targeted attacks against specific organizations and industries -- apparently created with the purpose of stealing critical data, identities or extorting money."

    August 02, 2005
    * FTC Reports on E-Tailer's CAN-SPAM Compliance

    Top Etailers' Compliance With CAN-SPAM's Opt-Out Provisions: A Report by the Federal Trade Commission's Division of Marketing Practices (July 2005).

  • Text of the Commission Report (7 pages, PDF)

  • News Release
  • July 27, 2005
    * Microsoft Publishes New Anti-phishing White Paper

    "The focus of this white paper is to describe the basic workings of a new capability, the Microsoft® Phishing Filter, that will be included in the upcoming release of Internet Explorer 7. The Microsoft Phishing Filter will not only help provide consumers with a dynamic system of warning and protection against potential phishing attacks, but — more important — it will also benefit legitimate ISPs and Web commerce site developers that want to try to ensure that their brands are not being 'spoofed' to propagate scams and that their legitimate outreach to customers is not confusing or misinterpreted by filtering software." [the document is in Word, and available at this Link]

    * New EU Draft Directive on Data Retention

    The EDRI-gram newsletter reported on the release of the new EU Commission explanatory memorandum on data retention, July 20, 2005 (16 pages, PDF).

  • "The European Commission has finally produced its draft directive on data retention. According to the Commission, all fixed and mobile telephony traffic and location data from all private and legal persons should bestored for 1 year. Data about communications 'using solely the internet protocol' should be stored for 6 months."

  • July 26, 2005
    * Customer Privacy Continues to be Compromised by Travel Industry

    July 25, 2005: The Customer Respect Group Announces Third Quarter 2005 Results of Online Customer Respect Study of Largest Airline, Travel Firms: "Competitive Pressures Seen Driving Overall Improvements; But 38 Percent of Firms Continue to Share Personal Data."

    July 25, 2005
    * FDIC Guidance on Mitigating Risks From Spyware

    Spyware - Guidance on Mitigating Risks From Spyware FIL-66-2005, July 22, 2005

  • "Summary: The FDIC is issuing the attached guidance to financial institutions recommending an effective spyware prevention and detection program based on an institution's risk profile. This guidance and the attached informational supplement discuss the risks associated with spyware from both a bank and consumer perspective and provide recommendations to mitigate these risks."

  • July 18, 2005
    * Questions On Presidential Responsibility Under E.O. 12958

    New Bush Statement on Rove Conflicts with Executive Order: "Rep. Waxman explains that the President's responsibility under E.O. 12958 to protect national security secrets requires the President to act before Special Prosecutor Patrick Fitzgerald completes his criminal investigation and to apply different standards and sanctions."

  • Letter to President Bush (5 pages, PDF)

  • Related postings here and here.
  • July 12, 2005
    * CERT Issues Cyber Security Alert On Trojan Email Attacks

    Alert Overview: "The United States Computer Emergency Readiness Team (US-CERT) has received reports of an email based technique for spreading trojan horse programs. A trojan horse is an attack method by which malicious or harmful code is contained inside apparently harmless files. Once opened, the malicious code can collect unauthorized information that can be exploited for various purposes, or permit computers to be used surreptitiously for other malicious activity. The emails are sent to specific individuals rather than the random distributions associated with a phishing attack or other trojan activity...These attacks appear to target US information for exfiltration. This alert seeks to raise awareness of this kind of attack, highlight the important need for government and critical infrastructure systems owners and operators to take appropriate measures to protect their data, and provide guidance on proper protective measures."

    * Industry Coalition Publishes Draft Report Defining Spyware

    "The Anti-Spyware Coalition has released the first draft of the consensus document Spyware Definitions and Supporting Documents for a 30 day public comment period."

  • See also from Wired, Giving New Meaning to 'Spyware'
  • July 11, 2005
    * Rove, Prame, Cooper, Time...The Contentious Investigation Continues

    From WSJ free content today, Cooper Email Identifies Rove As a Source

    Related references:

  • from Editor and Publisher as follows: Press Batters McClellan on Rove/Plame Link

  • and More Miller-Cooper Fallout: 'L.A. Times' Tells Reporters Not to Enter Unnamed Names in Computers

  • and 'Newsweek' Says It Has First Word on What Karl Rove Told Matt Cooper

  • Matt Cooper's Source - What Karl Rove told Time magazine's reporter, by Michael Isikoff, Newsweek, July 18 issue.

  • Press release: "Citizens for Responsibility and Ethics in Washington (CREW) sent a letter today to President George Bush requesting that he immediately direct Karl Rove’s security clearances be suspended pending the outcome of the government’s investigation into the leak of Valerie Plame’s identity as an undercover agent for the Central Intelligence Agency (CIA)." (letter, PDF)

  • US Code: Title 50, Chapter 15, Subschapter IV, § 421: Protection of identities of certain United States undercover intelligence officers, agents, informants, and sources.

  • Disclosure of CIA Agent Identity - Rep. Waxman Calls for Hearing on Rove's Role in Plame Outing

  • * E-Mail Preferred Way for Constituents to Communicate with Congress

    Communicating with Congress: How Capitol Hill is Coping with the Surge in Citizen Advocacy; "The Internet and e-mail have made it easier and cheaper than ever before for citizens to communicate with their Members of Congress. In 2004, Congress received 200 million communications, four times more than in 1995 -- the direct result of Internet-based communications. This increased citizen participation in the legislative process has had both positive and negative effects. Nearly 80% of congressional staff surveyed believe that the Internet has made it easier for constituents to become involved in public policy. However, neither the senders nor the receivers of congressional communications have learned how to use the new tools that the Internet has provided truly effectively."

    "This report is the first of a four part Communicating with Congress series, which aims to provide information and guidance that will lead to better and more meaningful communications between Members of Congress and those they represent."

  • Read the full Communicating with Congress report (52 pages, PDF)

  • Summary of Key Findings

  • Introduction

  • Selected Charts

  • Summary of Implications for Citizens and Grassroots Organizations

  • Summary of Implications for Congress

  • Conclusion

  • July 06, 2005
    * Pervasiveness of Spyware Has Changed Behavior of Internet Users

    A press release on the new Pew Internet and American Life Project Report released this afternoon: "Spyware and the threat of unwanted programs being secretly loaded onto computers are becoming serious threats online. Nine out of ten internet users say they have adjusted their online behavior out of fear of falling victim to software intrusions. Unfortunately, many internet users' fears are grounded in experience - 43% of internet users, or about 59 million American adults, say they have had spyware or adware on their home computer. Although most do not know the source of their woes, 68% of home internet users, or about 93 million American adults, have experienced at least one computer problem in the past year that are consistent with problems caused by spyware or viruses."

  • Spyware: the threat of unwanted programs is changing the way people use the internet (23 pages, PDF)
  • July 05, 2005
    * US SAFE WEB Act

    From the FTC: The US SAFE WEB Act - Protecting Consumers from Spam, Spyware, and Fraud, released July 1, 2005

  • A Legislative Recommendation to Congress, June 2005 (32 pages, PDF)

    Briefing Materials
  • Tab 1: Draft US SAFE WEB Act: Short title: Undertaking Span, Spyware, and Fraud Enforcement With Enforcers Beyond Borders Act (31 pages, PDF)

  • Tab 2: Summary of the US SAFE WEB Act (23 pages, PDF)

  • Tab 3: An Explanation of the Provisions of the US SAFE WEB Act (27 pages, PDF)

  • Tab 4: How the US SAFE WEB Act Would Help the FTC: A Hypothetical Spyware Case (3 pages, PDF)
  • June 17, 2005
    * FTC Report to Congress on CAN-SPAM Act

    FTC press release: "In a report to Congress required by the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ("CAN-SPAM Act"), the Federal Trade Commission says it does not recommend requiring unsolicited commercial e-mail to include a label in the subject line as a means to reduce spam...The report says that although subject line labeling may appear to offer a simple legislative fix for the problem of spam, the Commission doubts that it would materially help consumers or ISPs to block unwanted commercial e-mail or to segregate commercial e-mail from other e-mail messages. The Report states that subject line labeling requirements enacted by numerous states and foreign countries have not been effective to reduce spam."

  • Subject Line Labeling as a Weapon Against Spam: A CAN-SPAM Report to Congress (June 2005) [Link not active as of 9:00pm EST]
  • * Sometimes Prudent Course is to Bypass Email and Just Talk To Colleagues Directly

    An e-mail exchange has been passed on to thousands across the UK after a sticky incident at a law firm.

    June 13, 2005
    * Federal Agencies Confront Growing Cybersecurity Issues

    Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems GAO-05-231, May 13, 2005. Highlights.

  • "Spam, phishing, and spyware pose security risks to federal information systems. Spam consumes significant resources and is used as a delivery mechanism for other types of cyberattacks; phishing can lead to identity theft, loss of sensitive information, and reduced trust and use of electronic government services; and spyware can capture and release sensitive data, make unauthorized changes, and decrease system performance. The blending of these threats creates additional risks that cannot be easily mitigated with currently available tools. Agencies' perceptions of the risks of spam, phishing, and spyware vary."
  • May 27, 2005
    May 24, 2005
    * More Than Half Million E-Mail Messages from Enron Scandal Mined by Research Groups

    Enron Offers an Unlikely Boost to E-Mail Surveillance

  • This article references the work of Dr. David B. Skillicorn and Dr. Kathleen M. Carley

  • May 18, 2005
    * Survey Indicates Increased Use of Employee Monitoring Practices

    2005 Electronic Monitoring & Surveillance Survey: Many Companies Monitoring, Recording, Videotaping—and Firing—Employees

  • "From computer monitoring and telephone taping to video surveillance and GPS satellite tracking, employers are using policy and technology to manage productivity and protect resources. To motivate employee compliance, companies increasingly are putting teeth in technology policies. Fully 26% have fired workers for misusing the Internet. Another 25% have terminated employees for e-mail misuse. And 6% have fired employees for misusing office telephones."


  • Related reference:
  • From the WSJ free features: Monitoring of Workers Is Boss's Right but Why Not Include Top Brass?

  • May 16, 2005
    * FTC Seeks Comments on Provisions of CAN-SPAM Act

    Press release from FTC, May 12, 2005: Agency Seeks Comment on Definitions and Substantive Provisions Under the CAN-SPAM Act. The Federal Trade Commission published a Federal Register notice today seeking public comment on certain definitions and substantive provisions under the...CAN-SPAM Act.

  • CFR Part 316: Project No. R411008: Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act of 2003: Notice of Proposed Rulemaking and Request for Public Comment - Text of the Federal Register Notice [Register PDF Format]

  • May 13, 2005
    * Employer E-Mail Monitoring Ban Awaits Approval in New South Wales

    From Computerworld Today, "Australia's Workplace Surveillance Bill 2005, which will go through the country's parliament on Wednesday, makes it a criminal offense to read employee e-mails."

  • Workplace Surveillance Bill 2005 website
  • May 12, 2005
    * All Together Now - A Recommendation to Beat Spam

    This NewScientist.com article suggests that Teamwork will beat the spammers by using a social network to identify spam in a dynamic, collaborative effort.

  • Related reference: Let Your CyberAlter Ego Share Information and Manage Spam
  • May 05, 2005
    * Oversight Hearing on Implementation of PATRIOT Act: Section 212--Emergency Disclosure of Electronic Communications

    House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security, Oversight Hearing on the "Implementation of the USA PATRIOT Act: Section 212--Emergency Disclosure of Electronic Communications to Protect Life and Limb," May 5, 2005

  • Witness statements: William Moschella, Assistant Attorney General, United States Department of Justice; Willie T. Hulon, Assistant Director of Counterrorism Division, Federal Bureau of Investigation; Orin S. Kerr, Associate Professor of Law, The George Washington University; Jim Dempsey, Executive Director, Center for Democracy and Technology

  • Audio of Full Hearing [MP3] May 05, 2005
  • April 14, 2005
    * President and Newspaper Editors Differ in Views on FOI

  • Has the sun set on FOIA’s future?: "Kevin Goldberg, legal counsel for the American Society of Newspaper Editors (ASNE) said government efforts to prevent the public release of information is forcing many newspapers to go to court."

  • President Bush addressed the American Society of Newspaper Editors today. The full text of his remarks are available in this White House press release. In regard to Freedom of Information Act requests, he stated: "...but we also spend a lot of money on analyzing FOIA, because somebody told me there's 3.5 million FOIA requests a year, which is a lot. I can't tell you the percentage which passed, or not passed, but there is -- there's an active interest in people reading documents. And I would hope that those who expose documents are wise about the difference between that which truly would jeopardize national security and that which should be read." He also stated, "...I don't email, however. And there's a reason. I don't want you reading my personal stuff."

  • Related references: Significant Rise in Classification of Gov't Docs Focus of New Reports and archive of beSpacific postings on FOI.
  • April 11, 2005
    * Pew Data Memo On Spam and Phishing

  • Press release: Spam and phishing - "More than a year after the CAN-SPAM Act became law, email users say they are receiving slightly more spam in their inboxes than before, but they are minding it less...And in a first-time measure of "phishing," or unsolicited email requesting personal financial information, 35% of users say they have received such email, and 2% have responded by providing the information."

  • Data Memo, CAN-SPAM One Year Later (19 pages, PDF)
  • April 08, 2005
    * One of World's Most Prolific Spammers Sentenced to Prison Term

    Judge Sentences Man to 9 Years in Prison for Using Fake Internet Addresses to Send Mass E-Mail Ads. Links to relevant legal documents available from JURIST Paper Chase.

    March 09, 2005
    * Employee E-Mail Use and Employer Monitoring

    The ramifications of personal use of workplace email continues to resonate. The Wall Street Journal follows-up with Snooping E-Mail by Software Is Now a Workplace Norm, also available free to readers. The article details how customized programs allow companies to monitor and review employee email and IMs using broad and specific criteria that encompass administrative and compliance issues.

  • Related news: E-mails sent at work anything but private.
  • March 08, 2005
    * Important Lessons About E-Mail Bare Repeating

    This sentence is worth remembering: "Don't ever put anything in an e-mail that you wouldn't want to read on the jumbotron at Times Square." So says Alan Murray in his WSJ article, Indiscreet E-Mail Claims a Fresh Casualty (available free today).

    March 07, 2005
    * Pew Survey Tracks Growing Importance of Internet in American Political Process

    From the Pew Internet and American Life press release: "The internet became an essential part of American politics in 2004. Fully 75 million Americans – 37% of the adult population and 61% of online Americans – used the internet to get political news and information, discuss candidates and debate issues in emails, or participate directly in the political process by volunteering or giving contributions to candidates."

  • A commentary on the internet and politics by Michael Cornfield: The Internet and Campaign 2004

  • The Internet and Campaign 2004 (33 pages, PDF)
  • March 04, 2005
    * Privacy Group Advises Against Ordering Free Credit Reports Online

    As the citizens of additional states join the list of those eligable for free credit reports, problems associated with this program have been noted. The World Privacy Forum recently issued an extensive report documenting fraudulent activities that are complicating consumer access to the reports. In addition, the group reviews how use of the legitimate sites providing the credit reports may result in exposure to unwanted marketing, spam and related privacy intrusions.

  • CALL DON'T CLICK - Why it’s smarter to order federally mandated free credit reports via telephone, not the Internet.
  • "The World Privacy Forum urges consumers who qualify to order a federally mandated free annual credit report to call the toll free number (877-322-8228) instead of ordering their free credit report online. Calling the toll free number exposes consumers to fewer potential hazards than ordering online. Consumers who try to use the official online site www.annualcreditreport.com may encounter numerous challenges, some of them potentially serious."
  • * A Practical Guide to Managing E-Mail Overload

    Stever Robbins offers advice on how to author effective, efficient, and focused business email messages. He also recommends how to read and respond to email. Thoughtful, well constructed and brief responses, which you have taken time to consider before hitting the "send" key, will increase the value of this communications tool. And don't forget that sometimes it is easier to just use the phone. [D.C.]

    February 28, 2005
    * Time Required to Review Daily E-Mail Adds Up

    A survey reviewing the time spent by business owners around the world dealing with email related issues indicates that U.S., India and the Phillipines top the list, averaging two hours per day.

    February 25, 2005
    * UK Government Launches Virus Alert Website

    On February 23, 2005 the UK Home Office launched ITsafe "to provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack."

  • See the press release (PDF) and this page on alert services offered by email and mobile text messaging.
  • February 24, 2005
    * FTC and Spanish Gov't Work Together to Fight Spam

    Memorandum of Understanding On Mutual Enforcement Assistance In Commercial Email Matters Between the Federal Trade Commission of the United States of America and the Agencia Espanola de Proteccion de Datos [Link]

  • Related resource: The London Action Plan on International Spam Enforcement Cooperation

  • February 23, 2005
    * A Three Step Plan to Confront Phishing

    Killing Phish.

  • See also the continually updated reports on phishing and pharming available from The Anti-Phishing Working Group and the definitions from their site as follows:

    "Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Pharming uses the same kind of spoofed sites, but uses malware/spyware to redirect users from real websites to the fraudulent sites (typically DNS hijacking). By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them."


  • February 15, 2005
    * State CIOs' Issue Research Report on Web User Security Issues

    From the National Association of State Chief Information Officers (NASCIO), Welcome to the Jungle: The State Privacy Implications of Spam, Phishing and Spyware (15 pages, PDF).

    February 09, 2005
    * Overview of Email Programs

    Despite all the heralding of email's demise, it is still an essential desktop program in the workplace and for many home users as well. This Washington Post article, via MSNBC News, reviews free and low cost alternatives to Outlook.

    * New Report From IBM Predicts Increased Attacks on Wireless Devices

    Press release: "Today IBM announced the results from its 2004 Global Business Security Index Report and provided an early look at potential security threats in 2005. Based on early indicators, a new and troubling trend this year may be the aggressive spread of viruses and worms to handheld devices, cell phones, wireless networks, and embedded computers, which include car and satellite communication systems." [thanks David Ries]

    February 08, 2005
    * FCC Publishes List of Domains To Protect Cell Phones From Spam

    FCC press release: "On February 7, with the cooperation of wireless carriers, the Commission published on its Web site a list of mail domain names used to send messages to wireless service. This list is to protect cellular and wireless consumers from unwanted commercial electronic mail messages by alerting marketers to which Internet domain names are used in the electronic addresses of wireless service subscribers."

    February 03, 2005
    * Price Tag of Spam Reflected in Significant Lost Productivity

    As a follow-up to my posting on February 1, Junk Email Careens Out of Law's Control, more bad news about the spam explosion in a survey released by the Center for Excellence in Service at the Robert H. Smith School of Business, University of Maryland. According to the press release, "Spam's price tag now reaches $21.58 billion annually in lost productivity," and in the aggregate, "22.9 million hours a week are wasted on spam."

  • 2004 National Technology Readiness Survey, Summary Report, February 3, 2005 (17 pages, PDF)
  • February 01, 2005
    * Junk Email Careens Out of Law's Control

    Law Barring Junk E-Mail Allows a Flood Instead. Another article joins the chorus complaining about the failure of the CAN-SPAM Act to stem the tide of junk email, and highlights how industry, government and advocacy groups continue to do battle against the threats. From the perspective of the spammers however, it is a lucrative business, facilitated by using offshore servers as well as "network zombies."

    January 25, 2005
    * Spammers Settle Case With Earthlink

    From ComputerWorld: "Earthlink claims victory in another spam case - The spammers sent out more than 250 million e-mail messages."

    January 21, 2005
    * New Georgia Anti-Spam Legislation

    Press release from Georgia Governor: "The goal of the Georgia Slam Spam E-mail Act is to hold accountable those who abuse the Internet and harass our citizens with fraudulent, misleading and unwanted commercial e-mail...The Governor's legislation provides serious penalties for the use of false or misleading practices, such as forging headers, using misleading subject headlines or falsely stating that the information in the e-mail was requested."

    January 18, 2005
    * Texas AG Sues Major Global Spammer

    From the press release: "Texas Attorney General Greg Abbott filed the state's first lawsuit against one of the world's largest spam operations in an effort to crack down on the massive flow of illegal e-mail into Texas consumers' in-boxes."

  • Lawsuit Against PayPerAction Et Al. (16 pages, PDF)

  • Consumer Tips on SPAM Prevention

  • See also related postings on CAN-SPAM
  • January 12, 2005
    * Commentary on Whether Pop-Up Ads Are Spam

    Why A Utah Court Was Right to Hold That, Under Utah Law, Pop-up Ads Are Not "Spam" by Anita Ramasastry.

    January 04, 2005
    * California Privacy Laws Ahead of National Curve

    This Wired article focuses on California legislation that went into effect this new year that provides the state's consumers with a range of privacy protections, including unlisted cell phone numbers, rental cars without electronic
    surveillance technology activated
    , and the right to sue email spammers.

    December 29, 2004
    * Mobile Message Providers Must Submit Domain Names For FCC Database

    From the FCC, Consumer and Governmental Affairs Bureau Domain Name Data Entry (For Wireless Providers Only): "The purpose of the domain name registry is to protect cellular and other commercial mobile service (CMRS) wireless consumers from unwanted commercial electronic mail messages, by identifying, for those who send commercial electronic mail messages, Internet domain names uses to transmit electronic messages to CMRS consumers."

  • Related reference from the December 27, 2004 Federal Register: Final Rule implementing sections of the CAN-SPAM Act: ...CMRS carriers will have until January 21, 2004 to submit to the Commission all of their electronic mail domain names used for wireless messaging."

  • December 19, 2004
    * Billion Dollar Anti-Spam Judgment

    AP reports that Judge Charles R. Wolle, U.S. District Court for the Southern District of Iowa, awarded CIS Internet Services $1 billion in a case involving three companies accused of flooding the service with up to 10 million spam emails per day.

    December 16, 2004
    * FTC Issues Final Rule Defining Email Spam

    Press release: FTC Issues Final Rule Defining What Constitutes a "Commercial Electronic Mail Message"

  • "The Federal Trade Commission today issued final regulations (81 pages, PDF) to facilitate the determination of whether an e-mail message has a commercial primary purpose and is subject to the provisions of the CAN-SPAM Act. The CAN-SPAM Act, which took effect January 1, 2004, requires the Commission to issue regulations “defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message."

  • December 15, 2004
    * FDIC Recommends Procedures to Reduce ID Theft

    Press release - FDIC Issues Study on Identity Theft and Seeks Comments on Possible Guidance to Bankers: "Fraudsters are taking advantage of the reliance on single-factor authentication for remote access to online banking, and the lack of e-mail and Web site authentication, to perpetrate account hijacking."

  • Putting an End to Account-Hijacking Identity Theft (41 pages, PDF)
  • December 14, 2004
    * Percentage of CAN-SPAM Compliance Still in Single Digit

    According to a press release from MX Logic, Inc., an "email defense solutions" provider, in November, CAN-SPAM compliance reached a record high of 6% of total traffic subject to the law.

  • "...our data indicate that the act has had little impact on sophisticated spammers, who continue to leverage networks of hijacked PCs, as well as other tools to disseminate unsolicited and often fraudulent email."
  • December 02, 2004
    * Employee Productivity Undermined by Tech Scrutiny According to New Report

    A new white paper by Dr. Carsten Sørensen of the London School of Economics (in conjunction with Microsoft UK), titled The Future Role of Trust in Work - The Key Success Factor for Mobile Productivity. According to InfoWorld, the report indicates "that managers are using technologies such as e-mail, mobile phones, and SMS (Short Messaging Service) to keep tabs on employees when in actuality they are reducing workers' productivity and the amount of time that they spend serving customers."

  • Update: See the PDF text (39 pages) of the report, 21st Century Workers Facing 'Big Brother' Business Threat"

  • November 15, 2004
    * Advanced Look At MSN's New Desktop Search Tool

    Exclusive: MSN Desktop Search Revealed includes screens shots of the new utility that will be released in December as part of the MSN Toolbar Suite. (via Slashdot)

    November 03, 2004
    * Proposed Rule to Dispose of Gov't E-mail Without Paper Trail

    Proposed rule, National Archives and Records Administration (NARA), Federal Register, November 3, 2004:

  • "As part of NARA's Records Management Initiatives to redesign Federal records management, NARA has determined that Federal agencies should be allowed to dispose of short-term temporary electronic mail (e-mail) record (e.g., those with a retention period of 90, 120, or 180 days), without requiring the creation of a separate paper or electronic recordkeeping copy."

  • Related resource: A Report to the Interagency Committee on Government Information: Recommendations for the Effective Management of Government Information on the Internet and Other Electronic Records, by the Electronic Records Policy Working Group, October 20, 2004 (25 pages, PDF).
  • October 28, 2004
    * ISPs and Microsoft Sue Spammers

    Industry anti-spam alliance members Earthlink, Yahoo, AOL and Microsoft, have filed new complaints against spammers in four states. [Link]

  • Additional details, and a link to Earthlink's complaint, (111 pages, PDF) are available in this press release.

  • See this press release for links to AOL's two new law suits.

  • Yahoo's press release is here.
  • October 06, 2004
    * Appeals Court Will Rehear Email Wiretapping Case

    Appeals Court Re-Opens E-Mail Snooping Case: "Privacy advocates and the U.S. Department of Justice (DoJ) will get their day in court, again, to appeal a three-judge panel ruling that allows e-mail providers to store and copy their customers' e-mails."

  • Via EPIC, Order, U.S. Court of Appeals, First Circuit, United States v. Councilman, October 5, 2004.

  • For reference, see this previous posting, Ruling From 1st Circuit Impacts E-Mail Privacy
  • September 22, 2004
    * National Archives Responds to Email Hoax About Veterans' Records

    As posted on the online military personnel records request system from the National Archives:

  • "There is a rumor circulating among veteran service organizations that Official Military Personnel Files (OMPFs) at the National Personnel Records Center will be digitized and then destroyed. This rumor is NOT TRUE...The National Archives and Records Administration preserves and protects OMPFs because they are permanently valuable records that document the essential evidence of military service for the veterans of our nation."

  • Related information in this Federal Computer Week article.
  • September 16, 2004
    * FTC Reviews Program to Reward Spam Whistleblowers

    "The FTC today issued a assessing whether and how a system that rewards members of the public for tracking down spammers would or could help improve enforcement of the CAN-SPAM Act. That Act, which became effective on January 1, 2004, required the FTC to conduct a study and provide a report to Congress on a CAN-SPAM bounty system." [Link]

  • A CAN-SPAM Informant Reward System: A Federal Trade Commission Report to Congress (September 2004), (PDF, 79 pages)

  • Associated reports: The Difficulties of Tracing Spam Email (PDF, 21 pages) and an assessment (PDF, 29 pages) of the FTC proposal by Marsha Ferziger Nagorsky.
  • September 02, 2004
    * Evolving Practices Support Doctor-Patient E-Mail Communications

    From today's WSJ, via Yahoo ($), this article, The Doctor Is Online: Secure Messaging Boosts the Use of Web Consultations, merits review. It addresses the issues of privacy, consultation fees and insurance coverage associated with secure messaging systems options now available for doctor-patient communications.

  • Related news, Creighton University Medical Center doctors using handheld devices to access patient information.
  • August 31, 2004
    * Spammers Hijack DoD and Senate Computers

    Hackers hijack federal computers

    August 19, 2004
    * Essay on Growing Financial Implications of Phishing

    From Crypto-Gram: Websites, Passwords, and Consumers.

  • "Criminals follow the money. Today, more and more money is on the Internet. Millions of people manage their bank accounts, PayPal accounts, stock
    portfolios, or other payment accounts online. It's a tempting target: if a criminal can gain access to one of these accounts, he can steal money. And almost all these accounts are protected only by passwords."

  • August 18, 2004
    * Google's Amended S-1 Discusses GMail, Privacy Issues and Comments

    Google Inc · S-1/A · On 8/13/4.

  • See also this press release, dated August 18: Google Inc. Requests Effectiveness of IPO Registration Statement, which includes a link to the updated prospectus.

  • Related reference: from kottke.org, a link of the recent interview with Google founders Sergey Brin and Larry Page, and from the Financial Times, Comment: Ignore Wall St's whining - Google's IPO worked.

  • August 16, 2004
    August 13, 2004
    * FTC Request Public Comment on CAN-SPAM Regs

    FTC press release:

  • "The Federal Trade Commission will publish a Federal Register Notice on Friday, August 13, 2004, seeking public comment on proposed rules regarding commercial electronic mail messages. The CAN-SPAM Act, which took effect January 1, 2004, requires that the Commission issue regulations “defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message.” In this Federal Register Notice, the FTC introduces proposed criteria to facilitate the determination of when an e-mail message has a commercial primary purpose, and seeks comments in response to this proposal."

  • Related reference: Survey: 86 percent of spam from US. Data from CipherTrust.
  • August 11, 2004
    July 28, 2004
    * E-Mail Fraud Continues to Lure Unsuspecting Readers

    Consumers still falling for phish: "Fake e-mails fool users 28 percent of the time, study finds." See these additional resources:

  • MailFrontier’s Email Threat Information Center

  • The MailFrontier Phishing IQ Test

  • FTC pushes e-mail standard

  • July 23, 2004
    * E-mail Privacy Act of 2004

    "Representative Jay Inslee, a Washington Democrat, and three other congressmen introduced the E-mail Privacy Act of 2004 on Thursday. The bill would require that e-mail be subject to federal wiretap law that requires a court order for real-time interception of communications." [Link]

    July 21, 2004
    * Practical Tips on Gmail Features

    The Information Architecture of Email

    July 19, 2004
    * NY AG Settles Case With Spammer

    From the press release today: "State Attorney General Eliot Spitzer today announced the settlement of a lawsuit against email marketer Scott Richter and his company, OptInRealBig.com, LLC. The suit alleged that unsolicited emails, or spam, sent on defendants' behalf contained falsified headers, falsified routing information, and deceptive subject lines, and were illegally routed through a worldwide network of more than 500 vulnerable computers."

  • Consent Order and Judgement (PDF)

  • July 02, 2004
    * Massachusetts AG Files First State Lawsuit Under CAN SPAM

    From the press release: "In the first state enforcement action taken since the January 1 inception of the federal CAN SPAM Act, AG Reilly is alleging that DC Enterprises, an unincorporated business, and company principal Willliam T. Carson of Weston, Florida, have sent thousands of misleading email messages from a business address in Newton, where the company has no physical presence."

    June 30, 2004
    * Spam Blocker Prevails Against Mass E-Mailer in CA Court

    From ZDNet: "A federal court in California has turned down a request to stop SpamCop from keeping tabs on mass e-mailer OptInRealBig, saying the blocklist operator is protected under the Communications Decency Act."

  • Order from U.S. District Court, Northern District of California, OptInRealBig.com, LLC v. IronPort Systems, Inc. (20 pages, PDF).
  • June 29, 2004
    * Guide to Spam Filtering

    A Buyer's Guide to Spam Filtering (19 pages, PDF)

    June 28, 2004
    * VeriSign Announces Anti-Phishing Business Solutions

    From VeriSign's press release today: "VeriSign's Anti-Phishing Solution protects enterprises through a five-tiered solution that helps prevent, detect and respond to attacks, thereby mitigating and eliminating identity theft and email fraud attempts."

    June 23, 2004
    * Industry Anti-Spam Alliance Issues Report on Best Practices

    Anti-Spam Technical Alliance Publishes Industry Recommendations To Help Stop Spam:

  • "The Anti-Spam Technical Alliance (ASTA), whose participants include Yahoo! Inc., Microsoft Corp., EarthLink and America Online Inc., today unveiled the result of more than a year of close collaboration by presenting a host of detailed best practices and technical recommendations for the entire industry in an effort to fight the scourge of spam."

  • Internet providers take a step forward in spam fight

  • * Arrests in Stolen AOL Screen Names Scam

    AP reports that an ex-AOL software engineer allegedly stole a list of 92 million customer screen names (online identification/user names) last year, which he then sold, and the information was subsequently used in various spam related mass emailings, in violation of the CAN-SPAM Act.

  • See the related press release by AOL, which states, "AOL has uncovered no information indicating that this theft involved member credit card or password information stored by AOL." Via FindLaw, here is a copy of the complaint.
  • June 21, 2004
    * Can E-Mail Prevail?

    This PCWorld.com article highlights some of the current and emerging applications and standards that can be implemented in an effort to respond to the deluge of spam, as discussed at the recent E-Mail Technology Conference. What caught my eye was this paraphrased statement from Dr. Vinton Cerf: "He gave the example of an exchange that might entail a three-day e-mail chain, but which could be handled in a five-minute phone call."

    June 15, 2004
    * White Paper Profiles Data Protection Issues in U.S. and EU

    A Global Push to Protect Information Online

  • "As indispensible as e-mail and the Internet have become at work, companies face rising threats from the exposure of confidential business data or consumer data over the Internet."
  • * FTC Report Rejects Do Not Email Registry

    From the FTC press release: "The Federal Trade Commission today told Congress that, at the present time, a National Do Not Email Registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively. In a report (60 pages, PDF) filed in response to a statutory mandate, the FTC also said that anti-spam efforts should focus on creating a robust e-mail authentication system that would prevent spammers from hiding their tracks and thereby evading Internet service providers’ anti-spam filters and law enforcement."

  • Industry Players On Board With FTC Anti-Spam Recommendations
  • June 07, 2004
    * Baltimore City Gov't Responds to E-Mail Overload

    City to delete its old e-mail: "After 90 days, messages will be gone from system; Public-records questions raised; Workers will have to find and save official material."

    June 04, 2004
    * Conferences Focuses on How to Fix E-Mail Overload Problems

    The Changing Face of E-Mail: Speakers at the recent INBOX conference discussed a wide range of applications/solutions to address the information overload that has become an intrinsic part of enterprise email use.

    June 03, 2004
    * Stealth Service Tracks When E-Mail is Read

    Who Got the Message? There's a Way to Know:

  • "Users of the service, DidTheyReadIt (didtheyreadit.com), can clandestinely track when and where their e-mail is read."
  • May 31, 2004
    May 28, 2004
    * The Importance of An Effective Search Engine For Your Intranet

    An essential component of an effective intranet is a powerful, versatile and user friendly search engine. This article focuses on enterprise-wide deployment of Google for this function, and what portends to be the growth in marketing this successful search product.

    May 27, 2004
    * Maryland Enacts Model Anti-Spam Law

    Maryland Governor Robert Ehrlich signed the Maryland Spam Deterrence Act (HB 1320), which "prohibits a person from sending multiple commercial electronic mail (e-mail) messages under specified circumstances from a protected computer. Violators are subject to criminal and civil liability."

    * CA Bill Restricting Google's Gmail Passes Senate

    From ZDNet: "The California state Senate on Thursday approved a bill that takes aim at Google's new Gmail service, placing strict limits on e-mail providers seeking to scan customer messages for advertising and other purposes." See SB 1822.

  • See also Google Responds To Email Privacy Concerns

  • May 25, 2004
    * Amendments to CA Bill on Gmail Lessen Restrictions to the Service

    On May 25, California State Senator Liz Figueroa offered an amended version of SB 1822 which struck language that would have presented substantial obstacles to Gmail's operation in the state.

    May 07, 2004
    * Gartner Reports Rise in Web Fraud

    Gartner Study Finds Significant Increase in E-Mail Phishing Attacks:

  • "Phishing attacks by hackers against online consumers have become so widespread that an estimated 57 million Americans likely have received these fraudulent e-mails, according to a new study released today by Gartner, Inc. Direct losses from identity theft fraud against these phishing attack victims cost U.S. banks and credit card issuers about $1.2 billion last year.
  • May 06, 2004
    * Survey Reports Rising Concern With E-Mail Fraud

    An online survey conducted in April indicates "that 75% of accountholders are less likely to respond to email from their banks, and over 65% said they were less likely to sign-up or continue to use their bank’s online services." These results reflect growing consumer concern with phishing and email fraud, occurrences of which are increasingly the focus of news articles.

    * Survey Says....Spam At All Time High

    Record Broken: 82% of U.S. Email is Spam

  • For reference, see the latest spam statistics on the MessageLabs homepage.
  • May 04, 2004
    * Advocacy Groups Call for Investigation of Gmail

    From the text of a May 3 letter sent by EPIC, the Privacy Rights Clearinghouse, and the World Privacy Forum, to California Attorney General Bill Lockyer:

  • "We write to urge your office to investigate Google's "Gmail" service. We believe that Gmail violates California Penal Code § 631, which governs eavesdropping on confidential communications. In light of California's heightened statutory and Constitutional privacy guarantees, we think it incumbent on the Office of the Attorney General to intervene to protect the integrity of individuals' e-mail communications. Below, we explain that Google's Gmail service represents an unprecedented invasion into the sanctity of private communications and that it violates California's wiretapping laws."

  • For a different perspective see Does Gmail breach wiretap laws?
  • April 29, 2004
    * First Criminal Cases Filed Under CAN-SPAM Act

    FTC press release: "The FTC has cracked down on two spam operations that have clogged the Internet with millions of deceptive messages and violated federal laws...Both operations have been identified by the anti-spam organization Spamhaus as among the largest spammers in the world."

  • Complaint: Federal Trade Commission, plaintiff, v. Phoenix Avatar, LLC doing business as Avatar Nutrition, DJL, LLC, Daniel J. Lin, Mark M. Sadek, James Lin, and Christopher M. Chung doing business as A I T Herbal Marketing, defendants., United States District Court for the Northern District of Illinois, Eastern Division (April 23, 2004) [Link to additional documents]

  • Criminal complaint: United States of America v. Daniel J. Lin, James J. Lin, Chris Chung, and Mark M. Sadek., United States District Court, Eastern District of Michigan, Case Number: 04-80383, (April 23, 2004)

  • Federal Trade Commission, plaintiff, v. Global Web Promotions Pty Ltd., Michael John Anthony Van Essen, and Lance Thomas Atkinson, defendants., United States District Court for the Northern District of Illinois, Eastern Division, (April 28, 2004) [Link to documents]

  • Can-Spam Law Meets Its First Test
  • April 22, 2004
    * FTC Statements and Resources on ID Theft

    FTC Working to Protect Consumers and Businesses from Information Security Breaches

  • Prepared Statement of the Federal Trade Commission On Protecting Our Nation's Cyberspace, Presented by Commissioner Orson Swindle Before the Subcommittee On Technology, Information Policy, Intergovernmental Relations, and the Census of the Committee On Government Reform, United States House of Representatives (April 21, 2004).

  • FTC Seeks Comments on Proposed Identity Theft, Active Duty Alert Regulations.
  • * Email Fraud Escalates

    Huge Surge In Phishing Scams As Fraudsters Seek Financial Gain

  • This link on Antiphishing.org: "Earthlink Toolbar™Featuring ScamBlocker™
    EarthLink ScamBlocker is part of a free browser toolbar that alerts you before you visit a page that's on Earthlink's list of known fraudulent phisher Web sites. Its free to all Internet users." [Download]

  • April 19, 2004
    * FTC Spells Out CAN-SPAM Compliance Requirements for E-Mail

    The CAN-SPAM Act: Requirements for Commercial Emailers

  • "The law, which became effective January 1, 2004, covers email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A "transactional or relationship message" – email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship – may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act."
  • April 14, 2004
    * ISP Combats Phishing With Software Launch

    PCWorld reports on EarthLink's plan to implement a software application called ScamBlocker, beginning April 19, at no cost to customers. Phishing employs a combination of email solicitations and fake websites to lure unsuspecting users into compromising their personal and financial data.

  • Other references to ID theft and phishing.
  • * Maryland Anti-Spam Bill Awaits Governor's Action

    S.B. 604, the Maryland Spam Deterrent Deterrence Act, passed the Maryland legislature late Monday night, and awaits signature by Gov. Ehrlich. Penalties include a term of up to five years in prison and a fine of up to a $10,000.

    * Privacy Concerns May Result in Changes to Gmail

    As reported today by the WSJ, as well as via AP, privacy concerns raised in the U.S. and abroad about Google's new Gmail, still in beta, have resulted in the company considering alowing users to opt-in/opt-out of being served targeted ads, currently a component of the free email service.

  • Update on this issue from April 15: Google Downplays Report of Possible Gmail Changes
  • April 09, 2004
    * FDIC Issues E-Mail Fraud Warning

    FDIC Issues Warning About Fraudulent E-mails:

  • "The FDIC has received complaints from consumers who received an e-mail that appears to have been sent by the FDIC. The e-mail is purportedly from security at fdic.com and the subject is fraud report. The e-mail informs recipients that their bank account has been temporarily closed because of fraudulent activity...The e-mail was not sent by the FDIC and may be a fraudulent attempt to implant a computer virus onto the recipient’s computer or to obtain personal information from consumers."
  • April 08, 2004
    * Heightened Focus on Gmail by Privacy Advocates

    From the World Privacy forum, this press release and letter (pdf) on behalf of a coalition of over two dozen privacy and advocacy groups, addressing Google's new webmail service, Gmail, specific to the retention and repurposing of user data for e-commerce and law enforcement applications.

  • Screenshots of Gmail from a beta tester, here and here.
  • April 02, 2004
    April 01, 2004
    * Google Launches Limited Release of New E-Mail Service

  • Google press release: Google Gets the Message, Launches Gmail - User Complaint About Existing Services Leads Google to Create Search-Based Webmail

  • "Gmail is an experiment in a new kind of webmail, built on the idea that you should never have to delete mail and you should always be able to find the message you want. The key features are:
    Search, don't sort. Don't throw anything away. 1000 megabytes of free storage so you'll never need to delete another message. Keep it all in context. Each message is grouped with all its replies and displayed as a conversation. No pop-up ads. No banners. You see only relevant text ads and links to related web pages of interest."

  • Gmail FAQ
  • * DOJ Report on E-Mail Scams and Fradulent Websites

    From the DOJ Criminal division, this Special Report on "Phishing, "the creation of fraudulent e-mails and websites used to deceive individuals into divulging their personal financial data."

  • For more information on how to protect yourself against such scams, with resources that include news updates, reports on phishing attacks, and white papers, visit the Antiphishing Working Group, where you will find this link to the Phishing Attack Trends Report - February 2004.

  • From AP, see also this related article, Companies sharpen tech tools to counter scams
  • March 25, 2004
    * Instant Messages Used to Deliver Spam

    When Instant Messages Come Bearing Malice. According to this article, there are over 160 million instant messaging (IM) accounts worldwide, and users are increasingly the target of spam, hackers and phishing.

    March 11, 2004
    * Copies of Anti-Spam Lawsuits Filed by Industry

    As posted yesterday, AOL, Microsoft, Yahoo and Earthlink filed lawsuits against defendants they allege are in violation of the CAN-SPAM Act.

  • Complaint and Exhibits (America Online, Inc. v. John Does 1-40) (March 9, 2004)

  • Complaint and Exhibits (America Online, Inc. v. Davis Wolfgang Hawke, et al. (March 9, 2004)

  • Complaint (Earthlink, Inc. v. John Does 1-25, et al. (March 9, 2004)

  • Complaint (Microsoft Corp. v. JDO Media, Inc., et al. (March 9, 2004)

  • Complaint (Microsoft Corp. v. John Does 1-50 d/b/a Super Viagra Group) (March 9, 2004)

  • Complaint (Yahoo!, Inc. v. Eric Head, et al. (March 9, 2004)
  • * FTC Seeks Public Comment on Spam

    Text of Federal Register Notice, March 11, 2004, Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act; Proposed Rule.

  • Appendix A - Privacy Impact Assessment for the Electronic Public Comment System, The Collection of Public Comments Filed Electronically in the CAN-SPAM Rulemaking Proceeding; Appendix B, Federal Trade Commission Privacy Policy, and
    Appendix C, User Notice on the Regulations.gov website.
  • March 10, 2004
    * Industry Coordinates Lawsuits Against CAN-SPAM Violators

    Microsoft press release, March 10, 2004:

  • "America Online Inc., EarthLink Inc., Microsoft Corp. and Yahoo! Inc. today jointly announced that their collaborative anti-spam industry efforts have resulted in the coordinated filing of the first major industry lawsuits under the new federal anti-spam law, the Controlling the Assault of Non-Solicited Po***graphy and Marketing (CAN-SPAM) Act of 2003, which went into effect Jan. 1.

    The country's four leading e-mail and Internet service providers announced the combined filing of six lawsuits against hundreds of defendants, including some of the nation's most notorious large-scale spammers." (Summaries of the cases are referenced in this press release.)


  • Internet Providers File Suits to Stop Spammers

  • Sensenbrenner Commends ISPs for Legal Crack Down on Spam Under New Anti-Spam Law

  • March 01, 2004
    * Impact of E-Mail Security Issues on Gov't, Corporations and Home Users

    House Government Reform Hearing: You've Got Mail - But is it Secure? An Examination of Internet Vulnerabilities Affecting Businesses, Governments and Homes. October 16, 2003. Serial No. 108-95. GPO Stock No. 552-070-30848-2.

  • Text; PDF (96 pages)
  • February 27, 2004
    February 11, 2004
    * House Cmte. Testing Mail Security Application

    The Committee on House Administration has taken the lead in testing a digital mail system by Pitney Bowes. The closure of Senate office buildings on February 3 due to the discovery of ricin has significantly raised interest in security measures to minimize the risk of such future threats.

    January 29, 2004
    * FTC Seeks Approval for More Regs to Combat Spam

    The FTC is seeking public comment on yet another effort to combat spam, as mandated by the CAN-SPAM Act.

    January 28, 2004
    * New FTC Alert on Spam

    From the Federal Trade Commission, a new alert, Who's Spamming Who? Could it be You? details how your email address can be used to send unsolicited email without your knowledge, along with security measures you can use to secure your computer.

    * Ensuring Your Email is CAN-SPAM Compliant

    Neil Squillante published a new article, Is Your Company CAN-SPAM Compliant?, that includes "Eight Not-So-Simple Rules for CAN-SPAM-Compliant Email."

  • beSpacific postings on CAN-SPAM Act
  • * Feds Launch New E-Mail Cybersecurity Alert Service

    Press release: U.S. Department of Homeland Security Improves America's Cyber Security Preparedness--Unveils National Cyber Alert System:

  • "The National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS) today unveiled the National Cyber Alert System, an operational system delivering to Americans timely and actionable information to better secure their computer systems."
  • The service is available to assist home PC users as well as tech professionals, and users opt-in to receive email updates on security tips, alerts and bulletins.

    * New E-Mail Worm Has Global Impact

    The Mydoom email worm's impact has been felt by most of us already, and threatens to continue its relentless pace around the world for another couple of days. The apparent target of the worm, the UNIX software solutions provider The SCO Group, has offered a $250,000 reward to locate the worm's creator.

  • See also Symantec Security Response - W32.Novarg.A@mm, which indicates the threat assessment from the virus as high, with it spreading rapidly.

  • From PCWorld, Mydoom Sets Speed Records

  • New worm avoids feds for now
  • January 21, 2004
    * Can Spam Be Tamed?

    Going Upstream to Fight Spam. Creative proposals continue to percolate, but a workable solution to truly quelling the tide of spam is proving elusive, with significant costs to ISPs and consumers.

    January 12, 2004
    * 2004 Begins With Spam Overload

    Inbox trauma: New junk-fighting tools falter

  • Anti-spam applications abound, and the CAN SPAM Act promised to lighten the load on your email in-box, but initial reports for this year are far less than reassuring.

  • See also CAN-SPAM means we can spam
  • January 08, 2004
    * Personal Data of Respondents to Proposed Reg. Subject to Privacy Breach

    Treasury breaks word on e-mail anonymity:

  • "The Treasury Department's Alcohol and Tobacco Tax and Trade Bureau (TTB) plans to publish nearly 10,000 e-mail addresses on the Web, violating its privacy promise to Americans who used e-mail to comment on a government proceeding."

  • January 06, 2004
    * Spam Continues to Thwart Legislated Limits

    Spam Is Still Flowing Into E-Mail Boxes - Senders Evade Federal Law Banning Junk Messages.

  • Previous postings on CAN-SPAM legislation.
  • December 28, 2003
    * CAN-SPAM Act Does Not Limit Political E-Mail

    From today's New York Times, an article on how House members are purchasing email lists to spam constituents (with the caveat that the messages include an opt-out option) in an effort to build a list of potential voters comprised of those who have chosen to opt-in and receive future messages.

    December 19, 2003
    * NY State AG Files Suit Against Reputed Kingpin Spammers

    New York State Attorney General Eliot Spitzer announced the state is suing Synergy6, Inc. and Delta Seven Communications, LLC, whose principals are accused of disseminating over one billion spam messages each week.

  • Synergy6 Complaint

  • Synergy 6 Exhibits
  • December 16, 2003
    * President Signs Anti-Spam Bill

  • Fact Sheet: President Bush Signs Anti-Spam Law

  • A link to the CAN-SPAM Act (S. 877, P.L. 108-187, 117 Stat. 2699) is available in this posting. The law is effective January 1, 2004.

  • Today FTC Chairman Tim Muris answered questions about the spam bill submitted by email to through government's "Ask the White House" online forum.
  • December 09, 2003
    * CAN-SPAM Bill Awaits President's Signature

    Congress approves anti-spam legislation

  • CAN-SPAM Act
  • December 05, 2003
    * EU Demands Compliance on E-Privacy Directive

    With the expiration of an October 31 deadline for implementing the Directive on Privacy and Electronic Communications, the European Commission indicated that legal action against nine member states may be necessary to ensure their compliance. The directive addresses e-privacy issues that include spam, the use of cookies, and the protection of customer data by ISPs.

    December 04, 2003
    * Prospects for Spam Relief Remain Dim

    From tech research firm Gartner: Spam Will Likely Worsen Despite U.S. Law.

  • See the CAN-SPAM Act
  • November 26, 2003
    * Senate Approves House Version of CAN SPAM Act

    On November 25, the Senate unanimously approved the CAN-SPAM Act (S. 877), inclusive of technical changes agreed upon with the House, which is expected to approve the bill once again in December, clearing it for signature by the President. However, not everyone on the Hill is satisfied with the bill, in particular Representatives from California whose tough new anti-spam law which is effective January 1, 2004 will be pre-empted by this legislation, which they contend offers their constituents less protection. In addition, the new Texas anti-spam law (H.B. No. 1282), that went into effect September 1, 2003 will also be pre-empted by the federal legislation.

    November 24, 2003
    * Is Spam Here to Stay?

    The 10 Biggest Spam Myths:

  • "3. Spam legislation can end the problem."

  • See Congress Reaches Agreement on CAN-SPAM Act, November 21.
  • November 21, 2003
    * Congress Reaches Agreement on CAN-SPAM Act

    This afternoon, after considerable negotiation and recent reports of hightened pressure to reach an agreement, the House of Representatives voted 392-5 to accept an amended version, the pdf text of which is available via CNET, of the Senate's CAN-SPAM Act of 2003 (S. 877).

  • Tauzin Announces Agreement On Historic Anti-Spam Bill, states that the bill:
    "Empowers American consumers with the right to opt-out of all unwanted and unsolicited commercial e-mail or SPAM; Provides the FTC with the authority to set up a Do-Not-SPAM registry."
  • This legislation will pre-empt state anti-spam legislation, such as California's anti-spam law, signed by former Gov. Gray Davis September 23, to become effective January 1, 2004.
  • November 20, 2003
    * Quick Guide on RSS

    From Free Range Librarian by K. G. Schneider, Getting Started with RSS: The No-Brainer Method.

    * House Hearing on Cyber Security and Consumer Data

    Cybersecurity & Consumer Data: What's at Risk for the Consumer? - Subcommittee on Commerce, Trade, and Consumer Protection, November 19, 2003.

  • Witness List & Prepared Testimony

  • Member statements: The Honorable Cliff Stearns and The Honorable W.J. "Billy" Tauzin

  • Prepared Statement of FTC Commissioner Orson Swindle

  • November 19, 2003
    * Patent for E-Mail Filtering May Counter Spam

    The USPTO granted patent 6,643,686 on November 4, 2003. It is "a system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam). InternetNews.com quotes the executive director of the SpamCon Foundation as seeing the technology as a "...potentially...effective tool against spam..."

    * Study on Legal Issues Associated With E-Mail Retention

    The American Records Management Association Education Foundation sponsored a research project by John C. Montaña, J.D., titled Legal Obstacles to E-Mail Message Destruction (42 pages, pdf), published October 19, 2003. The report addresses risk management associated with e-mail retention, the definition and legal status of e-mail, state, federal and foreign government laws associated with the use of e-mail as a public record and for e-commerce transactions.

    November 18, 2003
    * E-Mail Publisher's Commentary on CAN-SPAM Act

    The CAN-SPAM Act of 2003: Real Reform or Political Pork? by Neil J. Squillante:

  • "Many of my peers in the online marketing industry claim that requiring permission (opting in) would destroy email’s commercial potential. I disagree and can personally attest to the fact that permission is good for business. If companies produce outstanding email newsletters and promotional messages, people will subscribe in large numbers—especially in a spam-free world."

  • See also Clock Ticking on Spam, 'Net Access Bills' which indicates that it is unlikely the House and Senate will resolve their differences to craft an acceptable bill prior to the end of the session.

  • * Review of Effective Solutions to Block Spam

    From InfoWorld, this useful review of the following anti-spam applications for use on the enterprise level: Brightmail Anti-Spam Enterprise Edition Version 5.1, FrontBridge TrueProtect E-mail Security Suite, Postini Perimeter Manager Enterprise Edition, Proofpoint Protection Server 1.2.1, and SpamAssassin 2.44, an open source spam filter included with Red Hat Linux 9.

    November 14, 2003
    * Variant of Worm Seeks to Steal Credit Card Info

    New worm variant targets identity data:

  • A new twist has been applied to an email worm, called Mimail, that appeared this past August, and it has been harnassed specifically to steal credit card data from customers of PayPal, the online payment service, which is owned by eBay.
  • November 11, 2003
    * Doctor-Patient E-Mail Communication

    From The Yale Journal of Law & Technology (YJoLT):

  • Message Deleted? Resolving Physician-Patient E-mail through Contract Law, by Michael A. McCann - "This article examines the impact of e-mail on the physician-patient relationship, and how contract law can resolve the uncertainties incumbent in this nascent form of communication."

  • November 10, 2003
    * Free Database of Spam Sources Assists ISPs and IT Managers

    Spammers Can Run but They Can't Hide:

  • "...the nerve center of Spamhaus, controlling servers on five continents...[is] its database [of] dossiers on the 200 most prolific spammers and the addresses of the 8,000 computers they use to inundate people with ads. Spamhaus makes the list available to Internet service providers, which use the information to weed spam from the e-mail boxes of 160 million users."

  • According to Spamhaus, "Spam is now 60% of all email traffic on the Western Internet and is forecast to reach 70% by January 2004."

  • See also the Spamhaus Register of Known Spam Operators (ROKSO)
  • November 06, 2003
    * AG's Do Not Favor CAN SPAM Act

    Internetnews.com reports that the Internet Committee of the National Association of Attorneys General sent a letter to House leaders indicating their opposition to the CAN SPAM Act, under consideration by the House and already passed by the Senate. The reasons included "that the amended act has so many loopholes, exceptions and standards of proof that it won't protect consumers," and "that the law wouldn't deter spammers, but merely foster more litigation."

  • In related news, the Senate version of the bill includes a provision (Sec. 109) for a nationwide Do Not E-Mail Registry to be administered by the FTC, which is not in favor of such a list.
  • October 31, 2003
    * Compliance With New EU Data Privacy Rules Begins Today

    "As from today EU Member States must comply with the Directive on Privacy and Electronic Communications, which sets EU standards for the protection of privacy and personal data in electronic communications. The Directive includes basic obligations to ensure the security and confidentiality of communications over EU electronic networks, including internet and mobile services. It sets out specific conditions for installing so-called “cookies” on users' personal computers and for using location data generated by mobile phones. Notably, the Directive also introduces a 'ban on spam' throughout the EU." [Link]

  • Background information on the new rules is available here

  • Background information on the specific Commission plans on spam is available here
  • October 29, 2003
    * New Study on the Information Explosion

    A team of researchers from the School of Information Management and Systems University of California, Berkeley released a new study today, How Much Information? 2003, that chronicles the information explosion over the past several years. According to the team, during the period of 1999 to 2002, "new stored information grew about 30% a year." Additional facts:

  • "Print, film, magnetic, and optical storage media produced about 5 exabytes of new information in 2002. Ninety-two percent of the new information was stored on magnetic media, mostly in hard disks."

  • "The World Wide Web contains about 170 terabytes of information on its surface, in volume this is seventeen times the size of the Library of Congress print collections."

  • "Email generates about 400,000 terabytes of new information each year worldwide."

  • For context, see the team's How Much Information? 2000

  • October 28, 2003
    * House Speaker May Force Vote on Anti-Spam Bill

    Internetnews.com reports that Speaker of the House Dennis Hastert may push forward with a full floor vote on the Can Spam Act (passed by the Senate on October 22) tomorrow. The goal of passing an anti-spam bill by the end of the year is questionable in light of objections to various provisions of the Act.

    October 24, 2003
    * California Wins First Anti-Spam Lawsuit

    Today California Attorney General Bill Lockyer announced that the state won a judgment of $2 million against a spammer (The People of the State of California v. PW Marketing, Santa Clara County Superior Court) in what will be a model for future cases involving unsolicited email. As I posted previously, the state's new anti-spam law (in effect on January 1, 2004) prohibits an individual or entity, either from within the state or from outside the state, from distributing unsolicited commercial email advertising.

    October 23, 2003
    * New Pew Internet Study Details Negative Impact of Spam

    From the Pew Internet Project, a new report released October 22, Spam: How it is hurting email and degrading life on the Internet:

  • "Spam is beginning to undermine the integrity of email and degrade life online. The huge increase in email spam in recent years is beginning to take its toll on the online world. Some email users say they are using electronic mail less now because of spam. More people are reporting they trust the online environment less. Increasing numbers are saying that they fear they cannot retrieve the emails they need because of the flood of spam. They also worry that their important emails to others are not being read or received because the recipients’ filters might screen them out or the emails might get lost in the rising tide of junk filling people’s inboxes."
  • See also this related New York Times article: A Change of Habits to Elude Spam's Pall:
    "With In boxes deluged, e-mail users are taking evasive action. Sometimes they just pick up a phone."

  • * Senate Passes Bill to Regulate Unsolicited Email

    The CAN-SPAM Act of 2003, S. 877, which was approved by the Senate Commerce Committee by voice vote on June 19, yesterday passed the full Senate by a vote of 97-0. An amendment to authorize the Federal Trade Commission to implement a nationwide "Do Not E-mail" registry was proposed and agreed to.

  • Senate Anti-Spam Bill Ups Ante for House Action

  • See also this press release from Sen. Ron Wyden (D-Ore.): "Legislation gives consumers more control over unwanted e-mail, promises stiff punishment for senders of unlawful, deceptive spam." Included is a link to the pdf version of S. 877 (61 pages).
  • October 20, 2003
    * New MS Office Includes Self Destructing E-Mail Feature

    The BBC reports that Microsoft Office 2003, available tomorrow, will include new e-mail privacy and security features, including the ability to designate specific readers, prevent message forwarding and printing, and a "time-stamp" which results in email deletion on a specified date.

  • For more product details, see also Inside Office 2003, from PCWorld.com
  • October 15, 2003
    * Prosecutors Request That Computer Fraud Conviction Be Reversed

    Bret McDanel, a former employee of Tornado Development, Inc., served a 16 month sentence for violating the Computer Fraud & Abuse Act. After leaving Tornado, a provider of Unified Messaging (UM) solutions, he sent an email to thousands of the company's customers detailing a corporate email security flaw. End of story? Apparently not, as today AP reported that Assistant U.S. Attorney Ronald L. Cheng (LA) requested that the court reverse Mr. McDanel's conviction, stating that an "error" had been made, as McDanel did "not intentionally impair the [email] system by reporting its security flaws."

    October 14, 2003
    * Marketing Associations Issue E-Mail Guidelines

    From the press release:

  • "Based on direct input from members, the American Association of Advertising Agencies (AAAA), the Association of National Advertisers (ANA), and the Direct Marketing Association (The DMA) today released a set of nine guidelines that call on marketers to institute certain practices that will defend and enhance the viability of legitimate e-mail marketing."g

  • The nine guidelines, in pdf, are here.

  • October 08, 2003
    * Employees Should Have No Expectation of E-Mail Privacy

    "More than nine out of 10 (92 percent) managers check up on their employees' use of e-mail and the Internet at work, according to a new survey of 192 companies by Bentley College's Center for Business Ethics." [Link via Techdirt]

    October 06, 2003
    * Appeals Ct. Decision May Open Way for Expanded Choice of Broadband Providers

    U.S. Court of Appeals, 9th Circuit, 10/06/03, 02-70518, Brand X Internet Services v. FCC.

  • From the Washington Post: "Currently, the vast majority of the nation's approximately 14 million homes that subscribe to cable high-speed Internet service have no choice when it comes to their service provider. If the ruling survives a likely appeal, the decision could provide broadband Internet users with new options for the content they see online, their e-mail addresses and potentially the monthly rates they pay."

  • * Focus on Identifying Legit Email Rather Than Spam

    Spam Fighters Turn to Identifying Legitimate E-Mail: "...many e-mail software experts now contend that the most powerful way to clean people's mailboxes is to focus not on catching the spam, but on identifying the legitimate mail."

    October 03, 2003
    September 24, 2003
    * California Anti-Spam Law Sets Nationwide Standard

    From Spam Laws, the text of

  • California Business and Professions Code, Division 7, Part 3, Chapter 1, Article 1.8. , Restrictions On Unsolicited Commercial E-mail Advertisers (added by S.B. 186, approved September 23, 2003), and signed by Gov. Gray Davis yesterday, effective January 1, 2004.

  • California law will try to banish e-mail spam

  • California spam law may face court challenge
  • September 22, 2003
    * UK Criminalizes Spam

    According to a BBC News article from September 18: "The UK has made spam a criminal offence to try to stop the flood of unsolicited messages. Under the new law, spammers could be fined £5,000 in a magistrates court or an unlimited penalty from a jury." This law comes via the Minister of State for Energy, e-Commerce and Postal Services, Stephen Timms.

  • See also the UK All Party Parliamentary Internet Group, which posted documentation on a recent Spam Summit, as well as on a upcoming joint UK/US meeting on the issue to be held in October in Washington, D.C.
  • September 08, 2003
    * Software Apps to Block Spam

    Interesting article about several companies that provide their anti-spam software to dozens of ISPs, which is in turn used to block billions and billions of unwanted emails each month on the enterprise and home user level.

    September 03, 2003
    * E-Mail Retention Compliance Issues

    Lost in the Mail:

  • "Adhering to the array of SEC and NASD regulations around e-mail retention is going to be a full-time job for firms that hope to avoid the fines, lawsuits and bad press that come with non-compliance. It is estimated that over 16 billion business e-mail messages are sent a day, and financial firms are stuck with the unenviable task of figuring out how to deal with them. "Dealing with them" includes managing, archiving, retrieving and monitoring e-mails and instant messages."
  • September 02, 2003
    * A Proposal to Stop Spam

    Giving E-mail back to the users: Using digital signatures to solve the spam problem:

  • "This paper argues that current legislative and private attempts to stop spam are either ineffective, or involve unacceptable tradeoffs. The key to solving the spam problem is recognizing the importance of e-mail authentication and the granting of permissions. Properly used, digital signatures can easily authenticate e-mail for effective spam control."
  • August 29, 2003
    * ISPs Announce Plans to Scan Email Attachments for Viruses

    According to this Washington Post article, the nation's largest ISPs are responding to the recent escalation of email viruses (Blaster and SoBig.F) innundating customer accounts by planning to implement scanning applications to screen all attached documents. With as many as half of all incoming emails infected with viruses, AOL, Comcast, Microsoft, and Covad have already begun scanning, while EarthLink and BellSouth have indicated they plan to do so this fall. The process is costly, on both the IT side as well as in terms of additional customer support requirements.

    August 20, 2003
    * News and Resources on the New Version of Old Virus

    Day Three of the W32/SoBig.F virus, which is hitting home users hardest. Counterpane Internet Security has identified 1,500 malicious file attachments associated with the virus, and counting. For more information, see the following links:

  • McAfee Security Virus Profile

  • Symantec Security Response, W32.Sobig.F@mm

  • The virus is apparently set to self destruct after two weeks, making that September 10.

  • Internetnews.com reports that the virus accounts for 70% of all e-mail traffic today.

  • This New York Law Journal article describes how law firms in NYC and around the country are addressing the challenges of the virus.

  • Press release: FTC Chairman Calls Spam "One of the Most Daunting Consumer Protection Problems FTC Has Ever Faced." Text of remarks, Timothy J. Muris, Chairman, Federal Trade Commission. He stated, "As you are no doubt aware, there are several legislative proposals to address spam. Parts of these proposals can help, but no one should expect any new law to make a substantial difference by itself."
  • August 19, 2003
    * Virulent E-Mail Virus Strikes and Spreads

    Today I was spammed several hundred times, causing me to enable the overdrive level of my spam blocker. This is a first for me, but I know that unfortunately I was not alone, and sure hope tomorrow will be a quieter day in the e-mail realm. For my previous postings on spam, click here.

    * Website That Monitors Campaign 2004 Spam

    Spam and political campaigns are developing a synergy, to which the growing number us who have been on the receiving end, through no effort on our part, can attest. So I was quite interested when I learned about a new website, Political Spam. This independently operated site, from Richard Paul Welty, was launched in early July, and reports on spam sent by all the various Presidential campaigns and related organizations, solicits their responses when queried about the mailings, and invites copies of offending e-mails from readers. There is also a related weblog.

    August 04, 2003
    * EPA Held In Contempt for Destroying E-Docs

    U.S. District Judge Royce C. Lamberth last week held the Environmental Protection Agency in contempt for destroying electronic documents in violation of a court order issued as a result of a Freedom of Information Act request. [Link]

  • Landmark Legal Foundation v. EPA, Civil Action No. 00-2338, Opinions issued July 24, 2003 by Judge Royce C. Lamberth, Memorandum Opinion & Order (Contempt); Memorandum Opinion & Order (Summary Judgment)
  • * Non-Profit Fights Spam

    The Inbox Defense Task Force is "a non-profit legal research organization dedicated to tracking down the true identities of spammers." The organization lists the following goals on its website:

  • Find the Spammers; Create Courtroom-Quality Documentation; Enable Prosecution and Private Legal Action.

  • A lengthy review of this organization's work, by Keith H. Hammonds, a Fast Company senior editor, is available here.

  • July 31, 2003
    * New E-Gov Program for Public Access to Federal Info

    GSA Launches USA Services: "New Initiative Rapidly Connects Citizens with the Federal Government Service Answers Citizens' Web, E-mail and Telephone Questions in 2 Days or Less."

  • "USA Services is built on the foundation of three successful information channels, each of which has been providing comprehensive access to federal information and services within its particular medium: FirstGov.gov (for Web services); the National Contact Center at 1-800-FED-INFO (for telephone and e-mail services); and the Federal Citizen Information Center in Pueblo, Colo. (for publications)".
  • July 29, 2003
    * What Is Real Economic Impact of Spam?

    Diverging Estimates of the Costs of Spam: "Spam is costing the U.S. economy billions in network resources, diminished productivity and forgone Internet sales. But how many billions?"

  • See also Spam Battle Plans- "Companies are relying on multilevel spam-fighting strategies that include e-mail filtering tools, blacklist services and employee education."

  • * Federal Court Orders Recovery of E-Mail Evidence

    Judge Orders UBS to Pay to Retrieve E-Mail - "A federal judge ordered UBS to pay the majority of the costs involved in restoring e-mail evidence sought by a former employee who is accusing the bank of sex discrimination."

    July 28, 2003
    * Can the Battle Against Spam Be Won?

    From the Sacramento Bee: "By some estimates, 200 to 300 spammers, sometimes loosely organized into gangs, are responsible for almost 90 percent of spam -- unsolicited "junk" e-mail. They play a high-tech cat-and-mouse game and increasingly use overseas servers to inundate AOL, Microsoft Network, EarthLink and other Internet service providers."

    July 24, 2003
    * FTC Relaunches GetNetWise

    Federal Trade Commissioner Orson Swindle addressed the importance of safe computing practices at a press conference to re-launch GetNetWise, a public service Web site offering resources to make informed decisions about using the Internet. The media briefing is sponsored by the Internet Education Foundation.

  • GetNetWise: Keeping Children Safe Online; Stopping Unwanted E-mail and Spam; Protecting Your Computer From Hackers and Viruses; Keeping Your Personal Info Private.
  • July 23, 2003
    * Demand Grows for Do Not Spam List

    From Internet.com: "Sen. Charles Schumer (D.-N.Y.) said Wednesday he will seek to amend the current spam bill pending before the Senate to include requiring the Federal Trade Commission (FTC) to create a Do Not Spam list comparable to the FTC's popular Do Not Call registry."

  • The downside of the Do Not Call registry - from the New York Times, Con Artists See Gold in Do-Not-Call Registry states: "Web sites or phone solicitors that claim they can or will register a consumer's name or phone number on a national list — especially those who charge a fee — are a scam," the agency said, adding that no one from the federal government tries to confirm personal information once a person signs up."

  • July 18, 2003
    * Will Public Pressure Result in Do Not Spam Registry?

    The FTC's Do Not Call Registry has garnered considerable press and more than 25 million registrants. A recent survey from Insight Express indicates that consumers are eager for a similar program to address spam: "83 percent of consumers said that the government should roll out a similar 'do not spam' list that they can use to register their e-mail addresses to stem junk e-mail messages." However, "Experts in email and privacy at ePrivacy Group caution that creating an effective "do-not-spam" list to match the new national "do-not-call" list will require major changes to current email technology."

  • The Harris Poll® #38, July 16, 2003, Majority in Favor of Making Mass-Spamming Illegal Rises to 79% of Those Online

  • Also see my recent post, Rocky Road for Anti-Spam Legislation

  • From today's WSJ: Why Some Big Spammers Back Spam-Control Laws

  • From PC World, Straight Talk on Squashing Spam

  • Politics may spoil spam solutions

  • * Communicating With White House Via E-Mail Now a Daunting Task

    White House E-Mail System Becomes Less User-Friendly: "Those who want to send a message to the president must now navigate as many as nine Web pages and fill out a form that asks if they support White House policy."

  • A New York Times follow-up article: "The White House Web site began more prominently featuring the president's e-mail address yesterday."
  • July 11, 2003
    * FTC Rules Out Do-Not Spam Registry

    On the heels of the huge response (24.5 million registrants in 14 days) to the FTC's Do Not Call Registry to block telemarketing solicitations, comes word that this program cannot be replicated to fight spam.

  • Prepared Statement of the FTC on "Unsolicited Commercial Email," by J. Howard Beales, III, Director, Bureau of Consumer Protection, Before the House Subcommittee on Commerce, Trade and Consumer Protection and the Subcommittee on Telecommunications and the Internet of the Committee on Energy and Commerce.

  • FTC official calls do-not-spam list unrealistic

  • See also, Resources from FTC Spam Forum
  • July 10, 2003
    * CA Rep. Voices Opposition to E-Mail Spam Decision

    The June 30 decision by the California Supreme Court in Intel Corp. v. Hamidi has spurred California Rep. Chris Cox to announce that this "most peculiar ruling ... needs legislative correction." His comments were made during a House Committee on Energy and Commerce hearing on Legislative Efforts to Combat Spam, held July 9.

    July 09, 2003
    * Rocky Road for Anti-Spam Legislation

    July 8, 2003 - Legislative hearing on H.R. 2214, the "Reduction in Distribution of Spam Act of 2003."

  • Witness List, Honorable Jerry Kilgore (Attorney General, Commonwealth of Virginia), Honorable Will Moschella (Ass't AG, Office of Legislative Affairs), Joe Rubin (US Chamber of Commerce), Chris Murray(Consumers Union).

  • Antispam Legislation Hits Rocky Road- No one is pleased: Is it too tough, too soft, or entirely unwarranted?

  • From the August 2003 issue of Consumer Reports: Email spam: What you can do - 8 Ways to Block Spam
  • July 02, 2003
    * Profits Prevail as Web Privacy Declines

    From a July 1, 2003 Washington Post article:
    "...marketers and an array of service providers expanding their collection and use of consumers’ e-mail addresses and other personal information, despite broad assurances to protect individual privacy and honor consumers’ choices about how much marketing they want to receive."

    July 01, 2003
    * CA Court Rules Former Employee's Spam Protected Speech

    From Boston.internet.com: "In a blow for chipmaker Intel, the California Supreme Court Monday found that senders of spam e-mails cannot be sued under state law forbidding property trespass. The 4 to 3 ruling reversed a lower court injunction preventing former Intel engineer Ken Hamidi from sending e-mails critical of Intel to thousands of its employees." See my previous posting, California Supreme Court Reviews E-Mail Case, which links to numerous resources on this case.

    June 30, 2003
    * Risks of Using Employer E-Mail for Personal Use

    Perk, and peril, in employees' attachment to e-mail: "For much of the working population, e-mail is not only available but indispensable, a tool not just for work but for maintaining personal bonds....many workers are accustomed to using a work computer and e-mail address to stay in touch with friends and family in the course of the day. Yet with the convenience comes risk. Although many people are aware that they may be sacrificing privacy by using workplace e-mail, they are sometimes indiscreet in what they write."

    June 24, 2003
    * Anti-Spam Crusade Unites Generally Divided Groups

    Congress Finds Rare Unity in Spam, to a Point. Promises abound that this will be the year when Congress enacts anti-spam legislation, as bi-partisan support, consumer demand and corporate frustration have reached a crescendo. See my related postings on current legislation here and here, and this June 20 article, Senate Once Again Backs Stringent Penalties for Spam Senders: "With minimal discussion and debate, the Senate Commerce Committee unanimously approved a bill to make it illegal for anyone to use fraudulent or deceptive return e-mail addresses, fake e-mail headers or use false subject lines."

    June 20, 2003
    * NASD Guidelines for Instant Messages

    According to this National Association of Securities Dealer's June 18 press release:

  • "NASD today advised member firms about the use of "instant messaging" by employees, saying firms must ensure the instant messaging is being retained for at least three years and the communication does not violate NASD rules governing sales literature and correspondence."

  • "The Notice to Members details the applicable NASD and SEC rules and guidelines to assist registered representatives and firms in their use and supervision of electronic communications with the public."

  • June 18, 2003
    * New Survey of Employee E-Mail Monitoring

    AMA 2003 E-Mail Rules, Policies and Practices Survey (8 pages, pdf), from the American Management Association:

  • "More than half of U.S. companies engage in some form of e-mail monitoring of employees and enforce e-mail policies with discipline or other methods. In fact, 22% have terminated an employee for e-mail infractions. Three-fourths of all organizations have written policies concerning e-mail, but fewer than half train their employees on them."

  • June 13, 2003
    * UK Guidelines on Employee Web Monitoring

    From Internet Magazine, news of the publication, by the UK Information Commissioner, responsible for data protection & freedom of information, of the third part of the Employment Practices Data Protection Code - Monitoring at Work, the Do's & Don't for workplace monitoring. Links to these documents, and to the other parts of the guide, are available here. Also see the Trades Union Congress website, called workSMART, that provides resources on workplace monitoring and internet policies.

    * New Senate Anti-Spam Bill

    Introduced 6/11/2003, by Sen Charles E. Schumer (NY), S. 1231, A bill to eliminate the burdens and costs associated with electronic mail spam by prohibiting the transmission of all unsolicited commercial electronic mail to persons who place their electronic mail addresses on a national No-Spam Registry, and to prevent fraud and deception in commercial electronic mail by imposing requirements on the content of all commercial electronic mail messages.

    Related news:

  • the Schumer SPAM Act press release

  • Schumer Introduces No Spam Registry Bill

  • * Anti-Spam Resources

    WeCanStopSpam is a Wiki with a clearly stated agenda, providing links to free spam filters, commentary on solutions to the spam problem, and signatures to make spamming more difficult.

    June 06, 2003
    * Archiving History in a Paperless World

    In The End of History, How e-mail is wrecking our national archive, Fred Kaplan laments the lack of a paper trail for government documents, and the resulting impact on our society in terms of research, context and content that contribute to the public's ability to access and evaluate the conduct of our democracy.

    June 04, 2003
    * Report: Security Risks and Broadband Access

    According to an article in today's New York Times, the industry sponsored National Cyber Security Alliance will release a study later today focused on the security and privacy risks associated with broadband internet connections.

    The study, Clear and Present Danger, In-Home Study on Broadband Security Among American Consumers, is now available here (37 page pdf).

    June 03, 2003
    * Law School Course on Spam

    Professor David E. Sorkin, of The John Marshall Law School Center for Information Technology & Privacy Law, will teach a seminar this summer on the Regulation of Spam and Email Marketing. This is apparently the first such law school course to focus on unsolicited commercial e-mail (UCE).

    May 29, 2003
    * No More Free E-mail Alerts from NYTimes

    The New York Times News Tracker Service through which readers may create and schedule the delivery of topic/search specific e-mail, will be migrated from free to fee. The cost: $19.95 per year for tracking ten alerts.

    However, as noted by Jonathan Dube, Yahoo! Alerts remains free.

    May 28, 2003
    * Commentary and Resources on the Anti-Spam Battle

    From Declan McCullagh, Spam blockers may wreak e-mail havoc, and a series of informative postings (all available at this one link) at his Politechbot.com site, on spam blacklists/blocklists.

    In related news, see also:

  • How to Unclog the Information Artery.

  • * More Anti-Spam Legislation

    H.R. 2214: To prevent unsolicited commercial electronic mail. Sponsor: Rep. Richard Burr (R-NC), introduced 5/22/2003. This Act may be cited as the "Reduction in Distribution of Spam Act of 2003."

    Summary from Spam Laws: "The bill would require all commercial e-mail messages to be identified as such (but not with a standard label, except for unsolicited explicit messages), and to include the sender's physical address and an opt-out mechanism. It would prohibit the use of false or misleading headers in commercial messages. State laws that prohibit unsolicited commercial e-mail, regulate opt-out procedures, or require subject-line labels would be pre-empted; laws that merely regulate falsification of message headers would remain in effect."

    In related news, see also:

  • Congressional bill to kill spam would do the opposite

  • Major Internet Standards Group Working On Fast Plan To Can Spam

  • Antispam Law Likely


  • May 26, 2003
    * Popular File Utility Changes Standard

    Updated WinZip Alters Zip Format. "WinZip 9.0, from the market leader among file-compression utilities, has entered public beta with scheduled release later this year, bringing with it a new .zip format--which means some of its functions will not be compatible with earlier versions or other programs."

    May 23, 2003
    * New House Bill to Combat Spam

    Via Politechbot, the text of the Reduction in Distribution of Spam Act of 2003, (43 pages, pdf) introduced May 22 by Rep. Richard Burr, (R-NC) in another effort to stem the tide of unsolicited commercial e-mail (UCE). For other related information on state and federal anti-spam legislation that I have posted, see this link. Also see Internet.com's Special Report, Spam Reaches Epidemic Levels.

    * California Senate Passes Tough Anti-Spam Bill

    Sen. Debra Bowen's bill, SB 12, "would...prohibit a person or entity from initiating an unsolicited commercial e-mail advertisement either from California or to a California electronic mail address. The bill would also make it unlawful for a person or entity to collect electronic mail addresses posted on the Internet, or to sell or provide a list of e-mail addresses, to be used to initiate the transmission of unsolicited commercial e-mail advertisements from California or to a California e-mail address." For more information, see this SFGATE.com article.

    May 21, 2003
    * Hearing on Spam

    Today the Senate Committee on Commerce, Science, & Transportation held a hearing on Spam (Unsolicited Commercial E-Mail). "Description: Members will hear testimony relating to potential legislative, technical, and other approaches to curtailing unwanted spam. Senator McCain will preside." The committee provides the full-text of available testimony via this main link.

    See also, Microsoft Proposes Law on Junk E-Mail, Spammer Urges Congress to Pass Anti-Spam Law, and Gates Sends Letter on Spam to Congress.


    May 19, 2003
    * Freeware Anti-Spam Program

    From InfoWorld, a review of an open source anti-spam application that may be useful to a wide user community. "SpamBayes knows spam - Outlook add-in really works to block spam, and it's free." For more information, see the SpamBayes website, and this technical background document.

    May 16, 2003
    * Survey on Consumer Use of Web and E-Mail for Health Info

    From the Journal of the American Medical Association (JAMA), this new survey (abstract only available free), Use of the Internet and E-mail for Health Care Information concludes that "Although many people use the Internet for health information, use is not as common as is sometimes reported."

    May 13, 2003
    * Senator Calls for FTC Spam Warning to Consumers

    "Senator Charles E. Schumer today urged the Federal Trade Commission (FTC) to issue a consumer advisory alert, warning all consumers to be wary of products advertised through the unsolicited commercial e-mail known as spam." See the press release here.

    May 12, 2003
    * Resources to Fight Spam

    From Spamabuse.net, this link to spam e-mail blocking and filtering applications/services (free and commercial) available to Windows, Mac and Linux users.

    May 08, 2003
    * EarthLink Prevails Against Spammer

    Judge Thomas W. Thrash Jr., U.S. District Court, Northern District of Georgia, granted EarthLink an injunction and a $16.4 million judgment against Howard Carmack, who engaged in ID theft and fraud to deliver over 800 million spam e-mails last year via the hundreds of accounts he established with the ISP. How much EarthLink can expect to collect....nil.

    For reference, see the Computer Fraud and Abuse Act of 1986, 18 USC 1030.

    In a related update, see this May 14 article from News.com, 'Buffalo Spammer' nabbed in New York which says that "New York state authorities have arrested the e-mail marketer "Buffalo Spammer," in the state's first criminal case against a junk mailer."

    May 02, 2003
    * Resources from FTC Spam Forum

  • Agenda, last updated April 29, 2003 (pdf)

  • Panelist Biographies (pdf)

  • FTC SPAM EMAIL Website (This website has information about the Federal Trade Commission’s recent law enforcement actions against deceptive commercial email and spammers who don’t honor their "remove me" claims)


  • Educational Materials from the Conference:
  • You've Got Spam: How to "Can" Unwanted Emails (pdf)

  • Email Address Harvesting: How Spammers Reap What You Sow (pdf)

  • Don't
  • Want Your Email Address Harvested? (pdf)

  • What's In Your In-box? (pdf)

  • The "Nigerian" Scam: Costly Compassion (pdf)

  • "Remove Me" Responses and Responsibilities: Email Marketers Must Honor “Unsubscribe” Claims (pdf)


  • In related news, see also this commentary, DMCA vs. Spam, which asserts: "...there already is a well-developed legal structure in place (and regularly exercised) that would defend us against spammers --intellectual property laws. If a logo can be considered part of a corporation's intellectual property, why can't the same argument apply to email addresses?"

    May 01, 2003
    * States vs. Feds Over Anti-Spam Legislation

    The majority of states attorneys general expressed their opposition to federal anti-spam legislation during the course of the FTC's three-day Spam Forum currently underway in Washington, D.C. "The states are concerned because both proposals (on the federal level - the CAN SPAM Act and the REDUCE Spam Act) would supersede any state laws, even if those state laws are stronger, said Washington Attorney General Christine Gregoire. Some state laws, for example, allow people to sue spammers. That right would vanish, the attorneys general said if some of the legislation Congress is now considering became law."

    See also these related articles: Experts: Spam Volume Threatening E-Mail's Future, and Spam Solutions Hard to Find, and Business Users Offer Clear Definition of Spam and Overwhelmingly Support New Anti-Spam Bill in Congress. In addition, please see the text of Senator Charles E. Schumer's (NY) speech to the Spam Forum here.

    April 30, 2003
    * VA Governor Signs Anti-Spam Legislation

    On April 29, Governor Mark R. Warner of Virginia signed two bills constituting the Virginia Computer Crimes Act (SB 1139 - became ch. 1016 and HB 2290 -became ch. 987), which in this press release is lauded as the "toughest such law in the United States,"...as..."half the world’s Internet traffic passes through the Commonwealth of Virginia." Twenty-six states have enacted anti-spam legislation, while the federal government continues to propose legislation, none of which has yet passed.

    From PCWorld, "Some legal observers say that the Virginia law, which could land spammers in prison, faces enforcement problems."

    April 29, 2003
    * More News on Anti-Spam Efforts

    Spammers obviously continue to irritate a very raw nerve, and Capitol Hill is piling on. Recent federal legislation from Senators Wyden and Burns, Senator Schumer, and now Senator Lofgren's announcement of the introduction of the Restrict and Eliminate Delivery of Unsolicited Commercial E-mail (REDUCE) Spam Act, added to state legislative efforts, indicate that the battle has not been forsaken. See also this summary of the Reduce Spam Act.

    The Internet heavy-weight trio of AOL, MSN and Yahoo have also joined the fight, as the cost of spam continues to escalate, and to infuriate users and services providers alike.

    * NY Senator Schumer Wages War Against Spam

    Senator Charles E. Schumer announced the release of a new study (The Dark Side of E-Commerce: The EMail Spam Epidemic) indicating that "New York City residents receive 8.25 million junk emails a day and spend 4.2 million hours a year eliminating spam messages." This announcement also stated the Senator plans to introduce new legislation to combat spam, which would include criminal penalties of $5,000 or more for repeat violators. UPI reports on the bill here. See also my recent posting on the Can-Spam legislation introduced by Senators Wyden and Burns.

    For an interesting perspective on just how long we have been plagued by spam, take a look at this article, Reflections on the 25th Anniversary of Spam by Brad Templeton, founder and publisher of ClariNet Communications Corp., the world's first ever ".com" company.

    * New FTC Study on False Claims and Spam

    This new report from the FTC, False Claims in Spam (16 page pdf), states that is the first extensive review of deceptive and unfair practices that appear in unsolicited commercial e-mail (UCE). The study analyzed 1,000 spam e-mails drawn from a pool of 11,000 such messages, and concluded that at least one form of deception was evident in 66% of the aggregate.

    See also these two related agency reports, Spam Email: Harvesting Your Email Address and Remove Me Surf. In addition, in related news, Web Sites Shut Down in Spam Fight.

    April 25, 2003
    * Integrated Gov't E-Mail System Launched

    The Department of Homeland Security had the daunting task of implementing an e-mail system that integrates 22 separate agencies. According to Federal Computer Week, the system will be launched this weekend.

    April 23, 2003
    * The Losing Battle Against Spam

    The New York Times published an extensive article on the challenges posed by the adroit and aggressive junk e-mail industry that has to date overcome all challenges preventing the delivery of their unwelcome messages to our home and work e-mail accounts.

    April 21, 2003
    * Lobbying by E-Mail Rejected by Forest Service

    According to this article in PC World, "the U.S. Department of Agriculture Forest Service is currently considering a regulation that would let it ignore any public comments on its rule-making process sent to it through Web-based forms." The agency also intends to ignore comments sent using form letters and postcards that result from lobbying/advocacy efforts. Furthermore, the Forest Service does not participate in the e-gov initiative Regulations.gov, the portal through which users may "find, review, and submit comments on Federal documents that are open for comment and published in the Federal Register."

    For reference, the origin of these proposed changes were buried here: National Forest System lands; projects and activities; notice, comment, and appeal procedures, December 18, 2002 Federal Register, for which the comment period has already passed.

    * Investigation Into Destruction of E-Mail in Tobacco Case

    Rep. Henry Waxman, Ranking Member, House Committee on Government Reform, Minority Office, sent a letter to the Committee on Energy and Commerce requesting an investigation into accusations that over the course of two years, Philip Morris destroyed e-mail relevant to the DOJ case filed against the company in 1999, alleging deceptive practices.

    See also this resource, Document Destruction by Philip Morris, that includes links to correspondence (in pdf) between the DOJ and Philip Morris, the Deposition of Michael Wallmeyer, Philip Morris Information Services Specialist, and the transcript of the February 5, 2003 Status Hearing.

    April 11, 2003
    * Can-Spam Bill Introduced

    Sen. Conrad Burns (R-Mont.) and Sen. Ron Wyden (D-OR) introduced the CAN-SPAM bill on April 9 (S. 877), "to regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet." See the Burns press release here. The two Senators also co-sponsored the CAN-SPAM Act of 2001 (S. 630).

    Also see one of my previous postings on spam here for links and statistics about the public response to spam and related institutional costs.


    April 09, 2003
    * Enron Documents Removed from FERC Website

    The Federal Energy Regulatory Commission (FERC) announced on April 7 that all Enron e-mails posted on the Commission's website would be removed temporarily (until April 24). The e-mails are part of a FERC database comprising over 85,000 Enron related documents and over 150,000 document images. This action was in response to Enron's petition to the Court of Appeals for the Fifth Circuit seeking to remove personal information about company employees that appears in the e-mail messages, all of which were available for public viewing. See also this Reuter's article.

    April 03, 2003
    * California Supreme Court Reviews E-Mail Case

    On April 2, the California Supreme Court heard oral argument in the appeal of Intel v Hamidi. Hamidi is a former Intel employee who after his termination, on six separate occasions, used the company's internal e-mail address listing to send messages to 30,000 employees.

    See also these related articles: Intel e-mail issue divides court and Trespassing or Free Speech?

    March 19, 2003
    * New Report on Spam and E-Mail Addresses

    The Center for Democracy and Technology (CDT) published a new report, Why Am I Getting All This Spam? (16 pages in PDF), which documents the volume of spam received over the course of six months by hundreds of accounts created specifically to research this issue. Although the report offers no absolute methods for beating spam, it does provide useful insights into how users are targeted and by whom, and offers the warning that "e-mail addresses posted on Web sites or in newsgroups attract the most spam."

    March 07, 2003
    * Boston's Big Dig Chucks E-Mail

    Discovery is hampered in an investigation into cost over-runs and project mismanagement on Boston's Big Dig project, "the largest, most complex and technologically challenging highway project in Amerian history."

    Apparently project managers instituted a policy of deleting all project related e-mail messages after thirty days, as reported during a Massachusetts State House Hearing.

    March 03, 2003
    * Internet Research Task Force Launched

    A new organization, the Internet Research Task Force, comprised of 13 Research Groups, one of whose goal is to fight spam, launched their website last week. The Anti-Spam Research Group (ASRG) has an email list at asrg@ietf.org.

    February 28, 2003
    * Top Web Scams

    The National Consumers League, Internet Fraud Watch published two surveys on Web e-mail scams: Top 10 Internet Scams 2001 (includes data on Type of Complaint, Percentage of Total Complaints and Average Loss), and Ages of Consumers Who Filed Complaints, 2001 (includes Percentage of Total Complaints). The surveys are available in tabular format on this webpage.

    The longest continuously running global e-mail scam, in operation since the 1980s, is the Nigerian e-mail fraud. Doubtless you have received such e-mails on a daily basis if you are not using blocking software. For more information, see this United States Secret Service site on what is known as Advance Fee Fraud (AFF) or "4-1-9" fraud, which refers to the section of the Nigerian Penal Code on fraud schemes.

    See also this article from CNN today, Latest ID theft scam: Fake job listings. Monster.com e-mailed its users and stated "regrettably, from time to time, false job postings are listed online and used to illegally collect personal information from unsuspecting job seekers."

    February 27, 2003
    * SEC Files Charges Against Web Spammer

    This Securities and Exchange Commission press release states that the agency filed suit in the U.S. District Court for the Eastern District of New York against Samuel Aaron Meltzer ("Meltzer"), referred to as a "professional Internet spammer," for committing securities fraud via the Web (SEC v. Meltzer, E.D. N.Y., Action No. CV 03 770, Judge Denis R. Hurley, 2/18/03). Meltzer is alleged to have used spam and more than two dozen websites to promote penny stocks about which he made "made false and misleading representations." The complaint is here. The current docket in this case is available here.

    February 25, 2003
    * A Connection Between Students and Spam?

    This PCWorld article, Are Spammers Hiding Behind Students? indicates that students at Tufts University accepted payment to route spam through the institution's network. See also: Tufts student to be disciplined for using university network for spam.

    February 21, 2003
    * AOL and Microsoft Join Forces to Fight Spam

    The Washington Post reports that ISP giants and rivals Microsoft and AOL are working together to help craft legislation on the federal and state level to fight the uncontrollable tide of spam that plagues their respective subscribers, which total over 140 million. To provide some perspective on the enormity of the problem, AOL alone claims to block about 780 million spam e-mails bound for customers each day.

    In related news, a survey by Assurance Systems concluded that "opt-in" e-mail is routinely blocked by major ISPs, with AOL ranking third on the list with an 18% non-delivery rate.

    February 07, 2003
    * Palo Alto City Council and E-Mail Disclosure

    Palo Alto California's Mayor Dena Mossar announced a settlement of lawsuits brought against the City Council by The Palo Alto Weekly and the San Jose Mercury News concerning e-mail correspondence that was not disclosed to the public.

    The Council held a closed door meeting on October 30, 2002 during which time they disseminated e-mail concerning what they determined was a private issue.
    The Council has now released all the e-mails, and in a futher move, "will make available copies of e-mails from September 1 to the present time, sent by Council Members to staff and staff responses concerning items on the council agenda." The San Diego Union heralded the Council as "a trailblazer in open governance."

    February 06, 2003
    * Review of Antispam Applications

    From PC Magazine, this review and comparison of ten popular applications to combat spam on your home PC, as well as a six applications for use by IT departments and ISPs.

    February 05, 2003
    * FTC Spam Workshop

    The FTC announced a free, three day forum, April 30-May 2, open to the public, consisting of fourteen separate panels, each addressing different aspects of the spam email issue including legislation, security, privacy, law enforcement, and blocking software. The text of the Federal Register notice on this forum is available here, and references a recent article about the growing proliferation of spam at home and at work.

    January 31, 2003
    * Colorado Junk E-Mail Bill

    The Colorado House Committee on Technology and Information has introduced a new bill, HB 03-1200, to amend the Junk E-Mail Law to include a no-solicitation list similar to the telemarketing no-call list. The full-text of the Colorado Statute is here.

    January 27, 2003
    * Internet Services Returning After Worm Attack

    Global web access was disrupted on Saturday by an attack of a worm called SQL Slammer that affects Microsoft SQL Server 2000. Other consequences included a delay in e-mail delivery and all of Bank of America's ATMs were shut down.

    January 21, 2003
    * Cybercrime and the Courts

    Appellate courts around the country are attempting to craft procedures that apply to the use of technology by cybercrime offenders once they leave incarceration. Disparate determinations are being made in regard to such offenders, allowing some to return to regular use of the Internet and e-mail, while others, such as notorious hacker Kevin Mitnick, was subjected to strict limitations on his access to computer systems during his three years of probation after release from prison.

    * Politicians and Spam

    The current issue of the Duke Law and Technology Report (2003 Duke L. & Tech. Rev. 0001), has an article by Mark Sweet, Political E-mail: Protected Speech or Unwelcome Spam? This link comes via politechbot.com, where Declan McCullagh has been discussing Sen. Joseph Lieberman's use of bulk e-mail to promote his recently announced 2004 Presidential bid.

    * Law Firm's Innovative Use of E-Mail

    Tech-savvy Australian law firm Phillips Fox is exploring the use of e-mailing their attorney's audio dictation files, using smart card technology, to typists in their New Zealand offices, according to their IT Manager. Due to the time zone difference, documents e-mailed in the evening would be ready first thing the next morning.

    January 20, 2003
    * MIT Spam Conference

    A Spam Filtering Conference was held on January 17, 2003 at MIT. The conference was organized by Paul Graham, author of A Plan for Spam (published August 2002), and had 580 attendees. Brief abstracts of papers presented at the conference, including titles and authors, are here. Topics included applications solutions for specific platforms, legal efforts to ban spam and anti-spam policies.

    January 17, 2003
    * FTC Targets Spam Selling Fake Driving Permits

    The Federal Trade Commission is doggedly pursuing frauds committed using spam e-mail, and their latest efforts have culminated in compliants filed in six federal courts (copies of which are available here), with charges against "marketers who used the Internet and spam to sell purportedly authentic international driver's permits (IDPs)."

    * Congress and Blackberries

    The House BlackBerry communication program, initiated in 2001, provided all members with the device, and paid for the associated e-mail service (to the tune of $6 million). The adoption of this wireless technology was related to the events of 9/11.

    However, Congress is now caught in an uncomfortable position concerning its continued use of the Blackberries, as reported today by the Washington Post. A patent infringement case between BlackBerry's Canadian parent, Research in Motion (RIM) and NTP Inc., threatens to force the removal of the devices. In an unusual action, James M. Eagen III, Chief Administrative Officer, U.S. House of Representatives, requested that the parties seek a resolution allowing Congress to keep their Blackberries.

    January 13, 2003
    * Spam Attacks on the Rise

    BrightMail Inc., a provider of anti-spam techology, has been tracking spam attacks against their network. The results of their survey, with a coverage period of June 1, 2002 to November 1, 2002, is available via ServerWatch, here. Needless to say, their information indicates that attacks have tripled during this period. The ServerWatch article also provides a comparison chart of 12 anti-spam software applications, describes spamming techniques, and strongly advocates the use of prevention methods.

    January 07, 2003
    * Too Much Spam - Reports and Polls Say Yes

    A new Harris Interactive poll indicates that 80% of those surveyed dislike spam so much that they would like to see it banned.

    A new report, from Ferris Research, a San Francisco based market research company, ($1,995 fee) assesses the cost of spam to American corporations in 2003 at more than $10 billion, due to "lost productivity, consumption of IT resources and helpdesk support." Here is a summary of the report, Spam Control: Problems and Opportunities.

    This data presents an interesting contrast to findings about e-mail on the job, released December 8, 2002, by the Pew Internet Project. The Pew Study found that majority of employees are not overwhelmed by spam e-mail.

    * Medical Advice Via E-Mail and Net

    Today's WSJ has an article on the nascent service of conducting limited medical consultations via the web and e-mail. In a previous post I noted that there are now unified guidelines for physician-patient e-mail.

    Services such as Med Help International, MayoClinic.com, and Askadoctor.com are all fee-based, and are often used as a interim step between an in-person doctor visit and a phone call for a second opinion.

    January 05, 2003
    * New Version of PGP

    The Washington Post has a review of PGP 8, the newest version of the secure email messaging software. PGP was formerly a free product, but the company was bought and sold several times, and the new PGP Corp. charges $39 for the personal edition of the software.

    For some perspective on this program created back in 1991, see New Architect's recent interview of the software's creator, Phil Zimmermann, who is a consultant with PGP Corp. The focus of the dialogue is the current state of privacy and encryption issues.

    December 24, 2002
    * E-Mail As Evidence in Fraud Trial

    U.S. District Court Judge Jed Rakoff, Southern District of New York, ruled that what he termed "explosive" e-mail messages authored by J.P. Morgan Chase & Co. Vice Chairman Donald Layton could be used as evidence in the bank's lawsuit against 11 insurance companies over $1 billion in unpaid loan guarantees stemming from the collapse of Enron.

    December 22, 2002
    * E-Mail Controvery and City Council

    The Washington Post reported on a municipal issue that could prove to have far reaching consequences for the government's use of e-mail to conduct meetings. Fredericksburg Circuit Court Judge John Whittier Scott Jr. decided that a group of City Council members who used email to communicate about, and reach decisions, concerning critical issues that included development contracts, "violated open meeting laws."

    December 09, 2002
    * Employees View E-Mail As Part of Their Jobs

    E-mail is a ubiquitous and well accepted part of the daily work routines of most Americans according to this new report, Email at work, published on December 8, 2002 by the Pew Internet Project. An astounding 98% of employees (57 million Americans) with on-the-job Net access indicate that e-mail is a part of their daily work routine.

    December 04, 2002
    * SEC Institutes Fines Over E-Mail Retention

    This SEC press release concerns the agency's joint action (along with the NYSE and NASD) against 5 high profile broker-dealers for violations of e-mail communications retention requirements. The text of the SEC's administrative decision is here, and the companies will collectively pay $8.25 million in fines.

    * New Doctor-Patient E-Mail Guidelines

    Patient's increasingly indicate that they want to communicate with their physicians via e-mail. However, there are major impediments to this process, including medical liability issues, patient privacy concerns, and billing considerations. However, according to this press release from the eRisk Working Group for Healthcare, new unified guidelines for physician-patient e-mail are now available that have the approval of the AMA, numerous medical societies and over 70% of the malpractice insurance carriers.

    November 13, 2002
    * FTC and Spam Scams

    The FTC has developed and initiated a joint effort among federal, state and local law enforcement agencies to protect consumers from fraudulent and deceptive actions perpetrated via the use of spam e-mail messages. As a result of their investigations, the FTC posted a useful web page here with facts on spam scams and advice for consumer protection.

    * Monitoring Employee E-Mail and Net Usage

    Wired has an interesting article on a number of new applications now available that are used to track and monitor the range of non-work related activities that employees engage in while using corporate e-mail and Internet access.

    November 11, 2002
    * State Privacy Law and E-Mail

    This case, State of Washington v. Donald Theodore Townsend, addresses the privacy of e-mail and instant message (IM) communication in a police sting operation involving an adult and a fictitious minor. Townsend's messages were stored on a police officer's PC, printed, and used as evidence. The court determined that Townsend's messages were not covered under the state's privacy statute on intercepting, recording, or divulging private communication, RCW 9.73.030(1)(a).

    See the article article from the Seattle Post Intelligencer on this case here.

    November 08, 2002
    * E-Commerce and E-Mail Followup

    On October 30, I posted about the terrible track record of most Fortune 100 companies in responding to customer emails. However DuPont has taken the opportunity to announce that their company was named third most responsive in the overall survey.

    November 07, 2002
    * Earthlink's War on Spam

    Efforts to block spam, both at the ISP and user level, can result in the non-delivery of legitimate e-mail. Specific networks and domains were blocked in October by ISP heavywight EarthLink, who admitted some problems with their spam fighting effort.

    November 04, 2002
    * MS Decision and the Rush to E-Mail

    The Register published an interesting article on how the Supreme Court's techies sent out e-mail messages with PDF attachments of Judge Colleen Kollar-Kotelly's rulings on Microsoft, two hours prior to the announcement of their availability.

    The Planet PDF weblog was actually a recipient of one of the e-mail messages, and posted a copy of the message indicating the date, time and attachments that were included. Also noted by Planet PDF is the fact that the court uses Corel Word Perfect rather than Microsoft Word to create its documents.

    * No More Privacy for Employee Instant Messages

    American Online has launched AIM Enterprise Services. Using this technology, companies can now monitor all instant messages sent by employees. In addition, AOL hopes to realize some increased revenue as well, with a per seat cost of $35. See this Washington Post for more information.

    * Campaign Info Delivered By E-Mail

    If you are interested in e-mail press releases, updates, and related resources on the 2004 Presidential campaign, sponsored by the non-profit, non-partisan Minnesota-based group E-Democracy, you may subscribe via this link.

    November 01, 2002
    * Does Outlook 11 Spell an End to Spam?

    Outlook 11, from Microsoft, will offer a whole range of new applications, but the one that is receiving special notice is a "back to the future" function that will purportedly help to kill spam. In version 11, preview mode will no longer provide access to imbedded images and HTML formatted text, which can actually be spam and may also carry with them web beacons.

    October 30, 2002
    * E-Commerce and E-Mail

    Just how well do Fortune 500 companies measure up in regard to online customer support? According to the 2002 Online Customer Respect Study of Fortune 100 Companies, undertaken by CustomerRespect.com, 37% of customers never received any response, and 41% received a response after more than three days. It would appear that big companies still do not understand the value and importance of e-mail in customer transactions.

    The Table of Contents for the 430 page report, and details about the metrics used, in addition to purchase information, is available here.

    October 29, 2002
    * ISP Accounting Error Turns Ugly

    A dispute over unpaid bills for an e-mail account from a Canadian subsidiary of a U.S. ISP has resulted in a law suit in federal court in Canada. Nancy Carter's e-mail was held hostage in lieu of payment, disrupting her professional life.

    October 22, 2002
    * E-Mail and Internet Use Policies

    The ABA has published a new book focused on protecting companies from claims associated with employee use of e-mail and the Web. The book is titled
    Employee Use of the Internet and E-Mail: A Model Corporate Policy With Commentary on Its Use in the U.S. and Other Countries. See the press release here.

    October 08, 2002
    * JunkBusters Continues to Challenge Amazon's Privacy Policy

    On October 8, JunkBusters sent a letter to the attorneys general of 15 states and the FTC, elaborating on their continued concerns about Amazon's collection, transfer and disclosure of personal data collected on its customers.

    The JunkBusters site is free, and the organization seeks to promote worldwide the extensive resources it makes available to fight junk e-mail.

    September 13, 2002
    * Morrison & Foerster Sues Direct Marketing Company

    The national law firm, Morrison & Foerster LLP (known as MoFo), with its main office in San Francisco, sued direct mail marketer Etracks.com Inc., an Oklahoma corporation, and Learn2 Corporation, for spamming the firm's servers with more than 6,500 unsolicited emails.