ABCNews: "The Department of Justice complied with the letter of the law and responded to a Freedom of Information Act request from the ACLU seeking insight into the Obama Administration’s policy on intercepting text messages from cell phones. But -- it didn’t release any actual information. Or even any words or letters. As one Reddit comment put it, “[the document is] so transparent it’s completely invisible.” Instead, the Justice Department released 15 pages that were entirely redacted, shaded over in heavy black from top to bottom. All that was visible is the subject of the memo: “Guidance for the Minimization of Text Messages over Dual-Function Cellular Telephones” It is all part of a larger legal battle between civil rights activists and the federal law enforcement about electronic communications. The ACLU has argued that current government surveillance practices on electronic communications violate citizens’ Fourth Amendment rights, which are meant to protect Americans from unlawful searches and seizures. With the FOIA request they were trying to determine if the FBI had properly complied with a 2010 appeals court decision that concerned when email providers must turn over messages to law enforcement and whether the guidelines apply to text messages."

Privacy Impact Assessment for the Office of Operations Coordination and Planning - Publicly Available Social Media Monitoring and Situational Awareness Initiative, DHS, Update April 1, 2013

EPIC: "The Department of Homeland Security has released a Privacy Impact Assessment for Einstein 3 - Accelerated. Einstein 3 is a government cybersecurity program that monitors Internet traffic. The monitoring includes scanning email destined for .gov networks for malicious attachments and URLs. According to DHS, the basis of the government’s authority to perform the monitoring is National Security Presidential Directive 54. EPIC is pursuing FOIA litigation to force the government to release the Directive to the public. For more information, see EPIC v. NSA - Cybersecurity Authority."

News release: "The Federal Trade Commission today released a statistical survey of fraud in the United States during 2011, which showed that an estimated 25.6 million adults – 10.8 percent of the adult population – were fraud victims...While fast-growing online commerce has benefited consumers with greater choice and convenience, the survey indicates that, as of 2011, the Internet was also the place where consumers most often learned about fraudulent offers. The Internet category, which included email, social media, auction sites and classified ads, was followed by print advertising, and TV and radio. Most consumers bought fraudulent items via the Internet; telephone purchases ranked second."

2013 Internet Security Threat Report - "Key Findings:

• 42% increase in targeted attacks in 2012.
  
• 31% of all targeted attacks aimed at businesses with less than 250 employees.
  
• One waterhole attack infected 500 organizations in a single day.
  
• 14 zero-day vulnerabilities.
  
• 32% of all mobile threats steal information.
  
• A single threat infected 600,000 Macs in 2012.
  
• Spam volume continued to decrease, with 69% of all email being spam.
  
• The number of phishing sites spoofing social networking sites increased 125%.
  
• Web-based attacks increased 30%.
  
• 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems."

Experian reveals a quarter of time online is spent on social networking: London, 16 April 2013 – "Insights from Experian, the global information services company, reveals that if the time spent on the Internet was distilled into an hour then a quarter of it would be spent on social networking and forums across UK, US and Australia. In the UK 13 minutes out of every hour online is spent on social networking and forums, nine minutes on entertainment sites and six minutes shopping."

"This report provides a detailed, current look at the nature of advanced threats targeting organizations today. Drawing on data gathered by FireEye® from several thousands of appliances at customer sites around the world, across 89 million events, this report provides an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations' networks today. Key findings include:

CRS - Cloud Computing: Constitutional and Statutory Privacy Protections, Richard M. Thompson II, Legislative Attorney. March 22, 2013

"Cell phone searches are a common law enforcement tool, but up until now, the public has largely been in the dark regarding how much sensitive information the government can get with this invasive surveillance technique. A document submitted to court in connection with a drug investigation, which we recently discovered, provides a rare inventory of the types of data that federal agents are able to obtain from a seized iPhone using advanced forensic analysis tools. The list, available here, starkly demonstrates just how invasive cell phone searches are—and why law enforcement should be required to obtain a warrant before conducting them."

Via LLRX.com - LegalTech 2013: Old habits die hard, but die they do - Attorney Nicole Black's article on the LegalTech 2013 conference, sponsored every year by American Lawyer Media, updates all of us who could not attend on the latest legal technologies and innovations.

The Saga of Barrett Brown: Inside Anonymous and the War on Secrecy, By Christian Stork, February 21, 2013

Google Official Blog: "..January 28, is Data Privacy Day, when the world recognizes the importance of preserving your online privacy and security. If it’s like most other days, Google—like many companies that provide online services to users—will receive dozens of letters, faxes and emails from government agencies and courts around the world requesting access to our users’ private account information. Typically this happens in connection with government investigations. It’s important for law enforcement agencies to pursue illegal activity and keep the public safe. We’re a law-abiding company, and we don’t want our services to be used in harmful ways. But it’s just as important that laws protect you against overly broad requests for your personal information...Today, for example, we’ve added a new section to our Transparency Report that answers many questions you might have. And last week we released data showing that government requests continue to rise, along with additional details on the U.S. legal processes—such as subpoenas, court orders and warrants—that governments use to compel us to provide this information."

Curt Hopkins for The Daily Dot: "When a user “deletes” an email in the normal fashion, it becomes invisible to that user and is immediately a candidate to be overwritten. But until it is in fact overwritten, it exists. And it may persist longer on company servers. So, even if it is taken off your computer, it may still be available on the host’s server. Given that email-hosting companies are legally obliged to turn over user information to law enforcement and intelligence authorities with warrants—and these days even without them—the impossibility of being certain of a deletion means you must presume that any email you compose will be available remain accessible forever."

"According to a recent report from Google, the company received 20,938 requests for user data in the first half of 2012, up from 18,257 requests in the second half of 2011. The United States accounted for 7,969 requests in the 2012 report. And of these requests, Google provided user data to the US government in 90% of the cases. Over the last several years, Google has pursued an aggressive effort to promote computing services that store personal data on Google's servers even as the number of government requests has grown. And earlier this year, Google reduced safeguards for Gmail users, over the objections of many lawmakers and users when it consolidated privacy policies across its various Internet services. In 2009, EPIC L3[urged] the Federal Trade Commission to look more closely at the privacy risks of cloud-based services. For more, see EPIC - "Cloud Computing"."

Managing Discovery of Electronic Information: A Pocket Guide for Judges, Second Edition. Barbara J. Rothstein, Ronald J. Hedges, and Elizabeth C. Wiggins. Federal Judicial Center, 2012

"EPIC has asked the Federal Trade Commission to review Facebook's decision to change the default email address of Facebook users. The company recently removed email addresses, selected by users, with a @facebook.com address assigned by Facebook. EPIC asked the FTC to review this practice as it finalizes the terms of a settlement with Facebook. "Facebook's willingness to disregard user choice...raise[s] important questions about the company's ability to comply with the terms of the proposed Consent Order," EPIC wrote. EPIC also said that the change is a deceptive business practice because Facebook did not tell users that their preferred email address could be removed by the company. And EPIC noted that the change would result in user email being sent to Facebook's servers that would otherwise have gone to the user's email service. The FTC's settlement with Facebook follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. The settlement would bar Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement."

Follow up to posting on SOPA’s Evil Twin Sister – CISPA, via Electronic Frontier Foundation, Cybersecurity Bill FAQ: The Disturbing Privacy Dangers in CISPA and How To Stop It, by Trevor Timm

EFF: "On Sunday, the United Kingdom’s Prime Minister David Cameron and the Interior Ministry were forced to defend a sweeping wiretapping proposal, which would aim to monitor every single email, text message, and phone call flowing through the whole country. The proposal would likely force all UK Internet Service Providers (ISPs) to install “black boxes” on their systems that use Deep Packet Inspection (DPI) technology, which would give authorities access to all communications data without a warrant or any judicial oversight. Law enforcement would have access to IP addresses, email addresses, when you send an email, to whom you send it, and how frequently—as well as corresponding data for phone calls and text messages. The government has claimed this proposal is needed to fight “terrorism and serious crimes,” but of course, it would be available to law enforcement for all purposes."

FBI Fact Sheet on Internet Fraud: Includes information on: Avoiding Internet Auction Fraud, Avoiding Non-Delivery of Merchandise, Avoiding Credit Card Fraud, Avoiding Investment Fraud, Avoiding Business Fraud, Avoiding the Nigerian Letter or “419” Fraud, Common Fraud Scams, Investment-Related Scams, Internet Scams, and Fraud Target: Senior Citizens.

"DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate."

Guidance on Live, Text-Based Communications from Court: "This Practice Guidance (the Guidance) applies to court proceedings which are open to the public and to those parts of the proceedings which are not subject to reporting restrictions. It is issued (as Guidance and not a Practice Direction) following a consultation relating to the use of live, text-based communications. Those consulted included the Judiciary, the Secretary of State for Justice, the Attorney General, the Director of Public Prosecutions, the Bar Council, the Law Society, the Press Complaints Commission, and the Society of Editors in addition to interested members of the public via the Judiciary website.
2) The Guidance clarifies the use which may be made of live text-based communications, such as mobile email, social media (including Twitter) and internet enabled laptops in and from courts throughout England and Wales. For the purposes of this Guidance these means of communication are referred to, compendiously, as live, text-based communications."

News release: "The Information Commissioner’s Office (ICO) has today published new guidance making it clear that information concerning official business held in private email accounts is subject to the Freedom of Information Act. Information Commissioner, Christopher Graham said:

Identity Theft Reported by Households, 2005-2010: "Presents data on the nature of and trends in identity theft victimization among U.S. households from the National Crime Victimization Survey (NCVS). The NCVS defines identity theft as the misuse or attempted misuse of an existing credit card or another existing account or the misuse of personal information to open a new account or for other fraudulent purposes. Findings are based on experiences of all household members age 12 or older as reported by the head of household. The data brief examines changes in the percentage of households experiencing identity theft from 2005 to 2010. It describes differences in the types of identity theft experienced by households in 2010 compared to 2005, as well as changes in the demographic characteristics of victimized households. The brief also presents estimates on the monetary losses attributed to household victims of identity theft. Highlights include the following:

• In 2010, 7.0% of households in the United States, or about 8.6 million households, had at least one member age 12 or older who experienced one or more types of identity theft victimization.
  
• Among households in which at least one member experienced one or more types of identity theft, 64.1% experienced the misuse or attempted misuse of an existing credit card account in 2010.
  
• From 2005 to 2010, the percentage of all households with one or more type of identity theft that suffered no direct financial loss increased from 18.5% to 23.7%."

News release: "Following a public comment period, the Federal Trade Commission has accepted as final a settlement with Google, and authorized the staff to provide responses to the commenters of record. The settlement resolves charges that Google used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010. The agency alleged that the practices violate the FTC Act. The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. The Commission vote approving the final settlement was 4-0.

News release: "Symantec Corp. announced the findings of its 2011 Information Retention and eDiscovery Survey which examined how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request. The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines."

65% of online adults use social networking sites - Women maintain their foothold on SNS use and older Americans are still coming aboard. Mary Madden, Senior Research Specialist, Kathryn Zickuhr, Research Specialist, 8/26/2011

"Symantec Corp. announced the results of the August 2011 Symantec Intelligence Report, now combining the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. This month’s analysis reveals that once more spammers are seeking to benefit from fluctuations in the turbulent financial markets, most notably by sending large volumes of spam relating to certain “pink sheets” stocks in an attempt to “pump” the value of these stocks before “dumping” them at a profit. In a pump-and-dump stock scam, spammers promote certain stocks in order to inflate the price as much as possible so that they may then be sold before their valuation crashes back to reality. The spam for these scams tries to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket. Most of these claims are either misleading or false. A successful pump-and-dump spam campaign will artificially drive up the price of the stock to a point where the scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which in turn reduces the interest in the stock, helping to drive its valuation back to the original low price."

Search and email still top the list of most popular online activities - Two activities nearly universal among adult internet users, by Kristen Purcell

News release: "Say “spam” and most business executives think of annoying e-mail messages, like the ones that hold out a phony offer to split $50 million that’s sitting in a foreign bank. Of course, this type of message is covered by the Federal Trade Commission’s CAN-SPAM Rule, which is designed to protect consumers from deceptive commercial e-mail. But CAN-SPAM covers e-mails from legitimate businesses, too, such as e-mail notifying customers about a new product line or a special sale. To help explain what the CAN-SPAM Rule covers, the FTC has produced a new video for businesses with a seven-point checklist for sending commercial e-mail messages. For example, e-mail marketers must use accurate headers and subject lines and provide a method for consumers to stop getting e-mails. In addition to the video, the FTC also offers a brochure, The CAN-SPAM Act: A Compliance Guide for Business."

FCC: "You may be one of many consumers who have received emails saying you’re about to be assaulted by unwanted telemarketing calls to your wireless phone. Rest assured that placing telemarketing calls to wireless phones is -- and always has been -- illegal in most cases. Why the Confusion? The confusion seems to stem from recent discussions in the wireless phone industry about establishing a wireless 411 phone directory, much like your traditional (wired) 411 phone directory. A number of email campaigns seem to suggest that if your wireless telephone number is listed in a wireless 411 directory, it will be available to telemarketers, and you will start to receive sales calls. In addition, some of these email campaigns suggest that there is a separate do-not-call “cell phone registry,” which you must call to have your wireless phone number covered by the do-not-call rules. This information is wrong."

News release: "NOAA announced an $11.5 million, three-year award to Earth Resources Technologies, Inc. for cloud-based unified messaging services. The agency-wide transition will modernize e-mail and calendar infrastructure, integrate collaborative tools and facilitate synchronization with mobile devices to better support NOAA’s mission and its nationwide workforce. As the largest federal agency to adopt cloud technology to date, NOAA will migrate 25,000 mailboxes to the cloud rather than utilizing in-house servers. NOAA’s decision to pursue the cloud solution supports the Obama administration’s direction to pursue a “cloud first” approach. “The cost to the taxpayer will be 50 percent less than an in-house solution,” said NOAA Chief Information Officer Joseph Klimavicz. “As the new standard, cloud computing has great value allowing us to ramp up quickly, avoid redundancy and provide new services and capabilities to large groups of customers.”

"This collection contains over 24,000 e-mails from former Alaska Governor Sarah Palin’s administration and was obtained in June 2011, more than two and a half years after the public records request for these materials. Crivella West, at its own expense, converted the paper copies of the e-mails produced back into searchable digital copies and made the digital copies available to the public without charge. In addition, Crivella West has provided analytical tools to organize the documents to help users uncover information of interest. Crivella West is continuing its collaboration with msnbc.com, Mother Jones and Pro Publica."

Official Google Blog: "...Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.) Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."

Jason Miller, Executive Editor, Federal News Radio: "The General Services Administration is about to give the Obama administration's policy that requires agencies to use cloud computing a big boost. GSA plans on releasing a request for proposals May 10 for e-mail-as-a-service that could be worth $2.5 billion. Vivek Kundra, the federal chief information officer, said Wednesday there are $20 billion in systems across the government that could move to the cloud, and email and collaboration software are among the easiest first steps. We already are seeing 15 agencies that have identified 950,000 e-mail boxes across 100 email systems that are going to move to the cloud," he said during an update on the administration's 25-point IT reform plan at the White House. "This represents a huge opportunity for [vendors] to aggressively compete for these new opportunities in the cloud space and provide the government with the best value and most innovative technologies." Among those 15 agencies already on their way are the Agriculture Department and GSA. USDA is moving 120,000 employees to Microsoft's cloud, while GSA picked Unisys, which partnered with Google, to move as many as 30,000 employees to a new email system."

Welcome to the age of data: Watch your back! by Molly Wood

Via EPIC: "Epsilon, a large marketing firm, has lost the names and e-mail addresses of customers of Walgreens, JP Morgan Chase, Capitol One, Tivo, and other large companies. The firm announced the data breaches late last week. Data service providers, such as Epsilon, are not well known by consumers and are not typically regulated. Epsilon provides data analytics, targeting, profiling of customers, as well as e-mail tracking services. Previously, EPIC provided comments to the Federal Trade Commission and testimony to the United States Congress on the need for comprehensive privacy protection for customer data."

Symantec Internet Security Threat Report Trends for 2010, Volume 16, Published April 2011

An Assessment of Records Management Programs in the Federal Government National Archives and Records Administration, February 22, 2011

Investigation of the Failure of the SEC's Los Angeles Regional Office to Uncover Fraud in Westridge Capital Management Notwithstanding Investment Adviser Examination Conducted in 2005 and Inappropriate Conduct on the Part of Senior Los Angeles Official, Case No. OIG-533 [redacted, dated October 26, 2010 and released February 2011]

Official Google Blog: "Has anyone you know ever lost control of an email account and inadvertently sent spam—or worse—to their friends and family? There are plenty of examples...that demonstrate why it's important to take steps to help secure your activities online. Your Gmail account, your photos, your private documents—if you reuse the same password on multiple sites and one of those sites gets hacked, or your password is conned out of you directly through a phishing scam, it can be used to access some of your most closely-held information...2-step verification requires two independent factors for authentication, much like you might see on your banking website: your password, plus a code obtained using your phone. Over the next few days, you'll see a new link on your Account Settings page."

Federal Computer Week: "The White House's unclassified e-mail system is back up after an eight-hour outage, but the e-mail security problems may go deeper. It was disclosed February 4, 2011 that some officials alleged White House e-mails were the source of a cyberattack against British officials two months ago. Officials from the United Kingdom said today that alleged White House e-mail accounts were the source of a malware attack against U.K. government officials in late December, according to news report."

Follow up to Google Files Bid Protest Against Dept. of Interior Over Hosted Email and Collaboration Services, news that Google wins: Interior forbidden to award noncompetitive contract to Microsoft - "U.S. Federal Claims Court Judge Susan Braden ruled on Jan. 3 that negotiations for a sole source contract with Microsoft “commenced many months prior to July 15, 2010,” when department officials decided Microsoft's software was their standard for e-mail and computer operating systems. Meanwhile, Google had been trying to get considered for the work as well."

Google Voice Blog: "When we launched calling in Gmail back in August, we wanted it to be easy and affordable, so we made calls to the U.S. and Canada free for the rest of 2010. In the spirit of holiday giving and to help people keep in touch in the new year, we’re extending free calling for all of 2011. In case you haven’t tried it yet, dialing a phone number works just like a regular phone. Look for “Call phone” at the top of your Gmail chat list and dial a number or enter a contact’s name. To learn more, visit gmail.com/call. Calling in Gmail is currently only available to U.S. based Gmail users."

Help Net: "In October Commtouch reported an 18% drop in global spam levels (comparing September and October). This was largely attributed to the closure of Spamit around the end of September. Spamit is the organization allegedly behind a fair percentage of the worlds pharmacy spam. Analysis of the spam trends to date reveals a further drop in the amounts of spam sent during Q4 2010. December’s daily average was around 30% less than September’s. The average spam level for the quarter was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%."

WikiLeaks And The New Corporate Disclosure Crisis - Stephanie Nora White and Rebecca Theim: "If the scandals that have plagued corporate America in the past two years haven't gotten you thinking about your own company's vulnerabilities, then the latest revelations out of WikiLeaks certainly should. In an interview with Forbes' Andy Greenberg, WikiLeaks founder Julian Assange declared that half the documents that have been fed to the organization are from corporations, and that sometime early next year his organization plans what presumably will be the first of many corporate disclosures. It will begin with information about one of the nation's leading banks. The target is rumored to be Bank of America, and the bank's stock tumbled 3% shortly after the rumors were publicized. Got your attention now? WikiLeaks is promising to give a voice to the disenfranchised, disgusted and disillusioned within Corporate America, those who have knowledge of company behavior ranging from distasteful to criminal. "Companies turn people into leakers by their failure to listen, look and respond," says business consultant and author Margaret Heffernan, whose forthcoming book, Willful Blindness: Why We Ignore the Obvious at Our Peril, will tackle the issue. In other words, it will no longer be a company's general counsel who will decide if and when something is disclosed to the public. Now, it's any insider with a flash drive who's troubled or disgruntled by an organization's conduct. And the types of information WikiLeaks is disclosing can be more damaging--and memorable--than a traditional corporate crisis."

Generations 2010, Kathryn Zickuhr, Web Coordinator, 12/16/2010

Follow up to Google Files Bid Protest Against Dept. of Interior Over Hosted Email and Collaboration Services news that "the U.S. General Services Administration will become the first federal agency to use a hosted e-mail service, choosing Google, Unisys and others to offer the service."

Holiday Shopping Tips: "This holiday season the FBI reminds shoppers that cyber criminals aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims, including conducting fraudulent auction sales, reshipping merchandise purchased with stolen credit cards, and selling fraudulent or stolen gift cards through auction sites at discounted prices...If you have received a scam email, please notify the IC3 by filing a complaint at http://www.IC3.gov. For more information on e-scams, please visit the FBI's New E-Scams and Warnings webpage at http://www.fbi.gov/cyberinvest/escams.htm."

Email I received Tuesday evening, 9:49pm ET: "Google rarely contacts Gmail users via email, but we are making an exception to let you know that we've reached a settlement in a lawsuit regarding Google Buzz, a service we launched within Gmail in February of this year. Shortly after its launch, we heard from a number of people who were concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case. The settlement acknowledges that we quickly changed the service to address users' concerns. In addition, Google has committed $8.5 million to an independent fund, most of which will support organizations promoting privacy education and policy on the web. We will also do more to educate people about privacy controls specific to Buzz. The more people know about privacy online, the better their online experience will be. Just to be clear, this is not a settlement in which people who use Gmail can file to receive compensation. Everyone in the U.S. who uses Gmail is included in the settlement, unless you personally decide to opt out before December 6, 2010. The Court will consider final approval of the agreement on January 31, 2011. This email is a summary of the settlement, and more detailed information and instructions approved by the court, including instructions about how to opt out, object, or comment, are available at http://www.BuzzClassAction.com."

The complaint, Google Inc. vs. The United States, filed Ocotber 29, 2010 in the U.S. Court of Federal Claims, is here. "This action protests the terms of U.S. Department of the Interior ("DOI") Request for Quotation 503786 ("RFQ") for hosted email and collaboration services and DOI's supporting "Limited Source Justification", and seeks preliminary and permanent injunction against the DOI proceeding with the RFQ, or any related procurement, solicitation or task order, without first complying with applicable statutory and regulatory requirements..."

News release: "The largest ever global research project into people’s online activities and behaviour - Digital Life - was launched today, ‘digital day’ by TNS, the world’s biggest custom research company. Covering nearly 90 per cent of the world’s online population through 50,000 interviews with consumers in 46 countries, the study reveals major changes in the world’s online behaviour. Core data from the study is being made publicly available via this interactive website...Among the key findings of the study are:

• Globally, people who have on-line access have digital sources as their number one media channel. 61% of online users use the internet daily against 54% for TV, 36% for Radio and 32% for Newspapers.
  
• Online consumers in rapid growth markets have overtaken mature markets in terms of engaging with digital activities. When looking at behaviour online, rapid growth markets such as Egypt (56%) and China (54%) have much higher levels of digital engagement than mature markets such as Japan (20%), Denmark (25%) or Finland (26%). This is despite mature markets usually having a more advanced internet infrastructure.
  
• Activities such as blogging and social networking are gaining momentum at huge speed in rapid growth markets. The research shows four out of five online users in China (88%) and over half of those in Brazil (51%) have written their own blog or forum entry, compared to only 32% in the US. The Internet has also become the default option for photo sharing among online users in rapid growth markets, particularly in Asia."

Official Gmail Blog: "...you can now get Gmail served up sans conversation view. Go to the main Settings page, look for the “Conversation View” section, select the option to turn it off, and save changes. If you change your mind, you can always go back."

"This alternative way of slicing the data still shows Email to be, by far, the dominant sector in terms of mobile time, although this dominance shrinks by a few delta points to 38.5% from 41.6%. Search is another that nets out with a smaller share, although by less than a percentage point from 7.1% to 6.3%. The share held by Social Networking remains very similar but News & Current Events comes out much stronger using the site-level analysis at a 7.2% share of time compared to 4.4% of time using the category-level analysis. Share of time on Portals shows something more dramatic, with a change from 11.6% to 4.6% share of time, but this doesn’t mean that people are spending any less time on Portal sites. Nielsen classifies both channels and brands into categories and so a category-level analysis includes both brands (e.g. Google) as well as channels under than brand (e.g. Google News). Using the initial methodology means that all Google time would be assigned to Portals (because Google is a portal) but using the site-level method means the Google News element would be assigned to the News & Current Events sector. Thus, the Portal element is limited to more general and entry pages rather than including content-specific sectors such as news."

Official Google Blog: "People tell us all the time that they’re getting more and more mail and often feel overwhelmed by it all. We know what you mean—here at Google we run on email. Our inboxes are slammed with hundreds, sometimes thousands of messages a day—mail from colleagues, from lists, about appointments and automated mail that’s often not important. It’s time-consuming to figure out what needs to be read and what needs a reply...we’re happy to introduce Priority Inbox (in beta) — an experimental new way of taking on information overload in Gmail."

Testing the Accuracy of Database Information Produced in Civil Discovery: Conrad J. Jacoby identifies the trend that increasingly electronically stored information ("ESI") requested in litigation discovery originates in databases or other structured data repositories. Previously, this data was stored in discrete e-mail messages, spreadsheets, and word processing files that have long made up the bulk of most ESI document productions. Businesses creating and managing their accumulated information have discovered that they are able to extract far more utility if they store their data in a single repository and in a standardized format.

Follow up to postings on the Intergovernmental Panel on Climate Change (IPCC), this news release: "The Independent Climate Change Email Review, undertaken by Sir Muir Russell and his team, has issued its report on issues arising from the publication of hacked emails from the University of East Anglia's Climatic Research Unit."

The Independent Climate Change E-mails Review, July 2010. From the Executive Summary:

• "Climate science is a matter of such global importance, that the highest standards of honesty, rigour and openness are needed in its conduct. On the specific allegations made against the behaviour of CRU scientists, we find that their rigour and honesty as scientists are not in doubt.
  
• In addition, we do not find that their behaviour has prejudiced the balance of advice given to policy makers. In particular, we did not find any evidence of behaviour that might undermine the conclusions of the IPCC assessments.
  
• But we do find that there has been a consistent pattern of failing to display the proper degree of openness, both on the part of the CRU scientists and on the part of the UEA, who failed to recognise not only the significance of statutory."

Follow up to Several State Attorneys General Announce Probes of Google Wireless Data Collection, via EPIC: "The French National Commission on Computing and Liberty (CNIL) has released preliminary results (French) (English) of the Google Street View investigation in France. According to the CNIL, Google "saved passwords for access to mailboxes" and obtained content of electronic messages. The CNIL is pursuing the investigation to determine whether Google engaged in "unfair and unlawful collection of data" as well as "invasion of privacy and individual liberties." Investigations are now underway in at least 18 countries and five states in the US. EPIC has prepared a preliminary survey of Investigations of Google Street View."

EPIC: "The Supreme Court has issued a ruling in City of Ontario v. Quon, a case concerning the reasonablenees of a search of a public employee's pager. EPIC filed a "friend of the court" brief in the case, arguing that data minimization practices should be followed for electronic searches, and that the search, which uncovered personal texts unrelated to the purpose of the search, was therefore unreasonable. EPIC urged the Supreme Court to apply the approach set out in Comprehensive Drug Testing v. United States, which allows a government agency to undertake appropriate searches without unnecessarily violating privacy interests. The Court ruled that the search was reasonable, reversing the Ninth Circuit's decision that such a search be conducted through the least intrusive means possible. For more information, see EPIC: City of Ontario v. Quon."

The Chronicle - Is Email Checking You? by Natalie Houston

"24 Hours: Unplugged - What is is like to go without media? What if you had to give up your cell phone, iPod, television, car radio, magazines, newspapers and computer (i.e. no texting, no Facebook or IM-ing)? Could you do it? Is it even possible? Well, not really, if you are an American college student today. According to a new ICMPA [International Center for Media and the Public Agenda] study, most college students are not just unwilling, but functionally unable to be without their media links to the world." [See Table of Contents on right side of page to navigate the study]

"The Symantec Internet Security Threat Report provides an annual overview and detailed analysis of Internet threat activity, malicious code, and known vulnerabilities. The report also discusses trends in phishing, spam and observed activities on underground economy servers...report sathe ys the U.S. was top country for malicious activity, making up 19% total."

• Internet Security Threat Report: Volume XV: April 2010
  
• Executive Summary: April 2010

Official Google Blog: "...it's no surprise that Google, like other technology and telecommunications companies, regularly receives demands from government agencies to remove content from our services. Of course many of these requests are entirely legitimate, such as requests for the removal of child pornography. We also regularly receive requests from law enforcement agencies to hand over private user data. Again, the vast majority of these requests are valid and the information needed is for legitimate criminal investigations. However, data about these activities historically has not been broadly available. We believe that greater transparency will lead to less censorship. We are today launching a new Government Requests tool to give people information about the requests for user data or content removal we receive from government agencies around the world. For this launch, we are using data from July-December, 2009, and we plan to update the data in 6-month increments. Read this post to learn more about our principles surrounding free expression and controversial content on the web."

Death to PST Files, A Symantec Hosted Services Whitepaper: "Email is one of your company’s most critical—and most widely used—assets. According to a 2009 study by The Radicati Group, the average corporate email user sends and receives 167 email messages per day. The report estimates that this number will increase to 219 messages per day by 2013. This steady flow of email messages means managing email is more difficult than ever. A company must provide employees constant access to their email accounts and manage copies of every important email to comply with regulatory requirements. If a company is faced with a lawsuit, it must have the ability to easily place legal holds on emails and conduct efficient e-discovery. Since email is the source of so much vital information, users are reluctant to delete old messages, which turns their email system into a personal email filing cabinet. In essence, users create their own email archives using PST files. Most companies impose quotas that limit the amount of storage each person can use for emails. Without these quotas, server disk drives would overflow and email systems would crash."

Follow up to Google Announces "A new approach to China", from the New York Times: "Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s web services, including e-mail and business applications."

Follow up to Missing White House E-Mails Still Factor in Torture Memo Investigation, this CREW news release: "On Friday, April 16, CREW received an initial response to its Freedom of Information Act request of the Department of Justice’s Office of Legal Counsel (OLC) related to the failure of former OLC official John Yoo to preserve any of his emails. In response to CREW’s request for record keeping guidance issued to OLC staff, OLC produced two memos, both of which require OLC staff to retain all emails “that are important to understanding a decision of the Office.” There can be no question Mr. Yoo’s failure to preserve any emails directly contravenes OLC’s record keeping guidance. Click here to read CREW's FOIA request."

News release: "The Electronic Frontier Foundation (EFF) along with Google and numerous other public interest organizations and Internet industry associations joined with Yahoo! in asking a federal court Tuesday to block a government attempt to access the contents of a Yahoo! email account without a search warrant based on probable cause. The Department of Justice is seeking the emails as part of a case that is under seal, and the account holder has apparently not been notified of the request. Government investigators maintain that because the Yahoo! email has been accessed by the user, it is no longer in "electronic storage" under the Stored Communications Act (SCA) and therefore does not require a warrant, even though that same legal theory has been flatly rejected by the one Circuit Court to address it. Yahoo! is challenging the government request before a federal magistrate judge in Denver, arguing that the SCA and Fourth Amendment require the government to get a search warrant before compelling Yahoo! to disclose the email. In an amicus brief filed in support of Yahoo! Tuesday, EFF says that the company is simply following the law and protecting the constitutional privacy rights of its customers."

New release: "As part of its continuing effort to combat distracted driving, U.S. Transportation Secretary Ray LaHood announced that the U.S. Department of Transportation (USDOT) is kicking off pilot programs in Hartford, Connecticut and Syracuse, New York to test whether increased law enforcement efforts can get distracted drivers to put down their cell phones and focus on the road. The pilot programs, which are similar to previous efforts to curb drunk driving and increase seat belt use among drivers, are the first federally funded efforts in the country to specifically focus on the effects of increased enforcement and public advertising on reducing distracted driving. Drivers caught texting or talking on a hand-held cell phone will be pulled over and ticketed. The message is simple, Phone in One Hand. Ticket in the Other....Research by the National Highway Traffic Safety Administration shows that in 2008 alone, nearly 6,000 people were killed and more than a half million people were injured in crashes involving a distracted driver nationwide. Almost 20 percent of all crashes that same year involved some type of distraction."

News release: "A broad coalition of privacy groups, think tanks, technology companies and academics today issued principles for updating the key federal law that defines the rules for government access to email and private files stored in the Internet “cloud.” The coalition cited the need to preserve traditional privacy rights in the face of technological change while also ensuring that law enforcement agents can carry out investigations and that industry has the clarity needed to innovate. To set a consistent standard in line with the traditional rules for law enforcement access in the offline world, the group’s recommendations focus on the Electronic Communications Privacy Act (ECPA). Passed in 1986 and not significantly updated since, it establishes standards for government access to email and other electronic communications in criminal investigations."

EPIC: "The New Jersey Supreme Court ruled in favor of a female employee whose employer read emails that she sent while using Yahoo Mail on a company-owned laptop. The employee, Marina Stengart, had exchanged emails with her attorney regarding a possible discrimination lawsuit against the employer. The employer then pulled the emails off of the laptop's hard drive and used them to prepare a defense to the discrimination suit. The New Jersey Supreme Court found that "Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them." The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief."

News release: "The Rosemary Award for worst open government performance, named after President Nixon’s secretary who erased 18½ minutes of a crucial Watergate tape, this year goes to the Federal Chief Information Officers Council, the senior federal officials (responsible for $71 billion a year of IT purchases) who have never addressed the failure of the government to save its e-mail electronically, according to the citation today by the National Security Archive. Formed by Executive Order in 1996 and codified in law by Congress in the 2002 E-Government Act, the CIO Council describes itself as the “principle interagency forum for improving practices in the design, modernization, use, operation, sharing, and performance of Federal Government information resources.” Yet neither the Council’s founding documents, its 2007-2009 strategic plan, its transition memo for the Obama administration, nor its current Web site even mention the challenge of electronic records management for e-mail. Last month, the Justice Department investigation of former senior officials John Yoo and Jay Bybee over their authorship of the so-called “torture memos” revealed that “most of Yoo’s email records had been deleted and were not recoverable.” The Yoo deletions represent only the latest red flag about government e-mail preservation – dating back to the January 1989 attempt by the Reagan administration to destroy its e-mail backup tapes, thwarted by the National Security Archive’s lawsuit."

Social Networking and Constituent Communications: Member Use of Twitter During a Two-Month Period in the 111th Congress, February 03, 2010

Merkle View from the Social Inbox 2010 - Actionable Information for Marketers From the Annual Consumer Email & Digital Media

News release: "NetWitness, the world leader in advanced persistent threat detection and real-time network forensics, announced today that its analysts have discovered a dangerous new ZeuS botnet affecting 75,000 systems in 2,500 organizations around the world. The newly-discovered infestation, dubbed the "Kneber botnet" after the username linking the infected systems worldwide, gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information to miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities. NetWitness first discovered the Kneber botnet in January during a routine deployment of the NetWitness advanced monitoring solutions. Deeper investigation revealed an extensive compromise of commercial and government systems that included 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files, and dossier-level data sets on individuals including complete dumps of entire identities from victim machines."

Follow up to Google Buzz Social Media Integrated into Gmail, news that "EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Google Buzz. Last week, Google tried to transform its popular email service into an untested social networking service. As a consequence, Google displayed social networking lists based on a user's most frequent address book contacts. The change was widely criticized. EPIC's complaint cites clear harms to service subscribers, and alleges that the change in business practices "violated user expectations, diminished user privacy, contradicted Google's privacy policy, and may have violated federal wiretap laws."

Security Labs Report Jul 2009-Dec 2009 Recap - "This report has been prepared by the M86 Security Labs team. It covers key trends and developments in Internet security over the last six months, as observed by the security analysts at M86 Security Labs. M86 Security Labs is a group of security analysts specializing in Email and Web threats, from spam to malware.
Key Points of this report:

2010 Identity Fraud Survey Report: Consumer Version

Official Google Blog: "Google Buzz is a new way to start conversations about the things you find interesting. It's built right into Gmail, so you don't have to peck out an entirely new set of friends from scratch — it just works. If you think about it, there's always been a big social network underlying Gmail. Buzz brings this network to the surface by automatically setting you up to follow the people you email and chat with the most. We focused on building an easy-to-use sharing experience that richly integrates photos, videos and links, and makes it easy to share publicly or privately (so you don't have to use different tools to share with different audiences). Plus, Buzz integrates tightly with your existing Gmail inbox, so you're sure to see the stuff that matters most as it happens in real time."

Social Transmission and Viral Culture, by Jonah Berger, assistant professor of Marketing and Katherine L. Milkman, assistant professor of Operations and Information Management at the Wharton School, University of Pennsylvania.

Anatomy of a Large-Scale Social Search Engine, by Damon Horowitz and Sepandar D. Kamvar [via Abi Morgan]

The quarterly APWG (AntiPhishing Working Group) Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by email submissions. APWG also measures the evolution, proliferation and propagation of crimeware drawing from the research of our member companies. In the last half of this report you will find tabulations of crimeware statistics and related analyses."

Follow up to previous postings on Follow up to previous postings on missing White House emails during Bush administrations, from the National Security Archive: "Pursuant to a settlement reached between the National Security Archive and the White House Executive Office of the President (EOP), the White House today issued a letter describing critical aspects of the EOP unclassified network e-mail preservation and archiving system now used in the White House. Among other specifics, the letter describes:

• Automated capture and preservation of all e-mail and Blackberry messages sent or received on the EOP’s unclassified network;
  
• Documents segregated into component-specific repositories and broad search capabilities that improve the ability to find e-mail records in response to legal or administrative needs;
  
• Blocking of access to personal and external Web-based e-mail systems from White House unclassified workstations;
  
• Controls against unauthorized deletion of e-mails and an accounting of any deleted e-mails;
  
• Systematic emergency recovery backups of the system; and
  
• Automatically generated audit reports and system health-check dashboard reports to assist in the identification of problems."

Annual Report PandaLabs 2009

The New York Review of Books - Who's in Big Brother's Database? By James Bamford - The Secret Sentry: The Untold History of the, National Security Agency, by Matthew M. Aid, Bloomsbury.

News release: "Today, Citizens for Responsibility and Ethics in Washington (CREW) and the National Security Archive (NSA) reached a final settlement of their long-running lawsuits challenging the failure of the Bush White House and the National Archives and Records Administration (NARA) to take any action after confronted with evidence that millions of emails had gone missing from Bush White House servers over a two and one-half year period. The lawsuits followed CREW’s revelation in April 2008 that the White House had discovered the problem in the fall of 2005. Nevertheless, the Bush White House failed to recover or restore the missing emails and knowingly continued to use a broken system for preserving electronic records. Under the terms of the settlement, the Executive Office of the President (EOP) will restore a total of 94 days of missing emails, which will then be sent to NARA for preservation and eventual access under either the Presidential Records Act or the Federal Records Act."

Official Google Blog: "In an effort to provide you with greater transparency and control over their own data, we've built the Google Dashboard. Designed to be simple and useful, the Dashboard summarizes data for each product that you use (when signed in to your account) and provides you direct links to control your personal settings. Today, the Dashboard covers more than 20 products and services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude and many more. The scale and level of detail of the Dashboard is unprecedented, and we're delighted to be the first Internet company to offer this — and we hope it will become the standard. [Includes a quick video] to learn more and then try it out for yourself at www.google.com/dashboard."

National Law Journal: "The economy has employers extra jittery about company secrets getting out, so nervous that they're hiring staff just to monitor outbound e-mails. That's the conclusion of a recent study by Proofpoint, an Internet security and data loss prevention company, which found that 38 percent of large U.S. employers are monitoring outbound e-mail to prevent data leaks, up from 29 percent in 2008."

UK Cybercrime Report 2009

Peek: Mobile E-Mail On A Budget - Conrad J. Jacoby discusses his experiences using the Peek mobile e-mail device (Time Magazine's 2008 Gadget of the Year), which he believes is genuinely useful and an excellent value for its cost.

In following this January 9, 2009 memo, Legal Issues Relating to the Testing, Use and Deployment of an Intrusion-Detection System (EINSTEIN 2.0) to Protect Unclassified Computer Networks in the Executive Branch, this DOJ memo released September 18, 2009: Legality of Intrusion-Detection System To Protect Unclassified Computers Networks In Executive Branch - "Operation of the EINSTEIN 2.0 intrusion-detection system complies with the Fourth Amendment to the Constitution, title III of the Omnibus Crime Control and Safe Streets Act of 1968, the Foreign Intelligence Surveillance Act, the Stored Communications Act, and the pen register and trap and trace provisions of chapter 206 of title 18, United States Code, provided that certain log-on banners or computer-user agreements are consistently adopted, implemented, and enforced by executive departments and agencies using the system. Operation of the EINSTEIN 2.0 system also does not run afoul of state wiretapping or communications privacy laws."

Boston.com: "Mayor Thomas M. Menino’s administration, prompted by public records requests from the Globe, has acknowledged that city employees were routinely deleting e-mails, a potential violation of the state public records law. The acknowledgement came after the Globe filed several requests for e-mails sent and received by Menino’s Cabinet chief of policy and planning, Michael J. Kineavy. He is one of Menino’s most powerful and trusted advisers, intimately involved in nearly everything at City Hall, but a search of city computers found just 18 e-mails he had sent or received between Oct. 1, 2008, and March 31 of this year. The unusually low figure prompted administration officials to question him about what happened to the rest of the e-mails he was presumably sending and receiving during that period. Kineavy, who is also one of the mayor’s chief political advisers and a strategist on Menino’s reelection campaigns since 1993, told them that he deletes all his e-mails on a daily basis, in such a way that they are not saved on city backup computers, administration officials said."

Official Gmail Blog: "Gmail's web interface had a widespread outage [September 1, 2009], lasting about 100 minutes. We know how many people rely on Gmail for personal and professional communications, and we take it very seriously when there's a problem with the service. Thus, right up front, I'd like to apologize to all of you — today's outage was a Big Deal, and we're treating it as such. We've already thoroughly investigated what happened, and we're currently compiling a list of things we intend to fix or improve as a result of the investigation."

Google Apps Status Dashboard: "This page offers performance information for Google Apps services. Unless otherwise noted, this status information applies to consumer services as well as services for organizations using Google Apps."

Via Slate: Seeking How the brain hard-wires us to love Google, Twitter, and texting. And why that's dangerous, by Emily Yoffe. "...Actually all our electronic communication devices—e-mail, Facebook feeds, texts, Twitter—are feeding the same drive as our searches. Since we're restless, easily bored creatures, our gadgets give us in abundance qualities the seeking/wanting system finds particularly exciting...If humans are seeking machines, we've now created the perfect machines to allow us to seek endlessly."

DoD Web 2.0 Guidance Forum - Value of Web 2.0 Capabilities: "In examining how the Department of Defense should take maximal advantage of Web 2.0 capabilities (including social networking services, social media, wikis, blogs, RSS feeds, etc.), we are looking at how Web 2.0 capabilities can be used to improve current and future Department operations. Operations in this sense include both broad business and warfighting processes. Specifically, we are looking for insight from various Defense interest groups and think tanks, including Veterans groups, industry groups and individuals who have insights they can share regarding how Web 2.0 capabilities can be used to transform how the Defense Department operates."

News release: "House Judiciary Committee Chairman John Conyers, Jr. (D-Mich.) today released over 700 pages of on-the-record interview transcripts of Karl Rove and Harriet Miers on the U.S. attorney firings and the Bush administration’s politicization of the Department of Justice. Conyers also released over 5,400 pages of Bush White House and Republican National Committee e-mails on these subjects. The released materials reveal that White House officials were deeply involved in the U.S. attorney firings and the administration made a concerted effort to hide that fact from the American people. "After all the delay and despite all the obfuscation, lies, and spin," Conyers said, "this basic truth can no longer be denied: Karl Rove and his cohorts at the Bush White House were the driving force behind several of these firings, which were done for improper reasons. Under the Bush regime, honest and well-performing U.S. attorneys were fired for petty patronage, political horsetrading and, in the most egregious case of political abuse of the U.S. attorney corps.."
Interviews of White House Officials

• Rove Interview
  
• Miers Interview
  
• White House Documents
  
• RNC Documents
  
• Related postings on U.S. Attorney firings

Follow up to July 28, 2009 posting New Data On Cell Phone Use and Driving Distraction, news today that Illinois became the 17th state to ban text messaging while driving.

News release: "The U.S. Postal Service ended its third quarter (April 1 – June 30) with a net loss of $2.4 billion, including a non-cash adjustment that increased workers’ compensation expense by $807 million. Ongoing electronic diversion and the widespread economic recession continued to reduce mail volume, resulting in a $1.6 billion decrease in revenue for the quarter. Despite cost reductions against the fiscal 2009 plan of more than $6 billion and actions to grow revenue, the Postal Service (USPS) projects a net loss of more than $7 billion at fiscal year-end. The organization’s financial situation is compounded by its obligation to pay $5.4 billion to $5.8 billion annually to prefund retiree health benefits. This requirement, established in the Postal Accountability and Enhancement Act of 2006, is an obligation that no other government agency has to pay."

Wireless Internet Use, by John Horrigan, July 22, 2009

News release: "The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice [on June 24, 2009], demanding the public release of the surveillance guidelines that govern investigations of Americans by the Federal Bureau of Investigation (FBI). The FBI's Domestic Investigative Operational Guidelines went into effect in December of 2008 and detail the Bureau's procedures and standards for implementing the Attorney General's Guidelines on approved surveillance strategies...The FBI's general counsel has acknowledged that "the expansion of techniques available [to the Bureau] has raised privacy and civil liberties concerns." Investigations can include the electronic collection of information from online sources and computer databases, as well as the use of grand jury subpoenas to obtain telephone and email subscriber information. Other recent policy changes allow the FBI to engage in free-ranging investigation of Internet sites, libraries, and religious institutions." [Darlene Fichter]

Review of HTC Magic (G2) vs iPhone 3G (and 3G S): Techie expert extraordinaire Nicholas Moline compares the upcoming T-Mobile G2 (HTC Magic) with the iPhone 3G, which has the new iPhone 3.0 Software. Nick ran detailed and thorough tests of each Smartphone's usability and functionality, and he highlights the respective range of features, including bar code readers, removable memory, cameras, GPS, touchscreens, email, web access, and lots more. He also shares his thoughts about which gadget delivers the best applications for users.

2009 Trust, Security & Passwords Survey Research Brief: "This global "snooping" survey is the third in a series of benchmark studies focused on identifying security and privacy trends among IT workers. Results are intended to raise awareness about the risks associated with powerful, and often unmanaged, privileged users and passwords. While seemingly innocuous, these accounts provide workers with "keys to the kingdom," allowing them to access critically sensitive information, no matter where it resides."

News release: "Six federal agencies issued a set of frequently asked questions (FAQs) today to help financial institutions, creditors, users of consumer reports, and issuers of credit cards and debit cards comply with federal regulations on identity theft and discrepancies in changes of address. The “Red Flags and Address Discrepancy Rules,” which implement sections of the Fair and Accurate Credit Transactions Act of 2003, were issued jointly on November 9, 2007, by the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), Office of Thrift Supervision (OTS), and Federal Trade Commission (FTC)."

News release: "A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet."

URL shorteners, such as TinyURL, bit.ly and notlong.com allow users to share and post links in a quicker manner with less likelihood of misdirection. They also add an intermediary between the reader and the site of origin, and the risk of countless dead links if and when the business model of the respective services ceases to sustain a viable return.

News release: " The Online Trust Alliance (OTA) gave leading government agencies and online retailers a failing grade in preventing deceptive email and phishing scams based on its newly released analysis of email authentication adoption. While adoption has grown over the past year, OTA found approximately 56 percent of the top .gov sites – including Whitehouse.gov, FBI.gov, Treasury.gov and DHS.gov – still are not protecting U.S. citizens through the use of email authentication. At the same time, progress has been made by other government agencies including the Census Bureau, CIA, FDIC, VA and FTC."

• Top 25 Government Domains Report Card
  
• Internet Retailer 300 Report Card
  
• OTA email authentication resources

E-Discovery Update: E-Discovery in the $50,000 Case - Conrad J. Jacoby's focus for this column is smaller legal disputes that may involve electronic evidence, including divorce proceedings and child custody matters, as well as criminal cases, all of which may require review of cell phone call records, SMS and e-mail exchanges.

"The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a one-year period. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The fourteenth version of the report, released April 14, 2009, is now available."

"In December 2003, the Internet Fraud Complaint Center (IFCC) was renamed the Internet Crime Complaint Center (IC3) to better reflect the broad character of such criminal matters having a cyber (Internet) nexus. The 2008 Internet Crime Report is the eighth annual compilation of information on complaints received and referred by the IC3 to law enforcement or regulatory agencies for appropriate action. From January 1, 2008 – December 31, 2008, the IC3 website received 275,284 complaint submissions. This is a (33.1%) increase when compared to 2007 when 206,884 complaints were received. These filings were composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet."

News release: "The Internal Revenue Service issued its 2008 list of the 12 most egregious tax schemes and scams, highlighted by Internet phishing scams and several frivolous tax arguments. Topping this year’s list of scams is phishing, which encompasses numerous Internet-based ploys to steal financial information from taxpayers. New to the “Dirty Dozen” this year is a scheme, which IRS auditors discovered, that relates to unreasonable and/or excessive fuel tax credit claims."

Collaboration Through Wikis at Hicks Morley - Heather Colman explains how wikis were an ideal KM solution for her law firm. Quick and easy to set up, requiring little IT support, wikis support central data repositories and provide features including search capabilities, email, RSS, and also allow users to create a taxonomy of subject tags to classify information.

News release: "Over half of the adult internet population is between 18 and 44 years old. But larger percentages of older generations are online now than in the past, and they are doing more activities online, according to surveys taken from 2006-2008. Contrary to the image of Generation Y as the "Net Generation," internet users in their 20s do not dominate every aspect of online life. Generation X is the most likely group to bank, shop, and look for health information online. Boomers are just as likely as Generation Y to make travel reservations online. And even Silent Generation internet users are competitive when it comes to email (although teens might point out that this is proof that email is for old people)."

Intel: "On January 28, 2009, the United States, Canada, and 27 European countries will celebrate Data Privacy Day together for the second time. Designed to raise awareness and generate discussion about data privacy practices and rights, Data Privacy Day activities in the United States have included privacy professionals, corporations, government officials, and representatives, academics, and students across the country. One of the primary goals of Data Privacy Day is to promote privacy awareness and education among teens across the United States. Data Privacy Day also serves the important purpose of furthering international collaboration and cooperation around privacy issues."

"Welcome to the new WhiteHouse.gov. A short time ago, Barack Obama was sworn in as the 44th president of the United States and his new administration officially came to life. One of the first changes is the White House's new website, which will serve as a place for the President and his administration to connect with the rest of the nation and the world.

Millions of Americans have powered President Obama's journey to the White House, many taking advantage of the internet to play a role in shaping our country's future. WhiteHouse.gov is just the beginning of the new administration's efforts to expand and deepen this online engagement. Just like your new government, WhiteHouse.gov and the rest of the Administration's online programs will put citizens first. Our initial new media efforts will center around three priorities:

Communication...This site will feature timely and in-depth content meant to keep everyone up-to-date and educated. Check out the briefing room, keep tabs on the blog (RSS feed) and take a moment to sign up for e-mail updates from the President and his administration so you can be sure to know about major announcements and decisions.

Transparency...The President's executive orders and proclamations will be published for everyone to review, and that’s just the beginning of our efforts to provide a window for all Americans into the business of the government. You can also learn about some of the senior leadership in the new administration and about the President’s policy priorities.

Participation...One significant addition to WhiteHouse.gov reflects a campaign promise from the President: we will publish all non-emergency legislation to the website for five days, and allow the public to review and comment before the President signs it."

Follow up to previous postings on missing White House emails, today's news release: "At a hearing today concerning the risks posed by the presidential transition to the recovery of millions of missing e-mails from the Executive Office of the President (EOP) in the National Security Archive's lawsuit seeking restoration of those e-mails, the White House acknowledged that it has done little to recover e-mail files from computer workstations and nothing to collect external media storage devices that could hold e-mails. These admissions came despite the issuance of a report and recommendation in April 2008 by a federal magistrate judge calling for the White House to locate and preserve data from the workstations and external media storage devices. Earlier today the court issued an order requiring steps to be taken to secure files from individual computer workstations, memory sticks, zip drives, DVDs and CDs."

Metadata - What Is It and What Are My Ethical Duties?: Jim Calloway explains why every lawyer needs to understand a few basic things about metadata. He contends that the legal ethics implications of metadata “mining” are no longer just of interest to the lawyers processing electronic discovery, or the ethics mavens.

Editorial - Exit Stonewalling: "...E-mail messages that have gone suspiciously missing are estimated to number in the millions. These could illuminate some of the administration’s darker moments, including the lead-up to the Iraq war, when intelligence was distorted, the destruction of videotapes of C.I.A. torture interrogations, and the vindictive outing of the C.I.A. operative Valerie Plame Wilson. The deep-sixed history also includes improper business conducted by more than 50 White House appointees via e-mail at the Republican Party headquarters. Historians and archivists are suing the administration. We should be grateful for their efforts. Entire days of e-mail records have turned up conveniently blank at the offices of President Bush and Vice President Dick Cheney."

New York Times: "The National Archives has put into effect an emergency plan to handle electronic records from the Bush White House amid growing doubts about whether its new $144 million computer system can cope with the vast quantities of digital data it will receive when President Bush leaves office on Jan. 20. The technical challenge was an inevitable result of the explosion in cybercommunications, which will make the electronic record of the Bush years about 50 times as large as that left by the Clinton White House in 2001, archives officials estimate. The collection will include top-secret e-mail tracing plans for the Iraq war..."

News release: "The federal bank, credit union, and thrift regulatory agencies today announced publication of a revised identity theft brochure – You Have the Power to Stop Identity Theft – to assist consumers in preventing and resolving identity theft. The updated brochure focuses primarily on Internet "phishing" by describing how phishing works, offering ways to protect against identity theft, and detailing steps to follow for victims of identity theft. The brochure includes contact information for three major credit bureaus, where to report suspicious e-mails, and where to access additional information."

Washington Post: "Armed with millions of e-mail addresses and a political operation that harnessed the Internet like no campaign before it, Barack Obama will enter the White House with the opportunity to create the first truly "wired" presidency. Obama aides and allies are preparing a major expansion of the White House communications operation, enabling them to reach out directly to the supporters they have collected over 21 months without having to go through the mainstream media."

News release: "A court ruled today that the National Security Archive may proceed with its effort to force the White House to recover millions of Bush Administration Executive Office of the President (EOP) e-mail records before the presidential transition. Rejecting the government's motion to dismiss the Archive's lawsuit, the Court ruled that the Federal Records Act permits a private plaintiff to bring suit to require the head of the EOP or the Archivist of the United States to notify Congress or ask the Attorney General to initiate action to recover destroyed or missing e-mail records...The National Security Archive originally filed its case against the Executive Office of the President and the National Archives and Records Administration to preserve and restore missing e-mail federal records in September 5, 2007. A subsequent lawsuit filed by Citizens for Responsibility and Ethics in Washington has been consolidated with the Archive's lawsuit. A chronology of the litigation is available here."

Spamalytics: An Empirical Analysis of Spam Marketing Conversion, October 2008 - Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson† Stefan Savage

News release: "Online scammers are taking advantage of tough economic times. While e-mails phishing for sensitive data are nothing new, scammers are taking advantage of upheavals in the financial marketplace to confuse consumers into parting with valuable personal information. The Federal Trade Commission urges caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or mortgage. In fact, these messages may be from “phishers” looking to use personal information – account numbers, passwords, Social Security numbers – to run up bills or commit other crimes in a consumer’s name. Consumers are warned not to take the bait. The FTC has advice about how to stay on guard against this type of scam. To learn more, see the consumer alert Bank Failures, Mergers and Takeovers: A ‘Phish-erman’s Special.

News release: "The Federal Trade Commission’s Web site that helps consumers stay on guard against Internet fraud is revamping to provide extra tools for cyber safety. The FTC’s announcement of the newly designed and improved site comes on the first day of October, which is National Cyber Security Awareness Month. Since the September 2005 launch of www.OnGuardOnline.gov and its Spanish-language counterpart, www.AlertaEnLínea.gov, more than 8.1 million visitors have learned about computer security at these sites. Now, with the help of 22 federal agencies, industry organizations, and non-profit groups, the FTC has introduced a variety of new features to help consumers avoid Internet fraud, secure their computers, and protect their personal information...The articles, games, and videos on the site provide information on 16 topics, including social networking, phishing, spam scams, and laptop security."

News release: "A new national survey shows that 62% of adults who are currently employed use the internet or email at work and they have mixed views about the impact of technology on their work lives. On the one hand, they cite the benefits of increased connectivity and flexibility that the internet and all of their various gadgets afford them at work. On the other hand, many workers say these tools have added stress and new demands to their lives."

Follow up on postings related to the White House visitor logs, this news release: "U.S. District Court Judge Colleen Kollar-Kotelly issued a preliminary injunction in CREW, et al. v. Cheney et al., requiring Vice President Cheney, the Office of the Vice President, the Executive Office of the President, that archivist and the National Archives and Records Administration to preserve all vice presidential records, broadly defined to encompass all records relating to the vice president carrying out his constitutional, statutory or other official or ceremonial duties."

Being Wired or Being Tired: 10 Ways to Cope with Information Overload: "Sarah Houghton-Jan explores different strategies for managing and coping with various types of informational overload." Ariadne, Issue 56 July 2008.

USA.gov: "The National Archives and Records Administration (NARA) issued e-mail archiving applications guidance July 31 for certain e-mails that are considered records under the Federal Records Act. The bulletin informs agencies that e-mail archiving technologies may not necessarily meet all of the Federal Records Act requirements."

Surveillance made easy, NewScientist.com news service, Laura Margottini: "This data allows investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time."

So said the UK Home Office last week as it announced plans to give law-enforcement agencies, local councils and other public bodies access to the details of people's text messages, emails and internet activity. The move followed its announcement in May that it was considering creating a massive central database to store all this data, as a tool to help the security services tackle crime and terrorism."

Related links:
• UK House of Commons, Communications Data Bill: "The purpose of the Bill is to: allow communications data capabilities for the prevention and detection of crime and protection of national security to keep up with changing technology through providing for the collection and retention of such data, including data not required for the business purposes of communications service providers; and to ensure strict safeguards continue to strike the proper balance between privacy and protecting the public.
• Siemens - Lawful Interception (Monitoring Center, Intelligence Platform) - "Authorized groups need to have direct access to communications between suspects, whether it is individuals, groups or organizations. Only then can they take appropriate action, detect, prevent and anticipate crimes and guarantee peace and security."

Official Google Enterprise Blog: "In July, our Postini datacenters saw the biggest volume of email virus attacks so far in 2008, with a peak of nearly 10 million messages on July 24. One of the more prominent attacks in the month involved a spoofed UPS package-tracking link that was intended to lure recipients into clicking on it and downloading malware. Our zero-hour virus protection technology first started catching these emails on July 20."

News release: "The Federal Trade Commission today released a staff report on a Roundtable Discussion on Phishing Education that it hosted in April. Approximately 60 experts from business, government, the technology sector, the consumer advocacy community, and academia met at the FTC to discuss strategies for outreach to consumers about avoiding phishing. Phishers use deceptive spam that appears to come from legitimate, well-known sources to trick consumers into divulging sensitive or personal information, such as credit account numbers or passwords, often through a link to a copycat of the purported source’s Web site."

Bill Summary - H.R. 5811: The Electronic Message Preservation Act. Rep. Henry A. Waxman, Chairman, Committee on Oversight and Government Reform

Committee on Oversight: "Rep. Henry A. Waxman, Rep. Wm. Lacy Clay, and Rep. Paul W. Hodes released a new GAO report that finds that senior federal officials are failing to comply with requirements to preserve e-mail records. On Wednesday, the House is expected to consider legislation (H.R. 5811) to modernize the Federal Records Act and the Presidential Records Act to ensure the preservation of these important federal records.

The new GAO report, Federal Records: National Archives and Selected Agencies Need to Strengthen E-Mail Management, finds:

• All four of the agencies examined — the Department of Homeland Security, the Department of Housing and Urban Development, the Environmental Protection Agency, and the Federal Trade Commission — are relying on outdated and unreliable “print and file” systems for preserving e-mail records.
  
• Senior agency officials did not fully comply with key requirements for preserving e-mail records. GAO reviewed the practices of 15 senior agency officials in the four agencies and found that a majority of these officials failed to manage their e-mail records in accordance with regulatory requirements. E-mails were not retained in adequate recordkeeping systems, making the e-mail records easier to lose, harder to find, and vulnerable to deletion or other tampering. Inadequate oversight and training within agencies contributed to the inconsistent compliance with preservation requirements..."

Follow up - related postings on missing White House emails, today's news: News release: "Today, D.C. District Court Judge Colleen Kollar-Kotelly issued an opinion in CREW v. Office of Administration, finding that the Office of Administration (OA) is not an agency subject to the Freedom of Information Act (FOIA). In May 2007, CREW sued OA for records regarding missing White House e-mail and the office’s assessment of the scope of the problem. After initially agreeing to provide records, OA changed course and claimed it was not an agency and, therefore, had no obligation to comply with the FOIA. OA made this claim despite the fact that even the White House’s own website described OA as an agency and included regulations for processing FOIA requests."

New York Times: "Some of the biggest technology firms, including Microsoft, Intel, Google and I.B.M., are banding together to fight information overload. Last week they formed a nonprofit group to study the problem, publicize it and devise ways to help workers — theirs and others — cope with the digital deluge."

Proofpoint’s Outbound Email and Data Loss Prevention in Today’s Enterprise, 2008 report - ["the survey was fielded in the US, UK, France, Germany and Australia to explore global concerns.]

"Email remains the most important medium for communications both inside and outside the enterprise. But the convenience and ubiquity of email as a business communications tool has exposed enterprises to a wide variety of legal, financial and regulatory risks associated with outbound email. Enterprises continue to express a high level of concern about creating, managing and enforcing outbound messaging policies (for email and other communication protocols) that ensure that messages leaving the organization comply with both internal rules, best practices for data protection and external regulations. In addition, organizations remain very concerned about ensuring that email (and other electronic message streams) cannot be used to disseminate confidential or proprietary information...The results show that data protection concerns are not confined to the US and that globally, email, webmail, FTP, blogs message boards, media sharing sites and social networking sites are a source of concern as well as real-world risk for IT professionals working in large enterprises."

• Abstinence Education: Assessing the Accuracy and Effectiveness of Federally Funded Programs, GAO-08-664T, April 23, 2008
• Antidumping and Countervailing Duties: Congress and Agencies Should Take Additional Steps to Reduce Substantial Shortfalls in Duty Collection, GAO-08-391, March 26, 2008
• Federal Records: Agencies Face Challenges in Managing E-Mail, GAO-08-699T, April 23, 2008: "Federal agencies are increasingly using electronic mail (e-mail) for essential communication. In doing so, they are potentially creating messages that have the status of federal records, which must be managed and preserved in accordance with the Federal Records Act. To carry out the records management responsibilities established in the act, agencies are to follow implementing regulations that include specific requirements for e-mail records. In view of the importance that e-mail plays in documenting government activities, GAO was asked to testify on issues relating to the preservation of electronic records, including e-mail."
• Homeland Security: Enhanced National Guard Readiness for Civil Support Missions May Depend on DOD's Implementation of the 2008 National Defense Authorization Act, GAO-08-311, April 16, 2008
• Human Capital: Workforce Diversity Governmentwide and at the Small Business Administration, GAO-08-725T, April 23, 2008
• Intelligence, Surveillance, and Reconnaissance: DOD Can Better Assess and Integrate ISR Capabilities and Oversee Development of Future ISR Requirements, GAO-08-374, March 24, 2008
• National Transportation Safety Board: Progress Made in Management Practices, Investigation Priorities, Training Center Use, and Information Security, But These Areas Continue to Need Improvement, GAO-08-652T, April 23, 2008
  Permanent Link

News release: "Today, the White House sought clarification from the court concerning its ability to restore missing records from backup tapes that are currently being preserved. The White House inquiry comes as the National Security Archive continues to await a ruling by the United States District Court for the District of Columbia on its pending motion to extend an e-mail preservation order against the Executive Office of the President (EOP) and to depose relevant witnesses about the state of the White House's e-mail archiving system.

A new bill to establish procedures to assure the preservation of electronic federal and presidential records was introduced this week by Rep. Henry A. Waxman (D-CA), Rep. Wm. Lacy Clay (D-MO), and Rep. Paul W. Hodes (D-NH) (H.R. 5811), but that bill would have no effect on the e-mails that are the subject of the pending lawsuit. A new chronology of events in the White House e-mail lawsuits was also published on the Web today by the Archive.

Jerry Crimmins, Chicago Daily Law Bulletin, April 10, 2008: " The University of Chicago Law School has removed Internet access in most of its classrooms because of a growing problem of students surfing the Web on laptops during lectures...Law students' use of laptops to surf the Web, read and write e-mail and play computer games during class has brought changes at a number of schools, including Harvard, Yale and Stanford."

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, news today from AP: "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act, today's news release: "Today, in response to a request by the National Security Archive, which along with Citizens for Responsibility and Ethics in Washington (CREW) has sued the White House challenging its failure to preserve millions of missing email, Magistrate Judge Facciola issued a show cause order in CREW, et al. v. EOP. Judge Facciola's order requires the White House to show cause by close of business Friday, March 21, why it should not be ordered to create and preserve a forensic copy of any media that has been used or is being used by any former or current employee between March 2003 and October 2005, the period of time for which email is missing. He entered the Order based at least in part on the White House's own admission that it did not preserve back-up tapes prior to October 2003."

VOIP-News: "Email, IM (instant messaging) and even VoIP solutions like Skype and Vonage have taken over communications in both the business and social worlds. These systems work well because they're a much-needed solution for high phone bills, static-filled communications and dropped cell-phone calls. Internet-based communication methods also give users optimum remote access, since all one needs to use VoIP or send an IM is an Internet connection. But with this increase in popularity comes serious security issues. VoIP technology is still relatively new, and hackers are finding new ways to rip off service providers and their customers. Just who might be spying on your online communications? You might be surprised."

Electronic Frontier Foundation: "Three powerful House Commerce Committee Chairmen strongly urged their colleagues Thursday to defer acting on requests for retroactive immunity and to demand more information from the White House and the telecommunications companies in the wake of disclosures by another whistleblower that the government apparently has been granted an open gateway to customer information and calls by a major telecommunications company."

• March 6, 2008 Dear Colleague letter, written by John Dingell, Chairman of the House Committee on Energy and Commerce; Ed Markey, Chairman of the House Subcommittee on Telecommunications and the Internet; and Bart Stupak, Chairman of the Subcommittee on Oversight and Investigations: "..Yesterday another whistleblower stepped forward with troubling charges that at least one major wireless telecommunications giant may have given a Congressional entity access to every communications coming through that company's infrastructure, including every e-mail, Internet use, document transmission, video and text message, as well as the ability to listen in on any phone call."


• Related postings on domestic surveillance program

News release: "Speaker Nancy Pelosi released the following statement February 29, 2008 in response to a letter she received late this afternoon from U.S. Attorney General Michael Mukasey stating that the Administration is refusing to enforce contempt of Congress citations against former White House Counsel Harriet Miers and White House Chief of Staff Joshua Bolten:

“By ordering the U.S. Attorney to take no action in response to congressional subpoenas, the Bush Administration is continuing to politicize law enforcement, which undermines public confidence in our criminal justice system. Anticipating this response from the Administration, the House has already provided authority for the Judiciary Committee to file a civil enforcement action in federal district court and the House shall do so promptly. The American people demand that we uphold the law. As public officials, we take an oath to uphold the Constitution and protect our system of checks and balances and our civil lawsuit seeks to do just that.”

2007 Electronic Monitoring & Surveillance Survey - Over Half of All Employers Combined Fire Workers for E-Mail & Internet Abuse, February 28, 2008

Committee Holds Hearing on Electronic Records Preservation at the White House, Chairman Waxman's Opening Statement, February 26, 2008:
"...When President Clinton left office and President Bush came into office, the White House had in place a system for archiving White House e-mails that complied with the Presidential Records Act...In its place, the White House adopted a system that one of its own experts described as “primitive” and carried a high risk that "data would be lost." The system also had serious security flaws. Until the problem was corrected in 2005, all officials in the White House had access to the archive system and the ability to delete or alter existing information. The White House’s own analysis of its system identified over 700 days in which e-mail records seem either impossibly low or completely nonexistent. This 2005 analysis was prepared by a team of 15 White House officials and contractors."

• Supplemental Information for Full Committee Hearing on White House E-mails: "The Committee has been investigating White House compliance with the Presidential Records Act. In preparation for this hearing, the Committee received more than 20,000 pages of intemal e-mails and other documents from the White House and the National Archives and Records Administration. The Committee also interviewed or received written answers to questions from six current or former officials in the White House responsible for preserving White House records.


• Testimony of Alan R. Swendiman, Special Assistant to the President and Director, Office of Administration


• Testimony of Theresa Payton, Chief Information Officer, Office of Administration


• Testimony of Allen Weinstein, Archivist of the United States


• Interrogatory of Steven McDevitt


• Sources for Supplemental Information


• Previous postings on missing White House email
Permanent Link

"On Tuesday, February 26, 2008, at 10:00 a.m., in room 2154 of the Rayburn House Office Building, the full Committee on Government Oversight and Reform will hold a hearing entitled Electronic Records Preservation at the White House."

A Portrait of Early Internet Adopters: Why People First Went Online --and Why They Stayed, by Amy Tracy Wells, Research Fellow, Pew Internet & American Life Project, February 20, 2008

"This Registry of USG Recommended Biometric Standards (Registry) supplements the NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards. This Registry is based upon interagency consensus on biometric standards required to enable the interoperability of various Federal biometric applications, and to guide Federal agencies as they develop and implement related biometric programs. Version 1.0 of this Registry document is being presented to the public for review, with comments due by March 10, 2008. The Subcommittee will review all comments received, make necessary adjustments, and finalize the Registry through normal NSTC approval processes. The Subcommittee will continuously review the content of this document, and release updated versions as required to assist agencies in the implementation and reinforcement process of biometric standards to meet agency-specific mission needs."

"Cisco® today announced key findings from its annual global study on remote workers' security awareness and online behavior, indicating how they can inadvertently heighten risks for themselves and the companies they work for. The study's findings are prompting Cisco security executives to offer recommendations to information technology (IT) professionals on how to protect their companies against threats and maximize the business benefits of distributed and mobile workforces."

Follow up to previous postings on the controversy surrounding missing White House email, this press release: "Today, in light of the emerging details of the disappearance of millions of White House emails, Citizens for Responsibility and Ethics in Washington (CREW) sent a letter to Attorney General Michael B. Mukasey asking that he appoint a special counsel to investigate the matter. Specifically, CREW asked for an investigation into whether the White House violated federal record-keeping laws by knowingly failing to preserve and restore millions of emails and by deliberately failing to use an effective and appropriate record-keeping system for the preservation of federal and presidential electronic records. The White House is subject to two sets of federal laws governing how it must maintain and preserve its records, the Federal Records Act (FRA) and the Presidential Records Act (PRA)."

Press release: "The FBI has recently developed information indicating cyber criminals are attempting to once again send fraudulent e-mails to unsuspecting recipients stating that someone has filed a complaint against them or their company with the Department of Justice or another organization such as the Internal Revenue Service, Social Security Administration, or the Better Business Bureau."
Related resources:

"Criminals are hard at work thinking up creative ways to get malware on your computer, warns the Federal Trade Commission. With appealing Web sites, desirable downloads, and compelling stories, these criminals try to lure consumers to links that will download malware, especially on computers that don’t use adequate security software. Then, they use the malware – malicious software – to steal personal information, send spam, and commit fraud. A new publication from the FTC has information that could help consumers protect their computers against malware and reclaim their computer and electronic information if malware is already on their computer. The publication, Minimizing the Effects of Malware, provides tips on spotting malware, and urges consumers to act immediately if they suspect their computer is affected by malware."

Press release: "The Internal Revenue Service today warned taxpayers to beware of several current e-mail and telephone scams that use the IRS name as a lure. The IRS expects such scams to continue through the end of tax return filing season and beyond. The IRS cautioned taxpayers to be on the lookout for scams involving proposed advance payment checks. Although the government has not yet enacted an economic stimulus package in which the IRS would provide advance payments, known informally as rebates to many Americans, a scam which uses the proposed rebates as bait has already cropped up."

What if the Internet went down...and didn't come back up? By Lynn Greiner, CIO.com, 01/22/08

Press release: "Congresswoman Betty McCollum (MN-04), has sent a letter to the Government Accountability Office asking that it reopen its investigation of the privacy and national security risks posed by government agencies reselling used magnetic data tapes that may once have contained large amounts of sensitive personal and government information. Researchers working for Imation, an Oakdale, MN-based corporation that produces magnetic data tapes, were able to recover a wide range of sensitive information from used data tapes that were supposedly wiped clean before being re-sold. Using readily available equipment and information, Imation investigators found out where the tapes originated and recovered bank account numbers, expense reports, employee tax and benefit information, and other sensitive data."

Follow up to postings on the investigation into missing White House emails, news that CREW has completed an analysis [Word documents] of the national news events that took place on the dates for which there are missing White House email."

Follow up to previous postings on missing White House emails, from the House Oversight Committee: "On February 15, the Committee will hold a hearing to investigate White House compliance with the Presidential Records Act. Statements made at the January 17 White House press briefing contradict information provided to the Committee, which revealed that a 2005 White House analysis found no archived mail for hundreds of days between 2003 and 2005. The following officials have been invited to testify: Fred Fielding, Counsel to the President; Alan Swendiman, Director, Office of Administration; Allen Weinstein, Archivist of the United States."

Follow up to previous postings on missing White House emails, today's Press release from Citizens for Responsibility and Ethics in Washington (CREW): "Yesterday’s midnight filing by the White House in CREW v. Executive Office of the President, a lawsuit challenging the failure of the White House to preserve and restore millions of missing emails, raises some very troubling questions...The White House has now admitted that it does not have an effective system for storing and preserving emails. This is no mere technicality; it is this failure that led to the likely destruction of over 10 million email. What the White House has not explained is why it abandoned the electronic record-keeping system used by the prior administration -- a system that properly preserved White House email -- but did not replace it with another effective and appropriate system."

Press release: "Becta [British Educational Communications and Technology Agency], the education technology agency, has published a key report on Microsoft Vista and Office 2007 and on document interoperability which analyses the suitability of both software packages for adoption by schools and colleges."

Follow up to postings on missing White House E-mail, from the National Security Archive: "In an Order issued today, Magistrate Judge Facciola of the United States District Court for the District of Columbia ordered the White House to answer questions about over 5 million missing e-mails generated between 2003-2005. Noting that the need for information the missing e-mails is "time-sensitive" because of the risk that stored copied of the e-mails "are increasingly likely to be deleted or overridden with the passage of time," the Court demanded answers in a sworn declaration by January 13, 2008 about the location of the missing e-mails."

Press release: "In a new report, the Federal Trade Commission staff describes findings from its July 2007 workshop, “Spam Summit: The Next Generation of Threats and Solutions” and proposes follow-up action steps that stakeholders can adopt to mitigate the harmful effects of malicious spam and phishing. In addition to proposing action steps for stakeholders, the report provides an overview of the agency’s decade-long role in protecting consumers from the threats of fraudulent spam and phishing. The report also announces results from staff’s 2007 Harvesting and Filtering Study, which suggest that Internet service providers’ spam filters continue to serve an integral role in reducing the amount of spam that reaches consumers’ in-boxes."

Press release: "Proofpoint, Inc., the leading provider of unified email security and data loss prevention solutions, today reported spam trends for data collected during the month of November 2007, finding that, on average, spam continues to represent nearly 90% of the total email volume received by large enterprises. Attachment-based spam made a comeback with the prevalence of image-based spam, PDF spam and Microsoft Word document spam all increasing over October levels."

McAfee Virtual Criminology Report - Cybercrime: The Next Wave - The annual McAfee global cyber trends study into organized crime and the Internet in collaboration with leading international security experts, November 2007.

Prepared Statement of Senator Max Baucus (D-Mont.) Regarding the Finance Committee Investigation of Avandia, November 15, 2007: "We place a great deal of trust in pharmaceutical companies to make safe and effective products.The health of millions of Americans, from young children to retirees, depends on the careful work of these drug manufacturers. Today, Senator Grassley and I are placing in the Congressional Record a Senate Finance Committee staff report which describes a very disturbing series of events related to the safety of the diabetes drug Avandia. The report presents evidence that a pharmaceutical company allegedly tried to intimidate a doctor who raised concerns about Avandia’s link to heart problems. This occurred after the doctor gave speeches at two scientific meetings where he warned of the cardiovascular risks to those using Avandia, a drug designed to control glucose levels in diabetics. To make matters worse, the company in question denied trying to intimidate the doctor in the
press. That claim is seriously challenged by emails presented in the staff report."

Press release: "Today, U.S. District Judge Henry Kennedy granted Citizens for Responsibility and Ethics in Washington's (CREW) request for a temporary restraining order to prevent the White House from destroying back-up copies of millions of deleted emails while the lawsuit is pending. CREW brought this lawsuit against the Executive Office of the President and the National Archives and Records Administration challenging their failure to restore and preserve millions of emails deleted from White House servers and to institute an effective electronic record-keeping system. When the White House refused to give adequate assurances that it would preserve back-up copies of the deleted emails -- the only source of these important historical records [see Federal Records Act] -- CREW sought a temporary restraining order."

Follow up to previous postings on litigation and hearings on missing White House email and violations of the Presidential Records Act: "The National Security Archive filed a motion on Friday, October 26, seeking expedited discovery against the Executive Office of the President to find out what e-mails are missing from the White House e-mail system or backup tapes. Archive General Counsel Meredith Fuchs explained, “The pressing need for the information arises out of troubling representations by the EOP and its components about its document preservation obligations and the location of its backup tapes. We need information so we can take steps to preserve all possible sources of e-mails deleted from the White House servers.” Also on Friday, a similar motion was filed in a virtually identical lawsuit brought by Citizens for Responsibility and Ethics in Washington (CREW) on September 25, 2007.

The Archive filed this case on September 5, 2007, against the Executive Office of the President (EOP) and its components seeking to recover at least 5 million federal e-mail records improperly deleted by the EOP. After the government failed to provide adequate assurances that backups and copies of the missing e-mail would be preserved throughout this litigation, on October 11, 2007, CREW filed a motion for a temporary restraining order against the White House defendants in its case. A hearing in CREW’s case was held before Magistrate Judge Facciola on October 17, 2007. Magistrate Judge Facciola issued a Report and Recommendation on October 19, 2007, advising the Court to grant a temporary restraining order. The government has filed objections to Magistrate Judge Facciola’s Report and Recommendation, and CREW has responded to the government’s objections."

Follow up to October 17, 2007 posting, Court Indicates Order on Missing White House Email Forthcoming, from CREW: "Today, in CREW v. EOP, Magistrate Judge John Facciola issued a report and recommendation in which he concluded that a temporary restraining order should be issued by District Court Judge Henry Kennedy preventing the White House from destroying any back-up copies – in whatever medium - created to preserve data. CREW sought this order to ensure that back-up copies of the millions of email deleted from White House servers between March 2003 and October 2005 were preserved pending resolution of CREW's lawsuit challenging as contrary to law those deletions and the failure of the White House to have an effective electronic record-keeping system in place. The court refused to accept the last-minute proffer of the White House to provide a declaration in lieu of a court order, explaining that a declaration is not sufficient because a violation is not punishable by contempt. The White House has 10 days in which to file an objection to this recommendation, after which Judge Kennedy will issue an order."

Follow up to previous posting, Group Issues Report on Missing White House Emails and Violations of the Presidential Records Act, from AP today news that "U.S. Magistrate John M. Facciola indicated Wednesday [that he] may order the Bush administration to preserve copies of all White House e-mails, a move that a government lawyer argued strongly against."

Press release: "With a full twelve months under our belt, today OpenDNS published the first-ever PhishTank annual report. The report looks at the more than 300,000 phishes you’ve submitted and helped verify over the course of one year. While some of the report’s findings come as no surprise (e.g., PayPal and eBay round out the top of the list of most spoofed brands), some are alarming. Perhaps the most important finding, and the one that drove us to come up with a fix, is that U.S. telecoms are hosting more phishes than telecoms in any other country."

Follow up to previous postings on missing White House e-mails and violations of the Presidential Records Act, this press release: "The National Security Archive today sued the White House seeking the recovery and preservation of more than 5 million White House e-mail messages that were apparently deleted from White House computers between March 2003 and October 2005. The lawsuit filed this morning in U.S. District Court for the District of Columbia names as defendants the Executive Office of the President and its components that are subject to the Federal Records Act, including the White House Office of Administration (OA), and the National Archives and Records Administration (which is responsible for long-term preservation of federal and presidential records), under the records laws and the Administrative Procedure Act."

Follow up to previous postings re the ongoing Congressional investigation into missing White House emails, news from Bloomberg that "an [unidentified] outside contractor...conducted daily audits of the [White House] e-mail system..." and yet "5 million e-mails from March 2003 to October 2005 are missing..."

"Today Chairman Waxman wrote [Letter to Fred Fielding] to request information from the White House Office of Administration about reports that millions of e-mails that may have been lost from the White House e-mail system."

PC World: Study Finds Spam's Achilles Heel - "Researchers say they've discovered a critical weakness in the spam infrastructure."

"Today Chairman Waxman and Ranking Member Davis sent a letter to the White House requesting specific documents related to the death of U.S. Army Corporal Patrick Tillman, who was killed by friendly fire in Afghanistan in 2004. The White House has made available for staff review approximately 400-450 pages, which had previously been redacted or withheld. Following this review, the Committee is requesting that the White House provide the Committee several internal e-mail communications as well as drafts of the President's remarks about Corporal Tillman at the White House Correspondents' Dinner."

"Over 50 per cent of UK business users are unable to walk away from their emails when on holiday or off sick, according to new research announced at the Inbox/Outbox 2007 event." Ian Williams, vnunet.com 20 Jul 2007

Spam Summit: The Next Generation of Threats and Solutions: "A two-day conference that will bring together experts from the business, government, and technology sectors, consumer advocates, and academics to explore consumer protection issues surrounding spam, phishing and malware. The agenda and a list of participants can be found here."

Press release: "Google Inc. announced today that it has signed a definitive agreement to acquire Postini, a global leader in on-demand communications security and compliance solutions serving more than 35,000 businesses and 10 million users worldwide. Postini's services -- which include message security, archiving, encryption, and policy enforcement -- can be used to protect a company's email, instant messaging, and other web-based communications. Under the terms of the agreement, Google will acquire Postini for $625 million in cash, subject to working capital and other adjustments, and Postini will become a wholly-owned subsidiary of Google. The agreement is subject to customary closing conditions and is expected to close by the end of the third quarter 2007."

Follow up to previous postings on Connecticut librarians and FBI NSL gag order, via Wired Blog, Librarians Describe Life Under An FBI Gag Order: "Two Connecticut librarians on Sunday [at the 2007 ALA Annual Conference in Washington, DC] described what it was like to be slapped with an FBI national security letter and accompanying gag order."

MessageLabs Intelligence Report: Increased Number of Spam Spikes and New Image Spam Techniques Cause Trouble for Businesses: "Analysis of [May 2007] data showed that spammers continue to innovate and employ new methods to elude traditional anti-spam solutions. Rather than embedding images in the body of an email message, spammers are now hosting images on sites that do not require registration and include links to those sites or an HTML image in the email message."

NEWS.COM Special Report: Wardens of the WebTalkBack: Global security challenge falls to an elite corps, June 25, 2007

The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010 - "In this detailed white paper, IDC researches and analyzes the impact of ever-increasing amounts of digital information generated worldwide. It defines the digital universe and forecasts its growth to an incredible 988 exabytes (or 988 billion gigabytes) in the year 2010. Get a clear picture of what this expanding universe means to you and your organization. Find out what’s driving growth—from files and e-mail to voice data and images. And learn about strategies for managing the rapidly expanding digital universe."

EFF press release: "The government must have a search warrant before it can secretly seize and search emails stored by email service providers, according to a landmark ruling Monday in the 6th U.S. Circuit Court of Appeals. The court found that email users have the same reasonable expectation of privacy in their stored email as they do in their telephone calls -- the first circuit court ever to make that finding."

Administration Oversight, White House Use of Private E-mail Accounts: "The Oversight Committee has been investigating whether White House officials violated the Presidential Records Act by using e-mail accounts maintained by the Republican National Committee and the Bush Cheney ‘04 campaign for official White House communications. This interim staff report provides a summary of the evidence the Committee has received to date, along with recommendations for next steps in the investigation."

The information the Committee has received in the investigation reveals:

Daniel Pulliam at Govexec.com reported, "Eighteen agencies have been asked by the Office of Special Counsel to preserve electronic information dating back to January 2001 as part of its governmentwide investigation into alleged violations of the law that limits political activity in federal agencies. The OSC task force investigating the claims has asked agencies, including the General Services Administration, to preserve all e-mail records, calendar information, phone logs and hard drives going back to the beginning of the Bush administration."

Image Spam: By the Numbers, by Scott Berinato: "Image Spam—an e-mail solicitation that uses graphical images of text to avoid filters—is not new. Recently, though, it reached an unprecedented level of sophistication and took off. A year ago, fewer than five out of 100 e-mails were image spam, according to Doug Bowers of Symantec. Today, up to 40 percent are. Meanwhile, image spam is the reason spam traffic overall doubled in 2006, according to antispam company Borderware. It is expected to keep rising."

Press release: "Tens of thousands of consumers are unwitting accomplices of illegal spammers and at the mercy of identity thieves, warns the Federal Trade Commission. These consumers’ computers have been secretly hijacked by criminals who install spam-sending software and spyware on the computers when consumers open malicious e-mail attachments or visit a malicious Web site. After gaining access to consumers’ computers, the criminals can track consumers’ Internet surfing, steal personal information, and turn the computers into spam “zombies” that are part of a “botnet” made up of thousands of home computers through which spammers route spam. In a new consumer alert, Botnets and Hackers and Spam (Oh, My!), the FTC urges consumers to secure their personal information and stop assisting spammers."

Source: "Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations. PI is based in London, and has an office in Washington, D.C. Together with members in 40 countries, PI has conducted campaigns throughout the world on issues ranging from wiretapping and national security activities, to ID cards, video surveillance, data matching, police information systems, and medical privacy, and works with a wide range of parliamentary and inter-governmental organisations such as the European Parliament, the House of Lords and UNESCO."

Follow-up to previous postings on the U.S. attorney firings, this May 25, 2007 ress release: "Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Arlen Specter (R-Pa.) sent the following letter to Karl Rove’s attorney seeking access to e-mails related to the panel’s ongoing investigation into the firings of U.S. Attorneys and politicization within the Department of Justice."

Press release: "The volume of spam is growing in Americans' personal and workplace emailaccounts, but email users are less bothered by it.
Spam continues to plague the internet as more Americans than ever say they are getting more spam than in the past. But while American internet users report increasing volumes of spam, they also indicate that they are less bothered by it than before. Users have become more sophisticated about dealing with spam; fully 71% of email users use filters offered by their email provider or employer to block spam... Spam has not become a significant deterrent to the use of email, as some observers speculated it might when unsolicited email first began flooding users' inboxes several years ago. But it continues to degrade the integrity of email. Some 55% of email users say they have lost trust in email because of spam."

Press release: "Senator Patrick Leahy (D-Vt.), chairman of the Judiciary Committee, Wednesday issued a subpoena to Attorney General Alberto Gonzales (6 pages, PDF) compelling the Department of Justice to provide all Karl Rove e-mails in its possession related to the panel’s ongoing investigation into the mass firings of federal prosecutors. Rove, a senior political advisor to President Bush, and the White House political operation -- which Rove heads – have been linked to the project that resulted in the unprecedented firings of several well-performing federal prosecutors, according to information gathered by the Committee through documents, interviews and testimony. Several of the dismissed prosecutors have testified under oath and said in public that they were unaware of performance problems and believe political influence was a factor in their firings. Leahy requested the e-mails first at the Committee’s oversight hearing with the Attorney General on April 19, 2007, and then again in a letter to the Attorney General on April 25, 2007. The Attorney General has failed to respond to those earlier requests."

Justice Department Lists E-Mails and Memos Being Withheld in Firings of U.S. Attorneys: "The Justice Department released a list of internal documents Thursday focusing on lawmakers' concerns and media questions about the firings of eight federal prosecutors, but the department resisted congressional demands for copies of the memos. The list of 159 e-mails and memos, spanning nearly three months, at the least demonstrates concern about how the dismissals were being publicly received before they erupted into a firestorm that has resulted in calls for Attorney General Alberto Gonzales to resign."

On April 16, 2007 Barbara Fullerton, Manager, Librarian Relations, 10-K Wizard, Sabrina Pacifici, Editor & Publisher, LLRX.com and beSpacific.com and Aaron Schmidt, Director, North Plains Public Library, presented their always popular round-robin Gadgets presentation at Computers in Libraries 2007.

Follow-up to postings on the escalating interest in the U.S. Attorney firings, this press release: "Citizens for Responsibility and Ethics in Washington (CREW) released a report [April 12, 2007], WITHOUT A TRACE: The Missing White House Emails and the Violations of the Presidential Records Act, detailing the legal issues behind the story of the White House e-mail scandal. WITHOUT A TRACE covers the following areas:

Press release, Worldwide Email Usage 2007–2011 Forecast: Resurgence of Spam Takes Its Toll, March 2007: "This IDC study examines how email is being used and will be used for business and personal purposes. In its eighth year, this annual study of email usage provides email solution providers and their customers with insights on how email usage is changing based on a 10+ year perspective (2000–2010)..."Spam volumes will continue to grow faster than expected due to the success of image-based spam in bypassing antispam filters and of email sender identity spoofing in getting higher response rates. Instant messaging, joined by free and low-cost VoIP calling, will result in slower email growth, especially among teens and young adults," said Mark Levitt, program VP, Collaborative Computing and the Enterprise Workplace, IDC."

Following up on this April 10, 2007 posting, House Judiciary Committee Subpoenas AG Gonzales, and related links on the U.S. Attorney firings, today this press release from Rep. Waxman's House Oversight and Government Reform Committee: "Following briefings from the White House and Republican National Committee that revealed an extensive volume of e-mails regarding official government business may have been destroyed by the RNC, Chairman Waxman directs government agencies to preserve e-mails received from or sent to non-governmental e-mail accounts used by White House staffers. The Committee also requests that government agencies provide an inventory of all e-mails involving these accounts. The briefing received by the Committee raises serious concerns about the White House compliance with the Presidential Records Act, which requires that the President "take all such steps as may be necessary to assure that the activities, deliberations, decisions, and policies that reflect the performance of his constitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are maintained as Presidential records."
Related documents: This press release includes links to letters from the Chairman to 16 agency heads, which duplicate the text of a letter to Attorney General Gonzales. Each letter is three pages, PDF.

Press release: "Former 9/11 Commission counsel Janice Kephart announces the launch of an online Identity Document Security Library, consisting of legal, technical and policy pieces regarding identity document security. Kephart, a nationally recognized border security expert, created the library to serve as a 'one-stop-shop' information portal for those seeking objective, credible information on the issue of identity document security...The issue of identity, and information about identity, underlies the 9/11 Commission's border work, whose recommendations included the creation of minimum standards for state-issued driver licenses and IDs. Kephart's recently issued white paper, Identity and Security: Moving Beyond the 9/11 Staff Report on Identity Document Security, maintains that securing identities and identity documents is perhaps the single most effective measure the United States can take to lay a foundation for national and economic security and public safety."

"Citing evidence that senior White House officials are using RNC and other political email accounts to avoid leaving a record of official communications, Chairman Waxman directs the Republican National Committee and the Bush-Cheney ’04 Campaign to preserve the emails of White House officials and to meet with Committee staff to explain how the accounts are managed and what steps are being taken to protect the emails from destruction and tampering."

Documents and Links:

Follow up to related postings on firings of U.S. attorneys:

SEC press release: "The Securities and Exchange Commission this morning suspended trading in the securities of 35 companies that have been the subject of recent and repeated spam email campaigns (see examples). The trading suspensions - the most ever aimed at spammed companies - were ordered because of questions regarding the adequacy and accuracy of information about the companies. The trading suspensions are part of a stepped-up SEC effort - code named "Operation Spamalot" - to protect investors from potentially fraudulent spam email hyping small company stocks with phrases like, "Ready to Explode," "Ride the Bull," and "Fast Money." It's estimated that 100 million of these spam messages are sent every week, triggering dramatic spikes in share price and trading volume before the spamming stops and investors lose their money."

"The Pew Internet & American Life Project has just released a report that 34% of internet users have logged onto the internet using a wireless connection either around the house, at their workplace, or some place else. The report profiles these wireless users and describes their intensive use of the internet, especially in exchanging emails and getting news online."

Via PBS: Airing on Friday, February 16, 2007 (check for time in your area), "NOW reports on new evidence suggesting the existence of a secret government program that intercepts millions of private e-mails each day in the name of terrorist surveillance. News about the alleged program came to light when a former AT&T employee, Mark Klein, blew the whistle on what he believes to be a large-scale installation of secret Internet monitoring equipment deep inside AT&T's San Francisco office. The equipment, he contends, was created at the request of the U.S. government to spy on e-mail traffic across the entire Internet. Though the government and AT&T refuse to address the issue directly, Klein backs up his charges with internal company documents and personal photos."

Declan McCullagh reported last week on the reintroduction of numerous antispyware and ID theft bills, many of which reflect the same language as previous versions of related legislation. The article has links to major bills as well as respective legislative background.

"The Federal Bureau of Investigation (FBI) has launched a service that sends out electronic mail (e-mail) alerts when new and vital information is posted on the FBI.gov Web site. Subscribers select which topics that they want updates on, such as new electronic scams (e-scams) and warnings, most wanted terrorists, top ten fugitives, and local and national press releases. The alerts are transmitted as soon as updates are posted to the FBI's Web site or published in their daily, weekly, or monthly digests. The FBI views this service as a means of furthering American citizens' safety by keeping them informed. No personal information is required to sign up for this service, just an e-mail address to where the alerts will be sent. To sign up for the service please visit the www.FBI.gov."

LexisNexis press release: "Most office workers use workplace technology for personal reasons; many may be ignoring employer policies, new research shows...Despite the fact that nearly one-half (45%) of office workers have been explicitly informed their at-work technology usage is monitored, a majority still use their employers’ technology resources for personal reasons, according to a new survey conducted by Harris Interactive®..."

Press release, January 4, 2007: "Cisco today announced a definitive agreement to acquire the privately held company, IronPort Systems, Inc. of San Bruno, Calif. IronPort is a leading provider of messaging security appliances, focusing on enterprise spam and spyware protection."
Related news:

Press release: A "survey, conducted by Harris Interactive®, found that about three in four online adults (74 percent) view e-mail communications from a company they frequently patronize to be valuable or very valuable. In addition, 30 percent of online adults have purchased a particular good or service as a result of receiving such e-mails, and of these, 85 percent have done so within the past year."

Federal Computer Week reported that the Department of Defense has banned the use of Outlook and receipt of HTML email due to threats posed by spyware and viruses.

"The world of Legal Technology has...had its share of ups and downs in 2006, with companies spying on their boards, the treasury department spying on money transfers, and the government spying on, well, everyone! With all the spying going on, data security was certainly on everyone's mind in 2006, and several key stories arose out of the inability of companies and government agencies to protect their customer and employee data. The new Federal Rules of Civil Procedure also added to the mix with new requirements for companies and other potential litigants to keep in mind as they generate gigabytes and gigabytes of information every day." [Link]

Press release: "U.S. Deputy Attorney General Paul J. McNulty announced today during a speech at a meeting of the Lawyers for Civil Justice in New York that the Department of Justice is revising its corporate charging guidelines for federal prosecutors throughout the country. The new guidance revises the Thompson Memorandum, which was issued in January 2003 by then-Deputy Attorney General Larry D. Thompson and titled the “Principles of Federal Prosecution of Business Organizations.” The memo provides useful guidance to prosecutors in the field through nine factors to use when deciding whether to charge a corporation with criminal offenses. The guidance continues to require consideration of the factors from the Thompson memo but adds new restrictions for prosecutors seeking privileged information from companies. Specifically, it creates new approval requirements that federal prosecutors must comply with before they can request waivers of attorney-client privilege and work product protections from corporations in criminal investigations."

Press release: "The Commission today called on all regulatory authorities and stakeholders in Europe to step up the fight against spam, spyware and malicious software. Despite existing EU legislation to outlaw spam in Europe, Europe continues to suffer from illegal online activities from inside the EU and from third countries, the Commission underlines in a new Communication. The Communication stresses that although internet safety is on the political agenda for some time, national authorities should step up their actions to prosecute illegal online activities."

November 27, 2006 statement: "Last week, CDT and the ACLU joined a friend-of-the-court brief written by the Electronic Frontier Foundation, urging a federal appeals court to extend to e-mail the same constitutional protection accorded to telephone calls and regular mail. Remarkably, the constitutional status of e-mail has never been decided, and the Justice Department claims that opened e-mail and older stored e-mail can be obtained from service providers without a court order and without notice to the e-mail user. In the case, Warshak v. U.S., a lower federal court ruled that government agents could not force disclosure of email from a service provider unless they provided the relevant subscriber notice and an opportunity to object."

"Up to 80% of spam targetted at Internet users in North America and Europe is generated by a hard-core group of around 200 known professional spam gangs whose names, aliases and operations are documented in Spamhaus' Register Of Known Spam Operations (ROKSO) database. This TOP 10 chart of ROKSO-listed spammers is based on those Spamhaus views as the highest threat, the worst of the career spammers causing the most damage on the Internet currently. Spamhaus flags these as a priority for Law Enforcement Agencies."

Effective October 25, 2006 the public may request records from state and local agencies ["any New York State or municipal department, board, bureau, division, commission, committee, public authority, public corporation, council, office or other governmental entity performing a governmental or proprietary function is subject to the Law"], via email in New York.

AmLaw Tech Survey: Law Firms Play Variations on Old Themes - "The 11th annual survey finds firms expanding IT while adopting new versions of old standards."

Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information, Conference of Chief Justices, Approved August 2006.

The Foley Follies: What Can Be Learned From The History of Congressional Sex Scandals, And How Can the Page Program Be Reformed?, by John W. Dean

Press release: California "Attorney General Bill Lockyer today filed felony charges against former Hewlett-Packard Chairwoman Patricia C. Dunn and four other defendants, alleging they committed criminal offenses related to the use of false pretenses to access individuals' phone records during the company's probe of boardroom leaks to the media."

Press release: Physician-Patient E-mail Disconnect: "Only about one in four physicians (24%) reported that e-mail was used in their practice to communicate clinical issues with patients in 2004-05, up from one in five physicians in 2000-01, according to a national study released today by the Center for Studying Health System Change (HSC).

Press release, September 11, 2006: "The Customer Respect Group, an international research and consulting firm that focuses on how corporations treat their online customers, today released findings from its Annual Review of the Largest 100 US Companies... as defined by Fortune Magazine in April 2006. The average rating for the companies was 5.7 on a 10-point scale, in line with the average rating assessed across all website evaluations in 2006. In 2005, the largest 100 companies slightly exceeded the overall average rating...The largest 100 US companies appear to be gathering more personally identifiable information. The use of that information is also changing. Fewer companies are sharing personal data with outside organizations, but more than half continue to send unsolicited marketing emails to those that supply personal information for other reasons." A list of top scoring companies is included in this release, and access to the full Scorecard of the Largest 100 US Companies requires registration.

From the Antiphishing Working Group, the June Phishing Activity Trends Report.

Consumer Alert: New Phishing Attack Claims to be FDIC

Inappropriate Use of Email by Employees and System Configuration Management Weaknesses Are Creating Security Risks, July 31, 2006, Reference Number: 2006-20-110 (20 pages, PDF). "We found e-mail messages that violated the IRS' personal use policy in the electronic mailboxes of 71 (74 percent) of 96 employees."

GSA press release: "The U.S. General Services Administration’s (GSA) Office of Citizens Services & Communications is warning the public to avoid falling victim to a recent e-mail scheme that targets users by sending unsolicited e-mails allegedly from FirstGov, the citizen portal operated by GSA. These scam e-mails tell recipients that because of recent fraudulent activities on Money Access Online they need to confirm their account has not been stolen or hacked. The e-mails then direct recipients to click on a link and enter information related to personal credit card accounts."

Press release: "According to MarkMonitor's AntiFraud Operations Center™ (AFOC), domain-based phishing attacks now represent 73 percent of all attacks, up from 35 percent just 18 months ago." Related reference in this press release to an academic paper titled, Why Phishing Works.

The Subcommittee on Financial Institutions and Consumer Credit, chaired by Rep. Spencer Bachus (AL), held a hearing today entitled "ICANN and the Whois Database: Providing Access to Protect Consumers from Phishing." Government officials contend that access to Whois data is essential in the effort to combat cybercrimes, while privacy advocates maintain that access to data on domain name holders facilitates phishing, spam and other types of fraud.

Press release: "E-mail mismanagement continues to take a hefty toll on U.S. employers, with costly lawsuits--and employee terminations--topping the list of electronic risks. As recent court cases demonstrate, e-mail can sink businesses--legally and financially. Last year, the inability to produce subpoenaed e-mail resulted in million dollar--even billion dollar--lawsuits against U.S. companies. In fact, 24% of organizations have had employee e-mail subpoenaed, and 15% of companies have gone to court to battle lawsuits triggered by employee e-mail. That's according to the 2006 Workplace E-Mail, Instant Messaging & Blog Survey from American Management Association (AMA) and The ePolicy Institute."

WSJ free feature: Seeking a Safer Internet - New Tools Flag Sites With Spyware, Spam - But the Technology Is Far From Perfect

Outbound Email and Content Security in Today's Enterprise, 2006 (free reg. reg'd): "Enterprises are becoming increasingly concerned about creating, managing and enforcing outbound email policies that ensure that messages leaving the organization comply with both internal rules as well as external regulations."

Press release: "The United States Patent and Trademark Office (Office) is undertaking to collect Internet e-mail addresses for each registered patent attorney and patent agent. Gathering these e-mail addresses will facilitate and increase the ability of the Office to communicate with registered practitioners. The Office anticipates implementing automated notifications to registered practitioners of notices and IT system alerts."

"Irrepressible.org will harnass the power of the internet to mobilise people all over the world to take a stand against repression." [Link] "...Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information. The Internet is a new frontier in the struggle for human rights. Governments – with the help of some of the biggest IT companies in the world – are cracking down on freedom of expression. Amnesty International, with the support of The Observer, is launching a campaign to show that online or offline the human voice and human rights are impossible to repress."

An interesting article in today's National Law Journal (free) discusses issues associated with the integrity of digital evidence, including email, photos, and metadata.

SEC press release: "The Securities and Exchange Commission today filed a civil injunctive action against Morgan Stanley & Co. Incorporated for failing to produce tens of thousands of e-mails during the Commission's IPO and Research Analyst investigations from Dec. 11, 2000, through at least July 2005. The Commission alleges in its complaint that Morgan Stanley did not diligently search for back-up tapes containing responsive e-mails until 2005. Morgan Stanley also failed to produce responsive e-mails because it over-wrote back-up tapes."

Building and Implmenting a Successful Information Security Policy, by John J. Pak, May 8, 2006 (25 pages, PDF).

Follow the E-Mail Trail - What you can learn from the data embedded in e-mail headers, by Mark A. Berman and Aaron Zerykier, The National Law Journal.

CSO Fundamentals: The ABCs of Phishing and Pharming

Press release: EFF Files Evidence in Motion to Stop AT&T's Dragnet Surveillance

Press release, April 3, 2006: "The European Commission is today publishing a study which examines the scientific publication system in Europe. Scientific publication ensures that research results are made known, which is a pre-condition for further research and for turning this knowledge into innovative products and services. Scientific publication is also an important part of certifying the quality of the work done. Given the scarcity of public money to provide access to scientific publications, there is a strong interest in seeing that Europe has an effective and functioning system for scientific publication that speedily delivers results to a wide audience. Today’s report, drawn up for the Commission by a panel of experts, makes a number of recommendations for future action, including improving access to publicly-funded research."

Following up on my February 20, 2006 posting, Report on the Response to Hurricane Katrina, today GPO made available a PDF copy of the Final Report.

New York Times interview with DHS Director Michael Chertoff,by Deborah Solomon, April 2, 2006: Chertoff states, "I don't use e-mail. One reason is when you write an e-mail, you have to be mindful of the fact that nothing ever disappears. It can be deleted, but it is still in the system somewhere...They can get me. They don't need to e-mail me. There's a thing called a telephone."

Press release: "An estimated 3.6 million households, or about 3 percent of all households in the nation, learned that they had been the victim of at least one type of identity theft during a six-month period in 2004, the Justice Department’s Bureau of Justice Statistics (BJS) announced today. Forty-eight percent had experienced an unauthorized use of credit cards; 25 percent had other accounts, such as banking accounts, used without permission; 15 percent experienced the misuse of personal information and 12 percent experienced multiple types of theft at the same time. These findings represent six-month estimates based on interviews conducted from July through December 2004 for the BJS National Crime Victimization Survey."

ComputerWorld reports on enterprisewide search applications implemented by large corporations for a range of tasks, including competitive intelligence, e-discovery, and generating intranet content. Solutions such as FAST, Autonomy and Endeca index formats including text, audio and video.

Press release: "Neil Holloway, president of Microsoft Europe, Middle East and Africa (EMEA), unveiled a global law enforcement campaign that will target cybercriminals behind phishing attacks. Microsoft Corp. announced that by the end of June 2006 it will have initiated legal actions on more than 100 cases in EMEA against individuals suspected of committing online fraud; 53 of these will have already started by the end of March 2006...The legal actions are linked to a larger Microsoft(R) program, the Global Phishing Enforcement Initiative (GPEI), launched by the company to coordinate and expand its many anti-phishing efforts worldwide to fight phishers through consumer protection, partnerships and prosecution."

Press release: "Attorney General Eliot Spitzer today announced a settlement to address what may have been the largest breach of privacy in internet history. The settlement with Datran Media, a leading e-mail marketer, follows an investigation that identified the improper disclosure of the personal information of more than six million American consumers."

Press release: "In New York on March 9, 2006, attorneys with the Center for Constitutional Rights (CCR) filed a significant motion for summary judgment in the challenge to the legality of the NSA Domestic Spying Program (CCR v. Bush), asserting that the Bush Administration has already admitted enough incriminating facts to prove the NSA Program is illegal."

Follow-up to National Journal Article Claims Curtailed Gov't Surveillance Program Still Active, from today's New York Times, Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data: "...by fundamentally changing the nature of surveillance, high-tech data mining raises privacy concerns that are only beginning to be debated widely. That is because to find illicit activities it is necessary to turn loose software sentinels to examine all digital behavior whether it is innocent or not."

Follow-up to Correspondence on Libby Indictment Mentions Missing Emails, this report by Jason Leopold states, "The White House turned over last week 250 pages of emails from Vice President Dick Cheney’s office...Sources close to the probe said the White House "discovered" the emails two weeks ago and turned them over to Fitzgerald last week. The sources added that the emails could prove that Cheney lied to FBI investigators when he was interviewed about the leak in early 2004. Cheney said that he was unaware of any effort to discredit Wilson or unmask his wife's undercover status to reporters."

Related legal documents on Libby case:

"Summary: NARA is revising our regulations to provide for the appropriate management and disposition of very short-term temporary e-mail, by allowing agencies to manage these records within the e-mail system." Federal Register, February 21, 2006 (Volume 71, Number 34)] [Rules and Regulations][Page 8806-8808].

New York Times: Too Many New Gadgets, Too Much Information at Risk: Loss, theft and viruses are major issues as corporate use of handheld devices and pocket PCs increases. Pre-emptive security options are available however, as this article describes.

They Haven’t Got Mail - The Katrina hearings haven’t only revealed critical information about White House responses to the hurricane. They’ve also uncovered the online secrets of Donald Rumsfeld and Michael Chertoff: "...congressional investigations of government responses to Hurricane Katrina have revealed that two of the nation's key crisis managers, the secretaries of Defense and Homeland Security, do not use e-mail...Spokesmen for the two officials maintain that Rumsfeld and Chertoff were kept informed during Katrina the same way as they keep in touch during other crises: through aides and a variety of other communications methods..."

The Christian Science Monitor: US plans massive data sweep - Little-known data-collection system could troll news, blogs, even e-mails. Will it go too far?

Press release: Mail and News Are Main Internet Attractions Some e-commerce picking up; blogs still marginal, by Lydia Saad: "A recent Gallup Poll examining Americans' online habits finds e-mail use almost universal among the three-quarters of U.S. adults who use the Internet. Checking the news and weather ranks second on the list of 13 Internet activities measured, although not as many Americans surf for news frequently as e-mail frequently."

Late last night AP reported that Special Counsel Patrick J. Fitzgerald stated in legal correspondence [the full text of which is available here in PDF] related to discovery in the Libby CIA leak indictment, that White House email from 2003 failed to be properly archived. The article quotes the response of noted government secrecy expert Steven Aftergood to this disclosure as follows - "Bottom line: Accidents happen and there could be a benign explanation, but this is highly irregular and invites suspicion."

This New York Times essay, A Growing Web of Watchers Builds a Surveillance Society, by David Shenk, offers especially cautionary insight in light of the growing public and political response to revelations about the government's domestic surveillance program.

Pew Internet & American Life Project press release, January 22, 2006: "Internet access is the norm for most Americans, up to age 70, and all age cohorts of internet users (ages 12 and older) are equally likely to use email; about 90% of all internet users send or receive email. Given the many other variations in internet use among different age groups, it is notable that this basic communications tool is almost universally used. Internet users ages 12 to 28 years old have embraced the online applications that enable communicative, creative, and social uses. Teens and Generation Y (age 18-28) are significantly more likely than older users to send and receive instant messages, play online games, create blogs, download music, and search for school information."

Press release: "A wide-ranging look at the way American women and men use the internet shows that men continue to pursue many internet activities more intensively than women, and that men are still first out of the blocks in trying the latest technologies. At the same time, there are trends showing that women are catching up in overall use and are framing their online experience with a greater emphasis on deepening connections with people."

New York Times: The Agency That Could Be Big Brother: "...the N.S.A. has suddenly taken center stage in a political firestorm. The controversy over whether the president broke the law when he secretly ordered the N.S.A. to bypass a special court and conduct warrantless eavesdropping on American citizens has even provoked some Democrats to call for his impeachment."

RSS Aggregation - Part 1: The Partnership

Effectiveness and Enforcement of the CAN-SPAM Act: A Federal Trade Commission Report to Congress, December 2005 (116 pages, PDF):

Following up on related postings in the past several days, see the following references, resources, statements and news:

This text will self-destruct in 40 seconds - Next year self-deleting emails and photo messages too.: "Staellium UK said that its StealthText service will allow business executive dealing in sensitive information to send texts which will delete themselves from the recipient's mobile phone as soon as the person has read them."

The USC Annenberg School Center for the Digital Future has released the 2005 Digital Future Report ($). The report highlights are available free (19 pages, PDF), and note an increased use of the Internet for political campaigns, the continued popularity of email, and a significant expansion in the use of broadband access to the Internet.

FTC press release: "According to a new study released today by the Federal Trade Commission, spammers continue to harvest email addresses from public areas of the Internet, but Internet Service Providers' anti-spam technologies can block the vast majority of spam sent to these email addresses. The FTC staff report also found that consumers who must post their e-mail addresses on the Internet can prevent them from being harvested by using a technique known as masking."

Press release: "Search engine use shoots up in the past year and edges towards email as the primary internet application...from September 2004 to September 2005 the average daily use of search engines jumped from 49.3 million users to 60.7 million users – an increase of 23%.
This means that the use of search engines is edging up on email as a primary internet activity on any given day. The Pew Internet Project data show that on a typical day, email use is still the top internet activity. On any given day, about 52% of American internet users are sending and receiving email."

A new, joint federal law enforcement and industry initiative to fight Internet fraud, called LooksTooGoodToBeTrue, was launched today (press release, 5 pages, PDF). "This website was developed to arm you with information so you don’t fall victim to these Internet scam artists." The site provides consumers with documentation on: Types of Fraud; Victim Stories; FAQs & Tips; Information Regarding Phishing Scams; a Fraud Risk Test; and Links to help prevent you from being scammed.

Related references:

As reported by Stars and Stripes today, "On Tuesday, the U.S. Navy and Marine Corps blocked all access to commercial e-mail services, such as Yahoo!, Hotmail, America Online and Google, from overseas government computers...The block includes access to e-mail services from computers at base libraries and liberty centers that are connected to an official government network."

Press release from Trend Micro, October 11, 2005: "Trend Micro, Inc., a leader in antivirus and Internet content security, today announced key findings from a study that reveals that more than 87 percent of corporate end users are aware of spyware, and yet 53 percent of survey respondents demand greater education from IT to better understand the threat. The findings indicate that awareness does not translate to knowledge, and as a result users are looking to their IT departments departments to play a more protective role."

The Complete Guide to E-mail, Inc. Magazine, October 2005: "What follows is a guide to the biggest e-mail concerns, particularly security, compliance, and archiving. We'll give you tools for building an e-mail policy now, which can save headaches later, and also advice on buying the right system."

"Kath Straub, Ph.D., CUA, Chief Scientist, looks at recent research on how people detect, and often miss, Web site fraud.."
Fine-tuning your Internet deception detectors is a brief, straight forward, practical guide to "how Internet deception works."

Reuters reported on a WSJ article focused on the SEC's ongoing enforcement proceedings against Morgan Stanley which may now include a civil penalty in excess of $10 million for not retaining relevant e-mail.

Google has been the topic of several articles in the New York Times this week. Yesterday the focus was on corporate expansion, and today there is news about Google Desktop 2, an IM application called Google Talk, and Gmail for everyone (all of these services are free).
See also:

From the Reconnex August Insider Threat Index: "Ninety-one percent of companies who completed a Reconnex 48-Hour e-Risk Assessment in the month of July had credit card numbers entering or leaving their network and eight-two percent exposed social security numbers. Most concerning was the amount of personal data including name and SSNs exposed directly in the subject lines of emails, in clear, open text. The origin of the vast majority of these disclosures stemmed from human resources departments who often accidentally exposed employees' personal information when they communicate with partners in health insurance, payroll, workers compensation and other third-party processors. The personal data revealed by co-workers often included employee names, date of birth, social security numbers (SSN) and even sometimes bank routing information. This personal data was usually sent via Excel spreadsheets and in clear text. Sometimes the individual Excel spreadsheets contained thousands to tens of thousands of individuals personal data."

This free feature today from the Wall Street Journal introduced me to a phrase that describes a new and virulent wave of web email scams, referred to as "spear phishing." Recipients are government and corporate employees targeted by hackers, posing as institution members, seeking personal data. Efforts are described which try to train employees to recognize these attacks and prevent data breaches.

Press release from Unisys: "Survey results from Unisys Corporation launched [August 3, 2005] reveal that UK consumers' apathetic attitude to fraud could be helping to perpetuate the rapidly growing identity theft industry, which is now estimated to be costing UK businesses £1.3 billion per year."

From CDT: "A Federal Appeals Court on Thursday reversed a troubling ruling that prevented the Justice Department from prosecuting an e-mail service provider who allegedly intercepted and read his customers' messages. In the case of United States v. Councilman, the full First Circuit Court of Appeals ruled 5-2 to reverse the opinion of a three-judge panel that Bradford Councilman did not violate the law by allegedly copying and reading his customers' e-mail. The ruling sends an important message that e-mail is subject to protection, both against government wiretapping without a warrant and against misuse by service providers."

Law Firm Fends Off IM Threats

IBM press release: "IBM reported that virus-laden emails and criminal driven security attacks increased by 50 percent in the first half of 2005 - underscored by a significant rise in 'customized' attacks on the government, financial services, manufacturing and healthcare industries. This substantial increase, along with a decrease in less profitable threats, such as spam and simple computer viruses, indicates a growth in targeted attacks against specific organizations and industries -- apparently created with the purpose of stealing critical data, identities or extorting money."

Top Etailers' Compliance With CAN-SPAM's Opt-Out Provisions: A Report by the Federal Trade Commission's Division of Marketing Practices (July 2005).

"The focus of this white paper is to describe the basic workings of a new capability, the Microsoft® Phishing Filter, that will be included in the upcoming release of Internet Explorer 7. The Microsoft Phishing Filter will not only help provide consumers with a dynamic system of warning and protection against potential phishing attacks, but — more important — it will also benefit legitimate ISPs and Web commerce site developers that want to try to ensure that their brands are not being 'spoofed' to propagate scams and that their legitimate outreach to customers is not confusing or misinterpreted by filtering software." [the document is in Word, and available at this Link]

The EDRI-gram newsletter reported on the release of the new EU Commission explanatory memorandum on data retention, July 20, 2005 (16 pages, PDF).

July 25, 2005: The Customer Respect Group Announces Third Quarter 2005 Results of Online Customer Respect Study of Largest Airline, Travel Firms: "Competitive Pressures Seen Driving Overall Improvements; But 38 Percent of Firms Continue to Share Personal Data."

Spyware - Guidance on Mitigating Risks From Spyware FIL-66-2005, July 22, 2005

New Bush Statement on Rove Conflicts with Executive Order: "Rep. Waxman explains that the President's responsibility under E.O. 12958 to protect national security secrets requires the President to act before Special Prosecutor Patrick Fitzgerald completes his criminal investigation and to apply different standards and sanctions."

Alert Overview: "The United States Computer Emergency Readiness Team (US-CERT) has received reports of an email based technique for spreading trojan horse programs. A trojan horse is an attack method by which malicious or harmful code is contained inside apparently harmless files. Once opened, the malicious code can collect unauthorized information that can be exploited for various purposes, or permit computers to be used surreptitiously for other malicious activity. The emails are sent to specific individuals rather than the random distributions associated with a phishing attack or other trojan activity...These attacks appear to target US information for exfiltration. This alert seeks to raise awareness of this kind of attack, highlight the important need for government and critical infrastructure systems owners and operators to take appropriate measures to protect their data, and provide guidance on proper protective measures."

"The Anti-Spyware Coalition has released the first draft of the consensus document Spyware Definitions and Supporting Documents for a 30 day public comment period."

From WSJ free content today, Cooper Email Identifies Rove As a Source

Related references:

Communicating with Congress: How Capitol Hill is Coping with the Surge in Citizen Advocacy; "The Internet and e-mail have made it easier and cheaper than ever before for citizens to communicate with their Members of Congress. In 2004, Congress received 200 million communications, four times more than in 1995 -- the direct result of Internet-based communications. This increased citizen participation in the legislative process has had both positive and negative effects. Nearly 80% of congressional staff surveyed believe that the Internet has made it easier for constituents to become involved in public policy. However, neither the senders nor the receivers of congressional communications have learned how to use the new tools that the Internet has provided truly effectively."

"This report is the first of a four part Communicating with Congress series, which aims to provide information and guidance that will lead to better and more meaningful communications between Members of Congress and those they represent."

A press release on the new Pew Internet and American Life Project Report released this afternoon: "Spyware and the threat of unwanted programs being secretly loaded onto computers are becoming serious threats online. Nine out of ten internet users say they have adjusted their online behavior out of fear of falling victim to software intrusions. Unfortunately, many internet users' fears are grounded in experience - 43% of internet users, or about 59 million American adults, say they have had spyware or adware on their home computer. Although most do not know the source of their woes, 68% of home internet users, or about 93 million American adults, have experienced at least one computer problem in the past year that are consistent with problems caused by spyware or viruses."

From the FTC: The US SAFE WEB Act - Protecting Consumers from Spam, Spyware, and Fraud, released July 1, 2005

FTC press release: "In a report to Congress required by the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 ("CAN-SPAM Act"), the Federal Trade Commission says it does not recommend requiring unsolicited commercial e-mail to include a label in the subject line as a means to reduce spam...The report says that although subject line labeling may appear to offer a simple legislative fix for the problem of spam, the Commission doubts that it would materially help consumers or ISPs to block unwanted commercial e-mail or to segregate commercial e-mail from other e-mail messages. The Report states that subject line labeling requirements enacted by numerous states and foreign countries have not been effective to reduce spam."

An e-mail exchange has been passed on to thousands across the UK after a sticky incident at a law firm.

Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems GAO-05-231, May 13, 2005. Highlights.

Keep Spam on Ice - Instead of sweating over a custom anti-spam server and software combo, consider the appliances on the market, by Brett Burney.

Enron Offers an Unlikely Boost to E-Mail Surveillance

2005 Electronic Monitoring & Surveillance Survey: Many Companies Monitoring, Recording, Videotaping—and Firing—Employees

Press release from FTC, May 12, 2005: Agency Seeks Comment on Definitions and Substantive Provisions Under the CAN-SPAM Act. The Federal Trade Commission published a Federal Register notice today seeking public comment on certain definitions and substantive provisions under the...CAN-SPAM Act.

From Computerworld Today, "Australia's Workplace Surveillance Bill 2005, which will go through the country's parliament on Wednesday, makes it a criminal offense to read employee e-mails."

This NewScientist.com article suggests that Teamwork will beat the spammers by using a social network to identify spam in a dynamic, collaborative effort.

House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security, Oversight Hearing on the "Implementation of the USA PATRIOT Act: Section 212--Emergency Disclosure of Electronic Communications to Protect Life and Limb," May 5, 2005

Judge Sentences Man to 9 Years in Prison for Using Fake Internet Addresses to Send Mass E-Mail Ads. Links to relevant legal documents available from JURIST Paper Chase.

The ramifications of personal use of workplace email continues to resonate. The Wall Street Journal follows-up with Snooping E-Mail by Software Is Now a Workplace Norm, also available free to readers. The article details how customized programs allow companies to monitor and review employee email and IMs using broad and specific criteria that encompass administrative and compliance issues.

This sentence is worth remembering: "Don't ever put anything in an e-mail that you wouldn't want to read on the jumbotron at Times Square." So says Alan Murray in his WSJ article, Indiscreet E-Mail Claims a Fresh Casualty (available free today).

From the Pew Internet and American Life press release: "The internet became an essential part of American politics in 2004. Fully 75 million Americans – 37% of the adult population and 61% of online Americans – used the internet to get political news and information, discuss candidates and debate issues in emails, or participate directly in the political process by volunteering or giving contributions to candidates."

As the citizens of additional states join the list of those eligable for free credit reports, problems associated with this program have been noted. The World Privacy Forum recently issued an extensive report documenting fraudulent activities that are complicating consumer access to the reports. In addition, the group reviews how use of the legitimate sites providing the credit reports may result in exposure to unwanted marketing, spam and related privacy intrusions.

Stever Robbins offers advice on how to author effective, efficient, and focused business email messages. He also recommends how to read and respond to email. Thoughtful, well constructed and brief responses, which you have taken time to consider before hitting the "send" key, will increase the value of this communications tool. And don't forget that sometimes it is easier to just use the phone. [D.C.]

A survey reviewing the time spent by business owners around the world dealing with email related issues indicates that U.S., India and the Phillipines top the list, averaging two hours per day.

On February 23, 2005 the UK Home Office launched ITsafe "to provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack."

Memorandum of Understanding On Mutual Enforcement Assistance In Commercial Email Matters Between the Federal Trade Commission of the United States of America and the Agencia Espanola de Proteccion de Datos [Link]

Killing Phish.

From the National Association of State Chief Information Officers (NASCIO), Welcome to the Jungle: The State Privacy Implications of Spam, Phishing and Spyware (15 pages, PDF).

Despite all the heralding of email's demise, it is still an essential desktop program in the workplace and for many home users as well. This Washington Post article, via MSNBC News, reviews free and low cost alternatives to Outlook.

Press release: "Today IBM announced the results from its 2004 Global Business Security Index Report and provided an early look at potential security threats in 2005. Based on early indicators, a new and troubling trend this year may be the aggressive spread of viruses and worms to handheld devices, cell phones, wireless networks, and embedded computers, which include car and satellite communication systems." [thanks David Ries]

FCC press release: "On February 7, with the cooperation of wireless carriers, the Commission published on its Web site a list of mail domain names used to send messages to wireless service. This list is to protect cellular and wireless consumers from unwanted commercial electronic mail messages by alerting marketers to which Internet domain names are used in the electronic addresses of wireless service subscribers."

As a follow-up to my posting on February 1, Junk Email Careens Out of Law's Control, more bad news about the spam explosion in a survey released by the Center for Excellence in Service at the Robert H. Smith School of Business, University of Maryland. According to the press release, "Spam's price tag now reaches $21.58 billion annually in lost productivity," and in the aggregate, "22.9 million hours a week are wasted on spam."

Law Barring Junk E-Mail Allows a Flood Instead. Another article joins the chorus complaining about the failure of the CAN-SPAM Act to stem the tide of junk email, and highlights how industry, government and advocacy groups continue to do battle against the threats. From the perspective of the spammers however, it is a lucrative business, facilitated by using offshore servers as well as "network zombies."

From ComputerWorld: "Earthlink claims victory in another spam case - The spammers sent out more than 250 million e-mail messages."

Press release from Georgia Governor: "The goal of the Georgia Slam Spam E-mail Act is to hold accountable those who abuse the Internet and harass our citizens with fraudulent, misleading and unwanted commercial e-mail...The Governor's legislation provides serious penalties for the use of false or misleading practices, such as forging headers, using misleading subject headlines or falsely stating that the information in the e-mail was requested."

From the press release: "Texas Attorney General Greg Abbott filed the state's first lawsuit against one of the world's largest spam operations in an effort to crack down on the massive flow of illegal e-mail into Texas consumers' in-boxes."

Why A Utah Court Was Right to Hold That, Under Utah Law, Pop-up Ads Are Not "Spam" by Anita Ramasastry.

This Wired article focuses on California legislation that went into effect this new year that provides the state's consumers with a range of privacy protections, including unlisted cell phone numbers, rental cars without electronic
surveillance technology activated, and the right to sue email spammers.

From the FCC, Consumer and Governmental Affairs Bureau Domain Name Data Entry (For Wireless Providers Only): "The purpose of the domain name registry is to protect cellular and other commercial mobile service (CMRS) wireless consumers from unwanted commercial electronic mail messages, by identifying, for those who send commercial electronic mail messages, Internet domain names uses to transmit electronic messages to CMRS consumers."

AP reports that Judge Charles R. Wolle, U.S. District Court for the Southern District of Iowa, awarded CIS Internet Services $1 billion in a case involving three companies accused of flooding the service with up to 10 million spam emails per day.

Press release: FTC Issues Final Rule Defining What Constitutes a "Commercial Electronic Mail Message"

Press release - FDIC Issues Study on Identity Theft and Seeks Comments on Possible Guidance to Bankers: "Fraudsters are taking advantage of the reliance on single-factor authentication for remote access to online banking, and the lack of e-mail and Web site authentication, to perpetrate account hijacking."

According to a press release from MX Logic, Inc., an "email defense solutions" provider, in November, CAN-SPAM compliance reached a record high of 6% of total traffic subject to the law.

A new white paper by Dr. Carsten Sørensen of the London School of Economics (in conjunction with Microsoft UK), titled The Future Role of Trust in Work - The Key Success Factor for Mobile Productivity. According to InfoWorld, the report indicates "that managers are using technologies such as e-mail, mobile phones, and SMS (Short Messaging Service) to keep tabs on employees when in actuality they are reducing workers' productivity and the amount of time that they spend serving customers."

Exclusive: MSN Desktop Search Revealed includes screens shots of the new utility that will be released in December as part of the MSN Toolbar Suite. (via Slashdot)

Proposed rule, National Archives and Records Administration (NARA), Federal Register, November 3, 2004:

Industry anti-spam alliance members Earthlink, Yahoo, AOL and Microsoft, have filed new complaints against spammers in four states. [Link]

Appeals Court Re-Opens E-Mail Snooping Case: "Privacy advocates and the U.S. Department of Justice (DoJ) will get their day in court, again, to appeal a three-judge panel ruling that allows e-mail providers to store and copy their customers' e-mails."

As posted on the online military personnel records request system from the National Archives:

"The FTC today issued a assessing whether and how a system that rewards members of the public for tracking down spammers would or could help improve enforcement of the CAN-SPAM Act. That Act, which became effective on January 1, 2004, required the FTC to conduct a study and provide a report to Congress on a CAN-SPAM bounty system." [Link]

From today's WSJ, via Yahoo ($), this article, The Doctor Is Online: Secure Messaging Boosts the Use of Web Consultations, merits review. It addresses the issues of privacy, consultation fees and insurance coverage associated with secure messaging systems options now available for doctor-patient communications.

Hackers hijack federal computers

From Crypto-Gram: Websites, Passwords, and Consumers.

Google Inc · S-1/A · On 8/13/4.

WholeSecurity Launches Web Caller-ID: Industry's First Behavioral Anti- Phishing Solution.

FTC press release:

AOL, Yahoo Add New Antispam Tools - Services try different approaches to sender authentication to halt spam.

Consumers still falling for phish: "Fake e-mails fool users 28 percent of the time, study finds." See these additional resources:

"Representative Jay Inslee, a Washington Democrat, and three other congressmen introduced the E-mail Privacy Act of 2004 on Thursday. The bill would require that e-mail be subject to federal wiretap law that requires a court order for real-time interception of communications." [Link]

The Information Architecture of Email

From the press release today: "State Attorney General Eliot Spitzer today announced the settlement of a lawsuit against email marketer Scott Richter and his company, OptInRealBig.com, LLC. The suit alleged that unsolicited emails, or spam, sent on defendants' behalf contained falsified headers, falsified routing information, and deceptive subject lines, and were illegally routed through a worldwide network of more than 500 vulnerable computers."

From the press release: "In the first state enforcement action taken since the January 1 inception of the federal CAN SPAM Act, AG Reilly is alleging that DC Enterprises, an unincorporated business, and company principal Willliam T. Carson of Weston, Florida, have sent thousands of misleading email messages from a business address in Newton, where the company has no physical presence."

From ZDNet: "A federal court in California has turned down a request to stop SpamCop from keeping tabs on mass e-mailer OptInRealBig, saying the blocklist operator is protected under the Communications Decency Act."

A Buyer's Guide to Spam Filtering (19 pages, PDF)

From VeriSign's press release today: "VeriSign's Anti-Phishing Solution protects enterprises through a five-tiered solution that helps prevent, detect and respond to attacks, thereby mitigating and eliminating identity theft and email fraud attempts."

Anti-Spam Technical Alliance Publishes Industry Recommendations To Help Stop Spam:

AP reports that an ex-AOL software engineer allegedly stole a list of 92 million customer screen names (online identification/user names) last year, which he then sold, and the information was subsequently used in various spam related mass emailings, in violation of the CAN-SPAM Act.

This PCWorld.com article highlights some of the current and emerging applications and standards that can be implemented in an effort to respond to the deluge of spam, as discussed at the recent E-Mail Technology Conference. What caught my eye was this paraphrased statement from Dr. Vinton Cerf: "He gave the example of an exchange that might entail a three-day e-mail chain, but which could be handled in a five-minute phone call."

A Global Push to Protect Information Online

From the FTC press release: "The Federal Trade Commission today told Congress that, at the present time, a National Do Not Email Registry would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively. In a report (60 pages, PDF) filed in response to a statutory mandate, the FTC also said that anti-spam efforts should focus on creating a robust e-mail authentication system that would prevent spammers from hiding their tracks and thereby evading Internet service providers’ anti-spam filters and law enforcement."

City to delete its old e-mail: "After 90 days, messages will be gone from system; Public-records questions raised; Workers will have to find and save official material."

The Changing Face of E-Mail: Speakers at the recent INBOX conference discussed a wide range of applications/solutions to address the information overload that has become an intrinsic part of enterprise email use.

Who Got the Message? There's a Way to Know:

When Software Fails to Stop Spam, It's Time to Bring In the Detectives.

An essential component of an effective intranet is a powerful, versatile and user friendly search engine. This article focuses on enterprise-wide deployment of Google for this function, and what portends to be the growth in marketing this successful search product.

Maryland Governor Robert Ehrlich signed the Maryland Spam Deterrence Act (HB 1320), which "prohibits a person from sending multiple commercial electronic mail (e-mail) messages under specified circumstances from a protected computer. Violators are subject to criminal and civil liability."

From ZDNet: "The California state Senate on Thursday approved a bill that takes aim at Google's new Gmail service, placing strict limits on e-mail providers seeking to scan customer messages for advertising and other purposes." See SB 1822.

On May 25, California State Senator Liz Figueroa offered an amended version of SB 1822 which struck language that would have presented substantial obstacles to Gmail's operation in the state.

Gartner Study Finds Significant Increase in E-Mail Phishing Attacks:

An online survey conducted in April indicates "that 75% of accountholders are less likely to respond to email from their banks, and over 65% said they were less likely to sign-up or continue to use their bank’s online services." These results reflect growing consumer concern with phishing and email fraud, occurrences of which are increasingly the focus of news articles.

Record Broken: 82% of U.S. Email is Spam

From the text of a May 3 letter sent by EPIC, the Privacy Rights Clearinghouse, and the World Privacy Forum, to California Attorney General Bill Lockyer:

FTC press release: "The FTC has cracked down on two spam operations that have clogged the Internet with millions of deceptive messages and violated federal laws...Both operations have been identified by the anti-spam organization Spamhaus as among the largest spammers in the world."

FTC Working to Protect Consumers and Businesses from Information Security Breaches

Huge Surge In Phishing Scams As Fraudsters Seek Financial Gain

The CAN-SPAM Act: Requirements for Commercial Emailers

PCWorld reports on EarthLink's plan to implement a software application called ScamBlocker, beginning April 19, at no cost to customers. Phishing employs a combination of email solicitations and fake websites to lure unsuspecting users into compromising their personal and financial data.

S.B. 604, the Maryland Spam Deterrent Deterrence Act, passed the Maryland legislature late Monday night, and awaits signature by Gov. Ehrlich. Penalties include a term of up to five years in prison and a fine of up to a $10,000.

As reported today by the WSJ, as well as via AP, privacy concerns raised in the U.S. and abroad about Google's new Gmail, still in beta, have resulted in the company considering alowing users to opt-in/opt-out of being served targeted ads, currently a component of the free email service.

FDIC Issues Warning About Fraudulent E-mails:

From the World Privacy forum, this press release and letter (pdf) on behalf of a coalition of over two dozen privacy and advocacy groups, addressing Google's new webmail service, Gmail, specific to the retention and repurposing of user data for e-commerce and law enforcement applications.

From the DOJ Criminal division, this Special Report on "Phishing, "the creation of fraudulent e-mails and websites used to deceive individuals into divulging their personal financial data."

When Instant Messages Come Bearing Malice. According to this article, there are over 160 million instant messaging (IM) accounts worldwide, and users are increasingly the target of spam, hackers and phishing.

As posted yesterday, AOL, Microsoft, Yahoo and Earthlink filed lawsuits against defendants they allege are in violation of the CAN-SPAM Act.

Text of Federal Register Notice, March 11, 2004, Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act; Proposed Rule.

Microsoft press release, March 10, 2004:

House Government Reform Hearing: You've Got Mail - But is it Secure? An Examination of Internet Vulnerabilities Affecting Businesses, Governments and Homes. October 16, 2003. Serial No. 108-95. GPO Stock No. 552-070-30848-2.

FTC Searches for a More Explicit E-Mail Warning.

The Committee on House Administration has taken the lead in testing a digital mail system by Pitney Bowes. The closure of Senate office buildings on February 3 due to the discovery of ricin has significantly raised interest in security measures to minimize the risk of such future threats.

Network Associates Spam Survey Shows That Spam Significantly Affects Security, Performance, Profitability and Overall Productivity

The FTC is seeking public comment on yet another effort to combat spam, as mandated by the CAN-SPAM Act.

From the Federal Trade Commission, a new alert, Who's Spamming Who? Could it be You? details how your email address can be used to send unsolicited email without your knowledge, along with security measures you can use to secure your computer.

Neil Squillante published a new article, Is Your Company CAN-SPAM Compliant?, that includes "Eight Not-So-Simple Rules for CAN-SPAM-Compliant Email."

Press release: U.S. Department of Homeland Security Improves America's Cyber Security Preparedness--Unveils National Cyber Alert System:

The Mydoom email worm's impact has been felt by most of us already, and threatens to continue its relentless pace around the world for another couple of days. The apparent target of the worm, the UNIX software solutions provider The SCO Group, has offered a $250,000 reward to locate the worm's creator.

Going Upstream to Fight Spam. Creative proposals continue to percolate, but a workable solution to truly quelling the tide of spam is proving elusive, with significant costs to ISPs and consumers.

Inbox trauma: New junk-fighting tools falter

Treasury breaks word on e-mail anonymity:

Spam Is Still Flowing Into E-Mail Boxes - Senders Evade Federal Law Banning Junk Messages.

From today's New York Times, an article on how House members are purchasing email lists to spam constituents (with the caveat that the messages include an opt-out option) in an effort to build a list of potential voters comprised of those who have chosen to opt-in and receive future messages.

New York State Attorney General Eliot Spitzer announced the state is suing Synergy6, Inc. and Delta Seven Communications, LLC, whose principals are accused of disseminating over one billion spam messages each week.

Congress approves anti-spam legislation

With the expiration of an October 31 deadline for implementing the Directive on Privacy and Electronic Communications, the European Commission indicated that legal action against nine member states may be necessary to ensure their compliance. The directive addresses e-privacy issues that include spam, the use of cookies, and the protection of customer data by ISPs.

From tech research firm Gartner: Spam Will Likely Worsen Despite U.S. Law.

On November 25, the Senate unanimously approved the CAN-SPAM Act (S. 877), inclusive of technical changes agreed upon with the House, which is expected to approve the bill once again in December, clearing it for signature by the President. However, not everyone on the Hill is satisfied with the bill, in particular Representatives from California whose tough new anti-spam law which is effective January 1, 2004 will be pre-empted by this legislation, which they contend offers their constituents less protection. In addition, the new Texas anti-spam law (H.B. No. 1282), that went into effect September 1, 2003 will also be pre-empted by the federal legislation.

The 10 Biggest Spam Myths:

This afternoon, after considerable negotiation and recent reports of hightened pressure to reach an agreement, the House of Representatives voted 392-5 to accept an amended version, the pdf text of which is available via CNET, of the Senate's CAN-SPAM Act of 2003 (S. 877).

From Free Range Librarian by K. G. Schneider, Getting Started with RSS: The No-Brainer Method.

Cybersecurity & Consumer Data: What's at Risk for the Consumer? - Subcommittee on Commerce, Trade, and Consumer Protection, November 19, 2003.

The USPTO granted patent 6,643,686 on November 4, 2003. It is "a system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam). InternetNews.com quotes the executive director of the SpamCon Foundation as seeing the technology as a "...potentially...effective tool against spam..."

The American Records Management Association Education Foundation sponsored a research project by John C. Montaña, J.D., titled Legal Obstacles to E-Mail Message Destruction (42 pages, pdf), published October 19, 2003. The report addresses risk management associated with e-mail retention, the definition and legal status of e-mail, state, federal and foreign government laws associated with the use of e-mail as a public record and for e-commerce transactions.

The CAN-SPAM Act of 2003: Real Reform or Political Pork? by Neil J. Squillante:

From InfoWorld, this useful review of the following anti-spam applications for use on the enterprise level: Brightmail Anti-Spam Enterprise Edition Version 5.1, FrontBridge TrueProtect E-mail Security Suite, Postini Perimeter Manager Enterprise Edition, Proofpoint Protection Server 1.2.1, and SpamAssassin 2.44, an open source spam filter included with Red Hat Linux 9.

New worm variant targets identity data:

From The Yale Journal of Law & Technology (YJoLT):

Spammers Can Run but They Can't Hide:

Internetnews.com reports that the Internet Committee of the National Association of Attorneys General sent a letter to House leaders indicating their opposition to the CAN SPAM Act, under consideration by the House and already passed by the Senate. The reasons included "that the amended act has so many loopholes, exceptions and standards of proof that it won't protect consumers," and "that the law wouldn't deter spammers, but merely foster more litigation."

"As from today EU Member States must comply with the Directive on Privacy and Electronic Communications, which sets EU standards for the protection of privacy and personal data in electronic communications. The Directive includes basic obligations to ensure the security and confidentiality of communications over EU electronic networks, including internet and mobile services. It sets out specific conditions for installing so-called “cookies” on users' personal computers and for using location data generated by mobile phones. Notably, the Directive also introduces a 'ban on spam' throughout the EU." [Link]

A team of researchers from the School of Information Management and Systems University of California, Berkeley released a new study today, How Much Information? 2003, that chronicles the information explosion over the past several years. According to the team, during the period of 1999 to 2002, "new stored information grew about 30% a year." Additional facts:

Internetnews.com reports that Speaker of the House Dennis Hastert may push forward with a full floor vote on the Can Spam Act (passed by the Senate on October 22) tomorrow. The goal of passing an anti-spam bill by the end of the year is questionable in light of objections to various provisions of the Act.

Today California Attorney General Bill Lockyer announced that the state won a judgment of $2 million against a spammer (The People of the State of California v. PW Marketing, Santa Clara County Superior Court) in what will be a model for future cases involving unsolicited email. As I posted previously, the state's new anti-spam law (in effect on January 1, 2004) prohibits an individual or entity, either from within the state or from outside the state, from distributing unsolicited commercial email advertising.

From the Pew Internet Project, a new report released October 22, Spam: How it is hurting email and degrading life on the Internet:

The CAN-SPAM Act of 2003, S. 877, which was approved by the Senate Commerce Committee by voice vote on June 19, yesterday passed the full Senate by a vote of 97-0. An amendment to authorize the Federal Trade Commission to implement a nationwide "Do Not E-mail" registry was proposed and agreed to.

The BBC reports that Microsoft Office 2003, available tomorrow, will include new e-mail privacy and security features, including the ability to designate specific readers, prevent message forwarding and printing, and a "time-stamp" which results in email deletion on a specified date.

Bret McDanel, a former employee of Tornado Development, Inc., served a 16 month sentence for violating the Computer Fraud & Abuse Act. After leaving Tornado, a provider of Unified Messaging (UM) solutions, he sent an email to thousands of the company's customers detailing a corporate email security flaw. End of story? Apparently not, as today AP reported that Assistant U.S. Attorney Ronald L. Cheng (LA) requested that the court reverse Mr. McDanel's conviction, stating that an "error" had been made, as McDanel did "not intentionally impair the [email] system by reporting its security flaws."

From the press release:

"More than nine out of 10 (92 percent) managers check up on their employees' use of e-mail and the Internet at work, according to a new survey of 192 companies by Bentley College's Center for Business Ethics." [Link via Techdirt]

U.S. Court of Appeals, 9th Circuit, 10/06/03, 02-70518, Brand X Internet Services v. FCC.

Spam Fighters Turn to Identifying Legitimate E-Mail: "...many e-mail software experts now contend that the most powerful way to clean people's mailboxes is to focus not on catching the spam, but on identifying the legitimate mail."

The following new articles were published this week on LLRX.com:

From Spam Laws, the text of

According to a BBC News article from September 18: "The UK has made spam a criminal offence to try to stop the flood of unsolicited messages. Under the new law, spammers could be fined £5,000 in a magistrates court or an unlimited penalty from a jury." This law comes via the Minister of State for Energy, e-Commerce and Postal Services, Stephen Timms.

Interesting article about several companies that provide their anti-spam software to dozens of ISPs, which is in turn used to block billions and billions of unwanted emails each month on the enterprise and home user level.

Lost in the Mail:

Giving E-mail back to the users: Using digital signatures to solve the spam problem:

According to this Washington Post article, the nation's largest ISPs are responding to the recent escalation of email viruses (Blaster and SoBig.F) innundating customer accounts by planning to implement scanning applications to screen all attached documents. With as many as half of all incoming emails infected with viruses, AOL, Comcast, Microsoft, and Covad have already begun scanning, while EarthLink and BellSouth have indicated they plan to do so this fall. The process is costly, on both the IT side as well as in terms of additional customer support requirements.

Day Three of the W32/SoBig.F virus, which is hitting home users hardest. Counterpane Internet Security has identified 1,500 malicious file attachments associated with the virus, and counting. For more information, see the following links:

Today I was spammed several hundred times, causing me to enable the overdrive level of my spam blocker. This is a first for me, but I know that unfortunately I was not alone, and sure hope tomorrow will be a quieter day in the e-mail realm. For my previous postings on spam, click here.

Spam and political campaigns are developing a synergy, to which the growing number us who have been on the receiving end, through no effort on our part, can attest. So I was quite interested when I learned about a new website, Political Spam. This independently operated site, from Richard Paul Welty, was launched in early July, and reports on spam sent by all the various Presidential campaigns and related organizations, solicits their responses when queried about the mailings, and invites copies of offending e-mails from readers. There is also a related weblog.

U.S. District Judge Royce C. Lamberth last week held the Environmental Protection Agency in contempt for destroying electronic documents in violation of a court order issued as a result of a Freedom of Information Act request. [Link]

The Inbox Defense Task Force is "a non-profit legal research organization dedicated to tracking down the true identities of spammers." The organization lists the following goals on its website:

GSA Launches USA Services: "New Initiative Rapidly Connects Citizens with the Federal Government Service Answers Citizens' Web, E-mail and Telephone Questions in 2 Days or Less."

Diverging Estimates of the Costs of Spam: "Spam is costing the U.S. economy billions in network resources, diminished productivity and forgone Internet sales. But how many billions?"

Judge Orders UBS to Pay to Retrieve E-Mail - "A federal judge ordered UBS to pay the majority of the costs involved in restoring e-mail evidence sought by a former employee who is accusing the bank of sex discrimination."

From the Sacramento Bee: "By some estimates, 200 to 300 spammers, sometimes loosely organized into gangs, are responsible for almost 90 percent of spam -- unsolicited "junk" e-mail. They play a high-tech cat-and-mouse game and increasingly use overseas servers to inundate AOL, Microsoft Network, EarthLink and other Internet service providers."

E-Mail Rules: A Business Guide to Managing Policies, Security, and Legal Issues for E-Mail and Digital Communication, by Nancy Flynn, Randolph Kahn, May 2003.

Federal Trade Commissioner Orson Swindle addressed the importance of safe computing practices at a press conference to re-launch GetNetWise, a public service Web site offering resources to make informed decisions about using the Internet. The media briefing is sponsored by the Internet Education Foundation.

From Internet.com: "Sen. Charles Schumer (D.-N.Y.) said Wednesday he will seek to amend the current spam bill pending before the Senate to include requiring the Federal Trade Commission (FTC) to create a Do Not Spam list comparable to the FTC's popular Do Not Call registry."

The FTC's Do Not Call Registry has garnered considerable press and more than 25 million registrants. A recent survey from Insight Express indicates that consumers are eager for a similar program to address spam: "83 percent of consumers said that the government should roll out a similar 'do not spam' list that they can use to register their e-mail addresses to stem junk e-mail messages." However, "Experts in email and privacy at ePrivacy Group caution that creating an effective "do-not-spam" list to match the new national "do-not-call" list will require major changes to current email technology."

White House E-Mail System Becomes Less User-Friendly: "Those who want to send a message to the president must now navigate as many as nine Web pages and fill out a form that asks if they support White House policy."

On the heels of the huge response (24.5 million registrants in 14 days) to the FTC's Do Not Call Registry to block telemarketing solicitations, comes word that this program cannot be replicated to fight spam.

The June 30 decision by the California Supreme Court in Intel Corp. v. Hamidi has spurred California Rep. Chris Cox to announce that this "most peculiar ruling ... needs legislative correction." His comments were made during a House Committee on Energy and Commerce hearing on Legislative Efforts to Combat Spam, held July 9.

July 8, 2003 - Legislative hearing on H.R. 2214, the "Reduction in Distribution of Spam Act of 2003."

From a July 1, 2003 Washington Post article:
"...marketers and an array of service providers expanding their collection and use of consumers’ e-mail addresses and other personal information, despite broad assurances to protect individual privacy and honor consumers’ choices about how much marketing they want to receive."

From Boston.internet.com: "In a blow for chipmaker Intel, the California Supreme Court Monday found that senders of spam e-mails cannot be sued under state law forbidding property trespass. The 4 to 3 ruling reversed a lower court injunction preventing former Intel engineer Ken Hamidi from sending e-mails critical of Intel to thousands of its employees." See my previous posting, California Supreme Court Reviews E-Mail Case, which links to numerous resources on this case.

Perk, and peril, in employees' attachment to e-mail: "For much of the working population, e-mail is not only available but indispensable, a tool not just for work but for maintaining personal bonds....many workers are accustomed to using a work computer and e-mail address to stay in touch with friends and family in the course of the day. Yet with the convenience comes risk. Although many people are aware that they may be sacrificing privacy by using workplace e-mail, they are sometimes indiscreet in what they write."

Congress Finds Rare Unity in Spam, to a Point. Promises abound that this will be the year when Congress enacts anti-spam legislation, as bi-partisan support, consumer demand and corporate frustration have reached a crescendo. See my related postings on current legislation here and here, and this June 20 article, Senate Once Again Backs Stringent Penalties for Spam Senders: "With minimal discussion and debate, the Senate Commerce Committee unanimously approved a bill to make it illegal for anyone to use fraudulent or deceptive return e-mail addresses, fake e-mail headers or use false subject lines."

According to this National Association of Securities Dealer's June 18 press release:

AMA 2003 E-Mail Rules, Policies and Practices Survey (8 pages, pdf), from the American Management Association:

From Internet Magazine, news of the publication, by the UK Information Commissioner, responsible for data protection & freedom of information, of the third part of the Employment Practices Data Protection Code - Monitoring at Work, the Do's & Don't for workplace monitoring. Links to these documents, and to the other parts of the guide, are available here. Also see the Trades Union Congress website, called workSMART, that provides resources on workplace monitoring and internet policies.

Introduced 6/11/2003, by Sen Charles E. Schumer (NY), S. 1231, A bill to eliminate the burdens and costs associated with electronic mail spam by prohibiting the transmission of all unsolicited commercial electronic mail to persons who place their electronic mail addresses on a national No-Spam Registry, and to prevent fraud and deception in commercial electronic mail by imposing requirements on the content of all commercial electronic mail messages.

Related news:

WeCanStopSpam is a Wiki with a clearly stated agenda, providing links to free spam filters, commentary on solutions to the spam problem, and signatures to make spamming more difficult.

In The End of History, How e-mail is wrecking our national archive, Fred Kaplan laments the lack of a paper trail for government documents, and the resulting impact on our society in terms of research, context and content that contribute to the public's ability to access and evaluate the conduct of our democracy.

According to an article in today's New York Times, the industry sponsored National Cyber Security Alliance will release a study later today focused on the security and privacy risks associated with broadband internet connections.

The study, Clear and Present Danger, In-Home Study on Broadband Security Among American Consumers, is now available here (37 page pdf).

Professor David E. Sorkin, of The John Marshall Law School Center for Information Technology & Privacy Law, will teach a seminar this summer on the Regulation of Spam and Email Marketing. This is apparently the first such law school course to focus on unsolicited commercial e-mail (UCE).

The New York Times News Tracker Service through which readers may create and schedule the delivery of topic/search specific e-mail, will be migrated from free to fee. The cost: $19.95 per year for tracking ten alerts.

However, as noted by Jonathan Dube, Yahoo! Alerts remains free.

From Declan McCullagh, Spam blockers may wreak e-mail havoc, and a series of informative postings (all available at this one link) at his Politechbot.com site, on spam blacklists/blocklists.

In related news, see also:

H.R. 2214: To prevent unsolicited commercial electronic mail. Sponsor: Rep. Richard Burr (R-NC), introduced 5/22/2003. This Act may be cited as the "Reduction in Distribution of Spam Act of 2003."

Summary from Spam Laws: "The bill would require all commercial e-mail messages to be identified as such (but not with a standard label, except for unsolicited explicit messages), and to include the sender's physical address and an opt-out mechanism. It would prohibit the use of false or misleading headers in commercial messages. State laws that prohibit unsolicited commercial e-mail, regulate opt-out procedures, or require subject-line labels would be pre-empted; laws that merely regulate falsification of message headers would remain in effect."

In related news, see also:

Updated WinZip Alters Zip Format. "WinZip 9.0, from the market leader among file-compression utilities, has entered public beta with scheduled release later this year, bringing with it a new .zip format--which means some of its functions will not be compatible with earlier versions or other programs."

Via Politechbot, the text of the Reduction in Distribution of Spam Act of 2003, (43 pages, pdf) introduced May 22 by Rep. Richard Burr, (R-NC) in another effort to stem the tide of unsolicited commercial e-mail (UCE). For other related information on state and federal anti-spam legislation that I have posted, see this link. Also see Internet.com's Special Report, Spam Reaches Epidemic Levels.

Sen. Debra Bowen's bill, SB 12, "would...prohibit a person or entity from initiating an unsolicited commercial e-mail advertisement either from California or to a California electronic mail address. The bill would also make it unlawful for a person or entity to collect electronic mail addresses posted on the Internet, or to sell or provide a list of e-mail addresses, to be used to initiate the transmission of unsolicited commercial e-mail advertisements from California or to a California e-mail address." For more information, see this SFGATE.com article.

Today the Senate Committee on Commerce, Science, & Transportation held a hearing on Spam (Unsolicited Commercial E-Mail). "Description: Members will hear testimony relating to potential legislative, technical, and other approaches to curtailing unwanted spam. Senator McCain will preside." The committee provides the full-text of available testimony via this main link.

See also, Microsoft Proposes Law on Junk E-Mail, Spammer Urges Congress to Pass Anti-Spam Law, and Gates Sends Letter on Spam to Congress.

From InfoWorld, a review of an open source anti-spam application that may be useful to a wide user community. "SpamBayes knows spam - Outlook add-in really works to block spam, and it's free." For more information, see the SpamBayes website, and this technical background document.

From the Journal of the American Medical Association (JAMA), this new survey (abstract only available free), Use of the Internet and E-mail for Health Care Information concludes that "Although many people use the Internet for health information, use is not as common as is sometimes reported."

"Senator Charles E. Schumer today urged the Federal Trade Commission (FTC) to issue a consumer advisory alert, warning all consumers to be wary of products advertised through the unsolicited commercial e-mail known as spam." See the press release here.

From Spamabuse.net, this link to spam e-mail blocking and filtering applications/services (free and commercial) available to Windows, Mac and Linux users.

Judge Thomas W. Thrash Jr., U.S. District Court, Northern District of Georgia, granted EarthLink an injunction and a $16.4 million judgment against Howard Carmack, who engaged in ID theft and fraud to deliver over 800 million spam e-mails last year via the hundreds of accounts he established with the ISP. How much EarthLink can expect to collect....nil.

For reference, see the Computer Fraud and Abuse Act of 1986, 18 USC 1030.

In a related update, see this May 14 article from News.com, 'Buffalo Spammer' nabbed in New York which says that "New York state authorities have arrested the e-mail marketer "Buffalo Spammer," in the state's first criminal case against a junk mailer."

The majority of states attorneys general expressed their opposition to federal anti-spam legislation during the course of the FTC's three-day Spam Forum currently underway in Washington, D.C. "The states are concerned because both proposals (on the federal level - the CAN SPAM Act and the REDUCE Spam Act) would supersede any state laws, even if those state laws are stronger, said Washington Attorney General Christine Gregoire. Some state laws, for example, allow people to sue spammers. That right would vanish, the attorneys general said if some of the legislation Congress is now considering became law."

See also these related articles: Experts: Spam Volume Threatening E-Mail's Future, and Spam Solutions Hard to Find, and Business Users Offer Clear Definition of Spam and Overwhelmingly Support New Anti-Spam Bill in Congress. In addition, please see the text of Senator Charles E. Schumer's (NY) speech to the Spam Forum here.

On April 29, Governor Mark R. Warner of Virginia signed two bills constituting the Virginia Computer Crimes Act (SB 1139 - became ch. 1016 and HB 2290 -became ch. 987), which in this press release is lauded as the "toughest such law in the United States,"...as..."half the world’s Internet traffic passes through the Commonwealth of Virginia." Twenty-six states have enacted anti-spam legislation, while the federal government continues to propose legislation, none of which has yet passed.

From PCWorld, "Some legal observers say that the Virginia law, which could land spammers in prison, faces enforcement problems."

Spammers obviously continue to irritate a very raw nerve, and Capitol Hill is piling on. Recent federal legislation from Senators Wyden and Burns, Senator Schumer, and now Senator Lofgren's announcement of the introduction of the Restrict and Eliminate Delivery of Unsolicited Commercial E-mail (REDUCE) Spam Act, added to state legislative efforts, indicate that the battle has not been forsaken. See also this summary of the Reduce Spam Act.

The Internet heavy-weight trio of AOL, MSN and Yahoo have also joined the fight, as the cost of spam continues to escalate, and to infuriate users and services providers alike.

Senator Charles E. Schumer announced the release of a new study (The Dark Side of E-Commerce: The EMail Spam Epidemic) indicating that "New York City residents receive 8.25 million junk emails a day and spend 4.2 million hours a year eliminating spam messages." This announcement also stated the Senator plans to introduce new legislation to combat spam, which would include criminal penalties of $5,000 or more for repeat violators. UPI reports on the bill here. See also my recent posting on the Can-Spam legislation introduced by Senators Wyden and Burns.

For an interesting perspective on just how long we have been plagued by spam, take a look at this article, Reflections on the 25th Anniversary of Spam by Brad Templeton, founder and publisher of ClariNet Communications Corp., the world's first ever ".com" company.

This new report from the FTC, False Claims in Spam (16 page pdf), states that is the first extensive review of deceptive and unfair practices that appear in unsolicited commercial e-mail (UCE). The study analyzed 1,000 spam e-mails drawn from a pool of 11,000 such messages, and concluded that at least one form of deception was evident in 66% of the aggregate.

See also these two related agency reports, Spam Email: Harvesting Your Email Address and Remove Me Surf. In addition, in related news, Web Sites Shut Down in Spam Fight.

The Department of Homeland Security had the daunting task of implementing an e-mail system that integrates 22 separate agencies. According to Federal Computer Week, the system will be launched this weekend.

The New York Times published an extensive article on the challenges posed by the adroit and aggressive junk e-mail industry that has to date overcome all challenges preventing the delivery of their unwelcome messages to our home and work e-mail accounts.

According to this article in PC World, "the U.S. Department of Agriculture Forest Service is currently considering a regulation that would let it ignore any public comments on its rule-making process sent to it through Web-based forms." The agency also intends to ignore comments sent using form letters and postcards that result from lobbying/advocacy efforts. Furthermore, the Forest Service does not participate in the e-gov initiative Regulations.gov, the portal through which users may "find, review, and submit comments on Federal documents that are open for comment and published in the Federal Register."

For reference, the origin of these proposed changes were buried here: National Forest System lands; projects and activities; notice, comment, and appeal procedures, December 18, 2002 Federal Register, for which the comment period has already passed.

Rep. Henry Waxman, Ranking Member, House Committee on Government Reform, Minority Office, sent a letter to the Committee on Energy and Commerce requesting an investigation into accusations that over the course of two years, Philip Morris destroyed e-mail relevant to the DOJ case filed against the company in 1999, alleging deceptive practices.

See also this resource, Document Destruction by Philip Morris, that includes links to correspondence (in pdf) between the DOJ and Philip Morris, the Deposition of Michael Wallmeyer, Philip Morris Information Services Specialist, and the transcript of the February 5, 2003 Status Hearing.

Sen. Conrad Burns (R-Mont.) and Sen. Ron Wyden (D-OR) introduced the CAN-SPAM bill on April 9 (S. 877), "to regulate interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet." See the Burns press release here. The two Senators also co-sponsored the CAN-SPAM Act of 2001 (S. 630).

Also see one of my previous postings on spam here for links and statistics about the public response to spam and related institutional costs.

The Federal Energy Regulatory Commission (FERC) announced on April 7 that all Enron e-mails posted on the Commission's website would be removed temporarily (until April 24). The e-mails are part of a FERC database comprising over 85,000 Enron related documents and over 150,000 document images. This action was in response to Enron's petition to the Court of Appeals for the Fifth Circuit seeking to remove personal information about company employees that appears in the e-mail messages, all of which were available for public viewing. See also this Reuter's article.

On April 2, the California Supreme Court heard oral argument in the appeal of Intel v Hamidi. Hamidi is a former Intel employee who after his termination, on six separate occasions, used the company's internal e-mail address listing to send messages to 30,000 employees.

See also these related articles: Intel e-mail issue divides court and Trespassing or Free Speech?

The Center for Democracy and Technology (CDT) published a new report, Why Am I Getting All This Spam? (16 pages in PDF), which documents the volume of spam received over the course of six months by hundreds of accounts created specifically to research this issue. Although the report offers no absolute methods for beating spam, it does provide useful insights into how users are targeted and by whom, and offers the warning that "e-mail addresses posted on Web sites or in newsgroups attract the most spam."

Discovery is hampered in an investigation into cost over-runs and project mismanagement on Boston's Big Dig project, "the largest, most complex and technologically challenging highway project in Amerian history."

Apparently project managers instituted a policy of deleting all project related e-mail messages after thirty days, as reported during a Massachusetts State House Hearing.

A new organization, the Internet Research Task Force, comprised of 13 Research Groups, one of whose goal is to fight spam, launched their website last week. The Anti-Spam Research Group (ASRG) has an email list at asrg@ietf.org.

The National Consumers League, Internet Fraud Watch published two surveys on Web e-mail scams: Top 10 Internet Scams 2001 (includes data on Type of Complaint, Percentage of Total Complaints and Average Loss), and Ages of Consumers Who Filed Complaints, 2001 (includes Percentage of Total Complaints). The surveys are available in tabular format on this webpage.

The longest continuously running global e-mail scam, in operation since the 1980s, is the Nigerian e-mail fraud. Doubtless you have received such e-mails on a daily basis if you are not using blocking software. For more information, see this United States Secret Service site on what is known as Advance Fee Fraud (AFF) or "4-1-9" fraud, which refers to the section of the Nigerian Penal Code on fraud schemes.

See also this article from CNN today, Latest ID theft scam: Fake job listings. Monster.com e-mailed its users and stated "regrettably, from time to time, false job postings are listed online and used to illegally collect personal information from unsuspecting job seekers."

This Securities and Exchange Commission press release states that the agency filed suit in the U.S. District Court for the Eastern District of New York against Samuel Aaron Meltzer ("Meltzer"), referred to as a "professional Internet spammer," for committing securities fraud via the Web (SEC v. Meltzer, E.D. N.Y., Action No. CV 03 770, Judge Denis R. Hurley, 2/18/03). Meltzer is alleged to have used spam and more than two dozen websites to promote penny stocks about which he made "made false and misleading representations." The complaint is here. The current docket in this case is available here.

This PCWorld article, Are Spammers Hiding Behind Students? indicates that students at Tufts University accepted payment to route spam through the institution's network. See also: Tufts student to be disciplined for using university network for spam.

The Washington Post reports that ISP giants and rivals Microsoft and AOL are working together to help craft legislation on the federal and state level to fight the uncontrollable tide of spam that plagues their respective subscribers, which total over 140 million. To provide some perspective on the enormity of the problem, AOL alone claims to block about 780 million spam e-mails bound for customers each day.

In related news, a survey by Assurance Systems concluded that "opt-in" e-mail is routinely blocked by major ISPs, with AOL ranking third on the list with an 18% non-delivery rate.

Palo Alto California's Mayor Dena Mossar announced a settlement of lawsuits brought against the City Council by The Palo Alto Weekly and the San Jose Mercury News concerning e-mail correspondence that was not disclosed to the public.

The Council held a closed door meeting on October 30, 2002 during which time they disseminated e-mail concerning what they determined was a private issue.
The Council has now released all the e-mails, and in a futher move, "will make available copies of e-mails from September 1 to the present time, sent by Council Members to staff and staff responses concerning items on the council agenda." The San Diego Union heralded the Council as "a trailblazer in open governance."

From PC Magazine, this review and comparison of ten popular applications to combat spam on your home PC, as well as a six applications for use by IT departments and ISPs.

The FTC announced a free, three day forum, April 30-May 2, open to the public, consisting of fourteen separate panels, each addressing different aspects of the spam email issue including legislation, security, privacy, law enforcement, and blocking software. The text of the Federal Register notice on this forum is available here, and references a recent article about the growing proliferation of spam at home and at work.

The Colorado House Committee on Technology and Information has introduced a new bill, HB 03-1200, to amend the Junk E-Mail Law to include a no-solicitation list similar to the telemarketing no-call list. The full-text of the Colorado Statute is here.

Global web access was disrupted on Saturday by an attack of a worm called SQL Slammer that affects Microsoft SQL Server 2000. Other consequences included a delay in e-mail delivery and all of Bank of America's ATMs were shut down.

Appellate courts around the country are attempting to craft procedures that apply to the use of technology by cybercrime offenders once they leave incarceration. Disparate determinations are being made in regard to such offenders, allowing some to return to regular use of the Internet and e-mail, while others, such as notorious hacker Kevin Mitnick, was subjected to strict limitations on his access to computer systems during his three years of probation after release from prison.

The current issue of the Duke Law and Technology Report (2003 Duke L. & Tech. Rev. 0001), has an article by Mark Sweet, Political E-mail: Protected Speech or Unwelcome Spam? This link comes via politechbot.com, where Declan McCullagh has been discussing Sen. Joseph Lieberman's use of bulk e-mail to promote his recently announced 2004 Presidential bid.

Tech-savvy Australian law firm Phillips Fox is exploring the use of e-mailing their attorney's audio dictation files, using smart card technology, to typists in their New Zealand offices, according to their IT Manager. Due to the time zone difference, documents e-mailed in the evening would be ready first thing the next morning.

A Spam Filtering Conference was held on January 17, 2003 at MIT. The conference was organized by Paul Graham, author of A Plan for Spam (published August 2002), and had 580 attendees. Brief abstracts of papers presented at the conference, including titles and authors, are here. Topics included applications solutions for specific platforms, legal efforts to ban spam and anti-spam policies.

The Federal Trade Commission is doggedly pursuing frauds committed using spam e-mail, and their latest efforts have culminated in compliants filed in six federal courts (copies of which are available here), with charges against "marketers who used the Internet and spam to sell purportedly authentic international driver's permits (IDPs)."

The House BlackBerry communication program, initiated in 2001, provided all members with the device, and paid for the associated e-mail service (to the tune of $6 million). The adoption of this wireless technology was related to the events of 9/11.

However, Congress is now caught in an uncomfortable position concerning its continued use of the Blackberries, as reported today by the Washington Post. A patent infringement case between BlackBerry's Canadian parent, Research in Motion (RIM) and NTP Inc., threatens to force the removal of the devices. In an unusual action, James M. Eagen III, Chief Administrative Officer, U.S. House of Representatives, requested that the parties seek a resolution allowing Congress to keep their Blackberries.

BrightMail Inc., a provider of anti-spam techology, has been tracking spam attacks against their network. The results of their survey, with a coverage period of June 1, 2002 to November 1, 2002, is available via ServerWatch, here. Needless to say, their information indicates that attacks have tripled during this period. The ServerWatch article also provides a comparison chart of 12 anti-spam software applications, describes spamming techniques, and strongly advocates the use of prevention methods.

A new Harris Interactive poll indicates that 80% of those surveyed dislike spam so much that they would like to see it banned.

A new report, from Ferris Research, a San Francisco based market research company, ($1,995 fee) assesses the cost of spam to American corporations in 2003 at more than $10 billion, due to "lost productivity, consumption of IT resources and helpdesk support." Here is a summary of the report, Spam Control: Problems and Opportunities.

This data presents an interesting contrast to findings about e-mail on the job, released December 8, 2002, by the Pew Internet Project. The Pew Study found that majority of employees are not overwhelmed by spam e-mail.

Today's WSJ has an article on the nascent service of conducting limited medical consultations via the web and e-mail. In a previous post I noted that there are now unified guidelines for physician-patient e-mail.

Services such as Med Help International, MayoClinic.com, and Askadoctor.com are all fee-based, and are often used as a interim step between an in-person doctor visit and a phone call for a second opinion.

The Washington Post has a review of PGP 8, the newest version of the secure email messaging software. PGP was formerly a free product, but the company was bought and sold several times, and the new PGP Corp. charges $39 for the personal edition of the software.

For some perspective on this program created back in 1991, see New Architect's recent interview of the software's creator, Phil Zimmermann, who is a consultant with PGP Corp. The focus of the dialogue is the current state of privacy and encryption issues.

U.S. District Court Judge Jed Rakoff, Southern District of New York, ruled that what he termed "explosive" e-mail messages authored by J.P. Morgan Chase & Co. Vice Chairman Donald Layton could be used as evidence in the bank's lawsuit against 11 insurance companies over $1 billion in unpaid loan guarantees stemming from the collapse of Enron.

The Washington Post reported on a municipal issue that could prove to have far reaching consequences for the government's use of e-mail to conduct meetings. Fredericksburg Circuit Court Judge John Whittier Scott Jr. decided that a group of City Council members who used email to communicate about, and reach decisions, concerning critical issues that included development contracts, "violated open meeting laws."

E-mail is a ubiquitous and well accepted part of the daily work routines of most Americans according to this new report, Email at work, published on December 8, 2002 by the Pew Internet Project. An astounding 98% of employees (57 million Americans) with on-the-job Net access indicate that e-mail is a part of their daily work routine.

This SEC press release concerns the agency's joint action (along with the NYSE and NASD) against 5 high profile broker-dealers for violations of e-mail communications retention requirements. The text of the SEC's administrative decision is here, and the companies will collectively pay $8.25 million in fines.

Patient's increasingly indicate that they want to communicate with their physicians via e-mail. However, there are major impediments to this process, including medical liability issues, patient privacy concerns, and billing considerations. However, according to this press release from the eRisk Working Group for Healthcare, new unified guidelines for physician-patient e-mail are now available that have the approval of the AMA, numerous medical societies and over 70% of the malpractice insurance carriers.

The FTC has developed and initiated a joint effort among federal, state and local law enforcement agencies to protect consumers from fraudulent and deceptive actions perpetrated via the use of spam e-mail messages. As a result of their investigations, the FTC posted a useful web page here with facts on spam scams and advice for consumer protection.

Wired has an interesting article on a number of new applications now available that are used to track and monitor the range of non-work related activities that employees engage in while using corporate e-mail and Internet access.

This case, State of Washington v. Donald Theodore Townsend, addresses the privacy of e-mail and instant message (IM) communication in a police sting operation involving an adult and a fictitious minor. Townsend's messages were stored on a police officer's PC, printed, and used as evidence. The court determined that Townsend's messages were not covered under the state's privacy statute on intercepting, recording, or divulging private communication, RCW 9.73.030(1)(a).

See the article article from the Seattle Post Intelligencer on this case here.

On October 30, I posted about the terrible track record of most Fortune 100 companies in responding to customer emails. However DuPont has taken the opportunity to announce that their company was named third most responsive in the overall survey.

Efforts to block spam, both at the ISP and user level, can result in the non-delivery of legitimate e-mail. Specific networks and domains were blocked in October by ISP heavywight EarthLink, who admitted some problems with their spam fighting effort.

The Register published an interesting article on how the Supreme Court's techies sent out e-mail messages with PDF attachments of Judge Colleen Kollar-Kotelly's rulings on Microsoft, two hours prior to the announcement of their availability.

The Planet PDF weblog was actually a recipient of one of the e-mail messages, and posted a copy of the message indicating the date, time and attachments that were included. Also noted by Planet PDF is the fact that the court uses Corel Word Perfect rather than Microsoft Word to create its documents.

American Online has launched AIM Enterprise Services. Using this technology, companies can now monitor all instant messages sent by employees. In addition, AOL hopes to realize some increased revenue as well, with a per seat cost of $35. See this Washington Post for more information.

If you are interested in e-mail press releases, updates, and related resources on the 2004 Presidential campaign, sponsored by the non-profit, non-partisan Minnesota-based group E-Democracy, you may subscribe via this link.

Outlook 11, from Microsoft, will offer a whole range of new applications, but the one that is receiving special notice is a "back to the future" function that will purportedly help to kill spam. In version 11, preview mode will no longer provide access to imbedded images and HTML formatted text, which can actually be spam and may also carry with them web beacons.

Just how well do Fortune 500 companies measure up in regard to online customer support? According to the 2002 Online Customer Respect Study of Fortune 100 Companies, undertaken by CustomerRespect.com, 37% of customers never received any response, and 41% received a response after more than three days. It would appear that big companies still do not understand the value and importance of e-mail in customer transactions.

The Table of Contents for the 430 page report, and details about the metrics used, in addition to purchase information, is available here.

A dispute over unpaid bills for an e-mail account from a Canadian subsidiary of a U.S. ISP has resulted in a law suit in federal court in Canada. Nancy Carter's e-mail was held hostage in lieu of payment, disrupting her professional life.

The ABA has published a new book focused on protecting companies from claims associated with employee use of e-mail and the Web. The book is titled
Employee Use of the Internet and E-Mail: A Model Corporate Policy With Commentary on Its Use in the U.S. and Other Countries. See the press release here.

On October 8, JunkBusters sent a letter to the attorneys general of 15 states and the FTC, elaborating on their continued concerns about Amazon's collection, transfer and disclosure of personal data collected on its customers.

The JunkBusters site is free, and the organization seeks to promote worldwide the extensive resources it makes available to fight junk e-mail.

The national law firm, Morrison & Foerster LLP (known as MoFo), with its main office in San Francisco, sued direct mail marketer Etracks.com Inc., an Oklahoma corporation, and Learn2 Corporation, for spamming the firm's servers with more than 6,500 unsolicited emails.