Declan McCullagh | 1 Jul 13:58 2005

Perl guru Chip Salzenberg sued, home raided [priv]

-------- Original Message --------
Subject: Chip Salzenberg
Date: Thu, 30 Jun 2005 23:59:38 -0700 (PDT)
From: Bruce Gowens <billygoatbruce <at>>
To: Declan <declan <at>>

I first read about this on Slashdot:

Here's the defence website:

It seems an issue within the purview of PoliTech.

Politech mailing list
Archived at
Moderated by Declan McCullagh (

Declan McCullagh | 4 Jul 20:08 2005

U.K identity cards: an overview, from the Economist [priv]

Magic plastic
Jun 30th 2005
 From The Economist print edition

TO BOOSTERS, they promise to ease everything from race relations to 
opening a bank account. To critics, they are a costly affront to 
free-born Englishmen, a looming technological disaster and a political 
millstone—plastic equivalents of the poll tax, which tipped Margaret 
Thatcher out of power 15 years ago. This week's preliminary vote in the 
House of Commons on a bill to establish a national identity card means 
it is only a matter of time before Britons find out who is right.

If the government's plans stay on track, Britons will, within three 
years, begin to receive cards containing personal details, together with 
a digital photograph, fingerprints and an iris scan. A nation that has 
not possessed identity cards since 1952 will, in a step, acquire the 
world's most complex system.

At the heart of the scheme is a national identity register, which will 
record basic personal details: name, sex, date and place of birth, 
address, nationality, immigration status and the numbers of documents 
such as driver's licences and passports.

[...remainder snipped...]
Politech mailing list
Archived at
(Continue reading)

Declan McCullagh | 5 Jul 05:11 2005

Weekly column: The Specter-Leahy bill's Net crackdown [fs]

The coming Web security woes
July 4, 2005, 6:00 AM PT
By Declan McCullagh

Our esteemed leaders in the U.S. Congress are vowing to enact new laws 
targeting data thieves, backup-tape burglars and other information-age 

We should be worried.

Any reasonable person, of course, should agree that such thefts must be 
punished and data warehouses should let us know if our information falls 
into the hands of criminals.

But a bill announced last week by Sens. Arlen Specter, R-Penn., and 
Patrick Leahy, D-Vt., goes far beyond reasonable data security 
precautions. It amounts to a crackdown on individuals, bloggers and 
legitimate e-mail list moderators.

[...remainder snipped...]
Politech mailing list
Archived at
Moderated by Declan McCullagh (

Declan McCullagh | 6 Jul 07:19 2005

Harvard project will vacuum up millions of medical files [priv]

It seems like, at least according to the Boston Globe article, this 
Harvard research pits the social good of research into ailments against 
the social good of protecting medical privacy. In this project, it looks 
like the database may include DNA samples protected by "advanced 
encryption" with patients' identities also on file.

What's the best answer? How about letting the patients decide. There's a 
small but real potential cost to having your initimate medical data in 
the hands of a third-party researcher -- a security breach could have 
many negative consequences. (There have been recent examples of just 
these types of data mishaps by social scientists.) There's also a small 
but real benefit to having your information shared, especially if it 
helps your children or grandchildren stay in better health.

It seems that the best person to make these sorts of decisions and weigh 
the tradeoffs is the individual whose records are at issue. That 
individual could require, for instance, that Harvard agree contractually 
to follow standard security guidelines and perhaps even pay a small sum 
for the privilege. (If the benefits provided by the research outweighs 
its cost, it will proceed.) Perhaps my understanding is wrong but it 
doesn't seem like this is what Harvard is contemplating when vacuuming 
up 2.5 million medical records.


-------- Original Message --------
Subject: Harvard project to scan millions of medical files
Date: Mon, 4 Jul 2005 21:56:08 -0400
From: Monty Solomon <monty <at>>

(Continue reading)

Declan McCullagh | 6 Jul 07:20 2005

Review of "The Genius Factory": the high-IQ sperm bank [econ]

-------- Original Message --------
Subject: 	my WSJ piece
Date: 	Tue, 5 Jul 2005 17:32:47 -0400
From: 	Nick Schulz <nschulz <at>>

Hi all.  My review of the new book “The Genius Factory” appears in
today’s Wall Street Journal. Pasted below. Enjoy.



Turbulence in the Gene Pool

July 5, 2005; Page D7*

It was over breakfast one February morning in 2001 that Tom Legare, a
precocious but otherwise typical American teenager, learned from his
mother that his real father "was a Nobel Prize winner." The man married
to his mother for so many years, it turned out, was in fact not
biologically related to him. Rather, another man was, presumably a
"brilliant scientist" (name unknown) who had contributed to the
Repository for Germinal Choice, a "genius" sperm bank founded by
businessman Robert K. Graham in 1980. Thus Tom was one of a far-flung
brood, since many other infertile couples -- like the Legares -- had
availed themselves of this high-end gene pool.

Tom's existence really begins with Graham, an entrepreneur who had made
(Continue reading)

Declan McCullagh | 6 Jul 07:23 2005

Use non-password-protected WiFi node, go to prison? [econ]

Wi-Fi cloaks a new breed of intruder
Though wireless mooching is preventable, it often goes undetected.

By ALEX LEARY, Times Staff Writer
Published July 4, 2005

ST. PETERSBURG - Richard Dinon saw the laptop's muted glow through the 
rear window of the SUV parked outside his home. He walked closer and 
noticed a man inside.

Then the man noticed Dinon and snapped his computer shut.

Maybe it's census work, the 28-year-old veterinarian told his 
girlfriend. An hour later, Dinon left to drive her home. The Chevy 
Blazer was still there, the man furtively hunched over his computer.

Dinon returned at 11 p.m. and the men repeated their strange dance.

Fifteen minutes later, Dinon called police.

Police say Benjamin Smith III, 41, used his Acer brand laptop to hack 
into Dinon's wireless Internet network. The April 20 arrest is 
considered the first of its kind in Tampa Bay and among only a few so 
far nationwide.

[...remainder snipped...]
(Continue reading)

Declan McCullagh | 8 Jul 06:24 2005

Florida school scans visitors' IDs for predators [priv]

[What if your ID isn't in the database? What if you're Canadian? What if 
you're a sexual predator who makes a fake Canadian ID? --Declan]

-------- Original Message --------
Subject: Scanning IDs for school access
Date: Wed,  6 Jul 2005 05:26:03 -0700
From: Dwayne C. Smith <chaz <at>>
Reply-To: Dwayne C. Smith <chaz <at>>
To: declan <at>


McNeal Elementary School in Manatee County, FL will begin scanning the
driver's license or other state-issued ID of visitors in an attempt to
single out sexual predators.

I don't recall seeing this issue covered on Politech before.  I
understand the attempt to protect our children, but is this another
well-intended effort that moves us closer to having to "show our
papers" to go about our daily lives?

Scan the IDs of people who don't have children at the school? OK by me.
It would seem simple enough to issue a 'parent ID' when the kid(s)
enroll for the year.  This at least would preclude the need to deliver
a state-issued ID - possibly containing your SSN - upon arrival.

One other thing - what happens to the scanned data?  Consider a vendor
who services several schools. Does s/he run the risk of being included
(Continue reading)

Declan McCullagh | 8 Jul 06:26 2005

London bombings, the aftermath: questions about National ID cards [priv]

Previous Politech message:

Background on London bombings:

-------- Original Message --------
Subject: London Bombings and British National ID Cards
Date: Thu, 07 Jul 2005 21:38:07 -0500
From: Scott Purl <scott.purl <at>>
To: Declan McCullagh <declan <at>>

How soon till the proposed British National ID card is named as
something that would have prevented today's bombings?  And with all
those CCTV cameras littered about London, where's the footage of the
bombers?  Is there none because the cameras weren't pervasive/invasive

Maybe someone out there in Politechland can answer this one.  Why do all
these national ID cards have to carry around a copy of the bearer's
personal information (which then makes it that much easier to
duplicate)?  My credit card doesn't actually carry around my bank
balance.  A pound note isn't actually worth a pound.  They are
representative of something valuable elsewhere.  Why can't these cards
and passports carry some holographic bar code that can be scanned from a
foot away, and then a picture of me and my information pop up on the
security guards' screen after being downloaded from a central government

Or is it because fancy holographic stickers are on cheap enough to put
(Continue reading)

Declan McCullagh | 8 Jul 06:27 2005

Visa, MasterCard security breach lawsuit update: $$$ damages? [priv]

-------- Original Message --------
Subject: 	Cardsystems Case Update - First Amended Complaint Filed Today
- Politech
Date: 	Wed, 6 Jul 2005 12:33:39 -0700
From: 	Ira P. Rothken <ira <at>>
To: 	'Declan McCullagh' <declan <at>>
CC: 	<ira <at>>


Today plaintiffs' filed a First Amended Complaint ("FAC") in the case
against Cardsystems, Visa, MasterCard, Merrick Bank, and others. The FAC
alleges that defendants were negligent in the security of consumer
credit card data which led to the data being hacked and compromised.

It is alleged in the First Amended Complaint that, on information and
belief, defendants knew or should have known that Cardsystems failed
multiple security audits, did not comply with credit card data security
standards during the past year, and defendants continued to allow them
to process consumer credit card transactions. The plaintiffs are now
seeking money damages. The First Amended Complaint can be found here:

Ira P. Rothken
Rothken Law Firm
ira <at> <BLOCKED::mailto:ira <at>>
(Continue reading)

Declan McCullagh | 8 Jul 06:33 2005

Who's liable for "smart card" security breaches? You? [econ]

-------- Original Message --------
Subject: 	"the liability in case of fraud will shift from issuers to
Date: 	Wed, 06 Jul 2005 17:32:00 -0600
From: 	Tony Toews <tony <at>>
To: 	Declan McCullagh <declan <at>>


There was an interesting sentence in a press release with respect to
using smart cards in Canada.

"With a market of approximately 55 million cards, it is anticipated that
issuers will start
deploying smart cards in 2006 with critical mass expected by 2010, after
which the
liability in case of fraud will shift from issuers to acquirers."

Who are acquirers?  Joe Consumer?   If so why would the liability
shift?   What if the systems have been broken by then?

I can appreciate that credit card and debit card fraud rates are quite
high and that newer, more secure technology is quite reasonable.
However assuming that the cardholder is automatically at fault bothers me.


(Continue reading)