Richard Allan, a former member of Parliament in Britain who is the European director of policy for Facebook, and another executive from Facebook’s headquarters in Menlo Park, California, will meet with Max Schrems, a 24-year-old college student.
Mr. Schrems, a law student at the University of Vienna and a user of Facebook since 2008, has led a vocal campaign in Europe against what he maintains are Facebook’s illegal practices of collecting and marketing users’ personal data, often without consent.
In less than a year, Mr. Schrems’s one-person operation has morphed into a Web site, Europe Versus Facebook, and a grass-roots movement that has persuaded 40,000 people to contact Facebook in Ireland, where its European headquarters are located, to demand a summary of all the personal data the U.S. company is holding on them.
Mr. Schrems and his crusade have become a cause célèbre in parts of Europe, attracting the attention of lawmakers in Brussels as the Continent begins a lengthy debate over tough new proposed restrictions on personal data, which could affect Web businesses like Facebook.
Last month, the author of a proposed European data protection law, which would update a 1995 statute to reflect the realities of the digital age, cited Mr. Schrems’s case as an example of why European lawmakers should adopt tightened controls over Web businesses.
The plan put forward by Viviane Reding, the European justice commissioner, would give E.U. residents the right to opt out more easily of standard data collection practices used by businesses like Facebook. It would also compel companies to expunge all personal data, permanently, at a consumer’s request.
Both elements have the potential to hamper the data-harvesting engine that is at the heart of Facebook’s advertising-driven business, and of its value.
Facebook said in a statement that its data practices followed European law and that the company had gone out of its way to meet Mr. Schrems’s request for personal information. The company also noted that Facebook users could easily obtain a copy of their information on Facebook by using a function within their personal account settings.
The company said a report in December from an Irish regulator demonstrated “how Facebook adheres to European data protection principles and complies with Irish law.” It says it is not only fully compliant with E.U. data protection laws, but “we also strongly believe that every Facebook user owns his or her own data and should have simple and easy access to it.”
Mr. Schrems appeared on Facebook’s radar last June when he filed a complaint against the company with the Irish regulator, the office of the Irish Data Protection Commissioner, in Port Arlington, Ireland. He alleged 22 violations of European law. Mr. Schrems filed the grievance after using a provision of Irish law to obtain from Facebook a copy of all of the information the company had been keeping on him.
Facebook sent Mr. Schrems a computer disc containing 1,222 pages of information.
The disc, Mr. Schrems said, showed that Facebook was routinely collecting data that he had never consented to give, like his physical location, which he assumes was determined from his computer’s unique address identifiers, which can be traced geographically. Facebook was also retaining data he had deleted, Mr. Schrems said.
Irish officials began an audit based on his complaints and in October visited Facebook’s offices in the Hanover Quay section of Dublin, where the company employs more than 400 workers to direct many of its global operations outside North America.
On Dec. 21, the Irish regulator, which has a staff of only 22 employees, released a 150-page report that gave Facebook until July to make a series of changes in the way it collects and retains data and how it explains to users how their information is being used.
http://www.nytimes.com/2012/02/06/technology/06iht-rawdata06.html?ref=technology
Google (Nasdaq: GOOG) last week announced it's beefed up security at the Android Market with a malware sniffing system called "Bouncer."
Bouncer analyzes new and existing apps, as well as developer accounts. Before apps are allowed to be sold in the market, they're analyzed to see if they contain any known malware, spyware or trojans.
Apps will also run in the Google cloud to see if they're exhibiting bad behavior.
In addition, the bona fides of new developers are reviewed to prevent malicious devs from returning to the market after they've been eighty-sixed by Google.
Bouncer received plaudits from some security experts. "Its a good first step to add an entry barrier to upfront malicious apps," Trend Micro (Nasdaq: TMIC) Threat Research Manager Jamz Yaneza told TechNewsWorld.
"Over time, filters, including improved sandboxing and heuristics, will add a better layer," Yaneza added.
"This is a good and really necessary move Google is taking," Kaspersky Lab's Global Research and Analysis Team Leader for Latin America Dmitry Bestuzhev told TechNewsWorld.
The effectiveness of Bouncer will depend on the quality of the software it uses to detect malware, he added.
Emulation is also a good tool, but clever malware writers will program their software to act innocently when it detects an emulation is being run on it, he explained.
Finally, vetting new developers is a good idea as well, he noted, but that will probably lead to miscreants hacking into trusted accounts.
"If a developer is already known and trusted by Google, that developer's account will be a prime target for cybercriminals," he said.
Fighting Domain Spoofing
Some heavyweights in the email space announced last week a new specification that they hope will curb phishing on the Internet.
Google, Microsoft (Nasdaq: MSFT), Yahoo (Nasdaq: YHOO) and AOL pulled the wraps off Domain-based Message Authentication, Reporting and Conformance, or DMARC.
Currently, it's far too easy for spammers and phishers to fake where their email originates. For example, someone "phishing" for information to break into your bank account might request that info by sending you a message using the domain of your bank. DMARC is aimed at making that kind of spoofing harder.
For years, several authentication methods have been used by email providers. However, "there hasn't been a decrease in spam or phishing over the years because these standards don't interoperate and there hasn't been a broad adoption of them," Dave Jevans, chairman of the Anti-Phishing Work Group, told TechNewsWorld.
What DMARC does, essentially, is allow an email operator to refuse delivery of an email message if it isn't from where it says its from. So if a message says it's from your bank, an email operator can check the bank's DMARC record, compare it to the routing information in the message, and if the two don't jibe in some way, ditch the message.
While DMARC is a step forward in the battle against malmail, it's by no means a silver bullet. "We're still going to have phishing 20 years from now," Jevans predicted.
Breach Diary
Jan. 28: Unknown parties breached the Portuguese website of Universal Music Group and post more than 150 names and passwords of users to the Internet.
Jan. 31: Anonymous breached the computers of the Salt Lake City Police Department and posted more than 1,000 names and passwords to the Internet in protest of a bill filed in the Utah Senate that would prohibit the possession of "any instrument, tool or device that is commonly used to make graffiti with the intent to deface the property of another."
Jan. 31: An unknown intruder breached a Polish coin-collecting website and posted more than 5,200 names and passwords to the Internet. No reason for the attack was stated by the hacker.
Feb. 2: Verisign acknowledged that it had been repeatedly breached by unknown parties during 2010. The company did not disclose any details on what data was stolen by the intruders but stated it did not believe the attacks breached its servers that support the Domain Name System for more than half the Internet.
Feb . 3: Anonymous posted to the Internet a 17-minute recording of a conference call between the FBI and Scotland Yard in which evidence and plans against the group were discussed, as well as the email addresses of more than 40 law enforcement officials who received a memo about the conference.
Copyright: http://www.technewsworld.com/story/Googles-New-App-Mall-Cop-74349.html