Feeds

Journalist beats-off Microsoft subpoeana

Hats off to Dan Goodin for hanging in there - and brickbats to Yahoo for not

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Electronic privacy may be coming, but the legal right to privacy in the US is not what might be expected from assurances by Yahoo, AOL and Microsoft. True stories of general interest nevertheless have a greater likelihood of being told without repercussions if told to a journalist, as Dan Goodin of CNET has shown by shaking off a subpoena to squeal on his source for a juicy Gates' story. At issue is the right to anonymity on bulletin boards and the Internet. The US Supreme Court has ruled that anonymity in communication is allowed under the First Amendment, but that's not how the service providers see it. They have fine phrases assuring privacy, but do not wish to become involved if a company wants to find out the identity of disgruntled employees expressing their views on the Web. The latest to get shirty is Raytheon, the defence contractor: reports say that two employees have been dismissed after disclosure of their personal data by Yahoo. Yahoo, heroically, says it always complies with court orders. The core of the privacy issue is whether personal details should be released in response to a subpoena or other legal process without the opportunity for a defence. The problem areas split into three: malicious statements that are not true; the disclosure of confidential company information; and value judgments about a company, together with true facts that a company may not wish to be known but are of general interest. Few people would disagree that spreading maliciously false information should be discouraged, and that after proper legal examination of the merits of a claim, disclosure of a user's name is not unreasonable, providing the user is notified in advance. There is a grey area so far as the disclosure of allegedly confidential information is concerned. Definitions of "confidential" vary, and in some cases disclosure is in effect whistleblowing about some unethical behaviour by a company. So far as value judgements and general interest information are concerned, it is hard to see why a mature company should be unduly concerned about these. Employees that stay with a company that they criticise make fools of themselves. Companies that feel that their reputations are suffering as the result of anonymous postings should consider defending their actions and challenging the attackers to produce evidence. ISPs give way very easily to information requests from companies about anonymous posters because they do not want the hassle of defending themselves. AOL says it gives its customers 14 days to challenge a legal process or comply with it, before disclosing their name. Microsoft will only say that it "usually" notifies customers before it divulges personal information, but has no written policy about this. But journalist Dan Goodin has successfully defeated a subpoena from Microsoft requiring him to disclose how he obtained an email written by Bill Gates in which Gates said that Java "scares the hell out of me". His story was carried on CNET last September. Although the email is now in the public domain, Microsoft was at the time most upset that Goodin had been able to obtain a copy, and claimed that it wanted to find out who was responsible for allegedly violating the court order sealing the document. In the San Jose District Court, Magistrate Patricia Trumbull ruled that Goodin could have obtained the document from many sources without violating the court's seal. Microsoft's effort to keep its leader's words confidential not only failed, but gave them wider circulation than would otherwise have been the case. Microsoft is apparently chewing over whether to appeal, but it seems unlikely. It is noteworthy that Goodin was prepared to go to prison to defend his source, but ISPs do not have the ethical fortitude to see if there is a good case before disclosing their customers' private details to ISPs. If there's a moral in all this, it is that if you have an interesting story, tell it to a journalist with integrity (no jokes please), and avoid getting fired by companies like Raytheon. But if the story is unfounded, it's on your own head if an employer objects to untrue comment when it is posted. ®

Combat fraud and increase customer satisfaction

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.