September 27, 2023

2 Charged With Stealing Code From Flow Traders Firm

Two men, one a former trader, have been charged with stealing secret computer code from a high-frequency trading firm in Manhattan in an effort to start their own business, the Manhattan district attorney’s office said. Another man was also charged in the scheme.

The former trader, Jason Vuu, who worked at Flow Traders in Manhattan, was charged with e-mailing himself trading strategies, valuation algorithms and proprietary code from the firm and sharing the code with Simon Lu, according to the district attorney, Cyrus R. Vance Jr.

Mr. Vuu sent copies of files from his work e-mail account to his personal e-mail address 10 times from August 2011 to August 2012, the complaint said. He also shared source code with Mr. Lu via the file-hosting service Dropbox after Mr. Lu suggested the code could help them start their own firm, according to the complaint.

Paul Shechtman, a lawyer for Mr. Lu, 25, of Pittsburgh, and Jeremy Saland, a lawyer for Mr. Vuu, 26, of California, did not immediately respond on Monday to requests for comment.

Another former trader at Flow Traders, Glen Cressman, 26, of Fort Lauderdale, Fla., was charged with copying files containing trading strategies and valuation algorithms without permission, according to the complaint.

Mr. Cressman’s personal e-mail account received copied files containing trading strategies and valuation algorithms twice in December 2012, according to the complaint.

Charles Ross, who represents Mr. Cressman, said his client was innocent.

“He was a fine employee, and when everything about the case is aired, it will be clear he did nothing wrong,” Mr. Ross said.

Mr. Lu, Mr. Vuu and Mr. Cressman face multiple counts of unlawful duplication of computer-related material and unauthorized use of secret scientific material. The charges carry up to four years in prison.

They were arraigned on the charges two weeks ago and are due back in court on Nov. 18, when they could face grand jury indictments.

A year ago, the Manhattan district attorney’s office charged a former programmer for Goldman Sachs, Sergey Aleynikov, with stealing secret trading code. Mr. Aleynikov was convicted in federal court, but an appeals court overturned his conviction in February 2012, restricting the use of a national law cited in the federal prosecutors’ case.

Mr. Aleynikov was then charged under New York state law. He has pleaded not guilty and is free on bail.

The charges in the Flow Traders case were reported earlier this week by The Wall Street Journal.

Article source:

Anonymous Payment Schemes Thriving on Web

And so began a collaboration between his organization, major banks, credit card companies, Internet service providers, payment processors, and Internet companies like Google and Microsoft. They had hoped to follow the money and quash child pornography for good.

But at some point the money trail went cold. For the last year, Mr. Allen has been working with global law enforcement and financial leaders to find out why.

He may be getting closer to an answer. Today, cybersecurity experts say billions of dollars made from child pornography and illicit sales of things like national secrets and drugs are being moved through anonymous Internet payment systems like Liberty Reserve, the currency exchange whose operators were indicted Tuesday for laundering $6 billion. Preet Bharara, the United States attorney in Manhattan, described it as the largest online money-laundering case in history.

“What we have concluded is that illegal enterprises — commercial child pornography, human trafficking, drug trafficking, weapons trafficking and organized crime — has largely moved to an unregulated system that is not connected to any central bank or national authority,” Mr. Allen said. “The key to all of this has been anonymity.”

Liberty Reserve was shut down last weekend, but cybersecurity experts said it was just one among hundreds of anonymous Internet payment systems. They said online systems like the Moscow-based WebMoney, Perfect Money, based in Panama, and CashU, which serves the Middle East and North Africa, require little more than a valid e-mail address to initiate an account. The names and locations of the actual users are unknown and can be easily fabricated. And they worry that the no-questions-asked verification system has created a safe harbor for illicit activity.

“There are a multitude of anonymous payment systems out there, similar to Liberty Reserve, of which there are over one hundred,” said Tom Kellermann, a vice president at the security company Trend Micro. “Many pretend to ‘know your customer’ but do not actually do due diligence.”

Representatives for WebMoney, Perfect Money and CashU did not return e-mailed requests for comment.

Currency exchanges like Liberty Reserve do not take or make payments of actual cash directly. Instead, they work with third parties that take payments and, in turn, credit the Liberty Reserve account.

After the authorities went after Liberty Reserve, underground forums buzzed with comments from people mourning the potential loss of frozen funds and others offering alternatives, including Bitcoin, the peer-to-peer payment network started in 2009 to offer a decentralized way to create and transfer electronic cash around the world.

In closed underground Russian-language forums, one person wrote, “I had almost 6k there. Where to now?” Another suggested, “Maybe another alternative is Perfect Money? I wonder if Bitcoin exchange rate will go up or not.”

Indeed, the value of the Bitcoin virtual currency spiked temporarily on news of the Liberty Reserve shutdown. But law enforcement officials say Liberty Reserve operated with more anonymity than Bitcoin. Unlike Liberty Reserve and other anonymous payment systems, Bitcoin transactions are stored in a public ledger, called a block chain, that make it possible to trace Bitcoin transactions even years after the fact.

“You can track specific Bitcoin movements just as you would the serial number on a U.S. dollar,” said Jeff Garzik, a Bitcoin developer. The real concern, security experts say, are private payment services that claim to do due diligence, but do not do even the most basic verification.

This article has been revised to reflect the following correction:

Correction: May 31, 2013

Because of an editing error, an article on Thursday about anonymous payment schemes and how they are thriving on the Web referred incorrectly to Bitcoin, a peer-to-peer payment network started in 2009. Bitcoin was meant to offer a decentralized way — not centralized — to create and transfer electronic cash.

Article source:

Bucks Blog: Why Retailers Ask for Your ZIP Code

I usually dread shopping in stores. Trying on clothes is tedious, and sometimes completing the actual purchase is, too. Retailers like to ask for all sorts of information as they’re ringing up your merchandise, like your e-mail address and ZIP code. I just want to pay and be on my way, and they give me the third degree.

I always decline to give my e-mail address, since the last thing I need is more promotions clogging my in-box. But I’m often puzzled about the ZIP code, since in some instances — when paying for gasoline at the pump, for instance— you must type in your ZIP code to complete the transaction. It’s a security feature to verify that you’re authorized to use the card, since a clerk isn’t physically examining it.

It turns out, though, that stores are asking you for marketing purposes — an issue that is starting to come to light in state courts. Stores want your ZIP code because, combined with your name from your credit card, they can use it to find out other information about you from commercial databases, like your full mailing address. They may even sell the information to data brokers, who sell it to other marketers.

The result can be unwanted catalogs and other junk mail. (To get a simple idea of the cumulative impact of each tidbit of information, try searching for your name alone on Google search, and then search again using your name and ZIP code, and see how much more data comes back. If you have an uncommon name — as I do — it’s eye opening.)

In March, the Massachusetts Supreme Judicial Court ruled that collecting ZIP codes for credit card purchases violates a state consumer protection law. The ruling stemmed from a lawsuit a shopper had initially filed in federal court against the craft chain Michaels Stores Inc. The plaintiff said that because she had mistakenly believed that the information was necessary to complete the sale, she provided her ZIP code upon request several times when shopping there. As a result, her complaint said, she received unsolicited phone calls and mailings.

“Armed with a consumer’s name and ZIP code, Michaels is capable of obtaining its customers’ complete mailing address by utilizing a ‘reverse phone book’ that matches names and ZIP code, which it does in order to increase profits through direct marketing, or it could sell its customers’ mailing addresses to third parties,” the plaintiff argued in a legal brief filed with the state court.

The court found that a ZIP code was “personal identification information” because when combined with the consumer’s name, it provided enough information to identify the consumer’s address or telephone number.

A Michaels spokesman didn’t respond to a request for comment.

The case is similar to one in California in 2011, in which the state’s Supreme Court ruled that ZIP codes qualified as personal information under a state credit card privacy law. About a dozen other states have similar laws but so far they haven’t been interpreted in the same way, retail lawyers say.

The Massachusetts case is leading to suits against other stores, as happened in California.

So what should you do if you’re asked for your ZIP code at checkout?

Gregory Parks, a lawyer who represents big merchants as head of the retail litigation practice group at Morgan Lewis in Philadelphia, said most stores won’t insist that you give your ZIP code. So if you don’t want to provide it, you should just politely decline. “If you prefer not to give it, they’ll process the sale anyway,” he said.

But all stores are still entitled to ask for the information, he said, if it is required to complete a transaction. One example, he said, is if you hand over your credit card to the clerk but for some reason it won’t swipe properly. The store needs extra information to verify that you are authorized to use the card.

(American Express gives merchants the option of a using a system in which shoppers must provide their ZIP code, to match with the billing ZIP code on file, as an antifraud mechanism. Generally, an American Express spokeswoman said, merchants are restricted from using or storing information about the cardholder for other purposes.)

Mr. Parks also said that the court’s restriction didn’t apply to cash transactions. Stores seek ZIP code information to better identify where their customers are located, which helps in selecting sites for new stores, and to make sure that stores have the products that customers in that area want. “They want to improve customer service and have stuff you want to buy,” he said. Providing the information is still optional. But since you’re not providing a credit card with your name on it, it’s unlikely to lead to unwanted solicitations.

Mallory Duncan, general counsel for the National Retail Federation, said consumers needn’t give their ZIP code if they would rather not, but they may do themselves a disservice by withholding it. “I guess the question is, what is the perceived harm you’re trying to protect against?” he said. “A better selection in the stores? That’s an odd harm to be protecting against.”

Nancy Perkins, a lawyer with Arnold Porter in Washington, D.C., who specializes in data privacy, said customers can simply ask if the information is necessary to complete the transaction.

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, suggested that if you would  rather not get into a possible debate with a store clerk — or if, for some reason, the cashier doesn’t know how to finish the transaction without a ZIP code — that you simply give an incorrect one. Or, “Make one up.”

What do you do if you’re asked for your ZIP code or other information when shopping?

Article source:

Web Privacy, and How Consumers Let Down Their Guard

But wait: What did you just agree to? Did you mean to reveal information as vital as your date of birth and e-mail address?

Most of us face such decisions daily. We are hurried and distracted and don’t pay close attention to what we are doing. Often, we turn over our data in exchange for a deal we can’t refuse.

Alessandro Acquisti, a behavioral economist at Carnegie Mellon University in Pittsburgh, studies how we make these choices. In a series of provocative experiments, he has shown that despite how much we say we value our privacy — and we do, again and again — we tend to act inconsistently.

Mr. Acquisti is something of a pioneer in this emerging field of research. His experiments can take time. The last one, revealing how Facebook users had tightened their privacy settings, took seven years. They can also be imaginative: he has been known to dispatch graduate students to a suburban mall in the name of science. And they are often unsettling: A 2011 study showed that it was possible to deduce portions of a person’s Social Security number from nothing but a photograph posted online. He is now studying how online social networks can enable employers to illegally discriminate in hiring.

Mr. Acquisti, 40, sees himself not as a nag, but as an observer holding up a mirror to the flaws we cannot always see ourselves. “Should people be worried? I don’t know,” he said with a shrug in his office at Carnegie Mellon. “My role is not telling people what to do. My role is showing why we do certain things and what may be certain consequences. Everyone will have to decide for themselves.”

Those who follow his work say it has important policy implications as regulators in Washington, Brussels and elsewhere scrutinize the ways that companies leverage the personal data they collect from users. The Federal Trade Commission last year settled with Facebook, resolving charges that it had deceived users with changes to its privacy settings. State regulators recently fined Google for harvesting e-mails and passwords of unsuspecting users during its Street View mapping project. Last year, the White House proposed a privacy bill of rights to give consumers greater control over how their personal data is used.

Mr. Acquisti has been at the forefront, testifying in Congress and conferring with the F.T.C. David C. Vladeck, who until recently headed the agency’s Bureau of Consumer Protection, said Mr. Acquisti’s research on facial recognition spurred the commission to issue a report on the subject last year. “No question it’s been influential,” Mr. Vladeck said of Mr. Acquisti’s work.

Companies, too, are interested; Microsoft Research and Google have offered Mr. Acquisti research fellowships. Over all, his research argues that when it comes to privacy, policy makers should carefully consider how people actually behave. We don’t always act in our own best interest, his research suggests. We can be easily manipulated by how we are asked for information. Even something as simple as a playfully designed site can nudge us to reveal more of ourselves than a serious-looking one.

“His work has gone a long way in trying to help us figure out how irrational we are in privacy related decisions,” says Woodrow Hartzog, an assistant professor of law who studies digital privacy at Samford University in Birmingham, Ala. “We have too much confidence in our ability to make decisions.”

This is perhaps Mr. Acquisti’s most salient contribution to the discussion. Solutions to our leaky privacy system tend to focus on transparency and control — that our best hope is knowing what our data is being used for and choosing whether to participate. But a challenge to that conventional wisdom emerges in his research. Giving users control may be an essential step, but it may also be a bit of an illusion.

IF iron ore was the raw material that enriched the steel baron Andrew Carnegie in the Industrial Age, personal data is what fuels the barons of the Internet age. Mr. Acquisti investigates the trade-offs that users make when they give up that data, and who gains and loses in those transactions. Often there are immediate rewards (cheap sandals) and sometimes intangible risks downstream (identity theft). “Privacy is delayed gratification,” he warned.

Mr. Acquisti, lean and loquacious, grew up in Italy. His father, Giancarlo, was a banker by profession and a pianist on the side. Mr. Acquisti inherited his father’s passion for music; last year he helped him write an opera about Margherita Luti, the woman believed to be the painter Raphael’s lover and muse. Mr. Acquisti’s other passion is motorcycle racing — he rides a red Ducati — though the pursuit of tenure, which he acquired last year, has lately kept him off the racing circuit.

He earned a bachelor’s degree in economics in Rome and master’s degrees in the subject from Trinity College in Dublin and the London School of Economics, and he became interested in the economics of privacy while studying for a doctorate in the interdisciplinary School of Information at the University of California, Berkeley.

Article source:

Microsoft Releases Report on Law Enforcement Requests

The report, which Microsoft plans to update every six months, showed that law enforcement agencies in five countries — Turkey, the United States, Britain, France and Germany — accounted for 69 percent of the 70,665 requests Microsoft received during 2012.

In 8 of 10 requests, Microsoft provided agencies with elements of so-called non-content information such as an account holder’s name, gender, e-mail address, IP address, country of residence and dates and times of data traffic.

In 2.1 percent of requests Microsoft disclosed the actual content of a communication, such as the subject headline of an e-mail, the contents of an e-mail, or a picture stored on SkyDrive, its cloud computing service.

Microsoft said it disclosed the content of communications in 1,544 cases to U.S. law enforcement agencies, and in 14 cases to agents in Brazil, Ireland, Canada and New Zealand.

“Government requests for online data are like the dark matter of the Internet,” said Eva Galperin, a global policy analyst at the Electronic Frontier Foundation in San Francisco, which has campaigned for greater disclosure.

She said that even with Microsoft’s disclosures, fewer than 10 companies publish the extent of their cooperation with law enforcement agencies.

“Only a few companies report this, but they are only a very small percent of the online universe,” Ms. Galperin said. “So any one company that joins the disclosure effort is good news. The faster this becomes a standard for all Web businesses, the better.”

The law enforcement requests targeted users of Microsoft services such as Hotmail,, SkyDrive, Skype and Xbox Live, services where consumers are typically asked to enter their personal details in order to obtain service.

Google was the first major Web business in 2010 to begin reporting the level of legal requests it received for information. Since then, Twitter, LinkedIn and some smaller companies have also reported, but big businesses such as Apple and Yahoo still do not.

Microsoft also initially resisted. In January, a group of more than 100 Internet activists and digital rights groups signed a petition asking Microsoft to disclose its data-handling practices for Skype, the Internet voice and video service it bought in 2011.

But Microsoft did provide two new facets of detail in its transparency report that rivals have not addressed in similar fashion — supplying detail on the reason why it rejected some requests, and listing separate categories by country on how it responded to requests for actual content of communications and to requests for non-content data.

In its transparency report, Microsoft also published separate information for Skype, which continues to be based in Luxembourg and therefore is subject to national and E.U. law.

During 2012, Microsoft disclosed in 4,713 cases administrative details of Skype accounts — such as a user’s SkypeID, name, email account, billing information, and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number.

But Microsoft said it released no content from any Skype transmissions during 2012. Microsoft has said that the peer-to-peer nature of Skype’s Internet conversations mean the company does not store and has no historic access to Skype conversations.

The top countries that made requests and received information from Microsoft for Skype non-content information last year, in descending order, were Britain, the United States, Germany, France and Taiwan, which accounted for eight in 10 Skype requests.

Microsoft did not disclose the total number of requests it had received for Skype information, but said it aimed to do so starting in its next report later this year.

Brad Smith, a Microsoft executive vice president and the company’s general counsel, estimated that the number of requests Microsoft received during 2012 covered only a tiny fraction of its vast customer base, which the company estimates to be in the hundreds of millions of users.

Mr. Smith, in a blog post, said the 2012 requests affected less than 0.02 percent, or less than two one-hundredths of 1 percent, of Microsoft account holders. He noted that Microsoft, like all global businesses, was obligated to comply with legal requests from law enforcement. But Mr. Smith wrote that Microsoft had set high standards for complying.

Law enforcement agencies must first present a subpoena or its foreign equivalent to obtain non-content data on Microsoft users, Mr. Smith wrote. To obtain the contents of e-mails and other communications, Microsoft requires agencies to submit a warrant, which in the United States are issued by court judges, or in Britain, by the Home Secretary.

Microsoft rejected requests for data in 18 percent of cases during 2012, mostly because the company said it couldn’t find any information on the requested individuals or because law enforcement had not demonstrated proper legal justification for the requests.

Microsoft also said it received a minuscule number of requests for data on businesses.

During 2012, Microsoft said it received only 11 requests for information on business clients, and complied in only four instances — after Microsoft said it had either obtained consent from the business or already had in effect a contract to disclose the information.

“Like every company we are obligated to comply with legally binding requests from law enforcement, and we respect and appreciate the role that law enforcement personnel play in so many countries to protect the public’s safety,” Mr. Smith wrote on his blog. “As we continue to move forward, Microsoft is committed to respecting human rights, free expression, and individual privacy.”

Article source:

Bucks Blog: On Online Matchmaker for Tax Preparers and Clients

The traditional way to find a tax preparer is to ask your friends and family for a recommendation. But what if you don’t want to go the word-of-mouth route — and risk ending up with your eccentric second cousin doing your taxes (or your ignorant but well-meaning friend’s idea of a good accountant)?

Glen Ross, an accountant on Long Island, thinks he has the answer: A new Web site that aims to match taxpayers with preparers online.

The site is Mr. Ross concedes that it doesn’t really mean anything, although he says it is derived, sort of, from the root of the words for “to bid,” in Latin. It has signed up about 400 tax preparers in more than 40 states and is seeking consumers who need their tax returns prepared.

Mr. Ross said he noticed that over the last year or two, the number of inquiries he received from clients who had located him online was increasing. It seemed to him as though consumers were ready to consider new ways of finding tax preparers other than through the traditional word-of-mouth.

Here’s how it works. You register at Prosado, which requires giving your name and e-mail address and choosing a password. (You don’t have to provide any financial details until you accept a bid and communicate with the preparer.) You designate what sort of criteria you’re seeking in a preparer, like an advanced accounting degree, years of experience, etc. You can also indicate if you prefer someone who has offices close to you.

(Mr. Ross says the idea is that the selection shouldn’t always be based on the lowest bid but rather on whether the preparer is best-suited to your requirements.)

Then you go down a checklist and mark what type tax-related documents you have, whether you’ve made any charitable contributions, etc. Based on that information — say, you have a W-2 (wages), two 1099s (miscellaneous income), a dividend statement and form for mortgage interest — participating preparers submit bids for your business. [Read more…]

Article source:

Media Decoder Blog: Twitter Backpedals on Reporter’s Post

Twitter has become the default for people when they have a complaint. Even when that complaint is about Twitter.

The company found itself at the center of a Twitter firestorm when it suspended on Sunday the account of Guy Adams, a British newspaper reporter for The Independent, after he had posted complaints about NBC’s tape-delayed Olympics coverage. The posts included the e-mail address of Gary Zenkel, the head of NBC Sports.

On Tuesday, both Twitter and NBC backpedaled. While Twitter officials stress that the company generally does not monitor content, Alex Macgillivray, Twitter’s general counsel, admitted in a statement on Tuesday that Twitter “did proactively identify a Tweet that was in violation of the Twitter rules and encouraged them” — NBC — “to file a support ticket with our Trust and Safety team to report the violation.”

Chloe Sladden, vice president for media at Twitter, personally apologized on her Twitter feed for the mistake. NBC also issued a statement apologizing for having the reporter’s account suspended. Twitter then reactivated the reporter’s account.

“Our interest was in protecting our executive, not suspending the user from Twitter,” an NBC spokesman said in a statement. “We didn’t initially understand the repercussions of our complaint, but now that we do, we have rescinded it.”

But the initial suspension already put both companies out of favor with many Twitter faithful. Out of solidarity for Mr. Adams, supporters also started posting the e-mail address of Mr. Zenkel, the NBC executive. They paired the hashtags #guyadams with #NBCfail. They called the incident a “watershed moment” for social media and accused Twitter executives of censoring Mr. Adams’s account “to cater to corporate whim.”

They also went for the jugular by threatening not to tune in to NBC’s Olympics coverage. Mr. Adams gained several thousand new followers after Twitter reinstated his account.

“Thanks to @NBCOlympics behavior wrt @GuyAdams I won’t be watching any more Olympics. Sorry, London.” wrote one follower.

Twitter has always enjoyed an extraordinary amount of good will from its users in part because it does not require them to sign in under their own names (unlike Facebook) and it allows almost unlimited free speech. The suspension of Mr. Adams’s account seemed like an exception to Twitter rules based on a corporate relationship.

Last month, Twitter and NBC announced a partnership to share their Olympics coverage across both of their platforms. NBC would promote Twitter’s Olympic event page through on-air graphics and Twitter would include NBC commentators on its Olympic events page.

The problems started on Friday evening when Mr. Adams, who is based in Los Angeles, started posting on Twitter how frustrated he was that NBC was delaying television coverage until prime time. He wrote, “Am I alone in wondering why NBColympics think its acceptable to pretend this road race is being broadcast live?” As his frustration grew, he filed a post to Twitter that was heard throughout social media.

“The man responsible for NBC pretending the Olympics haven’t started yet is Gary Zenkel. Tell him what u think!” He ended his post with the work e-mail address of Mr. Zenkel. Soon he was retweeted and some angry followers added the hashtag #NBCFAIL.

That’s when Twitter officials abandoned their usual stance and contacted NBC employees they knew through their Olympics partnership. They told them about the post and advised them on how to suspend Mr. Adams’s account. Writing in The Independent, Mr. Adams said he discovered that his account had been suspended “for posting an individual’s private information such as private e-mail address.” But he stressed, “I do not wish Mr. Zenkel any harm.”

Jillian C. York, director for international freedom of expression at the Electronic Frontier Foundation, a civil liberties group, said that the incident was a departure from Twitter’s generally strong reputation as a supporter of free speech.

“Twitter has a pretty strong history in defending free speech. They’ve stood up for users in court. They’ve publicly written about their dedication to free expression,” said Ms. York. “Twitter needs to do more work this time around to make people trust them again.”

Article source:

Slipstream: Just Give Me the Right to Be Forgotten

I had given my e-mail address and mobile phone number to my dentist’s office a couple of years ago, for those rare occasions when he might need to communicate with me. Now, here I was receiving what I deemed unwanted promotional e-mail — and a text message — about the dentist’s services via Demandforce, a firm in San Francisco that handles customer communications for some 11,000 small business including dentists, spas and automotive shops. (Demandforce describes such messages as appointment reminders.)

Of course, some people may not mind receiving automated, unsolicited birthday greetings or thank-you e-mails on behalf of their health care providers. But I felt that the conditions under which I had provided my contact information had been violated. I wanted the dentist’s office and Demandforce to erase my information.

That proved easy enough — in this instance. But, as I looked into the matter, I discovered that I, as an American, did not actually have an automatic right to demand that a company erase personal information about me.

Even as Congress and agencies like the Federal Trade Commission propose new privacy measures, it turns out that the United States still lags behind Europe in ensuring some controls. And, as my colleague Suzanne Daley recently reported, Europeans are hotly debating whether to do more.

Already, under the data protection directive of the European Union, people who have contracted with a company generally have a right to withdraw their permission for it to keep their personal data. Under this “right to be forgotten,” Europeans who terminate frequent-flier memberships, for example, can demand that airlines delete their flight and mileage records, says Lukas Feiler, a lawyer who specializes in information technology and privacy law.

“If I withdraw my consent to the storage of my personal data, they would not have the right to store it,” says Mr. Feiler, an associate at Wolf Theiss, a law firm with headquarters in Vienna. But there are exceptions, he says — for example, when a company has a legitimate reason to store the data that supersedes an individual user’s interest.

In the United States, however, personal information about a consumer generally may be kept by the company that processes it — except for certain regulated industries like credit. Individual companies in many sectors set their own policies on data retention. Some agree to delete information; others don’t.

“As a general matter, companies in the United States don’t have to recognize your right to be deleted,” says Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a research group in Washington. “They may choose to accommodate you, but they are not required to.”

Certainly, there are many legitimate reasons for that. Businesses often keep records for tax or auditing purposes. Lawyers’ and doctors’ offices maintain records for a certain period to protect themselves against malpractice suits.

Now, however, some politicians, regulators and companies want to give Americans more control over their personal information — with limits on data use and retention, says Christopher Wolf, a lawyer who specializes in privacy and the co-chairman of the Future of Privacy Forum in Washington.

“We need to move more toward that regime in order to empower consumers,” Mr. Wolf says. But any limits, he emphasizes, would have to carefully balance personal privacy against the right to free speech and public access to information.

A bill introduced in the House last May, called the Do Not Track Kids Act of 2011, includes an “eraser button” provision for children and parents. It would require companies, when feasible, to allow users to delete publicly available personal information about minors from a Web site. (So far, there is no proposed equivalent covering grown-ups.)

But in a preliminary report, the F.T.C. has endorsed a related idea — that companies collect only the data they need about people and keep it no longer than necessary. If businesses minimize data collection from the get-go, there may be less need for an eraser button later, says Jessica Rich, deputy director of the F.T.C.’s bureau of consumer protection.

For now, she suggests that people read company privacy policies and “figure out ahead of time whether you have the ability to delete your data.”

Mr. Feiler in Vienna says the best hope is market innovation. With people attuned to data proliferation, he says, businesses with enhanced privacy options should prosper. Social networking sites, for instance, could differentiate themselves by offering automatic erasure, giving users the choice to delete their entire records, say, every six months.

“Some consumers would find that very useful,” Mr. Feiler says. “Others may want all their data to be available at least as long as they live.”

In the meantime, Americans like me, who would like companies to delete certain personal information, may find themselves depending on the kindness of strangers — or, at least, acquaintances.

My dentist said his office started using updated, automated communications to keep up with increasingly mobile patients who enjoy social networking but often change their contact information. He immediately agreed to delete some of my details from the system, even though I will now be harder to contact.

Demandforce, the customer communications company, was equally responsive.

Rick Berry, its president, told me that the firm didn’t send out unsolicited e-mails; it merely acts like a communications representative of a small business, transmitting digital reminders where a dentist’s office might once have mailed postcards. He adds that the firm encrypts user data and adheres to health privacy regulations. If people have privacy concerns, they can easily opt out of further contact.

I, however, shouldn’t have received a text message in the first place, said Patrick Barry, Demandforce’s vice president for marketing, since I didn’t give permission for my mobile number to be used that way.

The dentist’s front office “should have opted you out of receiving even a welcome text message,” Mr. Barry said. In a follow-up e-mail, he said Demandforce had deleted my record: “The system has officially ‘forgotten’ you.”

But in a data economy where personal information is an increasingly valuable currency, a consumer’s automatic access to a delete button remains an exception.

Article source:

State of the Art: A Camera, a Card, a Connection

Then there’s @Pogue’s Latest Law: “The more convenient a device is, the worse the audio/visual quality.”

Take the iPod, for example. Millions buy it for its convenience, despite the fact that the music files’ audio quality is usually far lower than what they would hear on a CD.

Similarly, hundreds of millions of people now take most of their photos with cellphone cameras, even though the picture quality is far worse than a real camera’s. There’s no zoom, no real flash, low resolution. You can’t photograph action without blurriness, you can’t get that soft-background look, and cameraphones are worthless in low light.

But we put up with those drawbacks, because cellphones are incredibly convenient. You always have yours with you — and, even better, you can transmit a picture or movie right from the phone. Send it to another phone, to an e-mail address, to a Web site or blog, on the spot, without even stopping at home first. That’s powerful stuff.

Nice choice, huh? You can take nice pictures that remain landlocked on the camera, or lousy ones to upload or send.

Now there’s a product that bridges that gap. You can take photos with your favorite camera, but transmit or upload them to the world from your cellphone, on the spot. It’s a memory card, of all things: The Eye-Fi Mobile X2 card ($80).

Eye-Fi cards have been around for a while. The first ones did one thing very well: they transferred photos from your camera to your computer — and online sites like Flickr or Picasa — when you’re in a Wi-Fi hot spot. (Yes, that’s right: the Eye-Fi folks have squeezed Wi-Fi circuitry onto a memory card the size of your thumbnail. Think about that too hard, and you’ll give yourself a headache.)

Eventually, the company took this feature to its logical conclusion: the bottomless memory card. If you’re in Wi-Fi, you can keep snapping photos. The card steadily backs them up to your computer or a Web site, and then deletes the backed-up photos from the card to make room for new ones. You never run out of card space.

Recent models have added geotagging (your geographical coordinates get invisibly stamped onto each photo, so you can view them later on a map online) and the ability to transfer photos in RAW format. All the cards are physically identical, though; you can buy a card intended for one purpose (like the Mobile X2), and then pay $30 each to add features from other cards. (If this all seems confusing, you’re right.)

But the Mobile X2 is the first Eye-Fi card that can perform its magic even when you’re not in a Wi-Fi hot spot.

After some setup, you put this 8-gigabyte card into your camera. (It’s an SD card, so it fits almost every camera on earth.) From now on, every time you take a photo or record a video, it gets transmitted wirelessly to your iPhone, iPad or Android phone — at full, beautiful quality and resolution. Once it’s there, you can e-mail it, text-message it, post it to Flickr or another Web site, and otherwise manipulate it exactly as though it had been born on that phone or tablet.

A photo takes 5 to 30 seconds to transfer, depending on the size of the photo file. (A video can take far longer.)

In essence, the Mobile X2 card turns any camera, from a cheap point-and-shoot to an expensive digital S.L.R., into a wireless camera. (I met one photographer who is using this card in his portrait studio. He has the card set up to fling each photo onto his iPad, so he can inspect his work on a much bigger, better screen than on his camera. It’s a pretty amazing setup.)

There are two bits of not-so-fine print, though, that you should consider before you shell out the $80.


Article source:

Bucks: Person-to-Person Payments Get Easier at Big Banks

Three of the nation’s biggest banks introduced a service that will enable their customers to move money from their checking accounts using only an e-mail address or a mobile phone number.

Bank of America, JPMorgan Chase and Wells Fargo already introduced the transfer service, called clearXchange, in Arizona, and it will roll out in more markets in coming months. It will be available nationwide within a year.

The new service will improve upon banks’ existing person-to-person payment services, and it will compete directly with PayPal, which has shuttled money between consumers for years.

But the banks claim that their new service will be more convenient because it cuts out the middle man: PayPal isn’t a bank, so you need to fund your account with money from a checking or other account. With the banks’ service, the money will be ferried directly from your checking account to the person you want to pay. And it doesn’t require you to dig around for a routing or other account number, as some services require.

“The key thing here is that you don’t have to set up any additional accounts,” said Mike Kennedy, head of payments strategy at Wells Fargo and chairman of clearXchange. “People have a primary savings and checking account with their institution and that is what they want to transact out of.”

The new service should save consumers time — though paper checks and cash still work just fine. But it’s unclear how much, if anything, it will cost. Pricing is up to each participating bank. If banks do charge for the service, you’ll have to figure out if the convenience factor makes it worthwhile.

So how will it work? Let’s say you want to pay your friend back for dinner. If you both bank at any of the institutions in the network, you can reimburse your friend in a couple of ways. You can do it on the spot with your cellphone by accessing your bank’s mobile application or mobile banking site. Or, you can do it from your bank’s Web site on your computer.

Either way, you would then enter their name, mobile phone number or e-mail address, and the amount you want to transfer. There’s also an optional “memo” field to note what the payment is for.

After you hit send, the recipient will then get an e-mail or text message that alerts them of your payment with instructions on how to make sure it lands in the correct account. The first time they use the service, they will need to register their e-mail or phone number so it’s associated with their account.

That raised several concerns in my mind: What happens if you mistype your buddy’s e-mail address or mobile phone number and the wrong person gets the message – will they be able to retrieve your money instead? Or what if someone hacks into your e-mail account and finds the note that someone wants to send you $200?

In all of those scenarios, bank executives said the potential thief would need to have your online banking user name and password. If someone did manage to break into your online banking account, they could conceivably send your money to their own account. That’s not a new threat though. If a fraud were to occur, the banks said they would refund the person sending the money as soon as possible.

Many banks already offer person-to-person payment services. At ING Direct, for instance, you can send money from your phone or your computer using the person’s name, e-mail address and the last four digits of their bank account number; you can save their information on a drop down menu for future payments. (ING customers with iPhones can also transfer money to one another by entering the amount in the bank’s mobile app and “bumping” their phones).

But the banks that are part of the new exchange argue that their service makes the process even easier, for both senders and recipients. For instance, recipients in many existing services would need to enter their routing number on the bank site of the person sending them money. In the clearXchange system, they can retrieve their money using their own bank.

The exchange hopes to lure more institutions to its service – it’s already discussing those possibilities with other big banks – which would increase the population of people who can transfer money this way. And eventually, the banks said they plan to offer the same service to customers who want to send money outside of the network.

Would you use the new service? And would you pay for it?

Article source: