I’ve written previously about China working to censor citizens’ Internet use, including its current attempt to require that all computers sold there come preinstalled with Web-filtering technology. Today, the Wall Street Journal reports on Iran’s efforts to censor its citizens’ Internet use.

The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world’s most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale.

Interviews with technology experts in Iran and outside the country say Iranian efforts at monitoring Internet information go well beyond blocking access to Web sites or severing Internet connections.

Instead, in confronting the political turmoil that has consumed the country this past week, the Iranian government appears to be engaging in a practice often called deep packet inspection, which enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes, according to these experts. Read more »

The Financial Times discusses social networking sites and privacy in a recent editorial.

So it is to be welcomed that Europe’s data-protection commissioners have decided that a new regulatory framework is needed to protect privacy in this new world. Facebook, which has emerged as the leader in this open social web, has shown encouraging signs of grappling with these issues, for instance, by giving its users more controls over how their information is shared. At times, though, that has only come after loud complaints from users, and the trial-and-error approach of one company needs the backing of a coherent framework of regulation. Read more »

The city of Bozeman, Montana, had a policy requiring that job applicants hand over their passwords to social networking sites. The recent uproar over the privacy-invasive policy has caused an about-face (pdf) by the city, CNet News reports:

The city of Bozeman, Mont., has rescinded its long-standing policy that job applicants provide user names and passwords to social-networking sites such as Facebook and MySpace. [...]

The city stopped the practice as of midday Friday, until it “conducts a more comprehensive evaluation of the practice,” the release said.

Bozeman, which is about 100 miles north of Yellowstone National Park, found itself in the international spotlight this week when the local media reported that the city government’s background check included evaluating job candidates’ suitability based on their social-networking site postings. The city had been doing so for a few years.

The background check form stated: “Please list any and all current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.”

The Washington Post has a profile of Tim Sparapani, who left the ACLU a couple months ago to become a lobbyist for Facebook. Tim is a friend as well as a colleague whom I respect. I hope that he will continue his strong fight for privacy rights in his new position at Facebook.

As a prominent privacy advocate, Timothy Sparapani, former senior legislative counsel for the American Civil Liberties Union, argued that Internet companies have too much control over consumers’ data. The self-described “privacy zealot” didn’t join Facebook until seven months ago because he was uneasy about revealing personal information on the site.

Now Sparapani is responsible for shaping Washington’s view of Facebook, the world’s third-most-viewed site with more than 200 million users, and the privacy policies that will define its business. It’s a sign that one of Silicon Valley’s most influential companies wants to cultivate influence in Washington, and much earlier than its tech titan predecessors Google and Microsoft.

The New York Times has a good article cautioning people to be careful what sites they give their e-mail addresses, as that can lead to their contact lists being scraped for friends’ e-mail addresses.

That’s when I started doing everything wrong. I obligingly typed in my e-mail address and a password to see those photos. Well, the photos didn’t exist, but I had unwittingly given the site “permission” to go through my entire e-mail contact list and send a message to everyone, inviting them to see my “photos.”

I found this out only when I started receiving e-mail back from people agreeing to be my friend. I quickly realized what had happened and shot off an apologetic message explaining why I inadvertently spammed them. [...]

This wasn’t along the lines of someone stealing my bank account information or Social Security number, but I was annoyed and embarrassed. Read more »

Wired News reports on a class-action lawsuit filed concerning a 2006 data security breach tied to the Department of Veterans Affairs. In May 2006, an unencrypted laptop and hard drive containing sensitive data on 26.5 million current military personnel, veterans, and their spouses were stolen from a Veterans Affairs’ employee’s home.

Wired reports:

The 11th U.S. Circuit Court of Appeals, in largely dismissing a class-action, ruled Wednesday that the veterans could recoup at least $1,000 under the Privacy Act if they could show financial damages, not mental anguish. Read more »