Category: Regulations

The bill would provide notice to consumers, telling them which retailers lost their credit or debit card information, and when the information was lost. It would require retailers responsible for data breaches to assume all costs of consumer notification and card replacement. It also would require retailers to follow key provisions of the payment card industry data security standards to ensure proper retention and protection of credit and debit card information. “Passage of this legislation is a great example of credit union teamwork and demonstrates the strength of our comprehensive advocacy efforts,” California Credit Union League President and CEO Bill Cheney said in a statement. “It is extremely gratifying to credit unions that the state Senate has approved the bill by such an overwhelming margin.”

The California Retailers Association opposes the bill. The group took out a political ad in the Sacramento Bee, with support from the California Bankers Association. It claimed that credit unions are exempt from the data security provisions.

The CCUL said they already meet those requirements under existing laws.

The full text of the bill is available online through the California Legislature’s Web site.

http://www.darkreading.com/document.asp?doc_id=133382

The minister was addressing a press conference a day after the federal cabinet approved the Prevention of Electronic Crime Bill 2007. The Federal Investigation Agency (FIA) has been given the mandate to probe
cases falling under the preview of the e-crime law.

Awais Leghari said the proposed law titled as Prevention of Electronic Crimes Bill 2007 offers penalties ranging from six months to 10 years of punishment for 17 types of cyber crimes, including cyber terrorism,
hacking of websites and criminal access to secure data. Thirteen of the crimes listed under the law are bailable.

http://www.paktribune.com/news/index.shtml?187463

“In essence, the way the laws are phrased now, there is no way to ever comply… even as a non-security company,” says researcher Halvar Flake, a.k.a. Thomas Dullien, CEO and head of research at Sabre Security. “If I walked into a store now and told the clerk that I wish to buy Windows XP and I will use it to hack, then the clerk is aiding me in committing a crime by [selling me] Windows XP,” Dullien says.

“The law doesn’t actually distinguish between what the intended purpose of a program is. It just says if you put a piece of code in a disposition that is used to commit a crime, you’re complicit in that crime.”

Dullien says his company’s BinNavi tool for debugging and analyzing code or malware is fairly insulated from the law because it doesn’t include exploits. But his company still must ensure it doesn’t sell to “dodgy” customers. Thierry Zoller, security engineer for German security firm n.runs, says he has removed his homegrown Bluetooth hacking tool, and renowned PHP researcher Stefan Esser earlier this month took down all of the proof-of-concept exploits he had developed for the Month of PHP Bugs in March.

It’s unclear whether the long arm of the German law could reach them, so some aren’t taking any chances: The exploit-laden Metasploit hacking tool could fall under German law if someone possesses it, distributes it, or uses it, for instance.

“I’m staying out of Germany,” says HD Moore, Metasploit’s creator and director of security research for BreakingPoint Systems. The law basically leaves the door open to outlaw any software used in a crime, notes Sabre Security’s Dullien.

Interestingly, German lawmakers met plenty of expert resistance to the computer crime law reforms — but passed them anyway. Lindner says he told officials that the German implementation of the EU Cybercrime Convention — from which the law originated — is not in line with the EU version, which excludes security industry, academic, and private security research. Dullien says he thinks legislators were pressured to pass a new law because the old one was flawed. “And they had to implement the EU directive on cybercrime, making it illegal to provide software whose ‘principal purpose’ is committing a crime,” he says.

The law, which went into effect on August 10, mandates fines or prison sentences for any person who violates 202a or 202b “by providing access to, selling, acquiring, leaving at the disposition of someone, distributing or otherwise making accessible” passwords or access control information.

http://www.darkreading.com/document.asp?doc_id=132255

In a new case not covered by the report, a senior Malaysian minister vowed this week to apply law prescribing jail terms for Web writers of comments said to disparage Islam or the king.

In a speech to the OSCE parliament on Thursday, Kazakh Information Minister Yermukhamet Yertysbayev insisted Kazakhstan was determined to build democracy and create an “e-government” expanding Internet service and making “our media more free, contemporary and independent”.

The OSCE report said Kazakhstan’s state monopoly on Internet providers tended to deter use by making prices for all but very slow and limited dial-up service far higher than those for West Europeans even though Kazakh incomes are much lower.

http://news.com.com/Study+Internet+censorship+spreading/2100-1028_3-6199294.html?tag=nefd.top

The Data Retention (EC) Regulations (draft; the final Regulations were unavailable at time of writing) were approved by the House of Lords on Tuesday and signed into law by Home Secretary Jacqui Smith on Wednesday.

“Communications data, such as mobile phone billing data, have a proven track record in supporting law enforcement and intelligence agency investigations and are a vital investigative tool,” said Lord Bassam of Brighton, who proposed the adoption of the Regulations this week in the House of Lords. “Without this data, the ability of the police and the Security Service painstakingly to investigate the associations between those involved in terrorist attacks and those who may have directed or financed their activity would be limited,” said Bassam. “The police and the Security Service’s ability to investigate terrorist plots and serious crime must not be allowed to depend on the business practice that happens to be employed by the public communications provider that a particular suspect, victim or witness used.

The Home Office conducted a consultation on the regulations with the public and industry and said the telecoms industry told it that the collection of internet data was too complicated to be include in the current rules.

“Many respondents felt that the complexity surrounding the internet make the draft regulations an inappropriate framework for implementation of the internet aspects as this would present particular technical and resourcing issues,” said a Government response to the public consultation.

http://www.theregister.co.uk/2007/07/27/data_retention_law_passed/

“This proposed legislation is a firm step in the right direction in updating our identity theft laws to meet the needs of investigators and prosecutors who are working daily to punish identity thieves, and help victims put their lives back together,” Attorney General Alberto Gonzales said in a statement.

Deborah Platt Majoras, chairman of the Federal Trade Commission and co-chair of the president’s Identity Theft Task Force with Gonzales, said the bill would enhance law enforcement’s ability to crack down on identity theft.

http://www.internetnews.com/bus-news/article.php/3689936