Computer World Canada Magazine - September 28, 2007

: the computer World canada view
: think tank

playing the
patriot game

The controversial U.S. Patriot Act was dealt a blow this month when District Court judge Victor Marrero of New York raised the constitutionality of a provision around the issuance of national security letters.

“AMD, as I would expect it to do, is trying to spread a little FUD about their competitor’s chip partly because they beat them to market... These two vendors are constantly leapfrogging each other. And it’s always a constant race to be first to market with the latest chip.”  James Staten, principal analyst with Cambridge, mass.-based Forrester Research Inc., on the AmD-Intel quad-core rivalry 075131

National security letters (NSL) compel Internet and telecom service providers to provide customer information to the FBI - in the name of fighting terrorism. In that same provision is a gag order that prohibits service providers from informing their customers that their data have been turned over to authorities.

Marrero’s ruling (pending a Department of Justice appeal on the decision) ordered the FBI and the DOJ to stop issuing NSLs “in light of the seriousness of the potential intrusion into the individual’s personal affairs.”

This constitutional debate is seemingly a domestic affair best kept within the boundaries of our southern cousins, but it’s not that simple.

Transparency and
privacy are often
on oppposite sides, but
in debates around cross-
border data transfer,
the latter is threatened
without the former.

While the FBI can only summon customer data from U.S. companies, it can essentially direct them to provide

data from other subsidiaries of a US company, which include those located in other parts of the world. Simply put: your personal data may be crossing the border and ending up in the hands of Uncle Sam. And you may never, ever know about it.

Certain sectors in Canadian industry have chosen to present the issue for what it really is: a threat to Canadian privacy and sovereignty. Yet, there are those — perhaps those with U.S. ties and protecting business interests — who say, “It’s not going to happen.”

But it will, and it has.

The FBI (and reportedly other federal agencies like the CIA) has been issuing NSLs, or limited versions of them, as early as 1978 long before U.S. lawmakers even imagined any need for a Patriot Act.

The Patriot Act, however, expanded the use of NSLs, and between 2003 and 2005, more than 140,000 NSLs were allegedly issued without showing probable cause or judicial approval. That’s according to a report by the U.S. Justice Department’s inspector general.

To dismiss the NSLs’ threat to personal privacy as something that will never happen is

irresponsible, especially from entities that are custodians of personal information.

The reported abuses associated with the all-too-powerful provisions of the Patriot Act have gained too much prominence that it can no longer be swept under the rug. Nor should it be.

Transparency and privacy may often belong in the opposite sides of the scale, but in the debate surrounding cross-bor-der data transfer, the latter is threatened without the former.

It is best to keep customers in the loop especially on issues pertaining to their personal data, as they are likely to be more forgiving of their service providers should things go sour in the end. By making lawful

disclosure, or the possibility of it, part of discussions with customers, service providers are doing their due diligence.

Public Safety Canada has started discussions on the possibility of giving law enforcement units “timely access” to service providers’ subscriber information. The consultation document makes no mention of a need for court order when obtaining customer name and address information.

The specifics of this initiative is far from definite, but one thing is certain: if such legislation is passed, Canadian firms — with or without American ties — may get a sneek peek of what it’s like to operate a business with the Patriot Act looming over their heads.

This is also an ideal time to take a look at all of the technology both companies are using, both HP and Lenovo waited until late to get rid of a lot of the out-of-date operational technology the companies were using and that hurt both a lot. Particularly in the case of HP and the PC Company side of Lenovo, updating the core operations technology was critical to the success both firms are experiencing now.”  analyst Rob Enderle on what Acer should do following its buyout of Gateway 079378

“You can teach them not to click on attachments,” he says. “But if you have legitimate attachments, and don’t have technology in place for filtering, then that’s kind of pointless advice.”  Johannes B. Ullrich, CTO for the SAnS Internet Storm Center, on security training 077117

“We need to take whatever limited security dollars we have and spend them in the most expeditious and efficient manner until we run out of that money...If there are certain types of attacks and threats that you can stop at a single or two or three choke points or entry points Gartner feels that is not a bad way — in fact, in many cases it’s a good first step — of deciding where you make your security investments.”  Jeffrey Wheatman, Gartner analyst, on the Jericho Forum about firefalls 076955

: blogosphere By Briony Smith staff writer, Computer World Canada bsmith@itworldcanada.com

can you see the future in your palm?

earlier this summer, Palm announced the upcoming release of the Foleo, a PDA “mobile companion” that was like a mini-laptop, but just before it was supposed to ship, a company blog

post from CeO Ed Colligan (citing a need to concentrate on improving Palm’s rickety old OS) shut it all down (http://blog. palm.com/palm/2007/09/ a-message-to-pa.html).

om malik of GigaOm weighed in on the Foleo’s demise (http:// gigaom.com/2007/09/05/foleo- is-dead): “Seldom in history has a device gone from being center-stage at a premium technology conference to the garbage bin as Palm’s ill-conceived Fo-leo…It is a disk-less device that needs constant connectivity to be useful.” The company was partially bought out by private equity firm elevation Partners (who purchased a quarter of the company for $325-million),

and it also busted out the new windows mobile 6-powered Treo, the 500v, in the emeA. Over at Barron’s’ Tech Trader Daily ( http://blogs.barrons.com/tech- traderdaily/2007/09/13/palm- deal-cleared-by-shareholders-but-products-are-still-the-key), TiErnan ray quoted uBS analyst maynard Um on the importance of snazzy products in going forward: “we still see new products as key to the future of the company. Although elevation Partners brings some design

experience to Palm, visibility to and ramp of these new products will take time. In the interim, products such as the recently launched and competitively-priced Treo 500v, combined with cost rationalization, may give Palm some time.” And Palm’s been filling it with the upcoming Palm OS-powered Sprint “ Cen-tro,” it seems. The third member of Palm’s OS family, linux, was slated for some new Treos, but these plans have now been shelved until 2008.