Digital Media

Here's the story. Or at least most of it.

Some 19 years ago, a man in Germany, together with his half brother, reportedly murdered an actor named Walter Sedlmayr. The man was convicted and served 15 years in jail.

Now he is free. And, according to Wired, he has exercised that freedom by instructing lawyers, the elegantly named firm of Stopp and Stopp, to sue Wikipedia.

The lawsuit claims that German privacy law, designed to help criminals re-integrate into society, prevents the man being named in association with Walter Sedlmayr's murder.

Wired quotes Jennifer Granick from the Electronic Frontier Foundation as saying that the lawyers are not only demanding that publications change whatever they write now, but that online archives must endure revision, too.

In writing to Wikipedia, the lawyers offered a very interesting approach: "As your article deals with a local German public figure (such as the actor Walter Sedlmayr), we expect you are aware that you have to comply with applicable German law."

Well, gosh, perhaps not everyone realizes when they mention, say, Boris Becker or that interesting actress who was in the first of the Bourne movies, that one is subject to German law when one does so.

Geek.com quotes the Electronic Frontier Foundation as adding: "At stake is the integrity of history itself. If all publications have to abide by the censorship laws of any and every jurisdiction just because they are accessible over the global Internet, then we will not be able to believe what we read, whether about Falun Gong (censored by China), the Thai king (censored under lèse majesté) or German murders."

(Credit: CC Schoschie/Flickr)

You might be wondering why I have not mentioned this German murderer's name. You see, as I write, I am reminded that the world seems to revel in the persona of murderers. In some slightly twisted way, they become figures of fascination.

I have a strange suspicion that the more the name of Walter Sedlmayr's murderer is mentioned, the more famous he will become. And the more famous he will become, the more money he might be able to make from the fame he claims not to desire.

So I am conducting a fame-reduction experiment. Moreover, I know that everyone who chooses to discover his name can do so in a myriad of ways.

I wonder how many people tried to access information about this man who murdered the German actor Walter Sedlmayr and how many people have done so in recent days.

I also wonder how Wikipedia will choose to respond to this interesting and rather revisionist-minded lawsuit. At the time of writing, the full names of both murderers are still there in the Wikipedia entry for Walter Sedlmayr.

However, the Wikipedia Administrators' noticeboard has a spirited discussion about all aspects of the case.

The solution proposed by a poster called Zara 1709 on the noticeboard is to "remove the full name from the article and the article talk page, but leave in the edit history of the article and the talk page. We would even have some sources that mention the full names in the reference, simply because they provide other, relevant information, too."

The precedent for this is the so-called Star Wars kid case, in which a 14-year-old Canadian boy waved around a golf-ball retriever like a lightsaber and then endured painful taunts, leading to an equally painful lawsuit.

Zara1709 noted that: "It is quite important to point out that, on Wikipedia, regard for people's privacy applies to criminals and former criminals, too."

However, another poster, Baseball Bugs, dissented: "There is no justification whatsoever for censoring the names of the killers. The notability argument is bogus, there is no privacy or BLP issue, and the 'doing harm' argument is crystal-ball and thus is irrelevant. And some anonymous German judge has no jurisdiction over Wikipedia."

In reading all this, I am left with the words that were often drubbed into me by teachers: "History is written by the winners."

So if this German request succeeds, might some consider that the winner is Wolfgang Wehrle, the man who, with his half brother Manfred Lauber, murdered Walter Sedlmayr 19 years ago? Dash it, I couldn't help myself. I hope I'm not causing undue work for some future editor.

Harriet Pearson, chief privacy officer, IBM

(Credit: IBM)

Harriet Pearson once joined a petition signed by Facebook users, urging the social-networking site to do more in terms of privacy.

But the privacy expert considers herself a moderate when it comes to protecting her personal information.

Pearson, IBM's chief privacy officer for the past nine years and also its security counsel since last year, says each person needs a mental model to assess the benefits or risks associated with providing personal data. In the same way, she said, governments ought to be thoughtful when drafting policies and laws on data protection.

In town recently for Singapore's annual GovernmentWare conference, Pearson sat down with ZDNet Asia to discuss data protection legislation, the need for a balanced view regarding data breach notification, and why Asian regulators should not "photocopy" European law books.

Read more of "Asia's lawmakers need not copy Europe" at ZDNet Asia.

Twitter posted changes to its terms of service Thursday, assuring users that they own their tweets while leaving "the door open for advertising" opportunities.

"The revisions more appropriately reflect the nature of Twitter and convey key issues such as ownership," Twitter co-founder Biz Stone wrote in a company blog. "For example, your tweets belong to you, not to Twitter."

In announcing the new terms of service, Stone also addressed the topics of abusive behavior and spam. These are four highlights Stone called out:

Advertising--In the Terms, we leave the door open for advertising. We'd like to keep our options open as we've said before.

Ownership--Twitter is allowed to "use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute" your tweets because that's what we do. However, they are your tweets and they belong to you.

APIs--The apps that have grown around the Twitter platform are flourishing and adding value to the ecosystem. You authorize us to make content available via our APIs. We're also working on guidelines for use of the API.

Spam--Abusive behavior and spam are also outlined in these terms according to the rules we've been operating under for some time.

The prominence of the advertising revision seems to suggest that the microblogging start-up is warming up to an advertising-based model, a dramatic change from comments Stone made in May.

"There are a few reasons why we're not pursuing advertising--one is it's just not quite as interesting to us," Stone said at the Reuters Technology Summit.

Certainly the ownership message is designed to avoid the user backlash created by a revision to Facebook's terms of use that some interpreted to mean that Facebook claimed ownership of user profile data and photos.

Google must be used to having its neutrality questioned by now. However, when the alleged home of neutrality comes after you, perhaps you wonder if all this questioning of your motives is ever going to stop.

Not so long ago, it was the Greeks who decided they weren't too happy with Street View's prying artificial eyes. Now, according to the Associated Press, it's the Swiss who are getting nervous about their much vaunted (and much-profited from) privacy.

Hanspeter Thuer, the federal data protection commissioner of Switzerland, accused Google of not doing enough to blur faces and license plates. And he demanded that "Google immediately take its Google Street View online service off the Internet."

Ah, Switzerland. I have no reason to believe the man on the bike is a member of Parliament.

(Credit: CC Robert Thomson/Flickr)

A Google statement to the Associated Press said that the company would discuss the matter further with the authorities in order to "demonstrate our industry-leading applications for protecting the private sphere."

Perhaps the most interesting snippet of this governmental request is that it appears to coincide with the Swiss newspaper NZZ espying a member of Parliament, Ruedi Noser, on Street View in the company of a lady who was not his wife, but was, praise be, his assistant.

Noser's reaction was charming in the extreme: "There is probably no problem for my wife, as you could also recognize my companion in the picture." Somehow, the use of the word "probably" offers a hearteningly realistic view of humanity on the part of the Parliamentarian. I think he will go far with such a sanguine view of the world's workings.

Whenever countries in Europe raise objections such as these, it appears that Google finds an appropriately European solution: discussions and talks, followed, no doubt, by the parsing of a few nuances, until the issue seems to recede from the public eye.

Then the Google eye can happily go back to work.

A group of Facebook users filed a civil lawsuit Monday that alleges the social-networking site is violating California consumer privacy laws.

The lawsuit, which was filed in California's Orange County Superior Court on behalf of five users, seeks a jury trial, as well as damages and attorneys' fees. The five plaintiffs are described as two children younger than 13, a user of the original Facebook, a professional photographer, and an actress and model.

The 40-page complaint accuses the Palo Alto, Calif.-based company of violating California privacy and online privacy laws by disseminating private information to third parties for commercial purposes.

"Plaintiffs and the general public desire and expect a level of privacy, which Facebook has failed to satisfy under its current policies, procedures, practices, and technology," the complaint states.

A Facebook spokesman declined to comment on the specifics of the lawsuit other than to say, "We see no merit to this suit and we plan to fight it."

The plaintiffs' attorney did not immediately respond to a request for comment.

Facebook is no stranger to privacy controversy. In July, an investigation by Canada's privacy commissioner suggested Facebook is unconcerned with members' privacy and called on it to do more. Commissioner Jennifer Stoddart expressed concern that while it's easy for members to deactivate their accounts, it's less clear on how to actually delete them. Facebook could therefore retain member data from deactivated accounts for an indefinite period of time in violation of Canadian privacy law.

The social network went through a user backlash over the introduction of its News Feed in 2006, and a bigger one over the controversial Beacon advertising program. More recently, a revision to Facebook's terms of use prompted consumer advocacy blog The Consumerist to highlight language that it said meant that Facebook claimed ownership of user profile data and photos.

Ever since ad-supported music service SpiralFrog shut its doors in March, former users have complained about receiving a glut of spam.

"SpiralFrog seems to have sold their members' e-mail (addresses) to spammers," a CNET reader commented in response to a May story about some of the company's struggles. "I signed up for the service with a unique e-mail address. As soon as the service shut down, I started getting massive amounts of spam sent to that address. Anyone else have this problem? Pretty slimy."

It's still unclear how many spammers obtained a list of e-mail addresses belonging to about 2.5 million registered users of the now-defunct service, as well as how they all obtained the addresses. But it is clear that at least one company obtained the e-mails by paying a former SpiralFrog salesman $8,500, CNET News has learned.

SpiralFrog CEO Joe Mohen authorized former employee Tim Bieber to sell customer e-mails with no privacy restrictions. Bieber's address has been redacted from this document.

(Credit: Greg Sandoval/CNET)

A review of SpiralFrog's documents provided by a start-up that purchased the e-mail list shows that SpiralFrog's founder and CEO, Joe Mohen, authorized the sale days before creditors took control of the company's assets on March 13, 2009. Leading up to the sale, Mohen gave the list to Tim Bieber, a former SpiralFrog salesman, as compensation for back wages the company owed him, records show. Mohen did this despite SpiralFrog's promise to protect users' privacy.

"SpiralFrog will not share, sell, or trade personally identifiable information collected at the site with third parties, except as described in this privacy policy," the company said in its privacy agreement. "On a confidential basis only, SpiralFrog may share personally identifiable information collected at the site with corporate affiliates, consultants, or third parties performing a specific service or function on our behalf."

Documents show the sale of the addresses had nothing to do with a company working on SpiralFrog's behalf. Indeed, the sale took place weeks after the music service shut down. Mohen acknowledged to CNET News that there wasn't anything in his agreement with Bieber to prevent the former salesman from selling the list as many times as he wanted, to whomever he wanted. Bieber did not respond to numerous interview requests.

"The users who signed up with SpiralFrog were given the clear impression that their e-mail addresses would not end up in the hands of spammers," according to a former SpiralFrog employee with knowledge of the sale, who spoke on condition of anonymity. "Companies routinely promise to protect privacy and very rarely break it. SpiralFrog kept its promise until the day before shutting down."

In 2000, Arizona Sen. John McCain called for legislation that would prevent bankrupt Web stores from selling their customers' personal information without their knowledge.

(Credit: Greg Sandoval/CNET Networks)

In two interviews with CNET, Mohen acknowledged that in March, he "licensed" the user data. Mohen told CNET in June that to the "best of my recollection," the licensing deals complied with SpiralFrog's privacy agreement. Last week, however, Mohen said the agreement he had with Bieber, based in Vancouver, British Columbia, did not go far enough to protect customer privacy.

"In retrospect, I should have added tighter language to that agreement," Mohen said a week ago. "In the later days of the company, Tim Bieber was owed money by the company, and I struck an agreement with Tim to avoid litigation. To satisfy the liability, I licensed to Tim the user database."

Plenty of consumers suspect retailers of secretly sharing their information, but because of the shadowy way in which spammers conduct their business, tracking down the responsible party is nearly impossible. And once an e-mail list falls into the hands of spammers, it can be sold and resold.

Internet users often go to great lengths to protect their e-mail addresses from spammers. The history of the Web, however, shows that for dying start-ups, the temptation is to look upon the data as just another asset to be liquidated. The situation at SpiralFrog is similar to one that occurred when the dot-com bubble burst in 2000.

Nine years ago, CNET News reported that three dot-com failures, including Disney-backed Web store Toysmart.com, tried to auction off customer data the companies once promised never to share, such as credit card data and phone numbers. Members of Congress, including Arizona Sen. John McCain, argued that bankruptcy didn't give companies the right to break promises to consumers.

The Federal Trade Commission sued Toysmart and eventually blocked the sale. As part of a settlement, Disney agreed to purchase Toysmart's customer information for $50,000 and then destroy it.

Authorizing the sale
The sale of SpiralFrog's user data began sometime around March 27, when Bieber approached executives at the start-up that purchased the list, according to that company's attorney.

The start-up's lawyer, who has asked to remain anonymous, said that after wiring $8,500 to Bieber on March 31 to obtain the user e-mail list, the company has not shared or sold SpiralFrog's user information with anyone, and it has obeyed all laws in acquiring the list. To prove his point, the attorney said that when Bieber first approached the start-up about selling SpiralFrog's user addresses, executives there wanted proof that he was authorized to sell the list.

That wasn't a problem. Bieber had asked Mohen for written authorization two weeks earlier, documents show.

"Joe, I'll be needing something simple in writing from you authorizing me to (be) selling this database as part of remuneration," Bieber wrote in an e-mail dated March 12, the day before creditors took control of SpiralFrog. "So far, the list is useless without some paper authorizing its resale--even loose paper explaining the nature of how I came across the list...You dig. Let me know ASAP."

Click the image above to read our story on how a fractured management hurt SpiralFrog

Mohen then gave him rights to use the list "for commercial purposes on a nonexclusive basis" for six months. Bieber forwarded the document to the start-up that purchased the list. In addition, the start-up's executives met in New York with Mohen, who confirmed that Bieber had the right to sell the list, the start-up's attorney said.

It is unclear whether Bieber distributed the list to anyone else.

Mohen said SpiralFrog had stopped paying employees sometime in November 2008 and that Bieber had worked for an extended period without receiving compensation. On February 26, 2009, Bieber wrote Mohen that he was prepared to take legal action, if he wasn't paid.

"Joe, hope (you) got good news from your conference call last night. I file a lawsuit next week naming (SpiralFrog) and 3V (the hedge fund that loaned SpiralFrog money for nearly two years), unless you provide me with funds and a payment schedule by end of week...I'm hanging by (the) ends of my fingernails."

Editors' note: Go here to read some copies of SpiralFrog's correspondence.

(Credit: Google)

Google should promise to protect the privacy of consumers with its Book Search service, the ACLU, Electronic Frontier Foundation and Samuelson Law Technology & Public Policy Clinic at UC Berkeley Law said in a letter to the search giant on Thursday.

"Under its current design, Google Book Search keeps track of what books readers search for and browse, what books they read, and even what they 'write' down in the margins," the groups wrote in a letter (PDF) to Google Chief Executive Eric Schmidt.

"Given the long and troubling history of government and third-party efforts to compel libraries and booksellers to turn over records about readers, it is essential that Google Books incorporate strong privacy protections in both the architecture and policies of Google Book Search," the letter said. "Without these, Google Books could become a one-stop shop for government and civil-litigant fishing expeditions into the private lives of Americans."

In 2006, the U.S. Attorney demanded that Amazon turn over book purchase records of 24,000 customers, the groups said in an e-mail statement.

Specifically, the groups are calling for Google to promise to respond only to properly issued warrants from law enforcement and court orders and notify readers if information about them has been requested; allow readers to search and browse anonymously; give readers control over their purchases and data and prevent others from viewing their activities; allow readers to give books to others without tracking; tell readers what information is being collected and maintained and why data has been disclosed if it has.

Google also should keep search log information for no longer than 30 days and agree not to share reader activity with third parties or link data collected about use of Book Search to any other Google services without user consent, the groups said.

A Google Books representative said it's premature for Google to say what its privacy policy will be, but that Google will continue to discuss the issues with advocates.

"We have a strong privacy policy in place now for Google Books and for all Google products. But our settlement agreement hasn't yet been approved by the court, and the services authorized by the agreement haven't been built or even designed yet," Dan Clancy, engineering director for Google Books, wrote in a blog post on Thursday.

"That means it's very difficult (if not impossible) to draft a detailed privacy policy," he wrote. "While we know that our eventual product will build in privacy protections--like always giving users clear information about privacy, and choices about what if any data they share when they use our services--we don't yet know exactly how this all will work. We do know that whatever we ultimately build will protect readers' privacy rights, upholding the standards set long ago by booksellers and by the libraries whose collections are being opened to the public through this settlement."

Google has negotiated deals with publishers for current works and is also digitizing public-domain works. For out-of-print books still protected by copyright, the company reached a $125 million proposed settlement with U.S. publishers and authors that awaits court approval.

Critics complain that the deal, which is scheduled to be implemented in October, would effectively give Google a monopoly over books that are in copyright but out of print. Google argues that the agreement will make millions of books hidden on library shelves more accessible and give publishers and authors a new opportunity to profit from them.

Earlier this month, the U.S. Department of Justice said it was launching a formal investigation into the proposed settlement. And European Union regulators are also taking a close look.

A coalition of advertising industry trade groups have agreed on new guidelines for privacy related to behavioral targeting on the Web. Officially released on Thursday and expected to go into effect early next year, the set of principles concern what advertisers can do with personal data collected in order to zero in on target audiences.

The groups involved are the American Association of Advertising Agencies (4A's), the Association of National Advertisers (ANA), the Direct Marketing Association (DMA), and the Interactive Advertising Bureau (IAB).

The guidelines take the form of seven principles, ranging from a commitment to better consumer education about behavioral targeting, to a focus on keeping potentially sensitive data secure.

"Consumers deserve transparency regarding the collection and use of their data for behavioral advertising purposes. I am gratified that a group of influential associations--representing a significant component of the Internet community--has responded to so many of the privacy concerns raised by my colleagues and myself," Federal Trade Commission (FTC) commissioner Pamela Jones Harbour said in a release.

"These associations have invested substantial efforts to actually deliver a draft set of privacy principles, which have the potential to dramatically advance the cause of consumer privacy. I commend these organizations for taking this important first step."

Lawmakers have paid close attention to the evolution of online behavioral targeting over the past few years, especially as the vast amount of personal data on social networks makes it possible for advertisers to target more and more specific niches. Some have even suggested that behavioral targeting should be opt-in by default.

Last month, several subcommittees of the U.S. House of Representatives Committee on Energy and Commerce hosted a hearing about behavioral ad standards, and executives from companies like Facebook, Yahoo, and Google testified. At least one of those companies has come out publicly in support of the new guidelines.

"One of the key strengths of the principles is the fact that they apply to a broad range of companies participating in online advertising--advertisers, publishers, and ad networks," a post about the new measures on Google's public policy blog read.

Facebook plans to announce at a developer event Monday that it will open up user-contributed information to third-party developers, according to a report Sunday in The Wall Street Journal.

The move would allow developers to build applications and services that--with users' permission--access user videos, photos, notes, and comments. The move would be a significant change for the social-networking site, which had previously retained tight control over the site and how developers interact with it.

To allow developers to take advantage of the free feature, Facebook users would have to give the companies access to their data, and users' privacy settings would extend to new services built, according to the report.

Allowing developers to track shared data would be another salvo in its assault on micro-blogging site Twitter, which allows third-party developers to build applications and services on top of its service.

The move seems a continuation of APIs (application programming interfaces) Facebook launched in February that let developers access content and methods for sharing in Facebook apps including Status, Notes, Links, and Video.

Of course, all this hinges on persuading Facebook's 200 million users to share their personal data, a topic that ruffled some feathers in February. Facebook users threatened to revolt after the company announced changes to its terms of service that had meant that its license on user content--a longstanding but little-publicized claim to an "irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license" for promotional efforts--would no longer expire if a member deleted his or her Facebook account.

But facing a rebellion from thousands of users and a possible federal complaint from the Electronic Privacy Information Center, the social-networking service returned to its previous terms.