The Canadian military and US security agencies are collaborating on a joint effort to increase security for BlackBerry devices. Defense Research and Development of Canada, the Canadian Communications Security Establishment, and the US National Security Agency are taking part in the one-year security development project. The project's primary focus is to protect communications so that people can use BlackBerry technology to safely transmit sensitive information.

According to research released in early March by RSA Security, more than one-third of businesses with wireless networks are vulnerable to hackers physically outside their buildings. The study estimates that wireless networks are growing at an annual rate of 66 percent in Europe, and found that 38 percent of New York businesses are vulnerable. John Worrall, vice president of worldwide marketing at RSA Security, said that potential hackers can simply walk down the street sniffing for wireless open systems, and that many businesses failed to take basic security precautions such as reconfiguring default network settings. Worrall said RSA Security has been conducting the survey for four years, with no signs of improvement.

Australia's Department of Communications, Information Technology, and the Arts (DCITA) has called for the technology industry to develop Australia-specific information technology security skill certification. The first step is to award a contract to create a "state of plays" report detailing different views on market needs. This contractor will then present the report to interested stakeholders at a one-day workshop in Sydney on 15 June 2005. Following that, the contractor will work with stakeholders to develop a common approach to certifying and accrediting security skills. DCITA expects consultancy costs to be no more than AU$95,000 (US$74,780).

Dell, Hewlett-Packard, and IBM have started selling desktop and laptop computers with security hardware, but users won't be able to fully use it until Microsoft finishes its Longhorn version of Windows, scheduled for release in 2006. As hardware vendors pull ahead of Microsoft, the Trusted Computing Group has had to rely on other software providers to demonstrate new security hardware's potential. IDC estimates that security hardware sales will jump from 8 million computers in 2004 to 20 million in 2005. The hardware allows for faster cryptography and partitioning memory so malicious programs can't interfere with other programs.

David Omand, a former head of Britain's Government Communication Headquarters (GCHQ), speaking at a defense conference at Chatham House in London, said Al Qaeda affiliates are training for cyberattacks against the United Kingdom, possibly targeting critical economic, medical, and transportation networks. Although the intelligence community is generally reluctant to discuss threats to national security, the UK's reliance on civilian private sector networks requires all businesses to participate in national security and harden their networks. No real act of "cyberterrorism" has occurred, but Omand argues that the vulnerabilities must still be addressed, especially in such critical infrastructures as electrical grids and financial networks.

Sybase Inc. is drawing mixed reactions for threatening to sue Next Generation Security Software (NGS) if it publicly discloses the details of eight security holes it found in Sybase's Adaptive Server Enterprise (ASE) software version 12.5.3 in 2004. NGS initially disclosed the flaws to Sybase, who released an updated version of the software in February 2005. Sybase defended its actions, saying the company does not believe publicizing the details would be in the best interest of its customers.

Xinhua news agency reports that China will enact new Internet restrictions during its annual parliamentary session. The new regulations will likely include 24-hour chat room monitoring, with messages being censored and filtered before they appear on the Internet. Qin Rui, deputy director of China's Public Information and Internet Security Supervision Bureau, says that although China embraces the Internet for its economic benefits, the country must ensure that people with "ulterior motives" don't exploit it. China shut down over 1,200 cybercafes in 2004, and the nation's number of Internet users is expected to grow to 120 million in 2005.

US Senators Conrad Burns and Ron Wyden, who coauthored the 2003 CAN SPAM Act, have introduced anti-spyware legislation. The bill, known as the Spy Block Act, is based on the premise that computer owners should control what's installed on their machines, and would prohibit misleading inducements to install software. It would also prevent spyware from resisting user efforts to uninstall or disable it, and ban such software from collecting and transmitting user information without consent. The bill would also prevent spyware from generating ads without identifying itself as the source, and would establish criminal penalties for particularly egregious and intentional acts. It would, however, protect anti-spyware providers acting in good faith from lawsuits.

South Korea's Presidential Committee on Government Innovation and Decentralization has announced plans to make all civil administration documents, including fine payments, legal documents, and petition filings, available online. Law enforcement agencies and the courts will also be able to handle evidence collection, arrest warrants, sentencing, and other legal processes over the Internet. A task force is working with the Ministry of Justice, police, prosecutors, and the courts to develop a plan by November 2006, and will expand the system to include the National Tax Service and the Korea Customs Service by November 2007. The system should reduce costs and speed information processing, and will require changes in applicable laws to let legal documents be transferred via Internet servers.

British Prime Minister Tony Blair asked the Queen to dissolve Parliament on 5 April 2005, triggering a general election on 5 May. The move sacrifices legislation still before the House, including the controversial national identity card bill. For the bill to be approved before the election, the legislation would have needed cross-party support. However, Tory leader Lord Strathclyde announced in April that his party would not support the identity card legislation in its present form.

Japan's Personal Information Protection Law (PIPL), which took effect 1 April 2005, forces any company with offices in Japan that holds personal data on 5,000 or more individuals to comply with new rules for handling that data. PIPL defines personal data as a person's name, address, date of birth, sex, phone number, or email address (if it's recognizably the person's name); the 5,000 minimum includes employees. PIPL says companies must designate a corporate privacy officer and establishes fines of up to ×300,000 (US$2,804) or jail sentences of up to six months for the CPO or data handlers who don't comply with these guidelines. Among the rules, companies must specify why they're collecting information, as well as protect data from being leaked or stolen.

A ruling by the District Court in Stuttgart, German Internet service providers could be forced to provide customer data to law enforcement agencies without a court order. Police asked telecommunications company T-Online, the German subsidiary of T-Mobile, to provide details of an unknown customer suspected of trading pornography, when all the police had was an IP address. When T-Mobile refused, arguing that a court order was mandatory under the German Telecommunications Act, the court ruled that sufficient reason existed to believe that the person using the IP address was responsible for distributing pornography. It's unclear what this ruling's ramifications will be; court decisions on such matters have been mixed.

Microsoft recently filed 117 lawsuits against anonymous phishers. The company said it's filing the lawsuits as an attempt to establish connections between worldwide phishers and to discover the largest-volume operators. Aaron Kornblum, an Internet safety enforcement attorney at Microsoft, joined officials from the US Federal Trade Commission and the National Consumers League to announce that people must cooperate in fighting Internet crime and warning consumers to beware of online scams.

The US Supreme Court, currently examining the entertainment industry's and peer-to-peer (P2P) providers' arguments in the Grokster case, has shown interest in measures against companies that actively encourage their users to share copyright-infringing files. Such measures would shift the focus from users' actions, which companies can't control, to their marketing, which they can. The Supreme Court has previously argued that companies can't use others' intellectual property as start-up capital, while sharing the technology industry's concerns that a ruling in favor of the entertainment industry would stifle innovation.

According to the Wireless Services Corporation (WSC), the amount of spam text messages in the US has jumped from 18 percent to nearly 50 percent in the past year. WSC attributes the increase to spammers' growing sophistication and their adoption of mobile phone technology. Rich Begert, WSC's president and chief executive, said mobile spam is worse than email spam because consumers must pay for its delivery, and spammers complicate efforts to fight it by setting up operations outside the US.

Reed Elsevier announced that its LexisNexis legal information business has found several instances of possibly fraudulent access to its Seisint unit and its database of personal information on US citizens. The breaches might have exposed data on over 310,000 individuals, including names, addresses, and social security or drivers' license numbers, but not credit, medical, or financial histories. LexisNexis plans to notify those the breach affected, offer a credit monitoring service to guard against identity theft, and improve its preventive measures by strengthening password administration and investing more resources in privacy protection. Seisint provides identity authentication services to law enforcement, homeland security, and private-sector customers to protect against fraud and identity theft. LexisNexis is working with law enforcement to investigate the incidents.

A new identity-theft technique, pharming, is growing as a favored scam. Pharming involves redirecting users from legitimate Web sites to identical spoof sites to trick them into revealing sensitive information. Pharmers will often use viruses to rewrite local host files on users' PCs, redirecting them to the bogus Web site even when they type in the address for the legitimate one. Pharmers are also testing weaknesses in Domain Name System (DNS) protocols, such as DNS wildcards, which were originally designed to handle mistyped email addresses but let pharmers disguise malicious Web links as legitimate ones. Paul Mockapetris, who designed the DNS protocol, has called for an update to the DNS, but security experts are split over whether enough hackers have the sophistication to make DNS attacks a major threat.

America Online quickly clarified details regarding new provisions of its Terms of Service policy for Instant Messenger users that appeared to completely remove expectations of privacy: "You waive any right to privacy. You waive any right to inspect or approve uses of the content or to be compensated for any such uses." AOL spokesman Andrew Weinstein says the policy only refers to an earlier mention of "Content You Post," referring to information users post in public forums, such as chat rooms or news discussion groups. Weinstein further commented that AOL doesn't monitor users' private conversations except when legally required.

Following a recent security breach, ChoicePoint (www.choicepoint.com) has come under increased scrutiny for its background-checking services. Several lawsuits and consumer complaints allege that the data ChoicePoint provides to potential employers is inaccurate. US Federal law requires consumer reporting agencies to ensure that data from public records is up-to-date and notify consumers when they provide adverse information to an employer. However, ChoicePoint and other data aggregators only purchase data from state databases and periodically refresh it.