UPDATE: Representative @DarrellIssa tweeted that the Judiciary Committee has scheduled the rest of #SOPA markup next Wednesday, Dec. 21 at 9 AM EST.

The delay is to allow more experts to weigh in with opinions and recommendations addressing technical, legal and first amendment issues.

SOPA proponents, including major content providers like the recording and motion picture industry, have argued that the new rules were necessary to combat “foreign” piracy and the sale of illicit goods like counterfeit pharmaceuticals.

SOPA opponents, including internet and tech giants and consumer and legal watchdog groups, say the proposed law is over-reaching, with the potential to “break” the internet and start a worldwide arms race of unprecedented censorship of the web.

If you’re involved with any type of online marketing, you should learn as much as you can about this proposed legislation, as the implications (mostly negative, unless you’re a large content provider or trademark holder) are huge.

Want to know more? Check out What All Marketers Need To Know About SOPA – The Stop Online Piracy Act over on our sister site, Marketing Land.

This also means we’re increasingly trusting the companies that provide these services to keep our data and personal information secure. Based on my personal experiences reporting on many companies that offer cloud-services and talking with them about security measures, this trust is generally well-founded.

But what happens if something goes wrong? For example, imagine an extreme case—what if your Gmail account was hacked, and even worse, if the hacker succeeded in deleting all of your email?

This horrific scenario happened recently to Deb Fallows, wife of The Atlantic national correspondent James Fallows. I had the pleasure of spending a few days with both Deb and Jim at a search conference in China several years ago, and can attest that both are technically savvy and not likely to be careless with their online “security hygiene.” So when I came across Jim’s story about Deb’s Gmail account being hacked, I read it—very, very carefully.

People who read Jim know that he’s written about technology for ages, and is one of the sharpest analysts of all things tech (I mean that both in the sense that he has a keen understanding and is also never shy about skewering inferior or faulty products or services). What some people don’t realize, however, is that Jim is also very knowledgeable about search, and Google in particular—for years he’s been a moderator and interviewer at Google’s exclusive Zeitgeist events. To help his wife recover her Gmail account and learn more about how such a catastrophic event could occur in the first place, he went to Google and spoke with people ranging from senior officials who set security policy to the engineers in the trenches who constantly monitor Google for threats and wrangle the systems to thwart the bad guys.

What he learned is eye-opening, but also reassuring. In my mind, his article Hacked is a must-read for anyone who uses Gmail, or any other cloud-based service. It’s a balanced look at the tradeoffs we all must make between enjoying the convenience of working in the cloud vs. the security risks we take—despite the serious and comprehensive measures companies like Google take to keep our data secure. A few interesting passages from the article:

“My wife’s password was judged as “strong” when she first chose it for use with Gmail. But it was a combination of two short English words followed by numbers, so if it didn’t leak from some other site, it might just have been guessed in a brute-force attack. For reasons too complex to explain here, even some systems, like Gmail’s, that don’t allow intruders to make millions of random guesses at a password can still be vulnerable to brute-force attacks.”

“At Google I asked Byrant Gehring, of Gmail’s consumer-operations team, how often attacks occur. “Probably in the low thousands,” he said. “Per month?,” I asked. “No, per day,” followed by the reassurance that most were short-lived “hijackings,” used to send spam and phishing messages, and caused little or no damage, unlike our full-out attack.”

“Against this assault, the Google security team, like its counterparts at other companies, is constantly monitoring activity across its systems, toward the end of detecting break-ins and hijacks before damage has been done, and even before the owners know that something has gone wrong.”

To its credit, Google was able to retrieve and restore Deb Fallows’ deleted emails. This wasn’t necessarily preferential treatment because of Jim’s contacts within Google—Google has an official “Undeletion Project” to assist people who’ve had their accounts hacked. Last month, Google also began offering a live help line for email recovery.

Fallows ends his article with some practical tips on protecting your cloud-based data. He followed up yesterday with a Q&A style blog post offering specific recommendations for making your Gmail account more secure. As said, both of these should be must-reads for anyone using Gmail or other cloud-based services:

• Hacked!
• Quick Points on Gmail Security

Both Jim and Deb are prolific bloggers, and well worth following for the wide-ranging and interesting stories they write:

• James Fallows
• Deb Fallows

The Chinese themselves have vigorously and indignantly denied any and all such accusations, despite mounting evidence to the contrary.  Now new evidence of Chinese state-sponsored “cyberattacks” comes in the form of a broadcast on state TV.

According to a report in the Wall Street Journal, “Chinese state television has broadcast footage of what two experts on the Chinese military say appears to be a military institute demonstrating software designed to attack websites in the U.S.”

What was shown during the Chinese TV report does appear to be an “admission” of Chinese state-sponsored hacking and thus puts the US and North American corporations in an extremely awkward position. China is the single largest holder of US debt and numerous companies depend on Chinese manufacturing — the PC and mobile phone industries for example — for their products.

Compounding the problem and diplomatic challenge, earlier this year the US Defense Department issued a statement that cyberattacks can be considered “acts of war” and may be met with a conventional military response. According to a May, 2011 article in the NY Times:

The Pentagon, trying to create a formal strategy to deter cyberattacks on the United States, plans to issue a new strategy soon declaring that a computer attack from a foreign nation can be considered an act of war that may result in a military response.

Given the increasing body of evidence that China itself is behind persistent hacking directed against North American and EU corporations and government secrets, how should the US and Europe respond? Given the interdependency of the US and China a direct military response is clearly out of the question.

However we’re likely to see hacking and corresponding counter-measures stepped up behind the scenes in the coming years, even as the nations affirm their “partnership” — much like the public smiles and diplomacy that masked reciprocal espionage between the West and Soviets during the post-WWII era.

Welcome to the new Cold (cyber) War.

Trend Micro reported earlier this morning that malware sites had started targeting search terms shortly after the quake hit. As shown in the image above, Trend Micro found several sites offering fake anti-virus software in the search results for the term, “most recent earthquake in Japan.” Thanks to Trend Micro’s post and related coverage, the first page of Google’s results for that phrase now includes several articles about the malware. (Bing’s results, at the moment, are a little more suspect than Google’s, though I haven’t clicked through to visit any pages from either search engine.)

This is a common happening after major news events, with similar reports after the recent earthquakes in Haiti and Chile. Spammers and malware sites make a habit of targeting hot search topics. Last spring, we reported on one study that claimed some “hot” Google searches returned 90% malicious links.

The principles aim to upgrade and enhance privacy protection for individuals using the internet, sending email and storing data in the cloud. Basically these principles seek to apply the probable cause standard and require a judge-issued warrant before law enforcement officials can gain access to private information or data online. This would include search query logs.

Here are the principles laid out on the new Digital Due Process site:

1. A governmental entity may require an entity covered by ECPA (a provider of wire or electronic communication service or a provider of remote computing service) to disclose communications that are not readily accessible to the public only with a search warrant issued based on a showing of probable cause, regardless of the age of the communications, the means or status of their storage or the provider’s access to or use of the communications in its normal business operations.
2. A governmental entity may access, or may require a covered entity to provide, prospectively or retrospectively, location information regarding a mobile communications device only with a warrant issued based on a showing of probable cause.
3. A governmental entity may access, or may require a covered entity to provide, prospectively or in real time, dialed number information, email to and from information or other data currently covered by the authority for pen registers and trap and trace devices only after judicial review and a court finding that the governmental entity has made a showing at least as strong as the showing under 2703(d).
4. Where the Stored Communications Act authorizes a subpoena to acquire information, a governmental entity may use such subpoenas only for information related to a specified account(s) or individual(s). All non-particularized requests must be subject to judicial approval.

Essentially these proposed rules seek to protect all user data that is not “readily accessible to the public.”

These principles will be sent to Congress, which would then need to incorporate them into ECPA or separately enact them in order to become law. However, it was pointed out that these rules are not intended to affect “national security” issues or related enforcement. That represents something of a “loophole” potentially for aggressive law enforcement officials, who might seek to circumvent these rules, if enacted, by using the justification of national security to conduct domestic surveillance.

In general however these proposed rules are very welcome. We should hope they’re enacted to require law enforcement to gain warrants and meet traditional probable cause standards before private online data or activities and history can be accessed.

Edelman documents how he disabled the Google Toolbar within the preference, then visited a web page and captured how Google was sending browsing data from the toolbar to Google’s servers. Edelman first clicked the “X” icon at the top left of the Google Toolbar. Then he selected “Disable Google Toolbar only for this window,” and clicked “okay.” While in the same window, requested the Whitehouse.gov site. He noticed that his network monitor showing that the Google Toolbar continued to transmit his browsing to its toolbarqueries.google.com server.

Edelman posted a video screen cast documenting this process.

I reached out for Google for a statement a few hours ago. I have yet to receive anything back. If and when I do, I will update this post.

Postscript: Google sent me a statement on this matter, here it is:

To be clear, this is only an issue until a user restarts the browser, and it only affects the currently open tabs for a small number of users.

Specifically it affects those using Google Toolbar versions 6.3.911.1819 through 6.4.1311.42 in Internet Explorer, with enhanced features enabled, who chose to disable Toolbar without uninstalling it. Once the user restarts the browser, the issue is no longer present. A fix that doesn’t require a browser restart is now available on www.google.com/toolbar and in an automatic update to Google Toolbar that we are starting tomorrow.

I wonder if Ben Edelman knew about restarting I.E. would fix the issue and left it out?

No, we’re not turning Search Engine Land into a celebrity gossip blog … we’re talking about the risks of searching online for certain celebrities. And, according to a McAfee report issued today, Jessica Biel is the most dangerous celebrity on the web, passing last year’s master of search disaster, Brad Pitt.

McAfee explains the risks involved in being a search engine-using fan of Jessica Biel:

“Fans searching for “Jessica Biel” or “Jessica Biel downloads,” “Jessica Biel wallpaper,” “Jessica Biel screen savers,” “Jessica Biel photos” and “Jessica Biel videos” have a one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.”

Here’s the full top ten, according to McAfee’s study:

1. Jessica Biel
2. Beyoncé
3. Jennifer Aniston
4. Tom Brady
5. Jessica Simpson
6. Gisele Bundchen
7. Miley Cyrus
8. Megan Fox & Angelina Jolie (tie)
9. Ashley Tisdale
10. Brad Pitt

This the third consecutive year McAfee has surveyed the danger associated with using celebrity names when searching online. It’s similar to, but more specific than McAfee’s report a couple months ago that detailed the web’s riskiest search terms overall.

(Jessica Biel image provided by McAfee.)

1. Those that facilitate the sale of prescription drugs, including controlled substances, without requiring a valid prescription.
2. Those that sell drugs from sources that are not licensed as a pharmacy in any US jurisdiction.
3. Those that illegally source unregulated, unapproved prescription drugs from outside of the United States.
4. Those that are otherwise deceptive or misleading.

This study was done over the June or July 2009 months and only examined Bing’s search ads, not the organic listings. Microsoft currently has not commented on this report.

LegitScript is an Internet pharmacy verification organization identified by the National Association of Boards of Pharmacy (NABP).

Google wrote to the FCC:

Google Inc. (“Google”), by its attorneys, files these comments in response to the Notice of Inquiry (“NOI”) issued by the Federal Communications Commission (“FCC” or “Commission”) initiating a proceeding as required by the Child Safe Viewing Act of 2007 (“CSVA”) to examine the existence and availability of advanced blocking technologies compatible with various communication devices and platforms for programming parents deem indecent, violent or otherwise objectionable.2 As we explain, Google is committed to empowering and educating parents so that they can create a positive and safe online experience for their children.

A number of initiatives designed to give users and families greater control to moderate their YouTube experience, including the ability to filter video comments they find inappropriate.

Previously, YouTube had to create sophisticated software to protect copyright over music and videos. That software has been doing a pretty good job identifying videos or music on YouTube and quickly removing such video.

In other YouTube news, YouTube has been testing a super seekrit channel design.

Here’s the thrust of the complaint:

EPIC hereby petitions the Federal Trade Commission to open an investigation into Google’s Cloud Computing Services, to determine the adequacy of the privacy and security safeguards, to assess the representations made by the firm regarding these services, to determine whether the firm has engaged in unfair and/or deceptive trade practices, and to take any such measures as are necessary, including to enjoin Google from offering such services until safeguards are verifiably established. Such action by the Commission is necessary to ensure the safety and security of information submitted to Google by American consumers, American businesses, and American federal agencies.

The three services mentioned in particular are Gmail, Picasa and Google Docs. EPIC successfully filed a similar action against Microsoft’s Passport service and won fines and concessions.

The complaint asserts that Google represents to the public that its online services are secure but, EPIC argues, there are known flaws and Google disclaims any responsibility for privacy or security breaches. It claims that Google’s data security practices are inadequate as they stand, and so on.

Privacy has re-emerged as a serious issue and big consumer concern on a number of fronts.

Without saying anything about the merits of the complaint and whether the EPIC claims are accurate, the issues raised are important as we move into the cloud-computing era very rapidly. Mobile access to Internet content and services will further accelerate this trend.

Update: I spoke briefly to a Google spokesperson yesterday and he had this to offer on the record:

“We have received a copy of the complaint but have not yet reviewed it in detail. Many providers of cloud computing services, including Google, have extensive policies, procedures and technologies in place to ensure the highest levels of data protection.  Indeed, cloud computing can be more secure than storing information on your own hard drive.  We are highly aware of how important our users’ data is to them and take our responsibility very seriously.”

It also struck me after I wrote the item above that there’s something perhaps unnecessarily “vindictive” in EPIC’s complaint that singles out Google. The issues raised are serious but pertain not only to Google but to Microsoft, Yahoo, Facebook and others. So it’s curious that the complaint was only filed against Google. In addition the language of “deception” is quite aggressive.

Everyone has an interest in ensuring better privacy and data security and EPIC is doing something helpful in raising the issues. But there are probably ways to address them at an industry level that are somewhat less “litigious.”