A special court with power over sensitive law enforcement surveillance misinterpreted a broad anti-terrorism law when it ordered the Justice Department to alter new guidelines for FBI terrorism searches, the agency said in an appeal made public Friday.

The U.S. Foreign Intelligence Surveillance Court ruled in a May 17 decision that the USA Patriot Act did not justify the use of certain investigative techniques.

In the appeal, Attorney General John Ashcroft said the court failed to acknowledge that the new law, passed in response to the Sept. 11 attacks, altered the standard lawyers must meet when seeking to monitor a person and share information between criminal detectives and terrorism investigators.

Before the Patriot Act was signed by President Bush late last year, government officials had to prove their primary purpose for monitoring was foreign intelligence.

Political News from Wired News - Judge Tosses BT Hyperlink Case.

U.S. federal Judge Colleen McMahon has dismissed a claim by British Telecom that it developed and holds a patent to the hyperlink technology used to whisk Web users from one site to another.

According to court transcripts, the British telephone company believed that every single hyperlink used on every U.S. website was utilizing intellectual property the company patented in 1976 and should therefore be subject to a licensing fee.

On Thursday, the judge ruled that British Telecom's beliefs were without merit.

[ ... ]

McMahon had expressed doubts over the case's validity as the suit progressed, but on Thursday she decisively dismissed BT's claims in a summary judgment (PDF) that is both technically astute and leaves no question about the judge's opinion on the worth of BT's case.

"The Internet is, in short, an entirely different beast from the system described in the (BT) patent. Consequently, the Internet does not infringe the Sargent patent," McMahon wrote in the judgment.

CNET NEWS.COM - Why Larry Lessig gets an "F" in software.

Lessig would limit software copyrights to 10 years. After that, the code would wind up in the public domain. I can't think of a better prescription for formalizing the existing constellation of power that favors the Microsofts and Oracles over the small and independent developers.

At this juncture in the history of the software industry, more so than ever before, 10 years doesn't amount to a hill of JavaBeans--not when you're attempting to build up brand, distribution and customer loyalty in an increasingly fragmented and competitive market.

Lessig would doubtless oppose anything cementing that structural imbalance. But good intentions are not good enough and the reality of the software industry in 2002 is such that stripping away carefully developed intellectual property in pursuit of a wooly-headed Arcadian utopia will only boost the fortunes of the software superpowers already living the life of Riley.

BW Online | August 23, 2002 | You're Only as Your Password.

Struck by the coincidence, Leggett says, he dug into Niku's Web access logs the next morning and discovered that someone using Internet addresses owned by Business Engine had used Niku passwords to sneak into Niku's network more than 6,000 times, downloading some 1,000 documents--including one that Leggett wrote about the planned demo for Berlin. The allegations are outlined in a lawsuit filed on Aug. 12 in U.S. District Court in San Francisco. "We never, ever assumed something like this could be going on," says Niku Chief Executive Farzad Dibachi. In a written statement, Business Engine said it's cooperating with an FBI investigation and does not yet know all the facts around the case.

The alleged high-tech pillaging highlights a vexing problem in today's networked corporations: gaping holes in computer security. Passwords, which can be easily guessed or tricked out of employees, are becoming the Achilles heel of computer security. On Aug. 14, for example, an associate dean at Princeton University was removed from his post after admitting he used easily guessed passwords to access a student admissions site set up by Yale University.

[ ... ]

The file, the only place an invader could have learned of the Nike meeting, didn't mention they were related. That was strange enough, but Leggett says he kept digging and found more. He was stunned to find that someone outside the company used 15 internal passwords over and over again. The invasions had occurred since last October. "It was sheer coincidence," says Dibachi. "Otherwise, who knows how long this would have gone on?"

CNET NEWS.COM - Spam crusaders slog it out in court.

When Joel Hodgell took a Florida steroids marketer to court for violating Washington state's anti-spam statute, he thought he might make some money while striking a blow against junk e-mail.

Instead, he was hit last month with a nearly $7,000 judgment to pay the spammer's legal fees.

Hodgell is one of a small and slowly growing cadre of spam activists who are attacking spam using the state laws that have sprung up over the past five years to restrict or outlaw the sending of unsolicited commercial e-mail. Some compare these activists' suits to the anti-smoking legal trailblazers who 20 years ago started paving the way for the recent multibillion-dollar judgments against the tobacco industry.

Hodgell ascribed the judgment to a technical error he made before he got a lawyer and dismissed it as a minor setback in a longer fight against the steroids marketer and spammers in general. But the Seattle litigant is hardly alone in finding that the road to courtroom spoils from spam is strewn with hazards.

In recent months, a Utah man found his hard drive subpoenaed in a class-action spam suit against Sprint--a subpoena the judge in the case ultimately refused to enforce. In addition, successful spam plaintiffs everywhere have found it easier to win judgments than to collect on them from often shadowy defendants.

[ ... ]

Meanwhile, anti-spam litigants--aspiring or actual--have a growing list of resources on the Web to assist them in their legal exploits. The Spamcon Foundation's Law Center (formerly Suespammers Project) keeps track of laws and individual cases and hosts a discussion forum. Peacefire has its own page recommending legal anti-spam action; and Miller maintains a page advising Washington residents how to sue spammers.

New Scientist - 'Critical' flaws in Microsoft software .

Several "critical" software bugs in Microsoft's Internet Explorer and Office software could be used to hijack millions of personal computers, the company warned on Thursday.

Hackers could take advantage of bugs in Internet Explorer and Office Web Components to steal or delete files and run applications remotely on a computer.

Some security experts say those who fail to update their software with a security patch could suffer later on, when hackers have developed tools designed to take advantage of the flaws.

Washington Post - Plans to Computerize Personal Data Ignite Firestorm in Japan . Citing Privacy, Municipalities Defy Effort

TOKYO -- The first stop for new residents of a Japanese neighborhood is the local government office, where they dutifully report their presence and give details of their family. Soon after, the police may stop by to politely ask again who is living there.

On moving out, they must again notify local authorities and get a report to take to the ward office of the next place they reside. This official tracking is accepted with equanimity by most Japanese, as is the requirement for an even more detailed "family registry" that lists everything from divorces to births, deaths and domicile.

So the government was surprised when a move to put some of this information on a computer network to streamline the process -- and to assign an 11-digit identification number to everyone -- erupted into a grass-roots revolt.

At least four local municipalities have defied the government and refused to be a part of the computer network that started earlier this month. Others have waffled, saying their residents' participation was voluntary.

Protesters, wonderfully decorated as bar codes, have taken to the streets. Public opinion polls show huge opposition to the system. And a nationally respected journalist has organized a league of influential Japanese to try to get it abolished.

"We didn't anticipate this," acknowledged an official of the Ministry of Public Management. "We really don't think the criticisms are justified."

[ ... ]

It is even more surprising in Japan, whose residents are the first to admit they readily submit to dictates of authority.

"I am afraid the Japanese people will become more docile" in the face of government encroachments on their privacy, said Yoshiko Sakurai, the journalist who is leading a national movement against the network. "Our people tend to be much more quiet than your people."

[ ... ]

Concerns about the safety of personal data is at the root of objections by the municipalities. Leaks could happen at the central government or any of the connected municipalities, they say. They argue that the late prime minister Keizo Obuchi promised in 1999 the network would be accompanied by tough privacy legislation outlawing misuse of the data. The government introduced a bill, but it was shelved this year.

[ ... ]

But many people are suspicious that the long reach of the Japanese bureaucracy is at work and Juki Net will gradually grow. They fear it could become a giant record-keeping system with the ubiquity of U.S. social security numbers combined with Japan's personal records.

Polls show huge majorities are against the system. And while critics say they fear hackers and other criminals, one of their chief concerns is misuse of the data by their own government.

"The problem is, the people don't trust the government," said Hiroshi Yamada, the mayor of Suginami, another ward of Tokyo that has balked at participation in Juki Net.

"We've conducted a survey, and only 10 percent of the people want it," he said. "We've had several people move into Suginami" because of the ward's refusal to join the network.

There is plenty of grist for public suspicion of bureaucrats. In May, the Defense Agency admitted it had drawn up a list with names, backgrounds and political views of citizens who had asked for public information from the agency. Twenty-nine agency officials were punished. Last month, defense contractor Fujitsu said it had gotten a blackmail demand from men who had obtained personal information on military officers leaked from the company's computers.

And just as Juki Net started up, embarrassed officials in the city of Moriguchi in Osaka acknowledged they had sent personal information about 2,584 individuals to the wrong people.

"The Ministry of Public Management doesn't answer these concerns," said Mayor Yamada. "The minister keeps saying it's safe and they'll go ahead with it. That just fans the anxiety of people even more."

New York Times - free registration required Secret Court Says F.B.I. Aides Misled Judges in 75 Cases.

The opinion was part of a package of material presented this week by the court to the Senate Judiciary Committee, which is reviewing requests by the Justice Department for even broader investigative powers in the aftermath of Sept. 11. The committee released the documents today, along with a statement from the panel's chairman, Senator Patrick J. Leahy, Democrat of Vermont, who said, "this ray of sunshine from the judicial branch is a remarkable step forward for constructive oversight."

In weighing eavesdrop requests, the special court, which was created by the 1978 Foreign Intelligence Surveillance Act and was recently expanded from to 11 members from 7, is responsible for enforcing provisions of the law that limit the sharing of electronic surveillance from intelligence or terrorism cases with criminal investigators; the limitations are intended to uphold the Fourth Amendment, which prohibits unreasonable search and seizure.

Because the standards of evidence required for electronic surveillance are much lower in many intelligence investigations than in criminal investigations, the authors of the law wanted to prevent the dissemination of intelligence information to criminal investigators or prosecutors.

But in a number of cases, the court said, the FBI and the Justice Department had made "erroneous statements" in eavesdropping applications about "the separation of the overlapping intelligence and criminal investigators and the unauthorized sharing of "FISA" information with F.B.I. criminal investigators and assistant U.S. attorneys."

"How these misrepresentations occurred remains unexplained to the court," the opinion said.

In essence, the court said that the F.B.I. and the Justice Department were violating the law by allowing information gathered from intelligence eavesdrops to be used freely in bringing criminal charges, without court review, and that criminal investigators were improperly directing the use of counterintelligence wiretaps.

[ ... ]

In one case, it said, the error appeared in a statement issued by the office of Louis J. Freeh, then the F.B.I. director, in which the bureau said that target of an intelligence eavesdropping request "was not under criminal investigation."

In March of 2001, the court said, "the government reported similar misstatements in another series of FISA applications in which there was supposed to be a `wall' between separate intelligence and criminal squads in F.B.I. field offices to screen FISA intercepts, when in fact all of the F.B.I. agents were on the same squad and all of the screening was done by the one supervisor overseeing both investigations." The location of the squad and the nature of the inquiry were not described.

Gregory T. Nojeim, associate director of the national office of the American Civil Liberties Union in Washington, said the opinion was "astounding" in demonstrating that the F.B.I. and the Justice Department have tried an "end run around the Fourth Amendment protections against unreasonable searches."

Washington Post - Secret Court Rebuffs Ashcroft.

The secretive federal court that approves spying on terror suspects in the United States has refused to give the Justice Department broad new powers, saying the government had misused the law and misled the court dozens of times, according to an extraordinary legal ruling released yesterday.

A May 17 opinion by the court that oversees the Foreign Intelligence Surveillance Act (FISA) alleges that Justice Department and FBI officials supplied erroneous information to the court in more than 75 applications for search warrants and wiretaps, including one signed by then-FBI Director Louis J. Freeh.

Authorities also improperly shared intelligence information with agents and prosecutors handling criminal cases in New York on at least four occasions, the judges said.

The department discovered the misrepresentations and reported them to the FISA court beginning in 2000.

Given such problems, the court found that new procedures proposed by Attorney General John D. Ashcroft in March would have given prosecutors too much control over counterintelligence investigations and would have effectively allowed the government to misuse intelligence information for criminal cases, according to the ruling.

The dispute between the Justice Department and the FISA court, which has raged behind closed doors until yesterday, strikes at the heart of Ashcroft's attempts since Sept. 11 to allow investigators in terrorism and espionage to share more information with criminal investigators.

Generally, the Justice Department must seek the FISA court's permission to give prosecutors of criminal cases any information gathered by the FBI in an intelligence investigation. Ashcroft had proposed that criminal-case prosecutors be given routine access to such intelligence information, and that they be allowed to direct intelligence investigations as well as criminal investigations.

[ ... ]

The opinion itself -- and the court's unprecedented decision to release it -- suggest that relations between the court and officials at the Justice Department and the FBI have frayed badly.

FISA applications are voluminous documents, containing boilerplate language as well as details specific to each circumstance. The judges did not say the misrepresentations were intended to mislead the court, but said that in addition to erroneous statements, important facts have been omitted from some FISA applications.

In one case, the FISA judges were so angered by inaccuracies in affidavits submitted by FBI agent Michael Resnick that they barred him from ever appearing before the court, according to the ruling and government sources.

Referring to "the troubling number of inaccurate FBI affidavits in so many FISA applications," the court said in its opinion: "In virtually every instance, the government's misstatements and omissions in FISA applications and violations of the Court's orders involved information sharing and unauthorized disseminations to criminal investigators and prosecutors."

The judges were also clearly perturbed at a lack of answers about the problems from the Justice Department, which is still conducting an internal investigation into the lapses.

"How these misrepresentations occurred remains unexplained to the court," the opinion said.

Slashdot | Your Rights Online - Secret Court: Government Lied to Get Wiretaps Approved.

Paersona writes "Ever wonder what Colleen Kollar-Kotelly is doing to pass the time while she waits for the next step in the Microsoft case? Apparently she is now serving as the lead justice of the FISA court that oversees intelligence agencies' requests for domestic wiretapping. Today, the Washington Post reveals that the FISA court has released a rare public report rebuking the FBI and Justice Department for their handling of wiretap requests." --- The New York Times also has a story about the FISA court. The court's opinion is available.

Slashdot | Microsoft Notes Critical Security Holes in Windows, Office.

Scoria writes "CNN is reporting that the infamous Microsoft has disclosed six critical Internet Explorer vulnerabilities, including some that would allow an attacker to execute arbitary commands. According to the relevant TechNet bulletin, a cumulative patch has been released to address them." --- Please be sure to read the EULA before installing the patch.

The Register (UK) - UK's DMCA: there ain't no sanity clause.

The UK's take on the "European DMCA" - the European Copyright Directive - will make criminals out of ordinary computer users, according to a new critique by the UK Campaign for Digital Rights. And it will also fail to protect researchers, says Julian Midgley who penned the report.

"As it stands, the UK implementation of the European Copyright Directive will hinder research into cryptography (in contravention of the express intent of the Directive itself), make criminal current common practices of the music industry, give software companies unwarranted control over the creation of software products interoperable with their own, and provide an inadequate and entirely impractical mechanism for beneficiaries of the Directive's exceptions to obtain access to copyrighted works protected by technological measures," the report concludes

CDR recommends amendments to the consultation paper. "Academic research" isn't defined, for example, and Midgley notes that even the draconian DMCA had more detail on protections for cryptographic researchers than the UK's draft - even though those were insufficient to protect researchers from prosecution.

AP via New Jersey Online - Secretive espionage court rejected some Ashcroft wiretap rules .

A special court that oversees sensitive law enforcement surveillance forced Attorney General John Ashcroft to change his guidelines for FBI terrorism searches and wiretaps, according to documents released Thursday.

The U.S. Foreign Intelligence Surveillance Court, which has not publicly disclosed any of its rulings in nearly two decades, rejected some of the Ashcroft guidelines in May as "not reasonably designed" to safeguard the privacy of Americans.

The Justice Department quickly amended its guidelines and won the court's approval. Nevertheless, Bush administration officials said Thursday they have appealed the restrictions, arguing that the new limits inhibit the sharing of information between terrorism investigators and criminal detectives.

[ ... ]

Ashcroft's instructions in March, in a memorandum to FBI Director Robert Mueller and senior Justice officials, made it easier for investigators in espionage and terrorism cases to share information from searches or wiretaps with FBI criminal investigators.

But the surveillance court, which approves requests during secret deliberations, found that Ashcroft's rules could allow misuse of information in criminal cases, where prosecutors must meet higher legal standards to win approval for searches or wiretaps.

"These procedures cannot be used by the government to amend the (surveillance) act in ways Congress has not," the court wrote. In its rare public rebuke, it said the Justice Department spent "considerable effort" arguing its case, "but the court is not persuaded."

Ashcroft had argued that, under changes authorized by the USA Patriot Act, the FBI could use the surveillance law to perform searches and wiretaps "primarily for a law enforcement purpose, so long as a significant foreign intelligence purpose remains."

The Patriot Act, passed late in 2001, changed the surveillance law to permit its use when collecting information about foreign spies or terrorists is "a significant purpose," rather than "the purpose," of such an investigation. Critics at the time said they feared government might use the change as a loophole to employ espionage wiretaps in common criminal investigations.

"The attorney general seized authority that has not been granted to him by the constitution or the Congress," said Marc Rotenberg, head of the Washington-based Electronic Privacy Information Center.

[ ... ]

Critics have worried that the surveillance court is too closely allied with the government, noting that judges have rarely denied a request under the 1978 law. But the newly disclosed court's orders indicated irritation with serious FBI blunders in 2000 and 2001.

The court said the FBI admitted in September 2000 to mistakes in 75 wiretap applications, including then-FBI Director Freeh's erroneous statement to judges that the target of a wiretap request wasn't also under criminal investigation.

The court also noted that in March 2000, information from espionage wiretaps in at least four cases was passed illegally to FBI criminal investigators and U.S. prosecutors in New York. Clearly frustrated, the court said it barred one FBI agent from appearing before it.

The FBI admitted more recently, in March 2001, that it inappropriately shared surveillance information among a squad of agents, the court said.

Reuters | U.S. Appeals Secret Court Ruling on Wiretaps.

The U.S. Justice Department on Thursday said a secret court had limited the ability of investigators to coordinate surveillance against terrorism suspects and announced plans to appeal the ruling.

In an unprecedented move, the government appealed a May ruling by the Foreign Intelligence Surveillance Court, saying it "unnecessarily narrowed" new anti-terror laws that allowed a wider berth in conducting electronic surveillance and in using information obtained form the wiretaps and searches.

[ ... ]

Sweeping anti-terror legislation, called the USA Patriot Act, signed into law in October in response to the Sept. 11 attacks on America, widened the FISA parameters and made it easier for investigators and law enforcement officials or prosecutors to share information obtained by the surveillance and searches.

But in the May ruling, made public for the first time on Thursday, the court ruled that law enforcement officials cannot give advice related to the surveillance to investigators carrying out the searches or wiretapping. The court also implemented an oversight requirement.

That contradicts a memorandum issued by Attorney General John Ashcroft in March regarding the sharing of foreign intelligence investigations conducted by the FBI. In the memo, Ashcroft said consultation or sharing of information may include the exchange of advice and recommendations on how to carry out the surveillance and searches.

Because of the discrepancy, the Justice Department decided to appeal to a Foreign Intelligence Surveillance Court of Review -- an entity that exists but which has never been used.

[ ... ]

Committee chairman Sen. Patrick Leahy, a Democrat from Vermont, lauded the decision, saying it would help committees like his charged with oversight of the anti-terrorism laws.

"This ray of sunshine from the judicial branch is a remarkable step forward for constructive oversight," he said. "This is a window on the process that will help us better understand how the laws are being implemented and how well they are working."

Until now, the workings of the FISA Court have been kept secret. The court, made up of judges designated by the Supreme Court chief justice, deals mostly with secret or top secret information and has never before published any of its rulings.

In the May ruling, the court criticized the government for a number of "misstatements and omissions" in FISA applications, and said it had violated court orders regarding information sharing between investigators and prosecutors.

SatireWire | Hackers beg boring people to stop encrypting email. Security Experts Concur Most of You Have Nothing Worth Encrypting Anyway

New York Times - free registration required Mac OS 10.2 Reviewed.

Furthermore, Apple is not Microsoft -- that's the understatement of the year -- and isn't nearly so Big Brotherish. There's no 25-digit serial number to type into a new Mac before you can use it, as on a new PC. Mac OS X imposes no copy protection, no Windows XP-style activation process and no risk of being locked out of your own PC if you upgrade too many of its components. Nor does Mac OS X ever interrupt you with little balloons that nag you to sign up for Passport, .NET or some other Microsoft database. Mac people rarely feel like they're living in the persistent, lurking shadow of a software company.

Just a little something to remember that I found in a review of the new version of Mac OS X nick named Jaguar. BTW I am a happy Mac user even if my hardware is to old to run Mac OS X

Slashdot | Napster Not To Blame.

enjo13 writes "Slate is running an article on the music industries recent troubles. It articulates exactly what Slashdot has preached all along.. that the Music industry is suffering at its own hands and has no one to blame but itself. All I have to say is... finally." --- There's actually been a number of pieces like this, but I think this one says it best.

Washington Post - FEC Decision Could Jump-Start SMS Political Ads .

A decision by federal election regulators to exempt text-based wireless ads from campaign disclosure rules has critics warning that consumers could find their mobile phones subject to a flood of political spam as campaign 2002 kicks into high gear.

The Federal Election Commission (FEC) today approved a New Jersey technology firm's petition to waive disclosure rules for political ads delivered via SMS -- or "short messaging service." SMS is featured on a wide range of wireless devices, from digital mobile phones to Blackberries to two-way pagers.

Target Wireless of Fort Lee, N.J., joined by advertising industry groups and a Republican campaign committee, argued that current campaign disclosure rules would require political advertisers to use up too much of the limited amount of text -- 160 characters total -- available for individual SMS messages.

Slashdot | Your Rights Online - FEC Permits Anonymous SMS Spam.

crm114 writes "The Washington Post is running a story about the Federal Election Commission's decision today to waive the requirement that SMS broadcast messages indicate their origin..." --- And it'll only cost you ten cents to read each one. For what it's worth, you can read the agenda item which describes the issue before the FEC. It's rather interesting because it includes drafts of two possible responses by the FEC, depending on which way the commissioners actually voted at today's meeting. Although the company seeking the opinion suggested alternatives like providing a toll-free phone number in the message (preserving the spirit of the campaign finance disclosure rules), the FEC doesn't appear to have taken them up on it.

Slashdot | Microsoft and Wireless Authentication.

An anonymous reader writes: "Microsoft's been working on a new, secure authentication standard for 802.11b called PEAP. --- [ed. note: it's a draft standard] --- Cisco already offers secure authentication for their own wireless gear with LEAP, and did an outstanding job of making this capability available for Linux and OS/X, as well as for Windows. My question is, since PEAP is dependent upon the Windows EAP-TLS infrastructure, are Linux and OS/X going to be left out in the cold as this new standard is pushed by MS? Sifry's has some good commentary and links. Opensource wireless hackers, are you working on this?"

Slashdot | Your Rights Online - Fax-Spammers fax.com Sued For 2.2 Trillion.

linuxwrangler writes "Fed up with junk faxes which have been illegal since 1991, a Silicon Valley businessman has launched a lawsuit against junk faxer fax.com. Steve Kirsch seeks the damages provided in the law: $500/fax for the last four years. If certified as a class-action on behalf of the 3 million receipients of the faxes that fax.com claims to send each day the total damages would reach 2.2 billion even without invoking the "triple-damages" clause for "willful" violations. Federal regulators hit fax.com with a 5.4 million fine just two weeks ago after the company ignored numerous warnings from the FCC and was found to be in "flagrant violation" of the law. Fax.com maintains that their actions are protected by the constitution and court decisions in this case could lay the foundation for the future of junk email regulation"