WASHINGTON -- A presidential commission charged with studying ways to make the U.S. Postal Service ("USPS") more efficient has recommended that the agency work with the Department of Homeland Security to develop sender identification technology for all U.S. mail.

In a final report released July 31, the President's Commission on the U.S. Postal Service said sender identification technologies such as "personalized stamps" that embed digital identification information would not only improve mail tracking and delivery operations but would also enhance the security of the entire mail system.

But civil liberties groups and some private-sector technologists fear that requiring intelligent mail for all users of the Postal Service is overreacting to the threat of terrorism.

Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, a San Francisco-based privacy watchdog group, said intelligent mail raises serious First Amendment issues. "It's a free-speech and anonymity problem," he said.

Making intelligent mail mandatory would likely require congressional approval, Tien said, adding that "right now there is no legal requirement for anybody to scribble a return address on an envelope."

Tien also said it's difficult to imagine how the privacy rights of ordinary citizens and whistle-blowers could be guaranteed if the use of intelligent mail was required by law.

[ ... ]

A spokesperson for the USPS said that although the development of intelligent mail is a big issue for the service, the commission report is still under review and it would be premature to discuss future plans.

Ari Schwartz, associate director of the Center for Democracy & Technology in Washington, said intelligent mail was created first as a commercial tool to boost efficiency. But to use it as a homeland security tool raises questions about both effectiveness and privacy. "The anonymity of the mail is something that the Postal Service has been proud of," Schwartz said. "The history of the country is such that we want people to be able to speak anonymously, and taking away [anonymous mail] altogether does not seem to be a good idea."

The USPS in January formed a committee with the help of the private sector to study intelligent-mail technologies and infrastructure requirements and has since established a corporate plan for intelligent-mail implementation. The agency has moved ahead with the program despite privacy concerns by some in Congress, including senior members of the House Government Reform Committee. That committee, shortly after the 2001 anthrax attacks, asked the General Accounting Office to study the implications of intelligent mail.

It may seem Orwellian to some, but the first major commercial service that traces people's locations using their mobile phones is designed more to ease the minds of worried parents and suspicious bosses than to enable unauthorized spying.

The mapAmobile service, unveiled last month in Britain, claims accuracy to within 50 yards. It charges an annual fee of £30, or $48, plus 30 pence per request.

Even more precise services are likely in the United States within the next year as more phone models come with global positioning system, or GPS, chips already installed.

Red Wolf writes "The first major commercial service that traces people's locations using their mobile phones -- mapAmobile -- is designed more to ease the minds of worried parents and suspicious bosses than to enable unauthorised spying."

Mercuri believes that her credentials were revoked because of her position in favor of voter-verified paper ballots for computerized election systems. "I guess in a very troubling way it makes sense that an organization like IACREOT, that supports paperless computerized voting systems, which are secret by their very design, would not want computer experts who disagree with that position at their meetings."

Dr. Mercuri said that her credentials were approved for the first three days of the conference. She attended meetings of other groups and visited the exhibitors hall. But it was only on Thursday as she sat down to attend her first meeting at the IACREOT that President Marianne Rickenbach took Mercuri out of the room and told her that her credentials were being revoked. Rickenbach said that Mercuri had not filled out the forms correctly. Mercuri protested, but was refused reinstatement.

Hopkins study of flaws in security prods action; Purchase no longer 'a certainty'; California firm to analyze touch-screen system

In the wake of a study revealing security flaws in the costly touch-screen voting machines Maryland has agreed to buy, Gov. Robert L. Ehrlich Jr. ordered an outside review yesterday of the electronic system scheduled to be in place for next spring's presidential primary election.

Science Application International Corp. of San Diego will complete the evaluation in four weeks, delivering findings that will determine whether Maryland moves forward with the $55.6 million purchase of new machines for 19 counties, asks for alterations to improve accuracy or scuttles the plan altogether.

asmithmd1 writes "We already knew Diebold software is insecure, now the Baltimore Sun is reporting that the Governor of Maryland has asked SAIC to review the software in Diebold voting machines. Diebold has graciously allowed SAIC access to their proprietary code. Why isn't this code open source by law?" --- In a related story, a trade show for closed-source electronic voting systems is doing their best to keep critics out. Update: 08/07 15:23 GMT by M: Diebold's website security is less than outstanding.

In response to the Patriot Act, the Lucius Beebe Memorial Library may adopt a policy clearly stating an intention to protect the privacy of library users, while also honoring the Patriot Act. The Beebe staff would design the policy with other members of the North of Boston Library Exchange. Marblehead's Abbot Library's Board of Directors adopted such a policy this week.

"It's a basic tenet of librarianship to defend the right of privacy of anyone who seeks any kind of information, whether in a book or the Internet," said Bonnie Strong, Abbot Library director in Marblehead. "For librarians everywhere, the USA Patriot Act is considered a very dangerous and disappointing act because it intrudes on that confidentiality."

This policy would state the library's intention to uphold the law. But it would also state its support of the Library Bill of Rights and the Freedom to Read statement. Both documents, adopted by the American Library Association, speak to the library's right to provide uncensored information and the patron's right to unrestricted access to that information.

Beware what you post and publish on the web

[ ... ]

The same anonymity that web users rely on to post these images protects those who would abuse them. The privacy issue, far from being resolved with new security and encryption technologies, appears to be worsening. My only advice is: don't want others to see it? Don't post it.

On June 30, the ACLU and other civil liberties groups filed a friend of the court brief in support of the Washington Utilities and Transportation Commission's (WUTC) strong rules that protect the phone call records of Washington state residents. The fight is over whether Verizon can sell or share the call records (who you call, and for how long) to others unless the person "opts-out".

The Telecommunications Act of 1996 required the Federal Communications Commission (FCC) to propose rules governing when telephone company could share or sell consumer proprietary network information (CPNI). The phone companies wanted rules that would allow them to use an "opt-out" standard, meaning that unless you've told the phone companies not to share your CPNI, they will have presumed that you have given them permission to do so. In jargon-free speak this means that phone companies would be able to sell or share the billing type information that you see in your phone bill: who you have called, how long you talked, and what services you subscribe to. The FCC's proposed rules, by contrast, followed an "opt-in" standard: they would have required the phone companies to get your permission first before they share your CPNI. In the "opt-in" standard, the presumption is that permission hadn't been given unless you said so.

Soon after the FCC proposed the "opt-in" rules, several phone companies challenged the rules, stating that the rules violated their First Amendment right to speak to their customers. The 10th Circuit Court ruled in favor of the phone companies, stating that the phone companies First Amendment rights trumped any privacy rights that individuals may have in their phone records. The Supreme Court declined to hear an appeal.

Washington's WUTC promulgated its own "opt-in" rules regarding information contained in your phone bills. Verizon promptly challenged the rules, relying on the 10th Circuit Court ruling. This brings us to today, with civil liberties groups trying to protect the privacy of Washington state residents.

Fingerprints, DNA and behavioural characteristics are unique and difficult to forge, but using them to identify an individual in the modern world is legally problematic.

This is the argument of Cape Town lawyer Kevin van Tonder in an article in the August edition of the SA Law Society's journal De Rebus.

Cabinet approved a programme for the establishment of a national biometric identification register, known as Hanis (the Home Affairs National Identification System), in January 1996.

Van Tonder argues that what could be a remarkable tool -- useful both for the individual, to allow almost fireproof (ed. I assume they were thinking foolproof) access to information, and for the State, for example in the tracing of criminals

Junk e-mail accounts for roughly half of all network traffic. Here are five ways to beat it back

It was May, 1978. Lauren Weinstein was among those developing an early version of the Internet when an e-mail popped into his box. It was the first spam ever -- a pitch from Digital Equipment Corp. sent, literally, to everyone on the fledgling Net. "People thought it was a little bit annoying but sort of amusing," Weinstein says.

It's not amusing anymore. Junk e-mail accounted for an estimated 49% of network traffic in June, according to Brightmail Inc., a San Francisco manufacturer of anti-spam software. These days, spam attacks Weinstein's computer every two seconds. And the Internet pioneer, founder of the Privacy Forum in Woodland Hills, Calif., is trying to save the revolutionary communications medium he had a hand in creating 25 years ago. The open architecture that made the Internet a transformative technology also has spawned the rapidly growing junk e-mail menace. "It never occurred to us that the tools we were developing for ourselves in this highly trusted environment would ever end up in the hands of the world's population," he says.

As anger at spam has increased, so have efforts to stop it. A confusing thicket of lawsuits, state and federal legislation, industry initiatives, filtering software tools, and spam-blocking companies has emerged to deal with the threat. While Congress weighs nine anti-spam bills, 34 states have enacted junk e-mail laws. Frustrated companies such as America Online, UPS, and Microsoft are hauling spammers to court.

Some of these moves are good ideas; some are bad. None of them, on their own, can eliminate spam. But a combined legal and technological attack could go a long way toward turning the scourge of spam into an occasional nuisance. Here's how to do it:

Following an embarrassing leak of its proprietary software over a file transfer protocol site last January, the inner workings of Diebold Election Systems have again been laid bare.

A hacker has come forward with evidence that he broke the security of a private Web server operated by the embattled e-vote vendor, and made off last spring with Diebold's internal discussion-list archives, a software bug database and more software.

[ ... ]

But experts said the appearance of the archive of purloined files from the staff site raises new questions about Diebold's attention to the security of its intellectual property.

"They claim they keep everything secure, but this shows the lax nature of their procedures. This just blatantly flies in the face of good security," said Rebecca Mercuri, a computer science professor at Bryn Mawr College who opposes the use of electronic voting systems.

The anonymous attacker said he broke into the Diebold staff site, which was located at https://staff.dieboldes.com, after reading in January about how unauthorized outsiders had copied source code and documentation from an insecure FTP site operated by the company at the Internet address ftp://ftp.gesn.com.

"In a few short minutes I had access to their replacement for the FTP site, their 'secure' web," wrote the hacker.