Thursday, December 8, 2005

Music Man Cracks DRM Schemes. Music Man Cracks DRM Schemes. A computer-science grad student with a flair for reverse engineering matches wits with the recording industry whenever it releases a new copy-protection scheme. Guess who's winning? By Quinn Norton. [Wired News] 4:12:38 PM  PermaLink   / trackback []

Secret ID Law to Get Hearing. Secret ID Law to Get Hearing. Internet freedom fighter John Gilmore is about to get his day in court, challenging the Bush administration's covert laws demanding travelers to show identification papers. By Ryan Singel. [Wired News] 4:11:05 PM  PermaLink   / trackback []

Face It: Privacy Is Endangered. Face It: Privacy Is Endangered. A new photo-tagging service uses facial-recognition technology to identify the people in your party pix. When similar systems start crawling the web, we'll all be looking for a change of face. Commentary by Jennifer Granick. [Wired News] 4:09:42 PM  PermaLink   / trackback []

Privacy.org - Massachusetts School Mistakenly Puts Confidential Student Psychological Reports Online School officials in Salem, Mass., said yesterday they will try to contact parents of children whose private records were mistakenly posted on the Internet. Administrators met yesterday morning to plan a response to the disclosure last week that dozens of confidential student psychological reports were available online for months. The documents were removed from the Internet last week. Parents were not notified when the files were first discovered in October, nor were they immediately told when the files were rediscovered by a Salem News reporter two weeks ago. 3:41:38 PM  PermaLink   / trackback []

Report Finds Cover-Up in an F.B.I. Terror Case - New York Times ASHINGTON, Dec. 3 - Officials at the Federal Bureau of Investigation mishandled a Florida terror investigation, falsified documents in the case in an effort to cover repeated missteps and retaliated against an agent who first complained about the problems, Justice Department investigators have concluded. In one instance, someone altered dates on three F.B.I. forms using correction fluid to conceal an apparent violation of federal wiretap law, according to a draft report of an investigation by the Justice Department inspector general's office obtained by The New York Times. But investigators were unable to determine who altered the documents. The agent who first alerted the F.B.I. to problems in the case, a veteran undercover operative named Mike German, was "retaliated against" by his boss, who was angered by the agent's complaints and stopped using him for prestigious assignments in training new undercover agents, the draft report concluded. Mr. German's case first became public last year, as he emerged as the latest in a string of whistle-blowers at the bureau who said they had been punished and effectively silenced for voicing concerns about the handling of terror investigations and other matters since Sept. 11, 2001. The inspector general's draft report, dated Nov. 15 and awaiting final review, validated most of Mr. German's central accusations in the case. But the former agent, who left the bureau last year after he said his career had been derailed by the Florida episode, said he felt more disappointment than vindication. 3:36:22 PM  PermaLink   / trackback []

AP Wire | 12/02/2005 | Missouri approves tracking cell phones for real-time traffic data KANSAS CITY, Mo. - Missouri transportation officials approved a controversial contract Friday that will allow a private corporation to track signals from motorists' cell phones to map traffic snarls and highway congestion on major roads throughout the state. As early as next week, that company, the National Engineering Technology Corp. (NET), will start monitoring thousands of cell phones in Kansas City and St. Louis, using their movements to test how to relay traffic conditions to the public in real time. While officials say the program will make Missouri a national leader in "intelligent" traffic management, privacy advocates are concerned that getting more frequent travel time updates on road signs and Web sites may come at a price. 3:29:56 PM  PermaLink   / trackback []

Macon Telegraph | 12/07/2005 | Cell phones will help track traffic flow The state Department of Transportation wants to use your cell phone to help monitor traffic flow between Macon and Atlanta. Beginning in January, the DOT will work with AirSage, an Atlanta company that will monitor cell phones in order to analyze the traffic flow on Interstate 75 from where Interstate 475 merges just north of Macon to Interstate 285 south of Atlanta. Similar traffic-monitoring systems are planned for or are already in place in parts of Virginia, Maryland and Missouri. How it will work is relatively simple. AirSage will get data from Sprint's cellular network that will show how many phones are active on that stretch of I-75 and at what rates the cars are moving. That information will be relayed to Georgia Navigator, the DOT's Web site for traffic information, which will be able to determine traffic-flow rates for the Web site and electronic road signs. Right now, AirSage is working just with Sprint, but it could add other cell carriers in the future. The cell phones need only be switched on for the system to work. They don't have to be in use. "Basically, we're using technology that is already in Sprint's network," said Cy Smith, AirSage's founder and CEO. "It allows our technology to analyze the signals. Right now, we can only do that." 2:55:46 PM  PermaLink   / trackback []

www.GovExec.com - Panel offers framework for airline passenger pre-screening plan (12/6/05) As the Homeland Security Department finalizes a contentious program to pre-screen airline passengers, an advisory committee on Tuesday provided the department with a framework for the initiative. The Data Privacy and Integrity Advisory Committee said the department should narrowly focus the pre-screening program known as Secure Flight. The committee advised the department to require a passenger's name and date of birth, and airlines should verify a traveler's identity through two government databases. The group said the program should not be expanded to commercial databases. Collecting passengers' personal information and protecting the data is at the crux of the debate over the program between policymakers and privacy and civil rights advocates. The American Civil Liberties Union repeatedly has called on the Homeland Security Department to eliminate the program. The advisory panel on Tuesday said the Transportation Security Administration, which runs the program, has yet to fully define Secure Flight. The committee submitted several recommendations for its future deployment. Beyond limiting the scope of the initiative, the panel said TSA should create transparent processes for Secure Flight. "Recognizing that security concerns limit the disclosure of some operational details, the [Transportation Security Administration] should specify what information Secure Flight will use and how it will handle that information," read the advisory panel's report. The panel added that TSA must provide an effective process for passengers who have been wrongly delayed or prohibited from boarding a flight. "The determination and any resulting corrections must be made in a timely manner and corrections must be rapidly disseminated throughout the Secure Flight system," it said. 2:52:58 PM  PermaLink   / trackback []

AccessNorthGa.com - Georgia's unique toll plan raises privacy concerns Drivers on one of Georgia's busiest highways could enjoy a smoother rush-hour ride, if they agree to let the government track their driving habits through devices placed in their vehicles. A proposal before the state's highway department would create new toll lanes on Georgia Highway 400, one of the most popular _ and traffic-clogged _ routes between Atlanta and its northern suburbs. But instead of using traditional stop-and-pay toll booths, a voluntary system would let drivers keep moving, so long as they have a radio transponder in their vehicle that would feed signals to an electronic toll. Those drivers would be billed for the number of miles they drive on the highway. "We all know that the technology has gone beyond us stopping and throwing a coin into a toll booth," said Rebecca Wallace, spokeswoman for the Crossroads 400 Group, a consortium of private businesses proposing use of the technology as part of a $1.4 billion plan to add toll lanes. "It will make (driving on the highway) much easier." However, privacy advocates fear the electronic signals used to track drivers on the highway could be used to stockpile information on individuals _ information that could be given to police or sold to retailers. "Someone's information could end up in a terrorist database, just because the government may be interested in who was driving on a highway at a particular time," said Marc Rotenberg, who teaches law at Georgetown University. "We don't think people should have to trade their privacy for convenience." 2:50:09 PM  PermaLink   / trackback []

CBC News: House searches in dismemberment case spark privacy concerns House-to-house searches have some residents of a Toronto neighbourhood on edge as police hunt for clues in the case of a woman whose body was found dismembered in a laneway. A team of 20 officers is asking residents in the west-end neighbourhood of Parkdale to sign a consent form allowing a search of closets, basements and freezers. [...] While police say the searches are voluntary, they are keeping track of people who won't let them inside their houses. That has raised concerns in the area. Parkdale resident David Flynn says it was intimidating to have police search his house. "I felt sort of weird about the situation, so I went and stood out in the backyard and waited with my dog," said Flynn. "I knew my rights, but you still never want to have to exercise your rights - in the sense that I really don't want those buttons to be pushed - that I would have to say no." Alexi Wood, of the Canadian Civil Liberties Association, says that organization has received complaints. [...] Police insist it's all voluntary, adding that anything they inadvertently discover during a search would likely be ignored. Editor: Emphasis added. 2:45:21 PM  PermaLink   / trackback []

Total Surveillance (Mother Jones) Interview: New consumer-tracking technology threatens to make personal privacy a thing of the past. 2:38:33 PM  PermaLink   / trackback []

USATODAY.com - Once-brotherly image turns Big Brotherly SAN FRANCISCO -- Opponents long ago painted Wal-Mart, Microsoft and a handful of other behemoths into a rogue's gallery of too-powerful corporations needing government restraint. Now, a brash upstart with a "don't be evil" mantra may soon join them: online search giant Google. In just seven years, Google has emerged as one of the most influential companies of the 21st century, a multinational whose recent forays into classified ads, book publishing, video, Wi-Fi and telecom make its data empire ever more powerful. That's pushing it into a growing buzz saw of competitors, such as Microsoft, and lawmakers worried about data privacy and protection. "Google could easily become the poster child for a national public movement to regulate data collection," says Jeff Chester, head of the Center for Digital Democracy, a privacy advocate. Google is building defenses to block government actions that slowed growth and innovation at other once-fast-growing companies. It is bolstering its new Washington lobbying office, on top of the $360,000 it paid a lobbying firm since 2003, public documents show. The Capitol Hill effort, starting so early, is in contrast to Wal-Mart and Microsoft, which suffered after ignoring Congress and antitrust regulators. 2:32:39 PM  PermaLink   / trackback []

Secondary Screening: Making a List or Checking It Twice I saw this correction coming a frequent-flier mile away. The ever vigilant Richard M. Smith sent this News.com story by Anne Broache to Dave Farber's Interesting People list this morning. Tens of thousands mistakenly put on terrorist watch lists WASHINGTON--Nearly 30,000 airline passengers discovered in the past year that they were mistakenly placed on federal "terrorist" watch lists, a transportation security official said Tuesday. Jim Kennedy, director of the Transportation Security Administration's redress office, revealed the errors at a quarterly meeting convened here by the U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee. Actually, that's not quite what Kennedy said according to reports I heard about the meeting. And I'm pretty sure the TSA press office gave Broache a call to say they were very unhappy about the story. Here's the corrected lede and hed: Tens of thousands mistakenly matched to terrorist watch lists WASHINGTON--About 30,000 airline passengers have discovered since last November that their names were mistakenly matched with those appearing on federal watch lists, a transportation security official said Tuesday. Full story here 2:28:09 PM  PermaLink   / trackback []

Tens of thousands mistakenly matched to terrorist watch lists | CNET News.com WASHINGTON--About 30,000 airline passengers have discovered since last November that their names were mistakenly matched with those appearing on federal watch lists, a transportation security official said Tuesday. Jim Kennedy, director of the Transportation Security Administration's redress office, revealed the errors at a quarterly meeting convened here by the U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee. Kennedy said that travelers have had to ask the TSA to clear their identities from watch lists by submitting a "Passenger Identity Verification Form" and three notarized copies of identification documents. On average, he said, it takes officials 45 to 60 days to evaluate the request and make any necessary changes. Travelers have been instructed to file the forms only after experiencing "repeated" travel delays, he said, because additional screening can occur for multiple reasons, including fitting a certain profile, flying on a one-way ticket or being selected randomly by a computer. Of the 30,000 people who said they were mistakenly matched to names on the list, none ever had been kept from boarding an airplane, Kennedy said. Their names appeared only on a "selectee list," where members are singled out for additional screening. Names on the "no-fly" list, however, are unilaterally barred from flying. The office said it hasn't been informed of any cases where people have disputed matches with names on the no-fly list. After submitting their notarized forms and identifications, and waiting for evaluations, the vast majority of the people mistakenly matched to names on the watch list have now been added to a "clearance" list. That doesn't mean their names are erased from the watch list. In fact, travelers who go through the paperwork are told, Kennedy said, that "it will not quote 'remove' you from the list because the person we're still looking for is out there." Instead, their names are put on the separate clearance list, which means they typically can't check in for flights at an unmanned kiosk and must approach the ticket counter to explain their situation and have an airline employee match their name to the clearance list. A total of about 60 applicants had to be denied, as security officials couldn't determine that the applicants weren't actually the same as those named on the list, Kennedy said. 2:23:34 PM  PermaLink   / trackback []

Keeping kids from nasties on the net - Opinion - theage.com.au More needs to be done to protect minors from internet pornography, writes Guy Barnett. LAST month, 62 members of the federal Coalition signed a letter to the Prime Minister calling for a ban on access to pornographic, violent and other inappropriate material via the internet. The signatories believed the internet should be regulated in a similar way to other media. If adults wished to "opt in" to access the material then of course that would be their right, and they would have to apply for their right of access. It is too easy for children to access all manner of material on the internet, and I believe the system should default automatically in favour of protecting our children before we start considering the rights of adults. General access to this material at public facilities is an area of particular concern. According to the Australian Library and Information Association survey of its 91 members in late 2003, the majority of libraries in Australia did not apply filters. There is no legal obligation on public libraries to use filtering to prevent children accessing pornography. Options include filtering applied at the internet service-provider level (e.g. Telstra, Optus, Primus). It could be applied on the basis that those customers who wish to access pornographic or other adult material could apply to do so. An Australian Government review last year found there were a number of difficulties in mandating filtering at a server level with the cost of applying the filters being $45 million and ongoing costs of $33 million a year. Given the significance and magnitude of the reform, it could be seen as a small price to protect our children. 1:53:04 PM  PermaLink   / trackback []

Australian Senator Wants to Censor the Net. Australian Senator Wants to Censor the Net. Paul writes "An Australian Senator wants Australians' internet connections to be automatically filtered by ISPs. Anyone who wants to view pornography or 'other adult material' (details not specified) must apply to their ISP to be given access to it. Another step towards becoming a nanny state." [Slashdot: Your Rights Online] 1:48:15 PM  PermaLink   / trackback []

ID theft fears overblown, study says | CNET News.com  A new study suggests consumers whose credit cards are lost or stolen or whose personal information is accidentally compromised face little risk of becoming victims of identity theft. The analysis, released on Wednesday, also found that even in the most dangerous data breaches--where thieves access social security numbers and other sensitive information on consumers they have deliberately targeted--only about 1 in 1,000 victims had their identities stolen. ID Analytics, the San Diego, Calif.-based fraud detection company that performed the analysis, said it looked at four recent data breaches involving a total of 500,000 consumers. It declined to provide the names of the companies involved in the breaches, but Mike Cook, ID Analytics co-founder, said one of them was a top five U.S. bank. After six months of study, comparing compromised information against credit applications, ID Analytics said it discovered something counterintuitive: The smaller the breach, the greater the likelihood the information was subsequently used by fraudsters to hijack the identity of victims. 1:45:01 PM  PermaLink   / trackback []

Big ID Thefts Not To Be Feared. Big ID Thefts Not To Be Feared. goldseries writes "A new study released by ID Analytics says that only about 1 out of every 1000 stolen identities are actually used, due to the amount of time it takes to use the identity, limiting a single thief to 250 identities a year. The likelihood that your information will be used increases drastically when the size a the theft is small. So size does not matter, in identity thefts at least; the identity thefts you need to worry about aren't the big ones heard on the news but the small unreported ones." From the article: "While the findings will provide some comfort to consumers whose credit cards are lost or lifted, or whose sensitive information is compromised when, for instance, a laptop is stolen, as recently happened at Chicago-based Boeing, some of ID Analytics' suggestions could be controversial. The company suggests, for instance, that companies shouldn't always notify consumers of data breaches because they may be unnecessarily alarming people who stand little chance of being victimized." [Slashdot: Your Rights Online] 1:42:58 PM  PermaLink   / trackback []

Last week of 5 year struggle against data retention? Last week of 5 year struggle against data retention? After 5 years of fighting against plans for mandatary data retention, EDRI is astonished to see a majority in the European Parliament ready to adopt a law decreeing very broad and long retention of telephony and internet traffic data, with access granted for all sorts of undefined crimes. Please visit the special Campaign WIKI for all last-minute updates and relevant documents. [EDRI - Digital Civil Rights in Europe] 1:38:16 PM  PermaLink   / trackback []

Study Finds Decrease in Spyware. Study Finds Decrease in Spyware. The percentage of Americans whose home computers are infected with spyware fell from 80 percent in 2004 to 61 percent in 2005, according to a new study published by America Online and the National Cyber Security Alliance (NCSA). The study found that 62 percent of users had anti-spyware software installed on their computers in 2005, a factor that CDT believes can be strongly credited for the decline. CDT also notes that law enforcers in 2005 ratcheted up their efforts to crack down on the worst spyware distributors. The number of users infected remains disturbingly high, but CDT believes the findings underscore the value of the multi-pronged battle against spyware. [Center for Democracy and Technology] 1:35:50 PM  PermaLink   / trackback []

The Journal Times Online - Debatable -- Delinquent taxpayers' names to go online; is this an invasion of privacy? MILWAUKEE - Delinquent taxpayers are paying up after the state threatened to post their names online. The Wisconsin Department of Revenue sent letters last month to 5,908 people and 1,351 companies warning them the agency would post their names on the Internet early next year because they owe a total of $578 million in taxes. Twenty-eight people and five companies have subsequently agreed to pay a total of $2.34 million, Revenue Department spokeswoman Meredith Helgerson said. Starting Jan. 3, the department will post two lists on its Web site: http://www.dor.state.wi.us One will list all taxpayers delinquent $25,000 or more, and the other will list the 100 who owe the most. 1:33:09 PM  PermaLink   / trackback []

New York breach notification law goes into effect | InfoWorld | News | 2005-12-07 | By Robert McMillan, IDG News Service New York has joined the growing list of U.S. states requiring that companies notify their customers whenever private information has been compromised. On Wednesday, the state's (http://assembly.state.ny.us/leg/?bn=A04254) Information Security Breach and Notification Act went into effect, according to a spokeswoman for the state's attorney general, Eliot Spitzer. The law, which is similar to California's SB-1386 notification law, requires businesses and state agencies to inform New York residents "whose unencrpyted personal information may have been acquired by an unauthorized person," according to the text of the legislation. 1:28:15 PM  PermaLink   / trackback []

AntiOnline - Forensic Analysis of Malcode - Step by Step As many of you venture into a pervasive computing environment, it will not be long before you will be faced with a situation where forensics will be needed. This is an upcoming, and in my opinion, will be the hottest area of security. If you're one to chase the big bucks and you want to stay in the technology track, then this is the route for you. Otherwise, go off and write documentation for all of the new regulations. That too is hot and returning hefty salaries. I'm going to step you through the process of dissecting a malcode sample using tools and techniques that are commonly used by forensic teams. Keep in mind that at the time of this writing there are no set standards in forensics. This means that you may find other forensic teams doing things differently but rest assured that the techniques I'm about to show you are used by the top minds in the discipline, including myself. 1:23:43 PM  PermaLink   / trackback []

Govt: Fake Web Site Registrations Churn Online Fraud. Govt: Fake Web Site Registrations Churn Online Fraud. The U.S. Government Accountability Office released a report Wednesday that points to a serious problem that is contributing to the proliferation of fraudulent phishing and scam Web sites -- the relative lack of any real policing by the domain-name registrars of the data people must submit to register a new Web site.  [Security Fix] 1:19:31 PM  PermaLink   / trackback []