Friday, January 20, 2006

Wired News: Anonymity on a Disk To many privacy geeks, it's the holy grail -- a totally anonymous and secure computer so easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks. That was the guiding principle for the members of kaos.theory security research when they set out to put a secure crypto-heavy operating systems on a bootable CD: a disk that would offer the masses the same level of privacy available to security professionals, but with an easy user interface. "If Granny's into trannies, and doesn't want her grandkids to know, she should be able to download without fear," says Taylor Banks, project leader. It's a difficult problem, entailing a great deal of attention to both security details and usability issues. The group finally unveiled their finished product at the Shmoo Con hacker conference here Saturday, with mixed results. Titled Anonym.OS, the system is a type of disk called a "live CD" -- meaning it's a complete solution for using a computer without touching the hard drive. Developers say Anonym.OS is likely the first live CD based on the security-heavy "OpenBSD" operating system. 11:58:42 AM  PermaLink   / trackback []

Slashdot | Anonym.OS a Boon for Privacy Geeks?  The Hosting Guy writes  "Wired is running an article about a live CD that makes anonymous browsing easy enough for everyone. 'So easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.' Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing." 11:55:04 AM  PermaLink   / trackback []

RFID Production to Increase 25 fold by 2010. RFID Production to Increase 25 fold by 2010. Luke PiWalker writes "The number of RFID tags produced worldwide is expected to increase more than 25 fold between 2005 and 2010, reaching 33 billion, according to market research company In-Stat. Total production of RFID tags in 2005 reached more than 1.3 billion, according to a recent report. RFID production will vary widely by industry segment for several years -- for example, RFID has been used in automotive keys since 1991, with 150 million units now in use, a quantity that greatly exceeded other segments until recently, according to In-Stat. "By far the biggest RFID segment in coming years will be supply chain management," said Allen Nogee, In-Stat analyst, in a statement. "This segment will account for the largest number of tags/labels from 2005 through 2010." RFID has obvious privacy flaws, why is the world pointed in the direction of RFID?"  [Slashdot: Your Rights Online] 11:50:34 AM  PermaLink   / trackback []

U.S. Government Wants Google Search Records. U.S. Government Wants Google Search Records. JimBridgerBowl writes  "According to the San Jose Mercury News, The Bush administration wants access to Google's huge database of search queries submitted by users to track how often pornography is returned in results. This information would be used for Bush's appeal of the 2004 COPA law, targeted to prevent access to pornography by children. The law was struck down because it would have restricted adults access to legal pornography. Google is promising to fight the release of this information." ---  From the article:  "The Supreme Court invited the government to either come up with a less drastic version of the law or go to trial to prove that the statute does not violate the First Amendment and is the only viable way to combat child porn. As a result, government lawyers said in court papers they are developing a defense of the 1998 law based on the argument that it is far more effective than software filters in protecting children from porn."  [Slashdot: Your Rights Online] 11:31:26 AM  PermaLink   / trackback []

GPL 3 to take hard line on DRM - ZDNet UK News The new version of the most widely used open source licence takes a "highly aggressive" stance against the digital rights management software that's widely favoured in the entertainment industry, said Eben Moglen, general counsel for the Free Software Foundation (FSF). At a two-day event in Cambridge, Massachusetts, to launch the GPL version three, which governs use of countless free and open source programs, Moglen said the license includes anti-DRM provisions that could put it in conflict with movie studios and even digital video recorder maker TiVo. On Monday, the Free Software Foundation published a draft of the GPL 3, which is expected to be completed in about a year. The draft states that GPL software cannot use "digital restrictions" on copyright material unless users can control them. Moglen said that DRM technology, which places limits on how consumers can play movies, music or other digital content, is "fundamentally incompatible" with the principles of the FSF. Moglen and Free Software Foundation founder Richard Stallman are co-authors of GPL 3. 11:20:00 AM  PermaLink   / trackback []

GPL 3 to Take Hard Line on DRM. GPL 3 to Take Hard Line on DRM.  sebFlyte writes  "ZDNet is reporting that Eben Moglen, the FSF's lead lawyer and the co-authour of GPL3, has explained that DRM is 'fundamentally incompatible' with the aims of the FSF and will be given short shrift in the latest version of the free software licence, which bans the use of 'digital restrictions' in GPL3 governed software. In his words: 'I recognise that that's a highly aggressive position, but it's not an aggression which we thought up. It's a defence related to an aggression which was launched against the people whose rights are our primary concern... We don't want our software used in a way which batters the head of the user to please somebody else. Our goal is the protection of users' rights, not movies' rights.'"  We discussed the new GPL on Monday. [Slashdot: Your Rights Online] 11:09:00 AM  PermaLink   / trackback []

Myware and Spyware. Myware and Spyware. smooth wombat writes "A new startup aims to provide you with a piece of software that stores all of your sufing habits. Where you go, how long you stay, how many hours online you spend surfing, etc. Why? So you can then offer that information to companies in exchange for something of value. Seth Goldstein's company is in the early testing stages of a service called Root Vaults which right now only works with Firefox. You can choose whether to send this data to your Root Vault, some other service, or just store it on your computer. There are a few restrictions on the use of this data. From the article: 'Any company that uses this data must agree to four basic principles: the data is the property of the user, it can be moved from one service or device to another at will, it can be exchanged for something of value, and the user has the right to know who is using it and how.'" [Slashdot: Your Rights Online] 11:03:04 AM  PermaLink   / trackback []

Bush Administration Demands Search Data; Google Says No; AOL, MSN & Yahoo Said Yes NOTE: We're continuing to update this news through postscripts below the original story. Via John Battelle and Google Morning Silicon Valley, the San Jose Mercury News article "Feds want Google search records" covers the Bush administration demanding last year that Google and other search engines turn over aggregate search information to help revive a child protection law. Google has refused to comply with the subpoena. A motion has been filed this week by US Department Of Justice to force Google to hand over the data. In particular, the Bush administration wanted one million random web addresses and records of all Google searches for a one week period. The government apparently wants to estimate how much pornography shows up in the searches that children do. Here's a thought. If you want to measure how much porn is showing up in searches, try searching for it yourself rather than issuing privacy alarm sounding subpoenas. It would certainly be more accurate. 10:35:03 AM  PermaLink   / trackback []

Boing Boing: DoJ search requests: Google said no; Yahoo, AOL, MSN yes. Update: Earlier today, I asked a Justice Department spokesperson which search engines other than Google received requests to provide search records. The answer: Yahoo, AOL, and MSN were also asked to supply search records information, and all complied. Google did not, and that is why the DoJ asked a federal judge on Wednesday to order the company to do so. Another fact to consider as you sift through news coverage: Justice is not requesting this data in the course of a criminal investigation, but in order to defend its argument that the Child Online Protection Act is constitutionally sound. It seems apparent that Google objected to the request not for privacy reasons, but on grounds that the request was too broad and burdensome. Privacy advocates I spoke to today, including attorney Sherwin Siy at EPIC, say while the DoJ's request would not identify individual users, the scope and nature of this request sets a troubling precedent. Today, they argue, only search strings and urls; tomorrow, perhaps, the IP addresses of all users who typed in "Osama Bin Laden." Update 2: Here are PDF copies of the documents filed on Jan. 18 by Justice Department attorneys in Gonzales v. Google, Inc.: Motion to Compel, Declaration of Joel McElvain, and Declaration of Philip Stark. Over at SearchEngineWatch, Danny Sullivan has an extensive and much-updated post about news that the Justice Department demanded search records data from Google.... 10:24:22 AM  PermaLink   / trackback []

DoJ search requests: Yahoo, AOL, MSN said "Yes". DoJ search requests: Yahoo, AOL, MSN said "Yes".   d2viant writes  "Elaborating on a previous article on Slashdot, it appears that the search engines which complied for Department of Justice requests for logs were apparently AOL, MSN, and Yahoo. According to the article, Justice is not requesting this data in the course of a criminal investigation, but in order to defend its argument that the Child Online Protection Act is constitutionally sound." [Slashdot: Your Rights Online] 10:19:59 AM  PermaLink   / trackback []

Riya Photo Search Site Readies for Launch. Riya Photo Search Site Readies for Launch. Site uses facial recognition technology to identify people in photos. [PCWorld.com - Latest News Stories] 10:03:54 AM  PermaLink   / trackback []

LinuxWorld | Users take a shine to Fedora Directory Server 1.0 Putting on its fedora hat, Red Hat last month released the first version of its free, open-source Directory Server. The Fedora Project is Red Hat's pure open-source arm, with all product releases and source code being freely available without the company's licensing, or "subscription" restrictions, which are required for running Red Hat's enterprise product offerings. Fedora Directory Server 1.0 offers an Open LDAP-based directory platform for organizing users and computing resources on a Linux-based network, or a mixed environment with Windows and Unix. The software is based on LDAPv3, and uses Apache Web server for the configuration and management interface. Other open-source packages are also included in Fedora Directory Server, such as Mozilla Network Security Services (NSS), which includes implementations of Secure Sockets Layer (SSL) and Transport Layer Security (TSL) stacks for securing data and management message transactions. Advanced password cryptography and hashing technology with Secure Hash Algorithm is also supported with support for SHA-256, SHA-385 and SHA-512. 10:00:06 AM  PermaLink   / trackback []

DMCA Reply Comments: The Cell Phone Locking Exemption. DMCA Reply Comments: The Cell Phone Locking Exemption. In the previous post, we noted the approaching deadline for filing reply comments in the Copyright Office's DMCA rulemaking proceeding and summarized the proposed exemption submitted by Ed Felten and J. Alex Halderman. This post highlights another key first round comment, one submitted by the Stanford Center for Internet and Society's Cyberlaw Clinic on behalf of the Wireless Alliance and Robert Pinkerton. [EFF: Deep Links] 9:55:09 AM  PermaLink   / trackback []

New Mexico E-voting Lawsuit Clears Latest Hurdle; New Fights Loom Nationwide. New Mexico E-voting Lawsuit Clears Latest Hurdle; New Fights Loom Nationwide. On Wednesday, a New Mexico state court judge denied a summary judgment motion made by Secretary of State Rebecca Vigil-Giron and permitted the plaintiffs in an important e-voting challenge to move forward with discovery. The suit, filed in January of 2005, challenges the state's use of paperless e-voting systems in the wake of widespread irregularities reported surrounding the use of such machines during the 2004 presidential election. Meanwhile, New Mexico Governor Bill Richardson and Attorney General Patricia Madrid have proposed legislation that would require the use of paper-based systems that would permit meaningful recounts and audits. The plan, if adopted, would also provide over $11 million in additional state funds for counties to upgrade their existing systems. The New Mexico litigation (Lopategui v. Vigil-Giron) moves forward following the expiration of a key federal voting equipment deadline that promises new rounds of litigation across the country. The Help America Vote Act, passed in 2002, required jurisdictions using federal funds to upgrade from older punchcard and lever machine by January 1st. Multiple states and counties, including New York, have thus far failed to meet their obligations. Auditable election advocates (including EFF) have criticized the federal government for its ongoing failure to promulgate comprehensive technical guidelines and for failing to properly oversee the federal voting equipment certification process. 2006 promises to be yet another fiercely competitive election year. Expect the fight for transparent and auditable systems to again be an important part of that landscape. [EFF: Deep Links] 9:51:28 AM  PermaLink   / trackback []

EFF Applauds Google Resistance to Government Subpoena. EFF Applauds Google Resistance to Government Subpoena. But Broader Privacy Concerns Remain San Francisco - Yesterday, the Justice Department asked a federal court in San Jose, California to force Google to turn over search records for use as evidence in a case where the government is defending the constitutionality of the Child Online Protection Act (COPA). Google has refused to comply with a subpoena for those records, based in part on its concern for its users' privacy. COPA is a federal law that requires those who publish non-obscene, constitutionally protected sexual material online to take difficult and expensive steps to prevent access by minors, steps that would chill publishers of sexual material as well as the adults who want to access such material anonymously. EFF is one of the plaintiffs in the First Amendment challenge to COPA. The subpoena to Google currently asks for a random sampling of one million URLs from Google's database of web sites on the Internet. More importantly, the DOJ is also subpoenaing the text of each search string entered into Google's search engine over a one-week period, absent any information identifying the people who entered the search terms. "The government is overreaching here, asking Google to do its dirty work and collect information about the Internet speech activities of Google users," said EFF Staff Attorney Kurt Opsahl. "Last month, the federal court rejected many of the government's over broad discovery requests to its opposing parties. Rather than learn its lesson, the DOJ continues to push for overreaching discovery, this time from a company that isn't even a party to the case." Google has cited its concern for user privacy as a reason for not complying with the subpoena, in addition to the unreasonable burden that compliance would place on Google and the proprietary nature of its query database. In particular, Google is rightly concerned that many of the randomly selected search queries would contain personal information about Google users. While EFF applauds Google for defending its users' privacy in this case, the current controversy only highlights the broader privacy problem: Google logs all of the searches you make, and most if not all of those queries are personally identifiable via cookies, IP addresses, and Google account information. "The only way Google can reasonably protect the privacy of its users from such legal demands now and in the future is to stop collecting so much information about its users, delete information that it does collect as soon as possible, and take real steps to minimize how much of the information it collects is traceable back to individual Google users," said EFF Staff Attorney Kevin Bankston. "If Google continues to gather and keep so much information about its users, government and private attorneys will continue to try and get it." Importantly, users can also take steps to protect their privacy from Google, the government, and others, by using anonymizing technologies such as Tor when surfing the web. Tor helps hide your IP address from Google so that even if the lawyers come knocking, Google cannot identify you by your searches. More about Tor: http://tor.eff.org/ [EFF: Breaking News] 9:43:45 AM  PermaLink   / trackback []

Feds Wrestle Google for Search Records. Feds Wrestle Google for Search Records. U.S. government seeks to defend child protection law by using Google's Internet pornography usage records. [PCWorld.com - Latest News Stories] 9:40:31 AM  PermaLink   / trackback []

Findability: Find Anyone Or Anything From Anywhere At Any Time - Robin Good's Latest News A clear sign of progress is the emergence of ubiquitous findable objects (UFOs). GPS, RFID, UWB, and cellular triangulation enable us, for the first time in history, to tag and track products, possessions, pets, and people as they wander through space and time. Of course, not everyone is happy about this brave new world of UFOs. While Bruce Sterling raves about spime, Katherine Albrecht rants about spychips. This debate focuses our attention on the UFO subclass of, 'ubiquitous findable organisms' that includes wild animals, pets, friends, suspects, shoppers, patients, prisoners, employees, kids, and ourselves. 9:37:17 AM  PermaLink   / trackback []

The Impeachment of George W. Bush (The Nation) Finally, it has started. People have begun to speak of impeaching President George W. Bush--not in hushed whispers but openly, in newspapers, on the Internet, in ordinary conversations and even in Congress. As a former member of Congress who sat on the House Judiciary Committee during the impeachment proceedings against President Richard Nixon, I believe they are right to do so. [...] Like many others, I have been deeply troubled by Bush's breathtaking scorn for our international treaty obligations under the United Nations Charter and the Geneva Conventions. I have also been disturbed by the torture scandals and the violations of US criminal laws at the highest levels of our government they may entail, something I have written about in these pages [see Holtzman, "Torture and Accountability," July 18/25, 2005]. These concerns have been compounded by growing evidence that the President deliberately misled the country into the war in Iraq. But it wasn't until the most recent revelations that President Bush directed the wiretapping of hundreds, possibly thousands, of Americans, in violation of the Foreign Intelligence Surveillance Act (FISA)--and argued that, as Commander in Chief, he had the right in the interests of national security to override our country's laws--that I felt the same sinking feeling in my stomach as I did during Watergate. As a matter of constitutional law, these and other misdeeds constitute grounds for the impeachment of President Bush. A President, any President, who maintains that he is above the law--and repeatedly violates the law--thereby commits high crimes and misdemeanors, the constitutional standard for impeachment and removal from office. A high crime or misdemeanor is an archaic term that means a serious abuse of power, whether or not it is also a crime, that endangers our constitutional system of government. The framers of our Constitution feared executive power run amok and provided the remedy of impeachment to protect against it. While impeachment is a last resort, and must never be lightly undertaken (a principle ignored during the proceedings against President Bill Clinton), neither can Congress shirk its responsibility to use that tool to safeguard our democracy. No President can be permitted to commit high crimes and misdemeanors with impunity. 8:55:20 AM  PermaLink   / trackback []

QDN: Conduct unbecoming of a President Ours is a government of limited power. We learn in elementary school the concept of checks and balances. Those checks do not vanish in wartime; the President's role as Commander in Chief does not swallow up Congress's powers or the Bill of Rights. Given the framers' skepticism about executive power and warmaking--there was no functional standing army at the beginning of the nation, so the President's powers as Commander in Chief depended on Congress's willingness to create and expand an army--it is impossible to find in the Constitution unilateral presidential authority to act against US citizens in a way that violates US laws, even in wartime. As Justice Sandra Day O'Connor recently wrote, "A state of war is not a blank check for the President when it comes to the rights of the nation's citizens." Elizabeth Holtzman penned a fantastic piece entitled "The Impeachment of George W. Bush" in this month's issue of The Nation. Holtzman served in the U.S. House of Representatives from 1973 to 1981, and was a member of the House Judiciary Committee that held hearings on the impeachment of Richard Nixon in 1974. In the piece, she makes a reasonably strong argument for how Bush has carried on in a way detrimental to both the office of the Presidency and the nation as a whole; I'd say that it's worth a read no matter which side of the political fence you're on (but of course, I know better than that). 8:50:32 AM  PermaLink   / trackback []