Thursday, January 26, 2006

You've Got Jail! OK, for the time being, the Bush administration claims that it won't try to connect my name, or yours, with the massive bits of raw data it is demanding from the companies with the most popular search engines. Apparently, it is seeking evidence to prove that online porn is very popular and easily accessible as part of a last-ditch lawsuit to implement the 1998 Child Online Protection Act blocked by the courts. I'm not sure that proving the popularity of pornography is going to make the case for censoring it, but the point here today is my extreme discomfort with the Justice Department's cozy relationship with online giants such as Microsoft and AOL, who already know way, way too much about how we as individuals use the Internet. Why should I trust the Justice Department any more than I trust the NSA bugging phone calls and scanning e-mails without warrants, or Homeland Security looking for terrorists by scrutinizing bookstore purchases and library checkouts? The bottom line is these guys in the Bush administration are obsessed voyeurs, poking their noses into everyone's business, whether the excuse is squelching pornography or preventing terrorism. They simply do not believe civil liberties and privacy are important. It is an executive branch power trip, and completely anti-democratic. [...] In acquiescing to the unwarranted demand of the Justice Department to pore over the companies' records, AOL, Yahoo and Microsoft are sliding down a slippery slope, unconvincingly claiming the data dump to the feds has no implications for online privacy. Does anybody think they won't cooperate if the government comes back and asks for IP addresses -- your computer's unique signature on the Web -- for everybody who dared type in questionable searches such as "growing marijuana" and "fertilizer bombs?'' The fact is, until Google made its demur public, these companies didn't even tell us about the deals they were cutting with the feds, and they are still not being forthcoming with what, exactly, they've given up to date. We only have their word that they are protecting our privacy. "This is the government's nose under the search-engine's tent," said Marc Rotenberg of the Electronic Privacy Information Center. "If companies like Google respond to this kind of subpoena ... I don't see why the next subpoena might not say, 'Give us what we asked for the last time -- plus a little more.' " 2:14:58 PM  PermaLink   / trackback []

Big Risks Come in Small Packages. Commentary by Bruce Schneier. Big Risks Come in Small Packages. Laptops, USB thumb drives, phones, PDAs -- it's never been easier to carry massive chunks of your life's data around with you wherever you go. So what happens when you lose it? Commentary by Bruce Schneier. The point is that it's now amazingly easy to lose an enormous amount of information. Twenty years ago, someone could break into my office and copy every customer file, every piece of correspondence, everything about my professional life. Today, all he has to do is steal my computer. Or my portable backup drive. Or my small stack of DVD backups. Furthermore, he could sneak into my office and copy all this data, and I'd never know it. This problem isn't going away anytime soon. There are two solutions that make sense. The first is to protect the data. Hard-disk encryption programs like PGP Disk allow you to encrypt individual files, folders or entire disk partitions. Several manufacturers market USB thumb drives with built-in encryption. Some PDA manufacturers are starting to add password protection -- not as good as encryption, but at least it's something -- to their devices, and there are some aftermarket PDA encryption programs. The second solution is to remotely delete the data if the device is lost. This is still a new idea, but I believe it will gain traction in the corporate market. If you give an employee a BlackBerry for business use, you want to be able to wipe the device's memory if he loses it. And since the device is online all the time, it's a pretty easy feature to add.  [Wired News: Security Blanket] 12:15:14 PM  PermaLink   / trackback []

Antispyware Company Sued Under Spyware Law. Antispyware Company Sued Under Spyware Law. Microsoft, Washington state attorney general claim company's product actually makes computers less secure. [PCWorld.com - Latest News Stories] 12:08:37 PM  PermaLink   / trackback []

Privacy pledge on Shoreditch CCTV scheme. Privacy pledge on Shoreditch CCTV scheme. Information Commissioner pays a visit The Information Commissioner cast an eye over the Shoreditch home surveillance project this week as the man behind the controversial scheme assured residents their civil liberties will be protected. [...] "The main safeguard in relation to this is that residents do not have control of the cameras and don't have the capacity to zoom in and follow people," Hodges said. "It won't be possible to see people's faces or identify them," he said, because cameras would be placed up high and images would be rotated from camera to camera every 30 seconds. Another safeguard would prevent residents from recording the images transmitted from CCTV cameras. The signals will be encrypted using the same technology used to prevent Sky movies from being copied, said Hodges. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 12:06:13 PM  PermaLink   / trackback []

Home Office pushes tough anti-hacker law. Home Office pushes tough anti-hacker law. 'Hacker tool' ban proposal provokes derision The UK Government plans to toughen up computer crime laws under proposals outlined in the Police and Justice Bill on Wednesday. The bill would double the maximum jail sentence for hacking into computer systems from five years to ten years, a provision that will classify hacking as a more serious offense and make it easier to extradite computer crime suspects from overseas. Denial of service attacks, something of a grey area under current regulations, would be clearly classified as a criminal offense under amendments to the 1990 Computer Misuse Act (CMA) proposed in the bill. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 12:00:26 PM  PermaLink   / trackback []

Irish ISPs ordered to disclose file sharers' names. Irish ISPs ordered to disclose file sharers' names. Download all the Days A new ruling by the Irish courts could undermine people who have a genuine need for online anonymity and deter whistleblowers, lobby group Digital Rights Ireland (DRI) claims. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:56:45 AM  PermaLink   / trackback []

Senate Committee Considers Broadcast Flags to Combat Piracy. Senate Committee Considers Broadcast Flags to Combat Piracy. Bill seeks restrictions on individuals' recording of digital television and radio programs. [PCWorld.com - Latest News Stories] 11:48:21 AM  PermaLink   / trackback []

Microsoft Readies Two-Way Firewall for Vista. Microsoft Readies Two-Way Firewall for Vista. Administrator-run firewall expected to be 'highly configurable.' [PCWorld.com - Latest News Stories] 11:46:37 AM  PermaLink   / trackback []

Managing Windows XP Firewall Through Command-Line. Managing Windows XP Firewall Through Command-Line. Pavan Shah contributes this document which introduces functionalities of Windows XP's native netsh command. By Pavan Shah. [Infosec Writers Latest Security Papers] 11:45:02 AM  PermaLink   / trackback []

AJC - Critics continue voter ID fight (reg required) Critics continue voter ID fight 11:40:40 AM  PermaLink   / trackback []

AJC - ChoicePoint to pay $10 million in settlement (reg required) ChoicePoint to pay  $10 million in settlement Deal with FTC follows data breach at Alpharetta-based company. 11:38:36 AM  PermaLink   / trackback []

Tech Giants Take on Badware. Tech Giants Take on Badware. Google, Lenovo, and Sun are funding a new group designed to help consumers fight malicious software. [PCWorld.com - Latest News Stories] 11:32:08 AM  PermaLink   / trackback []

Users get to the root of Linux security holes IT pro Sid Boyce said he did not believe that, in his own words, "the wet-finger-in-the-wind analysis" applies to Linux as it does with Windows. Boyce, a retired IBM/Amdahl mainframe tech support specialist, said the assumption that Linux was just as prone to attacks as Windows because it ran on a PC is incorrect. "I'm not saying Linux isn't vulnerable, but to compare it in the same light as Windows is a gross distortion," Boyce said. Boyce said it would be disingenuous to compare the two because even with a larger installed base Linux would still not have a "magical number" of users that would attract the attention of virus writers. Canfield also noted this distinction. He said a major difference between the two is that Windows is the target of automated systems, while Linux is the target of human beings. "Windows malware is everywhere; Linux hackers pick their targets," he said. For this reason, both agreed, a firewall is more important in Linux than in Windows. A tool to monitor network traffic for malicious attacks makes sense in Linux. Editor: I once worked at Amdahl many moons ago. Sid must have been one of the west coast people. 11:30:28 AM  PermaLink   / trackback []

(IN)SECURE Magazine issue 5 has been released. (IN)SECURE Magazine issue 5 has been released. A new issue of (IN)SECURE magazine has been released in PDF format. (IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics.... [LinuxSecurity.com] 11:22:58 AM  PermaLink   / trackback []

History and Senator Stevens' iPod. History and Senator Stevens' iPod. Yesterday's Senate Commerce Committee hearing on the Broadcast Flag--and its younger, brattier, brother, the RIAA's proposed "Audio Flag"--swung a little wildly from its pre-ordained course. It began with committee chairman Senator Stevens and Senator Inouye, his Democrat counterpart, declaring, as with all good anti-piracy measures, that Something Had To Be Done, and that Congress should pass the flag as soon as possible. The agenda seemed set. In the face of it, those who objected to the Broadcast Flag--technologists, librarians, and civil libertarians--were forced to spend much of their Congressional time requesting narrow exceptions that might lessen its damage. Then two things happened... [EFF: Deep Links] 11:18:56 AM  PermaLink   / trackback []

Nevada Court Rules Google Cache is Fair Use. Nevada Court Rules Google Cache is Fair Use. Important Milestone for Digital Copyright Law San Francisco - A federal district court in Nevada has ruled that Google does not violate copyright law when it copies websites, stores the copies, and transmits them to Internet users as part of its Google Cache feature. The ruling clarifies the legal status of several common search engine practices and could influence future court cases, including the lawsuits brought by book publishers against the Google Library Project. The Electronic Frontier Foundation (EFF) was not involved in the case but applauds last week's ruling for clarifying that fair use covers new digital uses of copyrighted materials. [...] Field v. Google ruling: http://www.eff.org/IP/blake_v_google/google_nevada_order.pdf Contact: Fred von Lohmann Senior Intellectual Property Attorney Electronic Frontier Foundation fred@eff.org [EFF: Breaking News] 11:07:05 AM  PermaLink   / trackback []