Sunday, January 29, 2006

BBC NEWS | Americas | US plans to 'fight the net' revealed A newly declassified document gives a fascinating glimpse into the US military's plans for "information operations" - from psychological operations, to attacks on hostile computer networks. Bloggers beware. As the world turns networked, the Pentagon is calculating the military opportunities that computer networks, wireless technologies and the modern media offer. From influencing public opinion through new media to designing "computer network attack" weapons, the US military is learning to fight an electronic war. The declassified document is called "Information Operations Roadmap". It was obtained by the National Security Archive at George Washington University using the Freedom of Information Act. Officials in the Pentagon wrote it in 2003. The Secretary of Defense, Donald Rumsfeld, signed it. Editor: The report itself is available here. ("Information Operations Roadmap"  "PDF" ) 10:36:18 PM  PermaLink   / trackback []

U.S. Plan To Fight The Internet Revealed. U.S. Plan To Fight The Internet Revealed. geniese writes "The BBC is reporting on a recently declassified document that details the U.S. Military's intentions regarding warfare and the Internet." From the article: "Perhaps the most startling aspect of the roadmap is its acknowledgement that information put out as part of the military's psychological operations, or Psyops, is finding its way onto the computer and television screens of ordinary Americans. 'Information intended for foreign audiences, including public diplomacy and Psyops, is increasingly consumed by our domestic audience,' it reads." [Slashdot: Your Rights Online] 10:31:34 PM  PermaLink   / trackback []

Airport ID Checks Constitutional. Airport ID Checks Constitutional.  chill wrote to mention the decision handed down from the 9th Circuit U.S. Court of appeals in the case of Gilmore vs. Gonzales. The court found in the government's favour, saying   "We hold that neither the identification policy nor its application to Gilmore violated Gilmore's constitutional rights, and therefore we deny the petition ... The Constitution does not guarantee the right to travel by any particular form of transportation."  [Slashdot: Your Rights Online] 10:28:43 PM  PermaLink   / trackback []

Wikipedia Entries 'Cleaned' By Political Staffers. Wikipedia Entries 'Cleaned' By Political Staffers. worb writes "According to the Lowell Sun, U.S. Rep Marty Meehan's staff has been heavily editing his Wikipedia bio, among other things removing criticisms. In total, more than one thousand Wikipedia edits in various articles have been traced back to congressional staffers at the U.S. House of Representatives in the past six months."  [Slashdot: Your Rights Online] 10:25:35 PM  PermaLink   / trackback []

AP Wire | 01/29/2006 | GPS tracking devices raise privacy concerns COLUMBUS, Ohio - Tracking devices have become increasingly available to consumers, but the law has yet to explore the ramifications of using them to secretly monitor individuals, legal experts say. Global Position System technology is available for less than $200, and even comes embedded in some cell phones, but experts say misdemeanor charges of trespassing or criminal mischief are the only legal recourse individuals have for unwanted tracking. "This raises new issues," said Peter Swire, a privacy expert and law professor at Ohio State University. "Tracking people secretly is a worry. I think it would be good to clarify that strangers can't put these on your car without permission." Placed inside a vehicle, a GPS device can monitor routes, speed and how long a vehicle stops at a destination. The information can be stored into its memory to be retrieved later, said Harold Gardner, sales manager at Advanced Tracking Technology Inc. in Houston. Other devices send signals through cell phone towers, allowing users to monitor locations on the Internet. 10:14:22 PM  PermaLink   / trackback []

DMNews.com | Missouri Introduces Do-Not-Mail Bill Missouri is the latest state to introduce a do-not-mail bill, joining New York and Illinois. Missouri's bill, HB1531, sponsored by state Rep. Trent Skaggs, was reintroduced yesterday. It would set up a registry at the Missouri attorney general's office for people who wish not to receive commercial mail. A similar bill, HB834, died during the last session. The bill would let the attorney general seek an injunction and a civil penalty of up to $5,000 for every violation. Anyone getting two solicitations in a 12-month period may bring suit and be awarded up to $5,000 for each violation. The bill would take effect Aug. 28, 2007. "The bill is similar to the [national] no-call list, and we felt it was needed because people, and seniors in particular, are being bombarded with mail, and the industry has not been able to regulate it," Skaggs said. 10:11:12 PM  PermaLink   / trackback []

Ameriprise notifying 226,000 customers, advisers of data theft. Ameriprise notifying 226,000 customers, advisers of data theft. Ameriprise Financial is notifying some 158,000 customers and 68,000 financial advisers that a laptop containing personal information about them was stolen late last month. [Computerworld Privacy News] 10:06:15 PM  PermaLink   / trackback []

Thief nabs backup data on 365,000 patients. Thief nabs backup data on 365,000 patients. Tapes and disks with medical information were in an employee's car as part of a Portland, Ore. health care company's disaster recovery plan.  [Computerworld Privacy News] 10:04:46 PM  PermaLink   / trackback []

Court Backs Airport ID Checks. Court Backs Airport ID Checks. Being forced to cough up personal identification before hopping a plane does not violate passengers' rights, an appeals court rules. [Wired News: Security Blanket] 10:02:42 PM  PermaLink   / trackback []

Full Disclosure: Fine falls short of executive's reward Remember ChoicePoint, the leaky data company that inadvertently allowed thieves to gain access to its records, compromising the personal financial data of some 163,000 people? Well, the Federal Trade Commission announced today that ChoicePoint will pay $15 million to settle charges it violated federal laws and consumer privacy rights. As USA Today reports: The FTC said it had fined the Alpharetta, Ga.-based company $10 million and that ChoicePoint would pay an additional $5 million that will be used to compensate consumers. Wow, $15 million. That's big by FTC standards, but it comes up about $2 million short of the amount ChoicePoint's two top executives made from exercising and selling stock options between the time the fraud was discovered and ChoicePoint finally decided to announce the breach to its shareholders. 9:59:31 PM  PermaLink   / trackback []

U.S. tech firms that aid China censors to face scrutiny. U.S. tech firms that aid China censors to face scrutiny. Google Inc.'s decision to block politically sensitive terms on its new Chinese search site has drawn the scrutiny of U.S. lawmakers, who next month will question U.S. technology companies that help Beijing's censors. [Computerworld Privacy News] 9:56:08 PM  PermaLink   / trackback []

KCTV5 - Kansas sex case could set legal precedent for juvenile privacy rights  WICHITA, Kan. -- A federal lawsuit over Kansas Attorney General Phill Kline's opinion requiring health care providers to report underage sex between consenting youths could help determine how much privacy adolescents have when it comes to their sex lives. The Center for Reproductive Rights, a New York advocacy group, sued in 2003, contending that forced reporting of consensual sex discourages adolescents from seeking counseling or medical treatment. On Monday, the federal civil rights case comes to trial before U.S. District Judge J. Thomas Marten in Wichita. The issues in the case could set a legal precedent across the nation because federal courts have not dealt much with the rights of adolescents to informational privacy, said Bonnie Scott Jones, attorney for the Center for Reproductive Rights. When Marten issued a preliminary injunction in 2004 barring Kansas officials from enforcing Kline's interpretation of the state law, he called the state attorney general's opinion a "monumental change in policy" because of the imposition on minors' civil rights. On Friday, the 10th U.S. Circuit Court of Appeals in Denver lifted that stay. The appeals court ruled that the state's interest in information about the voluntary sexual conduct of children overrides the minor's right to privacy. 9:53:12 PM  PermaLink   / trackback []

U.S. Cell-Phone Tracking Clipped. U.S. Cell-Phone Tracking Clipped. Judges reject Bush administration arguments that law enforcement should be able to use cell phone signals to track users' movements, ruling that the feds first need "probable cause" to believe someone's committed a crime. By Ryan Singel. [Wired News: Security Blanket] 9:49:58 PM  PermaLink   / trackback []

Ten Threats You Probably Didn't Make Plans For. Ten Threats You Probably Didn't Make Plans For. Andrew Bycroft discusses threats that most people and policies do not consider such as shoulder surfing and eavesdropping. By Andrew Bycroft. [Infosec Writers Latest Security Papers] 9:47:10 PM  PermaLink   / trackback []

Linux.com | SARA, spawn of SATAN If you are an old school Linux or Unix user, you probably remember the System Administrator's Tool for Scanning Networks (SATAN). In 1995, SATAN brought browser-based network auditing to the world. Despite its initial splash, SATAN fell to the wayside due to lack of updates. Thanks to the kind folks at the Advanced Research Corp., SATAN is back, in the form of the Security Auditor's Research Assistant (SARA), a kinder, gentler, easier to use, and more updated auditing tool. 9:44:51 PM  PermaLink   / trackback []

ChoicePoint to Pay $15 Million for 2005 Data Breach. ChoicePoint to Pay $15 Million for 2005 Data Breach. Data broker pays largest civil fine in FTC's history. [PCWorld.com - Latest News Stories] 9:41:03 PM  PermaLink   / trackback []

Canadian music giant funds battle against RIAA. Canadian music giant funds battle against RIAA. Lawsuits should be shield not sword Canada's biggest record label, publisher and management company is helping out a family sued by the Recording Industry Ass. Of America for copyright infringement. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 9:37:50 PM  PermaLink   / trackback []

Supreme Court Tackles Dangerous Patent Ruling. Supreme Court Tackles Dangerous Patent Ruling. EFF Asks Justices to Consider Critical Free-Speech Implications San Francisco - The Electronic Frontier Foundation (EFF) filed a friend-of-the-court brief with the United States Supreme Court Thursday, asking justices to overturn a court ruling in a patent case with dangerous implications for free speech and consumers' rights. The Public Patent Foundation, the American Library Association, the American Association of Law Libraries, and the Special Library Association joined EFF on the brief. At issue is a case involving online auctioneer eBay and a company called MercExchange. Last year, the Federal Circuit Court of Appeals ruled that eBay violated MercExchange's online auction patents and that eBay could be permanently enjoined, or prohibited, from using the patented technology. But as part of the ruling, the court came to a perilous conclusion, holding that patentees who prove their case have a right to permanent injunctions under all but "exceptional circumstances," like a major public health crisis. This radical rule created an "automatic injunction" standard that ignored the traditional balancing and discretion used by judges to consider how such a decision might affect other public interests--including free speech online. "As more and more people use software and Internet technology to express themselves online, the battle over software patents has grave implications for online speech," said EFF Staff Attorney Corynne McSherry. "Courts must work harder than ever to ensure that technologies like blogs, email, online video, and instant messaging remain free and available to the public." [EFF: Breaking News] 9:36:32 PM  PermaLink   / trackback []

After Lawsuits, Company Pulls Spyware Cleaner. After Lawsuits, Company Pulls Spyware Cleaner. Secure Computer says the product will not be available until its problems are resolved. [PCWorld.com - Latest News Stories] 9:31:19 PM  PermaLink   / trackback []

Defending against unsafe coding practices with "libsafe" In a previous tip about securing Linux applications with compiler extensions, we described a defense-in-depth layered methodology ("defense in depth") to proactively mitigate the potential for risk or damage arising from fatally-flawed programming constructs. In this article, a second layer is introduced to add much-needed boundaries to checking to compiled C binaries, so as to produce robust, reliable applications capable of withstanding punishment from would-be attackers who try to break them. The problem with compiler extensions is that they require a manual recompile of the code for the compiler itself, followed by recompilation of system binaries, to be truly effective. This painstaking and tedious process does not lend itself well to rapid deployment and thus, leaves much to be desired. Enter libsafe, an all-purpose application defense mechanism that intercepts known-vulnerable library calls for pre-compiled binaries. By coercing any given vulnerable function call into a segregated stack frame, libsafe ensures that any potential for damage caused by errant code is safely contained within well-defined defenses. By providing a run-time protection mechanism, libsafe can do things that a fortified compiler suite cannot -- especially when it comes to setting upper bounds on the sizes for dynamically allocated buffers (or those buffers whose size isn't known at the time of compilation). 9:28:24 PM  PermaLink   / trackback []

Google pulls 'we don't censor' statement. Google pulls 'we don't censor' statement. Do be evil! Updated Google's support centre has pulled an answer to the topical question "Does Google censor search results?" Since the answer clearly stated the company "does not censor results for any search term", and given the company's recent foray into the lucrative Chinese search engine market, it seems fair that the internet monolith would probably want to review that particular stance and relegate the offending item to cache. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 9:24:57 PM  PermaLink   / trackback []

UK immigration intros compulsory tags for asylum cases. UK immigration intros compulsory tags for asylum cases. Not volunteering hard enough, apparently... The UK Immigration Service is now imposing electronic tagging without the subject's consent in a range of immigration cases, including asylum seekers, overstayers and illegal workers, following a rule change last year. The National Coalition of Anti-Deportation Campaigns (NCADC) reports that it has been contacted recently by a number of asylum seekers who were fitted with ankle bracelet tags after visiting the Immigration & Nationality Directorate's offices at Lunar House, Croydon to claim asylum. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 9:22:46 PM  PermaLink   / trackback []

Sprint latest to sue to protect customer data. Sprint latest to sue to protect customer data. Sprint Nextel Corp. on Friday followed some of its competitors in filing a lawsuit against companies that sell mobile phone call details, charing 1st Source Information Specialists Inc. with using illegal and deceptive practices to obtain and sell call records of Sprint Nextel cell-phone users. [Computerworld Data Mining News] 9:17:28 PM  PermaLink   / trackback []

Stop Congress Mandating Secret Technology. Stop Congress Mandating Secret Technology. Representatives Sensenbrenner and Conyers have introduced a bill that would force all equipment that can be used to convert analog signals to digital to include watermarking detectors that would have to obey invisible "VEIL" marks in video signals. But what is VEIL, and how would the detectors work? Security researchers don't know - because they have to pay $10,000 and sign a non-disclosure agreement with VEIL's designers to find out. Tell your Representative that public laws shouldn't have secret provisions. [EFF Action Alerts] 9:15:54 PM  PermaLink   / trackback []

Could Your VoIP Phone Be Tapped? Could Your VoIP Phone Be Tapped?  Civil-liberties groups say the FCC's plans may pose a threat to your privacy and security. [PCWorld.com - Latest News Stories] 9:14:06 PM  PermaLink   / trackback []