Thursday, February 9, 2006

TDS: Alberto and the NSA Hearing. TDS: Alberto and the NSA Hearing. TDS: Alberto and the NSA Hearing Jon Stewart takes a look at the hearing and makes some of his usual astute observations. Video-WMP Video-QT Jon: He's not under oath, but he's there. Pat Leahy had the funniest line... Leahy: Of course-I'm sorry Mr. Attorney General- I forgot you can't answer any questions that might be relevant to this. The Bin Laden tag at the end was hysterical. "These are the things that make hiding in a cave worthwhile." [Crooks and Liars] 4:36:13 PM  PermaLink   / trackback []

Specter Says Surveillance Program Violated the Law. Specter Says Surveillance Program Violated the Law. Senator Arlen Specter of Pennsylvania said that legal justifications for the domestic program were "strained and unrealistic." By BRIAN KNOWLTON,International Herald Tribune. [NYT > Home Page] 4:12:00 PM  PermaLink   / trackback []

Defense of Eavesdropping Is Met With Skepticism in Senate. Defense of Eavesdropping Is Met With Skepticism in Senate. The attorney general's assertion that the program was legal immediately drew harsh reactions from leaders from both parties. By DAVID STOUT. [NYT > Home Page] 4:09:51 PM  PermaLink   / trackback []

Republican Who Oversees N.S.A. Calls for Wiretap Inquiry. The Legal Arguments: In Limelight at Wiretap Hearing: 2 Laws, but Which Should Rule? The attorney general argued that two potentially contradictory Congressional actions together allow domestic surveillance. By ADAM LIPTAK. [NYT > Home Page] 4:07:19 PM  PermaLink   / trackback []

Republican Who Oversees N.S.A. Calls for Wiretap Inquiry. Republican Who Oversees N.S.A. Calls for Wiretap Inquiry. Representative Heather A. Wilson said she had "serious concerns" about the Bush administration's domestic eavesdropping program. By ERIC LICHTBLAU. [NYT > Home Page] 4:04:26 PM  PermaLink   / trackback []

7.5 Micron Thick RFID Tag. 7.5 Micron Thick RFID Tag. YesSir writes "The EETimes is reporting that Hitachi has a breakthrough in RFID technology that they are planning to show at this years ISSCC (International Solid-State Circuits Conference). The new RFID chip is their newest mu-chip that, measuring in at 7.5 microns, is ten or more times thinner than a sheet of paper and comes complete with 128-bit identifying goodness." [Slashdot] 3:56:24 PM  PermaLink   / trackback []

EETimes.com - Hitachi advances paper-thin RFID chip TOKYO -- Targeting radio-frequency identification, Hitachi Ltd. has developed what it says is the smallest and thinnest IC in the world for those applications. Hitachi was due to present details of the 0.15-millimeter by 0.15-millimeter, 7.5-micron-thick chip on Sunday (Feb. 5) at the IEEE International Solid-State Circuits Conference (ISSCC) in San Francisco. Paper is typically 80 microns to 100 microns thick, and the chip substrate has been made small and thinned to 7.5 micron to ease application in paper, where it could be used as an intelligent watermark. Hitachi has been pursuing such "embedded" applications for its "Mu-chip" for years. The company integrated an antenna on an earlier version of the chip in September 2003. In the latest version, the company has reduced the plan dimensions and the thickness of the chip. "The smallness is one [important] function for an RF IC chip," said Mitsuo Usami, senior chief researcher of Hitachi's Central Research Laboratory, who invented Hitachi's mu-chip initiative. "We fabricated the prototype using technology widely used for volume production." 3:54:47 PM  PermaLink   / trackback []

Study Notes Decline in Internet Spyware. Study Notes Decline in Internet Spyware. Zoner12 writes "LiveScience magazine is running an interesting article about a new study detailing the extent and seriousness of spyware on the Internet, finding that it is still prevalent but declined significantly. The scary statistic is that 1 in 62 websites visited distributes malware. Kind of disheartening that this is a decline." [Slashdot] 3:50:56 PM  PermaLink   / trackback []

RSA Conference 2006 - WebCasts On-demand replays of selected RSA(r) Conference 2006 keynotes will be available on this page within 24 hours of the live keynote in San Jose. You do not need to be a registered attendee of RSA Conference to view the keynotes, however you will need to answer a few brief registration questions before you can start downloading the web cast replays. Please bookmark this page and visit again beginning February 15, 2006 to view replays of the following keynote presentations: Editor: For those of us who can't make it. 3:44:08 PM  PermaLink   / trackback []

Congress Granted Oversight For NSA Surveillance Program. [NewsHour with Jim Lehrer Podcast | PBS] Congress Granted Oversight For NSA Surveillance Program. In a position reversal, the Bush administration will to brief House and Senate Committees on the NSA wiretapping program. Rep. Jane Harman and Sen. Lindsey Graham discuss the announcement. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS] 3:36:20 PM  PermaLink   / trackback []

Newspapers' Exposure of Data Points Out Hidden Risks. Newspapers' Exposure of Data Points Out Hidden Risks. The exposure of up to 240,000 credit card numbers by The Boston Globe and a sister publication shows yet again that companies need to be concerned about their internal business processes when it comes to security breaches -- not just attacks by malicious hackers. [Computerworld Privacy News] 3:25:56 PM  PermaLink   / trackback []

Confidential patient data sent to wrong company -- for 15 months. Confidential patient data sent to wrong company -- for 15 months. Some doctors' offices and clinics in the U.S. have been mistakenly faxing patient claims information to a small distributor of herbal remedies in Manitoba instead of to Prudential Insurance, the designated recipient. [Computerworld Privacy News] 3:23:23 PM  PermaLink   / trackback []

New Survey Focuses on Four Key Misperceptions and Recommendations Surrounding Identity Fraud. New Survey Focuses on Four Key Misperceptions and Recommendations Surrounding Identity Fraud. The 2006 Identity Fraud Survey Report - released by the Council of Better Business Bureaus and Javelin Strategy & Research - provides new information on how identity fraud occurs, counterintuitive insights that challenge conventionally accepted beliefs about these crimes, and steps consumers can take to further protect themselves against this problem [GT: Privacy] 3:19:35 PM  PermaLink   / trackback []

California Holds Hearing on Open Source Software in Election Systems. California Holds Hearing on Open Source Software in Election Systems. "We're in the middle of an intense discussion over whether voting systems that rely on proprietary software, such as Diebold, should be certified or re-certified for use here in California for the 2006 elections" [GT: Privacy] 3:17:40 PM  PermaLink   / trackback []

Sen. Allen conducts hearing on unauthorized use of phone records WASHINGTON, D.C. - Sen. George Allen, R-Va., chair of the Senate Commerce Subcommittee on Consumer Affairs, Product Safety and Insurance, held a hearing Wednesday examining unauthorized and intrusive third party access of American consumers' phone records by marketing companies that sell the information through several online ventures. The testimony by a panel of expert witnesses in the hearing will be used by Sen. Allen and Commerce Committee Chairman Ted Stevens, R-Alaska, chair of the Commerce, Science and Transportation Committee in shaping legislation to prohibit such unwarranted invasions of consumer privacy. "I wanted to take action as soon as I heard that unscrupulous marketers were obtaining and selling confidential, personal phone billing records. This fraudulent and criminal activity must be prosecuted and stopped to protect innocent people. Especially of concern to me are the rights of some women who have had their privacy violated by stalkers who use the information to get details of their personal lives and harms law enforcement investigations," said Allen. 3:16:30 PM  PermaLink   / trackback []

Reversing course, White House provides details of surveillance to Congress WASHINGTON (AFP) - The White House has provided details of a controversial domestic eavesdropping program to members of the US Congress, reversing its earlier adamant refusal to do so, legislative officials said. The decision came as US Attorney General Alberto Gonzales and Deputy Director of National Intelligence General Michael Hayden held a closed-door briefing for members of the House Intelligence Committee about its secret program to intercept domestic communications without court approval. The secret electronic wiretapping by the National Security Agency was put in place to intercept terrorist communications, but provoked a storm of opposition from civil libertarians who say the program violates Americans' privacy rights. The White House about-face came after a leading House Republican whose subcommittee oversees the National Security Agency called for a full congressional inquiry into the domestic spying program. 3:12:59 PM  PermaLink   / trackback []

FTC: Some Web sites end sales of phone call data. FTC: Some Web sites end sales of phone call data. The FTC and FCC are investigating whether any laws were broken by companies that obtain and sell subscribers' telephone records. Many of the companies stopped the sales after publicity focused on privacy concerns. [Computerworld Privacy News] 3:08:04 PM  PermaLink   / trackback []

Fee-based e-mail delivery plan raises eyebrows. Fee-based e-mail delivery plan raises eyebrows. Yahoo and America Online are set to adopt an e-mail certification system from Goodmail Systems that charges mass mailers a per-message fee in an effort to reduce spam. [Computerworld Privacy News] 3:06:13 PM  PermaLink   / trackback []

HOTEL INTERACTIVE INVESTIGATION: How Secure Is Your Stored Data? Bettina Marks reports proposed legislation could make hotels more accountable for data security. Identity theft is rapidly becoming a widespread concern for leaders of all industries in this age of advanced technology. A December, 2005 Reuters report found a series of cases in which personal information about a company's customers or employees was stolen or missing, including incidents at the Bank of America Corp. and The Boeing Company. The hospitality industry is also no stranger to these data invasions. David Bleser, vice president of Hospitality Safeguards Inc. and the vice chairman of the loss prevention committee for the AH&LA, stated during his presentation at last week's Hospitality Law Conference in Houston that there have been over 30 incidences of identity theft in the hospitality industry reported in 2004. Of these cases approximately 40 percent were due to documentation of sensitive data printed by the hotel which was exposed in areas accessible to the public and on bulletin boards in the back of the hotel. Sixty percent of the cases were due to access and theft by corporate/hotel staff. In several cases, individuals were able to obtain credit card information and other personal information about the guest by simply making several phone calls to either the hotel or to central reservations If hotel operators weren't already concerned about thwarting identity theft at their properties, proposed legislation now on Capitol Hill will make them think twice. The Personal Data Privacy and Security Act proposed July of last year passed through a full Senate Judiciary hearing in November and is currently on its way toward final approval. If the legislation is given the green light, hotels could be held more responsible for maintaining and documenting mandated data security procedures. 3:04:13 PM  PermaLink   / trackback []

Media Info Center - Google's Newest Search Tool Raises Privacy Concerns Internet search giant Google, which raised eyebrows when it fought the Department of Justice's attempts to monitor personal search queries, today unveils a new desktop search tool that accesses more private records than ever -- of those who choose to use it. Google Desktop 3, the latest version of software that helps users find files on personal computers, has a new feature that can track data from multiple PCs. To do that, it copies personal text files to Google servers, which eventually route them back to the PCs. Previous versions merely indexed files, without storing copies at Google. Google says the update aims to make finding and sharing information even simpler. "Too many people are working across multiple computers now," says Google Vice President Marissa Mayer. "This makes their lives easier." Consumers crave such portability, says Allen Weiner, an analyst at market-tracker Gartner. But online privacy advocacy group Electronic Frontier Foundation worries about Google extending its reach. "We think this is an enormous privacy risk for users who choose to utilize it," says EFF attorney Fred von Lohmann. How Google Desktop 3 works: *Computer A (say, a home PC) and computer B (the one at work) both download Google Desktop, which indexes all files on the hard drives and sends text copies of Office documents (Word, Excel) and other files to Google. *Computer B signs into Google, searches for a file on Computer A and retrieves it. Google says it only keeps the data for 30 days and will delete the files if not accessed. 2:59:28 PM  PermaLink   / trackback []

business2blog: B2Day : Would You Trust Google With Your Desktop? Google has a new version of its desktop search product, which sports a feature that sounds both incredibly useful and raises serious privacy concerns. You can now upload your Web-surfing history and text files (Word documents, Excel spreadsheets, Powerpoint presentations, PDFs) to Google's servers from all of your computers and search your desktop from anywhere in the world. To enable this feature, Google had to change its privacy policy from stating that "your computer's content is never sent to Google (or anyone else)" to "we copy this content to servers located at Google" and the much weaker "your data is never accessible by anyone doing a Google search." Gee, what about my data being accessible to a U.S. government lawyer with an overreaching subpeona? And will I start seeing ads targeted to all the words I write or read on my computer, just as I get ads today based on the words I write in my Gmail correspondence? To be fair, Google lets you turn this search-across-computers feature off, limit it to only specific types of data (like Web history or Word documents), or manually erase all your files from Google's servers at any time. It should also be noted that Google is currently resisting an overly-broad subpeona from the Department of Justice for a week's worth of all search results. How successful it will be in that stance is not certain. 2:50:51 PM  PermaLink   / trackback []

FTC plans hearings on risks of Internet. FTC plans hearings on risks of Internet. The Internet industry needs to create "self-regulatory regimes" and come up with new technologies to battle online dangers such as spyware, said Deborah Platt Majoras, chairwoman of the Federal Trade Commission on Thursday. [Computerworld Privacy News] 2:45:25 PM  PermaLink   / trackback []

US plans massive data sweep | csmonitor.com The US government is developing a massive computer system that can collect huge amounts of data and, by linking far-flung information from blogs and e-mail to government records and intelligence reports, search for patterns of terrorist activity. The system - parts of which are operational, parts of which are still under development - is already credited with helping to foil some plots. It is the federal government's latest attempt to use broad data-collection and powerful analysis in the fight against terrorism. But by delving deeply into the digital minutiae of American life, the program is also raising concerns that the government is intruding too deeply into citizens' privacy. "We don't realize that, as we live our lives and make little choices, like buying groceries, buying on Amazon, Googling, we're leaving traces everywhere," says Lee Tien, a staff attorney with the Electronic Frontier Foundation. "We have an attitude that no one will connect all those dots. But these programs are about connecting those dots - analyzing and aggregating them - in a way that we haven't thought about. It's one of the underlying fundamental issues we have yet to come to grips with." The core of this effort is a little-known system called Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement (ADVISE). Only a few public documents mention it. ADVISE is a research and development program within the Department of Homeland Security (DHS), part of its three-year-old "Threat and Vulnerability, Testing and Assessment" portfolio. The TVTA received nearly $50 million in federal funding this year. DHS officials are circumspect when talking about ADVISE. "I've heard of it," says Peter Sand, director of privacy technology. "I don't know the actual status right now. But if it's a system that's been discussed, then it's something we're involved in at some level." 2:36:36 PM  PermaLink   / trackback []

U.S. Gov To Spider Internet. U.S. Gov To Spider Internet.   HopeSeekr of xMule writes  "Perhaps as one of the first high profile uses of Alexa's WebSearch Platform, the U.S. government plans to search, link and reference every news site, blog and email on the Internet, using sophisticated AI codenamed ADVISE to do the correlations. Unlike traditional dataveilance like Echelon, ADVISE aims to find terrorists before they strike and even deduce their motivations in wanting to commit their crimes. Part of the breakthrough is a way for humans to view data as 3D holographic images with tech recently used at the Superbowl." [Slashdot: Your Rights Online] 2:33:47 PM  PermaLink   / trackback []

WSJ.com - More Surveillance Puts Strain on Carriers "There's been a significant increase in demand and pressure on companies for providing records, tracing calls and wiretapping," said Mr. Warren, now a vice president for fiduciary services at NeuStar Inc. of Sterling, Va., which bought his company. "That's led to a great deal of strain on carriers." Often overlooked amid the controversy over the legality of the Bush administration's eavesdropping without warrants is a huge increase in recent years in the number of wiretaps conducted with court approval. Smaller telecom companies in particular have sought help from outsiders in order to comply with the court-ordered subpoenas, touching off a scramble among third parties to meet the demand for assistance. VeriSign Inc., the communications company in Mountain View, Calif., that manages the Internet's .com and .net domain-name suffixes, entered the assistance business after the Sept. 11, 2001, terrorist attacks. SS8 Networks Inc., a San Jose, Calif.-based company, in 2001 morphed its business into one that helps others deal with law-enforcement requests, after starting as an Internet-phone-equipment company a couple of years earlier. The number of telephone wiretaps from 2000 to 2004 authorized by state and federal judges increased by 44% to 1,710, according to the latest annual report from the Administrative Office of the U.S. Courts. The vast bulk of the wiretaps related to drug and racketeering investigations, according to the report. But terrorism and other national-security investigations also helped drive the increase, according to security experts and service providers. 2:24:45 PM  PermaLink   / trackback []

Surveillance Is on the Rise, Straining Carriers. Surveillance Is on the Rise, Straining Carriers. Carl Bialik from the WSJ writes "The number of telephone wiretaps from 2000 to 2004 authorized by state and federal judges increased by 44%, the Wall Street Journal reports, in part because of a rise in terrorism investigations after 9/11, and because the Patriot Act extended surveillance to Internet providers. All the surveillance activity can put a strain on carriers. 'Smaller telecom companies in particular have sought help from outsiders in order to comply with the court-ordered subpoenas, touching off a scramble among third parties to meet the demand for assistance', the WSJ reports, adding, 'Government surveillance has intensified even more heavily overseas, particularly in Europe. Some countries, such as Italy, as well as government and law-enforcement agencies, are able to remotely monitor communications traffic without having to go through the individual service providers. To make it easier for authorities to monitor traffic, some also require registering with identification before buying telephone calling cards or using cybercafes.'" [Slashdot: Your Rights Online] 2:20:43 PM  PermaLink   / trackback []

Cartoons Prompt Spike in Danish Web Hacks. Cartoons Prompt Spike in Danish Web Hacks. Hackers have left pro-Islamic statements on many of the sites they have defaced. [PCWorld.com - Latest News Stories] 2:10:58 PM  PermaLink   / trackback []

Russian keyloggers hit bank customers | The Register Russian scammers used key logging Trojans to steal more than a â[not equal]¬1m from French people accessing online bank accounts. The Trojans were sent by email but were not activated until people accessed their online bank accounts. Then the Trojan forwarded on user names and passwords to the crooks. 2:08:06 PM  PermaLink   / trackback []

Decrypting Encryption Myths Some of the more prominent headlines over the past year were dominated by incidents of data theft, where corporation after corporation had fallen victim to information theft on a large scale. While many victims had hackers and devious insiders to blame, other instances were simply due to human error such as lost data tapes and stolen laptops. In these cases, CIOs may think their information is not at risk because of encryption. But is this really enough? Many organizations assume information stored on laptops, desktops and tapes is completely secure if it is encrypted. To some extent this is true. But while encryption is an important piece of the security puzzle, it is only one piece. CIOs need to make data encryption but one part of a broader security strategy to avert data theft. 2:04:07 PM  PermaLink   / trackback []

Traffic Monitoring with Packet-Based Sampling for Defense against Security Threats - The Community's Center for Security This paper describes the technology and large-scale deployment and use of a distributed network traffic monitoring system based on a packet-based sampling technology. It gives examples of various techniques making use of the resulting network traffic data to address network security issues. Network service providers are being faced with increasing disruption to network services because of a variety of security threats and malicious network service misuse. Such threats may originate externally or internally, and may occur at any time. To detect and respond promptly to this situation requires broad and continuous surveillance of network activity that provides timely and detailed information. 1:58:25 PM  PermaLink   / trackback []

Security Staffing Survey - CSO Research Reports According to our recent Security Staffing survey, IT security executives believe their organizatons are in greater jeopardy due to staffing shortages than their peers that oversee corporate security. Additionally, IT uses flex time and training as a motivator more so than corporate security executives. Corporate security organizations outsource more than IT security departments and the most frequently outsourced positions were security guards and guard management, while IT security were more likely to outsource data back up and biometrics. Our study asked about both corporate security staffing issues and also IT security issues. The results shown here are based on the responses of 218 security professionals. Fifty-two percent of respondents had responsibility for IT security while 22 percent were in charge of corporate security. Twenty-six percent had responsibility for both. 1:52:47 PM  PermaLink   / trackback []

USA Senate hearing on "Registered Traveler" and "Secure Flight". USA Senate hearing on "Registered Traveler" and "Secure Flight". The full USA Senate Commitee on Commerce, Science, and Transportation is finally holding a hearing this morning -- originally scheduled for last month -- on the Transportation Security Administration and Department of Homeland Security proposals for traveller registration ("Registered Travaler", previously "Trusted Traveler") and for surveillance and tracking of airline passengers (Secure Flight , previously CAPPS-II ). The hearing begins at 10 a.m. EST/7 a.m. PST, and is supposed to be Webcast live. (Note that Congressional hearing Webcasts are not archived, but can only be viewed live.) Lots of interesting testimony has been posted in advance of the hearing, including the latest report from the Governmental Accountability Office and a categorical statement on behalf of the trade association of USA-based airlines that the traveller registration program should be eleiminated entirely. (Click on the names on the witness list for links to their prepared statements.) [The Practical Nomad] 1:48:36 PM  PermaLink   / trackback []

EFF - AOL, Yahoo and Goodmail: Taxing Your Email for Fun and Profit. AOL, Yahoo and Goodmail: Taxing Your Email for Fun and Profit. Remember the famous email rumor that made the rounds in the 1990s: "Congress is trying to tax your Internet connection, write in now!" Well what wasn't true in the 1990s is apparently coming true in 2006, only the beneficiaries won't be Uncle Sam -- it will be Yahoo, AOL, and a company ironically called Goodmail. Yahoo and AOL have announced that they will guarantee access to your email inbox for email senders who pay $.0025 per message. They will override their own spam filters and webbug-strippers, and deliver the mail directly with a "certified" notice. In the process, they will treat more of your email as spam, and email you're expecting won't be delivered. The justification is that if people have to pay to send email, they won't send junk email. Apparently AOL and Yahoo believe that if we "tax" speech then only desirable speech happens. We all know how well that works for postal mail -- that's why no one gets any "free" AOL starter disks, right? More seriously, as we discuss below, this isn't really an anti-spam measure as much as a "pay to speak" email measure, and it won't end spam or phishing. Prominent anti-spammer Richard Cox of Spamhaus agrees: "an e-mail charge will destroy the spirit of the Internet." (Read on for more after the jump.) [EFF: Deep Links] 1:45:37 PM  PermaLink   / trackback []

Microsoft Anti-Virus Pricing Ripples? Microsoft Anti-Virus Pricing Ripples?  Microsoft Corp. announced yesterday that beginning in June it would start charging $49.95 a year for Windows Onecare Live, a (currently free) managed-security service designed to protect Windows PCs from viruses, spyware and other Internet attacks. Leaving aside the question of whether consumers will move in droves to pay Microsoft to fix problems that it is at least partly responsible for, the real question seems to be whether the other anti-virus vendors will lower prices and/or change their licensing terms to allow their products to be used on more than one machine.[Security Fix] 1:42:33 PM  PermaLink   / trackback []

Fee-based E-mail Delivery Raises Eyebrows. Fee-based E-mail Delivery Raises Eyebrows. Critics charge e-mail sender payments 'ineffective' in spam fight. [PCWorld.com - Latest News Stories] 1:39:13 PM  PermaLink   / trackback []