Wednesday, April 5, 2006

Open Source For Perimeter Security - IT Observer There is a widespread and wholly inaccurate impression that open source development is somehow haphazard and undisciplined, a free-for-all among brilliant but uncoordinated individuals. In fact, most major open source projects are very tightly managed highly disciplined teams. This article gives examples of very successful Open Source security projects -- netfilter and Snort -- and also describes some weaknesses that need to be addressed by IT organizations or vendors. It is clear that the challenges related to security are escalating. Outbreaks of viruses and worms are becoming more virulent and spreading faster. Blended threats and application-specific attacks are becoming more sophisticated and harder to detect. Wireless communications, instant messaging, and peer-to-peer networks are opening new holes in corporate defence systems. Top management is taking a sudden and unaccustomed interest in IT security. Yet IT departments are not getting additional resources to meet these growing pressures. 3:40:19 PM  PermaLink   / trackback []

Open Source For Perimeter Security. Open Source For Perimeter Security. An anonymous reader writes "IT Observer has a look at some of the perceived problems with an OpenSource approach to security and what could be done to improve the situation. From the article: 'There is a widespread and wholly inaccurate impression that open source development is somehow haphazard and undisciplined, a free-for-all among brilliant but uncoordinated individuals. In fact, most major open source projects are very tightly managed highly disciplined teams. This article gives examples of very successful Open Source security projects -- netfilter and Snort -- and also describes some weaknesses that need to be addressed by IT organizations or vendors.'" [Slashdot] 3:38:37 PM  PermaLink   / trackback []

WSJ.com - Security Fears Prod Many Firms To Limit Staff Use of Web Services Companies are clamping down on employees' workplace use of the expanding range of free Internet services, such as instant messaging and video downloading, to protect themselves from viruses, communications traffic jams and regulatory missteps. General Electric Co. has barred outside instant-messaging and file-sharing programs, as well as access to personal online email accounts like those offered by Yahoo Inc. Telecom company Global Crossing Ltd. also blocks outside instant messaging and online email accounts. J.P. Morgan Chase & Co. is one of many banks that blocks Internet services it can't track or monitor, including outside instant-messaging, phone and email programs. Another big bank, ABN Amro Holdings NV of the Netherlands, also bans many consumer-communications technologies, including Skype, the Internet phone service owned by eBay Inc. (See related article.) "I'm not allowing Skype because I don't know what it does," says Bill Rocholl, global head of strategy and engineering for ABN Amro's telecommunications and network services. 3:34:06 PM  PermaLink   / trackback []

Security Fears Prod Firms to Limit Staff Web Use. Security Fears Prod Firms to Limit Staff Web Use. Carl Bialik from WSJ writes "Companies are limiting employees' use of free Internet services, such as Skype and video downloading, to protect themselves from viruses, communications traffic jams and regulatory missteps, the Wall Street Journal reports. ABN Amro's global head of strategy and engineering tells the WSJ, 'I'm not allowing Skype because I don't know what it does.' Some colleges and departments at Cambridge University also ban Skype. The limits affect executives as well as the rank-and-file, the WSJ finds: ' "I used to think nothing of checking my Yahoo mail several times a day," says Global Crossing Chief Marketing Officer Anthony Christie. Now that he can't, his long workday makes it hard to avoid using his work email account for personal messages, he says.'" [Slashdot] 3:31:57 PM  PermaLink   / trackback []

Microsoft Says Recovery from Malware Becoming Impossible LAKE BUENA VISTA, Fla.--In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here. Offensive rootkits, which are used hide malware programs and maintain an undetectable presence on an infected machine, have become the weapon of choice for virus and spyware writers and, because they often use kernel hooks to avoid detection, Danseglio said IT administrators may never know if all traces of a rootkit have been successfully removed. He cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. "In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast," Danseglio added. 3:28:59 PM  PermaLink   / trackback []

Microsoft Says Recovery From Malware Becoming Impossible. Microsoft Says Recovery From Malware Becoming Impossible. An anonymous reader wrote to mention an eWeek Story about Microsoft's assertion that PCs may no longer be able to recover from the most aggressive Malware. From the article: "[Danseglio] cited a recent instance where an unnamed branch of the U.S. government struggled with malware infestations on more than 2,000 client machines. 'In that case, it was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast,'." [Slashdot] 3:26:40 PM  PermaLink   / trackback []

New "Dark" Freenet Available for Testing. New "Dark" Freenet Available for Testing.  Sanity writes "The Freenet Project has just released the first alpha version of the much anticipated Freenet 0.7 branch. This is a major departure from past approaches to peer-to-peer network design, embracing a 'scalable darknet' architecture, where security is increased by allowing users to limit which other peers their peer will communicate with directly, rather than the typical 'promiscuous' approach of classic P2P networks. This means that not only does Freenet aim to prevent others from finding out what you are doing with Freenet, it makes it extremely difficult for them to even know that you are running a Freenet node at all. This is not the first P2P application to use this approach, other examples include Waste, however those networks are limited to just a few users, while Freenet can scale up almost indefinitely. The new version also includes support for NAT hole-punching, and has an API for third-party tool development. As always, the Freenet team are asking that people support the development of the software by donating." [Slashdot: Your Rights Online] 3:06:57 PM  PermaLink   / trackback []

More than ever, watch what you say - Opinion - smh.com.au Last week, Federal Parliament passed a law that allows the Government to read private emails, text messages and other stored communications without our knowledge. The power extends to innocent people, called B-parties, if they have been unlucky enough to communicate with someone suspected of a crime or of being a threat to national security. The Government should sometimes be able to monitor the communications of innocent people. This may be necessary to protect the wider community where a suspect can only be tracked through another person. However, the law goes beyond what can be justified and undermines our privacy more than is needed. Under the Telecommunications (Interception) Amendment Act, the Government will be able to access communications not only between the B-party and the suspect, but also between the B-party and anyone else. If you have unwittingly communicated with a suspect (and thereby become a B-party), the Government may be able to monitor all your conversations with family members, friends, work colleagues, your lawyer and your doctor. The Government may be able to use the information even though the information is not related to the original suspect. It also does not have to tell you that it has been listening in. While there are some remedies if you have been illegally monitored, these are pointless if you do not know you have come under surveillance. This is of even greater concern given how easy it is for ASIO to gain a warrant. The gatekeeper is not an independent person such as a judge, but a politician, the federal attorney-general. As long as ASIO has tried other means of tracking a suspect, to gain a warrant it need only show that intercepting the B-party's communications is "likely to assist" in obtaining intelligence "related to security" - vague terms providing scope for the misuse of the power. A further issue is how the law distinguishes between stored and real-time communications such as telephone conversations. It is easier to monitor stored communications, apparently because they are seen as less private than telephone conversations. However, now that telephone conversations often occur in public on mobile phones, many people reserve their most personal interactions for email and text messages. It is nonsensical that our personal affairs are made less private because they are in an email rather than said over the phone. 3:02:38 PM  PermaLink   / trackback []

Australian Parliament Approves Email Snooping. Australian Parliament Approves Email Snooping.  brindafella writes  "The Sydney Morning Herald newspaper, reporting on a legislative change last week, says 'the [Australian] Government will have 12 months to access communications not only between the B-party and the suspect, but also between the B-party and anyone else. If you have unwittingly communicated with a suspect (and thereby become a B-party), the Government may be able to monitor all your conversations with family members, friends, work colleagues, your lawyer and your doctor.' The Australian Parliament's major parties combined to pass an amendment to the Telecommunications (Interception) Amendment Act 1979."  [Slashdot: Your Rights Online] 2:59:32 PM  PermaLink   / trackback []

RIAA Recommends Students Drop out of College. RIAA Recommends Students Drop out of College. boarder8925 writes "An MIT student accused of copyright infringement has been documenting her struggles with the RIAA. Upon trying to negotiate her settlement, a representative told her that "the RIAA has been known to suggest that students drop out of college or go to community college in order to be able to afford settlements."" [Slashdot: Your Rights Online] 2:51:52 PM  PermaLink   / trackback []

Government's work with data brokers prompts privacy concerns (4/4/06) To better understand what information is being collected, Chabot and his panel's ranking Democrat, Jerrod Nadler of New York, last year told the Government Accountability Office to report on how federal agencies amass data and whether information brokers comply with privacy and security practices. Linda Koontz, the director of information management issues at the GAO, reported the findings at the hearing. The report, which reviewed the Homeland Security, Justice and State departments and the Social Security Administration, found that some $30 million was spent on contracts with information brokers in fiscal 2005. The privacy and security measures of major resellers that do business with the federal government are "not fully consistent with fair-information practices," Koontz said. GAO found that some resellers do not adhere to those practices because "they do not obtain their information directly from individuals." Furthermore, GAO found that agency privacy practices are unevenly applied. Koontz said while agencies issued public notices about data collection, they did not indicate relationships with information resellers. In addition to such "ambiguities," she said the agencies "lack policies" that address the use of reseller data or ensure the accountability of personal information. Homeland Security Chief Privacy Officer Maureen Cooney said the department's use of personal information must be "transparent and appropriate." Her office conducts privacy impact assessments, which she says help address privacy questions in the overall development and deployment of technology systems. 2:47:51 PM  PermaLink   / trackback []

Energy and Commerce Committee Approves Data Accountability and Trust Act - Government Technology The House Energy and Commerce Committee last week approved H.R. 4127, Rep. Cliff Stearns' Data Accountability and Trust Act (DATA Act). "For years, I have been working to enhance consumer privacy and security for individual's personal information," said Sterns, who represents Florida's Sixth district. "I am pleased that the full committee approved my legislation to combat identity theft and to protect consumers' personal information. 12:13:13 PM  PermaLink   / trackback []

Agencies Not Protecting Privacy Rights, GAO Says Government agencies that use private information services for law enforcement, counterterrorism and other investigations often do not follow federal rules to protect Americans' privacy, according to a report yesterday by the Government Accountability Office. The Justice Department, the Department of Homeland Security and two other agencies examined by the GAO spent about $30 million last year on companies that maintain billions of electronic files about adults' current and past addresses, family members and associates, buying habits, personal finances, listed and unlisted phone numbers, and much more. But those agencies often do not limit the collection and use of information about law-abiding citizens, as required by the Privacy Act of 1974 and other laws. The agencies also don't ensure the accuracy of the information they are buying, according to the GAO report. That's in part because of a lack of clear guidance from the agencies and the Office of Management and Budget on guidelines known as "fair information practices," the report said. At the same time, the contractors are not bound by those "fair information practices," and they often don't comply with all of them, the report said. Companies do not notify individuals when information is collected, for instance. They limit individuals' access to records about themselves, and they generally do not have provisions for correcting mistakes, the report said. 12:09:38 PM  PermaLink   / trackback []

SACRAMENTO / Assembly panel approves divorce secrecy bill / Provision to allow sealing financial records is dropped An Assembly committee approved a bill Tuesday that could restrict public access to divorce records but stripped out a provision that would have given one spouse the power to keep financial information under court seal. Opponents of the bill -- which include judges, First Amendment advocates and newspaper groups -- say the bill is designed to help Los Angeles billionaire Ron Burkle in his divorce. Burkle has been a generous contributor to political campaigns. Burkle and the bill's author, Sen. Kevin Murray, D-Los Angeles, deny the measure has anything to do with the divorce. Murray said he is pushing the bill to help prevent identity theft and protect people's privacy. "This bill has been talked about a lot," Murray told the Assembly Judiciary Committee. "But it's a very simple issue of protecting the privacy of people involved in a divorce. Because you happen to get a divorce does not mean all your personal information should be thrown out there for the world to hear." Murray's original measure would have required judges to redact financial information from court files available to the public if one party in a divorce case requested it. The committee approved the bill only after Murray agreed to drop that provision and change it to have judges consider requests for the sealing of financial information, weighing privacy against the public's interest in maintaining open court records. As it is now, the law gives judges that discretion, but critics say that if Murray's bill is signed into law more judges would tilt their decisions in favor of privacy rights rather than First Amendment concerns. 12:04:34 PM  PermaLink   / trackback []

Anti-Spyware Coalition Releases Documents; Unveils Agenda. Anti-Spyware Coalition Releases Documents; Unveils Agenda. The Anti-Spyware Coalition today released two new "tip sheets" to help consumers and enterprises better protect themselves against spyware and unwanted adware. The coalition also unveiled final plans for an international workshop slated to take place in Ottawa on May 16. Coordinated by CDT, the Anti-Spyware Coalition consists of academics, public interest advocates and the world's largest distributors of anti-spyware technology. [Center for Democracy and Technology] 11:42:27 AM  PermaLink   / trackback []

How Common Is Identity Theft? How Common Is Identity Theft?  ID theft affects millions of households and costs billions of dollars, government says. [PCWorld.com - Latest News Stories] 11:40:55 AM  PermaLink   / trackback []

Surveillance in Spheres of Mobility. Surveillance in Spheres of Mobility. The collaborators at the important "On the Identity Trail" project in Canada were kind enough to ask me to write an essay for their blog. Here is an excerpt: Surveillance in Spheres of Mobility: Privacy, Technical Design and the Flow of Personal Information on the Transportation and Information Superhighways A recent Nassau County Supreme Court ruling held that data retrieved from a vehicle's black box - a computer module that records a vehicle's speed and telemetry data in the last five seconds before airbags deploy in a collision - could be admitted as evidence even though law enforcement officials did not have a search warrant. The court ruled that by driving the vehicle on a public highway, 'the defendant knowingly exposed to the public the manner in which he operated his vehicle on public highways. [sigma]What a person knowingly exposes to the public is not subject to Fourth Amendment protection.' A federal judge in upstate New York made a similar ruling, stating that police officers did not need a warrant to secretly attach a Global Positioning System device to a suspect's vehicle. The judge said that a suspect traveling on a highway has no reasonable expectation of privacy. In January 2006, the web search engine Google resisted requests from the U.S. Department of Justice to turn over a large amount of data, including records of all Google searches from any one-week period, partially on the grounds that it would violate their users' privacy. This event generated widespread concern over the privacy of web search histories, and prompted many users to question the extent to which this component of their online intellectual activities might be shared with law enforcement agencies. (Indeed, it was later revealed that three other search engine providers [base ']Äì America Online, Yahoo and Microsoft [base ']Äì had previously complied with government subpoenas in the case, without public notice.) Similar concerns have arisen over commercial access to search engine histories as the vast databases of search histories held by these providers are increasingly matched up with individual searchers and demographic information from other search-related services in order to provide individually targeted search results and advertising. The two technological systems described above - networked vehicle information systems and web search engines - represent important tools for the successful navigation of two vital spheres of mobility: physical space and cyberspace. However, they also share a reliance on the capturing and processing of personal information flows, and provide the platforms for surveillance of the person on the move. Networked vehicle information systems, which include GPS-based navigational tools, automated toll collection systems, automobile black boxes, and vehicle safety communication systems, rely on the transmission, collection and aggregation of a person's location and vehicle telemetry data as she travels along the public highways. Similarly, web search engines, striving to provide personalized results and deliver contextually relevant advertising, depend on the monitoring and aggregation of a user's online activities as she surfs the World Wide Web. Taken together, these two technical systems are compelling examples of the increased 'everyday surveillance' (Staples, 2000) of individuals within their various spheres of mobility: networked vehicle systems constitute large-scale infrastructures enabling the widespread surveillance of drivers traveling on the public highways, while web search engines are part of a larger online information infrastructure which facilitates the monitoring and aggregation of one's intellectual activities on the information superhighway. I go on to conclude that: At a moment when concern over government surveillance of its citizens is high, the prospect of the creation of a nationwide networked vehicle system infrastructure capable of monitoring vehicle location and activity causes pause. Similarly, general concerns over the privacy of web search histories is further aggravated by the possibility of the information being shared with government authorities. Broadening the conceptualizations of privacy to include approaches such as contextual integrity can help raise awareness of the political and value implications of these emerging information technologies. Further, embracing the pragmatic tools of 'value-sensitive design'and 'critical technical practice,' will ensure attention to political and ethical values becomes integral to the conception, design, and development of technologies, not merely considered after completion and deployment. Please read the full essay here, and join the conversation. [michaelzimmer.org] 11:38:31 AM  PermaLink   / trackback []

Online Aerial Maps and Privacy Rights. Online Aerial Maps and Privacy Rights. The LA Times has a story about whether online satellite/aerial photography services Google Earth and Windows Live Local show too much, whether its possible these services violate one[base ']s privacy by enabling users to zoom in and see my backyard (here, 6 foot high fences for privacy are irrelevant). The security issues of these popular services have been discussed before in terms of national security (see here and here), but I haven[base ']t seen the press deal with issues of personal privacy as they relate to these desktop satellite imaging technologies. The article quotes a statement from Microsoft responding to possible privacy concerns with their Windows Live Local tool: It is understandable that when some people first see the aerial or bird[base ']s-eye view in Windows Live Local, they may get the wrong idea that we can zoom in to recognize them, read their car[base ']s license plate and otherwise obtain personal information from the images [but] the image resolution provides more privacy than does the average flight proximity of a helicopter. Comparing the image quality to those available from helicopter flyovers is a strawman argument. (Andy Sullivan[base ']s reaction falls victim to similar straw-related fallacies.) There aren[base ']t archives of photos from helicotpers widely available to the average citizen; but any Internet user can search a wide array of quite detailed satellite photos of properties across the globe. The issue isn[base ']t whether these images are the highest of quality, but whether the content that is viewable on these images that are indexed and searchable on the web might pose privacy concerns to those who would rather not have the contents of their property exposed to public scrutiny. One thing Andy does suggest makes sense: let individuals have their property (like my apartment building shown above) blurred out from the archive. [michaelzimmer.org] 11:27:44 AM  PermaLink   / trackback []

Oregon considers GPS Tracking Devices in Every Car. Oregon considers GPS Tracking Devices in Every Car. The NY Times writes about Oregon[base ']s experiments with a per-mile fee system that could replace general gas taxes. By installing GPS location tracking devices in every car, mileage could be tracked and users would have taxes levied on how much they use the roads, not on how much gas they purchase. The Times article does note the privacy concerns of amassing a large database of drivers[base '] locations and driving habits. One of the easiest ways to avoid these concerns is to delete the data after the necessary tax calcuations are made (although this would prevent the ability for users to question or audit their usage tax bill). (I noted the privacy concerns of such widespread use of GPS in cars about a year ago, and CNet had some commentary then as well.) Other technical solutions might be available that might better protect the value of one[base ']s privacy on the roads. For example, instead of having an active GPS system monitoring the precise movements of one[base ']s car, each filling station could simply download the most recent odometer setting to collect mileage data. Such data wouldn[base ']t be location-specific, allowing more driver privacy. [michaelzimmer.org] 11:25:02 AM  PermaLink   / trackback []

Seeking Fiscal Health Without Gas Tax - New York Times A pilot program based on the experiment rolls out at the end of March and will last at least a year. Within the next six weeks or so, 280 paid volunteers will have their cars equipped with a global positioning system that will allow the vehicles to be tracked by computers installed at two Portland service stations, where the drivers will be required to fill up. The Oregon program is being watched closely across the country, according to the National Conference of State Legislatures, but it has also touched off some privacy concerns because the same system could be used to track a driver's location. Critics say the G.P.S. records collected by the service stations could be subpoenaed for any number of reasons: criminal cases involving terror suspects or civil cases like divorces, where, for example, a suspicious husband or wife may seek gas pump receipts to prove the whereabouts of a spouse. "I think what we've learned since Sept. 11 is that federal law enforcement seems to have an insatiable appetite for every bit of information that might be available," said David L. Sobel, general counsel at the Electronic Privacy Information Center, a civil liberties group in Washington. "The existence of such a database, which would, for the first time in history, allow for the creation of detailed daily itineraries of every driver, raises obvious privacy concerns." 11:23:41 AM  PermaLink   / trackback []

Graduate School of Journalism at Columbia University - NYC24 Issue on Privacy. NYC24 Issue on Privacy. The Graduate School of Journalism at Columbia University publishes a biweekly news magazine called NYC24. The current issue is on privacy: With 8 million people crammed into 321 square miles, privacy in New York City has always been a rare [base ']Äì and much valued - commodity. Now this basic right is being constricted by the onslaught of 21st Century technology. Faster, lighter, smaller and cheaper equipment have made it simple for even the most average Joe to access private information. Electronic chips smaller than a dime that track your movements without your knowledge, Web sites that put a price on your personal information and surveillance cameras on almost every corner - is [base ']ÄúBig Brother[base ']Äù watching New York City? In this edition of nyc24 we explore this possible reality and present the new developments- from cyber stalking to patients[base ']Äô rights- that are redefining the issue of privacy. Included in the issue is an article on cellphone cameras, and how they [base "]blur the separation between private and public.[per thou] The article includes commentary by Columbia Law professor Tim Wu, as well as an interview with me. Portions of my interview can be heard here. [michaelzimmer.org] 11:19:27 AM  PermaLink   / trackback []

The Privacy Costs of Municipal Wi-Fi. The Privacy Costs of Municipal Wi-Fi. Chris Hoofnagle points to a very important article in the Nation by Jeff Chester discussing the privacy costs of many of the proposals for municipal wi-fi, including Google[base ']s plan for San Francisco. The benefits of muni-wi-fi are great, but proposals for some of the nation[base ']s largest cities come with hidden strings attached that compromise the user privacy: Unless municipal leaders object, citizens and visitors will be subjected to intensive data-mining of their web searches, e-mail messages and other online activities are tracked, profiled and targeted. The inevitable consequences are an erosion of online privacy, potential new threats of surveillance by law enforcement agencies and private parties, and the growing commercialization of culture. Consider the application submitted to the City of San Francisco in February by search giant Google and its partner, the Internet service provider Earthlink. One of six Wi-Fi bids being considered by the City of San Francisco, the Google/Earthlink plan has attracted the most attention. Under this proposal, Google would provide a free but relatively low-speed Internet service available throughout the city (Earthlink would operate a higher-speed service on the same system charging users $20 a month). The costs of operating the [base "]free[per thou] service would be offset by Google[base ']s plans to use the network to promote its interactive advertising services. Everyone who uses the Google network would first be directed to a portal page, where they would be offered an array of what Google terms [base "]personalized consumer products.[per thou] Through those products and other technologies, Google plans, according to its proposal, to [base "]target advertisements to specific geographical locations and to user interests.[per thou] What this means is that Google and Earthlink plan to use online files (known as cookies) and other data-collection techniques to profile users and deliver precise, personalized advertising as they surf the Internet. (Earthlink is working with the interactive ad company DoubleClick, which collects and analyzes enormous amounts of information online to engage in individual interactive ad targeting.) It seems that many of these muni-wi-fi proposals will build an online surveillance infrastructure in order to support the emerging mobile marketing ecosystem, where wherever we roam, a ubiquitous online environment will follow us with ads and information dovetailed to our interests and our geographic location. More and more, what I call our [base "]spheres of mobility[per thou] are coming under siege of widespread and increasingly everyday surveillance. (I will talk more about this soon as my dissertation proposal nears completion.) [michaelzimmer.org] 11:17:30 AM  PermaLink   / trackback []

Maryland to Engage in Wholesale Scanning of License Plates. Maryland to Engage in Wholesale Scanning of License Plates. Maryland is continuing its march towards wholesale surveillance of its citizens on the roads by announcing plans to use license plate recognition systems to scan and identify the plates of any vehicle a specially-equipped car happens to drive past. Marc Rotenberg comments on the privacy implications of such a plan in the article, and I[base ']ve blogged about similar concerns often (see links below). One concern not noted in the article is whether the police department is keeping a database of the time and place particular plates are scanned, rather than just scanning and checking for matches in a database, then deleting the record. [michaelzimmer.org] 11:14:47 AM  PermaLink   / trackback []

New York Attorney General Sues Major Adware Distributor. New York Attorney General Sues Major Adware Distributor. In what promises to be a landmark case in the fight against unwanted "adware" New York Attorney General Elliot Spitzer today sued software distributor Direct Revenue, alleging the firm " surreptitiously installed millions of pop-up ad programs on consumers' computers." CDT applauded Spitzer's efforts, noting that aggressive law enforcement will be essential to curbing the spread of unwanted, potentially damaging programs throughout the Internet. CDT has been active in investigating and reporting on the most egregious distributors of unwanted adware. [Center for Democracy and Technology] 10:58:21 AM  PermaLink   / trackback []

Citizens Lobby Congress for Reliable Electronic Voting. Citizens Lobby Congress for Reliable Electronic Voting. Hundreds Join EFF and Other Groups to Fight for Election Integrity San Francisco - Hundreds of citizen lobbyists from across the nation will be in Washington, DC, this coming Thursday and Friday, working to help secure the future of safe, reliable electronic voting through the passage of HR 550 -- the Voter Confidence and Increased Accessibility Act. HR 550 would ensure a voter-verified paper record of every vote, establish mandatory random hand-counted audits, and prohibit the use of secret software and wireless communications in voting machines. The "Lobby Days" were organized by the HR 550 "I Count" Coalition, which includes the Electronic Frontier Foundation (EFF), Common Cause, Verified Voting, Voters Unite, VoteTrustUSA, and Working Assets. The coalition will hold a lobbying training session for activists before they go to work on Thursday. "HR 550 represents the best opportunity to solve a number of problems related to the use of electronic voting equipment," said EFF Staff Attorney Matt Zimmerman. "By participating in this event, voters will get a chance to make their voices heard in Congress and demand transparency and accountability in elections." HR 550 has made significant progress in the House of Representatives, largely through the grassroots efforts of voting activists. Lobby Days will help continue the momentum and show members of Congress that many of their constituents are passionate about voting integrity. [EFF: Breaking News] 10:52:16 AM  PermaLink   / trackback []

Passport rule change anticipates ID refusenik sabotage efforts. Passport rule change anticipates ID refusenik sabotage efforts. Early mass renewal plans go to the dogs Updated The new UK Identity and Passport Service, spawned out of the Passport Service after the ID Cards Act became law on Saturday, celebrated its birth by trying to stop people renewing their passports whenever they want to, whether or not the passport is about to expire. The change in terms and conditions were slipped into the website without announcement, and were quite clearly ID card related.âo[oe] [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:50:17 AM  PermaLink   / trackback []

Mac Security: The Evil DRM Chip Is Bolted Inside The New Intel Macs? - Robin Good's Latest News The basic idea of Trusted Computing is that security on a computer is obtained via hardware, through a specific chip dedicated exclusively to this task and called Trusted Platform Module (TPM). It's a very controversial project, as I wrote four years ago. Originally sold as a beneficial security system for users (which is partially true), trusted Computing and Palladium risks to open the doors to inviolable copy-protection systems and to censorship and surveillance issues to unprecedented levels. The analysis by Electronic Frontier Foundation is inexorable and rigorous; although also the IBM refutation is worth reading. 10:40:52 AM  PermaLink   / trackback []

Securing a Web Site. Securing a Web Site. In this paper, Erik Evans will review the current challenges businesses face when hosting a public web site. By Erik Evans. [Infosec Writers Latest Security Papers] 10:37:23 AM  PermaLink   / trackback []