Sunday, April 9, 2006

Legal Pad - Blog Archive - Phone Technician Suspected Illegal NSA Wiretap Miles Ehrlich is no fan of Big Brother. Just a few months after leaving government, the erstwhile chief of the San Francisco federal prosecutor's white collar division - along with his partner, Ismail Ramsey - has surfaced as the lawyer for a San Francisco man who dropped what could be a big bomb in the ongoing government wiretapping scandal. In a statement released Thursday, their client, former AT&T technician Mark Klein, says that he witnessed the setup of a room in the phone company's San Francisco office building that appeared to give the government access to all AT&T telephone and Internet traffic - and not just the international calls that the government has admitted to eavesdropping on. "Based on my understanding of the connections and equipment at issue, it appears the NSA is capable of conducting what amounts to vacuum-cleaner surveillance of all the data crossing the Internet -- whether that be peoples' email, web surfing, or any other data," Klein said. In 2003, the National Security Agency set up a secret room inside the phone company's San Francisco office building that was not accessible to AT&T technicians, Klein said. There, a phone company worker hired by the NSA to handle the equipment set up equipment that apparently diverted communications to something called a Semantic Traffic Analyzer. "The Narus STA technology is known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," Klein said. "The company's advertising boasts that its technology 'captures comprehensive customer usage data ... and transforms it into actionable information. ... [It] provides complete visibility for all Internet applications.'" Stein says he learned that similar rooms were installed in Seattle, San Jose, L.A. and San Diego. "Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with [the Foreign Intelligence Surveillance Act]." Klein's statement is being incorporated into a class action filed in San Francisco federal court, in which lawyers with the Electronic Frontier Foundation, Lerach Coughlin Stoia Geller Rudman & Robbins, and Traber & Voorhees in Pasadena claim that AT&T illegally allowed the NSA taps. 12:48:12 PM  PermaLink   / trackback []

Susan Crawford blog :: Seeing privacy I believe that within the next year or so there will be a tremendous privacy-related backlash related to search/advertising and social network applications. It will come from some unexpected direction, despite the best efforts of online search companies' inside and outside advisors to keep it from happening. It will come because people don't realize how public the internet is. Every once in a while, people wake up and realize what search engines/advertisers know about them, and it worries them enormously. And they write letters and organize boycotts, and all of this activity can be enormously harmful -- as Sony found in connection with the root kit episode [pdf; fine Ed Felten and Alex Halderman paper]. I also believe that all of the privacy-related energy directed at the application layer (at social networks and portals and search engines) may be missing the point. The real story in this country about privacy will be at a lower layer - at the transport layer of the internet. The pipes. The people who run the pipes, and particularly the last mile of those pipes, are anxious to know as much as possible about their users. And many other incumbents want this information too, like law enforcement and content owners. They're all interested in being able to look at packets as they go by their routers, something that doesn't traditionally happen on the traditional internet. The network owners will point out that there are lots of good reasons for this - in a sense, it's like turning the internet into a mobile phone network. Everything on a mobile phone network is tracked and known to some central authority. We don't (really) have spam or viruses on mobile phone networks, and that's because packets can be authenticated. Someone is in charge. The connection between broadband providers and law enforcement is very tight, and so the connection between the information gathered by these providers and law enforcement access to this information will also be very tight. Maybe that's fine. We swing back and forth - right after 9/11 we were only mad about commercial uses of data, and the government could do no wrong. Now the pendulum is going in the other direction - we are beginning to be upset about what the government knows about us. 12:40:57 PM  PermaLink   / trackback []

Susan Crawford on 'Seeing Privacy' Susan Crawford on 'Seeing Privacy' Susan Crawford has an excellent post that expresses much more intelligently what I[base ']ve been thinking about lately regarding some of the privacy implications of social networks and other online information services, noting how "social networks are rich minefields for privacy backlashes, particularly when combined with governmental desire for data." From her post: MySpace, Xanga, Flickr, Facebook. Hugely popular, full of people, MySpace second only to Yahoo! in page views, and has more people visiting than NYTimes. These sites are easily publicly searchable and viewable, although you have to register for MySpace and Xanga to look around, and have a college email address for Facebook. Oddly, people using these spaces may feel that they're just having a conversation with their friends, not thinking about large-scale, perhaps automated searches/hunts about them carried out. This is like being on a live TV interview, and seeing only the guy across from you, and not realizing that anyone can see you in the world. This kind of belief that the internet is a special area, not subject to usual policing, has recently come into conflict with the desires of actual police to track people down who are listed in these spaces. Princeton has caught people scaling buildings and drinking [base ']Äì both against campus rules [base ']Äì by searching these spaces, and Wikipedia has a whole page of campus/actual police raids of these spaces. Not to mention the records created for future employers and political enemies to check. So this strangeness of assuming it's a private space is running headlong into reality. Most of the social clues on these sites seem to indicate that you're just talking to a small group, because comments come from people you know or who are repeat players. Users really don' see EULAs or privacy notices. What they see is a warm community that seemes to care about them, and they don't monkey with the defaults made available to them that could shield their information from people they didn't know. When people wake up and realize that MySpace and Facebook are not private, they will experience a kind of loss of innocence, and they may even take down their sites. Some are prognosticating that a long, slow backlash against Web 2.0[base ']s social applications is now going on. The recent embrace of a deli.cio.us "no-sharing" setting for tags seems to support this trend. [michaelzimmer.org] 12:31:20 PM  PermaLink   / trackback []

Google Wi-Fi as State Agent? Google Wi-Fi as State Agent? Following up on these privacy concerns with municipal wi-fi programs, I am beginning to wonder to what extent the providers of muni-wi-fi (such as Google) might be considered [base "]state agents[per thou] when it comes to the collecting of personal information via these technologies. Does the fact that Google is providing this wi-fi as a public service on behalf of the city make them a de facto [base "]state agent[per thou]? If so, does this have any impact on the legal procedures the state must go through in order to obtain any records Google maintains on users accessing the system? Conversely, if Google is now considered a [base "]state agent,[per thou] do users have 4th Amendment rights when it comes Google[base ']s collection of their browsing & locational data? BTW, I am not a lawyer, and my understanding of these issues is based on my limited digestion of what my wife (who is an attorney) is patient enough to explain to me. Can anywone else chime in with the legalities of these concerns? [michaelzimmer.org] 12:20:26 PM  PermaLink   / trackback []

EFF files evidence against AT&T in wiretapping suit. EFF files evidence against AT&T in wiretapping suit. The Electronic Frontier Foundation announced Friday that it filed evidence with the courts backing up its claims that AT&T provided unfettered access to its network for the purpose of wiretapping.[Computerworld Data Mining News] 12:18:26 PM  PermaLink   / trackback []

A Modular Approach to Data Validation in Web Applications. A Modular Approach to Data Validation in Web Applications. Stephen de Vries submits this paper which discusses the fact that data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. By Stephen de Vries. [Infosec Writers Latest Security Papers] 12:15:17 PM  PermaLink   / trackback []

Watchdog rules in favour of 'greediest man in Britain'. Watchdog rules in favour of 'greediest man in Britain'. Says we can expect privacy at home, not photographers Publishing a photo of a man in his own home without his consent was a breach of his privacy, according to a ruling from the Press Complaints Commission today. The photo was included in a Sunday Mercury article on "the greediest man in Britain". [The Register - Internet and Law: Digital Rights/Digital Wrongs] 12:11:31 PM  PermaLink   / trackback []

Disney Mobile Aims Squarely at Families. Disney Mobile Aims Squarely at Families. New mobile service will allows parents to monitor their children's phone usage and location. [PCWorld.com - Latest News Stories] 12:09:44 PM  PermaLink   / trackback []

Smithsonian Deal With Showtime Restricts Access By Filmmakers As part of a near-exclusive deal with Showtime Networks, the Smithsonian Institution is restricting filmmakers' access to its scientists and archives, prompting another outcry over the museum's attempts to make money. Filmmakers who have relied on the vast holdings of the Smithsonian, and typically pay to use historic film or copy an artifact, have raised objections to the new policy of limited access to the public collections. Now most filmmakers will not have in-depth use of Smithsonian materials unless they are creating work for the Smithsonian/Showtime unit. Such films would be available through the Smithsonian on Demand cable channel to the small fraction of viewers with digital cable -- about 25 million homes. Jeanny Kim, the vice president for media services at Smithsonian Business Ventures, said the filmmakers who were doing "more than an incidental treatment" of a subject mainly from Smithsonian materials or wishing to focus on a Smithsonian curator or scientist would first have to offer the idea to Smithsonian/Showtime. Otherwise, the archives could not be used outside the realm of news programs (such as "60 Minutes" and "Dateline") in most cases. The new restrictions have outraged some filmmakers and researchers, who are criticizing the limitations placed on public archives, as well as the Smithsonian's refusal to reveal the details of its Showtime contract. Inside the institution, some staff raised questions about the lack of consultation regarding the new policy. Others said the change was overdue because the Smithsonian had lacked control over its property. "I think this is obscene," said Laurie Kahn-Leavitt, a filmmaker whose award-winning documentary about Tupperware relied heavily on materials at the Smithsonian. "That film would not have been made without the papers of Earl Tupper and Brownie Wise that are at the Smithsonian." Kahn-Leavitt added, "I am not against them having a deal with Showtime that is lucrative. But the archives are for the public to use." The materials at the Smithsonian cover almost every aspect of American life, from U.S. presidents to inventors to musicians to oceanographers to astronauts. Ken Burns mined material at the National Museum of American History for his PBS series "Jazz." The History Channel included film from the same archive for a program on the Chrysler Building. The Discovery Channel has used aviation footage from the National Air and Space Museum for its programs. The National Museum of Natural History has an active relationship with filmmakers, who often want materials on such subjects as forensic anthropology, human origins, the Hope diamond and dinosaurs. Last year nearly 500 researchers spent almost 900 days working at American History. That archive receives about 5,000 e-mails a year, ranging from students to professionals, asking about materials to study. 12:07:07 PM  PermaLink   / trackback []

Smithsonian-Showtime: Why the Broadcasting Treaty Matters. Smithsonian-Showtime: Why the Broadcasting Treaty Matters. EFF has long been a critic of the proposed WIPO Broadcasting Treaty, and now we have a particularly vivid example of how the treaty imperils the public domain. The Smithsonian Institution recently announced a joint venture with Showtime that gives the cable TV network exclusive commercial access to the Smithsonian's archival materials (much of which consists of public domain materials). According to the Washington Post: Jeanny Kim, the vice president for media services at Smithsonian Business Ventures, said the filmmakers who were doing "more than an incidental treatment" of a subject mainly from Smithsonian materials or wishing to focus on a Smithsonian curator or scientist would first have to offer the idea to Smithsonian/Showtime. Otherwise, the archives could not be used outside the realm of news programs (such as "60 Minutes" and "Dateline") in most cases. This arrangement is troubling for many reasons. In the words of Ken Burns, one of America's most accomplished documentarians, "It feels like the Smithsonian has essentially optioned America's attic to one company, and to have access to that attic, we would have to be signed off with, and perhaps co-opted by, that entity." (For a stark contrast to the Smithsonian approach, take a look at the BBC's Creative Archive.) But consider just how much worse this arrangement might become if the WIPO Broadcasting Treaty comes into force. Under current copyright law, Showtime would have no exclusive rights over any public domain materials that they broadcast on their "Smithsonian on Demand" channel. So subsequent creators remain free to record the programs, extract the public domain elements, and re-use them, without fear of copyright lawsuits. The Broadcasting Treaty could change all that. By creating new exclusive rights for broadcasters, the proposed treaty could block subsequent creators from recording and extracting the public domain material from the broadcast. Instead, they would have to independently obtain access to the original public domain materials. But Showtime has already locked up a deal that gives its people exclusive access to the originals. Catch-22! It's bad enough when private parties lock up exclusive access rights to public domain materials in archives, museums, and libraries. Combine that with the Broadcasting Treaty, and you have a recipe for a public domain land grab. We don't know whether the WIPO Broadcasting Treaty would necessarily lead to this result, as those who are supporting it (including the USPTO) have refused to "speculate" on what U.S. implementing legislation might look like, and whether they would support parallel exceptions to copyright law. But unless and until the treaty precludes a public domain land grab, it's hard to see how any friend of the public domain can support it. [EFF: Deep Links] 12:02:35 PM  PermaLink   / trackback []

Microsoft Ramps Up DRM Work. Microsoft Ramps Up DRM Work. Copy-protection technology will be strengthened for mobile use, company says. [PCWorld.com - Latest News Stories] 11:55:03 AM  PermaLink   / trackback []

Protect Your Health Privacy. Protect Your Health Privacy. Ask the right questions to keep your records private, experts tell Congress [PCWorld.com - Latest News Stories] 11:52:45 AM  PermaLink   / trackback []

Is Election Transparency a Partisan Issue? Is Election Transparency a Partisan Issue?  That's what some members have either implied or outright stated when discussing the future of HR 550 with our team of lobbyists-for-a-day. Staff members for Rep. Jim Walsh (R-NY) called HR 550 a "partisan bill" and, in any event, that the "pro-computer lobby" had been pressing Walsh's office on the issue as well. Walsh wasn't the only Republican who cited partisan considerations. On the other side of the aisle, Rep. Juanita Millender-McDonald (D-MI), ranking Democrat on the Committee on House Administration also expressed doubts about whether the bill could advance in a Republican-controlled Congress. This reaction wasn't widespread (at least publicly), but neither was it rare. On the other hand, Republicans today proved to be some of the most fertile ground. Our team from Kentucky noted that a "lightbulb went off" with staffers for Rep. Ron Lewis (R-KY) who were interested in the subject matter and were considering some of the provisions for the first time. And Rep. Vito Fossella (R-NY), while not committing his support, proved to be very concerned about the widespread problems presented by the use of closed, proprietary software in voting equipment. Click here to tell your member of Congress to support HR 550! [EFF: Deep Links] 11:44:01 AM  PermaLink   / trackback []

HR 550: Still the Gold Standard of voter-verified paper record (VVPR) legislation. HR 550: Still the Gold Standard.  Will HR 550 solve many of the outstanding questions surrounding the use of e-voting equipment? Recently, a few strongly-worded questions have been raised regarding the effectiveness of the bill. Thankfully, the concerns are misplaced or simply wrong, as diligently explained by Pam Smith, Nationwide Coordinator for VerifiedVoting.org: "Recently allegations of shortcomings in the "Voter Confidence and Increased Accessibility Act" -- HR550, introduced by Rep. Rush Holt of New Jersey -- have been circulated, moments before citizens concerned about verifiable elections nationwide converge on Washington DC to lobby for this particular bill. "The concerns about the legislation are generally unfounded. HR550 remains the "gold standard" of voter-verified paper record (VVPR) legislation, the only one with bi-partisan support and the only one to require mandatory random manual audits that would check for accuracy in every state. The organizations that support it, which run the gamut from partisan at both extremes to non-partisan election reform organizations, do so because it is clear that this legislation would go the furthest to improve election integrity nationwide. Despite the fact that 27 states have passed requirements in one form or another for voter-verified paper records, and another handful have purchased 100% voter-verifiable equipment statewide even without passing a requirement, the sad fact remains that much of our country still lacks a voter-verified paper record and fully three-quarters of the states lack any requirement to audit their elections for accuracy! "In short, HR550 is the best VVPR legislation and has earned the support of those who are concerned about election integrity nationwide. Read more here. Click here to tell your member of Congress to support HR 550! [EFF: Deep Links] 11:36:29 AM  PermaLink   / trackback []

EFF PSAs for Your Podcast or Online Radio Show. EFF PSAs for Your Podcast or Online Radio Show. If you podcast or produce online radio shows, you can help support EFF by featuring a PSA in your programs. EFF Fellow Cory Doctorow along with EFF Boardmembers Larry Lessig, John Gilmore, Brad Templeton, Joe Kraus, and Sarah Deutsch have all recorded clips for your listening pleasure. [EFF: Deep Links] 11:32:27 AM  PermaLink   / trackback []

Warrantless Wiretaps Possible in U.S. Attorney General Alberto R. Gonzales left open the possibility yesterday that President Bush could order warrantless wiretaps on telephone calls occurring solely within the United States -- a move that would dramatically expand the reach of a controversial National Security Agency surveillance program. In response to a question from Rep. Adam Schiff (D-Calif.) during an appearance before the House Judiciary Committee, Gonzales suggested that the administration could decide it was legal to listen in on a domestic call without supervision if it were related to al-Qaeda. "I'm not going to rule it out," Gonzales said. In the past, Gonzales and other officials refused to say whether they had the legal authority to conduct warrantless eavesdropping on domestic calls, and have stressed that the NSA eavesdropping program is focused only on international communications. Gonzales previously testified in the Senate that Bush had considered including purely domestic communications in the NSA spying program, but he said the idea was rejected in part because of fears of a public outcry. He also testified at the time that the Justice Department had not fully analyzed the legal issues of such a move. In yesterday's testimony, Gonzales reiterated earlier hints that there may be another facet to the NSA program that has not been revealed publicly, or even another program that has prompted dissension within the government. While acknowledging disagreements among officials over the monitoring efforts, Gonzales disputed published reports that have detailed the arguments. 11:30:37 AM  PermaLink   / trackback []