Tuesday, April 18, 2006

AT&T and spying - Editorials & Commentary - International Herald Tribune Aformer employee of AT&T has come forward with documents suggesting that there may be a lot more spying going on in America than President George W. Bush has admitted. The AT&T documents suggest that telephone companies may be helping the U.S. government engage in wholesale interception of telephone calls, e-mail messages and Web surfing. If AT&T is violating its customers' privacy rights, it should come clean, and stop immediately. According to Mark Klein, a longtime AT&T technician who is now retired, AT&T maintained a room at its San Francisco Internet and telephone hub where its customers' data could be mined by keywords, e-mail addresses and other attributes. Klein says the National Security Agency was given access to the room and the data. He says other technicians have reported to him that similar rooms exist at other AT&T sites. Klein's assertions are the heart of a lawsuit filed by the Electronic Frontier Foundation, which charges AT&T with helping the NSA conduct an extensive and illegal domestic spying program. The government can legally intercept private communications only under limited circumstances, with proper judicial oversight. AT&T has refused to describe its cooperation with the NSA. The lawsuit seeks damages on behalf of a large number of AT&T customers, which could provide the company with a strong incentive to re-evaluate its policies. But even without the suit, AT&T has a reason to worry if it is participating in illegal domestic spying. No company should want to get a reputation for allowing the government to listen in on its customers' phone calls, read their e-mail and monitor their Web activity without the requisite legal showing. Aformer employee of AT&T has come forward with documents suggesting that there may be a lot more spying going on in America than President George W. Bush has admitted. The AT&T documents suggest that telephone companies may be helping the U.S. government engage in wholesale interception of telephone calls, e-mail messages and Web surfing. If AT&T is violating its customers' privacy rights, it should come clean, and stop immediately. According to Mark Klein, a longtime AT&T technician who is now retired, AT&T maintained a room at its San Francisco Internet and telephone hub where its customers' data could be mined by keywords, e-mail addresses and other attributes. Klein says the National Security Agency was given access to the room and the data. He says other technicians have reported to him that similar rooms exist at other AT&T sites. 2:00:44 PM  PermaLink   / trackback []

Advanced online privacy protection - Homeland Security or Homeland Stupidity The U.S. government seems to have a dizzying array of programs, both already running and in the pipeline, to gather vast amounts of data on virtually everyone, store that data for who knows how long, and do who knows what with it. One thing they're doing is data mining, looking for "suspicious" patterns in the data trying to find potential threats. Not only does data mining not work, there's a chance it could identify you, even if you aren't doing anything wrong. Other countries are already putting in place even more Orwellian surveillance on their own citizens. And some countries, as we all know, arrest, torture and kill dissidents or anyone they just don't like. Fortunately, there are things you can do to protect yourself from all of these threats. I called this article "Advanced online privacy protection" because it reveals things about keeping yourself safe and anonymous online which are little-known, except to the bad guys. It's about time the good guys got hold of some serious protection. 1:56:46 PM  PermaLink   / trackback []

Privacy and Marketing Intersect at IAPP Summit At last month's IAPP Summit more than 800 attendees mingled with more than 100 privacy experts from around the world. Following the conference, three experts reflected on their experiences there, and offered insight into trends they see within the privacy space. Privacy officers constantly walk a tightrope, says Doris Patrick, director of consulting services at privacy firm Gryphon Networks. "You need to be an advocate for customers while also successfully doing business," she says. This involves a commitment to both short- and long-term goals, a keystone of our Return on Customersm concept. And of no surprise to us, many times the tightrope leads to the marketing department. Some marketers groan about how privacy regulations like Do-Not-Call, Gramm-Leach-Bliley, and CAN-SPAM limit their opportunities to communicate with customers and prospects. Patrick says marketers should be held accountable for the current state of business. "Shame on us as marketers for letting it get to that point [to force privacy legislation]," Patrick says. "Marketers have to change the way they do business." She says the business future will be based on permission and relationship-building tools, including the idea of consumer preference management. "Companies are trying to be more proactive," she says. "We want to talk to customers, but in a way they want to receive [information]." 1:52:09 PM  PermaLink   / trackback []

New NGA Center Brief On Privacy and Criminal Justice Information Systems - Apr 18, 2006 A new National Governors Association Center for Best Practices (NGA Center) issue brief, Protecting Privacy in Integrated Justice Systems, examines the impact of recent advances in justice information sharing on privacy protections. The brief also makes recommendations that states can adopt to continue the public safety gains made from justice information sharing while improving individual privacy protections. Improving justice information sharing has been a priority for states over the past decade, especially since Sept. 11. Along with these improvements there have been some "unintended consequences as the sharing of information about victims, witnesses, law enforcement, court, and other criminal justice personnel potentially exposes them to harm by violating privacy protections...While many of these issues are not new, what are new are the large-scale implications; never before has so much information been immediately available at the touch of a button," according to the brief. 1:34:56 PM  PermaLink   / trackback []

Barton to Address Availability of Telephone Records. Barton to Address Availability of Telephone Records. "We're going to start the formal process of ending that unique threat to personal privacy" [GT: Privacy] 1:32:14 PM  PermaLink   / trackback []

Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market?  This contribution, written by Craig Gosselin, discusses two open source tools, Snort and Bro that are either no cost or low cost that you can obtain and train to use. By Craig Gosselin. [Infosec Writers Latest Security Papers] 1:23:54 PM  PermaLink   / trackback []

EFF Debate: "Email - Should the Sender Pay?" EFF Debate: "Email - Should the Sender Pay?" Esther Dyson and Danny O'Brien Face Off April 20 in San Francisco San Francisco - What is the future of email? Should anyone ever have to pay to send it? Or would payments undermine free speech on the Internet? These are just a few of the questions raised recently by AOL's controversial plans to adopt a "certified" email system. For more on the issues surrounding pay-to-send email, join EFF for a debate on April 20 in San Francisco. EFF's Activism Coordinator Danny O'Brien and tech expert Esther Dyson will face off over the question "Email - Should the Sender Pay?" Entrepreneur and EFF co-founder Mitch Kapor will moderate. To reserve a seat for this debate, please email press@eff.org. WHAT: EFF Debate: "Email - Should the Sender Pay?" WHEN: Thursday, April 20th 7-8:30pm WHERE: Roxie Film Center 3117 16th Street, San Francisco (between Valencia and Guerrero) 415-863-1087 RSVP: press@eff.org For more on this event: http://www.eff.org/bayff/aolmail_debate.php To learn more about the DearAOL campaign against AOL's planned sender-pay system: http://www.dearaol.com Some recent coverage of the controversy concerning AOL: http://news.com.com/AOL+charged+with+blocking+opponents+e-mail/2100-1030_3-6061089.html For Esther Dyson's editorial, "You've Got Goodmail": http://www.release1-0.com/freshproduce/article.php?serialnum=FRP200603170000 Contact: Rebecca Jeschke Media Coordinator Electronic Frontier Foundation press@eff.org [EFF: Breaking News] 1:22:16 PM  PermaLink   / trackback []

Hacked PCs Receive Updated Spam Tool. Hacked PCs Receive Updated Spam Tool. Computers infected with the Bagle virus began downloading new malware over the weekend. [PCWorld.com - Latest News Stories] 1:20:44 PM  PermaLink   / trackback []

deployment scenarios for honeypots. Honeypots Deployed. In this paper, Eddie Bibbs discusses deployment scenarios for honeypots. By Eddie Bibbs. [Infosec Writers Latest Security Papers] 1:18:25 PM  PermaLink   / trackback []

HNS - Intelligence as the Basis for Proactive Security Risk Management There has been a significant shift recently in the sophistication of network attacks as these morph from unstructured to structured threats. Users not only face a broader variety of security challenges but also have a tougher time in dealing with them in a cost effective manner. Those organisations which found that they were unprepared to deal with unstructured threats will have no hope now that the ante has been raised. An example of the transition is the difference between Phishing and Spear-Phishing. Phishing plays on the law of numbers, randomly blasting out the scheme to a wide variety of potential victims. Spear-Phishing, however, is intelligence-based and targeted towards a particular establishment or victim profile. Yes, times are changing. The big question is how can we beat these adversaries? 1:16:46 PM  PermaLink   / trackback []

The Future of Phish Fighting Opinion: Since e-mail standards won't be of much help, we'll have to deal with phishing through private, complementary services. Which will be the big guns? This week's E-mail Authentication Summit in Chicago on April 19 reminds me of the Internet community's failure to agree on an authentication standard. Efforts such as this meeting notwithstanding, the whole authentication movement has been a flop, and that's a shame. Nothing would have made a bigger dent in malware, spam and phishing than a widely respected standard for authentication. Since authentication won't be universal enough to help, we'll be left using private industry products and services to fill in the gaps. 1:13:30 PM  PermaLink   / trackback []

Employees Be Warned: Do Not Delete. Employees Be Warned: Do Not Delete. Employers may have a new weapon to use against disgruntled employees who delete data on their computers before leaving the company. In a recent Seventh Circuit Court Appeals decision, International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006), the court held that the employer could maintain a claim against a former employee under the Computer Fraud and Abuse Act, 18 U.S.C. sec. 1030 ("CFAA"). [Privacy and Security Law Blog] 1:06:08 PM  PermaLink   / trackback []

UK car tracking database delayed to boost capacity. UK car tracking database delayed to boost capacity. While Yorkshire police plan handheld checks The police have delayed crank starting their national car tracking database so they can keep more data about more people for longer periods of time. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 1:03:59 PM  PermaLink   / trackback []

Calling for Sunshine at the Smithsonian. Calling for Sunshine at the Smithsonian. As we mentioned in a prior post, the Smithsonian and Showtime Networks have entered into a deal with troubling implications for the public domain (especially in light of the proposed WIPO Broadcasting Treaty). A FOIA request has been sent to the Smithsonian seeking public disclosure of the terms of the deal (EFF is representing the Center for American Progress in connection with the request). Now 215 citizens have signed an open letter to the Smithsonian, demanding that the terms of the deal be made public. Signatories include technology luminaries (Vint Cerf, Mitch Kapor, David Farber), filmmakers (Michael Moore, Ken Burns), academics (Larry Lessig, Pam Samuelson), and public interest groups (Public Knowledge, Future of Music Coalition, Ass'n of Research Libraries). Kudos to Carl Malamud at the Center for American Progress for spearheading the sunshine effort. [EFF: Deep Links] 1:02:01 PM  PermaLink   / trackback []