Privacy Digest

It has nothing to do with privacy, but I wanted to let my readers know about a fundraising event from an organization I work with. If you are in NYC on Wednesday May 21, 2008 why not pay us a visit. Tickets available online.

Inaugural Benefit for the Sunflower Children of Latin America Fund (May 21, 2008 NYC) In Partnership with JPMorgan and the Maybach Family Foundation.

EVENT HIGHLIGHTS ( www.SunflowerChildren.org & www.Maybach.org )

Sunflower Children Funds, JPMorgan and the Maybach Family Foundation host an evening of fashion, fun and philanthropy for JPMorgan Investment Banking, Private Banking employees and Sunflower-Maybach key supporters amongst the NY philanthropic and fashion communities.

Proceeds will primarily benefit Casita de Belen, a Sunflower-sponsored home for street children in Colombia, as well as Sunflower Children projects in Brazil, Cuba, Nicaragua & Peru.  read more »

DHS Can’t Admit Its Own Mistakes - Via CDT - PolicyBeta:

Back in April, I blogged about how Department of Homeland Security Secretary Michael Chertoff was “dead wrong” when he testified before the Senate that personal information can’t be “skimmed” from an unencrypted barcode, which all driver’s licenses will have under the REAL ID program. Chertoff completely denied that there are any privacy risks associated with the REAL ID card’s “machine-readable zone.”

Sen. Feingold, D-WI, was right to question Chertoff’s testimony that day and followed up with a letter asking the Secretary to further explain why he thought citizens’ personal information wasn’t at risk or why they couldn’t be tracked by scanning REAL ID cards during a multitude of transactions. Just this week, DHS responded to Sen. Feingold via letter. The Department again shirked responsibility for ensuring that Americans’ personal information stored on REAL ID cards is protected and not accessible by unauthorized parties – businesses and government agencies alike.  read more »

Charter to Insert Ads into Web Pages Its Broadband Customers Visit - Via Threat Level:

Charter Communications, one of the nation's largest ISPs, plans to track the web surfing habits of its customers in order to insert its own ads into web pages being visited by its customers, making it the first large American ISP to inject content into traffic its customers pay them to deliver.

In letters being sent to its 2.7 million high speed internet customers, Charter is billing its new ad insertion program as an 'enhancement' for customers' web surfing experience. The letters were first reported by BroadbandReports.com user on Sunday.

Browsing the web can become more like flipping through your favorite magazine, where you see ads that are appealing to you and enhance your enjoyment and the utility of the experience.

Users can opt out of the system, but have to give their full name and address to get an opt-out cookie. The process would have to be repeated for every browser on every computer in a home to block the service, and would have to be reset if cookies are ever deleted.

Charter is entering tricky legal and political territory. The company claims that the program won't show users more ads than they saw before – which means that Charter plans to overwrite the ads from sites like Wired.com. Such a move could easily lead to lawsuits.  read more »

Five IRS Employees Charged With Snooping on Tax Returns - Via Threat Level:

Five workers at the Internal Revenue Service's Fresno, California return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayer's files for their own purposes.

"The IRS has a method for looking for unauthorized access, and it keeps audit trails, and occasionally it will pump out information about who's done what," says assistant United States attorney Mark McKoen, who's prosecuting the cases in federal court in Fresno. "In general terms, IRS employees are only authorized to access the accounts of taxpayers who write in. They're not allowed  to access friends, relatives, neighbors, celebrities."

With tax return information just a few keystroke away, IRS employees succumb to curiosity often enough that the agency has its own word for such browsing: UNAX, (pronounced you-nacks) , for "unauthorized access." In congressional testimony last month, a Treasury Department investigator  said employee prying was on the rise, with 430 known cases in 1998, and 521 last year.  read more »

Resources on hate speech and trolls - Via CFP: Technology Policy '08:

One of our goals for the Dealing with hate speech and trolls module I'm leading at the social network workshop next Thursday is to create a useful resource page. There are a lot of techniques that can help bloggers and moderators; and call me an optimist, but I really believe a shared understanding of past thinking and research in this area, and the facts and different perspectives in a lot of real-world experiences, can make a huge difference. We'll hopefully have an online component to the workshop; specific technology (and the exact time of this session) still TBD. We'll present the results at the panel on Hate speech and oppression in cyberspace Friday morning (May 23, 11 a.m.-12:30 p.m. EDT), which will hopefully be recorded and streamed live.  read more »

NSA Attacks West Point! Relax, It's a Cyberwar Game - Via Wired News: Security Blanket:

Five hours into their assault on West Point, the hackers got serious.

The SQL [structured query language] inserts that came earlier were just pablum intended to lull the Army cadets into a false sense of security. But then the bad guys unleashed a stealthy kernel-level rootkit that burrowed into one workstation, started scraping data and "calling home."

It was a highly sophisticated attack, but this time the bad guys were really good guys in wolves' clothing.

For four days in late April, the National Security Agency -- the nation's most secretive repository of spooks, snoops and electronic eavesdroppers -- directed coordinated assaults on custom-built networks at seven of the nation's military academies, including West Point, the Army university 50 miles north of New York City.  read more »

Making Surveillance for the FBI Easy - Via ACLU Blog - Privacy & Technology:

Last night, Hasan Elahi, an artist and San Jose State professor, was a guest on The Colbert Report. In all his bleach-blond glory, Elahi describes for Colbert the experience of being stopped in a Detroit airport and questioned by the FBI in 2002. (The FBI never confirmed that Elahi's name is on the terrorist watch list…but being stopped and questioned at an airport gives a pretty good indication that he was.) After being cleared of any suspicion, he was told that he had to "check in" with the FBI periodically. He did the FBI one better by creating TrackingTranscience.com, in which he surveils himself in real time—his current location is always available at the website. He also takes hundreds of pictures of his whereabouts and uploads them to the site, so if the FBI wants to know what he had to eat (the man consumes a lot of meat), where he went to the bathroom, or his credit card expenses, it's all online—easy breezy for the FBI to keep track of him!  read more »

Kosovo: Politics, Legality, and Philosophy of Secession - Via JURIST - Video Monitor:

Kosovo's Independence: The Politics, Legality, and Philosophy of Secession
, Duke Law School, March 24, 2008. RealPlayer, 1 hr. 6 mins. Watch recorded video.

(Read Original Article - Via JURIST - Video Monitor.)

Congress Considers Reform On Orphaned Works - Via Slashdot: Your Rights Online:

I Don't Believe in Imaginary Property writes "Bills have been introduced in both the House and the Senate to liberalize copyright law in the case of orphaned works. The almost-identical bills would limit the penalties for infringement in cases where the copyright holder could no longer be identified. The idea is that one could declare their intent to use the work with the Copyright Office and if the copyright holder didn't care to respond, they would only be able to get 'reasonable compensation' instead of excessive statutory penalties. Public Knowledge has more details on the bills."

(Read Original Article - Via Slashdot: Your Rights Online.)

FBI Practices Need Strict Oversight, ACLU Says - Via American Civil Liberties Union:

Washington, DC – As FBI Director Robert Mueller appeared before Congress today, the American Civil Liberties Union urged the House Judiciary Committee to ask him the “hard questions.”

“Director Mueller has plenty to answer for,” said Caroline Fredrickson, director of the ACLU Washington Legislative Office. “The FBI’s track record of late has been dismal. Members of the committee should take this opportunity to push for real answers to questions about National Security Letters, delays in the naturalization process and the FBI’s role in torture and anti-terrorism policies set by the administration.”  read more »

Shamos on paper trails - Via Freedom to Tinker:

In an interview today with CNet, Michael Shamos talks about paper trails.  Shamos is a professor at CMU who has served as a voting system analyst for the Pennsylvania Secretary of State. In this article, a transcript of an interview conducted by Declan McCullagh, he spends a fair bit of time trashing paper trails, and by that, he’s referring to the “toilet paper roll” thermal printer attachments that are sold by the major U.S. voting system vendors.

He’s correct, to a limited extent.  He discusses a “20%” failure rate, which he probably gets from some problems in Ohio.  It’s certainly the case that these things are poorly engineered.  The ostensible reason for the continuous paper roll, as opposed to cutting the sheets individually, is that you’d have better reliability.  However, having the votes recorded in the order they were cast is a clear violation of voter privacy.  read more »

ACLU Applauds Senate Scrutiny of Overbroad NSL Authority - Via American Civil Liberties Union:

Washington, DC – As an overbroad and often-abused power is examined today by the Senate Judiciary Committee, the American Civil Liberties Union urged members of the committee to thoroughly question its witnesses before marking up legislation aimed at fixing the problem. The "National Security Letter Reform Act" introduced by committee member Senator Russell Feingold (D-WI), would narrow the scope of National Security Letters (NSLs) and curb abuse by federal law enforcement. NSLs are used to obtain access to personal customer records from Internet Service Providers, financial institutions and credit reporting agencies. Recipients of the NSLs are generally forbidden, or "gagged," from disclosing that they have received the letters.

"As we’ve seen, the broader the NSL statute is, the more likely it is to be abused," said Caroline Fredrickson, director of the ACLU Washington Legislative Office. "Senator Feingold’s bill will narrow the reach of NSLs, preserve judicial oversight and put the burden on the government to prove that secrecy is needed before imposing draconian gag orders.  read more »

Feds to Collect Millions of DNA Profiles Yearly, Stay Out if You Can - Via Threat Level:

The feds will soon be collecting about one million DNA samples a year under a new program that lets federal agents collect cheek swabs from citizens merely arrested for any federal crime or from any non-citizen detained by federal agents -- including visitors to the country who have visas.

The intent is build a massive database of DNA samples (.pdf) that police can use to catch rapists and murderers, but even the innocent should fear being in the database, due to the vagaries of how cold case DNA searches can easily pinpoint an innocent person.

Thanks to an amendment in the Violence Against Women Act of 2005 that was sponsored by Sen. Jon Kyl (R-Arizona), the feds now have the authority to immediately take DNA from any arrestee or 'detained' non-citizen and immediately upload it to the FBI's CODIS database.  That database is currently fed by federal law enforcement agencies and all 50 states, a few of which collect and upload DNA samples from people arrested, but not convicted of a crime.   read more »

Counterfeits, Trojan Horses, and shady distributors - Via Freedom to Tinker:

Last Friday, the New York Times published an article about counterfeit Cisco products that have been sold as if they were genuine and are widely used throughout the U.S. government.  The article also raised the concern that these counterfeits could well be engineered with malicious intent, but that this appears not to have been the case. There was an immediate Slashdot thread as well, but a number of issues are still worth commenting on.

First things first: the facts, as best we understand them.  The New York Times reports that approximately 3500 counterfeit Cisco components (worth $3.5M) have been discovered as a result of a two-year FBI investigation.  A Cisco spokesman is quoted saying that they found “no evidence of re-engineering.”  In other words, we’re talking about faithful knock-offs of legitimate products.

If you go to the FBI’s unclassified PowerPoint presentation (dated January 11, 2008), you’ll see all the actual information.  This is a fascinating read.   read more »

Live Webcast: Future of News, May 14-15 - Via Freedom to Tinker:

We’re going to do a live webcast of our workshop on “The Future of News“, which will be held tomorrow and Thursday (May 14-15) in Princeton. Attending the workshop (free registrat