Supreme Court Takes ‘Informational Privacy’ Case: Via Threat Level.

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers.

The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “informational privacy.” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics and Space Administration contractors as being too invasive — calling them an unconstitutional, “broad inquisition.”

The checks sought information from any source surrounding their sex lives, finances and even drug use. The contractors being investigated were not privy to classified information. [ Read more ... ]

Feds Move to Break Voting-Machine Monopoly: Via Threat Level.

Citing anti-competitive concerns, the Justice Department sued Election Systems & Software in order to force the company to divest itself of the voting machine assets it obtained from Premier Election Solutions last year.

The department’s Antitrust Division, along with nine state attorneys general, filed the civil antitrust lawsuit (.pdf) in U.S. District Court in Washington, D.C., charging that the acquisition threatened competition. The department proposed a settlement that, if accepted, would dissolve the merger and force ES&S to sell its Premier business to a buyer approved by the Justice Department.

“The proposed settlement (.pdf) will restore competition, provide a greater range of choices and create incentives to provide secure, accurate and reliable voting equipment systems now and in the future,” said Molly S. Boast, deputy assistant attorney general for the Antitrust Division in a statement. [ Read more ... ]

Over 75,000 systems compromised in cyberattack: Via Computerworld Cybercrime/Hacking News.

Correction: An earlier version of this story incorrectly said the cyberattacks began in 1998. They began in 2008.

Security researchers at Herndon, Va.-based NetWitness Corp. have unearthed a massive botnet affecting at least 75,000 computers at 2,500 companies and government agencies worldwide.
The Kneber botnet, named for the username linking the affected machines worldwide, has been used to gather login credentials to online financial systems, social networking sites and e-mail systems for the past 18 months, according to NetWitness.

A 75GB cache of stolen data discovered by NetWitness included 68,000 corporate login credentials, login data for user accounts at Facebook, Yahoo and Hotmail, 2,000 SSL certificate files and a large amount of highly detailed "dossier-level" identity information. In addition, systems compromised by the botnet also give attackers remote access inside the compromised network, the company said.

"Disturbingly, the data was only a one-month snapshot of data from a campaign that has been in operation for more than a year," NetWitness said in a statement announcing the discovery of the botnet late yesterday. [ Read more ... ]

Google Books Fosters Intellectual, Legal Crossroads: Via Threat Level.

Nobody in their right mind opposes the intellectual soundness of digitizing the world’s books – even titles gathering dust in the stacks of university libraries — and making them available online.

Yet Google will encounter stiff resistance in a Manhattan federal court Thursday during a marathon hearing that could grant Google the keys to free the written word from a business and intellectual model as old as paper and ink.

“The benefits of approval are bounded only by the limits of human creativity and imagination,” Google told U.S. District Judge Denny Chin in a recent court filing ahead of Thursday’s hearing.

The final word on the so-named “Google Books” plan won’t rest with Judge Chin, and instead likely could fall on the U.S. Supreme Court. [ Read more ... ]

Authors Guild: ‘To RIAA or Not to RIAA’: Via Threat Level.

There’s equal reason to support or object to the proposed Google Books settlement.

Creating a digital catalog of the worlds’ words might be the Holy Grail of intellectual empowerment.

Yet building that library in the clouds would be allowed without the rights-holders’ consent — which the Justice Department and others contend is a complete and fundamental alteration of copyright law.

The Authors Guild is backing the settlement in hopes of creating a new and legitimate book-selling venue. In a message to members Friday, it supported the development of a digital marketplace for the world’s words as a counter to digital piracy.

What’s more, the group noted it didn’t want to be like the Recording Industry Association of America. The labels’ lobbying and litigation arm has sued thousands of individuals and music-trading sites — lawsuits that have not dented the illegal, pirated-music marketplace. [ Read more ... ]

Heartland hacker pleads guilty in third case: Via Computerworld Cybercrime/Hacking News.

The hacker who enabled the theft of millions of credit card numbers has pleaded guilty to two counts of conspiracy and will receive a prison term of at least 17 years.

Albert Gonzalez, the hacker, has already pleaded guilty in two other cases related to the theft. As part of his plea agreement in those cases, in Boston and New York, he agreed to ask for no less than 15 years in prison and the government agreed to ask for no more than 25 years. [ Read more ... ]

Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack: Via Threat Level.

The two great friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison.

While accused TJX hacker kingpin Albert Gonzalez awaits a possible sentence of 17 years or more in prison, one of his best friends and accomplices was sentenced on Tuesday in Boston to two years for his role in what the feds are calling “the largest identity theft in our nation’s history.”

Stephen Watt, a 25-year-old former Morgan Stanley software engineer, pleaded guilty last December to creating a custom sniffing program dubbed “blabla” that Gonzalez and other hackers used to siphon millions of credit and debit card numbers from TJX’s network. The breach cost TJX $200 million, according to its 2009 SEC filing. [ Read more ... ]

Torrent Search Engines Unlawful, U.S. Judge Says: Via Threat Level.

The operator of a popular BitTorrent search site said Monday he will likely challenge last week's landmark decision by a U.S. judge declaring such sites unlawful and no different from conventional peer-to-peer piracy services.

"We do think from our preliminary review there are a number of issues for appeal," said Ira Rothken, attorney for popular torrent search engine ISO Hunt, the defendant in the case.

The long-awaited decision, while not unexpected, was the first in the United States in which a federal judge found that BitTorrent search engines are an unlawful avenue (.pdf) to free movies, music, videogames and software. A contrary ruling likely would have sparked a gold rush of BitTorrent prospectors in the United States.

Targeted in the case was Gary Fung, a Canadian who operates ISO Hunt and other torrent search engines. Among other things, he argued that U.S. laws did not attach to him, and if they did, that his websites were protected under the Digital Millennium Copyright Act. [ Read more ... ]

An E-Book Buyer's Guide to Privacy: Via EFF.org Updates.

As we count down to end of 2009, the emerging star of this year's holiday shopping season is shaping up to be the electronic book reader (or e-reader). From Amazon's Kindle to Barnes and Noble's forthcoming Nook, e-readers are starting to transform how we buy and read books in the same way mp3s changed how we buy and listen to music.

Unfortunately, e-reader technology also presents significant new threats to reader privacy. E-readers possess the ability to report back substantial information about their users' reading habits and locations to the corporations that sell them. And yet none of the major e-reader manufacturers have explained to consumers in clear unequivocal language what data is being collected about them and why. [ Read more ... ]

Google Books Settlement 2.0: Evaluating Censorship: Via EFF.org Updates.

This is the fifth in a series of posts about the proposed Google Book Search settlement.

As we've explained in earlier posts, when it comes to evaluating the proposed Google Books settlement, the principal potential benefit to the public (increased access to books online) must be weighed against the potential drawbacks (impediments to competition, inadequate protection for privacy). Another potential downside for the public in the proposed settlement is the risk of censorship.

The understand the importance of this risk, keep two things in mind. [ Read more ... ]

USA Technologies Attempts to Out Anonymous Online Critics, Runs Into New California Fee Statute: Via EFF.org Updates.

A Pennsylvania publicly-traded company has become the latest corporate entity to use the legal system in an attempt to out an anonymous online critic, and EFF is defending the critic with the help of the First Amendment as well as an important new California statute. USA Technologies, based in Malvern, Pennsylvania, recently filed a federal lawsuit against two Yahoo! message board posters who roundly criticized what they claim is the consistently poor performance of USA Technologies' management. The criticism highlighted plummeting stock prices of the company as well as the high compensation rates for management of the company that has been consistently unprofitable. [ Read more ... ]

Leaked 9/11 Text Messages: Via Schneier on Security.

Wikileaks has published pager intercepts from New York on 9/11:

WikiLeaks released half a million US national text pager intercepts. The intercepts cover a 24 hour period surrounding the September 11, 2001 attacks in New York and Washington.

[...]

Text pagers are usualy carried by persons operating in an official capacity. Messages in the archive range from Pentagon, FBI, FEMA and New York Police Department exchanges, to computers reporting faults at investment banks inside the World Trade Center.

Near as I can tell, these messages are from the commercial pager networks of Arch Wireless, Metrocall, Skytel, and Weblink Wireless, and include all customers of that service: government, corporate, and personal.

There are lots of nuggets in the data about the government response to 9/11: [ Read more ... ]

Google Books Settlement 2.0: Evaluating Privacy: Via EFF.org Updates.

This is the fourth in a series of posts about the proposed Google Book Search settlement.

We have now examined the chief promised benefit (increased public access) of the proposed Google Books settlement, as well as one of the chief potential drawbacks (impaired competition). Another down-side to the proposed settlement is its lack of adequate protections for reader privacy. And although EFF has repeatedly written about the privacy problem and outlined specific steps that could be taken to address it, as have the ACLU, CDT, EPIC, library associations, and academic authors, the revised Settlement 2.0 still does nothing new to address the serious privacy concerns raised by the Google Book Search services. [ Read more ... ]

DNA Testing Firm Goes Bankrupt; Who Gets the Data?: Via Threat Level.

An Icelandic firm that offers private DNA testing to customers has filed for bankruptcy in the U.S., raising privacy concerns about the fate of customer DNA samples and records, according to the Times of London.

DeCODE Genetics, a genetics research firm, began offering personalized DNA testing through its deCODEme website two years ago. A customer mails in a sample taken from the inside of his cheek, and the service calculates the subject’s genetic risk for disease — cancer, diabetes, Alzheimer’s, heart disease.

The company hasn’t disclosed how many clients signed up for its service, but provides a number of customer testimonials on its site, including Dorrit Mousaieff, Iceland’s first lady. The staff of the Martha Stewart show also got their DNA tested earlier this year by deCODE when the company’s founder, Dr. Kari Stefansson, was featured on the show.

DeCODE warned investors earlier this year that it was running out of money, and filed for bankruptcy in Delaware this week. Saga Investments, a U.S. venture capital firm, has already put in a bid to buy deCODE’s operations, including the deCODEme business, though the sale of the operations must still undergo a public auction.

The company told the Times that Saga would be bound by deCODE’s privacy agreements with customers, which prohibits the disclosure of customer data to third parties such as insurers, employers or doctors. [ Read more ... ]

Google Books Settlement 2.0: Evaluating the Pros and Cons: Via EFF.org Updates.

This is the first in a series of posts evaluating the proposed Google Book Search settlement.

When it announced its Book Search project in 2004, Google set for itself an inspiring and noble goal. In the words of Google CEO Eric Schmidt, "Imagine yourself at your computer and, in less than a second, searching the full text of every book ever written." What started as a dream of universal book search, however, has become something much broader: a class action lawsuit and proposed settlement that hopes to let Americans read, as well as search, millions of books online.

The fate of that more ambitious plan is now before a court in New York. In the face of opposition from many quarters (including EFF and the U.S. Department of Justice), Google and class representatives for authors and publishers recently revised the proposed settlement (aka "Settlement 2.0", 300-page PDF redline posted here). The court is expected to decide whether to approve the revised settlement sometime in the first half of 2010. [ Read more ... ]

4 Hackers Indicted in $9.5 Million Bank Card Attack: Via Threat Level.

Four men have been indicted in Georgia on charges that they hacked into the Atlanta-based bank card processing company RBS WorldPay. They allegedly used an army of flunkies to steal $9.5 million in cash from ATM machines around the world in a span of hours.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a fourth person identified only as “Hacker 3″ were indicted by a federal grand jury in what’s being described as “perhaps the most sophisticated and organized computer fraud attack ever conducted.”

The hack involved reverse-engineering PINs for payroll debit card accounts — the holy grail of bank card hacking. Another four people based in Estonia were also indicted on access-device fraud charges in connection with the hack. [ Read more ... ]

Trick or Tweet? Malware Abundant in Twitter URLs: Via Threat Level.

As many as one in every 500 web addresses posted on Twitter lead to sites hosting malware, according to researchers at Kaspersky Labs who have deployed a tool that examines URLs circulating in tweets.

The spread of malware is aided by the popular use of shortened URLs on Twitter, which generally hide the real website address from users before they click on a link, preventing them from self-filtering links that appear to be dodgy.

Kaspersky, an anti-virus and computer security firm based in Moscow, created a tool called Krab Krawler, which extracts URLs from millions of Tweets a day. The tools expands shortened URLs to examine words in the web address for those matching known malware sites. For unknown sites, Kaspersky visits the webpage to determine if it’s hosting malicious code that could infect visitors. [ Read more ... ]

Feds’ Smart Grid Race Leaves Cybersecurity in the Dust: Via Threat Level.

Amid the government-funded rush to upgrade America’s aging electric system to a “smart grid,” Threat Level is pondering a strange confluence of press releases this week by the White House and the University of Illinois.

Tuesday morning President Obama, speaking at Florida Power and Light (FPL) facilities, announced $3.4 billion in grants to utility companies, municipal districts and manufacturers to spur a nationwide transition to smart grid technologies and fund other energy-saving initiatives as part of the economic stimulus package. [ Read more ... ]

EFF Urges Court to Ensure Fairness in Google Book Search Amendment Process: Via EFF.org Updates.

EFF today led a coalition of authors, publishers, companies and nonprofit organizations in sending a letter to the judge overseeing the Google Book Search settlement urging the Court to ensure that those concerned about the settlement receive adequate notice of, and have sufficient time to study and comment on, any amended settlement agreement that Google, the Authors Guild, and the Association of American Publishers present.

Those following the twists and turns of the Google Book Search settlement will recall that the original Fairness Hearing scheduled for October 7, 2009, was put off because of what the Court called: "significant issues, as demonstrated not only by the number of objections, but also by the fact that the objectors include countries, states, non-profit organizations, and prominent authors and law professors." [ Read more ... ]

Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack: Via Threat Level.

Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned.

Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.

In response to inquiries from Wired.com, the company acknowledged the hack attack, which it calls an “internal issue.” Because no sensitive customer data was stolen, Wal-Mart had no obligation to disclose the breach publicly.

Wal-Mart had a number of security vulnerabilities at the time of the attack, according to internal security assessments seen by Wired.com, and acknowledged as genuine by Wal-Mart. For example, at least four years’ worth of customer purchasing data, including names, card numbers and expiration dates, were housed on company networks in unencrypted form. [ Read more ... ]

Will airports screen for body signals? Researchers hope so: Via CNN.

The Homeland Security-funded project is Future Attribute Screening Technology, or FAST. Instead of focusing on whether you have hidden explosives or whether you're carrying a weapon, sensors and cameras located at security checkpoints would measure the natural signals coming from your body -- your heart rate, breathing, eye movement, body temperature and fidgeting.

Those physiological signs, measured together, will indicate whether you might have the desire or intent to do harm, project manager Robert Burns said.

"There's been a large field of research that ties your physical reactions to your mental state, your emotional state. We're looking for those signals that your body gives off naturally," Burns said.

Burns said the technology will pick up cues that may not be observed by a human and help security personnel decide more quickly whether to send someone to secondary screening for questioning. [ Read more ... ]

VIDEO: Washington Legal Foundation: Via CDT - PolicyBeta.

Recently, CDT Policy Analyst, Andrew McDiarmid spoke at the Washington Legal Foundation about privacy issues in the Google Books Settlement. The video of Andrew’s discussion, as well as several other videos from the event, are available here.

Read Original Article:(Via CDT - PolicyBeta.)

New book: Contours of Privacy: Via michaelzimmer.org.

I few years ago I presented a paper at the “Countours of Privacy: Social, Psychological and Normative Perspectives” conference in Ottawa, sponsored by Members of the Social Sciences and Humanities Research Council of Canada research group and their “On the Identity Trail: Understanding the Importance and Impact of Anonymity and Authentication in a Networked Society” research project.

I’m thrilled to announce that, after a peer review process and the hard work of David Matheson, a collection of papers from this conference has been published by Cambridge Scholars Publishing in an edited volume, “Contours of Privacy”. From the description: [ Read more ... ]

CDT Urges Privacy Requirements Be Included in Google Books Settlement: Via Center for Democracy and Technology.

CDT today filed a "friend of the court" brief in the Southern District of New York requesting that key privacy requirements be included in the Court's approval of the class-action settlement that would dramatically expand Google Book Search. CDT previously released a report in July analyzing the privacy implications of this settlement and is urging the judge to guarantee strong privacy safeguards for the exciting new services Google will be able to offer. The brief asks that the court approve the proposed settlement of the copyright infringement lawsuit between Google and authors and publishers, but to retain oversight in order to monitor implementation of a privacy plan.

Read Original Article:(Via Center for Democracy and Technology.)

Black Sites? What’s That? Torture? Us?: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Last week, the Department of State (DOS) released a huge tranche of documents on its website in response to Freedom of Information Act (FOIA) lawsuit brought by the Center for Constitutional Rights and NYU Center for Human Rights and Global Justice. There’s a lot of stuff to wade through, but we found some gems.

In this email from Laura M. Stone of the DOS to Anne S. Casper at the U.S. Embassy in Bangkok, Stone writes (PDF):

If iTV ask anything about the Black Sites here, I think we should stick to what we have done before: deny flat out that they exist.

[ Read more ... ]