Unprecedented 25-Year Sentence Sought for TJX Hacker: Via Threat Level.

Computer hacker Albert Gonzalez deserves a quarter-century behind bars for leading a gang of cyberthieves who stole tens of millions of credit and debit card numbers from a transaction processor and several giant retail chains, federal prosecutors argued in a court filing Thursday night.

“[T]he sentences would be the longest ever imposed in an identity theft case and among the longest imposed for a financial crime, which is appropriate because Gonzalez was at the center of the largest and most costly series of identity thefts in the nation’s history,” wrote Boston-based Assistant U.S. Attorney Stephen Heymann. “He knowingly victimized a group of people whose population exceeded that of many major cities and some states.”

The government also disputed a defense claim that Gonzalez suffers from Asperger’s disorder, a mild form of autism that was grounds for a slightly reduced sentence in a previous hacking prosecution.

Gonzalez, 28, is set for sentencing next week on three indictments covering virtually every headline-making bank-card theft in recent years, including intrusions at TJX, DSW Shoe Warehouse, Office Max, Hannaford Brothers, 7-Eleven, and Heartland Payment Systems, which alone exposed magstripe data on 130 million credit and debit cards. He performed the intrusions while an informant for the Secret Service.

The hacker’s plea agreements contemplate a total prison term of between 17 and 25 years. [ Read more ... ]

Senators draft plan to rework U.S. immigration policy - washingtonpost.com: Via washingtonpost.com .

Sens. Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C.) announced the building blocks Thursday for a new push in Congress to overhaul the nation's immigration laws, outlining a plan to require U.S. citizens and legal immigrants to obtain a new high-tech Social Security card tied to their fingerprints or other biometric identifiers and to create a system to bring in temporary workers as the U.S. economy demands.

The immigration "blueprint," outlined in an opinion column posted on The Washington Post's Web site, drew an immediate vow of support from President Obama, who urged Congress "to act at the earliest possible opportunity." [ Read more ... ]

Hacker Disables More Than 100 Cars Remotely: Via Threat Level.

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle. [ Read more ... ]

Judges Approves $9.5 Million Facebook ‘Beacon’ Accord: Via Threat Level.

A federal judge on Wednesday approved a $9.5 million settlement to a class action lawsuit challenging Facebook’s program that monitored and published what users of the social networking site were buying or renting from Blockbuster, Overstock and other locations.

The case concerned allegations Facebook’s now defunct “Beacon” program breached federal wiretap and video-rental privacy laws. Terms of the settlement, in which Facebook denied any wrongdoing, require the site to finance what the deal calls a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study online privacy.

The social networking site will have a seat on the fund’s three-member board — a fact that was a big bone of contention (.pdf) in the privacy community, but one U.S. District Judge Richard Seeborg in San Jose, California, said Wednesday was immaterial.

“There has been no pervasive showing that the foundation will be a mere publicity tool for Facebook,” (.pdf) Seeborg wrote.

Seeborg gave preliminary approval to the deal last year, but finalized it Wednesday after reviewing objections. [ Read more ... ]

Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

Court: State Can Dump Non-Sex Offenders Into Registry: Via Threat Level.

Georgia’s Supreme Court is upholding the government’s right to put non-sex offenders on the state’s sex offender registry, highlighting a little-noticed but growing practice nationwide.

Atlanta criminal defense attorney Ann Marie Fitz estimated that perhaps thousands of convicts convicted of non-sexual crimes have been placed in sex-offender databases. Fitz represents a convict who was charged with false imprisonment when he was 18 for briefly detaining a 17-year-old girl during a soured drug deal. He unsuccessfully challenged his mandatory, lifelong sex-offender listing to the Georgia Supreme Court, which ruled against him Monday.

Under the Adam Walsh Child Protection and Safety Act of 2007, the states are required to have statutes demanding sex-offender registration for those convicted of kidnapping or falsely imprisoning minors. The Georgia court ruled that the plain meaning of “sex offender” was overridden by the state’s law.

“Rainer’s belief that the term ’sexual offender’ may only apply to offenders who commit sexual offenses against minors does not change the fact that the definition provided in the statute, and not the definition that Rainer wishes to impose upon the statute, controls,” the court’s majority said. [ Read more ... ]

Undercover Feds on Social Networking Sites Raise Questions: Via Threat Level.

The next time someone ties to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family, according to an internal Justice Department document obtained by the Electronic Frontier Foundation.

The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends, according to the Associated Press.

The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.

The document says that evidence from social networking sites can: [ Read more ... ]

Case Report – BCCA says aerial surveillance by telphoto zoom lens not a search « All About Information: Via A legal blog about the law of information – By Toronto, Ontario lawyer Dan Michaluk.

Today, the British Columbia Court of Appeal held that the police did not violate section 8 of the Charter by conducting aerial surveillance of a rural property from in excess of 1000 feet by using a digital camera equipped with a telephoto lens. [ Read more ... ]

Obama threatens to veto greater intelligence oversight: Via Salon: Glenn Greenwald.

(updated below)

One of the principal weapons used by the Bush administration to engage in illegal surveillance activities -- from torture to warrantless eavesdropping -- was its refusal to brief the full Congressional Intelligence Committees about its activities.  Instead, at best, it would confine its briefings to the so-called "Gang of Eight" -- comprised of 8 top-ranking members of the House and Senate -- who were impeded by law and other constraints from taking any action even if they learned of blatantly criminal acts. 

This was a sham process:  it allowed the administration to claim that it "briefed" select Congressional leaders on illegal conduct, but did so in a way that ensured there could be no meaningful action or oversight, because those individuals were barred from taking notes or even consulting their staff and, worse, because the full Intelligence Committees were kept in the dark and thus could do nothing even in the face of clear abuses.  The process even allowed the members who were briefed to claim they were powerless to stop illegal programs.  That extremely restrictive process also ensures irresolvable disputes over what was actually said during those briefings, as illustrated by recent controversies over what Nancy Pelosi and other leading Democrats were told about Bush's torture and eavesdropping programs.  Here's how Richard Clarke explained it in July, 2009, on The Rachel Maddow Show: [ Read more ... ]

EFF Asks Illinois Appellate Court to Block Unmasking of Anonymous Online Critic: Via EFF.org Updates.

Chicago - The Electronic Frontier Foundation (EFF) and the Media Freedom and Information Access Practicum (MFIA) at Yale Law School filed a friend-of-the-court brief today urging the Illinois Court of Appeals to block the unmasking of an anonymous online critic of a local political candidate.

The critic, commenting on a story on the website of a suburban Chicago newspaper called the Daily Herald, engaged in a heated debate with other commenters. One turned out to be the son of the village trustee candidate in Buffalo Grove, Illinois, who was discussed in the article. The candidate, Lisa Stone, who eventually won her race, asked a state court to order the newspaper to release the critic's name and address without appropriately showing that the statements directed towards her son were defamatory or otherwise illegal. Stone indicated that she may choose to subsequently file a lawsuit once she determines the critic's identity through the pre-complaint procedure.

"Because of the enormous potential for abuse, the First Amendment requires litigants to demonstrate that they have a legitimate case before they can use the courts to unmask anonymous online critics," said EFF Senior Staff Attorney Matt Zimmerman. "Insults are not enough, especially when the conversation takes place in the context of a political campaign." [ Read more ... ]

Who You Love Shouldn't Matter When You Serve: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Jene Newsome served nine years in the Air Force. She was recently discharged under the "Don't Ask, Don't Tell" policy after she was outed by South Dakota's Rapid City Police Department.

On November 20, 2009, the Rapid City Police Department came to serve a warrant on Jene Newsome's wife. Jene and her wife, Cheryl, were just married in Iowa a few weeks before the police came knocking on their door.

When the police entered the house, they saw the marriage certificate sitting on the kitchen table. The marriage certificate didn't have anything to do with Cheryl's arrest; one of the officers just saw it as an opportunity to out Jene and end her career. [ Read more ... ]

Secret Document Calls Wikileaks ‘Threat’ to U.S. Army: Via Threat Level.

Wikileaks presents a “threat to the U.S. Army” and publishes “potentially actionable information” for targeting military personnel, according to a classified intelligence report posted Monday on the whistleblowing site.

The 32-page report entitled Wikileaks.org – An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups? (.pdf) indicates the government’s concern that “current employees or moles” within the Defense Department or the U.S. government “are providing sensitive or classified information to Wikileaks.” To stop this, the 2008 report had suggested a campaign to expose and punish those who leak to the site, which was founded in 2007 by Chinese dissidents, journalists and mathematicians.

“Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the website that they will remain anonymous,” according to the report. “The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.” [ Read more ... ]

EFF to Urge True Transparency in Congressional Hearing Thursday: Via EFF.org Updates.

Washington, D.C. - On Thursday, March 18, at 2 p.m., members of the U.S. House of Representatives Oversight and Government Reform Committee will hold a public hearing on the Freedom of Information Act (FOIA) and the Obama administration compliance with transparency law. The hearing comes as transparency advocates celebrate Sunshine Week, the annual celebration of our nation's open government laws that features numerous events measuring the progress made in combating official secrecy.

Senior Counsel David Sobel of the Electronic Frontier Foundation (EFF) will testify at Thursday's hearing, urging the White House to fulfill its promises for open government. Despite President Obama's order to government agencies last year to renew their commitment to FOIA, EFF and other organizations still see delays in releasing relevant documents, excuses for not releasing other records, and excessive redactions, among other needless secrecy. [ Read more ... ]

Investigators: Businesses buying your credit card number: Via NorthWest Cable News.

$10 here. $15 there. 

By putting little charges on your credit card  some companies are making tens of millions of dollars a year. These are businesses that you never gave your credit card number to.

Some consumer groups call it fraud, but it may be perfectly legal.

Christie Frison-Thornton, of Rainier, spotted a $19.95 charge just a few weeks ago.   A company called "Privacy Matters" billed her credit card.

"I thought what the heck is this? Cause I really did not have a clue," said Frison-Thornton. [ Read more ... ]

Global Internet Freedom and the U.S. Government: Via Freedom to Tinker.

Over the past two weeks I've testified in both the Senate and the House on how the U.S. should advance "Internet freedom." I submitted written testimony for both hearings which can be downloaded in PDF form here and here. Full transcripts will become available eventually but meanwhile you can click here to watch the Senate video and here to watch the House video. In both hearings I advocated a combination of corporate responsibility through the Global Network Initiative backed up by appropriate legislation given that some companies seem reluctant to hold themselves accountable voluntarily; revision of export controls and sanctions; and finally, funding and support for tools, and technologies and activism platforms that will counter-act suppression of online speech.
[ Read more ... ]

The dark side of DNA: Via The Globe and Mail.

The only real evidence in a first-degree murder charge against Mr. Turner, the golden sheen of DNA appeared certain to become a silver bullet in the hands of the Crown.

"I told my lawyer, Jerome Kennedy, that there was no way in the world it was true," Mr. Turner recalled in an interview. "He believed me. He said that I was too stupid to commit that crime and leave no evidence."

A lucky hunch by Mr. Kennedy - now Newfoundland's Minister of Health - saved Mr. Turner from a life behind bars. He sought the name and DNA profile of every technician who had worked at the RCMP lab. It turned out that the technician who had tested the ring had also been working on the victim's fingernails a few inches away, creating a strong possibility of contamination.

The technician conceded at Mr. Turner's 2001 trial that she had also contaminated evidence in two previous cases. [ Read more ... ]

EFF Experts to Speak at Privacy Roundtable in Washington, D.C.: Via EFF.org Updates.

Washington, D.C. - On Wednesday, March 17, the Federal Trade Commission (FTC) is hosting its final public roundtable on technology privacy challenges in Washington, D.C. Two experts from the Electronic Frontier Foundation (EFF) are taking part.

EFF Senior Staff Technologist Peter Eckersley and EFF Boardmember Edward W. Felten will discuss "Internet Architecture and Privacy" at the first panel of the day. Later panels will cover health information privacy and issues around other sensitive information, as well as lessons learned so far and future plans for privacy protection.

For more information on attending the roundtable including a full agenda, visit http://www.ftc.gov/bcp/workshops/privacyroundtables/index.shtml

WHAT:
FTC Roundtable "Internet Architecture and Privacy"

WHEN:
Wednesday, March 17
9:15 a.m. [ Read more ... ]

Telling Friends Where You Are (or Not): Via NYTimes.com .

Mobile services like Loopt and Google’s Latitude have promoted the notion of constantly beaming your location to a map that is visible to a network of friends — an idea that is not for everybody.

But now there is a different approach, one that is being popularized by Foursquare.

After firing up the Foursquare application on their phones, users see a list of nearby bars, restaurants and other places, select their location and “check in,” sending an alert to friends using the service.

This model, which may be more attractive than tracking because it gives people more choice in revealing their locations, is gathering speed in the Internet industry. Yelp, the popular site that compiles reviews of restaurants and other businesses, recently added a check-in feature to its cellphone application. And Facebook is expected to take a similar approach when it introduces location features to its 400 million users in coming months. [ Read more ... ]

Advertising - Instant Ads Set the Pace on the Web: Via NYTimes.com .

Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly.

For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web.

If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. [ Read more ... ]

Feds: TSA Worker Tried to Sabotage Terror Database: Via Threat Level.

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network. [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]

European Parliament Rips Global IP Accord: Via Threat Level.

The European Parliament delivered a political blow to Hollywood and the Obama administration, voting Wednesday 663 to 13 in opposition to a proposed and secret intellectual property agreement being negotiated by the European Union, United States and a handful of others.

Wednesday’s developments concerning the Anti-Counterfeiting and Trade Agreement are substantial because the European Union’s 27 countries vastly outnumber the remaining countries negotiating the deal. They are Australia, Canada, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. Ambassador Ron Kirk, the top U.S. trade official, is spearheading the deal that began being crafted under the George W. Bush administration.

Kirk’s office declined comment.

To be sure, there is a dispute and heavy confusion concerning whether internet service providers under ACTA would be forced to punish customers deemed copyright scofflaws by reducing or eliminating service, according to a string of leaked documents. So Parliament members also agreed Wednesday to oppose the measure if it contains so-called “three strikes” or “graduated response” policies — regardless of whether that’s now in the text.

And because of the text’s secrecy, Parliament on Wednesday also demanded (.pdf) that the private agreement still under negotiation be publicly released. [ Read more ... ]

Mobile that allows bosses to snoop on staff developed: Via BBC News.

Researchers have produced a mobile phone that could be a boon for prying bosses wanting to keep tabs on the movements of their staff.

Japanese phone giant KDDI Corporation has developed technology that tracks even the tiniest movement of the user and beams the information back to HQ.

It works by analysing the movement of accelerometers, found in many handsets.

Activities such as walking, climbing stairs or even cleaning can be identified, the researchers say.

The company plans to sell the service to clients such as managers, foremen and employment agencies.

"Technically, I think this is an incredibly important innovation," says Philip Sugai, director of the mobile consumer lab at the International University of Japan. [ Read more ... ]

The majestic petulance of John Roberts: Via Salon: Glenn Greenwald.

The petulance and sense of self-importance on display here is quite something to behold:

U.S. Supreme Court Chief Justice John Roberts said Tuesday the scene at President Obama's State of the Union address was "very troubling" . . . . Obama chided the court, with the justices seated before him in their black robes, for its decision on a campaign finance case. . . . Responding to a University of Alabama law student's question, Roberts said anyone was free to criticize the court, and some have an obligation to do so because of their positions.
"So I have no problems with that," he said. "On the other hand, there is the issue of the setting, the circumstances and the decorum.
"The image of having the members of one branch of government standing up, literally surrounding the Supreme Court, cheering and hollering while the court -- according the requirements of protocol -- has to sit there expressionless, I think is very troubling."

The N.Y.P.D. Is Watching Certain People: Via NYTimes.com .

From 2004 through 2009, in a policy that has gotten completely out of control, New York City police officers stopped people on the street and checked them out nearly three million times, frisking and otherwise humiliating many of them.

Upward of 90 percent of the people stopped are completely innocent of any wrongdoing. And yet the New York Police Department is compounding this intolerable indignity by compiling an enormous and permanent computerized database of these encounters between innocent New Yorkers and the police.

Not only are most of the people innocent, but a vast majority are either black or Hispanic. There is no defense for this policy. It’s a gruesome, racist practice that should offend all New Yorkers, and it should cease. [ Read more ... ]