Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

Court: State Can Dump Non-Sex Offenders Into Registry: Via Threat Level.

Georgia’s Supreme Court is upholding the government’s right to put non-sex offenders on the state’s sex offender registry, highlighting a little-noticed but growing practice nationwide.

Atlanta criminal defense attorney Ann Marie Fitz estimated that perhaps thousands of convicts convicted of non-sexual crimes have been placed in sex-offender databases. Fitz represents a convict who was charged with false imprisonment when he was 18 for briefly detaining a 17-year-old girl during a soured drug deal. He unsuccessfully challenged his mandatory, lifelong sex-offender listing to the Georgia Supreme Court, which ruled against him Monday.

Under the Adam Walsh Child Protection and Safety Act of 2007, the states are required to have statutes demanding sex-offender registration for those convicted of kidnapping or falsely imprisoning minors. The Georgia court ruled that the plain meaning of “sex offender” was overridden by the state’s law.

“Rainer’s belief that the term ’sexual offender’ may only apply to offenders who commit sexual offenses against minors does not change the fact that the definition provided in the statute, and not the definition that Rainer wishes to impose upon the statute, controls,” the court’s majority said. [ Read more ... ]

Undercover Feds on Social Networking Sites Raise Questions: Via Threat Level.

The next time someone ties to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family, according to an internal Justice Department document obtained by the Electronic Frontier Foundation.

The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends, according to the Associated Press.

The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.

The document says that evidence from social networking sites can: [ Read more ... ]

FBI Uses Fake Facebook Profiles To Spy On Suspects: Via Huffington Post.

WASHINGTON — The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too.

U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.

Think you know who's behind that "friend" request? Think again. Your new "friend" just might be the FBI.

The document, obtained in a Freedom of Information Act lawsuit, makes clear that U.S. agents are already logging on surreptitiously to exchange messages with suspects, identify a target's friends or relatives and browse private information such as postings, personal photographs and video clips. [ Read more ... ]

Case Report – BCCA says aerial surveillance by telphoto zoom lens not a search « All About Information: Via A legal blog about the law of information – By Toronto, Ontario lawyer Dan Michaluk.

Today, the British Columbia Court of Appeal held that the police did not violate section 8 of the Charter by conducting aerial surveillance of a rural property from in excess of 1000 feet by using a digital camera equipped with a telephoto lens. [ Read more ... ]

Who You Love Shouldn't Matter When You Serve: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Jene Newsome served nine years in the Air Force. She was recently discharged under the "Don't Ask, Don't Tell" policy after she was outed by South Dakota's Rapid City Police Department.

On November 20, 2009, the Rapid City Police Department came to serve a warrant on Jene Newsome's wife. Jene and her wife, Cheryl, were just married in Iowa a few weeks before the police came knocking on their door.

When the police entered the house, they saw the marriage certificate sitting on the kitchen table. The marriage certificate didn't have anything to do with Cheryl's arrest; one of the officers just saw it as an opportunity to out Jene and end her career. [ Read more ... ]

EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites: Via EFF.org Updates.

EFF has posted documents shedding light on how law enforcement agencies use social networking sites to gather information in investigations. The records, obtained from the Internal Revenue Service and Department of Justice Criminal Division, are the first in a series of documents that will be released through a Freedom of Information Act (FOIA) case that EFF filed with the help of the UC Berkeley Samuelson Clinic.

One of the most interesting files is a 2009 training course that describes how IRS employees may use various Internet tools -- including social networking sites and Google Street View -- to investigate taxpayers. [ Read more ... ]

The dark side of DNA: Via The Globe and Mail.

The only real evidence in a first-degree murder charge against Mr. Turner, the golden sheen of DNA appeared certain to become a silver bullet in the hands of the Crown.

"I told my lawyer, Jerome Kennedy, that there was no way in the world it was true," Mr. Turner recalled in an interview. "He believed me. He said that I was too stupid to commit that crime and leave no evidence."

A lucky hunch by Mr. Kennedy - now Newfoundland's Minister of Health - saved Mr. Turner from a life behind bars. He sought the name and DNA profile of every technician who had worked at the RCMP lab. It turned out that the technician who had tested the ring had also been working on the victim's fingernails a few inches away, creating a strong possibility of contamination.

The technician conceded at Mr. Turner's 2001 trial that she had also contaminated evidence in two previous cases. [ Read more ... ]

To Stop Crime, Share Your Genes: Via NYTimes.com ( Op-Ed Contributor ).

PERHAPS the only thing more surprising than President Obama’s decision to give an interview for “America’s Most Wanted” last weekend was his apparent agreement with the program’s host, John Walsh, that there should be a national DNA database with profiles of every person arrested, whether convicted or not.Emphasis added: Many Americans feel that this proposal flies in the face of our “innocent until proven guilty” ethos, and given that African-Americans are far more likely to be arrested than whites, critics refer to such genetic collection as creating “Jim Crow’s database.”

In truth, however, this is an issue where both sides are partly right. The president was correct in saying that we need a more robust DNA database, available to law enforcement in every state, to “continue to tighten the grip around folks who have perpetrated these crimes.” But critics have a point that genetic police work, like the sampling of arrestees, is fraught with bias. A better solution: to keep every American’s DNA profile on file. [ Read more ... ]

The Beginning of the End of Data Retention: Via EFF.org Updates.

Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was an important victory for Europe’s Freedom Not Fear movement, which was formed to oppose the EU Data Retention Directive. But it was also a reminder of the political work which remains to be done to defeat it.

When the European Union first passed the Data Retention Directive in 2006, despite a hard-fought campaign by European activists, it seemed like the beginning of the end for Internet privacy. The directive sought to require telecommunications service providers operating in Europe to retain a detailed history of each of their customers' activity for up to 2 years for possible use by law enforcement; including phone calls made and emails sent and received.

The response from European citizens was swift and outraged. Under the banner of Freedom Not Fear, mass protests were held in cities all across Europe and beyond. [ Read more ... ]

Feds: TSA Worker Tried to Sabotage Terror Database: Via Threat Level.

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network. [ Read more ... ]

Hi-tech governments growing keener on snooping, says report | Pinsent Masons LLP: Via Pinsent Masons LLP at Out-Law.com .

Western industrial countries are becoming more willing to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.

Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.

"When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will," it said in its 2010 report. "This is changing: the able have become willing and their traditional restraints have failed." [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]

Government No-Fly List Includes the Dead: Via Threat Level.

You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal.

The government’s no-fly list includes the names of dead suspects, according to government officials who spoke with the Associated Press, to help catch people who may try to assume the suspect’s identity.

The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings.

The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was first created nine years ago. [ Read more ... ]

The N.Y.P.D. Is Watching Certain People: Via NYTimes.com .

From 2004 through 2009, in a policy that has gotten completely out of control, New York City police officers stopped people on the street and checked them out nearly three million times, frisking and otherwise humiliating many of them.

Upward of 90 percent of the people stopped are completely innocent of any wrongdoing. And yet the New York Police Department is compounding this intolerable indignity by compiling an enormous and permanent computerized database of these encounters between innocent New Yorkers and the police.

Not only are most of the people innocent, but a vast majority are either black or Hispanic. There is no defense for this policy. It’s a gruesome, racist practice that should offend all New Yorkers, and it should cease. [ Read more ... ]

The Cell Phone Network: Law Enforcement's Surveillance Dream: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Yesterday, WNYC's On the Media (OTM) profiled our cell phone tracking case. In this case, the ACLU, Center for Democracy and Technology and the Electronic Frontier Foundation (EFF) asked the court to require that the government at least show probable cause before it can ask a wireless provider to fork over information about your whereabouts using GPS or cell tower tracking via your cell phone. We won in the district court (PDF); the government appealed that decision to the 3rd Circuit. [ Read more ... ]

Italy Convicts Google Execs To Protect Privacy: Via NPR.

Europeans are debating the overall reach of the Internet into their lives. An Italian court recently convicted three Google executives for privacy violations after a clip was posted on Google Video showing a disabled student being bullied by classmates in Turin. The ruling highlights a deep trans-Atlantic cultural gap: Americans see the ruling as undermining the concept of freedom of expression, while Europeans put privacy first — they consider it a fundamental human right. [ Read more ... ]

Breaching your online privacy to fight crime: Via The Ottawa Citizen.

The "mosaic effect" is an argument often put forward by governments and police to block access to sensitive information. It suggests even seemingly innocuous pieces of information can be fitted together like a puzzle to form a meaningful picture of something they want kept secret, typically a national security operation.

But when the tables are turned and it's police and government that want to piece together seemingly innocuous bits of your personal and digital information to form a picture of you, the "mosaic effect" is recast as "lawful access" and characterized as benign state intervention into the online lives of Canadians in the name of crime-fighting.

Your name, address, telephone number, e-mail address and Internet Protocol (IP) address can reveal your Internet habits, social network, personal interests, political views, secrets and more.

The government's new "lawful access" initiative, contained in bills C-46 and C-47, was tabled in the Commons in June. It's the latest attempt in a decade-long push by successive governments to give police and other agents of the state, such as the Canadian Security Intelligence Service and the Competition Bureau, modernized surveillance powers and technical capabilities to better patrol the dark side of the digital world.

But here's the rub: C-47 allows police and government agents to demand basic subscriber data from telecommunication and Internet service providers without a warrant. (Some companies routinely volunteer the data when asked, others don't, according to police.)

White House Cyber Czar: ‘There Is No Cyberwar’: Via Threat Level.

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. [ Read more ... ]

Thousands Sign Petition Protesting Net Neutrality Loopholes for Copyright Enforcement: Via EFF.org Updates.

San Francisco - The Electronic Frontier Foundation (EFF) submitted a petition signed by more than 7000 people to the Federal Communications Commission (FCC) today demanding that the agency close a loophole for copyright enforcement in its proposed regulations for network neutrality.

The petition is part of EFF's reply comments in the FCC's net neutrality rulemaking. The FCC's proposed rules generally prohibit ISPs from discriminating or blocking lawful content, but include a loophole for 'reasonable network management' by ISPs. The proposed rules then define 'reasonable network management" to include measures taken by ISPs to block unlawful content or transmissions. This exception would effectively permit ISPs to violate net neutrality rules and block lawful activities in the name of copyright enforcement.

"We can't afford to let lawful speech become collateral damage in Hollywood's war on copyright infringement," said EFF Senior Staff Attorney Fred von Lohmann. "Net neutrality regulations should not excuse ISPs that interfere with lawful content just because they claim they were acting as copyright cops." [ Read more ... ]

The Weakest Link Redux: Via EFF.org Updates.

We often criticize DMCA takedown abuse here at EFF, but last week's Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft's practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome. [ Read more ... ]

Comprehensive National Cybersecurity Initiative: Via Schneier on Security.

On Tuesday, the White House published an unclassified summary of its Comprehensive National Cybersecurity Initiative (CNCI). Howard Schmidt made the announcement at the RSA Conference. These are the 12 initiatives in the plan: [ Read more ... ]

Tracing attack source key to cybersecurity strategy, Chertoff says: Via Computerworld Security News.

Michael Chertoff, former head of the U.S. Department of Homeland Security, talked of the difficulties in creating a national cybersucurity plan during an interview with Computerworld.

The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today.

Chertoff, who is participating in a panel discussion at the conference, said there is a growing need for the U.S to create a strong, formal strategy for responding to cyberattacks against American interests. [ Read more ... ]

The Score on USA Patriot Act: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

"We've come to love our fears more than we love our freedoms," Rep. Dennis Kucinich (D-Ohio) mused on the House floor just before that chamber voted 315-97 (with 20 members not voting) to reauthorize the USA Patriot Act without any changes for yet another year.

By now, you know the stakes — the tweaks that could have been made to guarantee that Patriot powers are used only against suspected terrorists or spies and to mandate continued reporting to ensure that we actually learn about current and future Patriot abuses. Many of these fixes were, in fact, included in prior iterations of Patriot reauthorization bills introduced in both the House and the Senate.

As Rep. Jane Harman (D-Calif.) pointed out to her colleagues, "I think we are missing an opportunity. There are good ideas in this House about how to curb the abuses with national security letters, how to clarify that roving wiretaps are limited to a single identifiable target, and how to eliminate the lone wolf provision which has never been used and for which existing title III authority can suffice. Those ideas have been the subject of hearings in the Judiciary Committee, but they're not being debated on this floor . . . I think this is a real missed opportunity." [ Read more ... ]

U.S. Security Agencies Begging for a Cybersecurity "Cold War": Via Blog of Rights: Official Blog of the American Civil Liberties Union.

(Originally posted on Huffington Post.)

So the U.S. security establishment is salivating at the prospect of a new cybersecurity "Cold War." In an over-the-top op-ed in Tuesday's Washington Post, Mike McConnell issues a declaration that we are "fighting a cyber war today" and compares it to the nuclear showdown with the Soviets. McConnell exemplifies the security establishment as much as anyone — former director of the National Security Agency (NSA), former Director of National Intelligence, and currently executive vice president at Booz Allen Hamilton, a private-sector refuge for former U.S. intelligence officials (and a company that stands to make large sums from consulting on cybersecurity). [ Read more ... ]