Privacy Digest

A New Look at the Hub of AT&T's Spying Program - Via EFF: Deep Links:

Our class action lawsuit against AT&T for collaborating with the National Security Agency in the massive, illegal program to wiretap and data-mine Americans' communications includes powerful evidence of a secret room in San Francisco.

But the hub of the spying program may be just outside of St. Louis, in a Missouri town called Bridgeton. A special report from local station KMOV puts the pieces together in a comprehensive and disturbing story about this dragnet surveillance, with the help of AT&T whistleblower Mark Klein. Watch the video on the KMOV site for a fresh look at a key piece of this spying puzzle.

(Read Original Article - Via EFF: Deep Links.)

EFF Answers Your Questions About Border Searches - Via EFF: Deep Links:

Readers of my deeplink on safeguarding your laptop and digital devices from warrantless searches at the border responded with both questions and answers. Some readers wondered whether you have an obligation not to destroy information on your laptop. Others pointed out that U.S. citizens may be detained, but not turned away, at the U.S. border. Many technologists wrote to offer cryptographic solutions, or warnings about encryption schemes that are not as secure as they should be. In this post, I answer the question about destruction of information and reproduce or summarize, with permission, others' suggestions about protecting your laptop from arbitrary searches. I haven't done any independent analysis of these techniques or tools, so your mileage may vary.  read more »

FBI Withdraws Unconstitutional National Security Letter After ACLU and EFF Challenge - Via EFF: Breaking News:

San Francisco - The FBI has withdrawn an unconstitutional national security letter (NSL) issued to the Internet Archive after a legal challenge from the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). As the result of a settlement agreement, the FBI withdrew the NSL and agreed to the unsealing of the case, finally allowing the Archive's founder to speak out for the first time about his battle against the record demand.

"The free flow of information is at the heart of every library's work. That's why Congress passed a law limiting the FBI's power to issue NSLs to America's libraries," said Brewster Kahle, founder and Digital Librarian of the Internet Archive. "While it's never easy standing up to the government -- particularly when I was barred from discussing it with anyone -- I knew I had to challenge something that was clearly wrong. I'm grateful that I am able now to talk about what happened to me, so that other libraries can learn how they can fight back from these overreaching demands."  read more »

Web firm sounds alert on criminal data trove - Via Reuters:

LONDON (Reuters) - A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks.

Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called "crimeserver".

"This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we've found in this very short time," Yuval Ben-Itzhak, chief technology officer of the California-based firm, said in a phone interview from Israel.

The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain.  read more »

"Crimeserver" Full of Personal/Business Data Found - Via Slashdot:

Presto Vivace sends news of a server found by security firm Finjin that contained a 1.4-GB cache of stolen data, accumulated over a period of less than a month from compromised PCs around the world. The "crimeserver," as Finjin dubs it, "provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers... The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain." Oddly enough, the data was stored in the open, with not even basic auth to protect it. Finjin notes in their press release that this huge trove of data gathered over a short period of time indicates that the crimeware problem is far larger than most observers have been assuming.

(Read Original Article - Via Slashdot.)

No-go on GOFA - Via CDT - PolicyBeta:

Today, CDT posted an updated memorandum on the most recent version of the Global Online Freedom Act (”GOFA”). GOFA was first introduced by Rep. Christopher Smith (R-NJ) several years ago in response to troubling reports of company complicity in Internet censorship and cooperation in prosecutions of dissidents who posted political material online. The late Rep. Tom P. Lantos, (D-Ca) took up the cause last year and the bill was reported out of the Committee on Foreign Affairs late last year. Industry opposition to the bill has been fierce and efforts to bring the bill to the floor on suspension have thus far been thwarted.

CDT strongly believes that technology companies doing business in countries that broadly surveil and censor the Internet must take serious steps to identify and minimize the human rights risks associated with providing services and technology solutions in those countries. For several years, we have been co-facilitating a multi-stakeholder initiative aimed at developing global principles to guide ICT companies facing free expression and privacy challenges.  We remain hopefully that these principles will grow into a global industry standard that will give the industry a road map for collective action in this area.

We also believe that companies must not hide from these challenges. They should advocate for changes in public policy that protect the rights of their users, challenge laws where possible and collaborate with human rights groups and other stakeholders to build support for an open Internet that supports human rights.  read more »

NZ cops get 'COFEE' to capture PC evidence - New Zealand's source for technology news on - Via Stuff.co.nz :

New Zealand police have been given a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a prototype of a USB "thumb drive" that Microsoft has quietly distributed to a few law-enforcement agencies around the world.

A spokesman at police national headquarters said today: "Police have been issued with the COFEE tool by Microsoft and the E-Crime Lab's digital forensic analysts have been trained in the use of it".

New Zealand police had an excellent relationship with the software company, which had provided specialist training to digital forensic analysts and investigators, he said.  read more »

Backroom FISA Deal in the Making? - Via ACLU Blog - Government Spying:

There was chatter on the blogs last week that FISA compromise was in the works, but it wasn't until late Friday night that our lobbyists confirmed that House Majority Leader Steny Hoyer (D-Md.) is working on a compromise bill with Senator Jay Rockefeller (D-W.Va.) — yes, the same senator known for taking thousands of dollars of campaign contributions from the telecom companies he's angling to protect with immunity. Hoyer and Rockefeller may try to lock in a deal within the next few days.  read more »

One Step Forward, Two Steps Back for Genetic Privacy - Via ACLU Blog - Privacy & Technology:

Yesterday, the House passed H.R. 493, the Genetic Nondiscrimination Act (GINA), and the bill is now headed to President Bush for his signature.
This is a victory for all Americans who value their genetic privacy: GINA prevents employers and health insurance companies from discriminating against applicants based on their genetic code, which, thanks to modern science, reveals a lot about your body's predisposition towards illness and disease.  read more »

Red Alert! Mandela Wants In! - Via ACLU Blog - Privacy & Technology:

USA Today reports:

Nobel Peace Prize winner and international symbol of freedom Nelson Mandela is flagged on U.S. terrorist watch lists and needs special permission to visit the USA. Secretary of State Condoleezza Rice calls the situation "embarrassing…"

Shocking that this has happened considering how well-organized and error-free the watchlist is otherwise.  read more »

DNA database constitutional, high court rules - Via The Burlington Free Press :

Law-enforcement authorities have the right to collect, analyze and store DNA samples from people convicted of nonviolent felonies, the Vermont Supreme Court ruled Friday.

In a narrow 3-2 opinion, justices determined the government's interest in monitoring forensic profiles of criminals outweighs their privacy rights.

Police and government lawyers argued they need the DNA database to identify the perpetrators of crimes, to exclude the innocent from suspicion, to deter crime and to help find missing people. The high court agreed those goals allow police to swab a convict's mouth, laboratory personnel to analyze and store the data, and local authorities to transmit the information to federal law enforcement.  read more »

Now Boarding at BWI: Security With Hint of Calm - Via washingtonpost.com - Technology:

Soothing blue lights. Light background noise. Brightly dressed employees who have been trained to create a "calmer environment."

A hip spa, right?

No. This is how top government officials imagine the airport security checkpoint of the future. In fact, the atmosphere is so calming that Homeland Security Secretary Michael Chertoff yesterday forgot to remove his shoes -- a major no-no -- while demonstrating the prototype checkpoint's screening process for reporters at Baltimore-Washington International Marshall Airport. (His top aviation security official took his shoes off.)

The new checkpoint, which includes an automated bin-return system and machines that can see through passengers' clothing, is part of an effort by Homeland Security officials to make airport security more efficient and easier on customers. Authorities also announced yesterday an initiative that they said will reduce hassles faced by travelers with names similar to those on a terrorist watch list.  read more »

White House Plans Proactive Cyber-Security Role for Spy Agencies - Via washingtonpost.com - Technology:

America's spy agencies for the first time would be tasked with gathering intelligence on threats to the nation's computer networks under a policy that could be detailed by the White House as early as next week, a senior administration official said Wednesday.

Speaking at a security conference in Washington, the official said the Bush administration wants to harness the intelligence community's offensive capabilities in defense of government and civilian computer systems.

"We've never looked at how all the unique things this government wages against others could be used to inform our defensive posture," said the official, who asked not to be named because the White House has not yet released details about the plan. "We really need to move from [the reality that] the advantage is always with the attacker to how we can have our offense better inform our defense to shrink that gap."  read more »

Protecting Yourself From Suspicionless Searches While Traveling - Via EFF: Deep Links:

The Ninth Circuit's recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers’ rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers’ data. The letter also asks Congress to pass legislation protecting travelers’ laptops and smart phones from unlimited government scrutiny.

If privacy at the border is important to you, contact Congress now and ask them to take action!

In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home?  read more »

Court-Approved Wiretapping Rose 14% in '07 - Via Threat Level:

Last year might have been a rough year for U.S. home prices, but growth in government wiretaps remained healthy, with the eavesdropping sector posting a 14% increase in court orders compared to 2006. In 2007, judges approved 4,578 state and federal wiretaps, as compared to 4,015 in 2006, according to two new reports on criminal and intelligence wiretaps.

Editor: Interesting graphic removed. Go to original site for that [...]

State police applied for 27% more wiretaps in 2007 than in 2006, with 94% of them targeting cell phones, according to figures released by the U.S. Courts' administrator. In 2007, state judges approved 1,751 criminal wiretap applications, without turning any of them down, according to  the report (.pdf). That's a near-three fold increase in state wiretaps since 1997. Federal criminal wiretaps remained fairly constant -- hovering around 500 -- though exact numbers aren't known since the Justice Department has begun withholding information from the administrators of the U.S. court regarding sensitive investigations.  read more »