Friday, March 9, 2007

Justice: FBI misused Patriot Act powers - Yahoo! News The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday. And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found. Attorney General Alberto Gonzales, who oversees the FBI, described the problems cited in the report as unacceptable and left open the possibility of criminal charges. He ordered further investigation. "Once we get that information, we'll be in a better position to assess what kinds of steps should be taken," Gonzales told reporters following a speech to privacy officials. [...] The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information. "In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded. In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems. "To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales told the privacy officials. "Failure to adequately protect information privacy simply is a failure to do our jobs." Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI -- and perhaps limit its power. "The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy (news, bio, voting record), D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy." The committee's top Republican, Pennsylvania Sen. Arlen Specter (news, bio, voting record), said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized." Sen. Russ Feingold (news, bio, voting record), D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it." The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director. 4:34:53 PM

Audit Finds FBI Abused Patriot Act. Audit Finds FBI Abused Patriot Act. happyslayer writes to mention that according to Yahoo! News a recent audit shows that the FBI has improperly and in some cases illegally utilized the Patriot Act to obtain information. "The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances. The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct. Still, 'we believe the improper or illegal uses we found involve serious misuses of national security letter authorities,' the audit concludes." [Slashdot] 4:27:43 PM

FTC Finalizes Landmark Adware Settlement. FTC Finalizes Landmark Adware Settlement. The Federal Trade Commission today finalized its landmark settlement requiring adware distributor Zango Inc. (formerly 180solutions) to hand over $3 million and change some of its most egregious practices. The settlement bars Zango from contacting the computers of people who installed Zango software before Jan. 1, 2006. After the proposed settlement was announced in November 2006, CDT submitted recommendations to the FTC highlighting the challenges that will come with enforcing it. In a letter to CDT, the FTC today acknowledged that it would need to remain vigilant to ensure that Zango abides by the terms of the settlement. The commission also urged CDT to pass along any evidence of future offenses by Zango stemming from CDT's ongoing forensics work in the adware/spyware arena. [Center for Democracy and Technology] 4:08:24 PM

The Blotter(ABC NEWS) - Exclusive: Report Says FBI Violated Patriot Act Guidelines The FBI repeatedly failed to follow the strict guidelines of the Patriot Act when its agents took advantage of a new provision allowing the FBI to obtain phone and financial records without a court order, according to a report to be made public Friday by the Justice Department's Inspector General. The report, in classified and unclassified versions, remains closely held, but Washington officials who have seen it tell ABC News it documents "numerous lapses" and describe it as "scathing" and "not a pretty picture for the FBI." FBI Director Robert Mueller is scheduled to brief Congress on the report at noon. The officials say the inspector general found the FBI underreported by at least 20 percent the use of the controversial provision, known as National Security Letters, NSLs, in required disclosures to Congress. The Patriot Act gave FBI agents the ability to demand telephone, bank, credit card and library records by issuing an administrative letter, bypassing the need to seek a warrant from a federal judge. 1:02:02 PM

DNS Attack Factsheet Released. DNS Attack Factsheet Released. Hoped to be first in a series. [GT: Security and Privacy] 12:30:25 PM

Malware with Rootkit Features Grows. Malware with Rootkit Features Grows. "Rootkit techniques are becoming increasingly popular among malware creators." [GT: Security and Privacy] 12:28:49 PM

Online Anti-Virus Scans: A Free Second Opinion. Online Anti-Virus Scans: A Free Second Opinion. Periodic online virus scanning is a good idea for Windows users, even for people already using up-to-date anti-virus tools. There are a couple of reasons I suggest this: First, anti-virus software is frequently slow to spot new threats. Take a gander at the daily "unrecognized" stats posted by Shadowserver.org, which tracks the performance (or lack thereof) of several popular tools in spotting new variants. That list currently examines the performance of several free programs, but the reality is not much different with the commercial tools. Just have a look at performance metrics and virus detection failure rates chronicled here and here. The second reason follows from the first: If something nasty does make it past your security defenses, usually the first thing it will try to do is disable the active protection and update features in those tools. In such cases, you probably would not know about the infection unless you turned to a third-party program that is not already installed on your computer. In my experience, two of the better free online anti-virus scanners are Panda Software's PandaScan and Kaspersky Lab's Free Virus Scan. Both require that you run the scans using Internet Explorer, as both require the installation of an ActiveX plug-in to do the job. F-Secure Corp., CA and BitDefender also offer free online scanners that also use IE and ActiveX, but I haven't yet tried those so I can't offer an opinion on them. TrendMicro's HouseCall service lets you install and run a free scanning tool from inside an IE or Firefox browser. However, I found the program both annoying -- it emitted a series of very loud and startling tones through my computer speakers while downloading virus definitions -- and ineffective. It crashed halfway through the scan, taking all of my other open Firefox windows with it, including an earlier, unsaved version of this blog post. (I had hoped Firefox 2.0's crash-recovery feature would save what I had typed as it had in previous crashes, but no such luck this time.) If you have just a single file or archive that you'd like to scan, I'd suggest submitting it to VirusTotal, a free online anti-virus engine that will scan your submission against more than two dozen of the most well-known tools. Depending on the speed of your PC and the number of files and hard drives you have, conducting an online scan can take between a few minutes to several hours to complete. It's not a bad idea to run the scan only when you can afford to be away from the PC for a few hours, or perhaps right before bedtime. Even on my test machine -- which sports a 2.2 GHz processor and 2 gigabytes of memory -- running several of the online scanners interfered with the simplest of tasks, such as composing an e-mail. [Security Fix] 12:07:01 PM

© Copyright 2007 Paul Hardwick. Last update: 3/18/07; 5:45:49 PM.