| |
|
Thursday, March 8, 2007
|
|
Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.
The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations.
A Government Accountability Office (GAO) investigation of the project called ADVISE -- Analysis, Dissemination, Visualization, Insight and Semantic Enhancement -- was requested by Rep. David R. Obey, Wisconsin Democrat and chairman of the House Appropriations Committee.
The investigation focuses on whether the program violates privacy laws, and the findings will be released after completion of the Iraq war supplemental spending bill, possibly as early as this week, a panel aide said.
The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior.
Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.
Privacy concerns prompted lawmakers on both sides of the aisle to introduce legislation in January to require that government agencies disclose data-mining practices in regular reports to Congress.
"A serious discussion on the implications of data-mining programs is long overdue," Sen. Russ Feingold, Wisconsin Democrat and a sponsor of the bill, said yesterday. Sen. John E. Sununu, New Hampshire Republican, is also a bill sponsor.
7:21:29 PM 
|
|
The Census Bureau accidentally posted personal
information on 302 households on a public server several times since
October 2006, officials said.
The personal information,
including names, addresses, phone numbers, birthdates, family income
ranges and other demographic data, was contained in a file that was
placed on a public server for the purposes of testing new software
applications. The file included about 250 fake accounts in addition to
the real information. The bureau found out about the mistake when it
found the file on the server in mid-February.
7:04:50 PM
|
|
C-SPAN Adopts Creative Commons-Style License.
Trillian_1138 writes "C-SPAN, a network in the US dedicated to airing governmental proceedings, has adopted a Creative Commons-style license for all its content. This follows the network claiming Speaker of the House Pelosi's use of C-Span videos on her site violated their copyright.
Specifically, 'C-SPAN is introducing a liberalized copyright policy for
current, future, and past coverage of any official events sponsored by
Congress and any federal agency -- about half of all programming
offered on the C-SPAN television networks -- which will allow
non-commercial copying, sharing, and posting of C-SPAN video on the
Internet, with attribution.' Here is the press release.
The question remains whether videos of governmental proceedings should
be public domain by default or whether the attribution requirement is
reasonable in the face of easy video copying and distribution." [Slashdot: Your Rights Online]
6:59:33 PM
|
|
Vishing: Dialing for Dollars, Part II. Security Fix received a copy of a new scam e-mail targeting Bank of America customers that is likely to con quite a few folks before it is shut down.
Sure, Bank of America is hit by this sort of thing all the time. It's the fourth most popular target for "phishing" scams that use e-mail to lure people into giving away their data at counterfeit sites, according to stats just released by PhishTank. But this is one of the more convincing voice phishing or "vishing" attacks I've seen yet.
Vishing scams start with an e-mail lure that asks the recipient to call a specific 1-800 number to settle some matter with his or her account. The numbers usually are connected to an automated system that asks the caller to key in data from a credit card -- the 16-digit account number, the expiration date and the three-digit security code on the back.
This new Bank of America scam has the same elements, but its execution is nearly flawless (unlike the majority of previous vishing scams Security Fix has seen, which either bungle the voice mail system or use a lure full of poor spelling and grammar). It informs the recipient that his account has been suspended because it was used to purchase "obscene or certain sexually oriented goods or services." From the e-mail:
"We are hereby notifying you that, after a recent review of your account activity, it has been determined that you are in violation of Bank of America's Acceptable Use Policy. Therefore, your account has been temporarily limited for: hotjasmin.com cam shows. In order to remove the limit please call our TOLL FREE number [omitted]." That domain is registered to a guy in the Netherlands, but it's currently inactive.
I recorded a short snippet of the first 45 seconds or so of the automated phone message used in this attack. If the you enter the requested information, the voice then asks for your bank PIN: "Bank of America asks for your PIN in order to verify your identity. This also enables us to assist federal authorities in order to prevent money laundering and other illegal activities."
Generally, it's a good idea not to even dial these bogus 1-800 numbers, as you're essentially giving the scammers your phone number, a key piece of your personal data. It's also a good idea to be very suspicious of e-mails that ask you to call any number. When in doubt, open up a browser Window and find the official Web site of your financial institution, then look up the customer-service number listed there. [Security Fix]
6:41:03 PM
|
|
C-SPAN Unchains Congressional Hearing Videos. C-SPAN has announced that, effective immediately, its videos of Congressional hearings, White House briefings, and other federal events will be freely available for noncommercial copying, sharing and posting, so long as attribution is included (sounds like the Creative Commons by-nc license, but no confirmation on whether that's what they are using). According to the C-SPAN press release, the move recognizes that we're in "an age of explosive growth of video file sharers, bloggers and online citizen journalists."
This is fantastic news! A considerable helping of the credit belongs to Carl Malamud, who responded to a copyright kerfuffle involving House Speaker Nanci Pelosi's use of C-SPAN hearing footage by writing an open letter to C-SPAN's CEO Brian Lamb challenging him to open up the archives to enable these kinds of public uses of C-SPAN content. Several meetings later, it appears C-SPAN decided to rise to the challenge.
Kudos to Carl, and kudos to C-SPAN. This is an amazing bit of public service all around. (Full disclosure: EFF represented Carl in connection with this issue, but we hardly lifted a finger -- all credit goes to Carl.) [EFF: Deep Links]
Editor: Hmm maybe I'll have to consider making some snippets available in the future. A lot of hearings are dry, but every once in a while you get a real gem.
5:56:27 PM
|
|
Open Government Bill Makes Beeline for House Floor. Government accountability supporters throughout the country are preparing to celebrate the public's right to know during Sunshine Week (March 11-17), and it looks like Congress may have the same idea. On Monday, Reps. William Lacy Clay, Todd Russell Platts, and Henry Waxman introduced a bipartisan bill to make several requester-friendly changes to the Freedom of Information Act (FOIA), which hasn't been significantly updated since 1996. Today the amendments got a thumbs-up from the House Committee on Oversight and Government Reform, and could be on the House floor as early as next week. Improvements that H.R. 1309 will make to the FOIA include: - Not allowing agencies to charge fees for requests that aren't processed within 20 working days.
- Ensuring that a broader range of journalists is entitled to reduced processing fees.
- Making it easier for requesters to recover attorney's fees when they prevail in FOIA lawsuits against the government.
- Creating an ombudsman's office to help resolve disputes between requesters and agencies without litigation.
- Establishing a system to help people track the progress of their FOIA requests.
- Imposing greater reporting requirements to let Congress and the public know more about how agencies are handling requests.
- Making sure that government records held by private contractors are subject to release under FOIA.
EFF thinks this bill will give agencies greater incentive to follow the law and make it easier for all FOIA requesters to access government documents. Learn more about open government through EFF's Flag Project and our FOIA FAQ for bloggers. [EFF: Deep Links]
5:51:20 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 6:00:39 PM.
|
|
|
