| |
|
Thursday, March 15, 2007
|
|
SELinux by Example. Ravi writes "SELinux
is a project started and actively maintained by the U.S Department of
Defense to provide a Mandatory Access Controls mechanism in Linux. It
had been a long standing grouse of Linux power users and system
administrators over its lack of fine grained access control over
various running processes as well as files in Linux. While Solaris
touts its famous RBAC and Microsoft Windows has its own way of
providing finer rights to its resources, Linux had to put up with the
simple but crude user rights known in tech speak as discretionary
access control to control user access of files. With SELinux project
making great strides and now being bundled with many major Linux
distributions, it is possible to effectively lock down a Linux system
through judicious use of SELinux policies. SELinux implements a more
flexible form of MAC called type enforcement and an optional form of
multilevel security." -- Read the rest of Ravi's review. Or go directly to my Amazon Associate site and buy the book - SELinux by Example [Slashdot]
3:49:06 PM 
|
|
Democrats grill FCC about neutrality, surveillance, more. Surveying the FCC's accomplishments in the three years since commissioners were last been required to make an account before a House oversight committee, some representatives question whether recent Republican supervision on such issues as emegency preparedness, NSA surveillance and Net neutrality wasn't somewhat lax [Computerworld Privacy News]
3:24:37 PM
|
|
Chertoff: Security and privacy not at odds. Calling privacy groups "Luddites," DHS head Michael Chertoff defends the Real I.D. Act. He claims that the data-chipped drivers licenses, which will be linked to a numbers of databases around the country, will actually protect privacy Editor:And down is up, black is white, and I have a bridge I'd like to sell you.
[...]
The head of the Department of Homeland Security on Thursday
downplayed privacy concerns raised by the government's efforts to
create standardized, data-chipped drivers licenses across the country.
The same technology that makes information on identification
cards more reliable can also protect privacy, DHS Secretary Michael
Chertoff said during a speech to the Northern Virginia Technology
Council. "It's my contention that properly used technology ... actually
protects privacy," he said. "We should not allow folks to be captivated
by the argument that every time we do something with a computer, it
invades privacy."
Chertoff was referring to privacy concerns surrounding the Real ID
Act, a law passed by Congress in 2005 that would require states to
create machine-readable ID cards containing the name of the holder, the
data of birth, a digital photograph and other information.
Privacy groups, including the Electronic Privacy Information Center
(EPIC), have said that the DHS hasn't come up with rules on how the
information on the cards should be protected. DHS has made only "vague"
plans for card security and for restricting which state motor vehicle
agency employees would have access to the information, EPIC says.
"On security and privacy standards for the card, state motor vehicle
facilities, and the personal data and documents collected in state
motor vehicle databases, DHS shows little interest," EPIC says on its
Web site.
But Chertoff said those raising privacy concerns about the use of IT
in the U.S. government's domestic security efforts create a false
tension between security and privacy. "This kind of Luddite attitude
... is exactly wrong," he said. "Security and privacy are very much the
same type of value. I don't think they're mutually exclusive, they're
mutually reinforced."
Chertoff also talked about how DHS is using IT. Technology plays a
part in nearly all the agency's efforts, including machines that read
fingerprints at border crossings, databases that link law enforcement
investigations and scanning technologies for containers coming into the
U.S. [Computerworld Privacy News]
3:12:44 PM
|
|
Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed. After years of criticism from EFF and other privacy advocates, Google announced yesterday a new policy on how it handles logs of its users' searches: after 18-24 months, it will delete key information in its server logs that could be used to link particular users to records of their search queries. This is a big change from Google's previous policy, which was essentially to keep all of those logs forever in identifiable form, and we're certainly glad to see that Google is starting to limit its retention of such sensitive data. Your Google search history can paint an intimate portrait of your most private interests and concerns. Particularly in light of the disastrous AOL search terms disclosure, recent scandals involving government surveillance, and Google's own recent court fight with the government over a subpoena for search records, it seems that Google has finally realized that limiting the retention of such records is essential to protecting your privacy. Hopefully, Google's change in policy will spur other online service providers to consider how they can minimize the amount of personal data that they store, and perhaps even prompt competition between service providers to offer the most privacy-protective services. However, we hope that this new announcement is only Google's first step in changing its privacy practices, because additional changes would better protect user privacy and set an even better example for the industry: - Google should shorten the retention period for identifiable logs to six months at the outside, and ideally to only thirty days (which is AOL's retention limit for similar logs). Barring this, it should at least justify why it needs such records for up to two years, beyond offering one-sentence platitudes about how such records are used to improve Google's service.
- Google should also shorten the retention of the "anonymized" logs, which Google apparently still intends to keep forever. As Google itself admits, the new policy changes still don't guarantee users' anonymity, and holding onto those records indefinitely still poses a serious private threat.
- Therefore, Google should consider more robust anonymization techniques, up to and including scrubbing entire IP addresses rather than just the last quarter or "octet" of such addresses.
- Finally, Google should expand its new anonymization policy to include the search records of users with Google Account log-ins, and to records generated by their myriad other services, rather than limiting the policy change to regular search logs.
Beyond making these additional policy changes, there's one more thing that Google should be doing[~]something we think it actually has a duty to do as a good corporate citizen and as a preeminent Internet powerhouse[~]and that is using its considerable political clout to fight for better Internet privacy laws on Capitol Hill. Right now, there are significant questions as to whether or how Internet search logs are protected by existing federal privacy laws, and Google owes it to its customers to publicly advocate for updating those privacy laws for the 21st century. [EFF: Deep Links]
3:05:57 PM
|
|
Spyware Legislation Could Aid Enforcement, CDT Testifies. An anti-spyware measure pending in Congress contains important provisions that could strengthen enforcement against spyware scammers, but broad consumer privacy legislation is still needed to address the larger issues associated with spyware, CDT Deputy Director Ari Schwartz told a congressional panel today. Testifying before the House Energy and Commerce Committee's Subcommittee on Commerce Trade and Consumer Protection, Schwartz applauded language in the Spy Act (H.R. 964) that bolsters the Federal Trade Commission's enforcement capabilities. But Schwartz also noted that the longtime practice of addressing privacy concerns sector-by-sector, rather than as part of a broader initiative would not get to the root of the problem. [Center for Democracy and Technology]
2:45:50 PM
|
|
Comments on Google's Privacy Announcement. Greetings. Google has announced significant changes to their data retention policy. Since I'm already being asked for my opinion regarding their announcement, I'm sending this out now rather selfishly to avoid having to generate a large number of individual responses... [Lauren Weinstein's Blog]
2:22:07 PM
|
|
Google is changing its data retention practices to make it harder to identify the specific computers used in searches.
Google's servers log information every time someone conducts a Web
search, keeping data such as the keywords used, the Internet Protocol
address or unique number assigned to that person's computer, and
information from Web cookies, which are small bits of data exchanged
between a server and a Web browser each time the browser accesses the
server. Cookies are used to authenticate the user and maintain
information such as the user's site preferences.
Currently, Google maintains the search data logs indefinitely. Under
the new policy announced on Wednesday, which Google expects to have
fully implemented by the end of the year, the company will anonymize
the final eight bits of the IP address and the cookie data after
somewhere between 18 months and 24 months, unless legally required to
retain the data for longer. The information on specific searches will
remain indefinitely, but it will be much harder to tie the searches to
specific individuals or computers.
"Logs anonymization does not guarantee that the government will not be
able to identify a specific computer or user, but it does add another
layer of privacy protection to our users' data," the company said.
The policy change will apply to future Web search data as well
as archived logs and all copies of the data stored on other servers,
Google said. Users will be able to opt out of the practice and request
that their search data be maintained indefinitely.
Privacy advocates in general said Google's policy change is a step in
the right direction but not nearly enough to really protect Web
searchers from overzealous law enforcers. Keeping the search histories
could enable investigators and governments to get to all sorts of
personal information about people, they argue.
"I don't think the Google proposal is adequate. This period is too long
and it's not in fact data destruction, it's more data
de-identification, and that should be happening in 18 to 24 hours, not
months," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "I'm not persuaded that this isn't still a ticking time bomb for Google's search engine."
Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics,
said Google should never be archiving the IP address and cookies on
servers. "Google should not be in the spy business," he said. "By
logging IP addresses and search strings they are running the largest
intelligence operation in the world."
Anonymizing the last eight bits of the IP address effectively
would enable investigators to narrow the IP address down to 256
possible computers or users. That would be similar to obscuring the
last digit in someone's street address.
[...]
Kevin Bankston, staff attorney at the Electronic Frontier Foundation,
said he would like to see Google scrub the entire IP address within six
months, but praised Google for making this "positive first step."
"We hope other online service providers will heed this example and work
to minimize the amount of data they keep about their customers,"
Bankston said.
[...]
The risks associated with Web search data were highlighted last August when AOL inadvertently exposed on the Internet the search history of more than 650,000 of its users. The move prompted widespread criticism from privacy advocates and Congress and the filing of a complaint against AOL with the Federal Trade Commission, as well as the firing of two AOL employees and the resignation of its chief technology officer and a class action lawsuit.
2:21:06 PM
|
|
Googleis reversing a long-standing policy to
retain all the data on its users indefinitely, and by the end of the
year will begin removing identifying data from its search logs after 18
months to two years, depending on the country the servers are located
in. Currently, Google retains indefinitely detailed server logs
on its search engine users, including user's IP addresses - which can
identify a user's computer, the query, any result that is clicked on,
their browser and operating system, among other details. Even if a user
never signs up for a Google account, those searches are all tied
together through a cookie placed on the user's computer, which
currently expires in 2038. The new policy will be global, but there will be variances by country, especially in Europe where a data retention rule passed
in 2005 requires ISPs and phone companies to keep data from six months
to two years. After that time period, Google will "anonymize" the
search data from web and image searches by dropping either the second
half or last quarter of I.P. addresses, thus turning an address such as
127.0.34.35into127.0or127.0.34. The goal is to make it technically
impossible to retroactively tie a query back to a computer, unless the
query included identifying information. User logs from services
that require log-ins, such as personalized search, Google Documents and
Gmail will not be subject to this policy. Those services are governed
by their own privacy policies. More can be found on this at Google's
official blog announcement.
Civil
libertarians have long criticized the search giant's hoarding for data,
saying that the data store created an attractive target for law
enforcement and civil suits. Google successfully quashed a Justice Department request for large chunks of user data in 2005.
2:15:53 PM
|
|
Google To "Anonymize" Personal Data after 18-24 Months.Google made a major announcement today that by the end of the year will begin removing identifying data from its search logs after 18 -24 months:
When you search on Google, we collect information about
your search, such as the query itself, IP addresses and cookie details.
Previously, we kept this data for as long as it was useful. Today we're
pleased to report a change in our privacy policy: Unless we're legally
required to retain log data for longer, we will anonymize our server
logs after a limited period of time. When we implement this policy
change in the coming months, we will continue to keep server log data
(so that we can improve Google's services and protect them from
security and other abuses)--but will make this data much more
anonymous, so that it can no longer be identified with individual
users, after 18-24 months.
They've released a log retention FAQ (PDF) with more details, including how they will "anonymize" the log data:
What does it mean to anonymize the logs?
We will change some of the bits in the IP address in the logs as well
as change the cookie information. We're still developing the precise
technical methods and approach to this, but we believe these changes
will be a significant addition to protecting user privacy.
How do these anonymizing measures protect user privacy?
Changing the bits of an IP address makes it less likely that the IP
address can be associated with a specific computer or user. Cookie
anonymization makes it less likely that a cookie can be used to
identify a user.
Do these changes guarantee anonymization?
It is difficult to guarantee complete anonymization, but we believe
these changes will make it very unlikely users could be identified.
This is an important and promising step towards greater privacy and
protection of personal search history records. But remember, AOL thought they had released anonymized data as well.
Just because and IP and cookie has been modified doesn't mean that user
privacy is ensured. The preferred solution would be for Google to purge the data altogether after, or just don't collect it in the first place.
Unfortunately I don't have much time for further analysis (baby, dissertation, oh my!), but 27B Stroke 6 is on top of it, and CNet has reaction from CDT, EFF, and others.
michaelzimmer.org]
2:12:41 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 9:37:24 PM.
|
|
|
