Privacy Digest

Ominous Signs of a Forthcoming "Compromise" on Telco Immunity - Tell the House To Stand Firm - Via EFF: Deep Links:

This morning, CongressDaily reported that Senator Jay Rockefeller is now privately circulating a new "compromise" proposal on surveillance legislation, only a day after it was reported that the telecoms themselves have begun shopping their own "compromise" proposals around the Hill. You may remember Sen. Rockefeller as the force behind the surveillance bill passed by the Senate in February, which included blanket retroactive immunity for phone companies like AT&T that are alleged to have participated in the National Security Agency's illegal warrantless wiretapping program.

Although the details of the Rockefeller proposal are still unclear, indications are that the so-called "compromise" on telco immunity may well be nearly identical to the original Senate immunity provision, with only a few cosmetic changes.  read more »

Dear Potus 08 - Via CFP: Technology Policy '08:

From the in-progress page on the program wiki:

If the Computers, Freedom, and Privacy community wrote a letter to the next President of the United States about our priorities for technology policy, what would we say -- and how would we get him or her to read it?

There's only one way to find out.

At this year's conference dinner, we will launch a collaborative effort to write a short letter to the next President from the CFP '08 attendees. We'll get these initial results up on a wiki for comments and evolution, and refine them over the follwing 36 hours. By Friday morning, if we've managed to converge on something plausible, we'll start circulating the current draft for signatures. At the end of the conference, we'll mail the current draft to the presidential campaigns and invite their response.

We'll also put it all up on the web - with a Creative Commons "by" (attribution) license - and invite others to use it for whatever purposes they want as we revise our initial draft, get broader involvement and discussion, and try to get our voice heard amidst the din of the campaigns.

We'll be using this blog as a big part of the "Dear Potus 08" project, both to update the details -- currently described as "mostly TBD" -- and to discussparticular topics. The 9.5 theses thread is the best place to get involved with the technology policy discussion right now. In this thread, any questions or thoughts about "Dear Potus 08" -- or links to similar projects?

(Read Original Article - Via CFP: Technology Policy '08.)

Clay Shirky to Deliver Closing Plenary - Via CFP: Technology Policy '08:

We are pleased to announce that Clay Shirky will deliver the closing plenary keynote at CFP Technology Policy '08.Since the 1990s, Shirky has written, taught, and consulted on the social, cultural, and economic effects of Internet technologies and social media. His most recent book, Here Comes Everybody: The Power of Organizing Without Organizations, evaluates the significant role being played by technological advances on the formation and experience of modern group dynamics, citing such examples as Wikipedia and MySpace to demonstrate the Internet's power in bridging geographical and cultural gaps.Shirky is an adjunct professor in NYU's graduate Interactive Telecommunications Program (ITP), where he teaches courses on the interrelated effects of social and technological network topology -- how our networks shape culture and vice-versa.See more about Shirky at Wikipedia, BoingBoing, and on the Colbert Report.

(Read Original Article - Via CFP: Technology Policy '08.)

DRM Not Dead, Just Temporarily Indisposed, Says RIAA Tech Head - Via Freedom to Tinker:

The RIAA’s head technology guy says that the move away from DRM (anti-copying) technology by record labels is just a phase, according to a Greg Sandoval story at News.com:

“(Recently) I made a list of the 22 ways to sell music, and 20 of them still require DRM,” said David Hughes, who heads up the RIAA’s technology unit, during a panel discussion at the Digital Hollywood conference. “Any form of subscription service or limited play-per-view or advertising offer still requires DRM. So DRM is not dead.”

…

Last January, when Sony BMG became the last major recording company to sell DRM-free tracks at Amazon, plenty of observers considered the technology buried. Since then, a growing number of online stores have begun offering at least some open MP3s, including Walmart.com, Zune’s Marketplace, Amazon, as well as iTunes.

Not so fast, said Hughes, who predicted that DRM would reemerge in a big way. “I think there is going to be a shift,” he told the audience. “I think there will be a movement towards subscription services, and (that) will eventually mean the return of DRM.”

The imminent success of subscription services with DRM is more or less what the record industry was predicting several years ago.  read more »

A New Look at the Hub of AT&T's Spying Program - Via EFF: Deep Links:

Our class action lawsuit against AT&T for collaborating with the National Security Agency in the massive, illegal program to wiretap and data-mine Americans' communications includes powerful evidence of a secret room in San Francisco.

But the hub of the spying program may be just outside of St. Louis, in a Missouri town called Bridgeton. A special report from local station KMOV puts the pieces together in a comprehensive and disturbing story about this dragnet surveillance, with the help of AT&T whistleblower Mark Klein. Watch the video on the KMOV site for a fresh look at a key piece of this spying puzzle.

(Read Original Article - Via EFF: Deep Links.)

EFF Answers Your Questions About Border Searches - Via EFF: Deep Links:

Readers of my deeplink on safeguarding your laptop and digital devices from warrantless searches at the border responded with both questions and answers. Some readers wondered whether you have an obligation not to destroy information on your laptop. Others pointed out that U.S. citizens may be detained, but not turned away, at the U.S. border. Many technologists wrote to offer cryptographic solutions, or warnings about encryption schemes that are not as secure as they should be. In this post, I answer the question about destruction of information and reproduce or summarize, with permission, others' suggestions about protecting your laptop from arbitrary searches. I haven't done any independent analysis of these techniques or tools, so your mileage may vary.  read more »

FBI Withdraws Unconstitutional National Security Letter After ACLU and EFF Challenge - Via EFF: Breaking News:

San Francisco - The FBI has withdrawn an unconstitutional national security letter (NSL) issued to the Internet Archive after a legal challenge from the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). As the result of a settlement agreement, the FBI withdrew the NSL and agreed to the unsealing of the case, finally allowing the Archive's founder to speak out for the first time about his battle against the record demand.

"The free flow of information is at the heart of every library's work. That's why Congress passed a law limiting the FBI's power to issue NSLs to America's libraries," said Brewster Kahle, founder and Digital Librarian of the Internet Archive. "While it's never easy standing up to the government -- particularly when I was barred from discussing it with anyone -- I knew I had to challenge something that was clearly wrong. I'm grateful that I am able now to talk about what happened to me, so that other libraries can learn how they can fight back from these overreaching demands."  read more »

FBI Lifts Gag Order on Internet Archive - Via ACLU Blog - Government Spying:

It’s official: the FBI withdrew its national security letter (NSL) demand that it had issued to the Internet Archive last November. NSLs demand personal records like Web site visits and e-mail addresses without prior court approval, and NSL recipients are forbidden, or "gagged," from telling anyone about the demand. So now that the NSL has been withdrawn, the gag has been lifted, and Brewster Kahle, founder of the Internet Archive, can speak freely about his battle to protect Internet Archive users' privacy rights.  read more »

oCERT.org - Open Source CERT:

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

The service aims to help both large infrastructures, like major distributions, and smaller projects that can't afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.

oCERT also provides security vulnerability mediation for the security community, having reliable security contacts between registered projects and reporters that need to get in touch with a specific project regarding infrastructure security issues.

Last but not least oCERT provides aid with security vulnerability research and assessment.

(Read Original Article .)

FBI Targets Internet Archive With Secret 'National Security Letter', Loses - Via Threat Level:

The Internet Archive, a project to create a digital library of the web for posterity, successfully fought a secret government Patriot Act order for records about one of its patrons and won the right to make the order public, civil liberties groups announced Wednesday morning.

On November 26, 2007, the FBI served a controversial National Security Letter on the Internet Archive, asking for records about one of the library's registered users, asking for the user's name, address.

The Electronic Frontier Foundation, the Internet Archive's lawyers, fought the NSL, challenging its constitutionality in a December 14 complaint (.pdf) to a federal court in San Francisco.  read more »

Court Ruling on Voter ID Law May Encourage Tighter State Regulation - Via NewsHour with Jim Lehrer Podcast | PBS:

The Supreme Court voted 6 to 3 Monday to uphold an Indiana law requiring voters to show photo identification at polling stations. The National Law Journal's Marcia Coyle examines the impact of the Supreme Court decisions on voters and state regulations.

(Read Original Article - Via NewsHour with Jim Lehrer Podcast | PBS.)

Daily Kos: Another victory for the anti-Real ID rebels - Via ACLU's diary in Daily Kos:

By Larry Frankel, State Legislative Counsel, ACLU Washington Legislative Office

The anti-Real ID movement just took a big step forward, with the Arizona Senate’s 21-7 vote to bar implementation of Real ID in Arizona. The bill (H.B. 2677) still has to go back to the Arizona House for another vote and then on to Governor Janet Napolitano for her signature. But as of this writing, Arizona is poised to join the growing number of states who have recognized that Real ID is an expensive and unworkable invasion of our privacy.

The good work of a bipartisan group of Arizona legislators contrasts with what happened last week in Minnesota. Governor Tim Pawlenty vetoed a transportation bill that passed the Minnesota legislature with overwhelming bipartisan support because the members of the Minnesota legislature had the audacity to say no to the federal Real ID Act. The governor’s veto message reads like a set of talking points from the Department of Homeland Security.  read more »

I just entered the promotion code h24870p43h8037 for the Cheerios Helping Hearts promotion that was inside the box of Cheerios that I had just finished. Then I figured that while I was at it I'd enter the promotion that was in the box I hadn't opened yet. Imagine my surprise when I opened the box flap and found the same promotion code h24870p43h8037.

At first I thought it was a printing mistake, but when I entered the code again. The site said that it was accepted and that a dollar was being donated. Hopefully that is what actually happened.

I wonder if its true for all the codes?

I was also happily surprised that no name and address information was required to activate the code.

No-go on GOFA - Via CDT - PolicyBeta:

Today, CDT posted an updated memorandum on the most recent version of the Global Online Freedom Act (”GOFA”). GOFA was first introduced by Rep. Christopher Smith (R-NJ) several years ago in response to troubling reports of company complicity in Internet censorship and cooperation in prosecutions of dissidents who posted political material online. The late Rep. Tom P. Lantos, (D-Ca) took up the cause last year and the bill was reported out of the Committee on Foreign Affairs late last year. Industry opposition to the bill has been fierce and efforts to bring the bill to the floor on suspension have thus far been thwarted.

CDT strongly believes that technology companies doing business in countries that broadly surveil and censor the Internet must take serious steps to identify and minimize the human rights risks associated with providing services and technology solutions in those countries. For several years, we have been co-facilitating a multi-stakeholder initiative aimed at developing global principles to guide ICT companies facing free expression and privacy challenges.  We remain hopefully that these principles will grow into a global industry standard that will give the industry a road map for collective action in this area.

We also believe that companies must not hide from these challenges. They should advocate for changes in public policy that protect the rights of their users, challenge laws where possible and collaborate with human rights groups and other stakeholders to build support for an open Internet that supports human rights.  read more »