Senators draft plan to rework U.S. immigration policy - washingtonpost.com: Via washingtonpost.com .

Sens. Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C.) announced the building blocks Thursday for a new push in Congress to overhaul the nation's immigration laws, outlining a plan to require U.S. citizens and legal immigrants to obtain a new high-tech Social Security card tied to their fingerprints or other biometric identifiers and to create a system to bring in temporary workers as the U.S. economy demands.

The immigration "blueprint," outlined in an opinion column posted on The Washington Post's Web site, drew an immediate vow of support from President Obama, who urged Congress "to act at the earliest possible opportunity." [ Read more ... ]

Worker ID Card at Center of Immigration Plan: Via Wall Street Journal.

Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain.

Under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

The ID card plan is one of several steps advocates of an immigration overhaul are taking to address concerns that have defeated similar bills in the past.

The uphill effort to pass a bill is being led by Sens. Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.), who plan to meet with President Barack Obama as soon as this week to update him on their work. An administration official said the White House had no position on the biometric card. [ Read more ... ]

"Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card: Via Lauren Weinstein's Blog.

Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

Touted as "merely" a "right-to-work" card aimed at addressing illegal immigration concerns, there's simply no fast-talking around the fact that this plan will set in motion a massive national ID infrastructure that will ultimately penetrate every aspect of our lives. Anyone who suggests otherwise is -- sorry to say -- either a liar or a fool. [ Read more ... ]

Serious Apache Exploit Discovered: Via Slashdot.

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit."
Note: according to the advisory, this exploit is exclusive to Windows.

Read Original Article:(Via Slashdot.)

Breaching your online privacy to fight crime: Via The Ottawa Citizen.

The "mosaic effect" is an argument often put forward by governments and police to block access to sensitive information. It suggests even seemingly innocuous pieces of information can be fitted together like a puzzle to form a meaningful picture of something they want kept secret, typically a national security operation.

But when the tables are turned and it's police and government that want to piece together seemingly innocuous bits of your personal and digital information to form a picture of you, the "mosaic effect" is recast as "lawful access" and characterized as benign state intervention into the online lives of Canadians in the name of crime-fighting.

Your name, address, telephone number, e-mail address and Internet Protocol (IP) address can reveal your Internet habits, social network, personal interests, political views, secrets and more.

The government's new "lawful access" initiative, contained in bills C-46 and C-47, was tabled in the Commons in June. It's the latest attempt in a decade-long push by successive governments to give police and other agents of the state, such as the Canadian Security Intelligence Service and the Competition Bureau, modernized surveillance powers and technical capabilities to better patrol the dark side of the digital world.

But here's the rub: C-47 allows police and government agents to demand basic subscriber data from telecommunication and Internet service providers without a warrant. (Some companies routinely volunteer the data when asked, others don't, according to police.)

Cryptome Suspected of Money Laundering or Worse: Via cryptome.org .

PayPal has confiscated donations made to Cryptome since February 24, 2010.
The donations have have been refunded rather than leave them in the untrustworthy
control of PayPal for purposes contrary to those of the donors. The total
upsurge was about $5,300, not much but a peak.

The timing of the confiscation corresponds to the recent Microsoft-Network
Solutions copyright imbroglio and public attention given to the lawful spying
guide series including those of PayPal. PayPal's
legal
agreements describe a wide range of prohibitions -- among them
DMCA
infringement,
counter-terrorism,
violations
of AUP and catch-alls -- for use of its services and urges
reporting of violations.
It "limits" (suspend and/or close) an account without fully explaining the
reasons, some of which may be secret under spying law, others kept confidential
to avoid law suits or bad publicity.

[ Read more ... ]

Open Wi-Fi 'outlawed' by Digital Economy Bill(UK)k: Via ZDNet.co.uk .

The government will not exempt universities, libraries and small businesses providing open Wi-Fi services from its Digital Economy Bill copyright crackdown, according to official advice released earlier this week.

This would leave many organisations open to the same penalties for copyright infringement as individual subscribers, potentially including disconnection from the internet, leading legal experts to say it will become impossible for small businesses and the like to offer Wi-Fi access.

Lilian Edwards, professor of internet law at Sheffield University, told ZDNet UK on Thursday that the scenario described by the Department for Business, Innovation and Skills (BIS) in an explanatory document would effectively "outlaw open Wi-Fi for small businesses", and would leave libraries and universities in an uncertain position. [ Read more ... ]

Redrawing the Route to Online Privacy: Via NYT > Privacy.

ON the Internet, things get old fast. One prime candidate for the digital dustbin, it seems, is the current approach to protecting privacy on the Internet.

It is an artifact of the 1990s, intended as a light-touch policy to nurture innovation in an emerging industry. And its central concept is “notice and choice,” in which Web sites post notices of their privacy policies and users can then make choices about sites they frequent and the levels of privacy they prefer.

But policy and privacy experts agree that the relentless rise of Internet data harvesting has overrun the old approach of using lengthy written notices to safeguard privacy. [ Read more ... ]

Wyndham hotels hacked again: Via Computerworld Cybercrime/Hacking News.

Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data.

The break-in occurred between late October 2009 and January 2010, when it was finally discovered. It affected an undisclosed number of company franchisees and hotel properties that Wyndham manages. Wyndham has acknowledged the incident in a note posted to its Web site.

"A hacker intruded on our systems and accessed customers information from a limited number of franchised and managed properties," the company said. "The hacker was able to move some information to an off-site URL before we discovered the intrusion."

Hackers were able to steal data required for credit card fraud, the company said, including "guest names and card numbers, expiration dates and other data from the card's magnetic stripe." [ Read more ... ]

Wyndham Worldwide hacked and database breached, giving access to some payment card information: Via Wyndham Worldwide.

To our Wyndham Hotels and Resorts guests:

In late January, 2010, our company discovered that a sophisticated hacker penetrated the computer systems of one of the Wyndham Hotels and Resorts (WHR) data centers. By going through the centralized network connections, the hacker was then able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers. The incident did not affect any of the other branded hotels in the Wyndham Hotel Group system. We deeply regret that this incident occurred and are doing everything we can to notify our customers directly, to address and remedy the problem. CLICK HERE FOR FAQS ABOUT THE INCIDENT. [ Read more ... ]

Pentagon Discloses Hundreds of Reports of Possibly Illegal Intelligence Activities: Via EFF.org Updates.

The Department of Defense has released more than 800 heavily-redacted pages of intelligence oversight reports, detailing activities that its Inspector General has “reason to believe are unlawful.” The reports are the latest in an ongoing document release by more than a half-dozen intelligence agencies in response to a Freedom of Information Act (FOIA) lawsuit filed by EFF in July 2009.

The reports, submitted to the Intelligence Oversight Board (IOB) by various Department of Defense components, cover the period from 2001 through 2008. The IOB’s role within the Executive Office of the President is to ensure that each component of the intelligence community works within the Constitution and all applicable laws. As such, the Inspector General of each intelligence agency is required to submit periodic reports to the IOB, which in turn is required to forward to the Attorney General any report identifying an intelligence activity that violates the law. Intelligence oversight reporting is rarely disclosed to the public. [ Read more ... ]

FBI Tracks Suspects' Cell Phones Without a Warrant: Via Newsweek.com .

Law enforcement is tracking Americans' cell phones in real time—without the benefit of a warrant.

But many federal magistrates—whose job is to sign off on search warrants and handle other routine court duties—were spooked by the requests. Some in New York, Pennsylvania, and Texas balked. Prosecutors "were using the cell phone as a surreptitious tracking device," said Stephen W. Smith, a federal magistrate in Houston. "And I started asking the U.S. Attorney's Office, 'What is the legal authority for this? What is the legal standard for getting this information?' "

Those questions are now at the core of a constitutional clash between President Obama's Justice Department and civil libertarians alarmed by what they see as the government's relentless intrusion into the private lives of citizens. [ Read more ... ]

Leaked ACTA draft reveals plans for internet clampdown: Via Computerworld(NZ).

ISPs must snoop on subscribers or face being sued by content owners

The US, Europe and other countries including New Zealand are secretly drawing up rules designed to crack down on copyright abuse on the internet, in part by making ISPs liable for illegal content, according to a copy of part of the confidential draft agreement that was seen by the IDG News Service.

It is the latest in a series of leaks from the anticounterfeiting trade agreement (ACTA) talks that have been going on for the past two years. Other leaks over the past three months have consisted of confidential internal memos about the negotiations between European lawmakers.

The chapter on the internet from the draft treaty was shown to the IDG News Service by a source close to people directly involved in the talks, who asked to remain anonymous. Although it was drawn up last October, it is the most recent negotiating text available, according to the source.

It proposes making ISPs (internet service providers) liable under civil law for the content their subscribers upload or download using their networks. [ Read more ... ]

ACTA "internet enforcement" chapter leaks: Via Boing Boing .

Someone has uploaded a PDF to a Google Group that is claimed to be the proposal for Internet copyright enforcement that the USA has put forward for ACTA, the secret copyright treaty whose seventh round of negotiations just concluded in Guadalajara, Mexico. This reads like it probably is genuine treaty language, and if it is the real US proposal, it is the first time that this material has ever been visible to the public. According to my source, the US proposal is the current version of the treaty as of the conclusion of the Mexico round.

I've read it through a few times and it reads a lot like DMCA-plus. It contains, for example, a duty to technology firms to shut down infringement where they have "actual knowledge" that such is taking place. This argument was put forward in the Grokster case, and as Fred von Lohmann argued then, this is a potentially deadly burden to place on technology companies: in the offline world Xerox has "actual knowledge" that its technology is routinely used to infringe copyright at Kinko's outlets around the world -- should that create a duty to stop providing sales and service to Kinko's?

This also includes takedown procedures for trademark infringement, as well as the existing procedures against copyright infringement. [ Read more ... ]

Another Debit Card Skimmer: Via Schneier on Security.

This one is installed inside gas pumps. There's nothing the customer can detect.

Read Original Article:(Via Schneier on Security.)

Copyright Undercover: ACTA & the Web: Via Internet Evolution - The Big Report .

Let's pause a moment to consider the nature of copyright, the Internet, and governance. Copyright law has historically been made by and for the entertainment industry's supply chain. Copyright rules were not envisioned as an adequate or desirable regulation-set for any other realm: We don't try to shoehorn labor law, finance, education, healthcare, election campaigns, or parenting matters into copyright.

But once you take those activities onto the Internet, copyright becomes the first line of regulation governing everything. It's impossible to do anything on the Internet without making copies (you made between 5 and 50 copies of this article just by following a link to it). And since copyright regulates copying, any rule that affects copyright will affect all those realms, too.

That's what makes ACTA's secrecy so troubling, even if you don't care about copyright, fair use, or other wonky subjects. [ Read more ... ]

Pa. schools spy on students using laptop webcams, claims lawsuit: Via Computerworld.

Class-action suit alleges schools remotely activate webcams on school-issued notebooks

Computerworld - A suburban Philadelphia school district remotely activates the cameras in school-provided laptops to spy on students in their homes, a lawsuit filed in federal court Tuesday alleged.

According to the lawsuit filed by a high school student and his parents, the Lower Merion School District of Ardmore, Pa. has spied on students and families by "indiscriminate use of and ability to remotely activate the webcams incorporated into each laptop issued to students by the School District."

Approximately 1,800 students at the district's two high schools have been given laptops as part of a state- and federally-funded "one-to-one" student-to-laptop initiative.

Michael and Holly Robbins of Penn Valley, Pa., said they first found out about the alleged spying last November after their son Blake was accused by a Harriton High School official of "improper behavior in his home" and shown a photograph taken by his laptop.

An assistant principal at Harriton later confirmed that the district could remotely activate the webcam in students' laptops. [ Read more ... ]

Over 75,000 systems compromised in cyberattack: Via Computerworld Cybercrime/Hacking News.

Correction: An earlier version of this story incorrectly said the cyberattacks began in 1998. They began in 2008.

Security researchers at Herndon, Va.-based NetWitness Corp. have unearthed a massive botnet affecting at least 75,000 computers at 2,500 companies and government agencies worldwide.
The Kneber botnet, named for the username linking the affected machines worldwide, has been used to gather login credentials to online financial systems, social networking sites and e-mail systems for the past 18 months, according to NetWitness.

A 75GB cache of stolen data discovered by NetWitness included 68,000 corporate login credentials, login data for user accounts at Facebook, Yahoo and Hotmail, 2,000 SSL certificate files and a large amount of highly detailed "dossier-level" identity information. In addition, systems compromised by the botnet also give attackers remote access inside the compromised network, the company said.

"Disturbingly, the data was only a one-month snapshot of data from a campaign that has been in operation for more than a year," NetWitness said in a statement announcing the discovery of the botnet late yesterday. [ Read more ... ]

GPS Tracking: Turning Science Fiction Into Reality: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

As a fan of the The Wire, I can find lots of plot twists and exciting scenes that illustrate the basic constitutional balance between the rights of individuals and the power of law enforcement. The Wire portrays police who follow the rules and those who don't as they wiretap, search, photograph and otherwise conduct their investigations into complex criminal cases.

In one episode, Detective Leander Snydor has followed a drug dealer to a house which might link him to other criminal relationships. Snydor skillfully walks past the dealer's car, fixes a GPS tracking system to the underside of the vehicle, and walks away with a whistle.

That might seem like smart cop work when aimed at an enormous, fictional drug ring in the mean streets of Baltimore. But GPS is no longer HBO fiction. In Madison, Wisconsin, where law enforcement agents used GPS to track someone suspected of violating a restraining order without first getting a warrant, it's very, very real. Unfortunately, according to the Wisconsin Court of Appeals, we should let go of the expectation that police need permission to track our movements. [ Read more ... ]

Guard Your Health Insurance Card: Via Bucks Blog - NYTimes.com .

You may want to make sure you know where your health insurance card is.

According to a new study, the 2010 Identity Fraud Survey Report, from the research company Javelin Strategy & Research, 7 percent of identity fraud victims this year reported identity thieves stole their health insurance information, up from just 3 percent last year.

So even though the actual total dollar amount of health care identity fraud didn’t increase meaningfully from 2008 to 2009, James Van Dyke, the president and founder of Javelin, said he expected to see more incidences of health insurance identity fraud showing up in next year’s study and beyond. “We’re seeing more criminal access to private medical records in our survey now, and therefore, we expect to see resulting increases in health care fraud in future years’ studies,” Mr. Van Dyke said. [ Read more ... ]

Spying on User Web Browsing Histories for Fun and Profit!: Via Lauren Weinstein's Blog.

Greetings. A bit over a year ago, I reported here about a commercial firm using JavaScript tricks to pry into the site browsing history of unsuspecting Web users, and I discussed the serious negative implications of such spying.

Now comes a handy "do it yourself" guide detailing the kinds of obnoxious techniques involved, under the name "Sniff browser history for improved user experience" -- a quintessential example of how to portray (that is, spin) an obvious privacy invasion as if it were a user-friendly value proposition.

It's not terribly surprising that the author of the piece devotes only a couple of words to even the possibility that such techniques could be used for "evil" purposes. [ Read more ... ]

Microsoft's new 'phone home' anti-piracy practice unacceptable, says critic: Via Computerworld Privacy News.

'At what point is one free of this' perpetual checking, asks Lauren Weinstein

The Internet advocate who blasted Microsoft in 2006 over the daily "phone home" habits of its anti-piracy software took the company to task again today for a new practice that will examine consumers' Windows 7 PCs every 90 days to make sure they're running legitimate copies of the OS.

Lauren Weinstein, the co-founder of People For Internet Responsibility (PFIR), urged Windows 7 users not to accept the option update to Windows Activation Technologies (WAT) when Microsoft begins seeding it to the Windows Update service later this month.

"The approach that Microsoft is now taking doesn't seem to make sense, even for honest consumers," Weinstein argued in a post to his blog. "Microsoft will trigger forced downgrading to non-genuine status if they believe a Windows 7 system is potentially pirated based on their 'phone home' checks that will occur at (for now) 90 day intervals during the entire life of Windows 7 on a given PC, even months or years after purchase. [ Read more ... ]

EP ditches US SWIFT deal on bank data over privacy - : Via Banking : europa, europe | euronews.

An EU deal with the US has been judged not good enough for the European Parliament — the so-called SWIFT agreement on sharing bank data. This would have meant exposing ordinary Europeans’ accounts to American anti-terrorist investigators.

A nine-month interim agreement went into force provisionally at the start of this month. But Liberal, Socialist and Green euro-MPs opposed it. They said the correct balance between security and the protection of civil liberties was missing.

[...]

Washington previously had access to the data, collected by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which registers money transfers among states. EU diplomats say one way to regain access could be to seek bilateral agreements.

Read Original Article:(Via Banking : europa, europe | euronews.)

Protect Your Privacy on Google Buzz: Via EFF.org Updates.

Google's new social networking service, Buzz has upset a lot of people who have inadvertently posted the list of the people they email and chat with most frequently on their profile. If you took the default options and didn't opt-out or edit this list during profile creation, the list becomes part of your profile. Since who you email with frequently can often be private information (reporters and sources, doctors and patients, former significant others, etc), making this list public can create serious problems.

If you're going to use Google Buzz, we recommend that you opt-out during profile creation. If you have already created a profile, change it to private immediately. Then go through the suggested list, and edit it as appropriate before making it public again. PC World has a helpful privacy checklist to help users understand the privacy implications of Google Buzz options. [ Read more ... ]

Researchers find huge weakness in European payment cards: Via Computerworld Security News.

Hundreds of millions of payment cards throughout Europe have a flaw that could allow criminals with a stolen card to enter any random PIN to complete a transaction, according to researchers from the University of Cambridge.

The findings, which will be presented at the IEEE Symposium on Security and Privacy in California in May, cast new doubts on chip-and-PIN or EMV cards. The cards contain a microchip that verifies a correct PIN in order to complete a transaction.

European banks hail the system as more secure, as U.S. cards do not have the microchip, which has so far prevented some types of card cloning.

But the Cambridge researchers have found a weakness in the complicated EMV protocol that allows for a man-in-the-middle attack. It essentially tricks the point-of-sale terminal into believing it has received a correct PIN no matter what digits are entered. [ Read more ... ]