Privacy Digest

A New Look at the Hub of AT&T's Spying Program - Via EFF: Deep Links:

Our class action lawsuit against AT&T for collaborating with the National Security Agency in the massive, illegal program to wiretap and data-mine Americans' communications includes powerful evidence of a secret room in San Francisco.

But the hub of the spying program may be just outside of St. Louis, in a Missouri town called Bridgeton. A special report from local station KMOV puts the pieces together in a comprehensive and disturbing story about this dragnet surveillance, with the help of AT&T whistleblower Mark Klein. Watch the video on the KMOV site for a fresh look at a key piece of this spying puzzle.

(Read Original Article - Via EFF: Deep Links.)

Firefox Infects Vietnamese Users With Trojan Code - Via Threat Level:

Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.

Starting in mid-Feburary,  Vietnamese users of Mozilla's open source Firefox browser were at risk of infection from malicious Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site.

The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons.  read more »

oCERT.org - Open Source CERT:

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

The service aims to help both large infrastructures, like major distributions, and smaller projects that can't afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.

oCERT also provides security vulnerability mediation for the security community, having reliable security contacts between registered projects and reporters that need to get in touch with a specific project regarding infrastructure security issues.

Last but not least oCERT provides aid with security vulnerability research and assessment.

(Read Original Article .)

FBI Targets Internet Archive With Secret 'National Security Letter', Loses - Via Threat Level:

The Internet Archive, a project to create a digital library of the web for posterity, successfully fought a secret government Patriot Act order for records about one of its patrons and won the right to make the order public, civil liberties groups announced Wednesday morning.

On November 26, 2007, the FBI served a controversial National Security Letter on the Internet Archive, asking for records about one of the library's registered users, asking for the user's name, address.

The Electronic Frontier Foundation, the Internet Archive's lawyers, fought the NSL, challenging its constitutionality in a December 14 complaint (.pdf) to a federal court in San Francisco.  read more »

No-go on GOFA - Via CDT - PolicyBeta:

Today, CDT posted an updated memorandum on the most recent version of the Global Online Freedom Act (”GOFA”). GOFA was first introduced by Rep. Christopher Smith (R-NJ) several years ago in response to troubling reports of company complicity in Internet censorship and cooperation in prosecutions of dissidents who posted political material online. The late Rep. Tom P. Lantos, (D-Ca) took up the cause last year and the bill was reported out of the Committee on Foreign Affairs late last year. Industry opposition to the bill has been fierce and efforts to bring the bill to the floor on suspension have thus far been thwarted.

CDT strongly believes that technology companies doing business in countries that broadly surveil and censor the Internet must take serious steps to identify and minimize the human rights risks associated with providing services and technology solutions in those countries. For several years, we have been co-facilitating a multi-stakeholder initiative aimed at developing global principles to guide ICT companies facing free expression and privacy challenges.  We remain hopefully that these principles will grow into a global industry standard that will give the industry a road map for collective action in this area.

We also believe that companies must not hide from these challenges. They should advocate for changes in public policy that protect the rights of their users, challenge laws where possible and collaborate with human rights groups and other stakeholders to build support for an open Internet that supports human rights.  read more »

ACLU Commends Net Neutrality Hearing - Via American Civil Liberties Union:

WASHINGTON – The American Civil Liberties Union commends Chairman Edward Markey (D-MA) of the Subcommittee on Telecommunications and the Internet for holding a hearing today on the Internet Freedom Preservation Act of 2008 (H.R. 5353), legislation designed to keep the Internet free for open discourse.

Caroline Fredrickson, director of the ACLU Washington Legislative office said, "This legislation is a good first step in protecting the Internet from blocking, censorship and discrimination by powerful phone and cable companies." Frederickson said the hearing and the legislation are "important measures to bring net neutrality the attention it needs." She added that the ACLU, which has been fighting for First Amendment freedoms for 87 years, encourages members of Congress and the FCC to take immediate action to safeguard free speech and innovation online.  read more »

Internet Mysteries: How Much File Sharing Traffic Travels the Net? - Via Threat Level:

How much of the traffic on the internet is peer-to-peer file trading?

Everyone seems to agree it represents a lot of the traffic, but the truth is no one knows (with the possible exception of the ISPs and backbone providers in the middle, and they aren't telling or sharing raw data).

One of the most recent reports on P2P traffic came from a traffic optimization firm called Ellacoya in June 2007. Their report said that http-based web traffic had overtaken peer-to-peer traffic on the net, thanks to streaming media sites like YouTube.  read more »

Backroom FISA Deal in the Making? - Via ACLU Blog - Government Spying:

There was chatter on the blogs last week that FISA compromise was in the works, but it wasn't until late Friday night that our lobbyists confirmed that House Majority Leader Steny Hoyer (D-Md.) is working on a compromise bill with Senator Jay Rockefeller (D-W.Va.) — yes, the same senator known for taking thousands of dollars of campaign contributions from the telecom companies he's angling to protect with immunity. Hoyer and Rockefeller may try to lock in a deal within the next few days.  read more »

The Freenet Project - Freenet 0.7.0 release candidate 2 now available:

24th Apr, 2008 - Freenet 0.7.0 release candidate 2 now available

Freenet version 0.7 Release Candidate 2 is now available for public testing. Release Candidate 2 features many bugfixes and a number of usability improvements.

Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship. To use it, you must download the Freenet software, available for Windows, Mac, Linux and other operating systems. Once you install and run Freenet, your computer will join a global, decentralized P2P network. You will be able to publish and consume information anonymously, either through your web browser, or through a variety of third party applications.  read more »

Slashdot | Freenet Releases 0.7.0rc2 - Via Tech at Slashdot:

evanbd writes
"The Freenet Project has announced Freenet 0.7.0rc2. From the announcement: 'Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship. Freenet 0.7 is a ground-up rewrite of Freenet. The key user-facing feature in Freenet 0.7 is the ability to operate Freenet in a "darknet" mode, where your Freenet node will only talk to other Freenet users that you trust. This makes it much more difficult for an adversary to discover that you are using Freenet, let alone what you are doing with it. 0.7 also includes significant improvements to both security and performance.' Of course, for those of us who don't know anyone else running Freenet, or simply prefer it, there's also a non-darknet mode available."

(Read Original Article - Via Tech at Slashdot.)

What's Up with the Secret Cybersecurity Plans, Senators Ask DHS - Via Threat Level:

The government's new cyber-security "Manhattan Project" is so secretive that a key Senate oversight panel has been reduced to writing a letter to beg for answers to the most basic questions, such as what's going on, what's the point and what about privacy laws.

The Senate Homeland Security committee wants to know, for example, what is the goal of Homeland Security's new National Cyber Security Center. They also want to know why it is that in March, DHS announced that Silicon Valley evangelist and security novice Rod Beckstrom would direct the center, when up to that point DHS said the mere existence of the center was classified.

Those are just two sub-questions out of a list of 17 multi-part questions centrist Sens. Joe Lieberman (I-Connecticut) and Susan Collins (R-Maine) sent to DHS in a letter Friday.  read more »

White House Plans Proactive Cyber-Security Role for Spy Agencies - Via washingtonpost.com - Technology:

America's spy agencies for the first time would be tasked with gathering intelligence on threats to the nation's computer networks under a policy that could be detailed by the White House as early as next week, a senior administration official said Wednesday.

Speaking at a security conference in Washington, the official said the Bush administration wants to harness the intelligence community's offensive capabilities in defense of government and civilian computer systems.

"We've never looked at how all the unique things this government wages against others could be used to inform our defensive posture," said the official, who asked not to be named because the White House has not yet released details about the plan. "We really need to move from [the reality that] the advantage is always with the attacker to how we can have our offense better inform our defense to shrink that gap."  read more »

Yale Information Society Project's 9.5 Theses for Technology Policy in the Next Administration - Via CFP: Technology Policy '08:

The theme of the 18th Annual Computers, Freedom, and Privacy Conference is "Technology Policy '08." To help shape public debate in this election year, the Information Society Project at Yale Law School recommends the following policy principles - The 9.5 Theses for Technology Policy in the Next Administration:  read more »

Court-Approved Wiretapping Rose 14% in '07 - Via Threat Level:

Last year might have been a rough year for U.S. home prices, but growth in government wiretaps remained healthy, with the eavesdropping sector posting a 14% increase in court orders compared to 2006. In 2007, judges approved 4,578 state and federal wiretaps, as compared to 4,015 in 2006, according to two new reports on criminal and intelligence wiretaps.

Editor: Interesting graphic removed. Go to original site for that [...]

State police applied for 27% more wiretaps in 2007 than in 2006, with 94% of them targeting cell phones, according to figures released by the U.S. Courts' administrator. In 2007, state judges approved 1,751 criminal wiretap applications, without turning any of them down, according to  the report (.pdf). That's a near-three fold increase in state wiretaps since 1997. Federal criminal wiretaps remained fairly constant -- hovering around 500 -- though exact numbers aren't known since the Justice Department has begun withholding information from the administrators of the U.S. court regarding sensitive investigations.  read more »

FBI wants to move hunt for criminals into Internet backbone - Via Ars Technica :

FBI director Robert Mueller's testimony to the Judiciary Committee of the House of Representatives on Wednesday gave a tiny glimpse of the future of law enforcement online, and it raised some tough questions about the evolving line between public and private in a networked world.

In a blog post on the hearing, CNet's Declan McCullagh reproduced the most relevant portion of the testimony—an exchange between Rep. Darrell Issa (R-CA) and Director Mueller on the subject of the FBI's role in detecting and stopping illegal activity on the Internet. Issa began the discussion with the analogy of an FBI raid on a bookie, where the Bureau obtains a warrant to get proof of illegal activity. He then moved to the subject of online crimes and the ongoing barrage of cyberattacks on civilian, government, and military targets, asking Mueller what types of legal powers he would need to be able to obtain proof of those attacks in order to bring a prosecution.

Mueller responded with the follow revealing nugget.  read more »

FBI Wants Authority To Filter Net Backbone - Via Slashdot: Your Rights Online:

Dionysius, God of Wine and Leaf, writes "There are places where criminal activity is centralized: the backbone hubs located in hosting facilities across the country. All of the Internet's activity, legal and illegal, flows through these 'choke points,' and the feds, of course, are already tapping those points and siphoning off data. What Mueller wants is the legal authority to comb through the backbone data, which is already being siphoned off by the NSA, in order to look for illegal activity."

(Read Original Article - Via Slashdot: Your Rights Online.)