Privacy Digest

Gag Lifted, Brewster Speaks! - Via ACLU Blog - Government Spying:

The FBI has withdrawn an unconstitutional national security letter issued to the Internet Archive after a legal challenge from the ACLU and the Electronic Frontier Foundation. As the result of a settlement agreement, the FBI withdrew the NSL, agreed to the unsealing of the case, and lifted a gag order — finally allowing the Archive’s founder, Brewster Kahle, to speak out for the first time about his battle against the record demand. Check out this video for Kahle's story in his own words.  read more »

Ominous Signs of a Forthcoming "Compromise" on Telco Immunity - Tell the House To Stand Firm - Via EFF: Deep Links:

This morning, CongressDaily reported that Senator Jay Rockefeller is now privately circulating a new "compromise" proposal on surveillance legislation, only a day after it was reported that the telecoms themselves have begun shopping their own "compromise" proposals around the Hill. You may remember Sen. Rockefeller as the force behind the surveillance bill passed by the Senate in February, which included blanket retroactive immunity for phone companies like AT&T that are alleged to have participated in the National Security Agency's illegal warrantless wiretapping program.

Although the details of the Rockefeller proposal are still unclear, indications are that the so-called "compromise" on telco immunity may well be nearly identical to the original Senate immunity provision, with only a few cosmetic changes.  read more »

Dear Potus 08 - Via CFP: Technology Policy '08:

From the in-progress page on the program wiki:

If the Computers, Freedom, and Privacy community wrote a letter to the next President of the United States about our priorities for technology policy, what would we say -- and how would we get him or her to read it?

There's only one way to find out.

At this year's conference dinner, we will launch a collaborative effort to write a short letter to the next President from the CFP '08 attendees. We'll get these initial results up on a wiki for comments and evolution, and refine them over the follwing 36 hours. By Friday morning, if we've managed to converge on something plausible, we'll start circulating the current draft for signatures. At the end of the conference, we'll mail the current draft to the presidential campaigns and invite their response.

We'll also put it all up on the web - with a Creative Commons "by" (attribution) license - and invite others to use it for whatever purposes they want as we revise our initial draft, get broader involvement and discussion, and try to get our voice heard amidst the din of the campaigns.

We'll be using this blog as a big part of the "Dear Potus 08" project, both to update the details -- currently described as "mostly TBD" -- and to discussparticular topics. The 9.5 theses thread is the best place to get involved with the technology policy discussion right now. In this thread, any questions or thoughts about "Dear Potus 08" -- or links to similar projects?

(Read Original Article - Via CFP: Technology Policy '08.)

Clay Shirky to Deliver Closing Plenary - Via CFP: Technology Policy '08:

We are pleased to announce that Clay Shirky will deliver the closing plenary keynote at CFP Technology Policy '08.Since the 1990s, Shirky has written, taught, and consulted on the social, cultural, and economic effects of Internet technologies and social media. His most recent book, Here Comes Everybody: The Power of Organizing Without Organizations, evaluates the significant role being played by technological advances on the formation and experience of modern group dynamics, citing such examples as Wikipedia and MySpace to demonstrate the Internet's power in bridging geographical and cultural gaps.Shirky is an adjunct professor in NYU's graduate Interactive Telecommunications Program (ITP), where he teaches courses on the interrelated effects of social and technological network topology -- how our networks shape culture and vice-versa.See more about Shirky at Wikipedia, BoingBoing, and on the Colbert Report.

(Read Original Article - Via CFP: Technology Policy '08.)

A New Look at the Hub of AT&T's Spying Program - Via EFF: Deep Links:

Our class action lawsuit against AT&T for collaborating with the National Security Agency in the massive, illegal program to wiretap and data-mine Americans' communications includes powerful evidence of a secret room in San Francisco.

But the hub of the spying program may be just outside of St. Louis, in a Missouri town called Bridgeton. A special report from local station KMOV puts the pieces together in a comprehensive and disturbing story about this dragnet surveillance, with the help of AT&T whistleblower Mark Klein. Watch the video on the KMOV site for a fresh look at a key piece of this spying puzzle.

(Read Original Article - Via EFF: Deep Links.)

Firefox Infects Vietnamese Users With Trojan Code - Via Threat Level:

Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.

Starting in mid-Feburary,  Vietnamese users of Mozilla's open source Firefox browser were at risk of infection from malicious Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site.

The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons.  read more »

EFF Answers Your Questions About Border Searches - Via EFF: Deep Links:

Readers of my deeplink on safeguarding your laptop and digital devices from warrantless searches at the border responded with both questions and answers. Some readers wondered whether you have an obligation not to destroy information on your laptop. Others pointed out that U.S. citizens may be detained, but not turned away, at the U.S. border. Many technologists wrote to offer cryptographic solutions, or warnings about encryption schemes that are not as secure as they should be. In this post, I answer the question about destruction of information and reproduce or summarize, with permission, others' suggestions about protecting your laptop from arbitrary searches. I haven't done any independent analysis of these techniques or tools, so your mileage may vary.  read more »

FBI Withdraws Unconstitutional National Security Letter After ACLU and EFF Challenge - Via EFF: Breaking News:

San Francisco - The FBI has withdrawn an unconstitutional national security letter (NSL) issued to the Internet Archive after a legal challenge from the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). As the result of a settlement agreement, the FBI withdrew the NSL and agreed to the unsealing of the case, finally allowing the Archive's founder to speak out for the first time about his battle against the record demand.

"The free flow of information is at the heart of every library's work. That's why Congress passed a law limiting the FBI's power to issue NSLs to America's libraries," said Brewster Kahle, founder and Digital Librarian of the Internet Archive. "While it's never easy standing up to the government -- particularly when I was barred from discussing it with anyone -- I knew I had to challenge something that was clearly wrong. I'm grateful that I am able now to talk about what happened to me, so that other libraries can learn how they can fight back from these overreaching demands."  read more »

FBI Lifts Gag Order on Internet Archive - Via ACLU Blog - Government Spying:

It’s official: the FBI withdrew its national security letter (NSL) demand that it had issued to the Internet Archive last November. NSLs demand personal records like Web site visits and e-mail addresses without prior court approval, and NSL recipients are forbidden, or "gagged," from telling anyone about the demand. So now that the NSL has been withdrawn, the gag has been lifted, and Brewster Kahle, founder of the Internet Archive, can speak freely about his battle to protect Internet Archive users' privacy rights.  read more »

oCERT.org - Open Source CERT:

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

The service aims to help both large infrastructures, like major distributions, and smaller projects that can't afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.

oCERT also provides security vulnerability mediation for the security community, having reliable security contacts between registered projects and reporters that need to get in touch with a specific project regarding infrastructure security issues.

Last but not least oCERT provides aid with security vulnerability research and assessment.

(Read Original Article .)

FBI Targets Internet Archive With Secret 'National Security Letter', Loses - Via Threat Level:

The Internet Archive, a project to create a digital library of the web for posterity, successfully fought a secret government Patriot Act order for records about one of its patrons and won the right to make the order public, civil liberties groups announced Wednesday morning.

On November 26, 2007, the FBI served a controversial National Security Letter on the Internet Archive, asking for records about one of the library's registered users, asking for the user's name, address.

The Electronic Frontier Foundation, the Internet Archive's lawyers, fought the NSL, challenging its constitutionality in a December 14 complaint (.pdf) to a federal court in San Francisco.  read more »

Isohunt Founder at Center of U.S. Torrent-Tracking Legal Battle - Via Threat Level:

Gary Fung remembers years ago when the first computer he operated was a Pentium 90.

His programming skills have grown considerably since that first computer and his mastery of Pascal. Combined with his business acumen, the 25-year-old Fung now heads the popular BitTorrent search engine Isohunt and two tracking sites, Podtropolis and Torrentbox.

The Motion Picture Association of America claims in a lawsuit that Fung is a copyright scofflaw of the highest order -- facilitating the theft of millions of its copyrighted works hosted in tiny  pieces resting on servers and individuals' computers worldwide.  read more »

Daily Kos: Another victory for the anti-Real ID rebels - Via ACLU's diary in Daily Kos:

By Larry Frankel, State Legislative Counsel, ACLU Washington Legislative Office

The anti-Real ID movement just took a big step forward, with the Arizona Senate’s 21-7 vote to bar implementation of Real ID in Arizona. The bill (H.B. 2677) still has to go back to the Arizona House for another vote and then on to Governor Janet Napolitano for her signature. But as of this writing, Arizona is poised to join the growing number of states who have recognized that Real ID is an expensive and unworkable invasion of our privacy.

The good work of a bipartisan group of Arizona legislators contrasts with what happened last week in Minnesota. Governor Tim Pawlenty vetoed a transportation bill that passed the Minnesota legislature with overwhelming bipartisan support because the members of the Minnesota legislature had the audacity to say no to the federal Real ID Act. The governor’s veto message reads like a set of talking points from the Department of Homeland Security.  read more »

Web firm sounds alert on criminal data trove - Via Reuters:

LONDON (Reuters) - A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks.

Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called "crimeserver".

"This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we've found in this very short time," Yuval Ben-Itzhak, chief technology officer of the California-based firm, said in a phone interview from Israel.

The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain.  read more »

"Crimeserver" Full of Personal/Business Data Found - Via Slashdot:

Presto Vivace sends news of a server found by security firm Finjin that contained a 1.4-GB cache of stolen data, accumulated over a period of less than a month from compromised PCs around the world. The "crimeserver," as Finjin dubs it, "provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers... The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain." Oddly enough, the data was stored in the open, with not even basic auth to protect it. Finjin notes in their press release that this huge trove of data gathered over a short period of time indicates that the crimeware problem is far larger than most observers have been assuming.

(Read Original Article - Via Slashdot.)