In Bid to Sway Sales, Cameras Track Shoppers: Via NYT > Privacy.

Retailers say they are using video cameras to watch customers as a way to make shopping in stores more enjoyable, but privacy advocates are skeptical.

[...]

At a mall, a father emerged from a store dragging his unruly young son by the scruff of the neck, as if he were the family cat. The man had no idea his parenting skills were being immortalized.

At an office supply store, a mother decided to get an item from a high shelf by balancing her small child on her shoulders, unaware that she, too, was being recorded.

These scenes may seem like random shopping bloopers, but they are meaningful to stores that are striving to engineer a better experience for the consumer, and ultimately, higher sales for themselves. [ Read more ... ]

EFF Appeals Dismissal of Warrantless Wiretapping Case: Via EFF.org Updates.

EFF today filed its appeal to the 9th Circuit Court of Appeals of the dismissal of Jewel v. NSA, the case EFF brought against the U.S. government and government officials on behalf of AT&T customers to stop the National Security Agency's illegal, unconstitutional, and ongoing mass surveillance of their communications and communications records. The case arises from the still growing stacks of evidence confirming the surveillance, including the technical documents presented by former AT&T employee Mark Klein that describe the NSA's secret mass wiretapping facility in San Francisco. [ Read more ... ]

Senators draft plan to rework U.S. immigration policy - washingtonpost.com: Via washingtonpost.com .

Sens. Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C.) announced the building blocks Thursday for a new push in Congress to overhaul the nation's immigration laws, outlining a plan to require U.S. citizens and legal immigrants to obtain a new high-tech Social Security card tied to their fingerprints or other biometric identifiers and to create a system to bring in temporary workers as the U.S. economy demands.

The immigration "blueprint," outlined in an opinion column posted on The Washington Post's Web site, drew an immediate vow of support from President Obama, who urged Congress "to act at the earliest possible opportunity." [ Read more ... ]

Hacker Disables More Than 100 Cars Remotely: Via Threat Level.

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle. [ Read more ... ]

How Privacy Vanishes Online: Via NYT > Privacy.

Using innocuous bits of data from Web sites like Facebook and Twitter, researchers gleaned people’s names, ages and even Social Security numbers.

Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.

Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.

“Technology has rendered the conventional definition of personally identifiable information obsolete,” said Maneesha Mithal, associate director of the Federal Trade Commission’s privacy division. “You can find out who an individual is without it.” [ Read more ... ]

Obama threatens to veto greater intelligence oversight: Via Salon: Glenn Greenwald.

(updated below)

One of the principal weapons used by the Bush administration to engage in illegal surveillance activities -- from torture to warrantless eavesdropping -- was its refusal to brief the full Congressional Intelligence Committees about its activities.  Instead, at best, it would confine its briefings to the so-called "Gang of Eight" -- comprised of 8 top-ranking members of the House and Senate -- who were impeded by law and other constraints from taking any action even if they learned of blatantly criminal acts. 

This was a sham process:  it allowed the administration to claim that it "briefed" select Congressional leaders on illegal conduct, but did so in a way that ensured there could be no meaningful action or oversight, because those individuals were barred from taking notes or even consulting their staff and, worse, because the full Intelligence Committees were kept in the dark and thus could do nothing even in the face of clear abuses.  The process even allowed the members who were briefed to claim they were powerless to stop illegal programs.  That extremely restrictive process also ensures irresolvable disputes over what was actually said during those briefings, as illustrated by recent controversies over what Nancy Pelosi and other leading Democrats were told about Bush's torture and eavesdropping programs.  Here's how Richard Clarke explained it in July, 2009, on The Rachel Maddow Show: [ Read more ... ]

EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites: Via EFF.org Updates.

EFF has posted documents shedding light on how law enforcement agencies use social networking sites to gather information in investigations. The records, obtained from the Internal Revenue Service and Department of Justice Criminal Division, are the first in a series of documents that will be released through a Freedom of Information Act (FOIA) case that EFF filed with the help of the UC Berkeley Samuelson Clinic.

One of the most interesting files is a 2009 training course that describes how IRS employees may use various Internet tools -- including social networking sites and Google Street View -- to investigate taxpayers. [ Read more ... ]

Investigators: Businesses buying your credit card number: Via NorthWest Cable News.

$10 here. $15 there. 

By putting little charges on your credit card  some companies are making tens of millions of dollars a year. These are businesses that you never gave your credit card number to.

Some consumer groups call it fraud, but it may be perfectly legal.

Christie Frison-Thornton, of Rainier, spotted a $19.95 charge just a few weeks ago.   A company called "Privacy Matters" billed her credit card.

"I thought what the heck is this? Cause I really did not have a clue," said Frison-Thornton. [ Read more ... ]

The dark side of DNA: Via The Globe and Mail.

The only real evidence in a first-degree murder charge against Mr. Turner, the golden sheen of DNA appeared certain to become a silver bullet in the hands of the Crown.

"I told my lawyer, Jerome Kennedy, that there was no way in the world it was true," Mr. Turner recalled in an interview. "He believed me. He said that I was too stupid to commit that crime and leave no evidence."

A lucky hunch by Mr. Kennedy - now Newfoundland's Minister of Health - saved Mr. Turner from a life behind bars. He sought the name and DNA profile of every technician who had worked at the RCMP lab. It turned out that the technician who had tested the ring had also been working on the victim's fingernails a few inches away, creating a strong possibility of contamination.

The technician conceded at Mr. Turner's 2001 trial that she had also contaminated evidence in two previous cases. [ Read more ... ]

Advertising - Instant Ads Set the Pace on the Web: Via NYTimes.com .

Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly.

For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web.

If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. [ Read more ... ]

Feds: TSA Worker Tried to Sabotage Terror Database: Via Threat Level.

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network. [ Read more ... ]

Classmates.com’s Facebook Mimicking Prompts Privacy Suit: Via Threat Level.

The long-lost pal locating site, Classmates.com, has been hit with a class action privacy lawsuit alleging the company violated the law when it decided to make user profiles public in order to compete with Facebook.

The suit alleges that Classmates.com duped its paying customers in late January when it sent them an e-mail saying that members would have to opt-out of new Facebook and iPhone apps to keep their data private. That’s a massive change to the site’s privacy policy and violates federal and Washington State privacy and fairness laws, according to the suit (.pdf) filed in a Washington State federal district court March 5.

Classmates.com has long kept user information non-public, and only paying members can read e-mails sent to them by others, see ‘old friends’ on a map, and see who has been looking at their profile. While the site has some 3 million paying users, it’s been eclipsed by sites like Facebook and MySpace, which have more members, more public profiles and don’t charge.

In order to keep up, Classmates.com decided to make “public Classmates content available to people using a variety of sites and devices, including Facebook and the iPhone,” according to a January 30 e-mail sent to users. [ Read more ... ]

New "Smart Meters" for Energy Use Put Privacy at Risk: Via EFF.org Updates.

The ebb and flow of gas and electricity into your home contains surprisingly detailed information about your daily life. Energy usage data, measured moment by moment, allows the reconstruction of a household's activities: when people wake up, when they come home, when they go on vacation, and maybe even when they take a hot bath.

California's PG&E is currently in the process of installing "smart meters" that will collect this moment by moment data—750 to 3000 data points per month per household—for every energy customer in the state. These meters are aimed at helping consumers monitor and control their energy usage, but right now, the program lacks critical privacy protections.

That's why EFF and other privacy groups filed comments with the California Public Utilities Commission Tuesday, asking for the adoption of strong rules to protect the privacy and security of customers' energy-usage information. Without strong protections, this information can and will be repurposed by interested parties. It's not hard to imagine a divorce lawyer subpoenaing this information, an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary. Marketing companies will also desperately want to access this data to get new intimate new insights into your family's day-to-day routine–not to mention the government, which wants to mine the data for law enforcement and other purposes. [ Read more ... ]

Supreme Court Takes ‘Informational Privacy’ Case: Via Threat Level.

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers.

The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “informational privacy.” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics and Space Administration contractors as being too invasive — calling them an unconstitutional, “broad inquisition.”

The checks sought information from any source surrounding their sex lives, finances and even drug use. The contractors being investigated were not privy to classified information. [ Read more ... ]

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

Worker ID Card at Center of Immigration Plan: Via Wall Street Journal.

Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain.

Under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

The ID card plan is one of several steps advocates of an immigration overhaul are taking to address concerns that have defeated similar bills in the past.

The uphill effort to pass a bill is being led by Sens. Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.), who plan to meet with President Barack Obama as soon as this week to update him on their work. An administration official said the White House had no position on the biometric card. [ Read more ... ]

"Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card: Via Lauren Weinstein's Blog.

Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

Touted as "merely" a "right-to-work" card aimed at addressing illegal immigration concerns, there's simply no fast-talking around the fact that this plan will set in motion a massive national ID infrastructure that will ultimately penetrate every aspect of our lives. Anyone who suggests otherwise is -- sorry to say -- either a liar or a fool. [ Read more ... ]

All Your Apps Are Belong to Apple: The iPhone Developer Program License Agreement: Via EFF.org Updates.

The entire family of devices built on the iPhone OS (iPhone, iPod Touch, iPad) have been designed to run only software that is approved by Apple—a major shift from the norms of the personal computer market. Software developers who want Apple's approval must first agree to the iPhone Developer Program License Agreement.

So today we're posting the "iPhone Developer Program License Agreement"—the contract that every developer who writes software for the iTunes App Store must "sign." Though more than 100,000 app developers have clicked "I agree," public copies of the agreement are scarce, perhaps thanks to the prohibition on making any "public statements regarding this Agreement, its terms and conditions, or the relationship of the parties without Apple's express prior written approval." But when we saw the NASA App for iPhone, we used the Freedom of Information Act (FOIA) to ask NASA for a copy, so that the general public could see what rules conrolled the technology they could use with their phones. NASA responded with the Rev. 3-17-09 version of the agreement (it has reportedly been revised somewhat since—please send us the current version if you are able). [ Read more ... ]

Italy Convicts Google Execs To Protect Privacy: Via NPR.

Europeans are debating the overall reach of the Internet into their lives. An Italian court recently convicted three Google executives for privacy violations after a clip was posted on Google Video showing a disabled student being bullied by classmates in Turin. The ruling highlights a deep trans-Atlantic cultural gap: Americans see the ruling as undermining the concept of freedom of expression, while Europeans put privacy first — they consider it a fundamental human right. [ Read more ... ]

Ubisoft's Authentication Servers Go Down: Via Slashdot.

ZuchinniOne writes "With Ubisoft's fantastically awful new DRM you must be online and logged in to their servers to play the games you buy. Not only was this DRM broken the very first day it was released, but now their authentication servers have failed so absolutely that no-one who legally bought their games can play them. 'At around 8am GMT, people began to complain in the Assassin's Creed 2 forum that they couldn't access the Ubisoft servers and were unable to play their games.' One can only hope that this utter failure will help to stem the tide of bad DRM."

Read Original Article:(Via Slashdot.)

Breaching your online privacy to fight crime: Via The Ottawa Citizen.

The "mosaic effect" is an argument often put forward by governments and police to block access to sensitive information. It suggests even seemingly innocuous pieces of information can be fitted together like a puzzle to form a meaningful picture of something they want kept secret, typically a national security operation.

But when the tables are turned and it's police and government that want to piece together seemingly innocuous bits of your personal and digital information to form a picture of you, the "mosaic effect" is recast as "lawful access" and characterized as benign state intervention into the online lives of Canadians in the name of crime-fighting.

Your name, address, telephone number, e-mail address and Internet Protocol (IP) address can reveal your Internet habits, social network, personal interests, political views, secrets and more.

The government's new "lawful access" initiative, contained in bills C-46 and C-47, was tabled in the Commons in June. It's the latest attempt in a decade-long push by successive governments to give police and other agents of the state, such as the Canadian Security Intelligence Service and the Competition Bureau, modernized surveillance powers and technical capabilities to better patrol the dark side of the digital world.

But here's the rub: C-47 allows police and government agents to demand basic subscriber data from telecommunication and Internet service providers without a warrant. (Some companies routinely volunteer the data when asked, others don't, according to police.)

Cryptome Suspected of Money Laundering or Worse: Via cryptome.org .

PayPal has confiscated donations made to Cryptome since February 24, 2010.
The donations have have been refunded rather than leave them in the untrustworthy
control of PayPal for purposes contrary to those of the donors. The total
upsurge was about $5,300, not much but a peak.

The timing of the confiscation corresponds to the recent Microsoft-Network
Solutions copyright imbroglio and public attention given to the lawful spying
guide series including those of PayPal. PayPal's
legal
agreements describe a wide range of prohibitions -- among them
DMCA
infringement,
counter-terrorism,
violations
of AUP and catch-alls -- for use of its services and urges
reporting of violations.
It "limits" (suspend and/or close) an account without fully explaining the
reasons, some of which may be secret under spying law, others kept confidential
to avoid law suits or bad publicity.

[ Read more ... ]

The Score on USA Patriot Act: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

"We've come to love our fears more than we love our freedoms," Rep. Dennis Kucinich (D-Ohio) mused on the House floor just before that chamber voted 315-97 (with 20 members not voting) to reauthorize the USA Patriot Act without any changes for yet another year.

By now, you know the stakes — the tweaks that could have been made to guarantee that Patriot powers are used only against suspected terrorists or spies and to mandate continued reporting to ensure that we actually learn about current and future Patriot abuses. Many of these fixes were, in fact, included in prior iterations of Patriot reauthorization bills introduced in both the House and the Senate.

As Rep. Jane Harman (D-Calif.) pointed out to her colleagues, "I think we are missing an opportunity. There are good ideas in this House about how to curb the abuses with national security letters, how to clarify that roving wiretaps are limited to a single identifiable target, and how to eliminate the lone wolf provision which has never been used and for which existing title III authority can suffice. Those ideas have been the subject of hearings in the Judiciary Committee, but they're not being debated on this floor . . . I think this is a real missed opportunity." [ Read more ... ]

U.S. Security Agencies Begging for a Cybersecurity "Cold War": Via Blog of Rights: Official Blog of the American Civil Liberties Union.

(Originally posted on Huffington Post.)

So the U.S. security establishment is salivating at the prospect of a new cybersecurity "Cold War." In an over-the-top op-ed in Tuesday's Washington Post, Mike McConnell issues a declaration that we are "fighting a cyber war today" and compares it to the nuclear showdown with the Soviets. McConnell exemplifies the security establishment as much as anyone — former director of the National Security Agency (NSA), former Director of National Intelligence, and currently executive vice president at Booz Allen Hamilton, a private-sector refuge for former U.S. intelligence officials (and a company that stands to make large sums from consulting on cybersecurity). [ Read more ... ]

YouTube's Content ID (C)ensorship Problem Illustrated | Electronic Frontier Foundation: Via EFF - Electronic Frontier Foundation.

As we've pointed out repeatedly, poor design decisions in YouTube's "Content ID" system have resulted in over-blocking of videos that remix copyrighted materials. Today we got perhaps the most vivid example of the problem: the "silencing" of a lecture by Prof. Larry Lessig about the cultural importance of remix creativity. This is just the latest of many examples. We've been on YouTube's case for more than two years about this problem, and it's high time for YouTube to fix the Content ID system to respect the kinds of fair uses that are at the heart of remix creativity.

How did Prof. Lessig's video trigger the Content ID block? He included "snippets" (I use that word intentionally, as Google does in the context of its own Book Search product, to refer to small portions that should qualify as a fair use) from several remix videos. [ Read more ... ]