Privacy Digest

Judge in Murdoch Hacker Trial Admonishes CEO - Via Threat Level:

A California judge overseeing the trial against a Rupert Murdoch company for allegedly hacking a competitor and helping pirates steal pay-TV content, admonished the CEO of the Murdoch firm for leaving the court without testifying. As a result of the CEO's action, the judge suggested that if his company loses the trial it could face shareholder lawsuits.

Multichannel News reports that U.S. District Court Judge David Carter made the comments on Friday after temporarily halting the trial in mid-testimony and dismissing the jury.  read more »

Yale Information Society Project's 9.5 Theses for Technology Policy in the Next Administration - Via CFP: Technology Policy '08:

The theme of the 18th Annual Computers, Freedom, and Privacy Conference is "Technology Policy '08." To help shape public debate in this election year, the Information Society Project at Yale Law School recommends the following policy principles - The 9.5 Theses for Technology Policy in the Next Administration:  read more »

Workshop: Activism and Education Using Social Networks - Via CFP: Technology Policy '08:

As well as providing ways to stay in touch with friends and make new connections, social networking technologies are increasingly important for activism and education. This interactive workshop will look at social networks and other innovative avenues such as blogs, wikis, mashups, and virtual worlds - as well as the role of more traditional online communication mechanisms like email and discussion forums. It will cover these technologies and their larger implications; techniques for engaging others while dealing with challenges such as trolling, flaming, and privacy invasion; and a nuts-and-bolts introduction to utilizing these tools.

The Computers, Freedom, and Privacy Workshop on Activism and Education Using Social Networks will run in parallel with the concurrent sessions on Thursday, May 22. To accommodate those will be attending -- or presenting at! -- other sessions for different parts of the day, we're organizing the bulk of the workshop as a series of independent modules, covering different skills, and best practices for educators and activists. We'll also cover success stories, brainstorm challenges faced by attendees, and construct groups for CFP attendees to stay in touch as well as profiles and groups for several organizations attending.  read more »

Declassified NSA Document Reveals the Secret History of TEMPEST - Via Threat Level:

It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government's most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2. It was a top secret encrypted teletype terminal used by the Army and Navy to transmit wartime communications that could defy German and Japanese cryptanalysis.

Then he noticed something odd.

Far across the lab, a freestanding oscilloscope had developed a habit of spiking every time the teletype encrypted a letter. Upon closer inspection, the spikes could actually be translated into the plain message the machine was processing. Though he likely didn't know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether.  read more »

Microsoft Gives Backdoor to Law Enforcement -- Well, Not Really - Via Threat Level:

Admit it. You always thought Microsoft had put a backdoor into its operating system to allow law enforcement agents to worm their way into your computer.

Now the proof is here. At least that's how some readers are interpreting a story out yesterday about a forensic tool that Microsoft is providing crime-stoppers to help them extract evidence from computers seized at crime scenes.

The Computer Online Forensic Evidence Extractor, or COFEE, is a USB memory stick that was "quietly distributed" to a handful of law-enforcement agencies last June, according to Seattle Times tech reporter Benjamin Romano. Romano says the portable device can "decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."  read more »

CDT Testimony: DHS, State Using Insecure RFID Technology - Via Center for Democracy and Technology:

The long-range or "vicinity" Radio Frequency Identification (RFID) technology chosen by the Departments of Homeland Security and State for government-issued ID documents poses serious risks to personal privacy and security, CDT testified today before a Senate Homeland Security Subcommittee. CDT recommended that DHS and State abandon the technology, which was originally developed to track things, not people, and that encryption be used to protect a citizen's unique ID number. CDT also urged Congress to support legislation or regulations banning unauthorized "skimming" of RFID chips and prohibiting use of the passport card and Enhanced Driver's License beyond border security.

# CDT Prepared Statement [PDF] April 29, 2008
# CDT Written Testimony [PDF] April 29, 2008

(Read Original Article - Via Center for Democracy and Technology.)

Which Gov Agency Should Be Your Computer's Firewall? - Via Threat Level:

First the NSA says it needs to examine every search and email on the internet to prevent an e-9/11 attack, then President Bush signs a secret cyber-security Presidential Directive to make that possible, while the Air Force has set up a cyber warfare division where cyber-security is played like a game of Space Invaders.

Not to be left out on the cybarmegeddon! action, the Department of Homeland Security plans to spearhead a "Manhattan Project" attempt to secure the internet. But there's no way FBI chief Robert Mueller is gonna let DHS honcho Michael Chertoff have all the bits, so this week he told a House committee that G-Men need to be living in the tubes, too.  read more »

Hacker in Murdoch Trial Acknowledges Receiving Money from Murdoch Firm - Via Threat Level:

An American hacker who is at the core of a piracy trial against a Rupert Murdoch subsidiary, testified this week that he created pirating software for the company but did not use it to sabotage the company's rivals.  read more »

Chertoff Disagrees with the Rest of His Agency, Again - Via CDT - PolicyBeta:

Nine days ago, Sophia Cope blogged about how Homeland Secretary Secretary Michael Chertoff suggested that REAL IDs cannot be skimmed, in sharp contrast to DHS REAL ID Regs, which clearly say that the REAL ID is at risk of skimming. Today, CDT Fellow Peter Swire blogged on the Center for American Progress Web site about a new Chertoff statement where he said that “fingerprints aren’t ‘Personal Data.’” Swire shows that this comment lies in sharp contrast to DHS’ stated policy that fingerprints are “personally identifiable information.”

It is now time for DHS to make clear, is Chertoff purposely suggesting changes to existing policy or are these both misstatements?

(Read Original Article - Via CDT - PolicyBeta.)

FCC Gets an Earful From Open-Net Defenders at Stanford - Via Threat Level:

Stanford professor Larry Lessig brought down the house at a net neutrality hearing Thursday, calling for the Federal Communications Commission to finally move to make sure that the internet's architecture remain open and neutral, with the goal of having the internet become as uncomplicated as the electrical grid.

With his standard flair for stunning PowerPoint presentations, Lessig made the case that an open internet made possible the massive economic gains of the 1990s and that network operators who want to change the internet in order to create fast and slow lanes need to prove that such a 'smart' network would actually be better than an internet where the intelligence lies at the edges.

"We are facing these problems because of a failure of FCC policy," Lessig said, as the FCC's five commissioners sat behind him in a Stanford auditorium. "The FCC failed to make it clear to the network owners that if they are building the internet they need to build it neutrally."  read more »

ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses - Via Threat Level from Wired.com:

Seeking to make money from mistyped website names, some of the United States' largest ISPs are instead creating gaping security holes in the web's largest websites, including eBay, PayPal, Google and Yahoo.

The ISPs are making it possible for hackers to turn any website into a source of viruses, phishing attacks and other malware.

The massive vulnerability introduced by Earthlink and Comcast was quietly and quickly patched on Friday, after IOActive security researcher Dan Kaminsky reported the vulnerability to Earthlink and its technology partner, a British ad company called Barefruit.  read more »

FCC Hearings at Stanford: Towards a Consensus on ISP Transparency? - Via EFF: Deep Links:

Yesterday, the FCC held a second hearing in its investigation of Comcast's use of forged RST packets to interfere with BitTorrent and other P2P applications. Free Press has a page linking to written testimony, statements, and audio and video recordings from the Stanford hearing.

At the previous hearing at Harvard Law School, Comcast attracted criticism for filling the auditorium with paid attendees. This time around, the telcos declined to participate at all. They sent proxies in their place: a conservative think tank called the Phoenix Center, freelance tech pundit George Ou, and one ISP: Lariat.net of Wyoming. It's a pity that ISPs aren't willing to participate in public debate about their own practices.  read more »

ISPs Say P4P Negates Need for Net Neutrality Regs - Via Slashdot:

Donut hole hole writes "AT&T and Comcast are using recent successful P2P trials to argue to the FCC that there's no need for strong traffic management or net neutrality rules. 'Comcast's statement, filed with the FCC on April 9th, hails an announcement by P2P developer Pando Networks that its experiments with P4P technology on a wide variety of U.S. broadband networks have boosted delivery speeds by up to 235 percent. This news, Comcast vice president Kathryn A. Zachem wrote to the Commission, "provides further proof that policymakers have been right to rely on marketplace forces, rather than government regulation, to govern the evolution of Internet services."' Looks like Comcast only likes P2P technology when it can be used to serve its political and regulatory agenda."

(Read Original Article - Via Slashdot.)

E-Passport Hacker Designs RFID Security Tool - Via Threat Level:

Editor: Interesting graphic removed. Go to original site for that [...]

The team that produced the RFDump research/hacker tool for cloning and altering data stored on radio-frequency ID tags has now come out with a product to thwart RFID hackers.

German security researcher Lukas Grunwald, who made headlines two years ago for uncovering security vulnerabilities in new electronic passports being adopted by the U.S. and other countries, created RFDump with colleague Boris Wolf in 2004.

Now the two have created RF-Wall (shown on the lower shelf in the picture at right) to help thwart RFID fraud and attacks against e-passports, electronic access cards and payment cards -- such as the Mifare Classic card that is used in the London Underground and which security researchers recently cracked.  read more »

Tracking device on bins ensures residents chip in - Via The Sydney Morning Herald:

Bin Brother is watching you.

When Randwick City Council began replacing its 78,000 residential garbage and recycling bins last month, a resident, Dan Himbrechts, scratched his head. Why get rid of old ones that seemed to work perfectly well?

His suspicions grew further when he noticed a small, flat, circular object hidden under the rim of his new bin. About the size of a 10-cent coin, it had the letters "TI-RFid" embossed on it.

A quick Google search and Mr Himbrechts realised what he was looking at - an electronic tracking device known as a radio frequency identification tag.  read more »

Administration Set to Use New Spy Program in U.S. - Via washingtonpost.com :

The Bush administration said yesterday that it plans to start using the nation's most advanced spy technology for domestic purposes soon, rebuffing challenges by House Democrats over the idea's legal authority.

Homeland Security Secretary Michael Chertoff said his department will activate his department's new domestic satellite surveillance office in stages, starting as soon as possible with traditional scientific and homeland security activities -- such as tracking hurricane damage, monitoring climate change and creating terrain maps.

Sophisticated overhead sensor data will be used for law enforcement once privacy and civil rights concerns are resolved, he said. The department has previously said the program will not intercept communications.  read more »