Privacy Digest

Report: Government's Cyber Security Plan Is Riddled With New Spying Programs - Via Threat Level:

Major elements of the Bush administration's proposed $17 billion "cyber security" initiative have little to do with protecting government networks, and a lot to do with spying, according to a budget report released by the Senate Armed Services Committee this week.

The so-called National Cyber Security Initiative is also wrapped in unnecessary secrecy, and would spend billions on unproven, embryonic technology, and possibly illegal or ill-advised projects, according to the analysis -- which is part of a broad look at the proposed 2009 defense budget.  read more »

DHS Can’t Admit Its Own Mistakes - Via CDT - PolicyBeta:

Back in April, I blogged about how Department of Homeland Security Secretary Michael Chertoff was “dead wrong” when he testified before the Senate that personal information can’t be “skimmed” from an unencrypted barcode, which all driver’s licenses will have under the REAL ID program. Chertoff completely denied that there are any privacy risks associated with the REAL ID card’s “machine-readable zone.”

Sen. Feingold, D-WI, was right to question Chertoff’s testimony that day and followed up with a letter asking the Secretary to further explain why he thought citizens’ personal information wasn’t at risk or why they couldn’t be tracked by scanning REAL ID cards during a multitude of transactions. Just this week, DHS responded to Sen. Feingold via letter. The Department again shirked responsibility for ensuring that Americans’ personal information stored on REAL ID cards is protected and not accessible by unauthorized parties – businesses and government agencies alike.  read more »

Charter to Insert Ads into Web Pages Its Broadband Customers Visit - Via Threat Level:

Charter Communications, one of the nation's largest ISPs, plans to track the web surfing habits of its customers in order to insert its own ads into web pages being visited by its customers, making it the first large American ISP to inject content into traffic its customers pay them to deliver.

In letters being sent to its 2.7 million high speed internet customers, Charter is billing its new ad insertion program as an 'enhancement' for customers' web surfing experience. The letters were first reported by BroadbandReports.com user on Sunday.

Browsing the web can become more like flipping through your favorite magazine, where you see ads that are appealing to you and enhance your enjoyment and the utility of the experience.

Users can opt out of the system, but have to give their full name and address to get an opt-out cookie. The process would have to be repeated for every browser on every computer in a home to block the service, and would have to be reset if cookies are ever deleted.

Charter is entering tricky legal and political territory. The company claims that the program won't show users more ads than they saw before – which means that Charter plans to overwrite the ads from sites like Wired.com. Such a move could easily lead to lawsuits.  read more »

Making Surveillance for the FBI Easy - Via ACLU Blog - Privacy & Technology:

Last night, Hasan Elahi, an artist and San Jose State professor, was a guest on The Colbert Report. In all his bleach-blond glory, Elahi describes for Colbert the experience of being stopped in a Detroit airport and questioned by the FBI in 2002. (The FBI never confirmed that Elahi's name is on the terrorist watch list…but being stopped and questioned at an airport gives a pretty good indication that he was.) After being cleared of any suspicion, he was told that he had to "check in" with the FBI periodically. He did the FBI one better by creating TrackingTranscience.com, in which he surveils himself in real time—his current location is always available at the website. He also takes hundreds of pictures of his whereabouts and uploads them to the site, so if the FBI wants to know what he had to eat (the man consumes a lot of meat), where he went to the bathroom, or his credit card expenses, it's all online—easy breezy for the FBI to keep track of him!  read more »

Shamos on paper trails - Via Freedom to Tinker:

In an interview today with CNet, Michael Shamos talks about paper trails.  Shamos is a professor at CMU who has served as a voting system analyst for the Pennsylvania Secretary of State. In this article, a transcript of an interview conducted by Declan McCullagh, he spends a fair bit of time trashing paper trails, and by that, he’s referring to the “toilet paper roll” thermal printer attachments that are sold by the major U.S. voting system vendors.

He’s correct, to a limited extent.  He discusses a “20%” failure rate, which he probably gets from some problems in Ohio.  It’s certainly the case that these things are poorly engineered.  The ostensible reason for the continuous paper roll, as opposed to cutting the sheets individually, is that you’d have better reliability.  However, having the votes recorded in the order they were cast is a clear violation of voter privacy.  read more »

FBI Withdraws Unconstitutional National Security Letter After ACLU and EFF Challenge - Via EFF: Breaking News:

San Francisco - The FBI has withdrawn an unconstitutional national security letter (NSL) issued to the Internet Archive after a legal challenge from the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). As the result of a settlement agreement, the FBI withdrew the NSL and agreed to the unsealing of the case, finally allowing the Archive's founder to speak out for the first time about his battle against the record demand.

"The free flow of information is at the heart of every library's work. That's why Congress passed a law limiting the FBI's power to issue NSLs to America's libraries," said Brewster Kahle, founder and Digital Librarian of the Internet Archive. "While it's never easy standing up to the government -- particularly when I was barred from discussing it with anyone -- I knew I had to challenge something that was clearly wrong. I'm grateful that I am able now to talk about what happened to me, so that other libraries can learn how they can fight back from these overreaching demands."  read more »

oCERT.org - Open Source CERT:

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

The service aims to help both large infrastructures, like major distributions, and smaller projects that can't afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.

oCERT also provides security vulnerability mediation for the security community, having reliable security contacts between registered projects and reporters that need to get in touch with a specific project regarding infrastructure security issues.

Last but not least oCERT provides aid with security vulnerability research and assessment.

(Read Original Article .)

Isohunt Founder at Center of U.S. Torrent-Tracking Legal Battle - Via Threat Level:

Gary Fung remembers years ago when the first computer he operated was a Pentium 90.

His programming skills have grown considerably since that first computer and his mastery of Pascal. Combined with his business acumen, the 25-year-old Fung now heads the popular BitTorrent search engine Isohunt and two tracking sites, Podtropolis and Torrentbox.

The Motion Picture Association of America claims in a lawsuit that Fung is a copyright scofflaw of the highest order -- facilitating the theft of millions of its copyrighted works hosted in tiny  pieces resting on servers and individuals' computers worldwide.  read more »

Daily Kos: Another victory for the anti-Real ID rebels - Via ACLU's diary in Daily Kos:

By Larry Frankel, State Legislative Counsel, ACLU Washington Legislative Office

The anti-Real ID movement just took a big step forward, with the Arizona Senate’s 21-7 vote to bar implementation of Real ID in Arizona. The bill (H.B. 2677) still has to go back to the Arizona House for another vote and then on to Governor Janet Napolitano for her signature. But as of this writing, Arizona is poised to join the growing number of states who have recognized that Real ID is an expensive and unworkable invasion of our privacy.

The good work of a bipartisan group of Arizona legislators contrasts with what happened last week in Minnesota. Governor Tim Pawlenty vetoed a transportation bill that passed the Minnesota legislature with overwhelming bipartisan support because the members of the Minnesota legislature had the audacity to say no to the federal Real ID Act. The governor’s veto message reads like a set of talking points from the Department of Homeland Security.  read more »

I just entered the promotion code h24870p43h8037 for the Cheerios Helping Hearts promotion that was inside the box of Cheerios that I had just finished. Then I figured that while I was at it I'd enter the promotion that was in the box I hadn't opened yet. Imagine my surprise when I opened the box flap and found the same promotion code h24870p43h8037.

At first I thought it was a printing mistake, but when I entered the code again. The site said that it was accepted and that a dollar was being donated. Hopefully that is what actually happened.

I wonder if its true for all the codes?

I was also happily surprised that no name and address information was required to activate the code.

Google backs open-source CERT group - Via Network World :

Google has thrown its weight behind a fledgling security reporting group for the open-source community.

The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team.

Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products, keeping open-source distributors on top of flaws and helping small software projects ensure that users of their code are aware of any issues.  read more »

Internet Mysteries: How Much File Sharing Traffic Travels the Net? - Via Threat Level:

How much of the traffic on the internet is peer-to-peer file trading?

Everyone seems to agree it represents a lot of the traffic, but the truth is no one knows (with the possible exception of the ISPs and backbone providers in the middle, and they aren't telling or sharing raw data).

One of the most recent reports on P2P traffic came from a traffic optimization firm called Ellacoya in June 2007. Their report said that http-based web traffic had overtaken peer-to-peer traffic on the net, thanks to streaming media sites like YouTube.  read more »

The Freenet Project - Freenet 0.7.0 release candidate 2 now available:

24th Apr, 2008 - Freenet 0.7.0 release candidate 2 now available

Freenet version 0.7 Release Candidate 2 is now available for public testing. Release Candidate 2 features many bugfixes and a number of usability improvements.

Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship. To use it, you must download the Freenet software, available for Windows, Mac, Linux and other operating systems. Once you install and run Freenet, your computer will join a global, decentralized P2P network. You will be able to publish and consume information anonymously, either through your web browser, or through a variety of third party applications.  read more »

One Step Forward, Two Steps Back for Genetic Privacy - Via ACLU Blog - Privacy & Technology:

Yesterday, the House passed H.R. 493, the Genetic Nondiscrimination Act (GINA), and the bill is now headed to President Bush for his signature.
This is a victory for all Americans who value their genetic privacy: GINA prevents employers and health insurance companies from discriminating against applicants based on their genetic code, which, thanks to modern science, reveals a lot about your body's predisposition towards illness and disease.  read more »

McKesson Dinged in Online Pharma Flap, 'Fueled' Addiction - Via Threat Level:

Wondering where those illegal online pharmacies get their dope?

According to the Justice Department, the answer is McKesson Corp., North America's largest pharmaceutical distributor based in San Francisco.

In a deal with six U.S. attorneys, McKesson agreed to pay $13 million to settle allegations it failed to report to the Drug Enforcement Agency "suspicious sales" of controlled substances to pharmacies, the Justice Department said Friday. Those pharmacies, the Justice Department said, filled orders from illegal, online pharmacies that doled out hardcore prescription medications without a doctor's recommendation.  read more »