Paul Hardwick: Government

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

HP Case Wraps Up but Pretexting Problems Remains.

Sun, 18 Mar 2007 01:26:39 GMT

HP Case Wraps Up but Pretexting Problems Remains. Although a new federal law makes pretexting illegal, it will likely remain a problem for phone companies and other potential victims of the practice. [PC World: Latest Technology News]

U.S. Lawmakers Introduce New Spyware Bill.

Sun, 18 Mar 2007 01:21:55 GMT

U.S. Lawmakers Introduce New Spyware Bill. Two U.S. lawmakers reintroduce a bill that would impose penalties of up to five years of prison time and fines for spyware activities. [PC World: Latest Technology News]

FOIA Reforms Plow Forward in Congress.

Sun, 18 Mar 2007 00:58:34 GMT

FOIA Reforms Plow Forward in Congress.

The House of Representatives has passed a bill that will make much-needed updates to the Freedom of Information Act (FOIA), and strengthen the public's right to get records from the federal government. H.R. 1309, the Freedom of Information Act Amendments of 2007, was approved yesterday by a considerable 308-117 margin. But the White House lashed out against the legislation, calling FOIA improvements "premature and counterproductive" in light of an 2005 presidential order requiring agencies to streamline their FOIA processes.

Just this week the National Security Archive released a report showing how necessary FOIA improvements are. The non-profit research group found that most federal agencies have failed to improve online access to public information in spite of a decade-old FOIA change requiring that they do so.

In related news, a bipartisan bill similar to H.R. 1309 was introduced earlier this week in the Senate. Like the House bill, S. 849, the Openness Promotes Effectiveness in our National Government Act of 2007, will improve the public's right to access government information through the FOIA and penalize agencies that don't comply with the law.

Learn more about the FOIA and EFF's Flag Project here.

[EFF: Deep Links]

Governor Announces Florida First in Nation to Access National Crime Database.

Fri, 16 Mar 2007 19:50:03 GMT

Governor Announces Florida First in Nation to Access National Crime Database. "This powerful tool will help protect both the victims of child abuse and neglect and the public servants charged with protecting them." [GT: Security and Privacy]

Antispyware advocates try, try again in Congress.

Fri, 16 Mar 2007 19:46:19 GMT

Antispyware advocates try, try again in Congress. A U.S. House subcommittee heard repeated praise today for an antispyware proposal similar to two previous bills that won passage in the House -- only to fail when they got to the Senate. [Computerworld Privacy News]

More Than 100 Security Breaches Reported Under Law to Thwart ID Thieves.

Fri, 16 Mar 2007 19:31:47 GMT

More Than 100 Security Breaches Reported Under Law to Thwart ID Thieves. "Consumers who get notice can act fast to protect their good names." [GT: Security and Privacy]

FT.com - Web censorship spreading globally

Fri, 16 Mar 2007 19:14:16 GMT

Internet censorship is spreading rapidly, being practised by about two dozen countries and applied to a far wider range of online information and applications, according to research by a transatlantic group of academics.

The warning comes a week after a Turkish court ordered the blocking of YouTube to silence offensive comments about Mustafa Kemal Ataturk, the founder of modern Turkey, marking the most visible attack yet on a website that has been widely adopted around the world.

A recent six-month investigation into whether 40 countries use censorship shows the practice is spreading, with new countries learning from experienced practitioners such as China and benefiting from technological improvements.

OpenNet Initiative, a project by Harvard Law School and the universities of Toronto, Cambridge and Oxford, repeatedly tried to call up specific websites from 1,000 international news and other sites in the countries concerned, and a selection of local-language sites.

The research found a trend towards censorship or, as John Palfrey, executive director of Harvard Law School's Berkman Center for Internet and Society, said, "a big trend in the reverse direction", with many countries recently starting to adopt forms of online censorship.

Ronald Deibert, associate professor of political science at the University of Toronto, said 10 countries had become "pervasive blockers", regularly preventing their citizens seeing a range of online material. These included China, Iran, Saudi Arabia, Tunisia, Burma and Uzbekistan.

New censorship techniques include the periodic barring of complete applications, such as China's block on Wikipedia or Pakistan's ban on Google's blogging service, and the use of more advanced technologies such as "keyword filtering", which is used to track down material by identifying sensitive words.

Methods such as these are being copied as countries new to censorship learn from those with more experience. "There's a growing awareness of best practice - or rather, worst practice," Mr Deibert said.

Web Censorship on the Increase.

Fri, 16 Mar 2007 19:10:15 GMT

Web Censorship on the Increase. mid-devonian writes "Close on the heels of the temporary blocking of YouTube by a Turkish judge, a group of academics has published research showing that Web censorship is on the increase worldwide. As many as two dozen countries are blocking content using a variety of techniques. Distressingly, the most censor-heavy countries (which includes China, Iran, Saudi Arabia, Tunisia, Burma and Uzbekistan) seem to be passing on their technologically sophisticated techniques to other areas of the world. 'New censorship techniques include the periodic barring of complete applications, such as China's block on Wikipedia or Pakistan's ban on Google's blogging service, and the use of more advanced technologies such as 'keyword filtering', which is used to track down material by identifying sensitive words.'" [Slashdot: Your Rights Online]

NPR Takes First Step To Fight Internet Royalties.

Fri, 16 Mar 2007 18:57:50 GMT

NPR Takes First Step To Fight Internet Royalties. jmcharry sent in an article that opens, "After the Copyright Royalty Board (CRB) decided to drastically increase the royalties paid to musicians and record labels for streaming songs online, National Public Radio (NPR) will begin fighting the decision on Friday, March 16 by filing a petition for reconsideration with the CRB panel." [Slashdot: Your Rights Online]

CDT Applauds House Passage of Open Government Bill.

Fri, 16 Mar 2007 18:48:11 GMT

CDT Applauds House Passage of Open Government Bill. The House on Wednesday voted overwhelmingly to approve legislation that strengthens the Freedom of Information Act (FOIA). CDT applauded the House vote and in a letter Tuesday thanked the House Committee on Oversight and Government Reform for its leadership on the measure. H.R. 1309 -- sponsored by Committee Chairman Henry Waxman (D-Calif.), Rep. William Lacy Clay (D-Mo.) and Rep. Todd Platts (R-Pa.) -- makes improvements to FOIA that have been long sought by the open government community. [Center for Democracy and Technology]

PATRIOT Act Apologist Site Didn't Get the Memo.

Fri, 16 Mar 2007 18:45:28 GMT

PATRIOT Act Apologist Site Didn't Get the Memo.

Last week, the Department of Justice Inspector General's office released a damning report documenting the FBI abusing its powers under the PATRIOT Act and violating the law to collect Americans' telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.

It appears that not everyone at the DOJ got the memo. The DOJ's Life and Liberty website, a site dedicated to defending the honor of the PATRIOT Act during the re-authorization process last spring, still reads as if nothing has changed. Particularly in the light of the newly revealed truth, many of the quotes now seem (at best) naive.

Under the headline of "Examining the Facts", the DOJ asserts that PATRIOT has "four-year track record with no verified civil liberties abuses." The site quotes an op-ed by former House Judiciary Committee Chairman James Sensenbrenner:

Zero. That's the number of substantiated USA PATRIOT Act civil liberties violations. Extensive congressional oversight found no violations. Six reports by the Justice Department's independent Inspector General, who is required to solicit and investigate any allegations of abuse, found no violations.

Wow, that sure sounds good. Unfortunately, the new report reveals that is is simply not true: the inspector general identifies dozens of instances in which extra-judicial demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations.

In the Archive section, the site includes quotes from an op-ed by Senator Pat Roberts responding to critics like ourselves:

I regret to say it, but the rhetoric of those opposed to permanently authorizing the act has no substance and borders on paranoia. Opponents have criticized the act for years but can cite only hypothetical abuses. Facts are stubborn things. The actual record is quite clear - there have been no substantiated allegations of abuse of Patriot Act authorities, period.

Critics could only point to hypothetical abuses because the fox was guarding the hen house. Senator Roberts also opined that:

Through aggressive congressional oversight, we know the FBI uses Patriot Act authorities within the law.

It's now clearer than ever that the oversight was not aggressive enough, with the report documenting that the FBI decieved Congress about its use of the letters. The report is likely only the tip of the iceberg. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable.

Tell Congress to defend your privacy now.

[EFF: Deep Links]

Democrats grill FCC about neutrality, surveillance, more.

Thu, 15 Mar 2007 19:24:37 GMT

Democrats grill FCC about neutrality, surveillance, more. Surveying the FCC's accomplishments in the three years since commissioners were last been required to make an account before a House oversight committee, some representatives question whether recent Republican supervision on such issues as emegency preparedness, NSA surveillance and Net neutrality wasn't somewhat lax [Computerworld Privacy News]

AP Wire | 03/15/2007 | Senate votes against ad inserts in vehicle registration renewal notices

Thu, 15 Mar 2007 19:22:18 GMT

JEFFERSON CITY, Mo. - Residents tired of getting junk ads in the mail could get a slight reprieve after action by the Senate on Wednesday night.

The Department of Revenue last year began sending out advertisements along with license plate renewal notices. The state contracted with a company to handle the printing of vehicle registration notices in exchange for the right to sell and insert commercial ads in the packets. Senate Transportation Committee chairman Bill Stouffer, R-Napton, said the decision saves the state about $750,000.

Missouri signed up partly because of the savings and partly in response to privacy concerns after it began mailing renewal notices on postcards in another budget-cutting move, the Revenue Department said at the time.

The Senate was debating a wide-ranging bill to change motor vehicle laws, and Sen. Tim Green, D-St. Louis, offered an amendment preventing the state from including ads in the vehicle renewal notices.

"The state has become a marketing agent," Green said. "It's just not the right of the state to use a requirement you have to fulfill to sell a product."

Chertoff: Security and privacy not at odds.

Thu, 15 Mar 2007 19:12:44 GMT

Chertoff: Security and privacy not at odds. Calling privacy groups "Luddites," DHS head Michael Chertoff defends the Real I.D. Act. He claims that the data-chipped drivers licenses, which will be linked to a numbers of databases around the country, will actually protect privacy Editor:And down is up, black is white, and I have a bridge I'd like to sell you.

[...]

The head of the Department of Homeland Security on Thursday downplayed privacy concerns raised by the government's efforts to create standardized, data-chipped drivers licenses across the country.

The same technology that makes information on identification cards more reliable can also protect privacy, DHS Secretary Michael Chertoff said during a speech to the Northern Virginia Technology Council. "It's my contention that properly used technology ... actually protects privacy," he said. "We should not allow folks to be captivated by the argument that every time we do something with a computer, it invades privacy."

Chertoff was referring to privacy concerns surrounding the Real ID Act, a law passed by Congress in 2005 that would require states to create machine-readable ID cards containing the name of the holder, the data of birth, a digital photograph and other information.

Privacy groups, including the Electronic Privacy Information Center (EPIC), have said that the DHS hasn't come up with rules on how the information on the cards should be protected. DHS has made only "vague" plans for card security and for restricting which state motor vehicle agency employees would have access to the information, EPIC says.

"On security and privacy standards for the card, state motor vehicle facilities, and the personal data and documents collected in state motor vehicle databases, DHS shows little interest," EPIC says on its Web site.

But Chertoff said those raising privacy concerns about the use of IT in the U.S. government's domestic security efforts create a false tension between security and privacy. "This kind of Luddite attitude ... is exactly wrong," he said. "Security and privacy are very much the same type of value. I don't think they're mutually exclusive, they're mutually reinforced."

Chertoff also talked about how DHS is using IT. Technology plays a part in nearly all the agency's efforts, including machines that read fingerprints at border crossings, databases that link law enforcement investigations and scanning technologies for containers coming into the U.S.

[Computerworld Privacy News]

ugc panel video from the State of the Net Conferece.

Thu, 15 Mar 2007 18:08:01 GMT

ugc panel video from the State of the Net Conferece.

Earlier this year, the Congressional Internet Caucus Advisory Committee held its always relevant State of the Net Conference 2007. One of the panels was on user generated content (or ugc), titled [base "]User-Generated Content - Can Copyright Tolerate Mixing & Mashing?.[per thou] Members of the panel included, Pam Samuelson, Rob Pegoraro, Jim DeLong, and Steven Starr.

It was a good discussion, and you can watch the video here (Real Video).

[Public Knowledge - Blogging, Events, and Action Alerts]

EU Working Towards RFID Standards.

Thu, 15 Mar 2007 17:57:25 GMT

EU Working Towards RFID Standards. European Commission has formed a RFID stakeholder group, says industry must pay attention to security and privacy issues. [PC World: Latest Technology News]

Honoring Sunshine Week. The Total Information Awareness project FOIA saga.

Wed, 14 Mar 2007 20:29:39 GMT

Honoring Sunshine Week. 27B tells the sad tale of requesting open records on the government's Total Information Awareness project. 44 months later, still no word. In 27B Stroke 6. [Wired News: Top Stories]

FBI Slips Demand Patriot Act Cuts.

Wed, 14 Mar 2007 20:25:02 GMT

FBI Slips Demand Patriot Act Cuts. A probe finds the bureau abused its expanded powers to obtain Americans' private records. Time to put the G-men on a shorter leash. Commentary by Jennifer Granick. [Wired News: Top Stories]

U.S. Spy Case Will Be Heard.

Wed, 14 Mar 2007 20:17:14 GMT

U.S. Spy Case Will Be Heard. A Northern California judge will hear arguments in the case of two American lawyers who say they can prove the U.S. spied on them without a warrant. The government says the case should never be heard. In 27B Stroke 6. [Wired News: Top Stories]

ID Fraud Manufacturing Ring Uncovered in Arizona.

Wed, 14 Mar 2007 20:00:48 GMT

ID Fraud Manufacturing Ring Uncovered in Arizona. Three month investigation of Arizona Homeland Security Fraudulent Identification Task Force (AFIT) uncovers one of the largest manufacturers of fraudulent identification in Southern Arizona. [GT: Security and Privacy]

Airport security targets the inside threat - CNN.com

Wed, 14 Mar 2007 19:58:40 GMT

TAMPA, Florida (CNN) -- The Transportation Security Administration carried out surprise inspections on workers at five airports in Florida and Puerto Rico on Monday, one week after a baggage handler in Orlando allegedly used his airport credentials to smuggle more than a dozen firearms into a commercial jetliner.

Some 160 TSA officers, backed by Federal Air Marshals and local police, searched airplanes for contraband, shined flashlights in airport vehicles and patted down contractor employees involved in airport security.

The five airports inspected were in Tampa, Orlando, Miami, Fort Lauderdale and San Juan, Puerto Rico.

The airport crackdown will continue through the week, spreading to other regions in the country as TSA increases random, unannounced searches targeting those who could misuse their access within the system.

"We realize the insider threat is a real threat, and we have to address it," said TSA spokesman Christopher White.

FCW.com News - Bill would protect information about students from recruiters

Wed, 14 Mar 2007 19:54:06 GMT

An amendment to the No Child Left Behind (NCLB) Act seeks to keep military recruiters from accessing secondary students' personal data by requiring parents to choose to share that information rather than having to opt out of sharing it.

Rep. Mike Honda (D-Calif.) introduced the legislation March 6. The Student Privacy Protection Act would require local school systems to obtain written consent before releasing information on secondary school students to military recruiters or their agents.

The measure will next be referred to the House Education and Labor Committee sometime during this session, said a spokesperson for Honda. That committee's chairman, Rep. George Miller (D-Calif.), is a co-sponsor of the bill.

Because of a provision in the NCLB, school districts are directed to give information about students to military recruiters unless parents explicitly request that their children's data remains private. Since the enacting of NCLB, secondary schools have been supplying the names, addresses and telephone numbers of students to recruiters sponsored by the military services.

However, schools often failed to make parents aware of the option to keep that information private, Honda said.

Dispute surfaces over certification for personal health records

Wed, 14 Mar 2007 19:51:04 GMT

n a rare instance of public dissent, an American Health Information Community AHIC) workgroup has split over whether to recommend that product certification be available for personal health record software.

AHIC, a high-level advisory committee to the Department of Health and Human Services, sided with the majority on its Consumer Empowerment Workgroup and voted unanimously in favor of the certification recommendation.

A minority -- five members of the 23-person workgroup -- took the position that certification would be premature and the top priority should be privacy and security policies for PHRs. "The risks [of certification now] outweigh any potential benefits," the dissenters said in a letter to AHIC.

The workgroup's task is to foster widespread adoption of PHRs. One of its leaders, Dr. Rose Marie Robertson, told AHIC that the group believes PHRs will be more widely used if consumers do not have to sit at a computer and enter all their health information. Instead, the PHRs could be populated by data from doctors, health plans, drug stores, or elsewhere.

SignOnSanDiego.com > Technology -- Official: Yahoo didn't violate laws in case of jailed journalist

Wed, 14 Mar 2007 19:43:01 GMT

HONG KONG - Investigators said Wednesday there was not enough evidence to show that Yahoo Inc.'s Hong Kong branch provided private information that helped convict a Chinese reporter accused of leaking state secrets.

The case raised questions about whether Internet companies should cooperate with governments that deny freedom of speech and frequently crack down on journalists.

Yahoo! Hong Kong Limited was accused of helping Chinese authorities by Hong Kong lawmaker Albert Ho, who filed a complaint last year with the city's privacy commissioner. Ho alleged the Internet company provided information that helped convict journalist Shi Tao, sentenced to 10 years in jail in 2005 on mainland China.

CDT Calls for Judicial Approval of National Security Letters.

Wed, 14 Mar 2007 19:35:59 GMT

CDT Calls for Judicial Approval of National Security Letters. CDT is calling on Congress to require judicial supervision of FBI requests for access to the sensitive records of US citizens to protect privacy and national security. Recent revelations regarding violations in the use of so-called "national security letters" have shown that no matter how many internal controls the FBI adopts, self-certification is not sufficient when the government is obtaining the sensitive financial and communications records of citizens. CDT believes Congress should reform the law and adopt a reasonable system of judicial checks and balances. [Center for Democracy and Technology]

OpenCongress

Wed, 14 Mar 2007 19:30:38 GMT

OpenCongress brings together official government data with news and blog coverage to give you the real story behind each bill.

Google Cooperating with Mumbai & Brazilian Police.

Wed, 14 Mar 2007 15:39:49 GMT

Google Cooperating with Mumbai & Brazilian Police.

Boing Boing has two good posts detailing how Google has been cooperating with Mumbai and Brazilian authorities to help censor content and track down offenders on their Orkut social networking service.

In the Mumbai case:

The Indian Express and other regional media are reporting that Google[base ']s social networking service Orkut will cooperate with the Mumbai Police to share IP addresses of users who post [base ']Äúobjectionable content[base ']Äù on Orkut. If reports are to be believed, the police need only email a complaint to Orkut, and Orkut will send back the personally identifying data, no questions asked.

The police are said to be targeting a number of [base "]problematic[per thou] Orkut posts, including items that criticize various public figures in India, others that glorify Indian mobsters, and [base "]anti-Indian words.[per thou] The latter probably has to do with a group on Orkut called [base "]I Hate India,[per thou] which pissed off Indian officials so much, they decided to sue Google over it last October.

And the Brazilian matter:

Google has designed a special Orkut admin tool for deleting or blocking illegal content, and given Brazilian police access to this tool. This means that if you[base ']re on Orkut and you say something that in Brazil could be considered illegal (such as celebrity gossip, Consumerist-style corporate bashing, mistreating animals), the Brazilian police can censor the community where this [base "]illegal[per thou] speech is seen.

Much more if you follow the links.

[michaelzimmer.org]

New US Computer Forensic Institute.

Tue, 13 Mar 2007 20:33:22 GMT

New US Computer Forensic Institute. Quincy writes "The DHS and Secret Service are setting up a new computer forensic institute in Alabama. Set to open in mid-2008, the new National Computer Forensic Institute will be able to train over 900 law enforcement officers per year. 'It will initially be staffed by 18 Secret Service agents and will feature classrooms, a forensic laboratory, an evidence vault, and server rooms. Courses will be offered in the investigation of electronic crimes, network intrusion investigation, and computer forensics... [T]he Secret Service says that it will help to bring judges and prosecutors up to speed as well.'" Maybe over time we'll see fewer botches of justice like those in the news recently [Slashdot: Your Rights Online]

Action Alert: Reform the PATRIOT Act and Stop the Abuse of Surveillance Powers!

Tue, 13 Mar 2007 20:28:38 GMT

Action Alert: Reform the PATRIOT Act and Stop the Abuse of Surveillance Powers!

The FBI has blatantly abused a key PATRIOT Act provision and knowingly violated the law to spy on Americans' telephone, Internet, and other personal records, as documented in a report recently released by the Justice Department. Congress must rein in this egregious behavior, but it can't stop there -- the Bush Administration's unprecedented pattern of disregarding the law stretches far beyond the examples in this report. Tell Congress to defend your privacy now.

Before PATRIOT, the FBI could use so-called National Security Letters only for securing the records of suspected terrorists or spies. But under PATRIOT the FBI can use them to get private records about anybody without any court approval as long as it believes the information could be relevant to an authorized terrorism or espionage investigation.

According to the Justice Department's Inspector General, the FBI's misuse of its authority included issuing NSLs to spy on people who weren't the subject of any existing investigation whatsoever. The FBI also lied to Congress and underreported its use of NSLs by many thousands. Worse still, the FBI has ignored its own lawyers' advice and intentionally evaded PATRIOT's thin bounds, improperly requesting and obtaining personal records through so-called "exigent letters" that Congress never authorized.

That's only a sampling of the horror story painted by the report, and, had Congress not ordered the Inspector General to review the FBI's activities last year, these abuses might have never been revealed. From the moment PATRIOT was passed, we said the NSL power was ripe for abuse and unconstitutional, and it's clearer than ever that Congress should repeal PATRIOT's expansion of NSL powers and reform the PATRIOT Act as a whole.

Moreover, Congress must broadly investigate the Administration's use of surveillance powers, including the NSA's massive and illegal domestic spying program. Congress and the American public have been kept in the dark about such clear violations of the law and Americans' privacy for far too long. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable.

Take action now.

[EFF: Deep Links]

FBI Data Demands Lack Adequate Checks and Balances.

Tue, 13 Mar 2007 20:08:45 GMT

FBI Data Demands Lack Adequate Checks and Balances. A report by the Department of Justice Inspector General finds numerous failures of internal processes for FBI issuance of so-called National Security Letters, which are used to compel disclosure of sensitive financial, credit and communications records. The rules limiting the circumstances under which NSLs can be issued were weakened by the PATRIOT Act. Tighter internal controls announced by DOJ and FBI in response to the IG report, while welcome, will not cure the NSLs' fundamental flaw: giving FBI agents power to compel disclosure of private information without judicial approval. [Center for Democracy and Technology]

CDT Opposes Bill Expanding Pentagon Domestic Data Mining.

Tue, 13 Mar 2007 20:07:21 GMT

CDT Opposes Bill Expanding Pentagon Domestic Data Mining. CDT and other civil liberties groups are urging Congress to reject legislation that would exempt the Department of Defense from a key provision of the Privacy Act. The little-noticed amendment, already included in the Senate version of the Intelligence Authorization Act, would permit government agencies to disclose information on US citizens to the Defense Department. Such language could pave the way for entire databases of information to be transferred to the Defense Department without a clear purpose -- in turn opening the door to greater data mining by military agencies. [Center for Democracy and Technology]

CDT Calls for Reform of National Security Letters.

Tue, 13 Mar 2007 20:04:02 GMT

CDT Calls for Reform of National Security Letters. CDT is calling on Congress to require judicial approval of FBI efforts to access the sensitive records of US citizens. Recent revelations regarding violations in the use of so-called "national security letters" have shown that no matter how many internal controls the FBI adopts, self-certification in not sufficient when the government is obtaining the sensitive financial and communications records of citizens. CDT believes Congress should reform the law and adopt a reasonable system of judicial checks and balances. [Center for Democracy and Technology]

Justice Department Report Reveals FBI Misused Patriot Act.

Tue, 13 Mar 2007 02:41:50 GMT

Justice Department Report Reveals FBI Misused Patriot Act. A Justice Department audit released Friday said that the FBI used the Patriot Act improperly and unlawfully to gain information about people in the United States. Two members of the House Judiciary Committee debate the audit's conclusions. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS]

Google Aids Indian Goverment Censorship.

Tue, 13 Mar 2007 02:36:33 GMT

Google Aids Indian Goverment Censorship. An anonymous reader writes "Google's Orkut has made a deal to provide IP addresses of posters of content deemed objectionable by Bombay police. They object, among others, to posts against certain Indian personalities, young women admiring Indian mobsters, and, amazingly, "anti-Indian words" (!)." [Slashdot]

Spying Too Secret for the Courts.

Tue, 13 Mar 2007 02:33:23 GMT

Spying Too Secret for the Courts. AT&T and the government tell an appeals court that the case against the telecom for allegedly helping the government spy on Americans is too secret for any court, despite the Administration's admission it did spy on Americans without warrants. [Wired News: Top Stories]

No Reprieve for Jailed Blogger.

Tue, 13 Mar 2007 02:16:01 GMT

No Reprieve for Jailed Blogger. An appeals court upholds an Egyptian man's four-year prison sentence for insulting Islam and the country's president. By the Associated Press. [Wired News: Top Stories]

Government Sites Fail FOIA Rules.

Tue, 13 Mar 2007 02:14:21 GMT

Government Sites Fail FOIA Rules. A study shows 79 percent of federal agencies are violating a Freedom of Information Act amendment requiring they post records online and help citizens request info over the internet. In 27B Stroke 6. Plus: States' secrecy penalties. [Wired News: Top Stories]

Congress Targets Pretexting.

Mon, 12 Mar 2007 20:22:56 GMT

Congress Targets Pretexting. Legislation would add protections against the practice of posing as another to gain personal data. [PC World: Latest Technology News]

Protect E-Voting ó Support H.R. 811.

Mon, 12 Mar 2007 20:20:32 GMT

Protect E-Voting [~] Support H.R. 811.

After a long fight, we have reached the point where a major e-voting reform bill has a chance to become U.S. law. I[base ']m referring to HR 811, sponsored by my Congressman, Rush Holt, and co-sponsored by many others. After reading the bill carefully, and discussing with students and colleagues the arguments of its supporters and critics, I am convinced that it is a very good bill that deserves our support.

The main provisions of the bill would require e-voting technologies to have a paper ballot that is (a) voter-verified, (b) privacy-preserving, and (c) durable. Paper ballots would be hand-recounted, and compared to the electronic count, at randomly-selected precincts after every election.

The most important decision in writing such a bill is which technologies should be categorically banned. The bill would allow (properly designed) optical scan systems, touch-screen systems with a suitable paper trail, and all-paper systems. Paperless touchscreens and lever machines would be banned.

Some activists have argued that the bill doesn[base ']t go far enough. A few say that all use of computers in voting should be banned. I think that[base ']s a mistake, because it sacrifices the security benefits computers can provide, if they[base ']re used well.

Others argue that touch-screen voting machines should be banned even if they have good paper trails. I think that goes too far. Touchscreens can be a useful part of a good voting system, if they[base ']re used in the right context and with a good paper trail. We shouldn[base ']t let the worst of today[base ']s insecure paperless touchscreens [~] machines that should never have been certified in the first place, and anyway would be banned by the Holt Bill for lacking a suitable paper ballot [~] sour us on the better uses of touchscreens that are possible.

One of the best parts of the bill is its random audit requirement, which selects 3% of precincts (or more in close races) at which the paper ballots will be hand counted and compared to the electronic records. This serves two useful purposes: detecting error or fraud that might have affected the election result, and providing a routine quality-control check on the vote-counting process. This part of the bill reflects a balance between the states[base '] freedom to run their own elections and the national interest in sound election management.

On the whole this is a good, strong bill. I support it, and I urge you to support it too.

Open Government Gets Its Week in the Sunshine.

Mon, 12 Mar 2007 20:04:59 GMT

Open Government Gets Its Week in the Sunshine.

This week is Sunshine Week - a gentle name for celebrating the serious business of uncovering secretive government practices. Taking its cue from the famous line by Justice Brandeis that "sunlight is ... the best of disinfectants", this year's Sunshine Week reflects on a year of continuing efforts to increase government visibility, and a renewed interest by the press, activists, and netizens in investigating its secrets.

Projects like our own Freedom of Information Act Lltigation for Accountable Government (FLAG) project have been working hard to use statutory tools like FOIA and the Privacy Act to uncover the misuse of technology by the state. Josh Richman's overview of FLAG's work in several of Sunday's papers highlights the work our Washington office does, from uncovering the edges of the warrantless wiretapping program, to probing the connections between the NSA and Windows Vista's development.

EFF's work monitoring Washington developments in the world of technology are helped by many other dedicated sites, like OpenCRS, which distributes the fascinating, but previously restricted, Congressional Research Service reports, and OpenSecrets, which can illustrate Washington connections that are otherwise obscure (want to know why Bill Frist was so keen on the Audio Flag? Inquire within.) Researchers at EPIC, coalition groups like Open The Government and the politicians behind H.R.1309, which seeks to update the FOIA laws to react faster to inquiries, help keep the tools of exposing government sharp and relevant.

Meanwhile, across the Net, hackers and activists have been working to extract, sift and re-present what information federal and state governments do provide in a way that ordinary citizens can use. There's now a wealth of sources to choose from, from the amazing work by the volunteer-run GovTrack.us, to the new OpenCongress that builds on GovTrack's database and more, to the many new APIs that can stitch all of this data together.

Each of this tools, like each of our organizations, builds on the others. This week, the Sunlight Foundation is sponsoring a $2000 prize for the best Web mash-up of Congressional information, as judged by EFF friends Esther Dyson, Jimmy Wales, and Craig Newmark. We look forward to seeing how far the sunlight breaks this year.

[EFF: Deep Links]

Lawmakers: Additional pretexting legislation needed.

Sun, 11 Mar 2007 17:33:48 GMT

Lawmakers: Additional pretexting legislation needed. Despite dismay from telecom firms and the Department of Justice, lawmakers on Capitol Hill appear ready to once again put their weight behind laws designed to crack down on pretexting. [Computerworld Privacy News]

Conn. lawmakers want MySpace, others to verify user ages.

Sun, 11 Mar 2007 17:32:38 GMT

Conn. lawmakers want MySpace, others to verify user ages. Connecticut lawmakers are pushing a bill that would require age verification rules for social networking sites and would allow parents more control over their children's pages. [Computerworld Privacy News]

UK official calls for international privacy standards.

Sun, 11 Mar 2007 17:31:25 GMT

UK official calls for international privacy standards. After a spate of disputes between the U.S. and the European Union over privacy safeguards, the U.K.'s information commissioner is calling for international harmonization of data-protection rules. [Computerworld Privacy News]

'Real ID' threatens everyone's privacy - Nashville, Tennessee

Sun, 11 Mar 2007 17:28:25 GMT

"We are, after all, for the first time in the history of a liberty-loving nation, creating a national identification card ... with all the ramifications of that. ... Real ID was stuffed into the supplemental appropriations bill for Hurricane Katrina and the troops in Iraq, so of course, we had to vote for the bill, but we had no chance to amend it -- no debate, no hearing, and no consideration of other alternatives, And now we impose on the states an $11 billion unfunded mandate. ... I would say we wouldn't be doing our job if we didn't stop and think about what we've done."

Sen. Lamar Alexander's recent comments about the Real ID Act echo the widespread bipartisan resistance to this new law.

In 2005, Congress passed the Real ID Act, a law that proposed a sea change in how states issue driver's licenses. In essence, the law would federalize all state departments of motor vehicles and turn our driver's licenses into national identity cards. The burdens of compliance are onerous and guarantee longer lines, higher fees and huge bureaucratic and financial nightmares for state government.

However, the real nightmare of Real ID is the law's assault on our privacy rights. The law mandates a central, interlinked database containing a wealth of personal information, including name, address, date of birth, biometric information and an assigned identification number. Over time, the database will inevitably become the repository for more and more of citizens' personal data and will be used for an ever-wider set of purposes, moving us closer to a surveillance society.

Utah court: Drug odor didn't justify search without warrant

Sun, 11 Mar 2007 17:24:33 GMT

SALT LAKE CITY -- The odor of burning marijuana didn't justify a search of a trailer without a warrant, the Utah Supreme Court said Friday.

Police officers broke through the door of a trailer in April 2003 because they believed the suspects were eliminating evidence by smoking it. The court, however, said there was no sign that Bernadette Duran knew authorities were around.

wcco.com - Senate Committee Approves 'PhotoCops'

Sun, 11 Mar 2007 17:21:18 GMT

(AP) St. Paul Amid a court fight over a Minneapolis's stop-on-red camera program, a Senate committee has approved legislation that would allow all Minnesota cities the power to put PhotoCops at intersections.

The Senate Transportation Committee voted 11 to 5 on Friday to move the bill along, but not without serious questions about its use as a revenue generating tool and its threat to privacy.

Minneapolis began the program to catch and ticket red-light runners, but it was halted by court actions questioning whether it overstepped state law. The Supreme Court is due to hear arguments in the case next week.

The bill permits cities to install cameras to record violators and mail out citations to the owners of the photographed vehicles.

Chertoff Defends New Computer Project

Sun, 11 Mar 2007 17:18:50 GMT

A new Homeland Security program aims to analyze existing, legally collected computer data, not gather new personal information on U.S. citizens, Secretary Michael Chertoff said Friday in defending the program from congressional critics.

The project, still in pilot stage, will help investigators understand evidence gathered through subpoenas but won't troll computers for new, private information, Chertoff said in an interview with The Associated Press.

'It's an experiment to see how you can better analyze data that you already have, that you've already legally collected, to see if you can understand it, sort it and make use of it more readily than simply doing it manually,' Chertoff said.

Called ADVISE _ for Analysis, Dissemination, Visualization, Insight and Semantic Enhancement _ the program can be used to find 'relationships or patterns' from information including financial and telephone records, he said.

The dangers of DNA testing

Sun, 11 Mar 2007 17:15:40 GMT

DNA testing is in the news a lot these days, and not solely because of the saga of Anna Nicole Smith, whose burial was delayed amid a legal tussle over the paternity of her 5-month-old daughter, Daniellyn.

The growing success in obtaining convictions by genetic matching (since the O.J. Simpson trial anyway) has made it the preferred identification technology for law enforcement, as well as by other federal agencies. The U.S. military requires every serviceman to give blood for future DNA analysis, presumably for body identification.

States are among the most aggressive users of DNA testing. The New Jersey Supreme Court recently upheld a Garden State law requiring DNA testing of all felons, with the results maintained in a state database and submitted to the FBI.

Other states that have initiated extensive DNA collection policies include Virginia and Arizona -- the latter tests, collects, and stores the results not only from convicted felons but also from most people who are simply arrested for a felony. Florida is now considering collecting DNA from everyone convicted of a felony, as well as from those found guilty of certain misdemeanors.

Municipalities are climbing onto the DNA testing bandwagon, too. A blood bank in Seattle has begun collecting and analyzing DNA from donated blood without obtaining explicit permission, although donors may opt out. The program is funded by the U.S. military. To protect the privacy of donors, the Puget Sound blood bank labels the samples with codes instead of printed names. For the record, that's not a very secure strategy.

Race Traces

A little-noticed provision in the recently passed Violence Against Women Act may soon trigger the largest sweep of DNA information in this country. The Justice Dept. plans to collect DNA from anyone arrested or detained by federal agents. This will, by definition, include all illegal immigrants.

The increasingly widespread use of DNA testing opens a Pandora's Box of privacy issues. Technicians can extrapolate information about a person from the sample of their brother or son. In Houston last year, a man's conviction of rape was partially based on DNA evidence collected from his twin brother.

And the process isn't without its bizarre anomalies. For example, people who have received bone-marrow transplants can in certain cases match the DNA of a donor.

courant.com | Internet Safety Is Goal Of Bill

Sun, 11 Mar 2007 17:08:47 GMT

Popular Internet social-networking sites like MySpace and Facebook would have to verify users' ages and get parental permission before minors could post profiles under a proposed law pending in the General Assembly.

Connecticut would become a national leader in protecting minors on the Internet if it adopts the tighter age restrictions, state Attorney General Richard Blumenthal said.

The bill cleared its first major hurdle Thursday when it won unanimous approval from the legislature's general law committee.

The intent of the bill is clear. Unclear is what form parental permission would take and what would prevent youths from faking permission.

Connecticut Wants to Restrict Social Networking.

Sun, 11 Mar 2007 17:06:21 GMT

Connecticut Wants to Restrict Social Networking. csefft writes "According to the Hartford Courant, Connecticut became the latest state to want to restrict the use of MySpace and other social networking sites. The proposed bill would require that all such sites verify the identity and age of users, as well as get parent's permission for those under 18. Sites that failed to comply would be subject to a $5,000 per day fine. Attorney General Richard Blumenthal said of the proposition, 'If we can put a man on the moon, we can verify age on the Internet,' but quickly followed with the acknowledgment that there is no foolproof method." [Slashdot: Your Rights Online]

Don't like ID cards? Hand over your passport | the Daily Mail

Sun, 11 Mar 2007 16:56:16 GMT

Anybody who objects to their personal details going on the new "Big Brother" ID cards database will be banned from having a passport.

James Hall, the official in charge of the supposedly-voluntary scheme, said the Government would allow people to opt out - but in return they must "forgo the ability" to have a travel document.

With one in every eight people saying they will refuse to sign-up, up to five million adults could effectively be refused permission to leave the country.

Campaigners reacted to Mr Hall's remarks with fury, saying they were yet more evidence of the lurch towards "Big Brother" Britain.

Phil Booth, of the NO2ID group, said: "The idea that ID cards scheme is voluntary, and people can opt-out, is a joke.

"There are all sorts of reasons why people need to travel, not just for holidays. There is work, visiting relatives.

"What are these people supposed to do? It stretches the definition of voluntary beyond breaking point. They will go to any length to get personal information for this huge database. Who knows what will happen to it then?"

No Passport For Britons Refusing Mass Surveillance.

Sun, 11 Mar 2007 16:52:17 GMT

No Passport For Britons Refusing Mass Surveillance. UpnAtom writes "People who refuse to give up their bank records, tax records & details of any benefits they've claimed, and the records of their car movements for the last year, or refuse to submit to an interrogation on whether they are the same person that this mountain of data belongs to -- will be denied passports from March 26th. The Blair government has already admitted that this and other data will be cross-linked so that the Home Office and other officials can spy on the everyday lives of innocent Britons. Britons were already the most spied upon nation in Western Europe -- more so even than Sweden. Data-mining through this unprecedented level of mass-surveillance allows any future British government to leapfrog even countries like China and North Korea." [Slashdot: Your Rights Online]

Big Brother State - An animated short about public surveillance by David Scharf

Sun, 11 Mar 2007 03:06:35 GMT

please also download using Bit Torrent:
(Xvid Version, ca. 50 MB, 768 px x 432 px) ---> CLICK HERE
(Big FLV Version, 55 MB, 768 px x 432 px, use FLV Player to view) ---> CLICK HERE

Check the Internet Archive for other resolutions and formats: CLICK HERE

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

Sun, 11 Mar 2007 02:52:46 GMT

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

EFF is calling for Congress to hold aggressive hearings on the FBI's domestic intelligence authority after the release of a Justice Department report [PDF] showing the Bureau abusing its power to collect telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.

Sen. Patrick J. Leahy, D-Vermont, has said the Senate Judiciary Committee will hold hearings into the report's findings. But the widespread abuse detailed in the report requires more than just a cursory examination.

"The Bureau's misuse of its intelligence authority is an ongoing critical problem," said EFF Staff Attorney Marcia Hofmann. "Congress must use its investigative power to find out what's really going on at the FBI -- and then rein in the Bureau's investigative authority to where is was before the USA PATRIOT Act."

In the report, the Justice Department's inspector general identifies four dozen instances in which demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. The report also found that the Bureau lied to Congress about its use of the letters.

The FBI has had limited authority to issue National Security Letters for many years. However, a controversial provision of the PATRIOT Act greatly expanded the Bureau's ability to use them to gather information about anyone, as long as the agency believes the information could be relevant to a terrorism or espionage investigation.

Today's report follows the inspector general's findings last year that the Bureau had disclosed more than 100 instances of possible intelligence misconduct to the Intelligence Oversight Board in the preceding two years, a number of which were "significant."

In 2005, EFF argued in a friend of the court brief that the FBI's "unfettered authority" to issue National Security Letters "is ripe for abuse." The danger of such abuse has now been documented.

"This is not simply about errors in 'oversight,'" said EFF Senior Staff Attorney Lee Tien. "This is about disregard for the law. For example, FBI terrorism investigators ignored their own lawyers' advice to stop using so-called 'exigent' letters for about two years."

For more information, read the full report from the Justice Department, as well as this brief description of National Security Letters .

[EFF: Deep Links]

Justice Department Says F.B.I. Misused Patriot Act.

Sun, 11 Mar 2007 02:49:18 GMT

Justice Department Says F.B.I. Misused Patriot Act.

In what should not come as that big of a surprise, AP reports:

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

[sigma]The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances.

[sigma]Fine[base ']s annual review is required by Congress, over the objections of the Bush administration.

The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.

In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.

Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI[base ']s database, the audit found.

[sigma]The FBI also used so-called [OE][base ']exigent letters,'[base '] signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

[OE][base ']In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent,'[base '] the audit concluded.

Unbelievable. The full 199-page report can be downloaded here (PDF). And more coverage is available at Boing Boing and 27B Stroke 6.

[michaelzimmer.org]

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Sun, 11 Mar 2007 02:43:18 GMT

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Greetings. The release of a new report detailing massive FBI abuses of the PATRIOT Act (particularly in regard to National Security Letters), now confirms concerns that I and others have been long expressing about the potential abuse of retained Internet and other data, e.g.:

Sounding the Alarm on Government-Mandated Data Retention

An Open Letter to Google: Concepts for a Google Privacy Initiative

Broad abuses of retained data are now demonstrated to be real, not theoretical, as described in this Washington Post story.

We don't yet really know the full extent of these violations, but what has already been revealed is bad enough as a starting point.

I hope that these events will not only trigger considerable soul-searching by those firms who voluntarily retain user activity data, but also cause a renewed recognition of how broad mandated data retention can facilitate, and inevitably will facilitate, such abuses in the future.

--Lauren--

[Lauren Weinstein's Blog]

Justice: FBI misused Patriot Act powers - Yahoo! News

Fri, 09 Mar 2007 20:34:53 GMT

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

Attorney General Alberto Gonzales, who oversees the FBI, described the problems cited in the report as unacceptable and left open the possibility of criminal charges. He ordered further investigation.

"Once we get that information, we'll be in a better position to assess what kinds of steps should be taken," Gonzales told reporters following a speech to privacy officials.

[...]

The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.

In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.

"To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales told the privacy officials. "Failure to adequately protect information privacy simply is a failure to do our jobs."

Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI -- and perhaps limit its power.

"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy (news, bio, voting record), D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."

The committee's top Republican, Pennsylvania Sen. Arlen Specter (news, bio, voting record), said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."

Sen. Russ Feingold (news, bio, voting record), D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.

Audit Finds FBI Abused Patriot Act.

Fri, 09 Mar 2007 20:27:43 GMT

Audit Finds FBI Abused Patriot Act. happyslayer writes to mention that according to Yahoo! News a recent audit shows that the FBI has improperly and in some cases illegally utilized the Patriot Act to obtain information. "The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances. The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct. Still, 'we believe the improper or illegal uses we found involve serious misuses of national security letter authorities,' the audit concludes." [Slashdot]

The Local - Olofsson claims Sweden has tapped phones 'for decades'

Fri, 09 Mar 2007 20:23:29 GMT

Deputy prime minister Maud Olofsson has added a new twist to Sweden's divisive surveillance debate. The Centre Party leader claims that defence minister Mikael Odenberg's proposed legislation would merely codify practices that have already been in operation for decades.

Previously, at a time when all telecommunications were state-operated, Sweden's National Defence Radio Establishment (FÃ¶rsvarets Radioanstalt - FRA) regularly tapped telephone lines in and out of the country, says Olofsson.

The Local - 'Big brother' surveillance makes waves in Sweden

Fri, 09 Mar 2007 20:21:39 GMT

A far-reaching wiretapping programme proposed by Sweden's government to defend against foreign threats, including monitoring emails and telephone calls, has stirred up a fiery debate in the past few weeks, with critics decrying the creation of a "big brother" state.

The new legislation, to be presented to parliament on Thursday, would enable the National Defence Radio Establishment (FRA) to tap all Internet and telephone communication in and out of Sweden.

Sweden Admits Tapping Citizens' Phones for Decades.

Fri, 09 Mar 2007 20:18:28 GMT

Sweden Admits Tapping Citizens' Phones for Decades. paulraps writes "Sweden is close to implementing new surveillance legislation that will include the monitoring of emails, telephone calls and keyword searches using advanced pattern analysis. The objective is to detect 'threats such as terrorism, IT attacks or the spread of weapons of mass destruction' but the proposals have divided the country. In a misguided attempt to put people at ease, the government admitted that Sweden has been tapping its citizens' phones for decades anyway." [Slashdot: Your Rights Online]

FTC Finalizes Landmark Adware Settlement.

Fri, 09 Mar 2007 20:08:24 GMT

FTC Finalizes Landmark Adware Settlement. The Federal Trade Commission today finalized its landmark settlement requiring adware distributor Zango Inc. (formerly 180solutions) to hand over $3 million and change some of its most egregious practices. The settlement bars Zango from contacting the computers of people who installed Zango software before Jan. 1, 2006. After the proposed settlement was announced in November 2006, CDT submitted recommendations to the FTC highlighting the challenges that will come with enforcing it. In a letter to CDT, the FTC today acknowledged that it would need to remain vigilant to ensure that Zango abides by the terms of the settlement. The commission also urged CDT to pass along any evidence of future offenses by Zango stemming from CDT's ongoing forensics work in the adware/spyware arena. [Center for Democracy and Technology]

The Blotter(ABC NEWS) - Exclusive: Report Says FBI Violated Patriot Act Guidelines

Fri, 09 Mar 2007 17:02:02 GMT

The FBI repeatedly failed to follow the strict guidelines of the Patriot Act when its agents took advantage of a new provision allowing the FBI to obtain phone and financial records without a court order, according to a report to be made public Friday by the Justice Department's Inspector General.

The report, in classified and unclassified versions, remains closely held, but Washington officials who have seen it tell ABC News it documents "numerous lapses" and describe it as "scathing" and "not a pretty picture for the FBI."

FBI Director Robert Mueller is scheduled to brief Congress on the report at noon.

The officials say the inspector general found the FBI underreported by at least 20 percent the use of the controversial provision, known as National Security Letters, NSLs, in required disclosures to Congress.

The Patriot Act gave FBI agents the ability to demand telephone, bank, credit card and library records by issuing an administrative letter, bypassing the need to seek a warrant from a federal judge.

Pine Bluff - Scaled-back version of drug database passes Senate

Fri, 09 Mar 2007 16:33:58 GMT

LITTLE ROCK - Scaling back the scope of a statewide database to monitor some prescription drug purchases gained Senate approval of the measure Thursday. The bill's sponsor said the amendments were intended to address concerns about patient privacy.

[...]

By a 20-7 vote, the Senate approved a bill by Sen. Denny Altes, R-Fort Smith, that would allow the state Board of Pharmacy to establish standards for setting up the database on drug purchases. The database would track schedule II and schedule III narcotics, such as morphine or OxyContin.

"I think we've amended this about six times now," Altes said before the vote. "I think these changes should address all the concerns that were raised."

Altes originally called for a database to track virtually all prescription drug purchases in the state. The measure passed by the Senate allows the Board of Pharmacy to set the criteria for the information to be tracked by the database.

Sen. Jim Argue, D-Little Rock, said he still believed the database could be subject to abuse and could harm the privacy of some patients.

"There is no evidence that a database like this works, but there is evidence that databases like this could be violated," Argue said.

Homeland Security Tests Snoop Computer System.

Fri, 09 Mar 2007 16:23:56 GMT

Homeland Security Tests Snoop Computer System. Parallax Blue writes "The Washington Times reports that Homeland Security has developed and is testing a new computer system called ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) that collects and analyzes personal information on US citizens. Relevant data 'can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.' The program apparently uses the same process as the Pentagon's Total Information Awareness project, which was aborted in 2003 due to privacy concerns."

[Slashdot: Your Rights Online]

Video: the New Kid for the Block.

Fri, 09 Mar 2007 16:13:14 GMT

Video: the New Kid for the Block.

It looks like video sites are the new flashpoint in the battle against free speech online. Perhaps it is that many states control television broadcasts far more tightly than they control the press. Judges across the world clearly think they understand how to censor television - and are surprised when their attempts to do the same to video online don't work as effectively.

In January it was Brazilian judges who found themselves caught in a hailstorm of criticism when attempting to prevent all Brazilians from downloading a salacious video of a Brazilian celebrity. When the only method of obeying the order at local ISP's disposal was blocking all of YouTube from Brazil, Brazilian net users rose up and complained. The decision was overturned three days later.

This week, it was Turkey, whose Istanbul First Criminal Court ordered Turk Telekom to redirect its users away from YouTube to prevent them seeing a video that poured scorn on Turkey and the country's founder, Mustafa Kemal Ataturk.

As in so many cases of government internet censorship, Turkey's reaction has affected the free speech rights of thousands of innocent parties, and done nothing to stop what they want to stop. The growing legions of Turkish net users were denied access to tools to share their own stories, while anti-Ataturk commentary still exists on YouTube and elsewhere. Meanwhile, nationalists inside Turkey found themselves unable to post their own responses to the video, meaning that the ratio of Turkey critics and supporters on YouTube no doubt lurched towards the critics. Those who agreed with the judges that this video was outrageous found themselves as effectively silenced as the video's maker. As one of the four college students who bravely petitioned the court Thursday, Kursat Cetinkoz, said:

"Banning access to the Website does not punish those who did that (posted the videos) but the citizens of the Turkish Republic."

It looks as if the court will now restore access now that the one video has been removed. To YouTube's credit, the company did not remove the video itself. Then again, it didn't have to: the original user appears to have deleted it from his or her account.

The reaction in Turkey, and fear of discovery and retribution by the creator may have played its part in that personal decision. For free speech online to grow, we need to have not only network operators that cannot be intimidated, but we also need safety through anonymity for speakers. Tor, and services like it, work for both viewers and writers. With Tor and other anti-censorship programs, bypassing the court's censorship was straightforward - and publishing via anonymizers helps give intimated speakers the confidence to stand their ground.

[EFF: Deep Links]

Crash-Testing a Killer Bot.

Fri, 09 Mar 2007 04:57:23 GMT

Crash-Testing a Killer Bot. Israel rolls out a tiny, Uzi-toting robot. But what happens when the armed equivalent of the Blue Screen of Death occurs? In Danger Room. In Danger Room. [Wired News: Top Stories]

Sweden: Monitor Communications.

Fri, 09 Mar 2007 04:35:34 GMT

Sweden: Monitor Communications. A Swedish government security plan would allow a defense intelligence agency to monitor -- without a court order -- e-mail traffic and phone calls crossing the nation's borders. By the Associated Press. [Wired News: Top Stories]

Homeland Security revives supersnoop - The Washington Times

Thu, 08 Mar 2007 23:21:29 GMT

Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.

The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations.

A Government Accountability Office (GAO) investigation of the project called ADVISE -- Analysis, Dissemination, Visualization, Insight and Semantic Enhancement -- was requested by Rep. David R. Obey, Wisconsin Democrat and chairman of the House Appropriations Committee.

The investigation focuses on whether the program violates privacy laws, and the findings will be released after completion of the Iraq war supplemental spending bill, possibly as early as this week, a panel aide said.

The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior.

Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.

Privacy concerns prompted lawmakers on both sides of the aisle to introduce legislation in January to require that government agencies disclose data-mining practices in regular reports to Congress.

"A serious discussion on the implications of data-mining programs is long overdue," Sen. Russ Feingold, Wisconsin Democrat and a sponsor of the bill, said yesterday. Sen. John E. Sununu, New Hampshire Republican, is also a bill sponsor.

Freedom of Information Act Amendments of 2007.

Thu, 08 Mar 2007 23:12:24 GMT

Freedom of Information Act Amendments of 2007. Includes reporting requirements for the DHS. [GT: Security and Privacy]

FCW.com News - Census Bureau accidentally exposes personal data

Thu, 08 Mar 2007 23:04:50 GMT

The Census Bureau accidentally posted personal information on 302 households on a public server several times since October 2006, officials said.

The personal information, including names, addresses, phone numbers, birthdates, family income ranges and other demographic data, was contained in a file that was placed on a public server for the purposes of testing new software applications. The file included about 250 fake accounts in addition to the real information. The bureau found out about the mistake when it found the file on the server in mid-February.

C-SPAN Adopts Creative Commons-Style License.

Thu, 08 Mar 2007 22:59:33 GMT

C-SPAN Adopts Creative Commons-Style License. Trillian_1138 writes "C-SPAN, a network in the US dedicated to airing governmental proceedings, has adopted a Creative Commons-style license for all its content. This follows the network claiming Speaker of the House Pelosi's use of C-Span videos on her site violated their copyright. Specifically, 'C-SPAN is introducing a liberalized copyright policy for current, future, and past coverage of any official events sponsored by Congress and any federal agency -- about half of all programming offered on the C-SPAN television networks -- which will allow non-commercial copying, sharing, and posting of C-SPAN video on the Internet, with attribution.' Here is the press release. The question remains whether videos of governmental proceedings should be public domain by default or whether the attribution requirement is reasonable in the face of easy video copying and distribution." [Slashdot: Your Rights Online]

SEC Suspends Trading for 35 Companies Due to Spam.

Thu, 08 Mar 2007 22:46:03 GMT

SEC Suspends Trading for 35 Companies Due to Spam. The U.S. Securities and Exchange Commission says the companies allegedly benefited from spam e-mail campaigns to hype their stocks. [PC World: Latest Technology News]

Vishing: Dialing for Dollars, Part II.

Thu, 08 Mar 2007 22:41:03 GMT

Vishing: Dialing for Dollars, Part II.

Security Fix received a copy of a new scam e-mail targeting Bank of America customers that is likely to con quite a few folks before it is shut down.

Sure, Bank of America is hit by this sort of thing all the time. It's the fourth most popular target for "phishing" scams that use e-mail to lure people into giving away their data at counterfeit sites, according to stats just released by PhishTank. But this is one of the more convincing voice phishing or "vishing" attacks I've seen yet.

Vishing scams start with an e-mail lure that asks the recipient to call a specific 1-800 number to settle some matter with his or her account. The numbers usually are connected to an automated system that asks the caller to key in data from a credit card -- the 16-digit account number, the expiration date and the three-digit security code on the back.

This new Bank of America scam has the same elements, but its execution is nearly flawless (unlike the majority of previous vishing scams Security Fix has seen, which either bungle the voice mail system or use a lure full of poor spelling and grammar). It informs the recipient that his account has been suspended because it was used to purchase "obscene or certain sexually oriented goods or services." From the e-mail:

"We are hereby notifying you that, after a recent review of your account activity, it has been determined that you are in violation of Bank of America's Acceptable Use Policy. Therefore, your account has been temporarily limited for: hotjasmin.com cam shows. In order to remove the limit please call our TOLL FREE number [omitted]." That domain is registered to a guy in the Netherlands, but it's currently inactive.

I recorded a short snippet of the first 45 seconds or so of the automated phone message used in this attack. If the you enter the requested information, the voice then asks for your bank PIN: "Bank of America asks for your PIN in order to verify your identity. This also enables us to assist federal authorities in order to prevent money laundering and other illegal activities."

Generally, it's a good idea not to even dial these bogus 1-800 numbers, as you're essentially giving the scammers your phone number, a key piece of your personal data. It's also a good idea to be very suspicious of e-mails that ask you to call any number. When in doubt, open up a browser Window and find the official Web site of your financial institution, then look up the customer-service number listed there.

[Security Fix]