Paul Hardwick: Privacy

Honoring Sunshine Week. The Total Information Awareness project FOIA saga.

Wed, 14 Mar 2007 20:29:39 GMT

Honoring Sunshine Week. 27B tells the sad tale of requesting open records on the government's Total Information Awareness project. 44 months later, still no word. In 27B Stroke 6. [Wired News: Top Stories]

FBI Slips Demand Patriot Act Cuts.

Wed, 14 Mar 2007 20:25:02 GMT

FBI Slips Demand Patriot Act Cuts. A probe finds the bureau abused its expanded powers to obtain Americans' private records. Time to put the G-men on a shorter leash. Commentary by Jennifer Granick. [Wired News: Top Stories]

U.S. Spy Case Will Be Heard.

Wed, 14 Mar 2007 20:17:14 GMT

U.S. Spy Case Will Be Heard. A Northern California judge will hear arguments in the case of two American lawyers who say they can prove the U.S. spied on them without a warrant. The government says the case should never be heard. In 27B Stroke 6. [Wired News: Top Stories]

Sun CSO: Endless Internet Growth Keeps Security on Back Burner.

Wed, 14 Mar 2007 20:07:25 GMT

Sun CSO: Endless Internet Growth Keeps Security on Back Burner. Q&A: Whitfield Diffie, chief security officer at Sun and co-inventor of public-key cryptography, talks about the state of computer security and Microsoft[base ']s role in it. [Computerworld Privacy News]

ID Fraud Manufacturing Ring Uncovered in Arizona.

Wed, 14 Mar 2007 20:00:48 GMT

ID Fraud Manufacturing Ring Uncovered in Arizona. Three month investigation of Arizona Homeland Security Fraudulent Identification Task Force (AFIT) uncovers one of the largest manufacturers of fraudulent identification in Southern Arizona. [GT: Security and Privacy]

Latest ID-Theft Worry? Copiers.

Wed, 14 Mar 2007 19:55:53 GMT

Latest ID-Theft Worry? Copiers. Digital photocopiers use hard drives to store data. If not properly secured, they can be vulnerable to data thieves. By the Associated Press. [Wired News: Security Blanket]

FCW.com News - Bill would protect information about students from recruiters

Wed, 14 Mar 2007 19:54:06 GMT

An amendment to the No Child Left Behind (NCLB) Act seeks to keep military recruiters from accessing secondary students' personal data by requiring parents to choose to share that information rather than having to opt out of sharing it.

Rep. Mike Honda (D-Calif.) introduced the legislation March 6. The Student Privacy Protection Act would require local school systems to obtain written consent before releasing information on secondary school students to military recruiters or their agents.

The measure will next be referred to the House Education and Labor Committee sometime during this session, said a spokesperson for Honda. That committee's chairman, Rep. George Miller (D-Calif.), is a co-sponsor of the bill.

Because of a provision in the NCLB, school districts are directed to give information about students to military recruiters unless parents explicitly request that their children's data remains private. Since the enacting of NCLB, secondary schools have been supplying the names, addresses and telephone numbers of students to recruiters sponsored by the military services.

However, schools often failed to make parents aware of the option to keep that information private, Honda said.

Dispute surfaces over certification for personal health records

Wed, 14 Mar 2007 19:51:04 GMT

n a rare instance of public dissent, an American Health Information Community AHIC) workgroup has split over whether to recommend that product certification be available for personal health record software.

AHIC, a high-level advisory committee to the Department of Health and Human Services, sided with the majority on its Consumer Empowerment Workgroup and voted unanimously in favor of the certification recommendation.

A minority -- five members of the 23-person workgroup -- took the position that certification would be premature and the top priority should be privacy and security policies for PHRs. "The risks [of certification now] outweigh any potential benefits," the dissenters said in a letter to AHIC.

The workgroup's task is to foster widespread adoption of PHRs. One of its leaders, Dr. Rose Marie Robertson, told AHIC that the group believes PHRs will be more widely used if consumers do not have to sit at a computer and enter all their health information. Instead, the PHRs could be populated by data from doctors, health plans, drug stores, or elsewhere.

Medical data on Blue Cross members may be lost | CNET News.com

Wed, 14 Mar 2007 19:45:41 GMT

WellPoint, one of the nation's largest health insurers, has begun notifying 75,000 members of its Empire Blue Cross and Blue Shield unit in New York that a CD holding their vital medical and other personal information has disappeared.

The information was on an unencrypted disc that a subcontractor recently sent to Magellan Behavioral Services, a company in Avon, Conn., that specializes in monitoring and coordinating mental health and substance abuse treatments for insurance companies.

Empire began notifying the affected consumers by mail on Saturday that their records--including their names, Social Security numbers, health plan identification numbers and description of medical services back to 2003--had been lost.

[...]

Before shipping the information to Magellan, the coding and passwords that protect the privacy of the information was removed by a Magellan subcontractor, Lisa Ann Greiner, an Empire spokeswoman, said Tuesday.

Janlori Goldman, the director of the Health Privacy Center, a nonprofit organization in Washington, said the error was an "egregious breach of privacy." She said that insurance companies were responsible under a federal privacy law for ensuring that their contractors use adequate security procedures.

Greiner said that the subcontractor, Health Data Management Services, worked for Magellan, not Empire. "If any contract was breached, we are going to take direct action," she said.

SignOnSanDiego.com > Technology -- Official: Yahoo didn't violate laws in case of jailed journalist

Wed, 14 Mar 2007 19:43:01 GMT

HONG KONG - Investigators said Wednesday there was not enough evidence to show that Yahoo Inc.'s Hong Kong branch provided private information that helped convict a Chinese reporter accused of leaking state secrets.

The case raised questions about whether Internet companies should cooperate with governments that deny freedom of speech and frequently crack down on journalists.

Yahoo! Hong Kong Limited was accused of helping Chinese authorities by Hong Kong lawmaker Albert Ho, who filed a complaint last year with the city's privacy commissioner. Ho alleged the Internet company provided information that helped convict journalist Shi Tao, sentenced to 10 years in jail in 2005 on mainland China.

Photocopiers: The newest ID theft threat.

Wed, 14 Mar 2007 19:40:11 GMT

Photocopiers: The newest ID theft threat. Photocopiers made in recent years often have hard drives that store what's been duplicated -- making them a potential target for identity thieves. [Computerworld Privacy News]

CDT Calls for Judicial Approval of National Security Letters.

Wed, 14 Mar 2007 19:35:59 GMT

CDT Calls for Judicial Approval of National Security Letters. CDT is calling on Congress to require judicial supervision of FBI requests for access to the sensitive records of US citizens to protect privacy and national security. Recent revelations regarding violations in the use of so-called "national security letters" have shown that no matter how many internal controls the FBI adopts, self-certification is not sufficient when the government is obtaining the sensitive financial and communications records of citizens. CDT believes Congress should reform the law and adopt a reasonable system of judicial checks and balances. [Center for Democracy and Technology]

DMCA Abuser Apologizes for Takedown Campaign.

Wed, 14 Mar 2007 19:33:48 GMT

DMCA Abuser Apologizes for Takedown Campaign.

Michael Crook Agrees to Stop Attacks on Free Speech

San Francisco - Michael Crook, the man behind a string of meritless online copyright complaints, has agreed to withdraw those complaints, take a copyright law course, and apologize for interfering with the free speech rights of his targets.

The agreement settles a lawsuit against Crook filed by the Electronic Frontier Foundation (EFF) on behalf of Jeff Diehl, the editor of the Internet magazine 10 Zen Monkeys. Diehl was forced to modify an article posted about Crook's behavior in a fake sex-ad scheme after Crook sent baseless Digital Millennium Copyright Act (DMCA) takedown notices, claiming to be the copyright holder of an image used in the story. In fact, the image was from a Fox News program and legally used as part of commentary on Crook. But Crook repeated his claims and then attempted to use the same process to get the image removed from other websites reporting on his takedown campaign.

"Crook's legal threats interfered with legitimate debate about his controversial online behavior," said EFF Staff Attorney Jason Schultz. "Public figures must not be allowed to use bogus copyright claims to squelch speech."

In addition to withdrawing current complaints against Diehl and every other target of his takedown campaign and taking a copyright law course, Crook has also agreed to limit any future DMCA notices to works authored or photographed by himself or his wife, or where the copyright was specifically assigned to him. All future notices must also include a link to EFF information on his case, as well as the settlement agreement. Crook has also recorded a video statement to apologize and publicize the dangers of abusing copyright law.

"We're pleased that Crook has taken responsibility for his egregious behavior," said EFF Staff Attorney Corynne McSherry. "Hopefully, this will set a precedent to prevent future abuse of the law by those who dislike online news-reporting and criticism."

The settlement with Michael Crook is part of EFF's ongoing campaign to protect online free speech from the chilling effects of bogus intellectual property claims. EFF recently filed suit against the man who claims to have created the popular line dance "The Electric Slide" for misusing copyright law to remove an online documentary video that included footage of people trying to do the dance.

For the video statement from Michael Crook:
http://blip.tv/file/169553

For more on Diehl v. Crook:
http://www.eff.org/legal/cases/diehl_v_crook/

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

[EFF: Breaking News]

Google Cooperating with Mumbai & Brazilian Police.

Wed, 14 Mar 2007 15:39:49 GMT

Google Cooperating with Mumbai & Brazilian Police.

Boing Boing has two good posts detailing how Google has been cooperating with Mumbai and Brazilian authorities to help censor content and track down offenders on their Orkut social networking service.

In the Mumbai case:

The Indian Express and other regional media are reporting that Google[base ']s social networking service Orkut will cooperate with the Mumbai Police to share IP addresses of users who post [base ']Äúobjectionable content[base ']Äù on Orkut. If reports are to be believed, the police need only email a complaint to Orkut, and Orkut will send back the personally identifying data, no questions asked.

The police are said to be targeting a number of [base "]problematic[per thou] Orkut posts, including items that criticize various public figures in India, others that glorify Indian mobsters, and [base "]anti-Indian words.[per thou] The latter probably has to do with a group on Orkut called [base "]I Hate India,[per thou] which pissed off Indian officials so much, they decided to sue Google over it last October.

And the Brazilian matter:

Google has designed a special Orkut admin tool for deleting or blocking illegal content, and given Brazilian police access to this tool. This means that if you[base ']re on Orkut and you say something that in Brazil could be considered illegal (such as celebrity gossip, Consumerist-style corporate bashing, mistreating animals), the Brazilian police can censor the community where this [base "]illegal[per thou] speech is seen.

Much more if you follow the links.

[michaelzimmer.org]

Viacom, YouTube, and Privacy.

Wed, 14 Mar 2007 15:36:38 GMT

Viacom, YouTube, and Privacy.

Yesterday[base ']s top tech policy story was the copyright lawsuits filed by Viacom, the parent company of Comedy Central, MTV, and Paramount Pictures, against YouTube and its owner Google. Viacom[base ']s complaint accuses YouTube of direct, contributory, and vicarious copyright infringement, and inducing infringement. The complaint tries to paint YouTube as a descendant of Napster and Grokster.

Viacom argues generally that YouTube should have done more to help it detect and stop infringement. Interestingly, Viacom points to the privacy features of YouTube as part of the problem, in paragraph 43 of the complaint:

In addition, YouTube is deliberately interfering with copyright owners[base '] ability to find infringing videos even after they are added to YouTube[base ']s library. YouTube offers a feature that allows users to designate [base "]friends[per thou] who are the only persons allowed to see videos they upload, preventing copyright owners from finding infringing videos with this limitation[sigma]. Thus, Plaintiffs cannot necessarily find all infringing videos to protect their rights through searching, even though that is the only avenue YouTube makes available to copyright owners. Moreover, YouTube still makes the hidden infringing videos available for viewing through YouTube features like the embed, share, and friends functions. For example, many users are sharing full-length copies of copyrighted works and stating plainly in the description [base "]Add me as a friend to watch.[per thou]

Users have many good reasons to want to limit access to noninfringing uploaded videos, for example to make home movies available to family members but not to the general public. It would be a shame, and YouTube would be much less useful, if there were no way to limit access. Equivalently, if any copyright owner could override the limits, there would be no privacy anymore [~] remember that we[base ']re all copyright owners.

Is Viacom really arguing that YouTube shouldn[base ']t let people limit access to uploaded material? Viacom doesn[base ']t say this directly, though it is one plausible reading of their argument. Another reading is that they think YouTube should have an extra obligation to police and/or filter material that isn[base ']t viewable by the public.

Either way, it[base ']s troubling to see YouTube[base ']s privacy features used to attack the site[base ']s legality, when we know those features have plenty of uses other than hiding infringement. Will future entrepreneurs shy away from providing private communication, out of fear that it will be used to brand them as infringers? If the courts aren[base ']t careful, that will be one effect of Viacom[base ']s suit.

Apple Releases a Bushel of Software Patches.

Wed, 14 Mar 2007 15:35:07 GMT

Apple Releases a Bushel of Software Patches.

Today turned out to be "Patch Tuesday" after all, only the security updates were released by Apple instead of Microsoft.

Apple issued security updates to plug at least 46 separate security holes in its operating system and other software. The updates are available through Apple's site or via the built-in Software Update feature.

Nearly one-third of the fixes mend flaws outlined in the controversial Month of Kernel Bugs and Month of Apple Bugs projects from November 2006 and January 2007, respectively. Also included was a patch for a serious flaw in Apple's Software Update application.

A number of the patches address third-party applications built for use on Mac OS X and Mac OS X Server systems. Today's bundle fixes at least seven bugs in the MySQL database software, and two flaws in OpenSSH, a tool used to encrypt online communications. Other programs patched in this release include iPhoto, QuickDraw, and Adobe's Flash Player.

[Security Fix]

Tracking the Password Thieves.

Wed, 14 Mar 2007 15:30:56 GMT

Tracking the Password Thieves.

The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting, so I'd like to share a few of those details.

I based the story in part on a cache of stolen data I found online (more on how I obtained it in a bit). The data was being compiled by a password-stealing virus that had infected many thousands of computers worldwide; the particular text file that I found included personal information on 3,221 victims scattered across all 50 U.S. states.

Using a custom-built application that makes use of the Google Maps API, I was able to chart the approximate locations of the victims. This was possible because at the beginning of each record was the virus's best guess of the longitude and latitude of the infected computer's Internet address. This so-called "geo-IP" process is far from perfect: Sometimes these automated guesses are disturbingly accurate, and other times they are miles wide or completely wrong.

The approximate location of the 3,221 U.S. residents victimized by this virus (Data gathered by washingtonpost.com; image courtesy Secure Science Corp. and Google).

Scammers collect information about the location of their victims because it becomes useful when they want to conduct fraud with a hijacked credit or debit card account. The idea here is to evade a key component of fraud detection in the financial industry -- transaction location tracking. If Joe in Georgia starts suddenly withdrawing money or making purchases in Nigeria or Europe when his last transaction was an hour earlier in Atlanta, Joe's bank is going to flag the transactions as fraudulent and in all likelihood cancel the card.

[Security Fix]

Carriers mum on DoJ report that FBI abused powers - Network World

Tue, 13 Mar 2007 20:57:01 GMT

Three carriers would not discuss the U.S. Department of Justice findings that the FBI overstepped its authority in accessing private phone records in investigations of terrorism or espionage suspects under the Patriot Act.

Neither AT&T, Verizon nor Qwest would comment on the matter in which a Justice Department audit released Friday determined the FBI, without a court order, improperly exercised Patriot Act powers to obtain phone, credit and Internet records of suspected terrorists and spies.

How to surf anonymously without a trace - ComputerWorld

Tue, 13 Mar 2007 20:51:27 GMT

The punchline to an old cartoon is "On the Internet, nobody knows you're a dog," but these days, that's no longer true.

It's easier than ever for the government, Web sites and private businesses to track exactly what you do online, know where you've visited, and build up comprehensive profiles about your likes, dislikes and private habits.

And with the federal government increasingly demanding online records from sites such as Google and others, your online privacy is even more endangered.

But you don't need to be a victim. There are things you can do to keep your surfing habits anonymous and protect your online privacy. So read on to find out how to keep your privacy to yourself when you use the Internet, without spending a penny.

Do You Need to Surf Anonymously?

Tue, 13 Mar 2007 20:48:57 GMT

Do You Need to Surf Anonymously? An anonymous reader writes "Computerworld has up an article entitled 'How to Surf Anonymously without a Trace'. It purports to offer tips on how to avoid detection by anyone attempting to monitor your internet access. 'If you don't like the limitations imposed on you by [proxy] sites like the Cloak or would simply prefer to configure anonymous surfing yourself, you can easily set up your browser to use an anonymous proxy server to sit between you and the sites you visit. To use an anonymous proxy server with your browser, first find an anonymous proxy server. Hundreds of free, public proxy servers are available, but many frequently go offline or are very slow. Many sites compile lists of these proxy servers, including Public Proxy Servers and the Atom InterSoft proxy server list.'"

[Slashdot: Your Rights Online]

New US Computer Forensic Institute.

Tue, 13 Mar 2007 20:33:22 GMT

New US Computer Forensic Institute. Quincy writes "The DHS and Secret Service are setting up a new computer forensic institute in Alabama. Set to open in mid-2008, the new National Computer Forensic Institute will be able to train over 900 law enforcement officers per year. 'It will initially be staffed by 18 Secret Service agents and will feature classrooms, a forensic laboratory, an evidence vault, and server rooms. Courses will be offered in the investigation of electronic crimes, network intrusion investigation, and computer forensics... [T]he Secret Service says that it will help to bring judges and prosecutors up to speed as well.'" Maybe over time we'll see fewer botches of justice like those in the news recently [Slashdot: Your Rights Online]

Action Alert: Reform the PATRIOT Act and Stop the Abuse of Surveillance Powers!

Tue, 13 Mar 2007 20:28:38 GMT

Action Alert: Reform the PATRIOT Act and Stop the Abuse of Surveillance Powers!

The FBI has blatantly abused a key PATRIOT Act provision and knowingly violated the law to spy on Americans' telephone, Internet, and other personal records, as documented in a report recently released by the Justice Department. Congress must rein in this egregious behavior, but it can't stop there -- the Bush Administration's unprecedented pattern of disregarding the law stretches far beyond the examples in this report. Tell Congress to defend your privacy now.

Before PATRIOT, the FBI could use so-called National Security Letters only for securing the records of suspected terrorists or spies. But under PATRIOT the FBI can use them to get private records about anybody without any court approval as long as it believes the information could be relevant to an authorized terrorism or espionage investigation.

According to the Justice Department's Inspector General, the FBI's misuse of its authority included issuing NSLs to spy on people who weren't the subject of any existing investigation whatsoever. The FBI also lied to Congress and underreported its use of NSLs by many thousands. Worse still, the FBI has ignored its own lawyers' advice and intentionally evaded PATRIOT's thin bounds, improperly requesting and obtaining personal records through so-called "exigent letters" that Congress never authorized.

That's only a sampling of the horror story painted by the report, and, had Congress not ordered the Inspector General to review the FBI's activities last year, these abuses might have never been revealed. From the moment PATRIOT was passed, we said the NSL power was ripe for abuse and unconstitutional, and it's clearer than ever that Congress should repeal PATRIOT's expansion of NSL powers and reform the PATRIOT Act as a whole.

Moreover, Congress must broadly investigate the Administration's use of surveillance powers, including the NSA's massive and illegal domestic spying program. Congress and the American public have been kept in the dark about such clear violations of the law and Americans' privacy for far too long. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable.

Take action now.

[EFF: Deep Links]

Three Indicted for Alleged Online Brokerage Scam.

Tue, 13 Mar 2007 20:11:34 GMT

Three Indicted for Alleged Online Brokerage Scam. A federal grand jury indicted three people on charges of conspiracy, fraud, and aggravated identity theft related to a "high-tech" scheme to hijack online brokerage accounts. [PC World: Latest Technology News]

FBI Data Demands Lack Adequate Checks and Balances.

Tue, 13 Mar 2007 20:08:45 GMT

FBI Data Demands Lack Adequate Checks and Balances. A report by the Department of Justice Inspector General finds numerous failures of internal processes for FBI issuance of so-called National Security Letters, which are used to compel disclosure of sensitive financial, credit and communications records. The rules limiting the circumstances under which NSLs can be issued were weakened by the PATRIOT Act. Tighter internal controls announced by DOJ and FBI in response to the IG report, while welcome, will not cure the NSLs' fundamental flaw: giving FBI agents power to compel disclosure of private information without judicial approval. [Center for Democracy and Technology]

CDT Opposes Bill Expanding Pentagon Domestic Data Mining.

Tue, 13 Mar 2007 20:07:21 GMT

CDT Opposes Bill Expanding Pentagon Domestic Data Mining. CDT and other civil liberties groups are urging Congress to reject legislation that would exempt the Department of Defense from a key provision of the Privacy Act. The little-noticed amendment, already included in the Senate version of the Intelligence Authorization Act, would permit government agencies to disclose information on US citizens to the Defense Department. Such language could pave the way for entire databases of information to be transferred to the Defense Department without a clear purpose -- in turn opening the door to greater data mining by military agencies. [Center for Democracy and Technology]

CDT Calls for Reform of National Security Letters.

Tue, 13 Mar 2007 20:04:02 GMT

CDT Calls for Reform of National Security Letters. CDT is calling on Congress to require judicial approval of FBI efforts to access the sensitive records of US citizens. Recent revelations regarding violations in the use of so-called "national security letters" have shown that no matter how many internal controls the FBI adopts, self-certification in not sufficient when the government is obtaining the sensitive financial and communications records of citizens. CDT believes Congress should reform the law and adopt a reasonable system of judicial checks and balances. [Center for Democracy and Technology]

McAfee Says Vista's StickyKeys Could Be Misused.

Tue, 13 Mar 2007 20:02:15 GMT

McAfee Says Vista's StickyKeys Could Be Misused. A Windows Vista feature designed to simplify computing for disabled users has security implications, according to a McAfee researcher. [PC World: Latest Technology News]

Secure your enterprise data.

Tue, 13 Mar 2007 19:57:32 GMT

Secure your enterprise data. For DuPont, Gary Min may have seemed a model employee. A research chemist at DuPont's research laboratory in Circleville, Ohio, Min was a naturalized U.S. citizen with a doctorate from the University of Pennsylvania who had worked for DuPont for 10 years, even earning a business degree from Ohio State University with help from his employer. But Min's veneer of respectability began to crack on Dec. 12, 2005, when he told his employer he would be leaving his job. [CSO Online Data Security Briefing]

American Studios' Secret Plan to Lock Down European TV Devices.

Tue, 13 Mar 2007 19:53:46 GMT

American Studios' Secret Plan to Lock Down European TV Devices.

EFF Exposes Standards Jeopardizing Innovation and Consumer Rights

San Francisco - An international consortium of television and technology companies is devising draconian anti-consumer restrictions for the next generation of TVs in Europe and beyond, at the behest of American entertainment giants.

The Electronic Frontier Foundation (EFF) is the only public interest group to have gained entrance into the secretive meetings of the Digital Video Broadcasting Project (DVB), a group that creates the television and video specifications used in Europe, Australia, and much of Asia and Africa. In a report released today, EFF shows how U.S. movie and television companies have convinced DVB to create new technical specifications that would build digital rights management technologies into televisions. These specifications are likely to take away consumers' rights, which will subsequently be sold back to them piecemeal -- so entertainment fans will have to pay again and again for legitimate uses of lawfully acquired digital television content.

"DVB is abetting a massive power grab by the content industry, and many of the world's largest technology companies are simply watching," said Ren Bucholz, EFF Policy Coordinator, Americas. "This regime was concocted without input from consumer rights organizations or public interest groups, and it shows."

Despite recent record profits, American movie and television studios insist that new technologies could ruin their industry. In past battles against innovation, these same studios sued to block the sale of the VCR and the first mass-marketed digital video recorder in the U.S. Having failed in those efforts, they have now turned to creating technical standards that, when backed by law, are likely to restrict consumers' existing rights and threaten the future of technological innovation.

With DVB, the plan begun by entertainment companies in the U.S. has now gone global. EFF's report is aimed at alerting European consumer groups and consumers about the dangers posed by the proposed standards and providing informational resources for European regulators.

"DVB members' active indifference, even hostility, to user rights is shameful," said EFF Staff Technologist Seth Schoen. "When American studios ask for regulatory support for restrictions pushed through the DVB Project, public officials must stand up for consumer rights, sustain competition and innovation, and tell Hollywood to back off."

For the full report:
http://www.eff.org/IP/DVB/dvb_briefing_paper.php

EFF's 2005 Submission to the U.K. Department of Media, Sports and Culture:
http://www.eff.org/IP/DVB/dvb_critique.php

Contacts:

Ren Bucholz
Policy Coordinator, Americas
Electronic Frontier Foundation
ren@eff.org

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

[EFF: Breaking News]

Canada.com and Email Privacy

Tue, 13 Mar 2007 02:44:46 GMT

Canada.com and Email Privacy [Michael Geist Privacy Law RSS News Feed]

Justice Department Report Reveals FBI Misused Patriot Act.

Tue, 13 Mar 2007 02:41:50 GMT

Justice Department Report Reveals FBI Misused Patriot Act. A Justice Department audit released Friday said that the FBI used the Patriot Act improperly and unlawfully to gain information about people in the United States. Two members of the House Judiciary Committee debate the audit's conclusions. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS]

Google Aids Indian Goverment Censorship.

Tue, 13 Mar 2007 02:36:33 GMT

Google Aids Indian Goverment Censorship. An anonymous reader writes "Google's Orkut has made a deal to provide IP addresses of posters of content deemed objectionable by Bombay police. They object, among others, to posts against certain Indian personalities, young women admiring Indian mobsters, and, amazingly, "anti-Indian words" (!)." [Slashdot]

Spying Too Secret for the Courts.

Tue, 13 Mar 2007 02:33:23 GMT

Spying Too Secret for the Courts. AT&T and the government tell an appeals court that the case against the telecom for allegedly helping the government spy on Americans is too secret for any court, despite the Administration's admission it did spy on Americans without warrants. [Wired News: Top Stories]

Government Sites Fail FOIA Rules.

Tue, 13 Mar 2007 02:14:21 GMT

Government Sites Fail FOIA Rules. A study shows 79 percent of federal agencies are violating a Freedom of Information Act amendment requiring they post records online and help citizens request info over the internet. In 27B Stroke 6. Plus: States' secrecy penalties. [Wired News: Top Stories]

courant.com | Our I.D., Their Trash - Sensitive Records Turn Up In Ohio

Mon, 12 Mar 2007 20:41:49 GMT

Papers with sensitive information about Connecticut residents - Social Security numbers, medical records, names, phone numbers, addresses and bank records began blowing from an Ohio landfill onto nearby homeowner Harry Evans' yard months ago.

At first he just picked up the litter - dozens of papers in all - and threw it away. But about a week ago, Evans says, he talked with his wife about the personal nature of some of the windblown papers and decided he'd had enough. He called the local media. Soon, newspaper and TV reporters descended on his home in Negley.

TorontoSun.com - Canada - Privacy swipe? New system would check IDs in stores

Mon, 12 Mar 2007 20:38:21 GMT

Convenience stores that check ID by swiping driver's licences could be violating privacy law, Government Services Minister Gerry Phillips said Wednesday.

The system called "We Expect ID," would see store clerks swipe licences through a lottery terminal to verify a customer's age when purchasing alcohol, cigarettes, adult magazines, lottery tickets or fireworks. The terminal will read age information from the magnetic stripe on the licence and display the person's age on the terminal.

Popular P2P apps could expose sensitive files, report says.

Mon, 12 Mar 2007 20:33:43 GMT

Popular P2P apps could expose sensitive files, report says. Five popular peer-to-peer file-sharing applications include features that could allow users to inadverdently share sensitive files on their computers with others, according to the U.S. Patent and Trademark Office. [Computerworld Privacy News]

'Do the Right Thing'. Editorial

Mon, 12 Mar 2007 20:32:08 GMT

'Do the Right Thing'. Editorial: There is no greater hallmark of an IT leader than the courage it takes to do what[base ']s right, says Don Tennant. [Computerworld Privacy News]

Congress Targets Pretexting.

Mon, 12 Mar 2007 20:22:56 GMT

Congress Targets Pretexting. Legislation would add protections against the practice of posing as another to gain personal data. [PC World: Latest Technology News]

Seagate Ships Super-Secure Hard Disk Drive.

Mon, 12 Mar 2007 20:18:52 GMT

Seagate Ships Super-Secure Hard Disk Drive. ASI Computer Technologies will use the automatically encrypted Momentus in a laptop. [PC World: Latest Technology News]

Does Free Domain Registration Promote Malware?

Mon, 12 Mar 2007 20:06:37 GMT

Does Free Domain Registration Promote Malware? Easy, anonymous registration boosts sites used for spamming or hosting malicious apps, McAfee says. PC World: Latest Technology News]

Open Government Gets Its Week in the Sunshine.

Mon, 12 Mar 2007 20:04:59 GMT

Open Government Gets Its Week in the Sunshine.

This week is Sunshine Week - a gentle name for celebrating the serious business of uncovering secretive government practices. Taking its cue from the famous line by Justice Brandeis that "sunlight is ... the best of disinfectants", this year's Sunshine Week reflects on a year of continuing efforts to increase government visibility, and a renewed interest by the press, activists, and netizens in investigating its secrets.

Projects like our own Freedom of Information Act Lltigation for Accountable Government (FLAG) project have been working hard to use statutory tools like FOIA and the Privacy Act to uncover the misuse of technology by the state. Josh Richman's overview of FLAG's work in several of Sunday's papers highlights the work our Washington office does, from uncovering the edges of the warrantless wiretapping program, to probing the connections between the NSA and Windows Vista's development.

EFF's work monitoring Washington developments in the world of technology are helped by many other dedicated sites, like OpenCRS, which distributes the fascinating, but previously restricted, Congressional Research Service reports, and OpenSecrets, which can illustrate Washington connections that are otherwise obscure (want to know why Bill Frist was so keen on the Audio Flag? Inquire within.) Researchers at EPIC, coalition groups like Open The Government and the politicians behind H.R.1309, which seeks to update the FOIA laws to react faster to inquiries, help keep the tools of exposing government sharp and relevant.

Meanwhile, across the Net, hackers and activists have been working to extract, sift and re-present what information federal and state governments do provide in a way that ordinary citizens can use. There's now a wealth of sources to choose from, from the amazing work by the volunteer-run GovTrack.us, to the new OpenCongress that builds on GovTrack's database and more, to the many new APIs that can stitch all of this data together.

Each of this tools, like each of our organizations, builds on the others. This week, the Sunlight Foundation is sponsoring a $2000 prize for the best Web mash-up of Congressional information, as judged by EFF friends Esther Dyson, Jimmy Wales, and Craig Newmark. We look forward to seeing how far the sunlight breaks this year.

[EFF: Deep Links]

SSL optimization over the WAN needs scrutiny - Network World

Sun, 11 Mar 2007 17:45:40 GMT

Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways.

SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links.

In a survey last month of 1,300 IT executives by WAN-optimization vendor Blue Coat Systems, one-third of respondents said that 25% of their WAN traffic is SSL. And of those surveyed, 45% plan to roll out more SSL applications this year.

About a third of all WAN traffic at Richardson Partners Financial Ltd. in Toronto is SSL, says Andrew McKinney, director of technical services for the firm. But if only the urgent business traffic is considered, the percentage is much higher. "For critical business traffic, it's all encrypted," he says. So he uses Blue Coat Systems gear to secure traffic and optimize it for good performance.

SSL Optimization Over WAN Needs Scrutiny.

Sun, 11 Mar 2007 17:41:59 GMT

SSL Optimization Over WAN Needs Scrutiny. coondoggie writes with word of the expansion of WAN optimization appliances to handle SSL traffic and the security concerns this brings up. From the article: "With more and more WAN optimization vendors extending their capabilities to include encrypted traffic, corporate IT executives have a decision to make: Should they trust the security these devices provide? Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic, and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways. SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links."
[Slashdot]

Lawmakers: Additional pretexting legislation needed.

Sun, 11 Mar 2007 17:33:48 GMT

Lawmakers: Additional pretexting legislation needed. Despite dismay from telecom firms and the Department of Justice, lawmakers on Capitol Hill appear ready to once again put their weight behind laws designed to crack down on pretexting. [Computerworld Privacy News]

UK official calls for international privacy standards.

Sun, 11 Mar 2007 17:31:25 GMT

UK official calls for international privacy standards. After a spate of disputes between the U.S. and the European Union over privacy safeguards, the U.K.'s information commissioner is calling for international harmonization of data-protection rules. [Computerworld Privacy News]

'Real ID' threatens everyone's privacy - Nashville, Tennessee

Sun, 11 Mar 2007 17:28:25 GMT

"We are, after all, for the first time in the history of a liberty-loving nation, creating a national identification card ... with all the ramifications of that. ... Real ID was stuffed into the supplemental appropriations bill for Hurricane Katrina and the troops in Iraq, so of course, we had to vote for the bill, but we had no chance to amend it -- no debate, no hearing, and no consideration of other alternatives, And now we impose on the states an $11 billion unfunded mandate. ... I would say we wouldn't be doing our job if we didn't stop and think about what we've done."

Sen. Lamar Alexander's recent comments about the Real ID Act echo the widespread bipartisan resistance to this new law.

In 2005, Congress passed the Real ID Act, a law that proposed a sea change in how states issue driver's licenses. In essence, the law would federalize all state departments of motor vehicles and turn our driver's licenses into national identity cards. The burdens of compliance are onerous and guarantee longer lines, higher fees and huge bureaucratic and financial nightmares for state government.

However, the real nightmare of Real ID is the law's assault on our privacy rights. The law mandates a central, interlinked database containing a wealth of personal information, including name, address, date of birth, biometric information and an assigned identification number. Over time, the database will inevitably become the repository for more and more of citizens' personal data and will be used for an ever-wider set of purposes, moving us closer to a surveillance society.

Utah court: Drug odor didn't justify search without warrant

Sun, 11 Mar 2007 17:24:33 GMT

SALT LAKE CITY -- The odor of burning marijuana didn't justify a search of a trailer without a warrant, the Utah Supreme Court said Friday.

Police officers broke through the door of a trailer in April 2003 because they believed the suspects were eliminating evidence by smoking it. The court, however, said there was no sign that Bernadette Duran knew authorities were around.

wcco.com - Senate Committee Approves 'PhotoCops'

Sun, 11 Mar 2007 17:21:18 GMT

(AP) St. Paul Amid a court fight over a Minneapolis's stop-on-red camera program, a Senate committee has approved legislation that would allow all Minnesota cities the power to put PhotoCops at intersections.

The Senate Transportation Committee voted 11 to 5 on Friday to move the bill along, but not without serious questions about its use as a revenue generating tool and its threat to privacy.

Minneapolis began the program to catch and ticket red-light runners, but it was halted by court actions questioning whether it overstepped state law. The Supreme Court is due to hear arguments in the case next week.

The bill permits cities to install cameras to record violators and mail out citations to the owners of the photographed vehicles.

Chertoff Defends New Computer Project

Sun, 11 Mar 2007 17:18:50 GMT

A new Homeland Security program aims to analyze existing, legally collected computer data, not gather new personal information on U.S. citizens, Secretary Michael Chertoff said Friday in defending the program from congressional critics.

The project, still in pilot stage, will help investigators understand evidence gathered through subpoenas but won't troll computers for new, private information, Chertoff said in an interview with The Associated Press.

'It's an experiment to see how you can better analyze data that you already have, that you've already legally collected, to see if you can understand it, sort it and make use of it more readily than simply doing it manually,' Chertoff said.

Called ADVISE _ for Analysis, Dissemination, Visualization, Insight and Semantic Enhancement _ the program can be used to find 'relationships or patterns' from information including financial and telephone records, he said.

The dangers of DNA testing

Sun, 11 Mar 2007 17:15:40 GMT

DNA testing is in the news a lot these days, and not solely because of the saga of Anna Nicole Smith, whose burial was delayed amid a legal tussle over the paternity of her 5-month-old daughter, Daniellyn.

The growing success in obtaining convictions by genetic matching (since the O.J. Simpson trial anyway) has made it the preferred identification technology for law enforcement, as well as by other federal agencies. The U.S. military requires every serviceman to give blood for future DNA analysis, presumably for body identification.

States are among the most aggressive users of DNA testing. The New Jersey Supreme Court recently upheld a Garden State law requiring DNA testing of all felons, with the results maintained in a state database and submitted to the FBI.

Other states that have initiated extensive DNA collection policies include Virginia and Arizona -- the latter tests, collects, and stores the results not only from convicted felons but also from most people who are simply arrested for a felony. Florida is now considering collecting DNA from everyone convicted of a felony, as well as from those found guilty of certain misdemeanors.

Municipalities are climbing onto the DNA testing bandwagon, too. A blood bank in Seattle has begun collecting and analyzing DNA from donated blood without obtaining explicit permission, although donors may opt out. The program is funded by the U.S. military. To protect the privacy of donors, the Puget Sound blood bank labels the samples with codes instead of printed names. For the record, that's not a very secure strategy.

Race Traces

A little-noticed provision in the recently passed Violence Against Women Act may soon trigger the largest sweep of DNA information in this country. The Justice Dept. plans to collect DNA from anyone arrested or detained by federal agents. This will, by definition, include all illegal immigrants.

The increasingly widespread use of DNA testing opens a Pandora's Box of privacy issues. Technicians can extrapolate information about a person from the sample of their brother or son. In Houston last year, a man's conviction of rape was partially based on DNA evidence collected from his twin brother.

And the process isn't without its bizarre anomalies. For example, people who have received bone-marrow transplants can in certain cases match the DNA of a donor.

courant.com | Internet Safety Is Goal Of Bill

Sun, 11 Mar 2007 17:08:47 GMT

Popular Internet social-networking sites like MySpace and Facebook would have to verify users' ages and get parental permission before minors could post profiles under a proposed law pending in the General Assembly.

Connecticut would become a national leader in protecting minors on the Internet if it adopts the tighter age restrictions, state Attorney General Richard Blumenthal said.

The bill cleared its first major hurdle Thursday when it won unanimous approval from the legislature's general law committee.

The intent of the bill is clear. Unclear is what form parental permission would take and what would prevent youths from faking permission.

Connecticut Wants to Restrict Social Networking.

Sun, 11 Mar 2007 17:06:21 GMT

Connecticut Wants to Restrict Social Networking. csefft writes "According to the Hartford Courant, Connecticut became the latest state to want to restrict the use of MySpace and other social networking sites. The proposed bill would require that all such sites verify the identity and age of users, as well as get parent's permission for those under 18. Sites that failed to comply would be subject to a $5,000 per day fine. Attorney General Richard Blumenthal said of the proposition, 'If we can put a man on the moon, we can verify age on the Internet,' but quickly followed with the acknowledgment that there is no foolproof method." [Slashdot: Your Rights Online]

Don't like ID cards? Hand over your passport | the Daily Mail

Sun, 11 Mar 2007 16:56:16 GMT

Anybody who objects to their personal details going on the new "Big Brother" ID cards database will be banned from having a passport.

James Hall, the official in charge of the supposedly-voluntary scheme, said the Government would allow people to opt out - but in return they must "forgo the ability" to have a travel document.

With one in every eight people saying they will refuse to sign-up, up to five million adults could effectively be refused permission to leave the country.

Campaigners reacted to Mr Hall's remarks with fury, saying they were yet more evidence of the lurch towards "Big Brother" Britain.

Phil Booth, of the NO2ID group, said: "The idea that ID cards scheme is voluntary, and people can opt-out, is a joke.

"There are all sorts of reasons why people need to travel, not just for holidays. There is work, visiting relatives.

"What are these people supposed to do? It stretches the definition of voluntary beyond breaking point. They will go to any length to get personal information for this huge database. Who knows what will happen to it then?"

No Passport For Britons Refusing Mass Surveillance.

Sun, 11 Mar 2007 16:52:17 GMT

No Passport For Britons Refusing Mass Surveillance. UpnAtom writes "People who refuse to give up their bank records, tax records & details of any benefits they've claimed, and the records of their car movements for the last year, or refuse to submit to an interrogation on whether they are the same person that this mountain of data belongs to -- will be denied passports from March 26th. The Blair government has already admitted that this and other data will be cross-linked so that the Home Office and other officials can spy on the everyday lives of innocent Britons. Britons were already the most spied upon nation in Western Europe -- more so even than Sweden. Data-mining through this unprecedented level of mass-surveillance allows any future British government to leapfrog even countries like China and North Korea." [Slashdot: Your Rights Online]

Big Brother State: surveillance society animation.

Sun, 11 Mar 2007 03:08:05 GMT

Big Brother State: surveillance society animation.

Another slick animation outlining the threats of our growing surveillance society: Big Brother State (YouTube version here)

[via Jeremy Hunsinger]

[michaelzimmer.org]

Big Brother State - An animated short about public surveillance by David Scharf

Sun, 11 Mar 2007 03:06:35 GMT

please also download using Bit Torrent:
(Xvid Version, ca. 50 MB, 768 px x 432 px) ---> CLICK HERE
(Big FLV Version, 55 MB, 768 px x 432 px, use FLV Player to view) ---> CLICK HERE

Check the Internet Archive for other resolutions and formats: CLICK HERE

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

Sun, 11 Mar 2007 02:52:46 GMT

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

EFF is calling for Congress to hold aggressive hearings on the FBI's domestic intelligence authority after the release of a Justice Department report [PDF] showing the Bureau abusing its power to collect telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.

Sen. Patrick J. Leahy, D-Vermont, has said the Senate Judiciary Committee will hold hearings into the report's findings. But the widespread abuse detailed in the report requires more than just a cursory examination.

"The Bureau's misuse of its intelligence authority is an ongoing critical problem," said EFF Staff Attorney Marcia Hofmann. "Congress must use its investigative power to find out what's really going on at the FBI -- and then rein in the Bureau's investigative authority to where is was before the USA PATRIOT Act."

In the report, the Justice Department's inspector general identifies four dozen instances in which demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. The report also found that the Bureau lied to Congress about its use of the letters.

The FBI has had limited authority to issue National Security Letters for many years. However, a controversial provision of the PATRIOT Act greatly expanded the Bureau's ability to use them to gather information about anyone, as long as the agency believes the information could be relevant to a terrorism or espionage investigation.

Today's report follows the inspector general's findings last year that the Bureau had disclosed more than 100 instances of possible intelligence misconduct to the Intelligence Oversight Board in the preceding two years, a number of which were "significant."

In 2005, EFF argued in a friend of the court brief that the FBI's "unfettered authority" to issue National Security Letters "is ripe for abuse." The danger of such abuse has now been documented.

"This is not simply about errors in 'oversight,'" said EFF Senior Staff Attorney Lee Tien. "This is about disregard for the law. For example, FBI terrorism investigators ignored their own lawyers' advice to stop using so-called 'exigent' letters for about two years."

For more information, read the full report from the Justice Department, as well as this brief description of National Security Letters .

[EFF: Deep Links]

Justice Department Says F.B.I. Misused Patriot Act.

Sun, 11 Mar 2007 02:49:18 GMT

Justice Department Says F.B.I. Misused Patriot Act.

In what should not come as that big of a surprise, AP reports:

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

[sigma]The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances.

[sigma]Fine[base ']s annual review is required by Congress, over the objections of the Bush administration.

The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.

In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.

Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI[base ']s database, the audit found.

[sigma]The FBI also used so-called [OE][base ']exigent letters,'[base '] signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

[OE][base ']In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent,'[base '] the audit concluded.

Unbelievable. The full 199-page report can be downloaded here (PDF). And more coverage is available at Boing Boing and 27B Stroke 6.

[michaelzimmer.org]

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Sun, 11 Mar 2007 02:43:18 GMT

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Greetings. The release of a new report detailing massive FBI abuses of the PATRIOT Act (particularly in regard to National Security Letters), now confirms concerns that I and others have been long expressing about the potential abuse of retained Internet and other data, e.g.:

Sounding the Alarm on Government-Mandated Data Retention

An Open Letter to Google: Concepts for a Google Privacy Initiative

Broad abuses of retained data are now demonstrated to be real, not theoretical, as described in this Washington Post story.

We don't yet really know the full extent of these violations, but what has already been revealed is bad enough as a starting point.

I hope that these events will not only trigger considerable soul-searching by those firms who voluntarily retain user activity data, but also cause a renewed recognition of how broad mandated data retention can facilitate, and inevitably will facilitate, such abuses in the future.

--Lauren--

[Lauren Weinstein's Blog]

Justice: FBI misused Patriot Act powers - Yahoo! News

Fri, 09 Mar 2007 20:34:53 GMT

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

Attorney General Alberto Gonzales, who oversees the FBI, described the problems cited in the report as unacceptable and left open the possibility of criminal charges. He ordered further investigation.

"Once we get that information, we'll be in a better position to assess what kinds of steps should be taken," Gonzales told reporters following a speech to privacy officials.

[...]

The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.

In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.

"To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales told the privacy officials. "Failure to adequately protect information privacy simply is a failure to do our jobs."

Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI -- and perhaps limit its power.

"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy (news, bio, voting record), D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."

The committee's top Republican, Pennsylvania Sen. Arlen Specter (news, bio, voting record), said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."

Sen. Russ Feingold (news, bio, voting record), D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.

Audit Finds FBI Abused Patriot Act.

Fri, 09 Mar 2007 20:27:43 GMT

Audit Finds FBI Abused Patriot Act. happyslayer writes to mention that according to Yahoo! News a recent audit shows that the FBI has improperly and in some cases illegally utilized the Patriot Act to obtain information. "The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances. The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct. Still, 'we believe the improper or illegal uses we found involve serious misuses of national security letter authorities,' the audit concludes." [Slashdot]

The Local - Olofsson claims Sweden has tapped phones 'for decades'

Fri, 09 Mar 2007 20:23:29 GMT

Deputy prime minister Maud Olofsson has added a new twist to Sweden's divisive surveillance debate. The Centre Party leader claims that defence minister Mikael Odenberg's proposed legislation would merely codify practices that have already been in operation for decades.

Previously, at a time when all telecommunications were state-operated, Sweden's National Defence Radio Establishment (FÃ¶rsvarets Radioanstalt - FRA) regularly tapped telephone lines in and out of the country, says Olofsson.

The Local - 'Big brother' surveillance makes waves in Sweden

Fri, 09 Mar 2007 20:21:39 GMT

A far-reaching wiretapping programme proposed by Sweden's government to defend against foreign threats, including monitoring emails and telephone calls, has stirred up a fiery debate in the past few weeks, with critics decrying the creation of a "big brother" state.

The new legislation, to be presented to parliament on Thursday, would enable the National Defence Radio Establishment (FRA) to tap all Internet and telephone communication in and out of Sweden.

Sweden Admits Tapping Citizens' Phones for Decades.

Fri, 09 Mar 2007 20:18:28 GMT

Sweden Admits Tapping Citizens' Phones for Decades. paulraps writes "Sweden is close to implementing new surveillance legislation that will include the monitoring of emails, telephone calls and keyword searches using advanced pattern analysis. The objective is to detect 'threats such as terrorism, IT attacks or the spread of weapons of mass destruction' but the proposals have divided the country. In a misguided attempt to put people at ease, the government admitted that Sweden has been tapping its citizens' phones for decades anyway." [Slashdot: Your Rights Online]

FTC Finalizes Landmark Adware Settlement.

Fri, 09 Mar 2007 20:08:24 GMT

FTC Finalizes Landmark Adware Settlement. The Federal Trade Commission today finalized its landmark settlement requiring adware distributor Zango Inc. (formerly 180solutions) to hand over $3 million and change some of its most egregious practices. The settlement bars Zango from contacting the computers of people who installed Zango software before Jan. 1, 2006. After the proposed settlement was announced in November 2006, CDT submitted recommendations to the FTC highlighting the challenges that will come with enforcing it. In a letter to CDT, the FTC today acknowledged that it would need to remain vigilant to ensure that Zango abides by the terms of the settlement. The commission also urged CDT to pass along any evidence of future offenses by Zango stemming from CDT's ongoing forensics work in the adware/spyware arena. [Center for Democracy and Technology]

The Blotter(ABC NEWS) - Exclusive: Report Says FBI Violated Patriot Act Guidelines

Fri, 09 Mar 2007 17:02:02 GMT

The FBI repeatedly failed to follow the strict guidelines of the Patriot Act when its agents took advantage of a new provision allowing the FBI to obtain phone and financial records without a court order, according to a report to be made public Friday by the Justice Department's Inspector General.

The report, in classified and unclassified versions, remains closely held, but Washington officials who have seen it tell ABC News it documents "numerous lapses" and describe it as "scathing" and "not a pretty picture for the FBI."

FBI Director Robert Mueller is scheduled to brief Congress on the report at noon.

The officials say the inspector general found the FBI underreported by at least 20 percent the use of the controversial provision, known as National Security Letters, NSLs, in required disclosures to Congress.

The Patriot Act gave FBI agents the ability to demand telephone, bank, credit card and library records by issuing an administrative letter, bypassing the need to seek a warrant from a federal judge.

Pine Bluff - Scaled-back version of drug database passes Senate

Fri, 09 Mar 2007 16:33:58 GMT

LITTLE ROCK - Scaling back the scope of a statewide database to monitor some prescription drug purchases gained Senate approval of the measure Thursday. The bill's sponsor said the amendments were intended to address concerns about patient privacy.

[...]

By a 20-7 vote, the Senate approved a bill by Sen. Denny Altes, R-Fort Smith, that would allow the state Board of Pharmacy to establish standards for setting up the database on drug purchases. The database would track schedule II and schedule III narcotics, such as morphine or OxyContin.

"I think we've amended this about six times now," Altes said before the vote. "I think these changes should address all the concerns that were raised."

Altes originally called for a database to track virtually all prescription drug purchases in the state. The measure passed by the Senate allows the Board of Pharmacy to set the criteria for the information to be tracked by the database.

Sen. Jim Argue, D-Little Rock, said he still believed the database could be subject to abuse and could harm the privacy of some patients.

"There is no evidence that a database like this works, but there is evidence that databases like this could be violated," Argue said.

DNS Attack Factsheet Released.

Fri, 09 Mar 2007 16:30:25 GMT

DNS Attack Factsheet Released. Hoped to be first in a series. [GT: Security and Privacy]

Malware with Rootkit Features Grows.

Fri, 09 Mar 2007 16:28:49 GMT

Malware with Rootkit Features Grows. "Rootkit techniques are becoming increasingly popular among malware creators." [GT: Security and Privacy]

Homeland Security Tests Snoop Computer System.

Fri, 09 Mar 2007 16:23:56 GMT

Homeland Security Tests Snoop Computer System. Parallax Blue writes "The Washington Times reports that Homeland Security has developed and is testing a new computer system called ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) that collects and analyzes personal information on US citizens. Relevant data 'can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.' The program apparently uses the same process as the Pentagon's Total Information Awareness project, which was aborted in 2003 due to privacy concerns."

[Slashdot: Your Rights Online]

Policy Makers call for University Internet Filters.

Fri, 09 Mar 2007 16:16:28 GMT

Policy Makers call for University Internet Filters.

At today[base ']s House Judiciary Subcommittee on Courts, the Internet, and Intellectual Property hearing, titled [base "]An Update - Piracy on University Networks,[per thou] we heard from legislators that they[base ']re very concerned about [base "]piracy[per thou] on campus networks.

You should be able to watch the video of the hearing here.

The common theme of the solutions was not only educating students (which all of the witnesses said that they were working on collaboratively), but for campuses to employ technology to filter the packets flowing over the network.

[Public Knowledge - Blogging, Events, and Action Alerts]

Shred Your Data to Stay Ahead of the Pack.

Fri, 09 Mar 2007 16:09:28 GMT

Shred Your Data to Stay Ahead of the Pack. IBM's chief scientist has developed a data sharing system that hides what that data contains--by shredding it. [PC World: Latest Technology News]

Online Anti-Virus Scans: A Free Second Opinion.

Fri, 09 Mar 2007 16:07:01 GMT

Online Anti-Virus Scans: A Free Second Opinion.

Periodic online virus scanning is a good idea for Windows users, even for people already using up-to-date anti-virus tools. There are a couple of reasons I suggest this: First, anti-virus software is frequently slow to spot new threats. Take a gander at the daily "unrecognized" stats posted by Shadowserver.org, which tracks the performance (or lack thereof) of several popular tools in spotting new variants. That list currently examines the performance of several free programs, but the reality is not much different with the commercial tools. Just have a look at performance metrics and virus detection failure rates chronicled here and here.

The second reason follows from the first: If something nasty does make it past your security defenses, usually the first thing it will try to do is disable the active protection and update features in those tools. In such cases, you probably would not know about the infection unless you turned to a third-party program that is not already installed on your computer.

In my experience, two of the better free online anti-virus scanners are Panda Software's PandaScan and Kaspersky Lab's Free Virus Scan. Both require that you run the scans using Internet Explorer, as both require the installation of an ActiveX plug-in to do the job.

F-Secure Corp., CA and BitDefender also offer free online scanners that also use IE and ActiveX, but I haven't yet tried those so I can't offer an opinion on them.

TrendMicro's HouseCall service lets you install and run a free scanning tool from inside an IE or Firefox browser. However, I found the program both annoying -- it emitted a series of very loud and startling tones through my computer speakers while downloading virus definitions -- and ineffective. It crashed halfway through the scan, taking all of my other open Firefox windows with it, including an earlier, unsaved version of this blog post. (I had hoped Firefox 2.0's crash-recovery feature would save what I had typed as it had in previous crashes, but no such luck this time.)

If you have just a single file or archive that you'd like to scan, I'd suggest submitting it to VirusTotal, a free online anti-virus engine that will scan your submission against more than two dozen of the most well-known tools.

Depending on the speed of your PC and the number of files and hard drives you have, conducting an online scan can take between a few minutes to several hours to complete. It's not a bad idea to run the scan only when you can afford to be away from the PC for a few hours, or perhaps right before bedtime. Even on my test machine -- which sports a 2.2 GHz processor and 2 gigabytes of memory -- running several of the online scanners interfered with the simplest of tasks, such as composing an e-mail.

[Security Fix]

Sweden: Monitor Communications.

Fri, 09 Mar 2007 04:35:34 GMT

Sweden: Monitor Communications. A Swedish government security plan would allow a defense intelligence agency to monitor -- without a court order -- e-mail traffic and phone calls crossing the nation's borders. By the Associated Press. [Wired News: Top Stories]