Paul Hardwick: Surveillance

Big Brother State: surveillance society animation.

Sun, 11 Mar 2007 04:08:05 GMT

Big Brother State: surveillance society animation.

Another slick animation outlining the threats of our growing surveillance society: Big Brother State (YouTube version here)

[via Jeremy Hunsinger]

[michaelzimmer.org]

Big Brother State - An animated short about public surveillance by David Scharf

Sun, 11 Mar 2007 04:06:35 GMT

please also download using Bit Torrent:
(Xvid Version, ca. 50 MB, 768 px x 432 px) ---> CLICK HERE
(Big FLV Version, 55 MB, 768 px x 432 px, use FLV Player to view) ---> CLICK HERE

Check the Internet Archive for other resolutions and formats: CLICK HERE

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

Sun, 11 Mar 2007 03:52:46 GMT

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

EFF is calling for Congress to hold aggressive hearings on the FBI's domestic intelligence authority after the release of a Justice Department report [PDF] showing the Bureau abusing its power to collect telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.

Sen. Patrick J. Leahy, D-Vermont, has said the Senate Judiciary Committee will hold hearings into the report's findings. But the widespread abuse detailed in the report requires more than just a cursory examination.

"The Bureau's misuse of its intelligence authority is an ongoing critical problem," said EFF Staff Attorney Marcia Hofmann. "Congress must use its investigative power to find out what's really going on at the FBI -- and then rein in the Bureau's investigative authority to where is was before the USA PATRIOT Act."

In the report, the Justice Department's inspector general identifies four dozen instances in which demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. The report also found that the Bureau lied to Congress about its use of the letters.

The FBI has had limited authority to issue National Security Letters for many years. However, a controversial provision of the PATRIOT Act greatly expanded the Bureau's ability to use them to gather information about anyone, as long as the agency believes the information could be relevant to a terrorism or espionage investigation.

Today's report follows the inspector general's findings last year that the Bureau had disclosed more than 100 instances of possible intelligence misconduct to the Intelligence Oversight Board in the preceding two years, a number of which were "significant."

In 2005, EFF argued in a friend of the court brief that the FBI's "unfettered authority" to issue National Security Letters "is ripe for abuse." The danger of such abuse has now been documented.

"This is not simply about errors in 'oversight,'" said EFF Senior Staff Attorney Lee Tien. "This is about disregard for the law. For example, FBI terrorism investigators ignored their own lawyers' advice to stop using so-called 'exigent' letters for about two years."

For more information, read the full report from the Justice Department, as well as this brief description of National Security Letters .

[EFF: Deep Links]

Justice Department Says F.B.I. Misused Patriot Act.

Sun, 11 Mar 2007 03:49:18 GMT

Justice Department Says F.B.I. Misused Patriot Act.

In what should not come as that big of a surprise, AP reports:

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

[sigma]The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances.

[sigma]Fine[base ']s annual review is required by Congress, over the objections of the Bush administration.

The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.

In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.

Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI[base ']s database, the audit found.

[sigma]The FBI also used so-called [OE][base ']exigent letters,'[base '] signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

[OE][base ']In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent,'[base '] the audit concluded.

Unbelievable. The full 199-page report can be downloaded here (PDF). And more coverage is available at Boing Boing and 27B Stroke 6.

[michaelzimmer.org]

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Sun, 11 Mar 2007 03:43:18 GMT

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Greetings. The release of a new report detailing massive FBI abuses of the PATRIOT Act (particularly in regard to National Security Letters), now confirms concerns that I and others have been long expressing about the potential abuse of retained Internet and other data, e.g.:

Sounding the Alarm on Government-Mandated Data Retention

An Open Letter to Google: Concepts for a Google Privacy Initiative

Broad abuses of retained data are now demonstrated to be real, not theoretical, as described in this Washington Post story.

We don't yet really know the full extent of these violations, but what has already been revealed is bad enough as a starting point.

I hope that these events will not only trigger considerable soul-searching by those firms who voluntarily retain user activity data, but also cause a renewed recognition of how broad mandated data retention can facilitate, and inevitably will facilitate, such abuses in the future.

--Lauren--

[Lauren Weinstein's Blog]

Justice: FBI misused Patriot Act powers - Yahoo! News

Fri, 09 Mar 2007 21:34:53 GMT

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

Attorney General Alberto Gonzales, who oversees the FBI, described the problems cited in the report as unacceptable and left open the possibility of criminal charges. He ordered further investigation.

"Once we get that information, we'll be in a better position to assess what kinds of steps should be taken," Gonzales told reporters following a speech to privacy officials.

[...]

The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.

In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.

"To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales told the privacy officials. "Failure to adequately protect information privacy simply is a failure to do our jobs."

Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI -- and perhaps limit its power.

"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy (news, bio, voting record), D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."

The committee's top Republican, Pennsylvania Sen. Arlen Specter (news, bio, voting record), said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."

Sen. Russ Feingold (news, bio, voting record), D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.

Audit Finds FBI Abused Patriot Act.

Fri, 09 Mar 2007 21:27:43 GMT

Audit Finds FBI Abused Patriot Act. happyslayer writes to mention that according to Yahoo! News a recent audit shows that the FBI has improperly and in some cases illegally utilized the Patriot Act to obtain information. "The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances. The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct. Still, 'we believe the improper or illegal uses we found involve serious misuses of national security letter authorities,' the audit concludes." [Slashdot]

The Local - Olofsson claims Sweden has tapped phones 'for decades'

Fri, 09 Mar 2007 21:23:29 GMT

Deputy prime minister Maud Olofsson has added a new twist to Sweden's divisive surveillance debate. The Centre Party leader claims that defence minister Mikael Odenberg's proposed legislation would merely codify practices that have already been in operation for decades.

Previously, at a time when all telecommunications were state-operated, Sweden's National Defence Radio Establishment (FÃ¶rsvarets Radioanstalt - FRA) regularly tapped telephone lines in and out of the country, says Olofsson.

The Local - 'Big brother' surveillance makes waves in Sweden

Fri, 09 Mar 2007 21:21:39 GMT

A far-reaching wiretapping programme proposed by Sweden's government to defend against foreign threats, including monitoring emails and telephone calls, has stirred up a fiery debate in the past few weeks, with critics decrying the creation of a "big brother" state.

The new legislation, to be presented to parliament on Thursday, would enable the National Defence Radio Establishment (FRA) to tap all Internet and telephone communication in and out of Sweden.

Sweden Admits Tapping Citizens' Phones for Decades.

Fri, 09 Mar 2007 21:18:28 GMT

Sweden Admits Tapping Citizens' Phones for Decades. paulraps writes "Sweden is close to implementing new surveillance legislation that will include the monitoring of emails, telephone calls and keyword searches using advanced pattern analysis. The objective is to detect 'threats such as terrorism, IT attacks or the spread of weapons of mass destruction' but the proposals have divided the country. In a misguided attempt to put people at ease, the government admitted that Sweden has been tapping its citizens' phones for decades anyway." [Slashdot: Your Rights Online]

The Blotter(ABC NEWS) - Exclusive: Report Says FBI Violated Patriot Act Guidelines

Fri, 09 Mar 2007 18:02:02 GMT

The FBI repeatedly failed to follow the strict guidelines of the Patriot Act when its agents took advantage of a new provision allowing the FBI to obtain phone and financial records without a court order, according to a report to be made public Friday by the Justice Department's Inspector General.

The report, in classified and unclassified versions, remains closely held, but Washington officials who have seen it tell ABC News it documents "numerous lapses" and describe it as "scathing" and "not a pretty picture for the FBI."

FBI Director Robert Mueller is scheduled to brief Congress on the report at noon.

The officials say the inspector general found the FBI underreported by at least 20 percent the use of the controversial provision, known as National Security Letters, NSLs, in required disclosures to Congress.

The Patriot Act gave FBI agents the ability to demand telephone, bank, credit card and library records by issuing an administrative letter, bypassing the need to seek a warrant from a federal judge.

Pine Bluff - Scaled-back version of drug database passes Senate

Fri, 09 Mar 2007 17:33:58 GMT

LITTLE ROCK - Scaling back the scope of a statewide database to monitor some prescription drug purchases gained Senate approval of the measure Thursday. The bill's sponsor said the amendments were intended to address concerns about patient privacy.

[...]

By a 20-7 vote, the Senate approved a bill by Sen. Denny Altes, R-Fort Smith, that would allow the state Board of Pharmacy to establish standards for setting up the database on drug purchases. The database would track schedule II and schedule III narcotics, such as morphine or OxyContin.

"I think we've amended this about six times now," Altes said before the vote. "I think these changes should address all the concerns that were raised."

Altes originally called for a database to track virtually all prescription drug purchases in the state. The measure passed by the Senate allows the Board of Pharmacy to set the criteria for the information to be tracked by the database.

Sen. Jim Argue, D-Little Rock, said he still believed the database could be subject to abuse and could harm the privacy of some patients.

"There is no evidence that a database like this works, but there is evidence that databases like this could be violated," Argue said.

Homeland Security Tests Snoop Computer System.

Fri, 09 Mar 2007 17:23:56 GMT

Homeland Security Tests Snoop Computer System. Parallax Blue writes "The Washington Times reports that Homeland Security has developed and is testing a new computer system called ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) that collects and analyzes personal information on US citizens. Relevant data 'can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.' The program apparently uses the same process as the Pentagon's Total Information Awareness project, which was aborted in 2003 due to privacy concerns."

[Slashdot: Your Rights Online]

Policy Makers call for University Internet Filters.

Fri, 09 Mar 2007 17:16:28 GMT

Policy Makers call for University Internet Filters.

At today[base ']s House Judiciary Subcommittee on Courts, the Internet, and Intellectual Property hearing, titled [base "]An Update - Piracy on University Networks,[per thou] we heard from legislators that they[base ']re very concerned about [base "]piracy[per thou] on campus networks.

You should be able to watch the video of the hearing here.

The common theme of the solutions was not only educating students (which all of the witnesses said that they were working on collaboratively), but for campuses to employ technology to filter the packets flowing over the network.

[Public Knowledge - Blogging, Events, and Action Alerts]

Sweden: Monitor Communications.

Fri, 09 Mar 2007 05:35:34 GMT

Sweden: Monitor Communications. A Swedish government security plan would allow a defense intelligence agency to monitor -- without a court order -- e-mail traffic and phone calls crossing the nation's borders. By the Associated Press. [Wired News: Top Stories]

NHL Union Denies E-mail Spying.

Fri, 09 Mar 2007 04:55:23 GMT

NHL Union Denies E-mail Spying. The union's chief Ted Saskin denies monitoring player's e-mails, pointing fingers at his predecessor Bob Goodenow, who also denied the spying allegations. By the Associated Press. [Wired News: Top Stories]

Image Gallery: Seven ways to keep your search history private.

Fri, 09 Mar 2007 04:22:29 GMT

Image Gallery: Seven ways to keep your search history private. Worried that Google and other search sites know too much about you -- and that the federal government can subpoena that data? Fear not -- we've got seven steps you can follow to keep your search history to yourself. [Computerworld Privacy News]

Homeland Security revives supersnoop - The Washington Times

Fri, 09 Mar 2007 00:21:29 GMT

Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.

The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations.

A Government Accountability Office (GAO) investigation of the project called ADVISE -- Analysis, Dissemination, Visualization, Insight and Semantic Enhancement -- was requested by Rep. David R. Obey, Wisconsin Democrat and chairman of the House Appropriations Committee.

The investigation focuses on whether the program violates privacy laws, and the findings will be released after completion of the Iraq war supplemental spending bill, possibly as early as this week, a panel aide said.

The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior.

Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.

Privacy concerns prompted lawmakers on both sides of the aisle to introduce legislation in January to require that government agencies disclose data-mining practices in regular reports to Congress.

"A serious discussion on the implications of data-mining programs is long overdue," Sen. Russ Feingold, Wisconsin Democrat and a sponsor of the bill, said yesterday. Sen. John E. Sununu, New Hampshire Republican, is also a bill sponsor.

Gates calls for new privacy law | InfoWorld | By Grant Gross

Fri, 09 Mar 2007 00:09:19 GMT

Microsoft Chairman Bill Gates asked the U.S. Congress to pass a comprehensive privacy law this year, allowing consumers to control how their personal information is used.

Gates repeated past Microsoft calls for a wide-ranging privacy law during a speech at advocacy group the Center for Democracy and Technology's (CDT) annual gala dinner Wednesday. A comprehensive privacy bill should allow consumers to control their personal data, should provide transparency about what their data is used for, and should notify them when their data has been compromised, Gates said.

Gates said he believes the U.S. can achieve a balance between privacy and protecting the country against terrorists and other criminals. But the balance will not be an easy one to create, Gates said.

While many U.S. residents would say they want as much privacy "as possible," law enforcement needs to be able to track criminals, Gates said. "These privacy issues are not as easy as you might think," he told the crowd.

heise Security - All Microsoft updates phone home

Thu, 08 Mar 2007 23:54:34 GMT

Possibly as a reaction to heise Security's report that Windows Genuine Advantage Notification sends back data to Redmond even when users choose to terminate its installation, a Microsoft developer using the pseudonym alexkoc has now posted an entry in the WGA blog. There he reveals that every update that flows through Windows Update at the very least informs Microsoft about whether the installation was successful or not.

In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date. By way of justifying Microsoft's approach, alexkoc writes that the EULA, likewise presented by the WGA installer, also covered the relaying of such information.

With some updates such as the WGA Notification, the installer transmits data that Microsoft says it merely requires for quality control purposes and to improve the installer itself. The WGA package thus, among other things, sends back an event code. To calm the fears of users, alexkoc presents a graphic explaining the various fields of such a data packet.

When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users.

All Microsoft Updates Phone Home.

Thu, 08 Mar 2007 23:49:17 GMT

All Microsoft Updates Phone Home. juct writes "In the wake of heise Security's report on the garrulous WGA Notification, Microsoft has now supplied additional details on the data sent. They have revealed to developers that apparently all updates relay information to the company in Redmond." [Slashdot: Your Rights Online]

WGA Reports Back To MS Even If You Choose Not To Install - Aviran's Place

Wed, 07 Mar 2007 18:06:01 GMT

Heise online reports on a very interesting action Microsoft is taking during the installation of WGA.

When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send your info and the fact that you choose not to install WGA back to their servers.

In addition to that it seems that the setup program send some information stored in your registry to http://genuine.microsoft.com/. While it does not specifically identify the user, it looks like it does send some identification of your computer and Windows version (see picture) to Microsoft servers.

Microsoft WGA Phones Home Even When Told No.

Wed, 07 Mar 2007 18:00:00 GMT

Microsoft WGA Phones Home Even When Told No. Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers." [Slashdot]

Nightline NSA Spy Exclusive: Dud.

Wed, 07 Mar 2007 17:07:37 GMT

Nightline NSA Spy Exclusive: Dud. AT&T whistleblower Mark Klein breaks silence to tell ABC News' Nightline about the NSA eavesdropping on the internet, but reveals little new information. In 27B Stroke 6. [Wired News: Top Stories]

Wal-Mart fires technician who recorded phone calls

Wed, 07 Mar 2007 16:52:20 GMT

March 05, 2007 (Reuters) -- CHICAGO - Wal-Mart Stores Inc. said today it fired a systems technician for intercepting text messages of people who were not Wal-Mart employees and for recording telephone conversations with a New York Times reporter without authorization.

Wal-Mart, the world's largest retailer, said an internal investigation found the technician had monitored and recorded phone calls between Wal-Mart public relations employees and a New York Times Co. reporter between September and January.

The Bentonville, Ark.-based retailer also said the technician, who worked in its information systems division, intercepted and stored text messages that contained certain key words, including those sent by people in the Bentonville area who were not Wal-Mart employees.

Wal-Mart spokeswoman Mona Williams said on a call with reporters that the technician "did this on his own."

While interviews with the technician gave the retailer an idea as to why he recorded the calls, Williams said she could not disclose the reasons because the case has been turned over to federal investigators.

Spying at Wal*Mart: Human nature run amuck?

Wed, 07 Mar 2007 16:46:37 GMT

Spying at Wal*Mart: Human nature run amuck? Does the Wal-Mart eavesdropping debacle have the potential to be this year's HP scandal? A former IT security staffer for the retailer evaluates what might have happened. [Computerworld Privacy News]

Your Wi-Fi can tell people a lot about you | CNET News.com

Wed, 07 Mar 2007 03:20:57 GMT

ARLINGTON, Va.--Simply booting up a Wi-Fi-enabled laptop can tell people sniffing wireless network traffic a lot about your computer--and about you.

Soon after a computer powers up, it starts looking for wireless networks and network services. Even if the wireless hardware is then shut-off, a snoop may already have caught interesting data. Much more information can be plucked out of the air if the computer is connected to an access point, in particular an access point without security.

"You're leaking all kinds of information that an attacker can use," David Maynor, chief technology officer at Errata Security, said Thursday in a presentation at the Black Hat DC event here. "If the government was taking this information from you, people would be up in arms. Yet you're leaking this voluntarily using your laptop at the airport."

There are many tools that let anyone listen in on wireless network traffic. These tools can capture information such as usernames and passwords for e-mail accounts and instant message tools as well as data entered into unsecured Web sites. At the annual Defcon hacker gathering, a "wall of sheep" always lists captured log-in credentials.

Errata has developed another network sniffer that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more.

A Network Sniffer On Steroids.

Wed, 07 Mar 2007 03:14:20 GMT

A Network Sniffer On Steroids. QuantumCrypto writes "Errata has developed a new network sniffer, dubbed 'Ferret,' that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. 'You don't realize how much you're making public, so I wrote a tool that tells you,' said Robert Graham, Errata's chief executive. Errata has released the source code to this version 1.0, 'feature-poor and buggy' tool on its site. Anyone with a wireless card will be able to run it, Graham said." [Slashdot: Your Rights Online]

Cybercrime Treaty: What it Means to You

Wed, 07 Mar 2007 02:53:57 GMT

In that vein, in August the Senate ratified the Convention on Cybercrime, drafted by the Council of Europe with considerable input from the United States. So far, 43 nations have signed on. The Convention includes many sensible provisions aimed at unifying global computer-crime laws, and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore.

But civil libertarians, along with leading telecommunications companies, strongly oppose the treaty. Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located. If France is investigating a sale of Nazi memorabilia on eBay, the U.S. must cooperate, even though such transactions are not illegal in the U.S.

Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind.

These are potentially serious problems, especially given that the Convention is open to any country that wants to join. But there are more practical reasons U.S. businesses should be concerned. The provisions for data retention and production apply to any operator of a computer network, not just telecoms. Worse, Article 12 attaches liability to businesses for "lack of supervision or control" of employees who commit criminal offenses covered by the Convention. Businesses must worry about employee activities that may be legal here, but illegal elsewhere, risking administrative, civil, or even criminal penalties.

These investigative and supervision costs will invariably be imposed on businesses without any real controls. Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you.

Cybercrime Treaty ó Hidden Costs For All.

Wed, 07 Mar 2007 02:48:08 GMT

Cybercrime Treaty [~] Hidden Costs For All. linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you." [Slashdot: Your Rights Online]

Action Alert: Repeal the REAL ID Act!

Wed, 07 Mar 2007 02:24:48 GMT

Action Alert: Repeal the REAL ID Act!

The federal government has taken another step towards forcing you to carry a national ID in order to get on airplanes, open a bank account, enter federal buildings, and much more. But with state legislatures and Congressional representatives increasingly turning against the REAL ID Act, you can help stop this costly, privacy-invasive mandate -- voice your opposition now.

On March 1, the Department of Homeland Security (DHS) released draft regulations [PDF] for implementing REAL ID, which makes states standardize drivers licenses and create a vast national database linking all of the ID records together. Once in place, uses of the IDs and database will inevitably expand to facilitate a wide range of tracking and surveillance activities. Remember, the Social Security number started innocuously enough, but it has become a prerequisite for a host of government services and been co-opted by private companies to create massive databases of personal information.

REAL ID won't just cost you your privacy. The states and individual taxpayers bear the estimated 23 billion dollar burden of implementing the law, and that figure is probably low given that the necessary verification systems don't exist yet.

And what will you get in return? Not improved national security, because IDs do little to stop those who haven't already been identified as threats, and wrongdoers will still be able to create fake documents.

REAL ID is fundamentally flawed, and DHS' proposed regulations do nothing to change that. Thankfully, the tide is turning against REAL ID in a big way -- state legislatures around the country are passing or considering legislation rejecting its implementation, and Congress is considering repealing it.

The DHS regulations mean that states must have an implementation plan ready by October 2007. Make sure your Congressional representatives support the repeal of REAL ID before it's too late.

For more information, check out San Jose Mercury News' recent editorial opposing REAL ID as well as the ACLU's Realnightmare.org.

[EFF: Deep Links]

WH Privacy Board OKs Eavesdropping.

Tue, 06 Mar 2007 17:44:09 GMT

Privacy Board OKs Eavesdropping. A secretive White House privacy board says two Bush surveillance programs -- electronic eavesdropping and financial tracking -- do not violate citizens' civil liberties. By the Associated Press. [Wired News: Top Stories]

Blue Box #52: Skype spyware? Cisco SIP issue again, secure call recording, Phil Zimmermann on VON Magazine, US Congress and Caller ID, ringjacking, Skype security, VoIP security, listener comments and more.

Tue, 06 Mar 2007 17:25:11 GMT

Blue Box #52: Skype spyware? Cisco SIP issue again, secure call recording, Phil Zimmermann on VON Magazine, US Congress and Caller ID, ringjacking, Skype security, VoIP security, listener comments and more.

Synopsis: Skype spyware? Cisco SIP issue again, secure call recording, Phil Zimmermann on VON Magazine, US Congress and Caller ID, ringjacking, Skype security, VoIP security, listener comments and more

[Blue Box: The VoIP Security Podcast]

Wal-Mart fires technician who recorded phone calls.

Tue, 06 Mar 2007 17:18:41 GMT

Wal-Mart fires technician who recorded phone calls. Wal-Mart Stores Inc. said it fired a systems technician for intercepting text messages of people who were not Wal-Mart employees and for recording telephone conversations with a New York Times reporter without authorization. [Computerworld Privacy News]

Anti-terror tests broke law, says watchdog - 03/01/07 - Tennessean.com

Tue, 06 Mar 2007 17:13:09 GMT

The new program, similar to a Pentagon program that Congress killed in 2003 over concerns about civil liberties, could take effect as soon as next year.

But system testers probably already have violated privacy laws by reviewing real information, instead of fake data, a source familiar with a congressional investigation into the $42.5 million program told The Washington Post.

The program, called Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE), is on the cutting edge of analytical technology that applies mathematical algorithms to uncover hidden relationships in data. The idea is to troll a vast sea of information and extract suspicious people, places and other elements based on their links and behavioral patterns.

The privacy violation is described in a Government Accountability Office report due out soon. "Undoubtedly there are likely to be more," GAO Comptroller David Walker said recently.

Tonight(Tuesday) on Nightline - The NSA at AT&T

Tue, 06 Mar 2007 16:55:07 GMT

Tonight(Tuesday) on Nightline is an episode on the NSA having a monitoring station in the AT&T wire room. They have the guy who originally broke the story being interviewed tonight.

Real Life "Candid Camera" in Advertising Billboards

Mon, 05 Mar 2007 22:00:18 GMT

No, no, no, the government isn't spying on us again this time around. Advertisers are actually putting hidden cameras in their billboards to see how customers react to their slogans, products, and pictures. It's all apart of a grocery store experiment/product that senses when people come to an item, and zooms into their faces to find how out what their expression is.

What Are You? A Mind Reader?

Mon, 05 Mar 2007 21:50:34 GMT

What Are You? A Mind Reader? Well, in a manner of speaking, yes. Researchers use a brain scan that lets them identify your intentions before you actually do anything. By the Associated Press. [Wired News: Top Stories]

Top Secret: We're Wiretapping You.

Mon, 05 Mar 2007 21:41:41 GMT

Top Secret: We're Wiretapping You. The feds accidentally give a D.C. attorney a classified document showing that the NSA intercepted his phone calls without a warrant. When they ask for it back, they get a $2 million lawsuit along with it. By Ryan Singel. [Wired News: Security Blanket]

WIRED Blogs: Danger Room - The Pentagon Wants TiVo (to Watch You)

Mon, 05 Mar 2007 03:34:51 GMT

Reuters yesterday reported on a recently issued study on future technologies written by the Pentagon's Defense Science Board. More than anything, it seems these outside advisers want a surveillance system that would put Big Brother to shame, and they're looking at the commercial sector to provide it:

The Pentagon Wants a 'TiVo' to Watch You.

Mon, 05 Mar 2007 03:31:33 GMT

The Pentagon Wants a 'TiVo' to Watch You. An anonymous reader writes "Danger Room, a Wired blog, today cites a study of future electronic snooping technologies from Reuters, written by the Pentagon's Defense Science Board. More than anything, it seems these outside advisers want a surveillance system that would put Big Brother to shame, and they're looking at the commercial sector to provide it. 'The ability to record terabyte and larger databases will provide an omnipresent knowledge of the present and the past that can be used to rewind battle space observations in TiVo-like fashion and to run recorded time backwards to help identify and locate even low-level enemy forces. For example, after a car bomb detonates, one would have the ability to play high-resolution data backward in time to follows the vehicle back to the source, and then use that knowledge to focus collection and gain additional information by organizing and searching through archived data.'" [Slashdot]

Justice Department takes aim at image-sharing sites | CNET News.com

Sun, 04 Mar 2007 04:12:46 GMT

The Bush administration has accelerated its Internet surveillance push by proposing that Web sites must keep records of who uploads photographs or videos in case police determine the content is illegal and choose to investigate, CNET News.com has learned.

That proposal surfaced Wednesday in a private meeting during which U.S. Department of Justice officials, including Assistant Attorney General Rachel Brand, tried to convince industry representatives such as AOL and Comcast that data retention would be valuable in investigating terrorism, child pornography and other crimes. The discussions were described to News.com by several people who attended the meeting.

A second purpose of the meeting in Washington, D.C., according to the sources, was to ask Internet service providers how much it would cost to record details on their subscribers for two years. At the very least, the companies would be required to keep logs for police of which customer is assigned a specific Internet address.

Only universities and libraries would be excluded, one participant said. "There's a PR concern with including the libraries, so we're not going to include them," the participant quoted the Justice Department as saying. "We know we're going to get a pushback, so we're not going to do that."

Attorney General Alberto Gonzales has been lobbying Congress for mandatory data retention, calling it a "national problem that requires federal legislation." Gonzales has convened earlier private meetings to pressure industry representatives. And last month, Republicans introduced a mandatory data retention bill in the U.S. House of Representatives that would let the attorney general dictate what must be stored and for how long.

DoJ Mulls Tracking Picture Uploads.

Sun, 04 Mar 2007 03:57:23 GMT

DoJ Mulls Tracking Picture Uploads. Dominus Suus passed us a link to a C|Net article about a disturbing threat to privacy from the Justice Department. According to the article, a private meeting was held Wednesday between Justice officials and telecom industry representatives. With individuals from companies such as AOL and Comcast looking on, the officials continued overtures to increase data retention by ISPs on American citizens. This week, they were specifically looking to have records kept of photo uploads. In this way, and 'in case police determine the content is illegal and choose to investigate,' an easy trail from A to Z will be available. The article provides a good deal of background on the Bush Administration's history with data retention, with ties to events even older than the Bush presidency. --- "The Justice Department's request for information about compliance costs echoes a decade-ago debate over wiretapping digital telephones, which led to the 1994 Communications Assistance for Law Enforcement Act. To reduce opposition by telephone companies, Congress set aside $500 million for reimbursement and the legislation easily cleared both chambers by voice votes. Once Internet providers come up with specific figures, privacy advocates worry, Congress will offer to write a generous check to cover all compliance costs and the process will repeat itself." [Slashdot: Your Rights Online]

Homeland Security offers details on Real ID | CNET News.com

Sun, 04 Mar 2007 03:52:36 GMT

Hundreds of millions of Americans will have until 2013 to be outfitted with new digital ID cards, the Bush administration said on Thursday in a long-awaited announcement that reveals details of how the new identification plan will work.

The announcement by the U.S. Department of Homeland Security offers a five-year extension to the deadline for states to issue the ID cards, and proposes creating the equivalent of a national database that would include details on all 240 million licensed drivers.

According to the draft regulations (PDF), which were required by Congress in the 2005 Real ID Act and are unlikely to assuage privacy and cost concerns raised by state legislatures:

âo¢ The Real ID cards must include all drivers' home addresses and other personal information printed on the front and in a two-dimensional barcode on the back. The barcode will not be encrypted because of "operational complexity," which means that businesses like bars and banks that require ID would be capable of scanning and recording customers' home addresses.

âo¢ A radio frequency identification (RFID) tag is under consideration. Homeland Security is asking for input on how the licenses could incorporate "RFID-enabled vicinity chip technology, in addition to" the two-dimensional barcode requirement.

Homeland Security Offers Details on Real ID.

Sun, 04 Mar 2007 03:48:45 GMT

Homeland Security Offers Details on Real ID. pr0nqu33n writes "C|Net is running an article on the DHS's requirements for the Real ID system. Thursday members of the Bush administration finally unveiled details of the anticipated national identification program. Millions of Americans will have until 2013 to register for the system, which will (some would argue) constitute a national ID. RFID trackers for the cards are under consideration, as is a cohesive nation-wide design for the card. States must submit a proposal for how they'll adopt the system by early October of this year. If they don't, come May of next year their residents will see their licenses unable to gain them access to federal buildings and airplanes. The full regulations for the system are available online in PDF format. Likewise, the DHS has a Questions and Answers style FAQ available to explain the program to the curious." [Slashdot: Your Rights Online]

Audio Watermark Web Spider Starts Crawling.

Fri, 02 Mar 2007 02:43:48 GMT

Audio Watermark Web Spider Starts Crawling. DippityDo writes "A new web tool is scanning the net for signs of copyright infringement. Digimarc's patented system searches video and audio files for special watermarks that would indicate they are not to be shared, then reports back to HQ with the results. It sounds kind of creepy, but has a long way to go before it makes a practical difference. 'For the system to work, players at multiple levels would need to get involved. Broadcasters would need to add identifying watermarks to their broadcast, in cooperation with copyright holders, and both parties would need to register their watermarks with the system. Then, in the event that a user capped a broadcast and uploaded it online, the scanner system would eventually find it and report its location online. Yet the system is not designed to hop on P2P networks or private file sharing hubs, but instead crawls public web sites in search of watermarked material.'" [Slashdot]

TIA becomes ADVISE | Free Government Information (FGI)

Fri, 02 Mar 2007 02:13:23 GMT

Congress killed the Total Information Awareness (TIA) program in 2003 and several new programs have been reported to take its place. (See Total Information Awareness just changed its name FGI, 2006-02-26.) A forthcoming GAO report looks at the use of the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE) system.

Legislation eyes nightclubs - Greenwich Time

Fri, 02 Mar 2007 01:50:56 GMT

Pending the mayor's signature, which is expected, all clubs where dancing is permitted will be required to install surveillance cameras at entrances and exits. While some Council members raised privacy concerns, the overwhelming majority agreed the surveillance tapes would be an invaluable deterrent and aid police if a crime is committed.

All surveillance tapes must be securely stored, and clubs could be fined up to $50,000 if the footage makes its way onto TV or gossip Web sites.

Industry representatives welcomed the surveillance camera vote, but pointed out that 90 percent of clubs with dancing already have such cameras installed.

National ID Card Rules Unveiled.

Fri, 02 Mar 2007 00:48:35 GMT

National ID Card Rules Unveiled. The DHS chief reveals how he'll turn state driver's licenses into internal passports. By Ryan Singel. [Wired News: Security Blanket]

DOD, Microsoft sign deal to data mine health records

Fri, 02 Mar 2007 00:46:58 GMT

The Defense Department has signed an agreement with Microsoft under which the software vendor will help develop tools and methods for analyzing the department's 9.1 million electronic patient records to find better ways to manage the health of DOD beneficiaries.

Under the cooperative research and development agreement, Microsoft will work with the Army's Telemedicine and Advanced Technology Research Center to extract, store and analyze data stored in DOD's Armed Forces Health Longitudinal Technology Application (AHLTA) electronic health record system.

The AHLTA clinical data repository (CDR) is "an untapped goldmine of health information, and the ability to draw upon and efficiently use this data will allow us to unleash the true power of AHLTA," said Dr. William Winkenwerder Jr., assistant secretary of Defense for health affairs. "This project has the potential to vastly improve our ability to provide both force health protection and population health improvement activities for every soldier, sailor, airman and Marine."

Microsoft and the Army center aim to develop a clinical data warehouse (CDW) that provides predefined queries of interest to clinicians and analysts. The warehouse also will support data mining, which uses clustering and pattern recognition techniques to discover previously unknown correlations in the data. Intel and HP are providing support on security, sizing, and scalability testing of the CDW architecture, Microsoft said.

Dr. Deborah Peel, chairwoman of the Patient Privacy Rights Foundation, views the patient information not as a goldmine ripe for exploitation but as a collection of personal and sensitive health information that needs to be zealously guarded and only accessed with express consent by the patient.

War of Words Erupts Between HP Scandal Players.

Fri, 02 Mar 2007 00:20:30 GMT

War of Words Erupts Between HP Scandal Players. The attorney for the ousted HP chairman fired back at public comments made by board rival about the HP pretexting scandal. [PC World: Latest Technology News]

New Profiling Program Raises Privacy Concerns - washingtonpost.com

Wed, 28 Feb 2007 23:36:54 GMT

The Department of Homeland Security is testing a data-mining program that would attempt to spot terrorists by combing vast amounts of information about average Americans, such as flight and hotel reservations. Similar to a Pentagon program killed by Congress in 2003 over concerns about civil liberties, the new program could take effect as soon as next year.

But researchers testing the system are likely to already have violated privacy laws by reviewing real information, instead of fake data, according to a source familiar with a congressional investigation into the $42.5 million program.

Bearing the unwieldy name Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE), the program is on the cutting edge of analytical technology that applies mathematical algorithms to uncover hidden relationships in data. The idea is to troll a vast sea of information, including audio and visual, and extract suspicious people, places and other elements based on their links and behavioral patterns.

The privacy violation, described in a Government Accountability Office report that is due out soon, was one of three by separate government data mining programs, according to the GAO. "Undoubtedly there are likely to be more," GAO Comptroller David M. Walker said in a recent congressional hearing.

The violations involved the government's use of citizens' private information without proper notification to the public and using the data for a purpose different than originally envisioned, said the source, who declined to be identified because the report is not yet public.

The issue lies at the heart of the debate over whether pattern-based data mining -- or searching for bad guys without a known suspect -- can succeed without invading people's privacy and violating their civil liberties.

Canada Rejects Anti-Terror Laws.

Wed, 28 Feb 2007 23:28:09 GMT

Canada Rejects Anti-Terror Laws. Coryoth writes "The Canadian parliament has voted against renewing anti-terror laws that had been introduced after September 11, 2001. The rejected laws included provisions to hold terror suspects indefinitely, and to compel witnesses to testify, and were in some sense Canada's version fo the Patriot Act. The laws were voted down in the face of claims from the minority Conservative government that the Liberal Party was soft on terror, and despite the fact that Canada has faced active terrorist cells in their own country. The anti-terror laws have never been used, and it was viewed that they are neither relevant, nor needed, in dealing with terrorist plots. Hopefully more countries will come to the same conclusion." [Slashdot: Your Rights Online]

Microsoft Tackles 'False Positives' in Antipiracy Tool.

Wed, 28 Feb 2007 23:12:38 GMT

Microsoft Tackles 'False Positives' in Antipiracy Tool. Windows Genuine Advantage Notifications is revised to cut customers some slack after erroneous reports. [PC World: Latest Technology News]

NY1: Nightclub Safety On Council Agenda

Wed, 28 Feb 2007 23:06:21 GMT

Clubs will also now be required to have security cameras at their entrances and exits. Outside monitors could also be installed at clubs in frequent trouble with the law.

The New York Civil Liberties Union have said some of the proposals violate privacy, but the bill's sponsors have said they are just trying to keep club patrons safe.

How To Tell If Your Cell Phone Is Bugged.

Wed, 28 Feb 2007 22:56:25 GMT

How To Tell If Your Cell Phone Is Bugged.

Blog Update (February 27, 2007): New! A short free video demonstrating this topic:
Play Via YouTube or Play Via Google Video. More information at this blog entry.

Greetings. A story is making the rounds right now regarding FBI use of cell phones as remote bugs. I originally wrote about this concept in my PRIVACY Forum in 1999 ("Cell Phones Become Instant Bugs!") so the issue is real, but we still need to bring the current saga back down to earth.

This discussion doesn't only relate to "legal" bugs but also to the use of such techniques by illegal clandestine operations, and applies to physically unmodified cell phone hardware (not phones that might have had separate, specialized bugs physically installed within them by third parties).

[Lauren Weinstein's Blog]

EFF - miniLinks for 2007-02-28.

Wed, 28 Feb 2007 22:50:21 GMT

miniLinks for 2007-02-28.

Supreme Court Debates Patentability of Software
Justices look skeptically at the details of software's protection.

Toward an Ethical Patent System
European citizens unite against over-broad patents....

Bad Patents Are Bad for Business
... as does the European business community to go with it.

Canada Turns Away Americans for Past Misdemeanors
Thanks to DHS data mining, Canada turned away a visitor who shop-lifted during a fraternity prank 20 years ago and others with minor criminal records.

Has the Media Center Moved to Silicon Valley?
On the day of the Oscars, Tom Forenski thinks that films have lost their magic, and Net technology has seized it.

Whit Diffie Warns Of Overbroad Privacy Laws
"I am, on balance, more pleased with the fact that I can learn lots of information about people in minutes by using the Web than I am concerned about the fact that people can learn lots of information about me that way. And I would not like to see laws that restrict people's ability to go investigate things. "

Protect Your Users' Data With a Privacy Wall
How one company works to protect its users' financial information.

SF Chronicle: Reverse Real ID
"Congress must take a hard look at whether it makes sense to proceed with an expansive law that would be more appropriately called the National ID Act."

North Korea and the Internet
North Korea's strange, inward-looking national intranet.

Did WIPO's Director-General Lie About his age?
Confidential report suggests that he was 28 when he first took the job, not 37, and has repeatedly given the wrong age on official documents for 24 years.

The "Crime" of Blogging in Egypt
Abdelkareem Nabil Soliman is sentenced to four years for free speech.

Recording Industry Targets Colleges
Administrators get caught in the crossfire: "[The complaint] is asking us to pursue an investigation and as the service provider we don't see that as our role", says Purdue spokesman.

[EFF: Deep Links]

Lawsuits, patent claims silence Black Hat talk | InfoWorld | 2007-02-27 | By Paul F. Roberts

Wed, 28 Feb 2007 02:59:50 GMT

A planned talk on RFID security by a security researcher has been pulled from this week's Black Hat Federal security conference after secure card maker HID claimed the talk violated the company's patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget's employer, if the talk went forward.

The company decided to cancel the talk after all-night negotiations with HID collapsed, said Josh Pennell, CEO of IOActive. In response, Black Hat organizers were forced to tear materials out of printed show proceedings and will instead present a discussion by a representative of the ACLU on the criticality of RFID security, said Jeff Moss, founder and director of Black Hat.

A spokeswoman for HID did not immediately respond to a request for comment.

The incident recalled a 2005 dispute over a presentation at Black Hat in Las Vegas involving Cisco Systems and Michael Lynn, a security researcher who worked for Internet Security Systems at the time.

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Wed, 28 Feb 2007 00:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 22:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

RFID Chips Shrink to Powder Size.

Tue, 27 Feb 2007 00:15:53 GMT

RFID Chips Shrink to Powder Size. Hitachi's new tags measure 0.002 inches square, but store as much information as their much-larger predecessors. The company's still investigating possible uses. By the Associated Press. [Wired News: Security Blanket]

Critics: New airport X-ray is a virtual strip search | CNET News.com

Tue, 27 Feb 2007 00:05:45 GMT

U.S. authorities in Phoenix on Friday began testing a controversial new X-ray machine to screen air passengers for weapons, a process that critics likened to a "virtual strip search."

The U.S. Transportation Security Administration rolled out an X-ray machine that uses so-called backscatter" technology at one checkpoint at Phoenix Sky Harbor International Airport. The machine peers beneath passengers' clothes to search for hidden explosives and weapons.

The TSA will test the machine in Phoenix for 60 to 90 days before deploying machines in Los Angeles and New York's John F. Kennedy Airport for additional testing this year.

"Everyday the bad guys are working and improving their tools. We need to continue working to improve ours, and introducing this technology is part of that work," TSA regional spokesman Nico Melendez told Reuters.

Privacy groups and the American Civil Liberties Union have labeled the new screening a "virtual strip search" that could be abused.

But TSA officials said Friday they had worked with industry specialists to blur any images of body parts generated by the scan, and likened the resulting picture to a "chalk outline" of a person.

Privacy Concerns a Major Roadblock for Location-based Services Says Survey.

Mon, 26 Feb 2007 23:40:51 GMT

Privacy Concerns a Major Roadblock for Location-based Services Says Survey. "Providers must give users control over location-based features to allay privacy concerns." [GT: Security and Privacy]

Surveillance Cameras Get Smarter - International Business Times

Mon, 26 Feb 2007 23:16:37 GMT

Look around - You might not be the only one watching. The never-blinking surveillance cameras, rapidly becoming a part of daily life in public and even private places, may be sizing you up as well. And they may soon get a lot smarter.

Researchers and security companies are developing cameras that not only watch the world but also interpret what they see. Soon, some cameras may be able to find unattended bags at airports, guess your height or analyze the way you walk to see if you are hiding something.

Most of the cameras widely used today are used as forensic tools to identify crooks after-the-fact. (Think grainy video on local TV news of convenience store robberies gone wrong.) But the latest breed, known as "intelligent video," could transform cameras from passive observers to eyes with brains, able to detect suspicious behavior and potentially prevent crime before it occurs.

Surveillance Cameras Get Smarter.

Mon, 26 Feb 2007 23:12:54 GMT

Surveillance Cameras Get Smarter. kog777 writes to mention that the IB Times is taking a look at where surveillance camera technology is headed. Soon researchers tell us that cameras will be available that not only record, but are able to interpret what they see. "The advancements have already been put to work. For example, cameras in Chicago and Washington can detect gunshots and alert police. Baltimore installed cameras that can play a recorded message and snap pictures of graffiti sprayers or illegal dumpers. In the commercial market, the gaming industry uses camera systems that can detect facial features, according to Bordes. Casinos use their vast banks of security cameras to hunt cheating gamblers who have been flagged before." [Slashdot: Your Rights Online]

Tor Open To Attack.

Mon, 26 Feb 2007 23:00:19 GMT

Tor Open To Attack. An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network." [Slashdot: Your Rights Online]

Wired News: Why Smart Cops Do Dumb Things By Bruce Schneier

Sun, 25 Feb 2007 04:58:46 GMT

Since 9/11, we've spent hundreds of billions of dollars defending ourselves from terrorist attacks. Stories about the ineffectiveness of many of these security measures are common, but less so are discussions of why they are so ineffective. In short: Much of our country's counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs.

NYC Gothamist: How the NYPD Videotapes You

Sun, 25 Feb 2007 03:16:23 GMT

In the wake of a federal judge criticizing the NYPD's videotaping procedures last week, I-Witness Video looks at what the NYPD actually uses to record public events and calls it "360 degrees of surveillance," best illustrated by what the police used during the 2004 Republican National Convention.

Officers used "lipstick cameras" which are easily concealed, as well as helicopters with "military-style infrared imaging." And Fuji lent the NYPD its BlimpCam, and I-Witness Video describes the blimpcam footage from August 27, 2004:

EFF - miniLinks for 2007-02-21.

Fri, 23 Feb 2007 17:14:58 GMT

miniLinks for 2007-02-21.

Free Congress!
Coders gather to open up more of the legislature's deliberations.

Republicans, Democrats Spat Over IP Rights in Congress TV
After Speaker of the House Nancy Polosi is accused of "pirating" C-SPAN, the TV service reiterates that it has no copyright interest in the video.

Chinese Lawyers Protest Sina's Blog Censorship
Fight the arbitrary nature of China's limits on free speech.

New York Times on the DJ Mixtape Arrests
"DJs continued to release tapes -- some with hastily added tracks on which rappers cursed the RIAA"

Disney Must Consider Sharing Pooh's Honey
The endless fight over the merchandising rights to A.A. Milne's work continues to plague the copyright maximalist company.

Students Balk at University's "Free" Music Deals
One insider's view of dealing with the college-only licensed music services.

Bipartisan Effort to Junk Real ID Law
Democrat Rep. Tom Allen and Republican Rep. Scott Lansley push for reform of costly, invasive national ID mandate.

A 55-inch TV Is too big for the Super Bowl
Consumer electronics mavens scratch their heads at NFL's Super Bowl rules.

UK Government Rejects Calls for DRM Ban
While faulty, DRM is good for price discrimination, Prime Minister's office says.

Framing the DRM Debate
LinuxJournal's Don Marti says it's about more than property.

Europe's Plan to Track Phone and Net Use
Data retention implementation to be far worse than original plans.

UK Now Running 439,000 E-mail and Phone Taps
Report's author declares wiretap error rate "unacceptably high."

[EFF: Deep Links]

Colleges Struggle to Cope With Flood of Copyright Complaints.

Fri, 23 Feb 2007 16:49:38 GMT

Colleges Struggle to Cope With Flood of Copyright Complaints.

The major record labels are sending thousands more copyright nastygrams to colleges regarding student file sharing this year. Of course, file sharing continues unabated, and these P2P-related notices will simply push fans to use other readily-accessible technologies that the RIAA can't easily monitor -- copying music through iTunes over the campus LAN, swapping hard drives and USB flash drives, burning recordable DVDs, and forming ad hoc wireless networks.

So the RIAA's strategy still won't stop file sharing, but it certainly will cause collateral damage to academic freedom, free speech, and privacy. In a recently released report, the Brennan Center lays out what that cost looks like today based on interviews with representatives from 25 service providers including 10 from universities. Universities are already being forced to waste substantial resources on doing the RIAA's dirty work. Flooded with machine-generated complaints, schools are unable to evaluate the merits of particular complaints. While lacking procedural safeguards to make sure students wrongly accused of infringement are not penalized, many schools have adopted stricter penalties than the law requires. Schools have also adopted network monitoring and filtering tools that interfere with legitimate expression.

The increase in P2P-related notices stands only to make matters worse. The RIAA's Cary Sherman states that the increase in the notices is "something we feel we have to do," but blanket licensing provides a clear alternative to blanket lawsuits. Take action now to help stop the lawsuit campaign.

[EFF: Deep Links]

AT&T Whistleblower Wins Award.

Thu, 22 Feb 2007 16:28:40 GMT

AT&T Whistleblower Wins Award.

Whistleblower Mark Klein will get some well-deserved acknowledgement when he receives a James Madison Freedom of Information Award next month. The award could hardly find a more deserving recipient [~] Klein is the former AT&T technician who exposed the extent of the government's warrantless wiretapping program

In early 2006, Klein came forward with internal AT&T documents that show the company cooperated with the NSA's secret program to eavesdrop on internet communications, in violation of federal wiretapping laws and the Fourth Amendment. Klein's evidence demonstrates that in at least one of AT&T's facilities, internet traffic was diverted to a secret, secure room to which only the NSA had access.

All of the documents have been used in EFF's court case, which is currently under review by the Ninth Circuit Court of Appeals and a portion have been made broadly available on the internet since April, 2006.

In the words of EFF Staff Attorney Kurt Opsahl, Klein is [base "]a true American hero.[per thou] This public recognition of his bravery in defense of the public's right to know is richly deserved.

[EFF: Deep Links]

Music moguls seek security blanket - Los Angeles Times

Thu, 22 Feb 2007 16:24:50 GMT

One way to judge the music industry's troubles is to watch annual sales figures for CDs, which have slumped 25% since 2000. But it's more revealing to chart how the major record companies' attitudes about new business models online have been shifting.

At first the shifts were almost too small to notice, as when the labels started making a handful of downloadable songs available for $2.50 or more. But as the file-sharing phenomenon grew and CD sales slipped, the changes became more pronounced. The labels started offering the rights to songs on terms that didn't cripple their online partners. They embraced Apple's iTunes Music Store, whose anti-piracy technology doesn't actually limit copying. They cut deals with file-sharing companies for subscription services that let users share the songs they rented.

Along the way, though, the major labels adamantly refused to do the kind of deal necessary to replicate what the original Napster, Kazaa and eDonkey had provided: they would not accept a flat fee a "blanket" license that lets Internet service providers sell an all-you-can-eat sonic buffet, enabling customers to download, burn and swap as much as they pleased. The rights would be included in the cost of a high-speed Internet access line, so the downloads would seem free while still generating royalties for artists, songwriters, labels and publishers.

That reticence may be giving way, too, thanks to the relentless decline in revenue. Just look at what the head of the major record companies' global trade group, let slip last month at a music-industry gathering in France. If Internet service providers "want to come to us and look for a blanket license for an amount per month," IFPI chief John Kennedy said, "let's engage in that discussion."

His U.S. counterpart, Mitch Bainwol of the Recording Industry Assn. of America (RIAA), quickly added that the licenses should be negotiated voluntarily, not compelled by the government. So that part of the labels' thinking hasn't changed. Nevertheless, Kennedy's remark reflects a potential sea change in the way the record companies do business. If the labels follow through, it could trigger the greatest explosion in innovation since engineers at the Fraunhofer Institute in Germany developed the MP3 format.

That's a big "if," but two of the four majors have already taken the first step. In England, a venture called PlayLouder MSP is negotiating deals with record companies and music publishers for a competitively priced high-speed Internet access service that will include the right to download millions of songs, transfer them to portable devices and share them with friends. The main restriction is that subscribers can't send songs to people who aren't customers of PlayLouder MSP. In other words, it's a private electronic playground for music lovers.

The company, which expects to launch its service this year, plans to put a chunk of the monthly service charges into a royalty pool that would be divided according to popularity--the more often a song is downloaded, the larger the share of the pool that its copyright holders will receive. To monitor the network and enforce its borders, PlayLouder MSP relies on technology that can identify songs as they pass through the network--and, if necessary, block them. So far, several large independent labels from the U.S. and the U.K. have agreed to let the company offer MP3s of all their songs, while two of the majors, Sony BMG and EMI, have agreed to supply songs wrapped in electronic locks. Those locks won't make much difference, though; as part of the deal, subscribers will be free to share MP3s from all of PlayLouder MSP's partners, including Sony BMG and EMI.