Paul Hardwick: Technology

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Wed, 28 Feb 2007 00:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 22:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

RFID Chips Shrink to Powder Size.

Tue, 27 Feb 2007 00:15:53 GMT

RFID Chips Shrink to Powder Size. Hitachi's new tags measure 0.002 inches square, but store as much information as their much-larger predecessors. The company's still investigating possible uses. By the Associated Press. [Wired News: Security Blanket]

Surveillance Cameras Get Smarter - International Business Times

Mon, 26 Feb 2007 23:16:37 GMT

Look around - You might not be the only one watching. The never-blinking surveillance cameras, rapidly becoming a part of daily life in public and even private places, may be sizing you up as well. And they may soon get a lot smarter.

Researchers and security companies are developing cameras that not only watch the world but also interpret what they see. Soon, some cameras may be able to find unattended bags at airports, guess your height or analyze the way you walk to see if you are hiding something.

Most of the cameras widely used today are used as forensic tools to identify crooks after-the-fact. (Think grainy video on local TV news of convenience store robberies gone wrong.) But the latest breed, known as "intelligent video," could transform cameras from passive observers to eyes with brains, able to detect suspicious behavior and potentially prevent crime before it occurs.

Surveillance Cameras Get Smarter.

Mon, 26 Feb 2007 23:12:54 GMT

Surveillance Cameras Get Smarter. kog777 writes to mention that the IB Times is taking a look at where surveillance camera technology is headed. Soon researchers tell us that cameras will be available that not only record, but are able to interpret what they see. "The advancements have already been put to work. For example, cameras in Chicago and Washington can detect gunshots and alert police. Baltimore installed cameras that can play a recorded message and snap pictures of graffiti sprayers or illegal dumpers. In the commercial market, the gaming industry uses camera systems that can detect facial features, according to Bordes. Casinos use their vast banks of security cameras to hunt cheating gamblers who have been flagged before." [Slashdot: Your Rights Online]

Tapping Brains for Future Crimes.

Fri, 16 Feb 2007 02:06:25 GMT

Tapping Brains for Future Crimes. A breakthrough in computer-assisted mind reading brings us closer to predicting criminality. Should the justice system adapt? Commentary by Jennifer Granick. [Wired News: Security Blanket]

Hitachi's Tiny RFID Chips.

Thu, 15 Feb 2007 22:32:21 GMT

Hitachi's Tiny RFID Chips. paltemalte writes "Hitachi has just come out with a new crop of RFID tags, measuring only 1/20 of a millimeter square. That's 1/8 the size (in linear dimension) of Hitachi's currently shipping mu-chips, which are 0.4 mm square. The new chip's width is slightly smaller than a human hair. These chips could put an end to shoplifting forever, but they could also be used by a governments or other entities to 'dust' crowds or areas, easily tagging anyone present without their knowledge or consent. Will someone come up with a surefire way of neutralizing chips that may be on your body or in your clothing?" --- Hard to pin down a source on this. The article cites another blog, which points to an article in Japanese. [Slashdot: Your Rights Online]

U.S. Researchers Claim New System Kills Worm Outbreaks.

Thu, 15 Feb 2007 00:21:19 GMT

U.S. Researchers Claim New System Kills Worm Outbreaks. Technique claims to be able to stop Internet worms within milliseconds of an outbreak. [PC World: Latest Technology News]

New Capabilities Drive Cell Phone Security Demands.

Wed, 14 Feb 2007 00:07:48 GMT

New Capabilities Drive Cell Phone Security Demands. The growing functionality of mobile phones is driving demand for new and stronger security products. [PC World: Latest Technology News]

The brain scan that can read people's intentions | Science | Guardian Unlimited

Sat, 10 Feb 2007 22:42:58 GMT

A team of world-leading neuroscientists has developed a powerful technique that allows them to look deep inside a person's brain and read their intentions before they act.

The research breaks controversial new ground in scientists' ability to probe people's minds and eavesdrop on their thoughts, and raises serious ethical issues over how brain-reading technology may be used in the future.

The team used high-resolution brain scans to identify patterns of activity before translating them into meaningful thoughts, revealing what a person planned to do in the near future. It is the first time scientists have succeeded in reading intentions in this way.

"Using the scanner, we could look around the brain for this information and read out something that from the outside there's no way you could possibly tell is in there. It's like shining a torch around, looking for writing on a wall," said John-Dylan Haynes at the Max Planck Institute for Human Cognitive and Brain Sciences in Germany, who led the study with colleagues at University College London and Oxford University.

The research builds on a series of recent studies in which brain imaging has been used to identify tell-tale activity linked to lying, violent behaviour and racial prejudice.

The latest work reveals the dramatic pace at which neuroscience is progressing, prompting the researchers to call for an urgent debate into the ethical issues surrounding future uses for the technology. If brain-reading can be refined, it could quickly be adopted to assist interrogations of criminals and terrorists, and even usher in a "Minority Report" era (as portrayed in the Steven Spielberg science fiction film of that name), where judgments are handed down before the law is broken on the strength of an incriminating brain scan.

"These techniques are emerging and we need an ethical debate about the implications, so that one day we're not surprised and overwhelmed and caught on the wrong foot by what they can do. These things are going to come to us in the next few years and we should really be prepared," Professor Haynes told the Guardian.

The use of brain scanners to judge whether people are likely to commit crimes is a contentious issue that society should tackle now, according to Prof Haynes. "We see the danger that this might become compulsory one day, but we have to be aware that if we prohibit it, we are also denying people who aren't going to commit any crime the possibility of proving their innocence."

Brain Scanner Can Read People's Intentions.

Sat, 10 Feb 2007 22:39:13 GMT

Brain Scanner Can Read People's Intentions. Vainglorious Coward writes "Reality continues to catch up with Nineteen Eighty-Four with the announcement of the development of a brain scanner that can read a person's intentions. 'It's like shining a torch around, looking for writing on a wall,' said the leader of the project, Professor John-Dylan Haynes . Demonstrating his own mastery of doublethink, Haynes continued 'We see the danger that this might become compulsory one day, but we have to be aware that if we prohibit it, we are also denying people who aren't going to commit any crime the possibility of proving their innocence.'" [Slashdot: Your Rights Online]

Public Iris Scanning Device In the Works.

Sat, 10 Feb 2007 01:42:13 GMT

Public Iris Scanning Device In the Works. Nonfinity writes "A public iris scanning device has been proposed in a patent application from Sarnoff Labs in New Jersey. The device is able to scan the iris of the eye without the knowledge or consent of the person being scanned. The device uses multiple cameras, captures multiple images, and then selects the best image to process." [Slashdot: Your Rights Online]

Cellphone Cameras That Zoom - What would Warren & Brandeis Think?

Wed, 07 Feb 2007 19:04:11 GMT

Cellphone Cameras That Zoom - What would Warren & Brandeis Think?

MIT[base ']s Technology Review has a brief article about advances in zoom technology for cellphone cameras. This adds a new dimension to the privacy and surveillance threats cellphone cameras pose.

We experienced a major advancement in camera zoom technology around the turn of the century, which spurred Warren & Brandeis to write their seminal article [base "]The Right to Privacy.[per thou] As the sophistication of mobile and networked cameras continues to rise, what will our answer be?

[michaelzimmer.org]

Technology News: Consumer: New Site Encourages Community Web Surfing

Tue, 06 Feb 2007 03:11:30 GMT

Me.dium.com tracks your Web browsing habits and reveals which sites are being visited at any given moment by people and friends with similar patterns. Those people and their sites appear as colored icons in a Web browser session. The point is to let you see when some of your friends or even a crowd of strangers are gathering on a site presumed to be of interest to you.

BBC NEWS | Magazine | Could X-ray scanners work on the street?

Fri, 02 Feb 2007 07:01:07 GMT

X-ray cameras that would "undress" passers-by in a bid to thwart terrorists concealing weapons, could be coming to a street near you, according to reports. Aside from the obvious privacy issues, would such a plan work?

Leaked documents said to have been drawn up by the Home Office and seen by the Sun newspaper say cameras which can see through clothes could be built into lamp posts to "trap terror suspects".

While Home Secretary John Reid has denied knowledge of the plans, the technology is not dissimilar to that already found in some UK airports. Currently, air security officials pick out individuals to stand in a booth while three pictures are taken of the person in slightly different positions.

Within seconds, an X-ray scanner produces an image of the body, minus the clothes. What shows up is the naked human form and anything that may be concealed on the person, such as coins, a gun or drugs.

Microsoft Applies To Patent DRM'ed OS Modules.

Fri, 02 Feb 2007 02:59:09 GMT

Microsoft Applies To Patent DRM'ed OS Modules. wellingj writes "Microsoft has applied for a patent that sounds on the face of it like it ought to improve OS stability and reliability: the patent proposes to modularize device drivers much like Linux does. But, going further, Microsoft would apply DRM to these modules -- as Groklaw puts it, 'using modularity plus DRM to restrict and contain and enforce.' The net result is that you might have to pay extra for OS hardware support. Things like USB keys, DVD-ROMS, Raid drives, and video cards might not be supported out of the box. LXer indulges in some dystopian speculation." [Slashdot: Your Rights Online]

Blu-Ray DRM Cracked.

Tue, 23 Jan 2007 01:56:30 GMT

Blu-Ray DRM Cracked. Muslix64, fresh from hammering down the walls of HD-DVD, applies the same technique to partially crack Blu-Ray disks. How long until the inner keep of high-def DRM comes tumbling down? In Gadget Lab. [Wired News: Top Stories]

RFID Tattoo for Tracking Cattle and Humans.

Sun, 21 Jan 2007 05:44:01 GMT

RFID Tattoo for Tracking Cattle and Humans. ack154 writes "The Register reports that a St Louis based company, Somark Innovations, has successfully tested RFID tattoos to be used for tracking cattle and other animals. Details are limited for the actual tattoo, but it's said to contain no metals and can be read up to about four feet away. Engadget has some more details on the matter. And yes, the article does mention RFID tattoos are possible for people, specifically the military. From the article: 'The system developed by Somark uses an array of needles to quickly inject a pattern of dots into each animal, with the pattern changing for each injection. This pattern can then be read from over a meter away using a proprietary reader operating at high frequency.'" [Slashdot: Your Rights Online]

Another Step Towards Cable Set-Top Competition

Fri, 12 Jan 2007 03:10:03 GMT

Another Step Towards Cable Set-Top Competition.

Way back in 1996, Congress directed the FCC to foster useful, competitive alternatives to cable providers' proprietary set-top boxes. As we saw at CES, several alternatives that rely on CableCARD technology are finally coming to market, and now the FCC took another step towards putting them on a more level competitive playing field.

Yesterday, the FCC denied Comcast's request for a permanent waiver from the "integration ban," which in effect forces cable providers to rely on CableCARD in their own set-top boxes. Without the ban, providers would be able to continue pushing their own proprietary set-top boxes on customers, treating CableCARD devices (such as TiVo Series 3 HD) like second-class citizens. The ban had been delayed twice before due to cable industry pressure and will go into effect on July 1.

Unfortunately, CableCARD devices are DRM-laden, but consumers could face even worse DRM if cable providers' set-tops were the only game in town. Set-top competition should help hold the DRM in check as well as bring more features and lower prices to consumers.

EFF, Public Knowledge, and a coalition of public interest groups recently asked the FCC to reject the cable providers' requests. Also, over 2000 people used EFF's Action Center to file comments with the FCC and support set-top competition.

The FCC did grant two more limited requests from other cable providers, but Chairman Kevin Martin stated at CES that, "I think the commission should be saying no to some of the largest carriers [requesting "blanket waivers" of the integration ban]."

Keep the letters to the FCC coming by visiting EFF's Action Center now.

[EFF: Deep Links]

Felten: Next Gen DVD DRM Will Be Broken Wide Open.

Fri, 12 Jan 2007 03:08:17 GMT

Felten: Next Gen DVD DRM Will Be Broken Wide Open.

HD-DVD and Blu Ray discs haven't been on the market for long, but a tool called BackupHDDVD is already available to help users evade the discs' DRM. Is this tool the end of the AACS encryption scheme, or will the movie studios be able to repair the hole? Computer security experts Ed Felten and Alex Halderman have the answer in a series of posts that puts in layman's terms how AACS works and how it might be attacked.

The bottom line: "[BackupHDDVD] isn't a big deal by itself, but it is the first step in the meltdown of AACS."

[EFF: Deep Links]

Proposed PASS Card Lacks Strong Privacy, Security Protections.

Mon, 08 Jan 2007 19:35:05 GMT

Proposed PASS Card Lacks Strong Privacy, Security Protections. A proposed ID card that could be used in place of a passport by Americans who make frequent trips to Canada, Mexico and the Caribbean lacks adequate privacy protections and needs to be rethought. In comments submitted to the State Department on Sunday, CDT highlighted concerns with the proposed PASS (People Access Security Service) Card, which would use non-secure radio frequency identification (RFID) technology to transmit information about citizens crossing borders. In the comments, CDT urges the State and Homeland Security Departments to reconsider whether the PASS Card program is really necessary; and if they do move forward to use a technology that will allow for better privacy and security safeguards. [Center for Democracy and Technology]

Face Recognition for Online Photo Searches Sparks Privacy Fears

Sat, 06 Jan 2007 22:34:51 GMT

A new type of search engine using facial recognition technology could soon be able to pinpoint images of a person among the billions of photos posted online--even if their name does not appear.

A Swedish company named Polar Rose plans to launch its service for facial searches tied to the photo-sharing site Flickr within a couple weeks.

In the next few months the firm hopes to expand the service to search images across the entire Web.

The technology promises enhanced photo finding that would make it easier to find people on the Internet.

But privacy advocates are concerned that Polar Rose and similar facial-mapping search engines will violate people's rights and potentially aid criminals.

Lee Tien is an attorney at the Electronic Frontier Foundation, an Internet watchdog group that focuses on privacy and civil liberties.

"Photos [posted online] are effectively anonymous now," Tien said, unless they are labeled with some sort if identifying text. "But if Polar Rose works the way they say it will, that's all going to change."

Tien said that this kind of technology could aid stalkers in tracking down their victims, or it could allow employers, insurance companies, and the government to pry into people's lives more than some of us would like.

Editor: The situation is currently being discused in a public discussion area over at Flickr itself. Stewart who works for Flickr and is one of the original big wigs commented early today in the thread. He said:

As far as I know they've never been in touch with us (I'll ask around internally). Judging from the screenshot, it looks like an explicit opt-in feature (which makes sense if they need people to identify the faces in the photos). If it's not opt-in, we'll have a look at how it works and see how people feel and do the right thing :)

Unfortunately from looking at many of tghe other user comments, many people still don't get it. Probably because they don't understand the linking together of data from many variuos sources/databases. Many seem to think that if its not all in one monolithic database, its not connected.

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Fri, 29 Dec 2006 00:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Computers, Freedom and Privacy 2007 - Call For Proposals

Fri, 29 Dec 2006 00:37:58 GMT

Call For Proposals - The deadline for proposals is January 20, 2006

The Program Committee of the Seventeenth Conference on Computers, Freedom, and Privacy (CFP2007) seeks your proposals for innovative conference sessions and speakers.

Polar Rose - We sort the web of photos!

Thu, 28 Dec 2006 23:07:50 GMT

Polar Rose relies on a combination of our unique face recognition algorithms and the collective intelligence of our users.

The face recognition technology used was originally developed by CTO Jan Erik Solem during his M.Sc and Ph.D. stints at the universities of Lund and MalmÃ¶ in southern Sweden. It's unique in that we are able to extract 3D information from regular 2D images, an approach that radically improves the short-comings of existing face recognition approaches.

However, we don't and can't rely exclusively on face recognition, but also harness the collective intelligence of our users who help train our software and tag names on people we haven't seen before.

Face-hunting software will scour web for targets - 19 December 2006 - New Scientist Tech

Thu, 28 Dec 2006 23:03:21 GMT

A search engine that uses sophisticated facial recognition to allow users to identify and find people in online images will launch next month. But civil liberties groups say the biometric-style tool could compromise the privacy of anyone who has their picture online.

Search engine Polar Rose reconstructs the 3D shape of a person's face and then combines that with characteristics of their features to generate a unique "face print". This can then be used to search other photos for a match.

In January users will be able to download a plugin for their browser that allows users to enter information about faces they recognise in online images. This data is then sent to a central server allowing anyone looking at an image containing that particular face print to tell who it is. Users can also search the web for more photos containing that face.

Online image search engines usually work much like their text counterparts. "They find images on pages that contain the words you search for," says Jan Erik Solem, whose PhD project at MalmÃ¶ University College, Sweden, led to the new company. "Search engines are blind to images, Polar Rose is not."

BBC NEWS | Programmes | Click | ePassports 'at risk' from cloning

Mon, 18 Dec 2006 21:03:48 GMT

So when Lukas Grunwald and Christian Bottger realised they could clone the new ePassport they were pretty sure it would be identical to the original, and undetectable. So how did they do it?

The chip inside the ePassport is a Radio Frequency Identification (RFID) chip of the type poised to replace the barcode in supermarkets.

A new British biometric European Union passport, which is embedded with a microchip
The 'enhanced' security features of ePassports are being questioned

The good thing about RFID chips is that they emit radio signals that can be read at a short distance by an electronic reader.

But this is also the bad thing about them because, as Lukas demonstrated to me, he can easily download the data from his passport using an RFID reader he got for 200 Euros on eBay.

Lukas is less forthcoming about where he got what is called the Golden Reader Tool, it is the software used by border police and it allows him to read the chip on his ePassport, including the photo.

Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.

Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes.

'Big Brother' cameras listen for fights | CNET News.com

Mon, 27 Nov 2006 19:28:48 GMT

In U.K. public places, smarter closed-circuit TV cameras have been given the ability to listen for disturbances and also keep an eye on citizens.

The system has already been put into use in the Netherlands to listen for people speaking in aggressive tones, to try to counter violent attacks in Dutch streets, prisons and railways.

The aggression detector has been fitted to CCTV cameras on the streets of Groningen and Rotterdam in the Netherlands. In the U.K., London police also are considering installing the system, said Derek van der Vorst, the director of Sound Intelligence, the company that created the technology.

Slashdot | Trusted or Treacherous Computing?

Sat, 25 Nov 2006 02:01:19 GMT

theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."

Cellphone Surveillance.

Sat, 25 Nov 2006 00:15:48 GMT

Cellphone Surveillance.

There has been a spurt of media attention paid to the privacy and surveillance concerns of GPS enabled cellphones:

GPS Surveillance Creeps into Daily Life (New Standard)
Cellphone as Tracker: X Marks Your Doubts (New York Times)
Phone service allows people to track their friends (San Francisco Chronicle)

I don't have a lot of time to comment right now, but this excerpt from the New Standard article sums up much of my concern:

Koroknay-Palicz also sees long-term consequences of this monitoring.

"If we raise kids with no expectation of privacy, then they're going to become adults and voters and people of influence in society with no expectation of privacy," he said. "All the expectations of privacy are going to be eroded by the population of adults who grew up with no privacy and don't see the problem with trading away privacy."

Coney of EPIC agreed that parents are buying the "safety and security" sales pitch without evaluating the bigger picture, including who else has access to the tracking data.

"A parent might think this is a means to know where their child is," Coney told TNS, "but it also may be recorded and retained by the person or the entity that provides the service, and they may use it for their own purposes, because there are no laws out there to... prohibit that from happening."

[michaelzimmer.org]

In Love with Geotagging.

Sat, 25 Nov 2006 00:12:34 GMT

In Love with Geotagging.

The New York Times recently extolled the virtues of using GPS in digital cameras and camera cellphones to [base "]geotag[per thou] photos with the location at which they were taken:

[sigma]advocates of geotagging, like Stewart Butterfield, co-founder of the photo-sharing Web site Flickr, contend that linking pictures to maps can lend a new dimension to photography. For one thing, it can help people make some sense of the mounds of photos accumulating on their hard drives.

[OE][base ']The value may not be immediately apparent. But 10 years from now, nobody who[base ']s geotagging their photos is going to regret it,'[base '] Mr. Butterfield said. [OE][base ']Most people have just one or two or three iconic photos of their grandparents. Now people are going to have tens of thousands of photos, and when that happens, every little bit of context helps.'[base ']

Abstent from the discussion, however, are concerns over privacy, data-mining and the levels of surveillance enabled by these tools. My next project[sigma]

[michaelzimmer.org]

RFID Tech Infiltrating a British Institution.

Wed, 15 Nov 2006 06:02:12 GMT

RFID Tech Infiltrating a British Institution. An anonymous reader writes, "According to silicon.com, Marks & Spencer -- a department store as quintessentially British as tea & cake -- is so pleased with its trial of RFID clothes-tagging that it's planning to roll it out nationwide. Considering that the UK's Information Commissioner recently made a lot of noise around the RFID track and trace tech, warning that Britain is 'sleepwalking into a surveillance society', Marks & Sparks seems to be setting itself up as a tweed-clad Public Enemy Number One." [Slashdot: Your Rights Online]

Wired News: Election Spawns New Hope for Tech

Sat, 11 Nov 2006 00:19:09 GMT

On the face of it, the Democrats regaining control of the House of Representatives -- and appearing likely to hold a one-seat majority in the Senate -- would seem to be a positive in areas such as stem-cell research and the safeguarding of personal privacy, where technology plays a crucial role. But since nothing is a given in American politics, the best we can do is take an educated guess at what Tuesday's results might portend for the industry.

Wired News assesses the results from races deemed important because of their probable impact in several major areas, including stem-cell research, climate change, privacy and security, intellectual property and the gaming industry.

AP: "Technical glitches reported in early voting".

Thu, 09 Nov 2006 01:30:43 GMT

AP: "Technical glitches reported in early voting".

AP has a round-up of some early election activity:

"About a third of voters were using new equipment, and problems in several states were reported right out of the gate. The government deployed a record number of poll watchers to the many competitive races across the country.
"Glitches delayed balloting in dozens of Indiana and Ohio precincts, and Illinois officials were swamped with calls from voters complaining that poll workers did not know how to operate new electronic equipment.

"In Delaware County, Indiana, officials planned to seek a court order to extend voting after an apparent computer error prevented voters from casting ballots in 75 precincts.

"Florida officials, working to avoid a repeat of the vote-counting debacle of 2000, fielded extra voting machines, paper ballots and poll workers.

"In the Jacksonville suburb of Orange Park, Florida, voters were forced to use paper ballots after an electronic machine broke."

Update:Here's another round-up posted at 3 ET.

[EFF: Deep Links]

PC World - T-Mobile Merges Wi-Fi, Cellular

Wed, 25 Oct 2006 21:21:26 GMT

T-Mobile USA is tapping into home broadband to give cellular customers a better deal.

Subscribers to a new service from the Seattle-based mobile operator will be able to make unlimited U.S. calls via Wi-Fi at home and on Wi-Fi networks that don't require a password. Using the same phone, they can leave the range of the Wi-Fi network and keep talking without an interruption as the call shifts over to the T-Mobile cellular network.

Broadcast Flag video.

Wed, 25 Oct 2006 21:15:52 GMT

Broadcast Flag video.

On Friday, PK will be hosting a Higher-Education discussion on the Broadcast Flag. For that meeting, we created a video, much like the net neutrality video, to help explain, in simple terms, what the flag is all about.

You can find it on Youtube here or see it below:

[Public Knowledge - Policy Blog]

BBC NEWS | Technology | Air passengers 'could be tagged'

Mon, 16 Oct 2006 21:38:49 GMT

Electronically tagging passengers at airports could help the fight against terrorism, scientists have said.

The prototype technology is to be tested at an airport in Hungary, and could, if successful, become a reality "in two years".

The work is being carried out at a new research centre, based at University College London, set up to find technological solutions to crime.

Other projects include scanners for explosives and dirty bomb radiation.

Dr Paul Brennan, an electrical engineer, is leading the tagging project, known as Optag.

He said: "The basic idea is that airports could be fitted with a network of combined panoramic cameras and RFID (radio frequency ID) tag readers, which would monitor the movements of people around the various terminal buildings."

The plan, he said, would be for each passenger to be issued with a tag at check-in.

He said: "In our system, the location can be detected to an accuracy of 1m, and video and tag data could be merged to give a powerful surveillance capability."

Beguiling but Beware: Ajax, VOIP.

Wed, 11 Oct 2006 22:32:32 GMT

Beguiling but Beware: Ajax, VOIP. They are slick and gaining popularity, but voice over internet protocol and Ajax have some big security problems that will probably get worse before they get better. Quinn Norton reports from San Diego. [Wired News: Security Blanket]

Calling Sony BMG's Bluff; Canadian Rootkit Settlement Improved.

Tue, 26 Sep 2006 13:15:31 GMT

Calling Sony BMG's Bluff; Canadian Rootkit Settlement Improved.

Thanks to the quick action of the Canadian Internet Policy and Public Interest Clinic, Canadian consumers are getting a better deal from Sony BMG.

As EFF and others reported, the proposed Canadian Sony BMG rootkit settlement lacks several important consumer protection provisions (e.g. disclosure and testing requirements) that were included in the U.S. settlement. On Monday, CIPPIC filed an objection to the proposed settlement, challenging this glaring omission and the woefully inadequate and misleading "explanation" that Sony BMG offered for it. EFF submitted an affidavit in support of the objection, setting the record straight on the context and details of the U.S. settlement.

Taking note of the objection at a hearing on the settlement last week, the Canadian court required Sony BMG to give effective prior notice to Class Counsel and CIPPIC if it decides to use any DRM in Canada that has not already been independently vetted for security problems, as required by the U.S. Settlement. Thus, CIPPIC will be able to intervene to protect Canadians from becoming guinea pigs for DRM.

What's more, the settlement is not the end of Sony BMG's legal woes in Canada: it may now face investigations from Canadian regulators as well.

One of Sony BMG's lame excuses for the absence of stronger consumer protections in the Canadian settlement was that it only agreed to those provisions in the U.S. in response to pressure from U.S. government entities. Since the Canadian government wasn't leaning on Sony BMG as well, the label figured it didn't have to do the right thing.

Sony BMG's effort to rewrite history backfired. Taking up Sony BMG's implicit dare, CIPPIC filed complaints with five government agencies, calling for investigations into Sony BMG's conduct.

Now it's time for Canadian regulators to pick up where the civil litigators left off, and make sure Canadian customers--and their computers--get the protection they deserve.

[EFF: Deep Links]

Keystroke Dynamics.

Mon, 25 Sep 2006 17:58:38 GMT

Keystroke Dynamics. In this paper Tom Olzak takes a look at biometrics, followed by keystroke dynamics, including history, how it works, and why it may be the answer for organizations with people or cost issues. By Tom Olzak. [Infosec Writers Latest Security Papers]

Slashdot | How Retailers Watch You

Tue, 12 Sep 2006 18:00:39 GMT

garzpacho writes, "With $30 billion lost to shoplifting and employee theft last year, retailers are turning to increasingly sophisticated electronic surveillance systems to fight theft. Some systems, like RFID tags, have been well-publicized by privacy advocates. Others are less well known: video surveillance systems are being tied to software that can recognize specific types of activity and identify individuals; and data-mining software is being used to analyze everything from shoppers' habits to irregular register activity." --- From the article: "Despite this revolution in retail tech, you won't find many stores bragging about their new security tools. No one wants to tip off shoplifters or advertise that they suspect their customers. That's why so much of the technology is hidden in the first place. But another reason stores don't talk much about surveillance is that they know it sparks concerns about privacy. Consumer groups and legislators have opposed the spread of RFID and video surveillance for just that reason."

Peer-to-peer surveillance.

Sun, 10 Sep 2006 19:03:12 GMT

Peer-to-peer surveillance.

I[base ']ve commented about some of the privacy & surveillance implications of adding location meta tags in photos, everyone snapping photos in public with their cellphone cameras, and the rise of amateur surveillance and data-mining. Many of these concerns are repeated in an essay on the Guardian warning of the growing dangers of peer-to-peer surveillance, defined as[sigma]

the emerging idea that the constant operation of a whole range of digital devices will increasingly be used as evidence against us by parties other than the state. Many of us have already encountered it, when we find ourselves listening to others[base '] muffled conversations deposited on our answering machine by erroneously dialled mobile phones. Thus far, much of the eavesdropping has been by accident, but there are more sinister possibilities. Many of the new mobile phones come armed with the facility to record conversations, and digital voice recorders are now so small as to be inconspicuous.

As applications are designed to imprint the date, time and location in which photographs, conversations and videos are made, and mobile tracking devices increasingly allow us to pinpoint the location of others, we can predict consequences for everyday life as well as the legal system. If mobile phones are currently an accessory to infidelity, for example, the new range of mobile devices may overturn that arrangement: a suspicious spouse can easily chance upon video, picture or location-based proof that you were not where you said you were, or commission evidence in support of their case.

[via Pogo Was Right]

[michaelzimmer.org]

FBI Shows Off Counterterrorism Database

Thu, 31 Aug 2006 21:54:57 GMT

The FBI has built a database with more than 659 million records -- including terrorist watch lists, intelligence cables and financial transactions -- culled from more than 50 FBI and other government agency sources. The system is one of the most powerful data analysis tools available to law enforcement and counterterrorism agents, FBI officials said yesterday.

The FBI demonstrated the database to reporters yesterday in part to address criticism that its technology was failing and outdated as the fifth anniversary of the Sept. 11, 2001, terrorist attacks nears.

Privacy advocates said the Investigative Data Warehouse, launched in January 2004, raises concerns about how long the government stores such information and about the right of citizens to know what records are kept and correct information that is wrong.

The data warehouse is an effort to "connect the dots" that the FBI was accused of missing in the months before the 2001 attacks, bureau officials said. About a quarter of the information comes from the FBI's records and criminal case files. The rest -- including suspicious financial activity reports, no-fly lists, and lost and stolen passport data -- comes from the Treasury, State and Homeland Security departments and the Federal Bureau of Prisons.

"That's where the real knowledge comes from . . . sharing information," said Gurvais Grigg, acting director of the FBI's Foreign Terrorist Tracking Task Force, who helped develop the system.

Internet Connectivity Outside of the United States.

Mon, 28 Aug 2006 03:11:13 GMT

Internet Connectivity Outside of the United States. Ant writes "A Yahoo! news story says that nearly 60 publications in countries bear the PC World name, or are associated with it in some way. The editors at several of them were asked to report how their readers get online. Not surprisingly, the report indicates that many countries are substantially ahead of the United States in online access." From the article: "For example, in the United Kingdom, you can buy DSL service with a download speed of up to 24 megabits per second. In Denmark, some people have fiber-optic connections as fast as 100 mbps. And in Italy and Spain, broadband service is cheap, and dial-up service is free (except for the cost of the local call). Still, many countries have their own connection quirks ..." [Slashdot]

Neural Net Makes Eavesdropping Breakthrough.

Wed, 23 Aug 2006 16:22:19 GMT

Neural Net Makes Eavesdropping Breakthrough.

Government-funded researchers have discovered a mathematical solution for separating a single voice from a multitude of other sounds and voices -- solving what scientists call the "cocktail party problem," and the rest of us know as Harry Caul's plight in The Conversation.

In research funded by the National Science Foundation and -- big surprise -- the National Security Agency, two math professors from the University of Missouri-Columbia and one from Siemens trained a neural network to reconstruct a voice in a crowd with greater accuracy than existing techniques.

"Theoretically, our solution says you should be able to pick up voices on a squeaky old microphone and then separate them all out so that you can hear what each person is saying in his or her own voice," said Peter Casazza, professor of mathematics in MU's College of Arts and Science. "This is a very old problem, and we have the first mathematical solution to it."

Interestingly, while they have a mathematical solution, they don't actually know the solution. It's locked inside the neural net, which, mimicking a human brain, can learn to do something without producing a usable algorithm. More from the press release:

Casazza and Dan Edidin, also a professor of mathematics at MU, worked with Radu Balan of Siemens Corporate Research to solve the problem. Their solution shows that it is possible to separate voices and still retain vocal characteristics. Researchers had previously found a solution for separating and reconstructing voices, but they were only able to reconstruct the words spoken, not the characteristics of the voice itself.

"Our solution is called 'signal reconstruction without noisy phase,'" Edidin said. "In speech recognition technology, a 'signal' could be a recording of 25 people in a room talking at the same time. Our solution shows that we can pull out each voice individually, not just with the words, but with the voice characteristics of each individual. We showed that this 'cocktail party problem' is mathematically solvable."

Although Casazza, Edidin and Balan do not have a computer program that can do this automatically, they hope to find a way to develop one. Currently, their solution runs on a computer, but the process cannot be easily replicated or distributed.

"The computer we use is doing the work without an algorithmic program. It uses a system called a neural net, which is designed for the computer to teach itself. Basically, it works on trial and error," Casazza said. "This isn't consistent and cannot be duplicated easily. We need to find a way to design an implementable algorithm that could do this consistently and quickly."

That's cool beyond belief. Maybe as a follow-up they'll train a computer to read lips and I can throw up a picture of HAL 9000. I just hope that before they turn this over to NSA they can teach the neural net to get a warrant.

Update: Yes, Ryan blogged the exact same thing at almost the exact same time. His has sound, but mine has Cindy Williams, so we're keeping both.

[27B Stroke 6]

CNN.com - New rule: Car buyers must be told about 'black boxes' - Aug 21, 2006

Tue, 22 Aug 2006 17:28:01 GMT

The National Highway Traffic Safety Administration has passed a regulation requiring car makers to inform customers when their car has been equipped with an Event Data Recorder, the agency said Monday.

EDRs, similar to "black boxes" used in commercial airliners, record data about what a car is doing in the moments just before and after a crash. They do not record the voices of occupants but they do record things like speed, steering wheel movement, how hard the brakes are being pressed and the actual movement of the car itself.

About 64 percent of model year 2005 cars were equipped with EDRs, according to NHTSA. Some manufacturers already include information about the EDR in the owners manual, but not all, said Rae Tyson, a spokesman for NHTSA.

"If you have a new vehicle, chances are it's got one," he said.

Data from the recorders is used by law enforcement and attorneys to recreate events directly leading up to an accident. Data is also used by car companies to research how cars and drivers perform in actual crashes.

Some privacy advocates have expressed concern that the data, which can be used as evidence in court cases, is being collected without the knowledge of vehicle owners and drivers.

The devices are virtually impossible to disable because their functioning is so tightly integrated with vehicle safety systems such as airbags and anti-lock brakes.

Several states have already passed laws that restrict how the data can be used.

Car companies must comply with the new regulation beginning in the 2011 model year. Information about the EDR, if one is installed, will have to be included in the vehicle's owner's manual.

Passports receiving ID chips / Infineon gets order for high-tech security documents

Tue, 22 Aug 2006 16:49:39 GMT

A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.

Infineon Technologies provided few details about the order. A spokeswoman for the Government Printing Office, which prints and binds passports in Colorado, confirmed the deal.

A French company, Gemalto, has also received an order for a pilot run of the ID chips, she said, but at this point it isn't known whether those will go into volume production.

The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings.

The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports -- about 13 million will be issued in 2006 -- will contain such chips.

The decision to mass produce these chip-powered passports comes after a lengthy process during which privacy activists argued that the new electronic devices might give hackers access to personal information. And while their complaints prompted features to boost privacy, skeptics remain.

"Whether the changes are enough, we'll have to find out,'' said Lillie Coney, associate director of the Electronic Privacy Information Center in Washington.

GSA awards smart-card contract to BearingPoint.

Mon, 21 Aug 2006 18:36:03 GMT

GSA awards smart-card contract to BearingPoint. The GSA has awarded IT systems integrator BearingPoint a five-year contract worth up to $104.6 million to help federal agencies move to mandated smart-card identity systems. The company now contends with an "incredibly aggressive" rollout timeline. [Computerworld Privacy News]

Google to do Image & Face Recognition ??

Thu, 17 Aug 2006 23:20:31 GMT

Google to do Image & Face Recognition.

In a quick follow-up to this speculation about Google using Gmail photos to build a facial recognition database, Google just announced they acquired Neven Vision, a company that develops technology to detect and recognize objects and persons in images. While Google is currently spinning this as a new way to help organize your photos (the software could automatically group all images on a hard drive with one[base ']s ex-girlfriend[base ']s face in it), it could also be integrated into their image search engine (to automatically find all images on the web with one[base ']s ex-girlfriend[base ']s face in it) or to create a mobile version so when you snap a picture of a random person on the street, Google can tell you if her face happens to be someone else[base ']s ex-girlfriend.

[via Google Operating System]

[michaelzimmer.org]

LiveScience.com - Cell Phones Automatically Monitored for Better Traffic Updates

Sun, 13 Aug 2006 23:02:55 GMT

A new service that measures radio signals beamed between your cell phone and cell phone towers could soon help speed up your commute.

IntelliOne Technologies, a company that specializes in using mobile phone network usage to measure roadway speeds, has launched a real-world test of its technology along the streets, freeways and highways of Tampa, Florida. Called Need4Speed, the test will run from Aug. 7 to 18.

The company's technology takes advantage of the fact that wireless devices in motion communicate constantly with multiple cell towers. Wireless carriers use this data to maintain and optimize their networks, but this information can also be converted into speed and travel time information for any roadway that has cell phone coverage.

The new service isn't the only example of a creative use for cell phone towers. In another recent study, scientists used dips in cell phone signals during storms to measure rainfall.

Tracking Your Cell Phone for Traffic Reports.

Sun, 13 Aug 2006 22:51:42 GMT

Tracking Your Cell Phone for Traffic Reports. BostonBTS writes "IntelliOne Technologies has just launched a real-world test of Need4Speed, a real-time traffic-monitoring system that tracks drivers' cell phones. From their website: 'Unlike any other solution available today, the IntelliOne Roadway Speed Measurement System produces live roadway speeds for all highways and surface streets where mobile phone coverage exists, accurate to within three miles per hour.' Of course, any compulsory phone-tracking system raises privacy concerns. According to an article on LiveScience, 'the personal identification data of users will be stripped from cell phone signals before they are processed by IntelliOne's software.' The cell phone companies have this data, but IntelliOne says they won't be keeping their copy." [Slashdot: Your Rights Online]

Building smarter authentication.

Thu, 10 Aug 2006 19:00:00 GMT

Building smarter authentication. Online scams that lure online banking and e-commerce customers to phony Web sites and trick them into giving up sensitive account information have been a mainstay of online criminals for years. However, the increase in so-called spear-phishing attacks is new, as is the increasing sophistication of the software they use to penetrate enterprise networks.
[CSO Online Data Security Briefing]

Tracking the Congressional Attention Span.

Tue, 08 Aug 2006 17:48:15 GMT

Tracking the Congressional Attention Span. Turismo writes "Ars Technica covers a new research project that uses computers to look at 70 million words from the Congressional Record. The project's goal was to track what our representatives were talking about at any given time, and researchers were able to do it without human training or intervention. From the article: '...researchers found, for instance, that "judicial nominations" have consumed steadily more Congressional attention between 1997 and 2004. In fact, the topic produced the most number of words published in a single "day" of the Congressional Record: 230,000 on November 12, 2003.' It looks like automated topic analysis has truly arrived."[Slashdot]

Editor: Just remember, not everything in the Congressional Record was actually said by that person. They are allowed to include large amounts of prepared statements in written form in such a way that you can't tell the difference.

Others Online: Opt-In Web Surveillance.

Fri, 04 Aug 2006 17:20:12 GMT

Others Online: Opt-In Web Surveillance.

A new service called Others Online makes obvious what Google Toolbar and other browser tools do in the background: track users web browsing activities. From their site:

Others Online is a free toolbar that shows you people relevant to your Web browsing and other interests, on every page you visit. We show you the interests you have in common, their Web pages (blog, MySpace profile, Web site, etc.) and online status, all on their terms. We[base ']ll even connect you by IM or email.

[sigma]Every time you search the Web, you[base ']ll see people that have associated themselves to those keywords, plus you[base ']ll see any other interests you share. It[base ']s like [base "]Google for people[per thou]!

In a nutshell, users sign up, create a profile like most other social networking site, download the toolbar, and then start browsing the web like usual. Others Online then collects information about the websites visited (including the URL and relevant content keywords embedded in the URL), and then shows other users who share a similar profile and browsing habits.

Sorta cool to be able to find other people searching for the same stuff I am, such as [base "]web surfing surveillance[per thou]. But my concern is that products like this, even though opt-in, work to normalize web surveillance, playing into the [base "]I[base ']ve got nothing to hide[per thou] meme that justifies wholesale surveillance of our daily activities. The more users become comfortable with the surveillance of their online activities, the less likely they will be able to identify abuses of that surveillance.

A couple of other points on this particular service:

Their privacy policy states that [base "]When you sign up for an Others Online Account, we ask you for personal information (such as your birth date, gender, email address, country, post code and an account password)[sigma].[per thou] But that the [base "]service is anonymous [base ']Äì we do not request your name or your physical address.[per thou] This isn[base ']t entirely true, since research (such as Latanya Sweeney[base ']s amazing work) has shown that 87 percent of Americans can be personally identified by records listing only their birth date, gender and ZIP code. Anonymity is not guaranteed simply by not collecting one[base ']s name and address.
Another note in the privacy policy states that [base "]We may combine the information you submit under your account with information from third parties in order to provide you with a better experience and to improve the quality of our services.[per thou] Who knows what kind of [base "]information from third parties[per thou] they[base ']re talking about, but this is just the kind of data mining and data aggregation practices that Sweeney (and folks like Dan Solove) warn us about.
While you can clear your entire search history, it doesn[base ']t seem to be possible to selectively delete certain searches or browsing activities from their database. Users must remember to logoff the service is they don[base ']t want others to know they[base ']ve been watching Pat Benetar videos on YouTube.

[via John Battelle]

[michaelzimmer.org]

Walt Handelsman: N.S.A. Wiretapping

Fri, 04 Aug 2006 17:17:31 GMT

A Flash based cartoon :-)

Slashdot | Voting Isn't Easy, Even if Cheating Is

Wed, 02 Aug 2006 17:29:56 GMT

The Open Voting Foundation's disclsosure that only one switch need be flipped to allow the machine to boot from an unverified external flash drive instead of the built-in, verified EEPROM drew more than 600 comments; some of the most interesting ones are below, in today's Backslash story summary.

CALEA challenge.

Tue, 01 Aug 2006 19:35:15 GMT

CALEA challenge.

CDT, EFF, the Media Access Project, Sun, and Pulver.com have asked the judges on the D.C. Circuit Court of Appeals to all sit together to reconsider the June 9 opinion upholding the FCC[base ']s creative interpretation of CALEA.

In order for such a reconsideration request to be granted, the petition has to concern a [base "]question of exceptional importance.[per thou] That[base ']s certainly present here [~] the D.C. Circuit[base ']s June ruling allowing the FBI to serve as a gatekeeper for online applications doesn[base ']t fit with the statute and poses enormous threats to innovation.

Remember, everyone has to comply with lawful wiretapping/interception requests. Compliance is not the issue here. The additional cost-shifting burden imposed by CALEA is to require that things be built so that they are easily tappable by law enforcement.

In 1994, Congress unquestionably exempted the internet (both access to the internet and applications used online) from CALEA obligations. (That[base ']s why there[base ']s an awful CALEA rewrite in circulation now [~] DOJ wants to change the law.) Even though the statutory language is clear, the FCC decided to interpret the statute to include elements that had specifically been left out by Congress.

The FCC did this by saying that the statute was ambiguous [~] when it isn[base ']t [~] and by arguing that because [base "]interconnected VoIP[per thou] services are [base "]replacements for a substantial portion[per thou] of traditional telephone services they must be covered by CALEA.

Their position was/is specious, in my view, because CALEA specfically excludes [base "]information services.[per thou] And [base "]information services[per thou] include internet access and online applications.

But backing up the frame from the statutory arguments (which the petition admirably presents in visual/analogy form several times) reveals a crucial and enormous legal issue. Congress hasn[base ']t expressly delegated power to the FCC to [base "]regulate the internet.[per thou] Who gets to do this [base "]regulation[per thou] is very important to the future of this country. In the absence of an express delegation, no deference to the agency[base ']s views is required. The D.C. Circuit is the group we depend on to rein in the Commission when it gets adventurous [~] or succumbs to pressure.

The FCC is far from independent of the wishes of the Executive Branch, particularly when it comes to national security and law enforcement desires. Incrementally, in a thousand definitional nuances and statutory-creep extensions, the Commission is becoming the de facto internet regulator. Surely we[base ']d want to have told them to do this; surely we would have thought through the consequences of such a step. Because we haven[base ']t, it would be wrong for a court to defer to what they have to say when it comes to the regulation of the internet. Particularly when it comes to getting FBI guys involved in designing new online applications.

[Public Knowledge - Policy Blog]

Helpful Guidance from Consumer Monitoring Firm.

Sat, 29 Jul 2006 15:33:14 GMT

Helpful Guidance from Consumer Monitoring Firm.
ChoicePoint, the consumer data peddling company, writes in to take issue with Luke O'Brien's story on the future of automated license plate readers (LPRs).

Early this week Luke quoted LPR expert Andy Bucholz as saying that the readers will someday be ubiquitous and networked, and that private companies will use them to build large databases that track where everyone drives.

Giant data-tracking firms such as ChoicePoint, Accurint and Acxiom already collect detailed personal and financial information on millions of Americans. Once they discover how lucrative it is to know where a person goes between the supermarket, for example, and the strip club, the LPR industry could explode, says Bucholz.

Not so, says ChoicePoint spokesman Chuck Jones, who first contacted Luke, then wrote us to request a "correction" to Luke's story (e-mails included here by Chuck's permission).

On July 25, you posted a story, "License Plate Tracking For All," written by Luke O'Brien, which included inaccurate comments about ChoicePoint, which require a correction or clarification.

To be clear, ChoicePoint does not obtain or sell -- and is not interested in obtaining and selling -- license plate information collected from license plate reading (LPR) equipment, better known as traffic or red light cameras.

ChoicePoint is not in the business of monitoring the daily location of consumers. We do not purchase transaction information such as credit card purchases or other data that allows a consumer's daily movements to be monitored, nor do we want such information.

What ChoicePoint does offer are products -- largely regulated by state and federal laws -- that help businesses manage economic risks and consumers obtain jobs, home and auto insurance or apartments, as well as facilitate other kinds of transactions consumers initiate such as ordering wine on-line, shipping a package or setting up a cellular phone account.

We also provide the software, technology, analytics and basic identity information that allows government agencies to conduct investigations into known or suspected crimes or to enforce laws and regulations.

Consumers can review the information ChoicePoint has about them -- if any -- free of charge at www.choicetrust.com.

After checking to make sure this benevolent consumer-oriented company was the same ChoicePoint that sold detailed profiles of 145,000 consumers to Nigerian identify thieves last year, I composed a response. Then my boss looked at it and said something like, "Are you out of your mind? You can't send that!" -- so I composed a nicer response.

Thanks for the note.

Please feel free to post your comments on the message board associated with the story. I don't see grounds for a correction, however. Luke accurately reported on what Bucholz said. And neither Bucholz nor the story claimed that Choicepoint had purchased LPR data. In Bucholz's opinion, Choicepoint might see value in such data in the future, when the capabilities he describes come to fruition.

I think this is all perfectly clear in the article.

His responded by offering some helpful advice on how to keep my reporters from offending ChoicePoint.

Understand your position.

Conversely, please consider our comments to be an "FYI" so your writers don't mistakenly allow someone in the future to be quoted on your site as saying ChoicePoint might be interested in such a market, because you now know we're not. We've already had this conversation with Luke.

Thanks for the lesson, Chuck.

If there are any Wired News reporters reading this, be advised: while ChoicePoint tracks and sells such data as where we live, where we work (a "daily location" for most of us), who our neighbors are, who our relatives are, what professional licenses we hold, and what vehicles we own ... that's it. That's where it draws the line, and it always will be.

Sure, the company needs to know what we drive ... but where we drive? That's just crazy talk.

[27B Stroke 6]

CDT Launches Tech Policy Blog.

Wed, 26 Jul 2006 16:19:59 GMT

CDT Launches Tech Policy Blog. CDT today launched PolicyBeta, a new blog dedicated to expanding the dialogue about technology policy, civil liberties and preserving democratic values in the digital age. PolicyBeta will feature regular posts on issues ranging from domestic surveillance to spyware, and will provide CDT experts an opportunity to discuss in detail the latest trends and developments affecting the technology policy debate. CDT is encouraging journalists, technologists, academics and interested individuals to visit the blog regularly and participate in the discussion. [Center for Democracy and Technology]

Busting Burglars With Spit, Vomit.

Tue, 18 Jul 2006 15:21:19 GMT

Busting Burglars With Spit, Vomit. The Justice Department is helping police detectives solve simple property crimes with advanced DNA analysis. Can CSI: Special Shoplifting Squad be far behind? Luke O'Brien reports from Washington [Wired News: Security Blanket]

Technologists object to U.S. RFID passports - Jul. 13, 2006

Mon, 17 Jul 2006 15:25:36 GMT

Imagine being overseas and your identity being available for the taking - your nationality, your name, your passport number. Everything.

That's the fear of privacy and security specialists now that the State Department plans to issue "e-Passports" to American travelers beginning in late August.

They'll have radio frequency identification (RFID) tags and are meant to cut down on human error of immigration officials, speed the processing of visitors and safeguard against counterfeit passports.

Yet critics are concerned that the security benefit of RFID technology, which combines silicon chips with antennas to make data accessible via radio waves, could be vastly outweighed by security threats to the passport holder.

"Basically, you've given everybody a little radio-frequency doodad that silently declares 'Hey, I'm a foreigner,'" says author and futurist Bruce Sterling, who lectures on the future of RFID technology. "If nobody bothers to listen, great. If people figure out they can listen to passport IDs, there will be a lot of strange and inventive ways to exploit that for criminal purposes."

'Let's track paedos with chip implants' - top cop fails tech test.

Mon, 17 Jul 2006 14:25:50 GMT

'Let's track paedos with chip implants' - top cop fails tech test.

Shall we just believe in witchcraft while we're about it?

Britain's most senior policeman has, according to a Sunday Times report, suggested that surgically implanted chips could be used in order to track the movements of paedophiles and dangerous sex offenders. "If we are prepared to track cars, why donâo[dot accent]t we track people? You could put surgical chips into those of the most dangerous sex offenders who are are willing to be controlled," said Ken Jones, president of the Association of Chief Police Officers.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Sony 'Anti-Used Game' Patent Explored.

Fri, 14 Jul 2006 16:09:34 GMT

Sony 'Anti-Used Game' Patent Explored. Sometime in 2000, Sony patented a process that would 'verify a disc as legitimate, register the disc to that particular game console, then wipe out verification data so the disc would be rendered unreadable in other PlayStations'. Despite unrest in the gaming community over this technology, the company has repeatedly stated they have no plans to use it in the PS3. The LA Times explores this persistent debate, examining why Sony developed the tech and why gamers are nervous. From the article: "Whatever Sony's plans, the tempest [over the patent] illustrates the changing nature of ownership as millions of people accumulate vast collections of digital entertainment. Few people realize that when they buy software or music or movies, they are actually buying a license to use, watch or listen. That's why it violates copyright laws for people to sell copies of their music collection." Thanks to 1up.com for the link. [Slashdot: Your Rights Online]

Broadcast Flag Smackdown: Video v. Audio.

Fri, 14 Jul 2006 15:31:40 GMT

Broadcast Flag Smackdown: Video v. Audio.

One of the memes repeated over and over again at the House Energy and Commerce broadcast flag hearing two weeks ago was that the audio broadcast flag is much different (read: worse) than the video version. This argument is made largely to explain why the consumer electronics, software and broadcast industries are neutral or support the video flag, while they vehemently oppose the audio flag.

Yes, there are some superficial distinctions between the two, but they are distinctions without a difference. Here are the justfications most often given for distinguishing the two flags:

The video flag was developed by [base "]consensus.[per thou] This one either makes me laugh out loud or furious. First, there was significant disagreement on a number of issues surrounding the flag when it was proposed to the Copy Protection Technical Working Group, including whether it would be effective, whether it would have adverse consequences for consumers, and how specifically to enforce the [base "]compliance and robustness[per thou] rules. Second, CE, software and other companies heartily opposed the flag scheme at the FCC, as, did, by the way, every consumer group working on this issue (we don[base ']t usually count when determining whether there is a consensus, it seems). In fact, PK[base ']s filings in the broadcast flag court case were largely cribbed from Philips Electronics[base '] FCC filings. But Hollywood[base ']s relentless pressure has paid off, and those companies who opposed the flag are either grudgingly supporting it, or neutral.
The audio flag scheme would prohibit personal copying, while the video flag scheme only prohibits [base "]mass, indiscriminate redistribution[per thou] over the Internet. It is true that if you have the right equipment you should still be able to make personal copies with the video flag. (Remember, some old devices may not work with flag-compliant devices, and once you buy one brand of flag-compliant device, you must buy the same brand for all downstream devices). However, regardless of what the FCC claims that the broadcast flag scheme prohibits, all but one of the broadcast flag technologies approved by the FCC prohibit all Internet redistribution, not just [base "]mass, indiscriminate[per thou] redistribution. So if I want to email a copy of my appearance on the local news to my mother, the flag prohibits me from doing so. Essentially, the video flag permits me to retain my fair use rights circa 1992. Not a significant improvement over the audio flag, if you ask me.
The video flag scheme has been vetted and debated, the audio flag scheme has not. It is true, and not insignificant, that unlike the video flag technology, no audio flag technology exists, although that certainly does not make the video flag scheme better policy. But it would be hard to argue that the concept of copy protection for digital and satellite radio has not been publicly debated. The FCC put the issue of broadcast radio content protection out for public comment, and Congress has had at least three hearings on various radio content protection proposals in this Congress. So the merits of radio content protection, whatever it might look like, has been and still is, being vigorously debated.

Regardless of these distinctions, what the flag schemes have in common should alarm anyone wants to promote innovation and competition. Both flag schemes would put the Federal Communications Commission in the position of technology gatekeeper - determining what devices can and cannot come to market. This determination of course, would be made under great pressure from the powerful and persistent content industry to limit approvals to only those technologies with which they approve. This alone, should be enough reason for technology companies to oppose both flag schemes.

So why are broadcasters, CE companies and software companies either supporting or neutral about the video flag yet opposed to the audio flag? It all comes down to politics, of course. Local broadcasters are not affected by the flag one way or another, but their Disney, Fox, Viacom & Universal-NBC brethren have put the thumbscrews to the National Association of Broadcasters (NAB) to support it. Some of the Hollywood studios, which also own broadcast stations, have quit the NAB before over media ownership battles, and one can only guess that their continued membership is contingent on NAB support of the video flag.

Several CE companies, including the aforementioned Philips have decided it is better to join [OE]em than beat [OE]em. Having bet wrongly that we would lose our court case, Philips and some others have started to manufacture flag compliant devices, and don[base ']t want competition from more consumer-friendly non-compliant devices. And the support of companies like Philips hamstrings trade groups like the Consumer Electronics Association from taking a position.

Tactically, I think it is a grave mistake to try and distinguish the two, since they are, at their core, exactly the same - ways for the content industry to have veto power over new devices. Even if the video flag somehow makes it into law without the audio flag (unlikely given Senator Frist[base ']s desire to help his former chief of staff, RIAA CEO Mitch Bainwol), cries of [base "]regulatory parity[per thou] will be heard from the RIAA[base ']s corner. And that is an argument that is likely to carry a great deal of weight at the FCC and elsewhere.

[Public Knowledge - Policy Blog]

Felten Writes So That You May Read. - Professor Ed Felten has managed to both complicate and clarify the net neutrality issue.

Wed, 12 Jul 2006 21:13:27 GMT

Felten Writes So That You May Read.

Professor Ed Felten has managed to both complicate and clarify the net neutrality issue.

Felten published a ten page primer (.pdf) on how packet discrimination works, the impact of jitter on VOIP, and the complexity of trying to legislate fairness in the pipes.

It's a way smarter take on Net Neutrality than MoveOn's scare campaign or this astroturf video.

The Internet is unusual among networks in putting most of the intelligence in the computers at the edge of the network, rather than in the infrastructure at the heart of the network. The routers in the middle forward packets with only minor processing-all the heavy lifting takes place on the transmitting and receiving computers. This approach of putting intelligence at the edge of the network is known as the end-to-end principle, and it is one of the keys to the Internet's success thus far.

Putting the intelligence in the edge computers has several advantages. (1) Edge computers account for most of the devices involved in the network, so the edge computers collectively have most of the memory and processing power available to the network, and it makes sense to put the intelligence where these resources are available. (2) Edge computers have a better idea what the network's users want, because they are owned and controlled directly by users. (3) Innovation usually happens faster at the edge of the network.

In a sense, the net neutrality debate is a fight between the edges and the middle over control of the network. Neutrality regulation is generally supported by companies that provide services at the edge of the network, and is generally opposed by companies that manage the middle of the network. Each group wants the part of the network that it controls to have most of the intelligence, because more opportunities to innovate-and profit from innovation-are available to those who control the intelligent parts of the network.

Felten labors under the impression that nuanced thinking about these matters means anything. Perhaps he still hasn't seen this.

[27B Stroke 6]

FBI plans new Net-tapping push | CNET News.com

Mon, 10 Jul 2006 14:31:51 GMT

The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET News.com has learned.

FBI Agent Barry Smith distributed the proposal at a private meeting last Friday with industry representatives and indicated it would be introduced by Sen. Mike DeWine, an Ohio Republican, according to two sources familiar with the meeting.

The draft bill would place the FBI's Net-surveillance push on solid legal footing. At the moment, it's ensnared in a legal challenge from universities and some technology companies that claim the Federal Communications Commission's broadband surveillance directives exceed what Congress has authorized.

Scottish cops finger villains with the 'Kevlar grope'.

Mon, 10 Jul 2006 14:04:08 GMT

Scottish cops finger villains with the 'Kevlar grope'.

Hands-on approach to knife crime...

Disturbing images are conjured by Scotland's latest anti knife crime measure. Fancy a Kevlar grope?

Scottish police are running a trial of battery-powered Kevlar metal-detecting gloves in Strathclyde and Central Scotland. The gloves, the Scotsman tells us, allow officers to scan an individual with the fingertips or the palms of the hands. So in order to search a suspect the officer dons gloves, runs fingers over the suspect's body ("Hey, what's your game, pal?") and, if metal is detected, the glove "starts to vibrate at the wrist."

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

EFF Defends Tech Liberties.

Thu, 06 Jul 2006 17:33:04 GMT

EFF Defends Tech Liberties. Taking on such powerhouses as the Secret Service and AT&T, the EFF is a kind of high-tech ACLU, fighting to ensure that offline rights transfer to emerging technologies. [Wired News: Security Blanket]

Internet Security Zone Blog: Forensics: Looking Inside the Stolen VA Laptop

Wed, 05 Jul 2006 14:58:32 GMT

As mentioned in this post, the laptop containing Veteran's Administration data was recovered. While it's good they got the *hardware* back, recovering the laptop itself doesn't mean the data wasn't stolen.

Speaking to this concern, another report stated this:

FBI Says Data on VA Laptop Not Accessed

The FBI, in a statement from its Baltimore field office, said:
A preliminary review of the equipment by computer forensic teams determined that the database remains intact and has not been accessed since it was stolen. A thorough forensic examination is underway, and the results will be shared as soon as possible. The investigation is ongoing.

As a former Computer Forensic Specialist, I wanted to explain what's probably going on with this laptop now that the FBI has the system and is forensically examining it. This explanation assumes the data was present on the hard drive (not a CD-Rom or other storage medium).

The Fourth of July, 2006 is Privacy Digest's 7th Anniversary

Mon, 03 Jul 2006 17:14:11 GMT

Tomorrow, The Fourth of July 2006, Privacy Digest will have been publishing as this domain for seven years. We were actually around a bit longer as part of another blog. But on July 4, 1999, I decided that the issue was important enough to warrant it's own dedicated domain.

If you would like to help out my Amazon wishlist has a few things I need. More ideas on ways to support us can be found here.

Courier News Online - High-tech workplace security upgrades are near

Mon, 03 Jul 2006 14:18:21 GMT

If you think scanning eye retinas or using voice recognition to allow someone to enter a building is only the stuff of James Bond movies, think again. In fact, it may be coming to a workplace near you.

Experts say that as technology grows and changes the way companies compete, employers will use more sophisticated techniques to keep workplaces secure.

But that has some privacy groups concerned. They argue that personal information about an individual gained through these technologies may be exploited as never before and that catching the perpetrators may be even tougher.

Biometrics (from the ancient Greek "bios" for life and "metron" for measure), is the study of automated methods for recognizing uniquely human traits such as eye retinas or iris, facial patterns, thumb prints, voice recognition, etc.

Evan Scott, who runs an executive search firm specializing in senior-level searches for emerging technology companies, says his biometrics business is booming.