Paul Hardwick: Tracking

Big Brother State: surveillance society animation.

Sun, 11 Mar 2007 04:08:05 GMT

Big Brother State: surveillance society animation.

Another slick animation outlining the threats of our growing surveillance society: Big Brother State (YouTube version here)

[via Jeremy Hunsinger]

[michaelzimmer.org]

Big Brother State - An animated short about public surveillance by David Scharf

Sun, 11 Mar 2007 04:06:35 GMT

please also download using Bit Torrent:
(Xvid Version, ca. 50 MB, 768 px x 432 px) ---> CLICK HERE
(Big FLV Version, 55 MB, 768 px x 432 px, use FLV Player to view) ---> CLICK HERE

Check the Internet Archive for other resolutions and formats: CLICK HERE

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

Sun, 11 Mar 2007 03:52:46 GMT

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

EFF is calling for Congress to hold aggressive hearings on the FBI's domestic intelligence authority after the release of a Justice Department report [PDF] showing the Bureau abusing its power to collect telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.

Sen. Patrick J. Leahy, D-Vermont, has said the Senate Judiciary Committee will hold hearings into the report's findings. But the widespread abuse detailed in the report requires more than just a cursory examination.

"The Bureau's misuse of its intelligence authority is an ongoing critical problem," said EFF Staff Attorney Marcia Hofmann. "Congress must use its investigative power to find out what's really going on at the FBI -- and then rein in the Bureau's investigative authority to where is was before the USA PATRIOT Act."

In the report, the Justice Department's inspector general identifies four dozen instances in which demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. The report also found that the Bureau lied to Congress about its use of the letters.

The FBI has had limited authority to issue National Security Letters for many years. However, a controversial provision of the PATRIOT Act greatly expanded the Bureau's ability to use them to gather information about anyone, as long as the agency believes the information could be relevant to a terrorism or espionage investigation.

Today's report follows the inspector general's findings last year that the Bureau had disclosed more than 100 instances of possible intelligence misconduct to the Intelligence Oversight Board in the preceding two years, a number of which were "significant."

In 2005, EFF argued in a friend of the court brief that the FBI's "unfettered authority" to issue National Security Letters "is ripe for abuse." The danger of such abuse has now been documented.

"This is not simply about errors in 'oversight,'" said EFF Senior Staff Attorney Lee Tien. "This is about disregard for the law. For example, FBI terrorism investigators ignored their own lawyers' advice to stop using so-called 'exigent' letters for about two years."

For more information, read the full report from the Justice Department, as well as this brief description of National Security Letters .

[EFF: Deep Links]

Justice Department Says F.B.I. Misused Patriot Act.

Sun, 11 Mar 2007 03:49:18 GMT

Justice Department Says F.B.I. Misused Patriot Act.

In what should not come as that big of a surprise, AP reports:

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

[sigma]The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances.

[sigma]Fine[base ']s annual review is required by Congress, over the objections of the Bush administration.

The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.

In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.

Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI[base ']s database, the audit found.

[sigma]The FBI also used so-called [OE][base ']exigent letters,'[base '] signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

[OE][base ']In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent,'[base '] the audit concluded.

Unbelievable. The full 199-page report can be downloaded here (PDF). And more coverage is available at Boing Boing and 27B Stroke 6.

[michaelzimmer.org]

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Sun, 11 Mar 2007 03:43:18 GMT

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Greetings. The release of a new report detailing massive FBI abuses of the PATRIOT Act (particularly in regard to National Security Letters), now confirms concerns that I and others have been long expressing about the potential abuse of retained Internet and other data, e.g.:

Sounding the Alarm on Government-Mandated Data Retention

An Open Letter to Google: Concepts for a Google Privacy Initiative

Broad abuses of retained data are now demonstrated to be real, not theoretical, as described in this Washington Post story.

We don't yet really know the full extent of these violations, but what has already been revealed is bad enough as a starting point.

I hope that these events will not only trigger considerable soul-searching by those firms who voluntarily retain user activity data, but also cause a renewed recognition of how broad mandated data retention can facilitate, and inevitably will facilitate, such abuses in the future.

--Lauren--

[Lauren Weinstein's Blog]

Justice: FBI misused Patriot Act powers - Yahoo! News

Fri, 09 Mar 2007 21:34:53 GMT

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

Attorney General Alberto Gonzales, who oversees the FBI, described the problems cited in the report as unacceptable and left open the possibility of criminal charges. He ordered further investigation.

"Once we get that information, we'll be in a better position to assess what kinds of steps should be taken," Gonzales told reporters following a speech to privacy officials.

[...]

The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.

In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.

"To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales told the privacy officials. "Failure to adequately protect information privacy simply is a failure to do our jobs."

Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI -- and perhaps limit its power.

"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy (news, bio, voting record), D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."

The committee's top Republican, Pennsylvania Sen. Arlen Specter (news, bio, voting record), said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."

Sen. Russ Feingold (news, bio, voting record), D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.

Audit Finds FBI Abused Patriot Act.

Fri, 09 Mar 2007 21:27:43 GMT

Audit Finds FBI Abused Patriot Act. happyslayer writes to mention that according to Yahoo! News a recent audit shows that the FBI has improperly and in some cases illegally utilized the Patriot Act to obtain information. "The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances. The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct. Still, 'we believe the improper or illegal uses we found involve serious misuses of national security letter authorities,' the audit concludes." [Slashdot]

The Local - Olofsson claims Sweden has tapped phones 'for decades'

Fri, 09 Mar 2007 21:23:29 GMT

Deputy prime minister Maud Olofsson has added a new twist to Sweden's divisive surveillance debate. The Centre Party leader claims that defence minister Mikael Odenberg's proposed legislation would merely codify practices that have already been in operation for decades.

Previously, at a time when all telecommunications were state-operated, Sweden's National Defence Radio Establishment (FÃ¶rsvarets Radioanstalt - FRA) regularly tapped telephone lines in and out of the country, says Olofsson.

The Local - 'Big brother' surveillance makes waves in Sweden

Fri, 09 Mar 2007 21:21:39 GMT

A far-reaching wiretapping programme proposed by Sweden's government to defend against foreign threats, including monitoring emails and telephone calls, has stirred up a fiery debate in the past few weeks, with critics decrying the creation of a "big brother" state.

The new legislation, to be presented to parliament on Thursday, would enable the National Defence Radio Establishment (FRA) to tap all Internet and telephone communication in and out of Sweden.

Sweden Admits Tapping Citizens' Phones for Decades.

Fri, 09 Mar 2007 21:18:28 GMT

Sweden Admits Tapping Citizens' Phones for Decades. paulraps writes "Sweden is close to implementing new surveillance legislation that will include the monitoring of emails, telephone calls and keyword searches using advanced pattern analysis. The objective is to detect 'threats such as terrorism, IT attacks or the spread of weapons of mass destruction' but the proposals have divided the country. In a misguided attempt to put people at ease, the government admitted that Sweden has been tapping its citizens' phones for decades anyway." [Slashdot: Your Rights Online]

Pine Bluff - Scaled-back version of drug database passes Senate

Fri, 09 Mar 2007 17:33:58 GMT

LITTLE ROCK - Scaling back the scope of a statewide database to monitor some prescription drug purchases gained Senate approval of the measure Thursday. The bill's sponsor said the amendments were intended to address concerns about patient privacy.

[...]

By a 20-7 vote, the Senate approved a bill by Sen. Denny Altes, R-Fort Smith, that would allow the state Board of Pharmacy to establish standards for setting up the database on drug purchases. The database would track schedule II and schedule III narcotics, such as morphine or OxyContin.

"I think we've amended this about six times now," Altes said before the vote. "I think these changes should address all the concerns that were raised."

Altes originally called for a database to track virtually all prescription drug purchases in the state. The measure passed by the Senate allows the Board of Pharmacy to set the criteria for the information to be tracked by the database.

Sen. Jim Argue, D-Little Rock, said he still believed the database could be subject to abuse and could harm the privacy of some patients.

"There is no evidence that a database like this works, but there is evidence that databases like this could be violated," Argue said.

Homeland Security Tests Snoop Computer System.

Fri, 09 Mar 2007 17:23:56 GMT

Homeland Security Tests Snoop Computer System. Parallax Blue writes "The Washington Times reports that Homeland Security has developed and is testing a new computer system called ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) that collects and analyzes personal information on US citizens. Relevant data 'can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.' The program apparently uses the same process as the Pentagon's Total Information Awareness project, which was aborted in 2003 due to privacy concerns."

[Slashdot: Your Rights Online]

Policy Makers call for University Internet Filters.

Fri, 09 Mar 2007 17:16:28 GMT

Policy Makers call for University Internet Filters.

At today[base ']s House Judiciary Subcommittee on Courts, the Internet, and Intellectual Property hearing, titled [base "]An Update - Piracy on University Networks,[per thou] we heard from legislators that they[base ']re very concerned about [base "]piracy[per thou] on campus networks.

You should be able to watch the video of the hearing here.

The common theme of the solutions was not only educating students (which all of the witnesses said that they were working on collaboratively), but for campuses to employ technology to filter the packets flowing over the network.

[Public Knowledge - Blogging, Events, and Action Alerts]

Image Gallery: Seven ways to keep your search history private.

Fri, 09 Mar 2007 04:22:29 GMT

Image Gallery: Seven ways to keep your search history private. Worried that Google and other search sites know too much about you -- and that the federal government can subpoena that data? Fear not -- we've got seven steps you can follow to keep your search history to yourself. [Computerworld Privacy News]

Telecoms.com - Telecoms industry "worst for consumer privacy"

Fri, 09 Mar 2007 00:27:48 GMT

The telecoms industry has been accused of collecting excessive amounts of personal data from its customers, with telecom firms faring worse for privacy than companies in other industries.

The accusations come in the "First Quarter 2007 Online Customer Respect Study of the Telecommunications Industry", from international research...

Editor: Just this teaser unless you register at their site.

Homeland Security revives supersnoop - The Washington Times

Fri, 09 Mar 2007 00:21:29 GMT

Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.

The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations.

A Government Accountability Office (GAO) investigation of the project called ADVISE -- Analysis, Dissemination, Visualization, Insight and Semantic Enhancement -- was requested by Rep. David R. Obey, Wisconsin Democrat and chairman of the House Appropriations Committee.

The investigation focuses on whether the program violates privacy laws, and the findings will be released after completion of the Iraq war supplemental spending bill, possibly as early as this week, a panel aide said.

The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior.

Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.

Privacy concerns prompted lawmakers on both sides of the aisle to introduce legislation in January to require that government agencies disclose data-mining practices in regular reports to Congress.

"A serious discussion on the implications of data-mining programs is long overdue," Sen. Russ Feingold, Wisconsin Democrat and a sponsor of the bill, said yesterday. Sen. John E. Sununu, New Hampshire Republican, is also a bill sponsor.

heise Security - All Microsoft updates phone home

Thu, 08 Mar 2007 23:54:34 GMT

Possibly as a reaction to heise Security's report that Windows Genuine Advantage Notification sends back data to Redmond even when users choose to terminate its installation, a Microsoft developer using the pseudonym alexkoc has now posted an entry in the WGA blog. There he reveals that every update that flows through Windows Update at the very least informs Microsoft about whether the installation was successful or not.

In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date. By way of justifying Microsoft's approach, alexkoc writes that the EULA, likewise presented by the WGA installer, also covered the relaying of such information.

With some updates such as the WGA Notification, the installer transmits data that Microsoft says it merely requires for quality control purposes and to improve the installer itself. The WGA package thus, among other things, sends back an event code. To calm the fears of users, alexkoc presents a graphic explaining the various fields of such a data packet.

When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users.

All Microsoft Updates Phone Home.

Thu, 08 Mar 2007 23:49:17 GMT

All Microsoft Updates Phone Home. juct writes "In the wake of heise Security's report on the garrulous WGA Notification, Microsoft has now supplied additional details on the data sent. They have revealed to developers that apparently all updates relay information to the company in Redmond." [Slashdot: Your Rights Online]

How Computers Can Make Voting More Secure.

Thu, 08 Mar 2007 22:35:06 GMT

How Computers Can Make Voting More Secure.

By now there is overwhelming evidence that today[base ']s paperless computer-based voting technologies have such serious security and reliability problems that we should not be using them. Computers can[base ']t do the job by themselves; but what role should they play in voting?

It[base ']s tempting to eliminate computers entirely, returning to old-fashioned paper voting, but I think this is a mistake. Paper has an important role, as I[base ']ll describe below, but paper systems are subject to well-known problems such as ballot-box stuffing and chain voting, as well as other user-interface and logistical challenges.

Security does require some role for paper. Each vote must be recorded in a manner that is directly verified by the voter. And the system must be software-independent, meaning that its accuracy cannot rely on the correct functioning of any software system. Today[base ']s paperless e-voting systems satisfy neither requirement, and the only practical way to meet the requirements is to use paper.

The proper role for computers, then, is to backstop the paper system, to improve it. What we want is not a computerized voting system, but a computer-augmented one.

This mindset changes how we think about the role of computers. Instead of trying to make computers do everything, we will look instead for weaknesses and gaps in the paper system, and ask how computers can plug them.

There are two main ways computers can help. The first is in helping voters cast their votes. Computers can check for errors in ballots, for example by detecting an invalid ballot while the voter is still in a position to fix it. Computers can present the ballot in audio format for the blind or illiterate, or in multiple languages. (Of course, badly designed computer interfaces can do harm, so we have to be careful.) There must be a voter-verified paper record at the end of the vote-casting process, but computers, used correctly, can help voters create and validate that record, by acting as ballot-marking devices or as scanners to help voters spot mismarked ballots.

The second way computers can help is by improving security. Usually the e-voting security debate is about how to keep computers from making security too much worse than it was before. Given the design of today[base ']s e-voting systems, this is appropriate [~] just bringing these systems up to the level of security and reliability in (say) the Xbox and Wii game consoles would be nice. Even in a computer-augmented system, we[base ']ll need to do a better job of vetting the computers[base '] design [~] if a job is worth doing with a computer, it[base ']s worth doing correctly.

But once we adopt the mindset of augmenting a paper-based system, security looks less like a problem and more like an opportunity. We can look for the security weaknesses of paper-based systems, and ask how computers can help to address them. For example, paper-based systems are subject to ballot-box stuffing [~] how can computers reduce this risk?

Surprisingly, the designs of current e-voting technologies, even the ones with paper trails, don[base ']t do all they can to compensate for the weaknesses of paper. For example, the current systems I[base ']ve seen keep electronic records that are subject to straightforward post-election tampering. Researchers have studied approaches to this problem, but as far as I know none are used in practice.

In future posts, we[base ']ll discuss design ideas for computer-augmented voting.

WGA Reports Back To MS Even If You Choose Not To Install - Aviran's Place

Wed, 07 Mar 2007 18:06:01 GMT

Heise online reports on a very interesting action Microsoft is taking during the installation of WGA.

When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send your info and the fact that you choose not to install WGA back to their servers.

In addition to that it seems that the setup program send some information stored in your registry to http://genuine.microsoft.com/. While it does not specifically identify the user, it looks like it does send some identification of your computer and Windows version (see picture) to Microsoft servers.

Microsoft WGA Phones Home Even When Told No.

Wed, 07 Mar 2007 18:00:00 GMT

Microsoft WGA Phones Home Even When Told No. Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers." [Slashdot]

Nightline NSA Spy Exclusive: Dud.

Wed, 07 Mar 2007 17:07:37 GMT

Nightline NSA Spy Exclusive: Dud. AT&T whistleblower Mark Klein breaks silence to tell ABC News' Nightline about the NSA eavesdropping on the internet, but reveals little new information. In 27B Stroke 6. [Wired News: Top Stories]

Wal-Mart fires technician who recorded phone calls

Wed, 07 Mar 2007 16:52:20 GMT

March 05, 2007 (Reuters) -- CHICAGO - Wal-Mart Stores Inc. said today it fired a systems technician for intercepting text messages of people who were not Wal-Mart employees and for recording telephone conversations with a New York Times reporter without authorization.

Wal-Mart, the world's largest retailer, said an internal investigation found the technician had monitored and recorded phone calls between Wal-Mart public relations employees and a New York Times Co. reporter between September and January.

The Bentonville, Ark.-based retailer also said the technician, who worked in its information systems division, intercepted and stored text messages that contained certain key words, including those sent by people in the Bentonville area who were not Wal-Mart employees.

Wal-Mart spokeswoman Mona Williams said on a call with reporters that the technician "did this on his own."

While interviews with the technician gave the retailer an idea as to why he recorded the calls, Williams said she could not disclose the reasons because the case has been turned over to federal investigators.

Spying at Wal*Mart: Human nature run amuck?

Wed, 07 Mar 2007 16:46:37 GMT

Spying at Wal*Mart: Human nature run amuck? Does the Wal-Mart eavesdropping debacle have the potential to be this year's HP scandal? A former IT security staffer for the retailer evaluates what might have happened. [Computerworld Privacy News]

Cybercrime Treaty: What it Means to You

Wed, 07 Mar 2007 02:53:57 GMT

In that vein, in August the Senate ratified the Convention on Cybercrime, drafted by the Council of Europe with considerable input from the United States. So far, 43 nations have signed on. The Convention includes many sensible provisions aimed at unifying global computer-crime laws, and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore.

But civil libertarians, along with leading telecommunications companies, strongly oppose the treaty. Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located. If France is investigating a sale of Nazi memorabilia on eBay, the U.S. must cooperate, even though such transactions are not illegal in the U.S.

Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind.

These are potentially serious problems, especially given that the Convention is open to any country that wants to join. But there are more practical reasons U.S. businesses should be concerned. The provisions for data retention and production apply to any operator of a computer network, not just telecoms. Worse, Article 12 attaches liability to businesses for "lack of supervision or control" of employees who commit criminal offenses covered by the Convention. Businesses must worry about employee activities that may be legal here, but illegal elsewhere, risking administrative, civil, or even criminal penalties.

These investigative and supervision costs will invariably be imposed on businesses without any real controls. Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you.

Cybercrime Treaty ó Hidden Costs For All.

Wed, 07 Mar 2007 02:48:08 GMT

Cybercrime Treaty [~] Hidden Costs For All. linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you." [Slashdot: Your Rights Online]

Good shoppers may find their info sold ( New Zealand and Australia )

Tue, 06 Mar 2007 17:15:46 GMT

Credit information companies will have the power to sell detailed records about responsible borrowers, not just those in serious debt, as part of a current review of privacy laws in New Zealand and Australia.

Veda Advantage chief executive Andrew Want says a sweeping review of privacy laws could see the company introduce a service by 2009 providing information about consumers who are a good credit risk.

Currently, it is illegal to sell such information.

But work by the Privacy Commission in Australia to streamline privacy rules between federal and state governments, and to bring them in line with the current developments with technology, could change that.

Anti-terror tests broke law, says watchdog - 03/01/07 - Tennessean.com

Tue, 06 Mar 2007 17:13:09 GMT

The new program, similar to a Pentagon program that Congress killed in 2003 over concerns about civil liberties, could take effect as soon as next year.

But system testers probably already have violated privacy laws by reviewing real information, instead of fake data, a source familiar with a congressional investigation into the $42.5 million program told The Washington Post.

The program, called Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE), is on the cutting edge of analytical technology that applies mathematical algorithms to uncover hidden relationships in data. The idea is to troll a vast sea of information and extract suspicious people, places and other elements based on their links and behavioral patterns.

The privacy violation is described in a Government Accountability Office report due out soon. "Undoubtedly there are likely to be more," GAO Comptroller David Walker said recently.

Tonight(Tuesday) on Nightline - The NSA at AT&T

Tue, 06 Mar 2007 16:55:07 GMT

Tonight(Tuesday) on Nightline is an episode on the NSA having a monitoring station in the AT&T wire room. They have the guy who originally broke the story being interviewed tonight.

Top Secret: We're Wiretapping You.

Mon, 05 Mar 2007 21:41:41 GMT

Top Secret: We're Wiretapping You. The feds accidentally give a D.C. attorney a classified document showing that the NSA intercepted his phone calls without a warrant. When they ask for it back, they get a $2 million lawsuit along with it. By Ryan Singel. [Wired News: Security Blanket]

WIRED Blogs: Danger Room - The Pentagon Wants TiVo (to Watch You)

Mon, 05 Mar 2007 03:34:51 GMT

Reuters yesterday reported on a recently issued study on future technologies written by the Pentagon's Defense Science Board. More than anything, it seems these outside advisers want a surveillance system that would put Big Brother to shame, and they're looking at the commercial sector to provide it:

The Pentagon Wants a 'TiVo' to Watch You.

Mon, 05 Mar 2007 03:31:33 GMT

The Pentagon Wants a 'TiVo' to Watch You. An anonymous reader writes "Danger Room, a Wired blog, today cites a study of future electronic snooping technologies from Reuters, written by the Pentagon's Defense Science Board. More than anything, it seems these outside advisers want a surveillance system that would put Big Brother to shame, and they're looking at the commercial sector to provide it. 'The ability to record terabyte and larger databases will provide an omnipresent knowledge of the present and the past that can be used to rewind battle space observations in TiVo-like fashion and to run recorded time backwards to help identify and locate even low-level enemy forces. For example, after a car bomb detonates, one would have the ability to play high-resolution data backward in time to follows the vehicle back to the source, and then use that knowledge to focus collection and gain additional information by organizing and searching through archived data.'" [Slashdot]

Concurring Opinions: The Rise of Customer Blacklists

Sun, 04 Mar 2007 04:55:39 GMT

Blacklists appear to be the rage these days. With the ease of storing and sharing personal information -- coupled with lax privacy law restrictions on such activities -- companies can increasingly create blacklists of bad customers. In this article from the Ottawa Citizen, hotels in Australia and Canada (and soon the United States) are signing up for a service that compiles a blacklist against "bad" hotel guests:

Activists Claim Success: No RFID Chips Required in Driver's License Regulations - March 2007

Sun, 04 Mar 2007 04:49:12 GMT

Citizens Against Government Waste (CAGW) declared a victory for taxpayers and drivers yesterday after the Department of Homeland Security (DHS) released proposed regulations for personal identification that do not mandate the use of radio-frequency identification (RFID) technology. The REAL ID Act requires DHS to establish federal standards for state-issued driver's licenses and identification cards.

Justice Department takes aim at image-sharing sites | CNET News.com

Sun, 04 Mar 2007 04:12:46 GMT

The Bush administration has accelerated its Internet surveillance push by proposing that Web sites must keep records of who uploads photographs or videos in case police determine the content is illegal and choose to investigate, CNET News.com has learned.

That proposal surfaced Wednesday in a private meeting during which U.S. Department of Justice officials, including Assistant Attorney General Rachel Brand, tried to convince industry representatives such as AOL and Comcast that data retention would be valuable in investigating terrorism, child pornography and other crimes. The discussions were described to News.com by several people who attended the meeting.

A second purpose of the meeting in Washington, D.C., according to the sources, was to ask Internet service providers how much it would cost to record details on their subscribers for two years. At the very least, the companies would be required to keep logs for police of which customer is assigned a specific Internet address.

Only universities and libraries would be excluded, one participant said. "There's a PR concern with including the libraries, so we're not going to include them," the participant quoted the Justice Department as saying. "We know we're going to get a pushback, so we're not going to do that."

Attorney General Alberto Gonzales has been lobbying Congress for mandatory data retention, calling it a "national problem that requires federal legislation." Gonzales has convened earlier private meetings to pressure industry representatives. And last month, Republicans introduced a mandatory data retention bill in the U.S. House of Representatives that would let the attorney general dictate what must be stored and for how long.

DoJ Mulls Tracking Picture Uploads.

Sun, 04 Mar 2007 03:57:23 GMT

DoJ Mulls Tracking Picture Uploads. Dominus Suus passed us a link to a C|Net article about a disturbing threat to privacy from the Justice Department. According to the article, a private meeting was held Wednesday between Justice officials and telecom industry representatives. With individuals from companies such as AOL and Comcast looking on, the officials continued overtures to increase data retention by ISPs on American citizens. This week, they were specifically looking to have records kept of photo uploads. In this way, and 'in case police determine the content is illegal and choose to investigate,' an easy trail from A to Z will be available. The article provides a good deal of background on the Bush Administration's history with data retention, with ties to events even older than the Bush presidency. --- "The Justice Department's request for information about compliance costs echoes a decade-ago debate over wiretapping digital telephones, which led to the 1994 Communications Assistance for Law Enforcement Act. To reduce opposition by telephone companies, Congress set aside $500 million for reimbursement and the legislation easily cleared both chambers by voice votes. Once Internet providers come up with specific figures, privacy advocates worry, Congress will offer to write a generous check to cover all compliance costs and the process will repeat itself." [Slashdot: Your Rights Online]

Homeland Security offers details on Real ID | CNET News.com

Sun, 04 Mar 2007 03:52:36 GMT

Hundreds of millions of Americans will have until 2013 to be outfitted with new digital ID cards, the Bush administration said on Thursday in a long-awaited announcement that reveals details of how the new identification plan will work.

The announcement by the U.S. Department of Homeland Security offers a five-year extension to the deadline for states to issue the ID cards, and proposes creating the equivalent of a national database that would include details on all 240 million licensed drivers.

According to the draft regulations (PDF), which were required by Congress in the 2005 Real ID Act and are unlikely to assuage privacy and cost concerns raised by state legislatures:

âo¢ The Real ID cards must include all drivers' home addresses and other personal information printed on the front and in a two-dimensional barcode on the back. The barcode will not be encrypted because of "operational complexity," which means that businesses like bars and banks that require ID would be capable of scanning and recording customers' home addresses.

âo¢ A radio frequency identification (RFID) tag is under consideration. Homeland Security is asking for input on how the licenses could incorporate "RFID-enabled vicinity chip technology, in addition to" the two-dimensional barcode requirement.

Homeland Security Offers Details on Real ID.

Sun, 04 Mar 2007 03:48:45 GMT

Homeland Security Offers Details on Real ID. pr0nqu33n writes "C|Net is running an article on the DHS's requirements for the Real ID system. Thursday members of the Bush administration finally unveiled details of the anticipated national identification program. Millions of Americans will have until 2013 to register for the system, which will (some would argue) constitute a national ID. RFID trackers for the cards are under consideration, as is a cohesive nation-wide design for the card. States must submit a proposal for how they'll adopt the system by early October of this year. If they don't, come May of next year their residents will see their licenses unable to gain them access to federal buildings and airplanes. The full regulations for the system are available online in PDF format. Likewise, the DHS has a Questions and Answers style FAQ available to explain the program to the curious." [Slashdot: Your Rights Online]

European Retailer Embeds RFID Chips in Shoes.

Sun, 04 Mar 2007 03:28:01 GMT

European Retailer Embeds RFID Chips in Shoes. One of Europe's largest shoe companies plans to embed wireless chips in shoes sold at hundreds of stores across the continent. [PC World: Latest Technology News]

Audio Watermark Web Spider Starts Crawling.

Fri, 02 Mar 2007 02:43:48 GMT

Audio Watermark Web Spider Starts Crawling. DippityDo writes "A new web tool is scanning the net for signs of copyright infringement. Digimarc's patented system searches video and audio files for special watermarks that would indicate they are not to be shared, then reports back to HQ with the results. It sounds kind of creepy, but has a long way to go before it makes a practical difference. 'For the system to work, players at multiple levels would need to get involved. Broadcasters would need to add identifying watermarks to their broadcast, in cooperation with copyright holders, and both parties would need to register their watermarks with the system. Then, in the event that a user capped a broadcast and uploaded it online, the scanner system would eventually find it and report its location online. Yet the system is not designed to hop on P2P networks or private file sharing hubs, but instead crawls public web sites in search of watermarked material.'" [Slashdot]

TIA becomes ADVISE | Free Government Information (FGI)

Fri, 02 Mar 2007 02:13:23 GMT

Congress killed the Total Information Awareness (TIA) program in 2003 and several new programs have been reported to take its place. (See Total Information Awareness just changed its name FGI, 2006-02-26.) A forthcoming GAO report looks at the use of the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE) system.

National ID Card Rules Unveiled.

Fri, 02 Mar 2007 00:48:35 GMT

National ID Card Rules Unveiled. The DHS chief reveals how he'll turn state driver's licenses into internal passports. By Ryan Singel. [Wired News: Security Blanket]

U.S. Bill Proposes E-Health Records Incentives.

Fri, 02 Mar 2007 00:19:07 GMT

U.S. Bill Proposes E-Health Records Incentives. Doctors would get $3 for every patient signed up to use an electronic health record under terms of a new House bill introduced today. [PC World: Latest Technology News]

New Profiling Program Raises Privacy Concerns - washingtonpost.com

Wed, 28 Feb 2007 23:36:54 GMT

The Department of Homeland Security is testing a data-mining program that would attempt to spot terrorists by combing vast amounts of information about average Americans, such as flight and hotel reservations. Similar to a Pentagon program killed by Congress in 2003 over concerns about civil liberties, the new program could take effect as soon as next year.

But researchers testing the system are likely to already have violated privacy laws by reviewing real information, instead of fake data, according to a source familiar with a congressional investigation into the $42.5 million program.

Bearing the unwieldy name Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE), the program is on the cutting edge of analytical technology that applies mathematical algorithms to uncover hidden relationships in data. The idea is to troll a vast sea of information, including audio and visual, and extract suspicious people, places and other elements based on their links and behavioral patterns.

The privacy violation, described in a Government Accountability Office report that is due out soon, was one of three by separate government data mining programs, according to the GAO. "Undoubtedly there are likely to be more," GAO Comptroller David M. Walker said in a recent congressional hearing.

The violations involved the government's use of citizens' private information without proper notification to the public and using the data for a purpose different than originally envisioned, said the source, who declined to be identified because the report is not yet public.

The issue lies at the heart of the debate over whether pattern-based data mining -- or searching for bad guys without a known suspect -- can succeed without invading people's privacy and violating their civil liberties.

Canada Rejects Anti-Terror Laws.

Wed, 28 Feb 2007 23:28:09 GMT

Canada Rejects Anti-Terror Laws. Coryoth writes "The Canadian parliament has voted against renewing anti-terror laws that had been introduced after September 11, 2001. The rejected laws included provisions to hold terror suspects indefinitely, and to compel witnesses to testify, and were in some sense Canada's version fo the Patriot Act. The laws were voted down in the face of claims from the minority Conservative government that the Liberal Party was soft on terror, and despite the fact that Canada has faced active terrorist cells in their own country. The anti-terror laws have never been used, and it was viewed that they are neither relevant, nor needed, in dealing with terrorist plots. Hopefully more countries will come to the same conclusion." [Slashdot: Your Rights Online]

German Antiterror Law Links Large Databases.

Wed, 28 Feb 2007 23:22:23 GMT

German Antiterror Law Links Large Databases. Law takes effect creating comprehensive pool of personal data in antiterrorist effort. [PC World: Latest Technology News]

Microsoft Tackles 'False Positives' in Antipiracy Tool.

Wed, 28 Feb 2007 23:12:38 GMT

Microsoft Tackles 'False Positives' in Antipiracy Tool. Windows Genuine Advantage Notifications is revised to cut customers some slack after erroneous reports. [PC World: Latest Technology News]

NY1: Nightclub Safety On Council Agenda

Wed, 28 Feb 2007 23:06:21 GMT

Clubs will also now be required to have security cameras at their entrances and exits. Outside monitors could also be installed at clubs in frequent trouble with the law.

The New York Civil Liberties Union have said some of the proposals violate privacy, but the bill's sponsors have said they are just trying to keep club patrons safe.

EFF - miniLinks for 2007-02-28.

Wed, 28 Feb 2007 22:50:21 GMT

miniLinks for 2007-02-28.

Supreme Court Debates Patentability of Software
Justices look skeptically at the details of software's protection.

Toward an Ethical Patent System
European citizens unite against over-broad patents....

Bad Patents Are Bad for Business
... as does the European business community to go with it.

Canada Turns Away Americans for Past Misdemeanors
Thanks to DHS data mining, Canada turned away a visitor who shop-lifted during a fraternity prank 20 years ago and others with minor criminal records.

Has the Media Center Moved to Silicon Valley?
On the day of the Oscars, Tom Forenski thinks that films have lost their magic, and Net technology has seized it.

Whit Diffie Warns Of Overbroad Privacy Laws
"I am, on balance, more pleased with the fact that I can learn lots of information about people in minutes by using the Web than I am concerned about the fact that people can learn lots of information about me that way. And I would not like to see laws that restrict people's ability to go investigate things. "

Protect Your Users' Data With a Privacy Wall
How one company works to protect its users' financial information.

SF Chronicle: Reverse Real ID
"Congress must take a hard look at whether it makes sense to proceed with an expansive law that would be more appropriately called the National ID Act."

North Korea and the Internet
North Korea's strange, inward-looking national intranet.

Did WIPO's Director-General Lie About his age?
Confidential report suggests that he was 28 when he first took the job, not 37, and has repeatedly given the wrong age on official documents for 24 years.

The "Crime" of Blogging in Egypt
Abdelkareem Nabil Soliman is sentenced to four years for free speech.

Recording Industry Targets Colleges
Administrators get caught in the crossfire: "[The complaint] is asking us to pursue an investigation and as the service provider we don't see that as our role", says Purdue spokesman.

[EFF: Deep Links]

Battle brewing over RFID chip-hacking demo | InfoWorld | 2007-02-26 | By Paul F. Roberts

Wed, 28 Feb 2007 03:04:59 GMT

Secure card maker HID Corp. is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards.

HID has sent a letter to IOActive, a security consulting firm, accusing Chris Paget, IOActive's director of research and development, of possible patent infringement over a planned presentation, "RFID for beginners," on Wednesday, a move that could lead to legal action should the talk go forward, according to Jeff Moss, founder and director of Black Hat.

[ See also our Video: "Hack in action" ]

Lawsuits, patent claims silence Black Hat talk | InfoWorld | 2007-02-27 | By Paul F. Roberts

Wed, 28 Feb 2007 02:59:50 GMT

A planned talk on RFID security by a security researcher has been pulled from this week's Black Hat Federal security conference after secure card maker HID claimed the talk violated the company's patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget's employer, if the talk went forward.

The company decided to cancel the talk after all-night negotiations with HID collapsed, said Josh Pennell, CEO of IOActive. In response, Black Hat organizers were forced to tear materials out of printed show proceedings and will instead present a discussion by a representative of the ACLU on the criticality of RFID security, said Jeff Moss, founder and director of Black Hat.

A spokeswoman for HID did not immediately respond to a request for comment.

The incident recalled a 2005 dispute over a presentation at Black Hat in Las Vegas involving Cisco Systems and Michael Lynn, a security researcher who worked for Internet Security Systems at the time.

Windows Genuine Advantage's newest setting: "you might be a pirate"

Wed, 28 Feb 2007 01:28:12 GMT

Windows Genuine Advantage is an anti-piracy tool loathed by many, tolerated by some, and even appreciated by others. How you feel about it may depend in part on whether or not you've been caught in its snares: the "authentic software" validation tool is known to have falsely identified thousands of "pirated" Vista installs.

As Microsoft steps up its war against piracy, the company has decided to slightly nuance Windows Genuine Advantage (WGA). Rather than identify users as either in the clear or not, the company has added a third classification for users who set off some, but not all of WGA's undisclosed piracy-detection functionality. Users will now find that Windows XP installs are labeled as genuine, non-genuine or "not sure."

While Microsoft has not responded to requests for comment, it's quite obvious what is going on here: Microsoft has added "not sure" as a way of cutting down on the number of false positives associated with WGA. As many as one in five PCs were failing WGA checks, but this new setting should both reduce this and give Microsoft the chance to investigate further the kinds of things that are landing folks in the "not sure" category.

Although the Windows Genuine Advantage Notification tool is "optional," Microsoft is in the process of pushing out the tool as a "critical" and thus automatic update (affectionately dubbed WGA Notifications 1.7 KB905474). The update has been known about for over a month, but users are just now seeing it show up as a critical update to Windows XP.

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Wed, 28 Feb 2007 00:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 22:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

RFID Chips Shrink to Powder Size.

Tue, 27 Feb 2007 00:15:53 GMT

RFID Chips Shrink to Powder Size. Hitachi's new tags measure 0.002 inches square, but store as much information as their much-larger predecessors. The company's still investigating possible uses. By the Associated Press. [Wired News: Security Blanket]

Privacy Concerns a Major Roadblock for Location-based Services Says Survey.

Mon, 26 Feb 2007 23:40:51 GMT

Privacy Concerns a Major Roadblock for Location-based Services Says Survey. "Providers must give users control over location-based features to allay privacy concerns." [GT: Security and Privacy]

DHS Biometric Program in Trouble.

Mon, 26 Feb 2007 23:31:00 GMT

DHS Biometric Program in Trouble. Spiraling costs and a missing long-term strategy bedevil the US-VISIT program, which screens incoming travelers to the United States for terrorist links. Luke O'Brien reports from Washington. [Wired News: Security Blanket]

Surveillance Cameras Get Smarter - International Business Times

Mon, 26 Feb 2007 23:16:37 GMT

Look around - You might not be the only one watching. The never-blinking surveillance cameras, rapidly becoming a part of daily life in public and even private places, may be sizing you up as well. And they may soon get a lot smarter.

Researchers and security companies are developing cameras that not only watch the world but also interpret what they see. Soon, some cameras may be able to find unattended bags at airports, guess your height or analyze the way you walk to see if you are hiding something.

Most of the cameras widely used today are used as forensic tools to identify crooks after-the-fact. (Think grainy video on local TV news of convenience store robberies gone wrong.) But the latest breed, known as "intelligent video," could transform cameras from passive observers to eyes with brains, able to detect suspicious behavior and potentially prevent crime before it occurs.

Surveillance Cameras Get Smarter.

Mon, 26 Feb 2007 23:12:54 GMT

Surveillance Cameras Get Smarter. kog777 writes to mention that the IB Times is taking a look at where surveillance camera technology is headed. Soon researchers tell us that cameras will be available that not only record, but are able to interpret what they see. "The advancements have already been put to work. For example, cameras in Chicago and Washington can detect gunshots and alert police. Baltimore installed cameras that can play a recorded message and snap pictures of graffiti sprayers or illegal dumpers. In the commercial market, the gaming industry uses camera systems that can detect facial features, according to Bordes. Casinos use their vast banks of security cameras to hunt cheating gamblers who have been flagged before." [Slashdot: Your Rights Online]

Tor Open To Attack.

Mon, 26 Feb 2007 23:00:19 GMT

Tor Open To Attack. An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network." [Slashdot: Your Rights Online]

Wired News: Why Smart Cops Do Dumb Things By Bruce Schneier

Sun, 25 Feb 2007 04:58:46 GMT

Since 9/11, we've spent hundreds of billions of dollars defending ourselves from terrorist attacks. Stories about the ineffectiveness of many of these security measures are common, but less so are discussions of why they are so ineffective. In short: Much of our country's counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs.

Fraudsters Declare War on Anti-Scam Services.

Sun, 25 Feb 2007 04:15:24 GMT

Fraudsters Declare War on Anti-Scam Services.

Spammers have been attacking and threatening several of the groups and individuals who have been performing some of the most important work in hobbling online scams, spam and computer viruses.

The SANS Internet Storm Center on Thursday found a piece of malicious code (called "sans.exe") designed to update a group of several thousand infected computers that SANS has been monitoring. The code includes text strings that suggest an attack on the center if two of its crime fighters don't stop interfering with his money-making spam operations. The message, in part, read:

"You better f*** off SANS.org especially that [SANS chief technology officer] Johannes Ullrich (phone and e-mail address deleted) and Kevin Hong (phone and e-mail address deleted). I really don't have anything against you, just piss off alright?" [sic]

"I guess we always felt like this [was] going to happen at some point," Ullrich said in an online chat with Security Fix this morning. "Adding taunts like this to their code isn't what you would expect from a professional criminal trying to stay low profile. [It] points to a more juvenile 'hooligan' mentality," than hardened cyber crook.

Last month, a number of anti-spam Web sites came under a sustained "distributed denial of service" (DDoS) attack, an electronic assault during which the attackers use thousands of compromised personal computers to overwhelm a target with so much bogus traffic that the PCs can't accommodate legitimate visitors.

The attacks were made possible by tens of thousands - perhaps millions - of computers infected by the recent e-mail virus known as the "Storm worm. The virus links all infected computers into a peer-to-peer data network using the same technology as the eDonkey file-sharing network. The attackers later instructed the networked machines to attack sites such as spam trackers Spamhaus and the personal Web site of Joe Stewart, the SecureWorks researcher who conducted some of the most detailed analysis of the Storm worm.

The Web sites for CastleCops -- an all-volunteer, online scam fighting community -- also have been under a consistent denial-of-service attack for the past couple of weeks. Its main site and user forum are not working again this morning. Security Fix has spotlighted the laudable work this volunteer group does in bringing down phishing Web sites and analyzing new malicious software.

CastleCops co-founder Robin Laudanski said the intermittent site shutdowns have been inconvenient, but added that they have bolstered support for the group from within the security community.

"I take [the attacks] as a compliment because if we weren't putting a dent in the bad guys' pocketbooks, we wouldn't be getting attacked," Laudanski said. "It means we're being a pain, and that we're doing something right."

[Security Fix]

NYC Gothamist: Tracking Firefighters with Chips

Sun, 25 Feb 2007 03:14:16 GMT

Eventually the FDNY hopes to track the movement of every firefighter in a burning building --they already have schematics for nearly all buildings in the city. Using the location devices firefighters on the scene could be warned of conditions from the FDNY Operations Center.

Going to Canada? Check your past / Visitors with minor criminal records turned back at border

Fri, 23 Feb 2007 22:25:44 GMT

There was a time not long ago when a trip across the border from the United States to Canada was accomplished with a wink and a wave of a driver's license. Those days are over.

Take the case of 55-year-old Lake Tahoe resident Greg Felsch. Stopped at the border in Vancouver this month at the start of a planned five-day ski trip, he was sent back to the United States because of a DUI conviction seven years ago. Not that he had any idea what was going on when he was told at customs: "Your next stop is immigration.''

Felsch was ushered into a room. "There must have been 75 people in line," he says. "We were there for three hours. One woman was in tears. A guy was sent back for having a medical marijuana card. I felt like a felon with an ankle bracelet.''

[...]

Welcome to the new world of border security. Unsuspecting Americans are turning up at the Canadian border expecting clear sailing, only to find that their past -- sometimes their distant past -- is suddenly an issue.

While Canada officially has barred travelers convicted of criminal offenses for years, attorneys say post-9/11 information-gathering, combined with a sweeping agreement between Canada and the United States to share data, has resulted in a spike in phone calls from concerned travelers.

They are shocked to hear that the sins of their youth might keep them out of Canada. But what they don't know is that this is just the beginning. Soon other nations will be able to look into your past when you want to travel there.

[...]

"From the time that you turn 18, everything is in the system,'' says Lucy Perillo, whose Canada Border Crossing Service in Winnipeg, Manitoba, helps Americans get into the country.

[...]

So it isn't as if rules have stiffened. But what has changed is the way the information is gathered. In the wake of 9/11, Canada and the United States formed a partnership that has dramatically increased what Lesperance calls "the data mining'' system at the border.

The Smart Border Action Plan, as it is known, combines Canadian intelligence with extensive U.S. Homeland Security information. The partnership began in 2002, but it wasn't until recently that the system was refined.

"They can call up anything that your state trooper in Iowa can,'' Lesperance says. "As Canadians and Americans have begun cooperating, all those indiscretions from the '60s are going to come back and haunt us.''

[...]

The lesson, the attorneys say, is that if you must travel to Canada, you should apply for "a Minister's Approval of Rehabilitation" to wipe the record clear.

Oh, and by the way, if you don't need to travel to Canada, don't think you won't need to clear your record. Lesperance says it is just a matter of time before agreements are signed with governments in destinations like Japan, Indonesia and Europe.

"This,'' Lesperance says, "is just the edge of the wedge.''

Canadian Border Tightens Due to Info Sharing.

Fri, 23 Feb 2007 21:21:12 GMT

Canadian Border Tightens Due to Info Sharing. blu3 b0y writes "The San Francisco Chronicle is reporting that new information sharing agreements have made it as easy for a Canadian border officer to know the full criminal records of US citizens as it is for their local police. As a result, Canadian officials are turning away American visitors for ancient minor convictions, including 30-year-old shoplifting and minor drug possession convictions. Officials claim it's always been illegal to enter Canada with such convictions without getting special dispensation, they just had no good way of knowing about them until recent security agreements allowed access. One attorney speculates it's not long before this information will be shared with other countries as well, causing immigration hassles worldwide." [Slashdot: Your Rights Online]

EFF - miniLinks for 2007-02-21.

Fri, 23 Feb 2007 17:14:58 GMT

miniLinks for 2007-02-21.

Free Congress!
Coders gather to open up more of the legislature's deliberations.

Republicans, Democrats Spat Over IP Rights in Congress TV
After Speaker of the House Nancy Polosi is accused of "pirating" C-SPAN, the TV service reiterates that it has no copyright interest in the video.

Chinese Lawyers Protest Sina's Blog Censorship
Fight the arbitrary nature of China's limits on free speech.

New York Times on the DJ Mixtape Arrests
"DJs continued to release tapes -- some with hastily added tracks on which rappers cursed the RIAA"

Disney Must Consider Sharing Pooh's Honey
The endless fight over the merchandising rights to A.A. Milne's work continues to plague the copyright maximalist company.

Students Balk at University's "Free" Music Deals
One insider's view of dealing with the college-only licensed music services.

Bipartisan Effort to Junk Real ID Law
Democrat Rep. Tom Allen and Republican Rep. Scott Lansley push for reform of costly, invasive national ID mandate.

A 55-inch TV Is too big for the Super Bowl
Consumer electronics mavens scratch their heads at NFL's Super Bowl rules.

UK Government Rejects Calls for DRM Ban
While faulty, DRM is good for price discrimination, Prime Minister's office says.

Framing the DRM Debate
LinuxJournal's Don Marti says it's about more than property.

Europe's Plan to Track Phone and Net Use
Data retention implementation to be far worse than original plans.

UK Now Running 439,000 E-mail and Phone Taps
Report's author declares wiretap error rate "unacceptably high."

[EFF: Deep Links]

Colleges Struggle to Cope With Flood of Copyright Complaints.

Fri, 23 Feb 2007 16:49:38 GMT

Colleges Struggle to Cope With Flood of Copyright Complaints.

The major record labels are sending thousands more copyright nastygrams to colleges regarding student file sharing this year. Of course, file sharing continues unabated, and these P2P-related notices will simply push fans to use other readily-accessible technologies that the RIAA can't easily monitor -- copying music through iTunes over the campus LAN, swapping hard drives and USB flash drives, burning recordable DVDs, and forming ad hoc wireless networks.

So the RIAA's strategy still won't stop file sharing, but it certainly will cause collateral damage to academic freedom, free speech, and privacy. In a recently released report, the Brennan Center lays out what that cost looks like today based on interviews with representatives from 25 service providers including 10 from universities. Universities are already being forced to waste substantial resources on doing the RIAA's dirty work. Flooded with machine-generated complaints, schools are unable to evaluate the merits of particular complaints. While lacking procedural safeguards to make sure students wrongly accused of infringement are not penalized, many schools have adopted stricter penalties than the law requires. Schools have also adopted network monitoring and filtering tools that interfere with legitimate expression.

The increase in P2P-related notices stands only to make matters worse. The RIAA's Cary Sherman states that the increase in the notices is "something we feel we have to do," but blanket licensing provides a clear alternative to blanket lawsuits. Take action now to help stop the lawsuit campaign.

[EFF: Deep Links]

AT&T Whistleblower Wins Award.

Thu, 22 Feb 2007 16:28:40 GMT

AT&T Whistleblower Wins Award.

Whistleblower Mark Klein will get some well-deserved acknowledgement when he receives a James Madison Freedom of Information Award next month. The award could hardly find a more deserving recipient [~] Klein is the former AT&T technician who exposed the extent of the government's warrantless wiretapping program

In early 2006, Klein came forward with internal AT&T documents that show the company cooperated with the NSA's secret program to eavesdrop on internet communications, in violation of federal wiretapping laws and the Fourth Amendment. Klein's evidence demonstrates that in at least one of AT&T's facilities, internet traffic was diverted to a secret, secure room to which only the NSA had access.

All of the documents have been used in EFF's court case, which is currently under review by the Ninth Circuit Court of Appeals and a portion have been made broadly available on the internet since April, 2006.

In the words of EFF Staff Attorney Kurt Opsahl, Klein is [base "]a true American hero.[per thou] This public recognition of his bravery in defense of the public's right to know is richly deserved.

[EFF: Deep Links]

Music moguls seek security blanket - Los Angeles Times

Thu, 22 Feb 2007 16:24:50 GMT

One way to judge the music industry's troubles is to watch annual sales figures for CDs, which have slumped 25% since 2000. But it's more revealing to chart how the major record companies' attitudes about new business models online have been shifting.

At first the shifts were almost too small to notice, as when the labels started making a handful of downloadable songs available for $2.50 or more. But as the file-sharing phenomenon grew and CD sales slipped, the changes became more pronounced. The labels started offering the rights to songs on terms that didn't cripple their online partners. They embraced Apple's iTunes Music Store, whose anti-piracy technology doesn't actually limit copying. They cut deals with file-sharing companies for subscription services that let users share the songs they rented.

Along the way, though, the major labels adamantly refused to do the kind of deal necessary to replicate what the original Napster, Kazaa and eDonkey had provided: they would not accept a flat fee a "blanket" license that lets Internet service providers sell an all-you-can-eat sonic buffet, enabling customers to download, burn and swap as much as they pleased. The rights would be included in the cost of a high-speed Internet access line, so the downloads would seem free while still generating royalties for artists, songwriters, labels and publishers.

That reticence may be giving way, too, thanks to the relentless decline in revenue. Just look at what the head of the major record companies' global trade group, let slip last month at a music-industry gathering in France. If Internet service providers "want to come to us and look for a blanket license for an amount per month," IFPI chief John Kennedy said, "let's engage in that discussion."

His U.S. counterpart, Mitch Bainwol of the Recording Industry Assn. of America (RIAA), quickly added that the licenses should be negotiated voluntarily, not compelled by the government. So that part of the labels' thinking hasn't changed. Nevertheless, Kennedy's remark reflects a potential sea change in the way the record companies do business. If the labels follow through, it could trigger the greatest explosion in innovation since engineers at the Fraunhofer Institute in Germany developed the MP3 format.

That's a big "if," but two of the four majors have already taken the first step. In England, a venture called PlayLouder MSP is negotiating deals with record companies and music publishers for a competitively priced high-speed Internet access service that will include the right to download millions of songs, transfer them to portable devices and share them with friends. The main restriction is that subscribers can't send songs to people who aren't customers of PlayLouder MSP. In other words, it's a private electronic playground for music lovers.

The company, which expects to launch its service this year, plans to put a chunk of the monthly service charges into a royalty pool that would be divided according to popularity--the more often a song is downloaded, the larger the share of the pool that its copyright holders will receive. To monitor the network and enforce its borders, PlayLouder MSP relies on technology that can identify songs as they pass through the network--and, if necessary, block them. So far, several large independent labels from the U.S. and the U.K. have agreed to let the company offer MP3s of all their songs, while two of the majors, Sony BMG and EMI, have agreed to supply songs wrapped in electronic locks. Those locks won't make much difference, though; as part of the deal, subscribers will be free to share MP3s from all of PlayLouder MSP's partners, including Sony BMG and EMI.

Judge Refuses to Release Critical Documents in AT&T Surveillance Case.

Thu, 22 Feb 2007 15:56:51 GMT

Judge Refuses to Release Critical Documents in AT&T Surveillance Case.

Klein Declaration and Other Internal Documents to Stay Sealed for Now

San Francisco - A federal judge in San Francisco today denied requests from media groups to unseal critical evidence in the Electronic Frontier Foundation's (EFF's) class-action lawsuit against AT&T.

EFF's suit accuses the telecom giant of collaborating with the National Security Agency (NSA) in illegal spying on millions of ordinary Americans. The sealed evidence includes a declaration by Mark Klein, a retired AT&T telecommunications technician, as well as several internal AT&T documents and portions of a declaration from EFF's expert witness. Some of the evidence was previously released in redacted form, while other evidence is still completely unavailable to the media and the public.

"We're disappointed that the court did not choose to unseal all of the documents that include or refer to the evidence presented by Mark Klein and our expert, J. Scott Marcus. The government has already agreed that the evidence is neither classified nor a state secret, and is only being held under seal because of AT&T's weak trade secrecy claims," said Cindy Cohn, EFF's Legal Director. "Given that the privacy of millions of Americans is at stake, we strongly believe that the public would benefit from seeing this evidence for themselves."

Today's order is in response to a December hearing on the sealing issue. U.S. District Court Judge Vaughn Walker granted the media groups' request to intervene in the case, and said that he might revisit the unsealing motion at a later date.

For Judge Walker's full order:
http://www.eff.org/legal/cases/att/order_media_unsealing.pdf

For more on EFF's case against AT&T:
http://www.eff.org/legal/cases/att/

Contacts:

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
press@eff.org

[EFF: Breaking News]

Judge Denies Complete Stay in AT&T Surveillance Case.

Thu, 22 Feb 2007 15:55:14 GMT

Judge Denies Complete Stay in AT&T Surveillance Case.

Government and AT&T Cannot Freeze Proceedings During Appeal

San Francisco - A federal judge today ruled that the Electronic Frontier Foundation (EFF) can go forward with elements of its class action lawsuit against AT&T for collaborating with the government on illegal spying in ordinary Americans -- despite the government and AT&T's request to freeze proceedings during an appeal.

In his ruling, U.S. District Court Judge Vaughn Walker opened the door to beginning the discovery process, allowing EFF to ask "limited and targeted" questions as long as those questions do not overlap with the issues under consideration in the 9th U.S. Circuit Court of Appeals.

"The government wanted to put this case in the deep freeze," said EFF Staff Attorney Kurt Opsahl. "Instead, the court has invited us to move forward with some targeted questions. We're glad to accept that invitation, which will allow progress while respecting the government's national security concerns."

Judge Walker also refused to implement a blanket stay on the other telecommunications surveillance cases transferred to his court. He ruled that unless the parties stipulate to a stay, then "defendants will answer or otherwise respond to the complaint" by March 29. Earlier today, Judge Walker denied requests from media groups to unseal critical evidence in the AT&T case.

Judge Walker did grant the media groups' request to intervene, and said he might revisit the unsealing issue at a later date.

For Judge Walker's full order:
http://www.eff.org/legal/cases/att/stayorder220.pdf

For more on EFF's case against AT&T:
http://www.eff.org/legal/cases/att/

Contacts:

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
press@eff.org

[EFF: Breaking News]

DHS Nixes Use Of RFID In Border Security Program.

Mon, 19 Feb 2007 02:53:07 GMT

DHS Nixes Use Of RFID In Border Security Program. The US Department of Homeland Security's VISIT program will not us RFID technology to track foreigners leaving the country after a test of the system failed to impress officials. [Computerworld Security News]

Feds Pull Traveler Help Site.

Mon, 19 Feb 2007 00:04:38 GMT

Feds Pull Traveler Help Site. Homeland Security pulls down a website link for travelers with watchlist problems after 27BStroke6 points out security flaws. But TSA won't say whether the site was legal. In 27B Stroke 6. [Wired News: Top Stories]

EFF: DeepLinks - RIAA to ISPs: Help Us Sue Your Customers Better

Sun, 18 Feb 2007 23:53:10 GMT

As if suing thousands of music fans isn't bad enough, now the RIAA wants to conscript ISPs into helping them streamline the shakedowns. The major record labels sent a letter to ISPs across the country asking them to trade away customers' rights and make the overzealous file sharing lawsuits more profitable -- and the RIAA even has the audacity to suggest that this is all for your own good.

ISPs currently have no obligation to maintain IP log files, and that's a good thing when it comes to protecting your privacy. Those log files can serve as Internet breadcrumbs -- your ISP and any third party that has access to them can retrace your online activities.

But the RIAA wants ISPs to maintain (and disclose) a customer's IP logs for six months whenever the RIAA says the user may have infringed copyright. In exchange, the record companies will reduce its initial lawsuit settlement demands. Of course, the actual customer would have no say in the matter. The RIAA letter says it wants the information kept because it could "exculpate" the customer, but of course those same records can also implicate the user. Funny, the labels don't mention that.

EFF and others have long warned that copyright claims could become an altar on which personal privacy is sacrificed. Now the RIAA wants your ISP to voluntarily wield the knife, and there's no telling what else the RIAA might ask for once this cut has been made.

The RIAA also wants ISPs to keep customers in the dark about their legal options. Before the RIAA has even verified that the user is correctly identified, it wants ISPs to send along a note saying the user might be sued and can already settle potential claims. At the same time, the RIAA scolds ISPs for giving information to their customers that could help provide sound legal counsel. Instead, the RIAA wants ISPs to direct subscribers solely to the RIAA.

Is AT&T helping the NSA ? First your phone calls and now your e-mails (For Your Eyes Only? ) NOW | PBS.

Sun, 18 Feb 2007 19:53:13 GMT

For Your Eyes Only? NOW | PBS

This week, NOW reports on new evidence suggesting the existence of a secret government program that intercepts millions of private e-mails each day in the name of terrorist surveillance. News about the alleged program came to light when a former AT&T employee, Mark Klein, blew the whistle on what he believes to be a large-scale installation of secret Internet monitoring equipment deep inside AT&T's San Francisco office. The equipment, he contends, was created at the request of the U.S. government to spy on e-mail traffic across the entire Internet. Though the government and AT&T refuse to address the issue directly, Klein backs up his charges with internal company documents and personal photos.