Netizens Gain Some Privacy

Eye see u Willis

A small step, yet significant. I would like these to get stronger: even though the Do Not Call list is not perfect (too many loopholes, especially for political communications/surveys/etc.), it has cut down on the number of unsolicited telephone calls. Having a similar sort of list for online tracking would be welcomed.

Last week, Google and Mozilla announced new software for their Web browsers that would allow consumers to permanently opt out of the online tracking used by many advertisers to follow online activities, build consumer profiles and deliver tailored ads.

Last year, the Federal Trade Commission recommended ways to protect online privacy, including giving consumers a clear, simple way to opt out of data tracking — something akin to the do-not-call registry.

Hoping to pre-empt action from a Congress in which privacy protection is one of the very few items with strong bipartisan support, companies involved in online advertising have rushed to issue their own proposals.

The efforts are welcome. The fact that Google and Mozilla get most of their revenue from online advertising is a strong rebuttal to claims that allowing consumers to opt out of tracking would undermine ad-driven businesses and endanger the free Internet.

Still, these initiatives fall short of what is ultimately needed. The privacy plug-in for Google’s Chrome browser merely lets users opt out permanently from tracking by companies from the coalition of companies that already allow surfers to opt out. It allows them to keep their opt-out settings even if they clear their cookies.

Mozilla’s feature, which will be added to new versions of its Firefox browser, will broadcast users’ preference not to be tracked to the Web sites they visit and the tracking companies that deliver cookies from these sites. But it will be up to these companies to comply with customers’ wishes. Many advertising networks that offer opt-outs still track surfing, just not for marketing.

To close these loopholes, Congress should require all advertising and tracking companies to offer consumers the choice of whether they want to be followed online to receive tailored ads, and make that option easily chosen on every browser.

(click here to continue reading Netizens Gain Some Privacy – NYTimes.com.)

 

Illinois Eavesdropping Act Should be Overturned

Let Me Show You How to Eagle Rock

Police should be held to the same standards as citizens: and not allowed to hide behind this archaic, pre-digital law. I fail to see why the police are afraid of being recorded, unless they plan on bending the law in some way and don’t want to be caught. Other states don’t have this same law, and seem to be doing just fine…

The Illinois Eavesdropping Act has been on the books for years. It makes it a criminal offense to audio-record either private or public conversations without the consent of all parties, Mr. Schwartz said. Audio-recording a civilian without consent is a Class 4 felony, punishable by up to three years in prison for a first-time offense. A second offense is a Class 3 felony with a possible prison term of five years.

Although law-enforcement officials can legally record civilians in private or public, audio-recording a law-enforcement officer, state’s attorney, assistant state’s attorney, attorney general, assistant attorney general or judge in the performance of his or her duties is a Class 1 felony, punishable by up to 15 years in prison.

The A.C.L.U. filed its lawsuit after several people throughout Illinois were charged in recent years with eavesdropping for making audio recordings of public conversations with the police. The A.C.L.U. argued that the act violates the First Amendment and hinders citizens from monitoring the public behavior of police officers and other officials.

On Jan. 10, a federal judge in Chicago dismissed the suit for the second time. Mr. Schwartz said the A.C.L.U. would appeal. Andrew Conklin, a spokesman for Anita Alvarez, the Cook County state’s attorney, said, “We did feel the A.C.L.U.’s claims were baseless and we’re glad the court agreed with us.” Beyond that statement, Mr. Conklin said, “we have no comment because we have these two cases pending.”

(click to continue reading Eavesdropping Laws Mean That Turning On an Audio Recorder Could Send You to Prison – NYTimes.com.)

 

E-Mail and Letters Should Have Equal Legal Protection

Soviets Lithuania

Seems like a simple question, but law enforcement doesn’t want to accept that electronic communications have replaced handwritten documents. There shouldn’t be a distinction based solely on the medium the communication uses. If I have a safe in my house with personal documents,1 the police need a warrant to open it. Why should my email folder be any different?

The question boils down to this: Should personal information that people store online, from e-mail messages to photos to location updates, be treated the same as telephone calls or paper documents stored in a person’s home?

Right now, they often aren’t, in part because the Electronic Communications Privacy Act, which governs surveillance of what people do online, was written in 1986 — well before Twitter direct messages, Facebook status updates or Foursquare check-ins.

And Web users generally do not understand when and how law enforcement can access their information, said Ryan Calo, director of the consumer privacy project at Stanford Law School’s Center for Internet & Society.

“People have no idea that with a relatively small amount of process, people can get all this information that they’ve been storing for more than 180 days,” Mr. Calo said. “If they were to go and look at a privacy policy, it would say, ‘We comply with lawful requests for your information,’ but you don’t know what that means.”

(click to continue reading Should E-Mail and Letters Have Equal Legal Protection? – NYTimes.com.)

Unfortunately, the Supreme Court of the US currently has a reactionary majority, and will predictably side with the police over civil liberties, every time. There’s always hope…

So far, updates to the law have been piecemeal. For example, last month, the Sixth Circuit Court of Appeals, considering a fraud case, ruled that law enforcement cannot access e-mail messages stored online without a warrant because they are protected by the Fourth Amendment, which guards against unreasonable searches.

Footnotes:
  1. which I actually don’t, but I want one to store my passport and some similar papers in case of fire or other calamity []

1986 Privacy Law Inadequate For 2011 Digital Society

Popo Starry Pants

The mentality of law enforcement is that since there is information available about suspects, law enforcement officers should have free reign to sift through it, no matter what. However, if one is a suspect, and a warrant is executed for one’s home, the officers are usually limited to certain areas as precisely described by the warrant, they are not1 allowed to look through every single nook and cranny, unless the warrant has been constructed this broadly. Why isn’t digital data treated the same way?2

SAN FRANCISCO — Concerned by the wave of requests for customer data from law enforcement agencies, Google last year set up an online tool showing the frequency of these requests in various countries. In the first half of 2010, it counted more than 4,200 in the United States.

Google is not alone among Internet and telecommunications companies in feeling inundated with requests for information. Verizon told Congress in 2007 that it received some 90,000 such requests each year. And Facebook told Newsweek in 2009 that subpoenas and other orders were arriving at the company at a rate of 10 to 20 a day.

As Internet services — allowing people to store e-mails, photographs, spreadsheets and an untold number of private documents — have surged in popularity, they have become tempting targets for law enforcement. That phenomenon became apparent over the weekend when it surfaced that the Justice Department had sought the Twitter account activity of several people linked to WikiLeaks, the antisecrecy group.

Many Internet companies and consumer advocates say the main law governing communication privacy — enacted in 1986, before cellphone and e-mail use was widespread, and before social networking was even conceived — is outdated, affording more protection to letters in a file cabinet than e-mail on a server.

(click to continue reading Privacy Law Is Outrun by Speed of Web’s Progress – NYTimes.com.)

For some reason, The New York Times didn’t actually link to this Google tool, I’m not sure why. Anyway, after a few minutes of searching3, found it.

Like other technology and communications companies, we regularly receive requests from government agencies around the world to remove content from our services, or provide information about users of our services and products. This map shows the number of requests that we received in six-month blocks with certain limitations.

(click to continue reading Google Transparency Report: Government Requests.)

As of the current moment, Google has received 4287 requests for information in the United States alone4 from law enforcement in the last six months (an average of 714.5 requests a month, or nearly 24 requests a day).

Footnotes:
  1. officially []
  2. I am not a lawyer, and all my information comes from stupid television shows, so don’t laugh too loudly if I’m wrong []
  3. longer than I thought, actually []
  4. that Google is allowed to mention – perhaps not including some alleged participants in the War on Terror []

The Web Means Everything Is On Your Permanent Record

I am lucky that I was a teen and finished college before the digital age. As far as I know, there are no permanent records of my exploits anywhere on the web, accessible by casual web searchers, or overzealous customs officials. Like most 19 year olds, I did some crazy stuff, participated in some questionable behavior with my peers, but never was actually arrested by law enforcement. Thankfully. Because otherwise, I’d worry…

Three Note Oddity

Four years ago, Stacy Snyder, then a 25-year-old teacher in training at Conestoga Valley High School in Lancaster, Pa., posted a photo on her MySpace page that showed her at a party wearing a pirate hat and drinking from a plastic cup, with the caption “Drunken Pirate.” After discovering the page, her supervisor at the high school told her the photo was “unprofessional,” and the dean of Millersville University School of Education, where Snyder was enrolled, said she was promoting drinking in virtual view of her under-age students. As a result, days before Snyder’s scheduled graduation, the university denied her a teaching degree. Snyder sued, arguing that the university had violated her First Amendment rights by penalizing her for her (perfectly legal) after-hours behavior. But in 2008, a federal district judge rejected the claim, saying that because Snyder was a public employee whose photo didn’t relate to matters of public concern, her “Drunken Pirate” post was not protected speech.

When historians of the future look back on the perils of the early digital age, Stacy Snyder may well be an icon. The problem she faced is only one example of a challenge that, in big and small ways, is confronting millions of people around the globe: how best to live our lives in a world where the Internet records everything and forgets nothing — where every online photo, status update, Twitter post and blog entry by and about us can be stored forever. With Web sites like LOL Facebook Moments, which collects and shares embarrassing personal revelations from Facebook users, ill-advised photos and online chatter are coming back to haunt people months or years after the fact. Examples are proliferating daily: there was the 16-year-old British girl who was fired from her office job for complaining on Facebook, “I’m so totally bored!!”; there was the 66-year-old Canadian psychotherapist who tried to enter the United States but was turned away at the border — and barred permanently from visiting the country — after a border guard’s Internet search found that the therapist had written an article in a philosophy journal describing his experiments 30 years ago with L.S.D.

According to a recent survey by Microsoft, 75 percent of U.S. recruiters and human-resource professionals report that their companies require them to do online research about candidates, and many use a range of sites when scrutinizing applicants — including search engines, social-networking sites, photo- and video-sharing sites, personal Web sites and blogs, Twitter and online-gaming sites. Seventy percent of U.S. recruiters report that they have rejected candidates because of information found online, like photos and discussion-board conversations and membership in controversial groups.

(click to continue reading The Web Means the End of Forgetting – NYTimes.com.)

Land of the free, right.

Oh, and since Jeffrey Rosen didn’t specify the 66 year old Canadian psychologist who took LSD in 1967, his name is Andrew Feldmar, and I blogged about this travesty in 2007. He really was barred from entry to the US in May, 2007, because he wrote an article about his drug use – in 1967!

U.S. Program to Detect Cyber Attacks

Mixed feelings about this: the Federal Government probably should have some sort of cyber patrol to protect the nation’s infrastructure against attack, but am always skeptical that this isn’t just an excuse to legalize the spying upon citizens that has become the norm.

Eye see u Willis

The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.

Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million

(click to continue reading U.S. Program to Detect Cyber Attacks on Infrastructure – WSJ.com.)1

 

Footnotes:
  1. non-WSJ subscribers use this link []

United States E-Passports Contain RFID Chip

Wondered why my newly minted passport contained such a thick cover. Reading the back page carefully, I noticed the phrase, “This document contains sensitive electronics,” and of course, my curiosity was piqued.

This document contains sensitive electronics

The chip used in the e-passports will comply with the ISO 14443 RFID specification and contain the same information as a passport’s data page—the passport holder’s name, nationality, gender, date of birth, place of birth and digitized photo. The chip will also contain the passport number, issue date, expiration date and type of passport. The ISO 14443 specification permits chips to be read when an e-passport is placed within approximately 10 centimeters of an RFID interrogator (reader).

Of all objections the department received regarding its plans, the overwhelming majority expressed concern over the potential for skimming and/or eavesdropping. Skimming is the act of creating an unauthorized connection with an RFID tag in order to gain access to its data. Eavesdropping is the interception of the electronic communication session between an RFID tag and an authorized reader.

To prevent skimming, the department will add shielding material to the passport’s front cover and spine. The material is supposed to make the e-passport’s RFID tag unreadable as long as its cover is closed or nearly closed. The department will also implement Basic Access Control (BAC), which functions as a Personal Identification Number (PIN) in the form of characters printed on the passport data page. Before a passport’s tag can be read, this PIN must be inputted into an RFID reader. The BAC also enables the encryption of any communication between the chip and interrogator

(click to continue reading United States Sets Date for E-Passports – RFID Journal.)

 

Overloaded Intelligence Gathering Leads to Poor Intelligence

Too much data, indiscriminately accumulated, is just as much a problem as too little intelligence data, if not worse. Remember when we were America, land of the Free?

Do All Photographers Need a Warrant?

It has been demonstrated that when officials must establish before a court that they have reason to intercept communications — that is, that they know what they are doing — we get better intelligence than through indiscriminate collection and fishing expeditions.
[Rush Holt]

The failure of the U.S. Government to detect the fairly glaring Northwest Airlines Christmas plot — despite years and years of constant expansions of Surveillance State powers — illustrates this dynamic perfectly. As President Obama said [Janurary 5th, 2010], the Government — just as was true for 9/11 — had gathered more than enough information to have detected this plot, or at least to have kept Abdulmutallab off airplanes and out of the country. Yet our intelligence agencies — just as was true for 9/11 — failed to understand what they had in their possession. Why is that?  Because they had too much to process, including too much data wholly unrelated to Terrorism. In other words, our panic-driven need to vest the Government with more and more surveillance power every time we get scared again by Terrorists — in the name of keeping us safe — has exactly the opposite effect. Numerous pieces of evidence prove that.

Today in The Washington Post, that paper’s CIA spokesman, David Ignatius, explains that Abdulmutallab never made it onto a no-fly list because there are simply too many reports of suspicious individuals being submitted on a daily basis, which causes the system to be “clogged” — overloaded — with information having nothing to do with Terrorism. As a result, actually relevant information ends up obscured or ignored.  Identically, Newsweek’s Mike Isikoff and Mark Hosenball report that U.S. intelligence agencies intercept, gather and store so many emails, recorded telephone calls, and other communications that it’s simply impossible to sort through or understand what they have, quite possibly causing them to have missed crucial evidence in their possession about both the Fort Hood and Abdulmutallab plots:

This deluge of Internet traffic — involving e-mailers whose true identity often is not apparent — is one indication of the volume of raw intelligence U.S. spy agencies have had to sort through as they have tried to assess Awlaki’s influence in the West and elsewhere, said the officials, who asked for anonymity when discussing sensitive information. The large volume of messages also may help to explain how agencies can become so overwhelmed with data that sometimes it is difficult, if not impossible, to connect potentially important dots.

Newsweek adds that intelligence agencies likely possessed emails between accused Fort Hood shooter Nidal Hasan and Yemeni-American cleric Anwar al-Awlaki — as well as recorded telephone calls between al-Awlaki and Abdulmutallab — but simply failed to analyze or understand what they had intercepted.

[Click to continue reading Glenn Greenwald – Backfiring of the Surveillance State : Salon.com]

Pretty pathetic. And the solution is simple: start being much more targeted with information collection so there is less noise and more actionable signal. Allowing 8 year old kids like Mike Hicks to remain on the No-Fly List for seven years is just idiotic

Mikey, who would rather talk about BMX bikes and his athletic trophies than airport security, remains perplexed about the “list” and the hurdles he must clear. “Why do they think a kid is a terrorist?” Mikey asked his mother at one point during the interview.

Mrs. Hicks said the family was amused by the mistake at first. But that amusement quickly turned to annoyance and anger. It should not take seven years to correct the problem, Mrs. Hicks said. She applied for redress in December when she first heard about the Department of Homeland Security’s program.

“I understand the need for security,” she added. “But this is ridiculous. It’s quite clear that he is 8 years old, and while he may have terroristic tendencies at home, he does not have those on a plane.”

[Click to continue reading Mikey Hicks, 8, Can’t Get Off U.S. Terror Watch List – NYTimes.com]

and he’s not alone

For every person on the lists, hundreds of others may get caught up simply because they share the same name; a quick scan through a national phone directory unearthed 1,600 Michael Hickses. Over the past three years, 81,793 frustrated travelers have formally asked that they be struck from the watch list through the Department of Homeland Security; more than 25,000 of their cases are still pending. Others have taken more drastic measures. Mario Labbé, a frequent-flying Canadian record-company executive, started having problems at airports shortly after Sept. 11, 2001, with lengthy delays at checkpoints and mysterious questions about Japan. By 2005, he stopped flying to the United States from Canada, instead meeting American clients in France. Then a forced rerouting to Miami in 2008 led to six hours of questions.

“What’s the name of your mother? Your father? When were you last in Japan?” Mr. Labbé recalled being asked. “Always the same questions in different order. And sometimes, it’s quite aggressive, not funny at all.” Fed up, in the summer of 2008, he changed his name to François Mario Labbé. The problem vanished.

Boy, that makes me feel so much safer – just change your name, and voila, no problems!

Continuous Video Recording in Progress

The mind-set doesn’t appear to be ending soon, if Massachusetts Police policy is any indication:

A report from the New England Center For Investigative Reporting has chronicled a pattern of what civil liberties advocates say is a misuse of police powers: Massachusetts police are using the state’s stringent surveillance laws to arrest and charge people who record police activities in public.

It’s a situation that is pitting new technologies against police powers. With recording equipment now embedded into cellphones and other common technologies, recording police activities has never been easier, and has resulted in numerous cases of police misconduct being brought to light. And that, rights advocates argue, is precisely what the police are trying to prevent.

In October, 2007, Boston lawyer Simon Glick witnessed what he said was excessive use of police force during the arrest of a juvenile. When he pulled out his cellphone to record the incident, he was arrested and charged with “illegal electronic surveillance.”

In December, 2008, Jon Surmacz, a webmaster at Boston University, was attending a party that was brok

[Click to continue reading Massachusetts cops can arrest you for making them famous | Raw Story]

Even the Chicago Transit Authority is getting into the action

The Chicago Transit Authority is so “committed to safety,” that it is urging commuters to report people committing “excessive photography/filming.”

The sign posted inside the train stations places photographers on the same level as, say, a non-CTA employee walking the tracks or an unattended package or “noxious smells or smoke.”

In other words, it accuses photographers of being possible terrorists or just suicidal maniacs.

The problem is that these signs not only encourage commuters to dial 911 when seeing someone taking photos, which will tie up real emergencies, it contradicts the CTA’s own policy on photography and videography within train stations.

[Click to continue reading Chicago Transit Authority urges commuters to report photographers | Photography is Not a Crime]

More data, more clutter in the system for intelligence to sort out, or the already overloaded judicial system, and for what reason? We need a change in direction, and soon.

Minions of Rupert Murdoch illegally hacked 3000 cellphone accounts

Either Rupert Murdoch is too close a friend of most US media conglomerate CEOs, or else they are scared of incurring Murdoch’s wrath. What other explanation for the lack of coverage of the juicy Guardian UK scoop regarding Murdoch illegality?

But so far the Guardian, which last Wednesday broke the news of how two newspapers belonging to Rupert Murdoch illegally hacked into the mobile phone accounts of “two or three thousand” people, as well as “gaining unlawful access to confidential personal data, including tax records, social security files, bank statements and itemized phone bills [belonging to] Cabinet ministers, MPs, actors and sports stars” has the story pretty much to itself.

On the surface this is surprising. Here, after all, is a story that combines boldface names like Gwyneth Paltrow, Elle MacPherson, Nigella Lawson and George Michael with the official spokesman of the Conservative Party (Andy Coulson, media strategist for Tory leader David Cameron, was editor of the News of the World when the paper allegedly paid private investigators for access to the celebrities’ accounts) and Rupert Murdoch, the world’s most powerful media baron. The BBC put the story at the top of its world news lineup, and followed up the next day with a story about how some of famous targets were contemplating lawsuits. So why has the Guardian’s incredible scoop turned out to be a 2 day wonder?

[Click to continue reading  The Dog That Didn’t Bark]

Quite curious, no?

Rupert Murdoch’s News Group News papers has paid out more than £1m to settle legal cases that threatened to reveal evidence of his journalists’ repeated involvement in the use of criminal methods to get stories.

The payments secured secrecy over out-of-court settlements in three cases that threatened to expose evidence of Murdoch journalists using private investigators who illegally hacked into the mobile phone messages of numerous public figures as well as gaining unlawful access to confidential personal data, including tax records, social security files, bank statements and itemised phone bills. Cabinet ministers, MPs, actors and sports stars were all targets of the private investigators.

Today, the Guardian reveals details of the suppressed evidence, which may open the door to hundreds more legal actions by victims of News Group, the Murdoch company that publishes the News of the World and the Sun, as well as provoking police inquiries into reporters who were involved and the senior executives responsible for them.

[Click to continue reading Murdoch papers paid out £1m to gag phone-hacking victims | Media |The Guardian]

such as

When the high court last summer ordered the News of the World to pay damages to Max Mosley for secretly filming him with prostitutes, the paper was furious. In an angry leader column, it insisted that public figures must maintain standards. “It is not for the powerful and the influential to run to the courts to gag newspapers from publishing stories that are TRUE,” it said. “This is all about the public’s right to know.”

Even as those words were being published, lawyers and senior executives from News International’s subsidiary News Group were preparing to run to court to gag Gordon Taylor, the chief executive of the Professional Footballers’ Association, who was suing the News of the World for its undisclosed involvement in the illegal interception of messages left on his mobile phone.

By persuading the high court to seal the file and by paying Taylor more than £400,000 damages in exchange for his silence, News Group prevented the public from knowing anything about the hundreds of pages of evidence which had been disclosed in Taylor’s case, revealing potentially criminal behaviour by journalists on its payroll. It also protected some powerful and influential people from the implications of that evidence.

[Click to continue reading  Trail of hacking and deceit under nose of Tory PR chief guardian.co.uk ]

Red Light Night

names like:

Scotland Yard disclosed only a limited amount of its evidence to Taylor. The Guardian understands that the full police file shows that several thousand public figures were targeted by investigators, including, during one month in 2006: John Prescott, then deputy prime minister; Tessa Jowell, then responsible for the media as secretary of state for culture; Boris Johnson, then the Conservative spokesman on higher education; Gwyneth Paltrow, after she had given birth to her son; George Michael, who had been seen looking tired at the wheel of his car; and Jade Goody.

When Goodman, the News of the World’s royal editor, was jailed for hacking into the mobile phones of Palace staff, News International said he had been acting without their knowledge. One of the investigators working for the paper, Glenn Mulcaire, was also charged with hacking the phones of the Lib Dem MP Simon Hughes, celebrity PR Max Clifford, model Elle MacPherson and football agent Sky Andrew as well as Taylor. At the time, the News of the World claimed to know nothing about the hacking of these targets, but Taylor has now proved that to be untrue in his case. Others who are believed to have been possible targets include the Scottish politician Tommy Sheridan, who has previously accused the News of the World of bugging his car; Jeffrey Archer, whose perjury was exposed by the paper; and Sven-Göran Eriksson, whose sex life became a tabloid obsession.

Vast Spy System Loots Computers

Amazing, but not that surprising. The full 53-page report is available here, if you are interested in the details1.

Computer Consultants

A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information.

[Click to read more of Vast Spy System Loots Computers in 103 Countries – NYTimes.com]

Amusing that this front page article doesn’t once mention the operating system the target computers ran. Did Microsoft agree to purchase full page advertisements in the Sunday New York Times for the next ten years in order to keep Windows and Outlook from being mentioned in the story? Why do governments use Windows in sensitive networks anyway? Even if they didn’t use Macs, perhaps they could use Linux machines instead.

Apple Logos

Kim Zetter of Wired adds:

Infected computers include the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, and the Philippines and embassies of India, South Korea, Germany, Pakistan and Taiwan. Thirty percent of the infected computers could be considered “high-value” diplomatic, political, economic and military targets, the researchers say.

The largest number of infected computers in a single country were in Taiwan (148), followed by Vietnam (130) and the U.S. (113). Seventy-nine computers were infected at the Taiwan External Trade Development Council (TAITRA). One computer at Deloite & Touche in New York was among those infected in the U.S.

The earliest infection the researchers found occurred May 22, 2007; the most recent infection at the time they wrote their report was March 12, 2009. Each computer was infected for various amounts of days, with the average being about 145 days. There were significant spikes in the number of systems infected in December 2007 (113 of 320 infections in December occurred at TAITRA in Taiwan) and August 2008.

The researchers found the network after examining computers at the Dalai Lama’s office and found that the system had gained control of mail servers for the Dalai Lama’s offices, allowing the spies to intercept all correspondence.

The computers were infected either after workers clicked on an e-mail attachment containing malware or clicked on a URL that took them to a rogue web site where the malware downloaded to their computer. The spy network continues to infect about a dozen new computers in various places each week, according to the researchers, who are based at the University of Toronto’s Munk Center for International Studies.

The malware includes a feature for turning on the web camera and microphone on a computer in order to secretly record conversation and activity in a room.

They write that e-mails that OHHDL workers received that contained the infected attachments appeared to come from Tibetan co-workers. In some cases, monks received infected e-mails that appeared to come from other monks. The attackers seemed to target their infected correspondence at key people in the OHHDL office, including network administrators. In this way, the attackers likely gained login credentials for the mail server. Once they had control of the mail server, they were able to infect more computers by intercepting legitimate e-mail in transit and replace clean attachments with infected .doc and .pdf attachments that installed rootkits on the recipient’s computer that gave the attacker full control over the computer.

One monk reported that he was looking at his screen when his Outlook Express program launched on its own and began sending out e-mails with infected attachments.

[Click to continue reading Electronic Spy Network Focused on Dalai Lama and Embassies | Threat Level from Wired.com]

Fascinating stuff. China is very serious about keeping Tibet under their thumb.

Footnotes:
  1. unfortunately, to download the document as a PDF, you have to give up an email account, and other personal data []

NSA Wiretaps Combined with Credit Card Records of U.S. Citizens

My paranoid self wonders if this is why the TSA always opens my suitcase every time I travel, and why I used to always get marked for special searches of my person and luggage (up until recently). Maybe, maybe not, but of course, I’ll never know.

Data Dump

NSA whistleblower Russell Tice was back on Keith Olbermann’s MSNBC program Thursday evening to expand on his Wednesday revelations that the National Security Agency spied on individual U.S. journalists, entire U.S. news agencies as well as “tens of thousands” of other Americans.

Tice said on Wednesday that the NSA had vacuumed in all domestic communications of Americans, including, faxes, phone calls and network traffic.
Today Tice said that the spy agency also combined information from phone wiretaps with data that was mined from credit card and other financial records. He said information of tens of thousands of U.S. citizens is now in digital databases warehoused at the NSA.

“This [information] could sit there for ten years and then potentially it marries up with something else and ten years from now they get put on a no-fly list and they, of course, won’t have a clue why,” Tice said.

In most cases, the person would have no discernible link to terrorist organizations that would justify the initial data mining or their inclusion in the database.

[From NSA Whistleblower: Wiretaps Were Combined with Credit Card Records of U.S. Citizens | Threat Level from Wired.com]

The NSA started large – accumulating as much information from as wide a source as they could get. Theoretically, once their database was seeded, they culled out non-terrorists, but I’m skeptical. The data is still being held, waiting for some future reason to utilize it.

“This is garnered from algorithms that have been put together to try to just dream-up scenarios that might be information that is associated with how a terrorist could operate,” Tice said. “And once that information gets to the NSA, and they start to put it through the filters there . . . and they start looking for word-recognition, if someone just talked about the daily news and mentioned something about the Middle East they could easily be brought to the forefront of having that little flag put by their name that says ‘potential terrorist’.”

Constitution Free Zone

Scary stuff. Scary fracking stuff indeed.

ACLU Constitution Free Zone

Using data provided by the U.S. Census Bureau, the ACLU has determined that nearly 2/3 of the entire US population (197.4 million people) live within 100 miles of the US land and coastal borders.

The government is assuming extraordinary powers to stop and search individuals within this zone. This is not just about the border: This ” Constitution-Free Zone” includes most of the nation’s largest metropolitan areas.

We urge you to call on Congress to hold hearings on and pass legislation to end these egregious violations of Americans’ civil rights.

[From American Civil Liberties Union : Surveillance Society Clock]

The ACLU has compiled a FAQ which begins:

  • Normally under the Fourth Amendment of the U.S. Constitution, the American people are not generally subject to random and arbitrary stops and searches.
  • The border, however, has always been an exception. There, the longstanding view is that the normal rules do not apply. For example the authorities do not need a warrant or probable cause to conduct a “routine search.”
  • But what is “the border”? According to the government, it is a 100-mile wide strip that wraps around the “external boundary” of the United States.
  • As a result of this claimed authority, individuals who are far away from the border, American citizens traveling from one place in America to another, are being stopped and harassed in ways that our Constitution does not permit.
  • Border Patrol has been setting up checkpoints inland — on highways in states such as California, Texas and Arizona, and at ferry terminals in Washington State. Typically, the agents ask drivers and passengers about their citizenship. Unfortunately, our courts so far have permitted these kinds of checkpoints – legally speaking, they are “administrative” stops that are permitted only for the specific purpose of protecting the nation’s borders. They cannot become general drug-search or other law enforcement efforts.
  • However, these stops by Border Patrol agents are not remaining confined to that border security purpose. On the roads of California and elsewhere in the nation – places far removed from the actual border – agents are stopping, interrogating, and searching Americans on an everyday basis with absolutely no suspicion of wrongdoing.
  • The bottom line is that the extraordinary authorities that the government possesses at the border are spilling into regular American streets.

The ACLU has also written a bit about the technology innovations which are enabling this massive and un-American database project.

Ellen Nakashima of the Washington Post wrote recently:

The U.S. government has quietly recast policies that affect the way information is gathered from U.S. citizens and others crossing the border and what is done with it, including relaxing a two-decade-old policy that placed a high bar on federal agents copying travelers’ personal material, according to newly released documents.

The policy changes, civil liberties advocates say, also raise concerns about the guidelines under which border officers may share data copied from laptop computers and cellphones with other agencies and the types of questions they are allowed to ask American citizens.

In July, the Department of Homeland Security disclosed policies that showed that federal agents may copy books, documents, and the data on laptops and other electronic devices without suspecting a traveler of wrongdoing. But what DHS did not disclose was that since 1986 and until last year, the government generally required a higher standard: Federal agents needed probable cause that a law was being broken before they could copy material a traveler was bringing into the country.

[From Expanded Powers to Search Travelers at Border Detailed – washingtonpost.com]

and added this in an earlier article on the same topic:

The notice states that the government may share border records with federal, state, local, tribal or foreign government agencies in cases where customs believes the information would assist enforcement of civil or criminal laws or regulations, or if the information is relevant to a hiring decision.

They may be shared with a court or attorney in civil litigation, which could include divorce cases; with federal contractors or consultants “to accomplish an agency function related to this system of records”; with federal and foreign intelligence or counterterrorism agencies if there is a threat to national or international security or to assist in anti-terrorism efforts; or with the news media and the public “when there exists a legitimate public interest in the disclosure of the information.”

Homeland Security is proposing to exempt the database from some provisions of the 1974 Privacy Act, including the right of a citizen to know whether a law enforcement or intelligence agency has requested his or her records and the right to sue for access and correction in those disclosures.

A traveler may, however, request access to records based on documents he or she presented at the border.

The notice is posted at the Government Printing Office‘s Web site.

Danny Westneat of the Seattle Times wrote of one such occurrence in 2007:

Layla Iranshad, 27, was headed to her job at Peninsula College. She says the agent asked her if she was a U.S. citizen (yes, she answered), then asked where she was born.

“I said in England. Then he asked how I got my citizenship. He also wanted to know where I lived and where I was going.

“It freaked me out. Since when in this country do we get stopped on the street and questioned about our citizenship?”

U.S. Customs and Border Protection announced last week it will stop drivers at a series of random checkpoints on the Olympic Peninsula in the coming months.

“The primary purpose of the temporary checkpoints is to support enhanced national-security efforts to deter, detect and prevent the threat of terrorist attacks against the American people,” says a statement from the Border Patrol.

The agency, which guards the international boundary, can set up “interior checkpoints” up to 100 miles from any border. The checkpoints have been used before near the Blaine crossing, but never on the Olympic Peninsula.

Forks is 30 miles from the border, which lies in the Strait of Juan de Fuca. By these rules, the agency could set up a checkpoint in downtown Seattle, which is 70 miles from the border off Port Angeles.

[From Local News | Checkpoint sticks in Forks’ craw | Seattle Times Newspaper]

Remind me again what country we live in? I’m writing my Senators1 and my Congress-critter about this crazy, totalitarian, government insanity. How about you?

Footnotes:
  1. one of whom should become President, and one of whom probably will become President []

What Is Sarah Palin Hiding in her Yahoo e-mails

Sarah Palin’s Yahoo email account was apparently hacked by the Anonymous gang of internet pranksters. Glenn Greenwald is amused that the Rethuglicans suddenly care about privacy.

crime plus 8 mailbox

Still, it’s really a wondrous, and repugnant, sight to behold the Bush-following lynch mobs on the Right melodramatically defend the Virtues of Privacy and the Rule of Law. These, of course, are the same authoritarians who have cheered on every last expansion of the Lawless Surveillance State of the last eight years — put their fists in the air with glee as the Federal Government seized the power to listen to innocent Americans’ telephone calls; read our emails; obtain our banking, credit card, and library records; and create vast data bases of every call we make and receive and every prescription we fill and every instance of travel andother vast categories of information that remain largely unknown — all without warrants or oversight of any kind and often in clear violation of the law.

The same political faction which today is prancing around in full-throated fits of melodramatic hysteria and Victim mode (their absolute favorite state of being) over the sanctity of Sarah Palin’s privacy are the same ones who scoffed with indifference as it was revealed during the Bush era that the FBI systematically abused its Patriot Act powers togather and store private information on thousands of innocent Americans; that Homeland Security officials illegally infiltrated and monitored peaceful, law-abiding left-wing groups devoted to peace activism, civil liberties and other political agendas disliked by the state; and that the telephone calls of journalists and lawyers have been illegally and repeatedly monitored.

And the same Surveillance State Worshipper leading today’s screeching —Michelle Malkin — spent the last several years deriding those who objected to the President’s illegal spying program as “privacy crusaders” and “constitutional absolutists” and “civil liberties absolutists”

Shouldn’t these same people be standing up today and insisting that if Sarah Palin has done nothing wrong, then she should have nothing to hide? If Sarah Palin isn’t committing crimes or consorting with The Terrorists, then why would she care if we can monitor her emails? And if private companies such as Yahoo can access her emails — as they can — then she doesn’t really have any “privacy” anyway, so what’s the big deal if others read through her communications, too? Isn’t that the authoritarian idiocy that has been spewed since The Day That 9/11 Changed Everything — beginning with the Constitution — to justify vesting secret and unchecked surveillance powers in our Great and Good Leaders?

[Click to read more of this great rant: What does Sarah Palin have to hide in her Yahoo e-mails? – Glenn Greenwald – Salon.com]

Chertoff Misleads on Laptop Searches

Surprising nobody, Department of Homeland Security Secretary Mike Chertoff mouthed statements that could be considered misleading in polite company, or out and out lies here in the Big Potato. Senator Russ Feingold calls Chertoff on Chertoff’s bs.

Pip and his MBA

[Pip investigates a laptop]

Secretary Chertoff’s description of the newly published DHS policy on laptop searches was not just misleading – it was flat-out wrong. In an interview with Wired.com, the Secretary stated that “[w]e only do [laptop searches] when we put you into secondary [screening] and we only put you into secondary [screening] … when there is a reason to suspect something.”

But the actual policy that DHS published says the exact opposite. It does not even mention secondary screening, let alone limit laptop searches to those cases, and it expressly states that Americans’ laptops may be searched “absent individualized suspicion.”

Secretary Chertoff’s blatant mischaracterization of the DHS policy contradicts his claim to be engaging in greater “openness and transparency” on this important issue. His statements make it clearer than ever that as we work to protect our national security, Congress must also act to protect law-abiding Americans against highly intrusive searches.

[From Chertoff Misleads on Laptop Searches, Feingold Charges | Threat Level from Wired.com]

I’m glad Senator Feingold didn’t run for President – he wouldn’t have won, and instead he can concentrate on doing good in the Senate.

bonus, and totally unrelated, except in a vague sort of totalitarian way:

How to properly pronounce the Chinese capital, Beijing.

httpv://www.youtube.com/watch?v=_GE4dkpOdPw

Lawmakers Make Web-Advertising Inquiries

Worth noting.

Senior lawmakers are launching an investigation into potential privacy problems stemming from companies that tailor Internet advertising to consumers’ Web surfing.

Four top Democrats and Republicans on the House Energy and Commerce Committee sent letters to 33 companies asking detailed questions about how they serve Web ads to customers and whether they collect or store data on people’s Internet searches.

The letters went to large companies such as Comcast Corp., Time Warner Cable Inc., AT&T Inc., Verizon Communications Inc., Google Inc., Microsoft Corp. and Yahoo Inc. as well as smaller companies such EarthLink Inc.

The letters were signed by John Dingell (D., Mich.), Joe Barton (R., Texas), Edward Markey (D., Mass.) and Cliff Stearns (R., Fla.).

[From Lawmakers Make Web-Advertising Inquiries – WSJ.com]

Two Republicans, two Democrats. Hmm, apparently non-partisanship can occur, if need be.