EFF Experts Address Security, Openness, and Privacy at United Nations' Internet Governance Forum: Via EFF.org Updates.

Vilnius, Lithuania - Experts from the Electronic Frontier Foundation (EFF) will address security, openness, privacy, and other issues at the United Nations' Internet Governance Forum (IGF), set for September 14-17 in Vilnius, Lithuania.

This is the fifth meeting of the IGF, which was established to discuss public policy issues related to Internet governance on a global scale. Approximately 1,500 government policymakers, technologists, politicians, and others will attend.

EFF experts will participate in nine workshops in Vilnius, including "The Future of Privacy," with EFF Senior Staff Attorney Kevin Bankston and EFF International Rights Director Katitza Rodriguez, who is also a member of the Multistakeholder Advisory Group that helped plan the meeting. Also on the agenda is "Governance of Social Media," with EFF Senior Staff Attorney Kurt Opsahl and "Why We Need an Open Web," with EFF International Affairs Director Eddan Katz.

For a complete schedule of EFF's participation in IGF see http://www.eff.org/calendar/2010/09/14/eff-united-nations-internet-gover.... [ Read more ... ]

Could Iris Scanners Replace Our Wallets?: Via Kashmir Hill - The Not-So Private Parts - Forbes.

Austin Carr at Fast Company sprinkled references to The Minority Report throughout his article on iris scanners in Leon and ominously ended his piece  with, “Goodbye 2010. Hello 1984,” tapping neatly into fears of Big Brother and an omniscient “other” monitoring all that we do. Perhaps it’s a little too neat. Is it possible that iris scans could actually provide us with more privacy in our day-to-day lives?

I had an interesting conversation with Global Rainmakers Inc’s COO Jeff Carter about this contrarian take on a world in which we’re identified and tracked by iris scans…

Fear of living in a surveillance society increasingly seems laughable given the way that we live today. We obsessively update profiles on social networking sites and résumés on LinkedIn. We carry GPS devices in the forms of smartphones around with us, and voluntarily broadcast our movements and locations on Foursquare and, more recently, Facebook Places. We let shopping loyalty programs track what we buy. More and more, it seems that convenience trumps privacy concerns in the choices that we make. [ Read more ... ]

Advertisers get hands stuck inside HTML5 database cookie jar: Via ArsTechnica.

It's because of this behavior that some of our readers drew our attention to something called RLDGUID, a Safari database that has been popping up more and more on iOS devices. What is it, who put it there, and what purpose does it serve? The company behind this database, Ringleader Digital, is basically using some of the modern HTML5 capabilities of mobile browsers to perform the same tasks as a traditional cookie, but out of sight of most users. We decided to dig in and see what RLDGUID is all about, and what we found was sometimes confusing. More importantly, however, it highlights why users should be made more aware of what their browsers are storing about them.  [ Read more ... ]

Exposed student data leaves prying eyes wide open: Via City College News at Minneapolis Community and Technical College.

Names, work-study information and student IDs left open for all

An online MCTC directory left sensitive student data and internal documents accessible to the prying eyes of anyone with an Internet connection since at least the summer of 2006, according to an investigation by City College News.

Besides annual accounts-receivable reports and salary rosters, a database spanning the last several years of work-study records contained the names of students, their student ID numbers, the amount which they were awarded and the amount which they had earned, sorted by department. [ Read more ... ]

New lawsuit to challenge laptop searches at U.S. border: Via The Washington Post .

Criminal defense lawyers, press photographers and a university student are challenging the Obama administration's search policy permitting officers at U.S. borders to detain travelers' laptop computers and examine their contents even without suspecting the traveler of wrongdoing.

In a federal lawsuit to be filed Tuesday in the Eastern District of New York, the plaintiffs allege that the Department of Homeland Security policy violates constitutional rights to privacy and free speech.

At issue is the government's contention - upheld by two federal appeals courts - that its broad authority to protect the border extends to reviewing information stored in a traveler's laptop, cellphone or other electronic device, even if the traveler is not suspected of involvement in criminal activity. In the government's view, a laptop is no different than a suitcase. [ Read more ... ]

With Great Power Comes Great Responsibility: A Facebook Bill Of Rights: Via Tech Crunch.

Facebook has come along way from being Mark Zuckerberg’s afterschool project. In fact “The Facebook Effect” author David Kirkpatrick implied at TechCrunch Disrupt that Facebook was so influential it should be governed by the United Nations, “They are too important to our culture to be left to a private corporation” he said.

But, despite the fact that at 500 million users Facebook has just under twice the population of the United States, it is a business not a country. And while Google is currently the most visited site on the Internet with about 170 million or so uniques in July, the levels of interaction that we have with Facebook are more often and more intimate, which makes it the most important site on the Internet today.

The amount of time we spend on Facebook underscores the fact that we no longer live in geopolitical countries but digital ones. [ Read more ... ]

Phone-hacking scandal: Theresa May defends police investigation: Via Media | guardian.co.uk .

Home secretary says it is not for government to decide whether there should be new inquiry into allegations against News of the World

Theresa May today defended the police investigation into phone-hacking allegations against the News of the World amid calls for the prime minister, David Cameron, to dismiss his director of communications.

The home secretary said the initial inquiry had been reviewed by the police, the Crown Prosecution Service (CPS) and the previous government and "all concluded that the investigation was proper and appropriate".

As the pressure grew on the Downing Street communications chief, Andy Coulson – who resigned as the editor of the News of the World in 2007 over the initial allegations – May said it was not for the government to decide whether there should be a new criminal investigation. [ Read more ... ]

Would you pay for a cooler, less creepy Facebook?: Via The Register(UK).

Big Chill founder launches a members' social network

Sick of creepy, unaccountable social networks that are little more than hoarders and traders of personal information? Pete Lawrence, founder of the Big Chill Festival is too, and will today unveil his plans a member-supported service.

Now you might expect a new "crowdfunding" initiative to get the usual short and brutal Reg treatment - but this one deserves to be taken seriously.

'We're a democratic member-owned co-op, bitch'
Firstly, because it's backed by Pete Lawrence, whose reputation as one of the most principled (and nicest) music entrepreneurs potentially brings a core audience. And secondly, because the time is right - with frustration at Facebook and the faceless data hoarders now quite palpable. Someone has to try something different - and a subscription model with voting rights means members actually care about the service. [ Read more ... ]

Senate Candidate Sued By Copyright Troll: Via Slashdot.

The Iso writes "Las Vegas based company Righthaven found two articles from the Las Vegas Review-Journal about Republican Senate candidate Sharron Angle reprinted on her web site without permission, so it did what it always does: bought the rights to the articles from the Review-Journal and sued the alleged infringer, seeking unspecified damages."

Read Original Article:(Via Slashdot.)

Free Press, Lauren Weinstein, Google, and Net Neutrality: Via Lauren Weinstein's Blog.

Greetings. Last Friday, in a posting titled The New McCarthyism of Google-Baiting Spreads Its Stain, I expressed my concerns regarding what I view to be disgraceful tactics that have been recently employed by some parties in the ongoing debates regarding Net Neutrality and related issues. Two facets that I specifically addressed were a published attack directed at me by Craig Aaron, the managing director of Free Press, and the presentation of a video (produced by Consumer Watchdog) in New York's Times Square that portrayed Google's CEO in the apparent aspect of a child molester.

This morning I received a note from Craig of Free Press regarding my posting. He asked me to share that e-mail publicly, and I will honor his request here, along with my associated reply that I sent him today.

Here are both of the communications, presented without additional comments at this time:

E-mail from Free Press to Lauren (9/5/10)

E-mail from Lauren to Free Press (9/5/10)

Take care, all.

--Lauren--

Read Original Article:(Via Lauren Weinstein's Blog.)

New Malware Imitates Browser Warning Pages: Via Slashdot.

Jake writes with this excerpt from Ars: "Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before. Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless 'Safe Browsing Mode' with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied."

Read Original Article:(Via Slashdot.)

Game Publishers Using Stealth P2P Clients: Via Slashdot.

An anonymous reader writes "TorrentFreak has shed some light on the dark practice of installing stealth-mode P2P clients during game downloads and using unsuspecting gamers' PCs as 'bandwidth slaves.' The clients operate in the background and largely go unnoticed until problems arise that are caused by overactive uploading/seeding. While the Akamai NetSession Interface and Pando Media Booster are specifically called out, there appear to be other offenders as indicated in the comments left by TorrentFreak readers. A publisher called Solid State Networks is putting out a call for an industry-wide 'best practices' effort to promote transparency, control and privacy on behalf of gamers who are otherwise being abused for their bandwidth without their consent."

Read Original Article:(Via Slashdot.)

Nasty Data-Stealing Bug Haunts Internet Explorer 8: Via Slashdot.

Trailrunner7 writes "There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way IE8 handles CSS. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a blog post in December. At the time, all of the major browsers were vulnerable to the attack, but since then, Firefox, Chrome, Safari and Opera all have implemented a simple defense mechanism. The upshot of this is that if a victim has visited a given Web site, authenticated himself to the site, and then visits a site controlled by an attacker, the attacker would have the ability to hijack the user's session and extract supposedly confidential data. This attack works on the latest, fully patched release of IE8."

Read Original Article:(Via Slashdot.)

UAE Man-in-the-Middle Attack Against SSL: Via Schneier on Security.

Interesting:

Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more than 60 separate certificate authorities by default. Microsoft's software trusts more than 100 private and government institutions.

Disturbingly, some of these trusted certificate authorities have decided to delegate their powers to yet more organizations, which aren't tracked or audited by browser companies. [ Read more ... ]

Bookmark/Search this post with:

• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo

The British Tabloid Phone-Hacking Scandal: Via NYTimes.com Magazine.

IN NOVEMBER 2005, three senior aides to Britain’s royal family noticed odd things happening on their mobile phones. Messages they had never listened to were somehow appearing in their mailboxes as if heard and saved. Equally peculiar were stories that began appearing about Prince William in one of the country’s biggest tabloids, News of the World.

The stories were banal enough (Prince William pulled a tendon in his knee, one revealed). But the royal aides were puzzled as to how News of the World had gotten the information, which was known among only a small, discreet circle. They began to suspect that someone was eavesdropping on their private conversations.

By early January 2006, Scotland Yard had confirmed their suspicions. An unambiguous trail led to Clive Goodman, the News of the World reporter who covered the royal family, and to a private investigator, Glenn Mulcaire, who also worked for the paper. The two men had somehow obtained the PIN codes needed to access the voice mail of the royal aides.

Scotland Yard told the aides to continue operating as usual while it pursued the investigation, which included surveillance of the suspects’ phones. [ Read more ... ]

Murdoch Reporters’ Phone-Hacking Was Endemic, Victimized Hundreds: Via Threat Level.

A phone-hacking scheme involving British royals and reporters working for one of Rupert Murdoch’s tabloid newspapers went far beyond what was previously disclosed and prosecuted, according toThe New York Times.

Andy Coulson, currently media advisor to British Prime Minister David Cameron, is accused of having encouraged the hacking during his tenure as editor of Murdoch’s News of the World paper.

According to the N.Y. Times, reporters working under Coulson targeted hundreds of victims — from Princes Harry and William to government and police officials and numerous celebrities, including soccer star David Beckham and his wife.

Most of the victims are only now learning that their phone voicemail accounts may have been accessed by reporters, four years after the investigation first launched. One young woman, who had previously been the victim in a high-profile sexual-assault case when she was 19, only recently received a letter confirming that her phone number was on a list of potential hack targets kept by News of the World employees. [ Read more ... ]

‘Evil’ Eric Schmidt Debuts in Video Targeting Google Privacy: Via Threat Level.

A creepy caricature of Google CEO Eric Schmidt drives an ice cream truck in this video produced by a consumer group targeting the search giant for its data collection practices.

The video is part of a lobbying effort by Consumer Watchdog to get the government to create a so-called “Do Not Track Me” list “to prevent online companies from gathering our personal information, just as Congress had the Federal Trade Commission create a Do Not Call list to prevent intrusive telemarketers.” The group says they’ve paid to have a version of the video shown 36 times per day on a jumbotron in Times Square.

It’s not the first anti-Google antic from the group, which is largely funded by legal fees, the Rose Foundation, Streisand Foundation, Tides Foundation and others. Last month the group announced it had parked outside lawmakers’ Washington-area residences to determine whether they had unsecured Wi-Fi networks that might have been sniffed by Google as part of the internet giant’s Street View and Google Maps program. [ Read more ... ]

Righthaven's Brand of Copyright Trolling: Via EFF.org Updates.

Copyright trolls are nothing new, and Righthaven is just the latest group of lawyers to try to turn copyright litigation into a business model. What these lawyers have in common is that they seek to take advantage of copyright's draconian damages in order to bully Internet users into forking over money. To anyone who has watched the file-sharing lawsuits of the last few years or the current BitTorrent cases brought by a DC law firm, the Righthaven saga is developing into a familiar, unfortunate story. It also has some especially troubling twists.

The basic pattern: Righthaven has brought over a hundred lawsuits in Nevada federal court claiming copyright infringement. They find cases by (a) scouring the Internet for parts of newspaper stories posted online by individuals, nonprofits, and others, (b) buying the copyright to that particular newspaper story, and then (c) proceeding to sue the poster for copyright infringement. Like the RIAA and USCG before them, Righthaven is relying on the fact that their victims may face huge legal bills through crippling statutory damages and the prospect of paying Righthaven's legal fees if they lose the case. Consequently, many victims will settle with Righthaven for a few thousand dollars regardless of their innocence, their right to fair use, or other potential legal defenses.

However, Righthaven is unlike other copyright trolls in some key ways: [ Read more ... ]

New law review article: "Applying the Fourth Amendment to the Internet: A General Approach": Via FourthAmendment.com.

Applying the Fourth Amendment to the Internet: A General Approach by Orin Kerr, 62 Stan. L. Rev. 1005 (2010). Full article here. First paragraph: [ Read more ... ]

New law review article: "Pervasive Surveillance and the Future of the Fourth Amendment": Via FourthAmendment.com.

Pervasive Surveillance and the Future of the Fourth Amendment, by Russell D. Covey, 80 Miss. L. J. No. 4 (2010):

Abstract:
We are in a period of intense technological change. The continued explosive growth in technology has two major effects on the scope and application of the Fourth Amendment. First, the diffusion of powerful new technologies like DNA synthesis and high-powered computing makes it far easier than ever before for ill-meaning groups or individuals to obtain powerful and destructive weapons. Regardless of who is perceived to desire such weapons, the very existence and potential use of such weapons poses a permanent and growing threat to national security. Second, with the development of new technologies, governments are finding it increasingly cheap and easy to conduct intrusive surveillance on their populations and to obtain data and information about individuals in quantities and in detail never before imagined. For both of these reasons, states are increasingly likely to adopt strategies of pervasive surveillance. [ Read more ... ]

Bookmark/Search this post with:

• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo

Immigrants on Trains Near Northern Border Detained - NYTimes.com: Via NYTimes.com .

ROCHESTER — The Lake Shore Limited runs between Chicago and New York City without crossing the Canadian border. But when it stops at Amtrak stations in western New York State, armed Border Patrol agents routinely board the train, question passengers about their citizenship and take away noncitizens who cannot produce satisfactory immigration papers.

“Are you a U.S. citizen?” agents asked one recent morning, moving through a Rochester-bound train full of dozing passengers at a station outside Buffalo. “What country were you born in?”

When the answer came back, “the U.S.,” they moved on. But Ruth Fernandez, 60, a naturalized citizen born in Ecuador, was asked for identification. And though she was only traveling home to New York City from her sister’s in Ohio, she had made sure to carry her American passport. On earlier trips, she said, agents had photographed her, and taken away a nervous Hispanic man.

He was one of hundreds of passengers taken to detention each year from domestic trains and buses along the nation’s northern border. The little-publicized transportation checks are the result of the Border Patrol’s growth since 9/11, fueled by Congressional antiterrorism spending and an expanding definition of border jurisdiction. In the Rochester area, where the border is miles away in the middle of Lake Ontario, the patrol arrested 2,788 passengers from October 2005 through last September. [ Read more ... ]

Is New York the Next "Papers Please" State?: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Arizonans are not the only ones who should fear living in a "show me your papers" society.

As reported in Monday's New York Times, here in the great state of New York, armed Border Patrol agents routinely board Amtrak trains and Greyhound buses to question passengers about their citizenship and detain those who are not carrying proper proof of their lawful status.

Nina Bernstein reported that Customs and Border Protection (CBP) officers board trains in western New York and ask passengers "Are you a U.S. citizen?" and "What country are you from?" And in case you were wondering, no, these trains do not cross the New York-Canadian border. They are used for domestic travel.

Take, for example, Ruth Fernandez, a 60-year-old U.S. citizen born in Ecuador. She was travelling on Amtrak from Ohio to New York City. On past trips she was photographed by Border Patrol agents, so this time she carried ID, and showed it to Border Patrol agents when asked about her citizenship.

Ruth was not arrested, but others have been. According to an analysis of government data, CBP arrested 2,788 bus and train passengers from October 2005 through September 2010. It's unknown how many of these individuals were U.S. citizens who just happened not to carry identification with them and could not prove their lawful status. [ Read more ... ]

Pirate Bay Documentary in the Works: Via Threat Level.

Notorious filesharing website The Pirate Bay is a long-standing enemy of the movie industry, but one Swedish filmmaker has plans to create a documentary called TPB AFK about the three founders of the site, and their reactions to being found guilty of being accessory to crime against copyright law and fined about $3.6 million.

The director, Simon Klose, who has a law degree, has 200 hours of footage saved up and plans to record more during the trio’s appeal against their verdict, which is set for less than a month from now, on 28 September, 2010. In three days, he raised nearly $30,000 on Kickstarter to pay for a professional editor and use of an editing suite in putting together what he described as a “complex story”.

The documentary’s name, Klose says, is a reference to how the site’s founders had to confront reality: “AFK is computer slang for being offline, so TPB AFK is the story about a group of people in a digital community who, at times, are forced to leave the internets and deal with life offline — away from keyboard.” [ Read more ... ]

Reading, Writing, and RFID Chips: A Scary Back-to-School Future in California: Via EFF.org Updates.

Scary news from California's Contra Costa County — school officials there have reportedly decided to track some preschoolers with RFID chips, thanks to a federal grant supplying the funding.

According to a story from the Associated Press, the students will wear a jersey at school that has the RFID tag attached. The tag will track the children's movements and collect other data, like if the child has eaten or not. According to a Contra Costa County official, this is a cost-savings move, as teachers used to have to manually keep track of a child's attendance and meal schedule.

But of course, an RFID chip allows for far more than that minimal record-keeping. [ Read more ... ]