TJX Hacking Conspirator Gets 4 Years: Via Threat Level.

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts.

Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the condition that Zaman must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers. [ Read more ... ]

Flipping Off Cops Is Legal, Not Advised: Via Threat Level.

Flipping the bird, or sticking out the middle finger, is perhaps the oldest insulting gesture on earth. The move dates back to ancient Greece and was adopted by the Romans as digitus impudicus — the impudent finger.

A zillion middle fingers later, an Oregon man is suing suburban Portland cops (.pdf) over his use of the gesture, claiming civil rights violations. Twice he flipped them off for no apparent reason while driving and was pulled over each time — resulting in what he said was a “bogus” traffic citation that was later dismissed, and a tongue lashing he still remembers.

“The guy flew into a road rage,” Robert Ekas, a retired Silicon Valley systems analyst, said in a telephone interview Tuesday.

Lawrence Wolf, a Los Angeles criminal defense attorney, said there was no law against flipping off cops. And in most instances when it leads to an arrest or conviction, the charges are dismissed. But the gesture invites police confrontation, he said.

“It’s certainly not the smartest thing one can do,” Wolf said. [ Read more ... ]

Corporations Hide Flight Records From Public View: Via Center for Media and Democracy - Publishers of PR Watch.

A federal district court ruled that the public interest journalism group ProPublica can obtain a list of corporate-owned airplanes whose flight information was blocked from public view. ProPublica first sought the list in 2008 under the Freedom of Information Act, after the CEOs of General Motors, Ford and Chrysler flew to Washington, D.C. on corporate jets to ask Congress to bail out their companies. Those flights became known because the Federal Aviation Administration (FAA) provides real-time flight information that the public could see. But the bad publicity over the flights led General Motors to try and stop the public from tracking its planes in the future. [ Read more ... ]

Ninth Circuit addresses “actual damages” under the Privacy Act: Via Personal Health Information Privacy blog.

I posted this yesterday to PogoWasRight.org but then it dawned on me today that since this involved medical information, I should have posted it here, too:

A new ruling from the Ninth Circuit in Cooper v. FAA addresses the meaning of “actual damages” in the Privacy Act. The case arose when federal agencies shared information without consent in “Operation Safe Pilot:”

Read Original Article:(Via Personal Health Information Privacy blog.)

Feds Can Search, Seize P2P Files Without Warrant: Via Threat Level.

The authorities do not need court warrants to view and download files trading on peer-to-peer networks, a federal appeals court says.

Wednesday’s 3-0 ruling by the 9th U.S. Circuit Court of Appeals concerned a Nevada man convicted of possessing child pornography as part of an FBI investigation. Defendant Charles Borowy claimed the Fourth Amendment required court authorization to search and seize his LimeWire files in 2007.

The San Francisco-based appeals court, however, cited the nation’s legal standard, reiterating that warrants are required if a search “violates a reasonable expectation of privacy.” (.pdf)

Borowy, the court noted, “was clearly aware that LimeWire was a file-sharing program that would allow the public at large to access files in his shared folder unless he took steps to avoid it.”

The defendant, however, claimed he had a reasonable expectation of privacy because he thought he had turned off LimeWire’s share feature. [ Read more ... ]

GPS Tracking: Turning Science Fiction Into Reality: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

As a fan of the The Wire, I can find lots of plot twists and exciting scenes that illustrate the basic constitutional balance between the rights of individuals and the power of law enforcement. The Wire portrays police who follow the rules and those who don't as they wiretap, search, photograph and otherwise conduct their investigations into complex criminal cases.

In one episode, Detective Leander Snydor has followed a drug dealer to a house which might link him to other criminal relationships. Snydor skillfully walks past the dealer's car, fixes a GPS tracking system to the underside of the vehicle, and walks away with a whistle.

That might seem like smart cop work when aimed at an enormous, fictional drug ring in the mean streets of Baltimore. But GPS is no longer HBO fiction. In Madison, Wisconsin, where law enforcement agents used GPS to track someone suspected of violating a restraining order without first getting a warrant, it's very, very real. Unfortunately, according to the Wisconsin Court of Appeals, we should let go of the expectation that police need permission to track our movements. [ Read more ... ]

Record 13-Year Sentence for Hacker Max Vision: Via Threat Level.

PITTSBURGH — A skilled San Francisco-based computer intruder was sentenced to 13 years in federal prison Friday for stealing nearly two million credit card numbers from banks, businesses and other hackers — receiving the longest hacking sentence in U.S. history.

Max Ray Vision, 37, was also ordered to pay $27.5 million in restitution, and to serve five years under court supervision following his release, during which time he’ll be allowed to use computers only for legitimate employment or education.

Vision, who changed his name from Max Butler shortly before his arrest, ran an online forum for thousands of identity thieves called CardersMarket, where he sold credit card magstripe data to the underground for about $20 a card. He was caught with 1.8 million stolen credit card numbers belonging to 1,000 different banks, who tallied the fraudulent charges on the cards at $86.4 million. [ Read more ... ]

Facebook Denies ‘All Wrongdoing’ in ‘Beacon’ Data Breach: Via Threat Level.

Facebook is denying it illegally breached the privacy of its users in a proposed $9.5 million settlement to a class action challenging its program that monitored and published what users of the social-networking site were buying or renting from Blockbuster, Overstock and other locations.

To settle allegations that the social networking site’s “Beacon” program breached federal wiretap and video-rental privacy laws, Facebook is agreeing to seed what the agreement is calling a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study privacy. Facebook would have a seat on the fund’s three-member board — a move raising some eyebrows in the privacy community.

A fairness hearing on the issue is set for Feb. 26 in a San Jose, California, federal court. The judge presiding over the case, Richard Seeborg, gave preliminary approval to the deal three months ago. [ Read more ... ]

Appeals Court Backs EFF Push for Telecom Lobbying Documents Disclosure: Via EFF.org Updates.

San Francisco - Today a federal appeals court rejected a government claim of "lobbyist privacy" to hide the identities of individuals who pressured Congress to grant immunity to telecommunications companies that participated in the government's warrantless electronic surveillance of millions of ordinary Americans. As the court observed, "There is a clear public interest in public knowledge of the methods through which well-connected corporate lobbyists wield their influence."

The Electronic Frontier Foundation (EFF) has been seeking records detailing the telecoms' campaign for retroactive legal immunity under the Freedom of Information Act (FOIA). Telecom immunity was enacted as part of the FISA Amendments Act of 2008.

"Today's ruling is an important one for government and corporate accountability," said EFF Staff Attorney Marcia Hofmann. "The court recognized that paid lobbyists trying to influence the government to advance their clients' interests can't hide behind privacy claims to keep their efforts secret." [ Read more ... ]

Court Keeps White House Spy Docs Secret: Via Threat Level.

A federal appellate panel on Tuesday blocked a court order requiring disclosure of e-mail between the White House, Justice Department, National Security Agency and Office of the Director of National Intelligence — communications that paved the way for new spy legislation.

The 2008 messages were a precursor to legislation that year to kill litigation against the nation’s carriers for funneling Americans’ communications to the National Security Agency without warrants.

The decision by the 9th U.S. Circuit Court of Appeals reverses a California judge who ordered disclosure of those e-mails and the names of telco company lobbyists who pushed for the legislation. The Electronic Frontier Foundation, a civil rights group in San Francisco, sought the e-mail and lobbyist information under a Freedom of Information Act claim. [ Read more ... ]

Authors Guild: ‘To RIAA or Not to RIAA’: Via Threat Level.

There’s equal reason to support or object to the proposed Google Books settlement.

Creating a digital catalog of the worlds’ words might be the Holy Grail of intellectual empowerment.

Yet building that library in the clouds would be allowed without the rights-holders’ consent — which the Justice Department and others contend is a complete and fundamental alteration of copyright law.

The Authors Guild is backing the settlement in hopes of creating a new and legitimate book-selling venue. In a message to members Friday, it supported the development of a digital marketplace for the world’s words as a counter to digital piracy.

What’s more, the group noted it didn’t want to be like the Recording Industry Association of America. The labels’ lobbying and litigation arm has sued thousands of individuals and music-trading sites — lawsuits that have not dented the illegal, pirated-music marketplace. [ Read more ... ]

Rulings Leave Online Student Speech Rights Unresolved: Via Threat Level.

Do American students have First Amendment rights beyond the schoolyard gates?

The answer is yes and no, according to two conflicting federal appellate decisions Thursday testing student speech in the online world.

“Ultimately, the Supreme Court is going to have to decide if there ever is a time students have full-fledged First Amendment rights,” said Frank LoMonte, executive director of Virginia-Based Student Press Law Center. He’s one of the attorneys in the cases the 3rd U.S. Circuit Court of Appeals decided.

The U.S. Supreme Court has never squarely addressed the parameters of off-campus, online student speech, but might soon. So far, lower courts appear to be guided by a 1969 high court ruling saying student expression may not be suppressed unless school officials reasonably conclude that it will “materially and substantially disrupt the work and discipline of the school.”

In that landmark case, the Supreme Court said students had a First Amendment right to wear black armbands to protest the Vietnam War. But that precedent, which addressed on-campus speech, is now being applied to students’ online speech four decades later.

One of the cases favoring student speech decided Thursday concerns a senior and honors student. In 2005, the Pennsylvania high school student was suspended 10 days after he created a mock MySpace profile of his principal. [ Read more ... ]

Bosses Should Be Honest About Their Electronic Privacy Policies: Via US News and World Report.

Is it unreasonable to expect your boss to keep his word? The recent privacy case of Quon v. Arch Wireless raises the simple but important question of whether public employers must be honest with employees about their monitoring practices. Look at the case as the equivalent of the children's game of making up something untrue and then saying, "It doesn't count. I had my fingers crossed." Before long, reasonable individuals will refuse to play along.

The case is not about whether employers should be allowed to monitor employee communications. Employers have many legitimate reasons to do so. High-tech employers need to protect their trade secrets from being shared with competitors. That's understood. All employers need to be concerned about E-mail or text messages being used for sexual harassment. No argument there. Nothing in the Quon decision interferes in any way with companies conducting monitoring to head off these and other real problems. What Quon says is that an employer must be upfront and consistent in its monitoring policies. No more, no less. [ Read more ... ]

Susan Collins spreads central myth about the Constitution: Via Salon: Glenn Greenwald.

Over the weekend, Sen. Susan Collins released a five-minute video in which she sounded as though she were possessed by the angriest, most unhinged version of Dick Cheney.  Collins recklessly accused the Obama administration of putting us all in serious danger by failing to wage War against the Terrorists.  Most of what she said was just standard right-wing boilerplate, but there was one claim in particular that deserves serious attention, as it has become one of the most pervasive myths in our political discourse:  namely, that the U.S. Constitution protects only American citizens, and not any dreaded foreigners.  Focusing on the DOJ's decision to charge the alleged attempted Christmas Day bomber with crimes, Mirandize him and provide him with counsel, Collins railed:  "Once afforded the protection our Constitution guarantees American citizens, this foreign terrorist 'lawyered up' and stopped talking" (h/t).  This notion that the protections of the Bill of Rights specifically and the Constitution generally apply only to the Government's treatment of American citizens is blatantly, undeniably false -- for multiple reasons -- yet this myth is growing, as a result of being centrally featured in "War on Terror" propaganda. [ Read more ... ]

Be Careful What Your Bumper Sticker Says: Via Threat Level.

“No More Blood For Oil.”

Bumper stickers with that phrase were synonymous with opposition to the Iraq War, during the George W. Bush administration.

Simply hosting that message on one’s bumper was cause enough to remove two attendees at Bush’s 2005 speech at the Wings Over the Rockies Museum in Colorado. The White House had a policy of excluding those who did not agree with the president from his public appearances. It’s a policy a federal appeals court is upholding in a decision a dissenting judge decried as “simply astounding.”

The 10th U.S. Circuit Court of Appeals’ 2-1 ruling means, in short, that the would-be attendees who were ousted from the event had no First Amendment constitutional right to remain at the speech. The two plaintiffs obtained the free tickets from a local Colorado representative, and sued the government for giving them the boot. [ Read more ... ]

Guilty Plea in ‘Anonymous’ DDoS Scientology Attack: Via Threat Level.

A Nebraska man is pleading guilty in federal court to a computer-disruption charge for his role in the 2008 distributed denial-of-service attack that temporarily shuttered Church of Scientology websites, the authorities said Tuesday.

Los Angeles federal prosecutors said Brian Thomas Mettenbrink, 20, signed a plea agreement Friday admitting his role in the January 2008 attack (.pdf) –- bringing to two the number of defendants convicted in Anonymous’ attack on Scientology. Next week, Mettenbrink is expected to officially enter his plea, which carries a year sentence, prosecutors said.

“He took their websites down,” Assistant United States Attorney Erik M. Silber said in a brief telephone interview from Los Angeles. [ Read more ... ]

Lawyers Challenge Lowered Amount of ‘Shocking’ File Sharing Award: Via Threat Level.

Lawyers for a music file sharer said Monday they would challenge a judge’s order reducing from $1.92 million to $54,000 the amount their client, Jammie Thomas-Rasset, must pay the recording industry for copyright infringement of 24 songs.

The appeal concerns Friday’s head-spinning order by U.S. District Judge Michael Davis. The Minnesota federal judge dramatically lowered the amount a jury in June ordered Thomas-Rasset to pay — after being found liable in what at the time was the nation’s first Recording Industry Association of America file sharing case to reach trial. Most of the RIAA’s 30,000 lawsuits were settled out of court for a few thousand dollars during the record companies’ six-year litigation campaign, which is winding down.

Joe Sibley, Thomas-Rasset’s attorney, said in a telephone interview that even the reduced amount of damages is unconstitutionally excessive. It’s a penalty of 2,250 times an assumed $1 cost of a music download. [ Read more ... ]

Court Reduces ‘Shocking’ File Sharing Award: Via Threat Level.

A federal judge on Friday reduced a $1.92 million file sharing verdict to $54,000 after concluding the award for infringing 24 songs was “shocking.”

A federal jury in June found Jammie Thomas-Rasset liable in what at the time was the nation’s only Recording Industry Association of America file sharing case against an individual to go to trial. The Minnesota federal jury dinged her $1.92 million for infringing 24 songs. She asked the judge to set aside or reduce that $80,000 per song in damages.

U.S. District Judge Michael Davis agreed on Friday, and said the RIAA may have a retrial if it does not accept his ruling.

“The need for deterrence cannot justify a $2 million verdict for stealing and illegally distributing 24 songs for the sole purpose of obtaining free music,” Davis wrote. “Moreover, although plaintiffs were not required to prove their actual damages, statutory damages must bear some relation to actual damages.” [ Read more ... ]

EFF Plans Appeal of Jewel v. NSA Warrantless Wiretapping Case: Via EFF.org Updates.

San Francisco - A federal judge has dismissed Jewel v. NSA, a case from the Electronic Frontier Foundation (EFF) on behalf of AT&T customers challenging the National Security Agency's mass surveillance of millions of ordinary Americans' phone calls and emails.

"We're deeply disappointed in the judge's ruling," said EFF Legal Director Cindy Cohn. "This ruling robs innocent telecom customers of their privacy rights without due process of law. Setting limits on Executive power is one of the most important elements of America's system of government, and judicial oversight is a critical part of that." [ Read more ... ]

Judge Slams MPAA ‘Cartel’ Allegations: Via Threat Level.

A federal judge is slamming the door on RealNetworks’ argument the Hollywood studios are a “price-fixing cartel” illegally preventing the distribution of DVD-duplicating wares.

The Seattle-based electronics concern made the anti-trust argument in a failed bid to convince U.S. District Judge Marilyn Hall Patel in San Francisco to lift a distribution ban (.pdf) of its RealDVD software. It allows consumers to make copies of DVDs to hard drives.

The Motion Picture Association of America and others sued RealNetworks more than a year ago, claiming the software is illegal because it circumvents technology designed to prevent copying.

Patel’s decision means that, at least for the foreseeable future, it remains unlawful in the United States to market devices that copy DVDs. Despite a huge black market for them, the MPAA feared that, under a contrary ruling, it would lose control of the DVD as the music industry did the CD, which was not encrypted and protected by the Digital Millennium Copyright Act. [ Read more ... ]

Order to Shut Down Websites Critical of Apex Technology Group is Dangerous and Wrong: Via EFF.org Updates.

Over the holidays, a New Jersey court issued an order requiring upstream providers to shut down three anti-H1-B websites that is deeply dangerous and wrong. The order not only tries to remove allegedly defamatory messages but also requires a complete shutdown of the websites and even purports to require the cooperation of the hosting companies and domain registrars of the websites to do so and for other service providers to identify anonymous speakers.

The plaintiff in the lawsuit, Apex Technology Group, is a staffing and consulting services company. Apex describes itself as "delivering sophisticated technology-enabled solutions to maximize complex business needs." The dispute apparently started when someone uploaded a document purporting to be an Apex employment agreement to docstoc.com, and noted several terms the poster considered unfair to H1-B workers (copy of original post). The H-1B is a non-immigrant visa that allows U.S. employers to temporarily employ foreign workers in specialty occupations. The defendant websites allegedly linked to this post and document, and Apex demanded its removal. Curiously, Apex simultaneously claimed that the document defamed them and that they were its copyright owners. This is unusual, since people rarely defame themselves with their own copyrighted works. [ Read more ... ]

Court: Feds Can Hide Alleged Spying on Gitmo Lawyers: Via Threat Level.

A federal appeals court on Wednesday upheld the government’s refusal to admit or deny it has documents related to warrantless eavesdropping on Guantanamo Bay detainees and their lawyers.

In doing so, the 2nd U.S. Circuit Court of Appeals accepted a little-known defense called the Glomar doctrine. The doctrine, the court ruled, allows the National Security Agency to refuse to acknowledge to the lawyers suing under the Freedom of Information Act that there are any documents responsive to allegations their clients had been or are being targeted under the Terrorist Surveillance Program adopted following the 2001 terror attacks.

“Confirming or denying the mere existence of specific records in a general surveillance program would logically be both confirming or denying that the NSA was targeting a specific individual and confirming or denying that the NSA is conducting a general surveillance program,” (.pdf) the New York-based appellate court wrote Wednesday. [ Read more ... ]

Heartland hacker pleads guilty in third case: Via Computerworld Cybercrime/Hacking News.

The hacker who enabled the theft of millions of credit card numbers has pleaded guilty to two counts of conspiracy and will receive a prison term of at least 17 years.

Albert Gonzalez, the hacker, has already pleaded guilty in two other cases related to the theft. As part of his plea agreement in those cases, in Boston and New York, he agreed to ask for no less than 15 years in prison and the government agreed to ask for no more than 25 years. [ Read more ... ]

Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack: Via Threat Level.

The two great friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison.

While accused TJX hacker kingpin Albert Gonzalez awaits a possible sentence of 17 years or more in prison, one of his best friends and accomplices was sentenced on Tuesday in Boston to two years for his role in what the feds are calling “the largest identity theft in our nation’s history.”

Stephen Watt, a 25-year-old former Morgan Stanley software engineer, pleaded guilty last December to creating a custom sniffing program dubbed “blabla” that Gonzalez and other hackers used to siphon millions of credit and debit card numbers from TJX’s network. The breach cost TJX $200 million, according to its 2009 SEC filing. [ Read more ... ]

Torrent Search Engines Unlawful, U.S. Judge Says: Via Threat Level.

The operator of a popular BitTorrent search site said Monday he will likely challenge last week's landmark decision by a U.S. judge declaring such sites unlawful and no different from conventional peer-to-peer piracy services.

"We do think from our preliminary review there are a number of issues for appeal," said Ira Rothken, attorney for popular torrent search engine ISO Hunt, the defendant in the case.

The long-awaited decision, while not unexpected, was the first in the United States in which a federal judge found that BitTorrent search engines are an unlawful avenue (.pdf) to free movies, music, videogames and software. A contrary ruling likely would have sparked a gold rush of BitTorrent prospectors in the United States.

Targeted in the case was Gary Fung, a Canadian who operates ISO Hunt and other torrent search engines. Among other things, he argued that U.S. laws did not attach to him, and if they did, that his websites were protected under the Digital Millennium Copyright Act. [ Read more ... ]