EFF Appeals Dismissal of Warrantless Wiretapping Case: Via EFF.org Updates.

EFF today filed its appeal to the 9th Circuit Court of Appeals of the dismissal of Jewel v. NSA, the case EFF brought against the U.S. government and government officials on behalf of AT&T customers to stop the National Security Agency's illegal, unconstitutional, and ongoing mass surveillance of their communications and communications records. The case arises from the still growing stacks of evidence confirming the surveillance, including the technical documents presented by former AT&T employee Mark Klein that describe the NSA's secret mass wiretapping facility in San Francisco. [ Read more ... ]

Senators draft plan to rework U.S. immigration policy - washingtonpost.com: Via washingtonpost.com .

Sens. Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C.) announced the building blocks Thursday for a new push in Congress to overhaul the nation's immigration laws, outlining a plan to require U.S. citizens and legal immigrants to obtain a new high-tech Social Security card tied to their fingerprints or other biometric identifiers and to create a system to bring in temporary workers as the U.S. economy demands.

The immigration "blueprint," outlined in an opinion column posted on The Washington Post's Web site, drew an immediate vow of support from President Obama, who urged Congress "to act at the earliest possible opportunity." [ Read more ... ]

Domain Names Can't Defend Themselves: Via Freedom to Tinker.

Today, the Kentucky Supreme Court handed down an opinion in the saga of Kentucky vs. 141 Domain Names (described a while back here on this blog). Here's the opinion.

This case is fascinating. A quick recap: Kentucky attempted a property seizure of 141 domain names allegedly involved in gambling on the theory that the domain names themselves constituted "gambling devices" under Kentucky law and were therefore illegal. The state held a forfeiture hearing where anyone with an interest in the "property" could show up to defend their interest in the property; otherwise, the State would order the registrars to transfer "ownership" of the domain names to Kentucky. No individual claiming that they own one of the domain names showed up. Litigation began when two industry associations (iMEGA and IGC) claimed to represent unnamed persons who owned these domain names (and another lawyer showed up during litigation claiming representation of one specific domain name). [ Read more ... ]

Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

Court: State Can Dump Non-Sex Offenders Into Registry: Via Threat Level.

Georgia’s Supreme Court is upholding the government’s right to put non-sex offenders on the state’s sex offender registry, highlighting a little-noticed but growing practice nationwide.

Atlanta criminal defense attorney Ann Marie Fitz estimated that perhaps thousands of convicts convicted of non-sexual crimes have been placed in sex-offender databases. Fitz represents a convict who was charged with false imprisonment when he was 18 for briefly detaining a 17-year-old girl during a soured drug deal. He unsuccessfully challenged his mandatory, lifelong sex-offender listing to the Georgia Supreme Court, which ruled against him Monday.

Under the Adam Walsh Child Protection and Safety Act of 2007, the states are required to have statutes demanding sex-offender registration for those convicted of kidnapping or falsely imprisoning minors. The Georgia court ruled that the plain meaning of “sex offender” was overridden by the state’s law.

“Rainer’s belief that the term ’sexual offender’ may only apply to offenders who commit sexual offenses against minors does not change the fact that the definition provided in the statute, and not the definition that Rainer wishes to impose upon the statute, controls,” the court’s majority said. [ Read more ... ]

Undercover Feds on Social Networking Sites Raise Questions: Via Threat Level.

The next time someone ties to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family, according to an internal Justice Department document obtained by the Electronic Frontier Foundation.

The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends, according to the Associated Press.

The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.

The document says that evidence from social networking sites can: [ Read more ... ]

FBI Uses Fake Facebook Profiles To Spy On Suspects: Via Huffington Post.

WASHINGTON — The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too.

U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.

Think you know who's behind that "friend" request? Think again. Your new "friend" just might be the FBI.

The document, obtained in a Freedom of Information Act lawsuit, makes clear that U.S. agents are already logging on surreptitiously to exchange messages with suspects, identify a target's friends or relatives and browse private information such as postings, personal photographs and video clips. [ Read more ... ]

Lawrence Lessig: Citizens Unite: Via Huffington Post.

There has been a growing fury about the Supreme Court's decision in the Citizens United case, but much of that fury hangs upon an odd reading of the Court's opinion. The Court, it is said, has given corporations all the rights of "persons." It has elevated these artificial beings into entities "endowed by their Creator" (us) "with certain unalienable rights," including the right to free speech.

No doubt the Court has a long history of recognizing the "person" in "Inc." But this current wave of criticism is hard to understand, because the Court's entire Citizens United opinion hung upon the fact that the First Amendment says nothing about who or what is to get the benefit of its protection. It simply bans certain kinds of regulation. As Justice Scalia put it in his concurrence: "The Amendment is written in terms of 'speech,' not speakers." Thus, the government is blocked by the First Amendment from constraining the free speech of any entity, whether that entity is a corporation or a dolphin. [ Read more ... ]

Case Report – BCCA says aerial surveillance by telphoto zoom lens not a search « All About Information: Via A legal blog about the law of information – By Toronto, Ontario lawyer Dan Michaluk.

Today, the British Columbia Court of Appeal held that the police did not violate section 8 of the Charter by conducting aerial surveillance of a rural property from in excess of 1000 feet by using a digital camera equipped with a telephoto lens. [ Read more ... ]

Obama threatens to veto greater intelligence oversight: Via Salon: Glenn Greenwald.

(updated below)

One of the principal weapons used by the Bush administration to engage in illegal surveillance activities -- from torture to warrantless eavesdropping -- was its refusal to brief the full Congressional Intelligence Committees about its activities.  Instead, at best, it would confine its briefings to the so-called "Gang of Eight" -- comprised of 8 top-ranking members of the House and Senate -- who were impeded by law and other constraints from taking any action even if they learned of blatantly criminal acts. 

This was a sham process:  it allowed the administration to claim that it "briefed" select Congressional leaders on illegal conduct, but did so in a way that ensured there could be no meaningful action or oversight, because those individuals were barred from taking notes or even consulting their staff and, worse, because the full Intelligence Committees were kept in the dark and thus could do nothing even in the face of clear abuses.  The process even allowed the members who were briefed to claim they were powerless to stop illegal programs.  That extremely restrictive process also ensures irresolvable disputes over what was actually said during those briefings, as illustrated by recent controversies over what Nancy Pelosi and other leading Democrats were told about Bush's torture and eavesdropping programs.  Here's how Richard Clarke explained it in July, 2009, on The Rachel Maddow Show: [ Read more ... ]

EFF Asks Illinois Appellate Court to Block Unmasking of Anonymous Online Critic: Via EFF.org Updates.

Chicago - The Electronic Frontier Foundation (EFF) and the Media Freedom and Information Access Practicum (MFIA) at Yale Law School filed a friend-of-the-court brief today urging the Illinois Court of Appeals to block the unmasking of an anonymous online critic of a local political candidate.

The critic, commenting on a story on the website of a suburban Chicago newspaper called the Daily Herald, engaged in a heated debate with other commenters. One turned out to be the son of the village trustee candidate in Buffalo Grove, Illinois, who was discussed in the article. The candidate, Lisa Stone, who eventually won her race, asked a state court to order the newspaper to release the critic's name and address without appropriately showing that the statements directed towards her son were defamatory or otherwise illegal. Stone indicated that she may choose to subsequently file a lawsuit once she determines the critic's identity through the pre-complaint procedure.

"Because of the enormous potential for abuse, the First Amendment requires litigants to demonstrate that they have a legitimate case before they can use the courts to unmask anonymous online critics," said EFF Senior Staff Attorney Matt Zimmerman. "Insults are not enough, especially when the conversation takes place in the context of a political campaign." [ Read more ... ]

Who You Love Shouldn't Matter When You Serve: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Jene Newsome served nine years in the Air Force. She was recently discharged under the "Don't Ask, Don't Tell" policy after she was outed by South Dakota's Rapid City Police Department.

On November 20, 2009, the Rapid City Police Department came to serve a warrant on Jene Newsome's wife. Jene and her wife, Cheryl, were just married in Iowa a few weeks before the police came knocking on their door.

When the police entered the house, they saw the marriage certificate sitting on the kitchen table. The marriage certificate didn't have anything to do with Cheryl's arrest; one of the officers just saw it as an opportunity to out Jene and end her career. [ Read more ... ]

EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites: Via EFF.org Updates.

EFF has posted documents shedding light on how law enforcement agencies use social networking sites to gather information in investigations. The records, obtained from the Internal Revenue Service and Department of Justice Criminal Division, are the first in a series of documents that will be released through a Freedom of Information Act (FOIA) case that EFF filed with the help of the UC Berkeley Samuelson Clinic.

One of the most interesting files is a 2009 training course that describes how IRS employees may use various Internet tools -- including social networking sites and Google Street View -- to investigate taxpayers. [ Read more ... ]

Secret Document Calls Wikileaks ‘Threat’ to U.S. Army: Via Threat Level.

Wikileaks presents a “threat to the U.S. Army” and publishes “potentially actionable information” for targeting military personnel, according to a classified intelligence report posted Monday on the whistleblowing site.

The 32-page report entitled Wikileaks.org – An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups? (.pdf) indicates the government’s concern that “current employees or moles” within the Defense Department or the U.S. government “are providing sensitive or classified information to Wikileaks.” To stop this, the 2008 report had suggested a campaign to expose and punish those who leak to the site, which was founded in 2007 by Chinese dissidents, journalists and mathematicians.

“Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the website that they will remain anonymous,” according to the report. “The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.” [ Read more ... ]

Global Internet Freedom and the U.S. Government: Via Freedom to Tinker.

Over the past two weeks I've testified in both the Senate and the House on how the U.S. should advance "Internet freedom." I submitted written testimony for both hearings which can be downloaded in PDF form here and here. Full transcripts will become available eventually but meanwhile you can click here to watch the Senate video and here to watch the House video. In both hearings I advocated a combination of corporate responsibility through the Global Network Initiative backed up by appropriate legislation given that some companies seem reluctant to hold themselves accountable voluntarily; revision of export controls and sanctions; and finally, funding and support for tools, and technologies and activism platforms that will counter-act suppression of online speech.
[ Read more ... ]

The dark side of DNA: Via The Globe and Mail.

The only real evidence in a first-degree murder charge against Mr. Turner, the golden sheen of DNA appeared certain to become a silver bullet in the hands of the Crown.

"I told my lawyer, Jerome Kennedy, that there was no way in the world it was true," Mr. Turner recalled in an interview. "He believed me. He said that I was too stupid to commit that crime and leave no evidence."

A lucky hunch by Mr. Kennedy - now Newfoundland's Minister of Health - saved Mr. Turner from a life behind bars. He sought the name and DNA profile of every technician who had worked at the RCMP lab. It turned out that the technician who had tested the ring had also been working on the victim's fingernails a few inches away, creating a strong possibility of contamination.

The technician conceded at Mr. Turner's 2001 trial that she had also contaminated evidence in two previous cases. [ Read more ... ]

EFF Experts to Speak at Privacy Roundtable in Washington, D.C.: Via EFF.org Updates.

Washington, D.C. - On Wednesday, March 17, the Federal Trade Commission (FTC) is hosting its final public roundtable on technology privacy challenges in Washington, D.C. Two experts from the Electronic Frontier Foundation (EFF) are taking part.

EFF Senior Staff Technologist Peter Eckersley and EFF Boardmember Edward W. Felten will discuss "Internet Architecture and Privacy" at the first panel of the day. Later panels will cover health information privacy and issues around other sensitive information, as well as lessons learned so far and future plans for privacy protection.

For more information on attending the roundtable including a full agenda, visit http://www.ftc.gov/bcp/workshops/privacyroundtables/index.shtml

WHAT:
FTC Roundtable "Internet Architecture and Privacy"

WHEN:
Wednesday, March 17
9:15 a.m. [ Read more ... ]

To Stop Crime, Share Your Genes: Via NYTimes.com ( Op-Ed Contributor ).

PERHAPS the only thing more surprising than President Obama’s decision to give an interview for “America’s Most Wanted” last weekend was his apparent agreement with the program’s host, John Walsh, that there should be a national DNA database with profiles of every person arrested, whether convicted or not.Emphasis added: Many Americans feel that this proposal flies in the face of our “innocent until proven guilty” ethos, and given that African-Americans are far more likely to be arrested than whites, critics refer to such genetic collection as creating “Jim Crow’s database.”

In truth, however, this is an issue where both sides are partly right. The president was correct in saying that we need a more robust DNA database, available to law enforcement in every state, to “continue to tighten the grip around folks who have perpetrated these crimes.” But critics have a point that genetic police work, like the sampling of arrestees, is fraught with bias. A better solution: to keep every American’s DNA profile on file. [ Read more ... ]

FBI Hoaxes Boost Online Fraud: Via Threat Level.

Online fraud in the United States doubled to a reported $560 million in losses last year as illicit phishing expeditions by thieves posing as the Federal Bureau of Investigation represented the biggest consumer complaint, according to a Friday government survey.

The e-mail phishing scams represented 16.6 percent of all complaints. The next closest category, at 12 percent, concerned consumer unhappiness about being billed for products never ordered or received, according to FBI data unveiled Friday.

Overall, the number of reported dollar losses stemming from online fraud doubled in 2009 from the year prior. [ Read more ... ]

Best Practices for Government Datasets: Wrap-Up: Via Freedom to Tinker.

[This is the fifth and final post in a series on best practices for government datasets by Harlan Yu and me. (previous posts: 1, 2, 3, 4)]

For our final post in this series, we'll discuss several issues not touched on by earlier posts, including data signing and the use of certain non-text file formats. The relatively brief discussions of these topics should not be interpreted as an indicator of their importance. The topics simply did not fit cleanly into earlier posts.

One significant omission from earlier posts is the issue of data signing with digital signatures. Before discussing this issue, let's briefly discuss what a digital signature is. Suppose that you want to email me an IOU for $100. Later, I may want to prove that the IOU came from you—it's of little value if you can claim that I made it up. Conversely, you may want the ability to prove whether the document has been altered. Otherwise, I could claim that you owe me $100,000. [ Read more ... ]

The Beginning of the End of Data Retention: Via EFF.org Updates.

Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was an important victory for Europe’s Freedom Not Fear movement, which was formed to oppose the EU Data Retention Directive. But it was also a reminder of the political work which remains to be done to defeat it.

When the European Union first passed the Data Retention Directive in 2006, despite a hard-fought campaign by European activists, it seemed like the beginning of the end for Internet privacy. The directive sought to require telecommunications service providers operating in Europe to retain a detailed history of each of their customers' activity for up to 2 years for possible use by law enforcement; including phone calls made and emails sent and received.

The response from European citizens was swift and outraged. Under the banner of Freedom Not Fear, mass protests were held in cities all across Europe and beyond. [ Read more ... ]

Wanted: Trust Detector: Via Schneier on Security.

It's good to dream:

IARPA's five-year plan aims to design experiments that can measure trust with high certainty -- a tricky proposition for a psychological study. Developing such experimental protocols could prove very useful for assessing levels of trust within one-on-one talks, or even during group interactions.

A second part of the IARPA proposal might involve using new types of sensors and software to gauge human facial, language or body signals that might help predict trustworthiness. Perhaps facial recognition technology that could deduce emotions or facial tics might help, not to mention better lie detectors.

IARPA is the Intelligence Advanced Research Projects Activity, the U.S. intelligence community's answer to DARPA.

Read Original Article:(Via Schneier on Security.)

Feds: TSA Worker Tried to Sabotage Terror Database: Via Threat Level.

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network. [ Read more ... ]

Hi-tech governments growing keener on snooping, says report | Pinsent Masons LLP: Via Pinsent Masons LLP at Out-Law.com .

Western industrial countries are becoming more willing to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.

Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.

"When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will," it said in its 2010 report. "This is changing: the able have become willing and their traditional restraints have failed." [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]