EFF Appeals Dismissal of Warrantless Wiretapping Case: Via EFF.org Updates.

EFF today filed its appeal to the 9th Circuit Court of Appeals of the dismissal of Jewel v. NSA, the case EFF brought against the U.S. government and government officials on behalf of AT&T customers to stop the National Security Agency's illegal, unconstitutional, and ongoing mass surveillance of their communications and communications records. The case arises from the still growing stacks of evidence confirming the surveillance, including the technical documents presented by former AT&T employee Mark Klein that describe the NSA's secret mass wiretapping facility in San Francisco. [ Read more ... ]

Senators draft plan to rework U.S. immigration policy - washingtonpost.com: Via washingtonpost.com .

Sens. Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C.) announced the building blocks Thursday for a new push in Congress to overhaul the nation's immigration laws, outlining a plan to require U.S. citizens and legal immigrants to obtain a new high-tech Social Security card tied to their fingerprints or other biometric identifiers and to create a system to bring in temporary workers as the U.S. economy demands.

The immigration "blueprint," outlined in an opinion column posted on The Washington Post's Web site, drew an immediate vow of support from President Obama, who urged Congress "to act at the earliest possible opportunity." [ Read more ... ]

Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

Obama threatens to veto greater intelligence oversight: Via Salon: Glenn Greenwald.

(updated below)

One of the principal weapons used by the Bush administration to engage in illegal surveillance activities -- from torture to warrantless eavesdropping -- was its refusal to brief the full Congressional Intelligence Committees about its activities.  Instead, at best, it would confine its briefings to the so-called "Gang of Eight" -- comprised of 8 top-ranking members of the House and Senate -- who were impeded by law and other constraints from taking any action even if they learned of blatantly criminal acts. 

This was a sham process:  it allowed the administration to claim that it "briefed" select Congressional leaders on illegal conduct, but did so in a way that ensured there could be no meaningful action or oversight, because those individuals were barred from taking notes or even consulting their staff and, worse, because the full Intelligence Committees were kept in the dark and thus could do nothing even in the face of clear abuses.  The process even allowed the members who were briefed to claim they were powerless to stop illegal programs.  That extremely restrictive process also ensures irresolvable disputes over what was actually said during those briefings, as illustrated by recent controversies over what Nancy Pelosi and other leading Democrats were told about Bush's torture and eavesdropping programs.  Here's how Richard Clarke explained it in July, 2009, on The Rachel Maddow Show: [ Read more ... ]

Global Internet Freedom and the U.S. Government: Via Freedom to Tinker.

Over the past two weeks I've testified in both the Senate and the House on how the U.S. should advance "Internet freedom." I submitted written testimony for both hearings which can be downloaded in PDF form here and here. Full transcripts will become available eventually but meanwhile you can click here to watch the Senate video and here to watch the House video. In both hearings I advocated a combination of corporate responsibility through the Global Network Initiative backed up by appropriate legislation given that some companies seem reluctant to hold themselves accountable voluntarily; revision of export controls and sanctions; and finally, funding and support for tools, and technologies and activism platforms that will counter-act suppression of online speech.
[ Read more ... ]

EFF Experts to Speak at Privacy Roundtable in Washington, D.C.: Via EFF.org Updates.

Washington, D.C. - On Wednesday, March 17, the Federal Trade Commission (FTC) is hosting its final public roundtable on technology privacy challenges in Washington, D.C. Two experts from the Electronic Frontier Foundation (EFF) are taking part.

EFF Senior Staff Technologist Peter Eckersley and EFF Boardmember Edward W. Felten will discuss "Internet Architecture and Privacy" at the first panel of the day. Later panels will cover health information privacy and issues around other sensitive information, as well as lessons learned so far and future plans for privacy protection.

For more information on attending the roundtable including a full agenda, visit http://www.ftc.gov/bcp/workshops/privacyroundtables/index.shtml

WHAT:
FTC Roundtable "Internet Architecture and Privacy"

WHEN:
Wednesday, March 17
9:15 a.m. [ Read more ... ]

To Stop Crime, Share Your Genes: Via NYTimes.com ( Op-Ed Contributor ).

PERHAPS the only thing more surprising than President Obama’s decision to give an interview for “America’s Most Wanted” last weekend was his apparent agreement with the program’s host, John Walsh, that there should be a national DNA database with profiles of every person arrested, whether convicted or not.Emphasis added: Many Americans feel that this proposal flies in the face of our “innocent until proven guilty” ethos, and given that African-Americans are far more likely to be arrested than whites, critics refer to such genetic collection as creating “Jim Crow’s database.”

In truth, however, this is an issue where both sides are partly right. The president was correct in saying that we need a more robust DNA database, available to law enforcement in every state, to “continue to tighten the grip around folks who have perpetrated these crimes.” But critics have a point that genetic police work, like the sampling of arrestees, is fraught with bias. A better solution: to keep every American’s DNA profile on file. [ Read more ... ]

Advertising - Instant Ads Set the Pace on the Web: Via NYTimes.com .

Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly.

For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web.

If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. [ Read more ... ]

The Beginning of the End of Data Retention: Via EFF.org Updates.

Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was an important victory for Europe’s Freedom Not Fear movement, which was formed to oppose the EU Data Retention Directive. But it was also a reminder of the political work which remains to be done to defeat it.

When the European Union first passed the Data Retention Directive in 2006, despite a hard-fought campaign by European activists, it seemed like the beginning of the end for Internet privacy. The directive sought to require telecommunications service providers operating in Europe to retain a detailed history of each of their customers' activity for up to 2 years for possible use by law enforcement; including phone calls made and emails sent and received.

The response from European citizens was swift and outraged. Under the banner of Freedom Not Fear, mass protests were held in cities all across Europe and beyond. [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]

New "Smart Meters" for Energy Use Put Privacy at Risk: Via EFF.org Updates.

The ebb and flow of gas and electricity into your home contains surprisingly detailed information about your daily life. Energy usage data, measured moment by moment, allows the reconstruction of a household's activities: when people wake up, when they come home, when they go on vacation, and maybe even when they take a hot bath.

California's PG&E is currently in the process of installing "smart meters" that will collect this moment by moment data—750 to 3000 data points per month per household—for every energy customer in the state. These meters are aimed at helping consumers monitor and control their energy usage, but right now, the program lacks critical privacy protections.

That's why EFF and other privacy groups filed comments with the California Public Utilities Commission Tuesday, asking for the adoption of strong rules to protect the privacy and security of customers' energy-usage information. Without strong protections, this information can and will be repurposed by interested parties. It's not hard to imagine a divorce lawyer subpoenaing this information, an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary. Marketing companies will also desperately want to access this data to get new intimate new insights into your family's day-to-day routine–not to mention the government, which wants to mine the data for law enforcement and other purposes. [ Read more ... ]

Privacy Protection Needed as Smart Grid Arrives / Groups Urge California PUC to Adopt Rules to Protect Consumer Privacy: Via CDT.

SAN FRANCISCO – Privacy advocates are warning that "smart meters" intended to precisely measure and control home electrical consumption could erode the privacy of daily life unless regulators limit data collection and disclosure. In a joint filing yesterday, the Center for Democracy & Technology (CDT) and the Electronic Frontier Foundation (EFF) urged the California Public Utilities Commission (PUC) to adopt rules to protect the privacy and security of consumers’ energy-usage information. The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley School of Law drafted the comments for CDT.

Joint CDT - EFF Comments to California Public Utilities Commission

More information about privacy and the smart grid

California’s Smart Grid Initiative

Read Original Article:(Via CDT.)

The Botnet Challenge: by CDT Via Comcast Voices | The Official Comcast Blog.

Editor's Note: Our thanks to Leslie Harris, President and CEO, Center for Democracy & Technology, for writing this guest blog post about botnets.

Botnets are armies of computers that criminals have infected with malicious software so they can control them to remotely to steal information, launch denial-of-service attacks, spread malware and host illegal content. Botnets are one of the most serious threats to Internet security today. They have compromised untold millions of computers – and even DSL routers – worldwide. The Conficker worm alone has infected up to 15 million consumer, business and government computers into a massive botnet in a little over two years.

Botnet armies are built on the computers of regular Internet users who have no idea that their PCs have been compromised and are being used for malicious purposes. In fact, botnets depend on users’ ignorance in order to stay operational. At the same time, the spam, phishing, and denial-of-service attacks that botnets perpetrate may have little or no impact on the compromised users or their ISPs, while wreaking havoc on faraway users connected to entirely different networks. [ Read more ... ]

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

Worker ID Card at Center of Immigration Plan: Via Wall Street Journal.

Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain.

Under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker.

The ID card plan is one of several steps advocates of an immigration overhaul are taking to address concerns that have defeated similar bills in the past.

The uphill effort to pass a bill is being led by Sens. Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.), who plan to meet with President Barack Obama as soon as this week to update him on their work. An administration official said the White House had no position on the biometric card. [ Read more ... ]

"Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card: Via Lauren Weinstein's Blog.

Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

Touted as "merely" a "right-to-work" card aimed at addressing illegal immigration concerns, there's simply no fast-talking around the fact that this plan will set in motion a massive national ID infrastructure that will ultimately penetrate every aspect of our lives. Anyone who suggests otherwise is -- sorry to say -- either a liar or a fool. [ Read more ... ]

Feds Move to Break Voting-Machine Monopoly: Via Threat Level.

Citing anti-competitive concerns, the Justice Department sued Election Systems & Software in order to force the company to divest itself of the voting machine assets it obtained from Premier Election Solutions last year.

The department’s Antitrust Division, along with nine state attorneys general, filed the civil antitrust lawsuit (.pdf) in U.S. District Court in Washington, D.C., charging that the acquisition threatened competition. The department proposed a settlement that, if accepted, would dissolve the merger and force ES&S to sell its Premier business to a buyer approved by the Justice Department.

“The proposed settlement (.pdf) will restore competition, provide a greater range of choices and create incentives to provide secure, accurate and reliable voting equipment systems now and in the future,” said Molly S. Boast, deputy assistant attorney general for the Antitrust Division in a statement. [ Read more ... ]

All Your Apps Are Belong to Apple: The iPhone Developer Program License Agreement: Via EFF.org Updates.

The entire family of devices built on the iPhone OS (iPhone, iPod Touch, iPad) have been designed to run only software that is approved by Apple—a major shift from the norms of the personal computer market. Software developers who want Apple's approval must first agree to the iPhone Developer Program License Agreement.

So today we're posting the "iPhone Developer Program License Agreement"—the contract that every developer who writes software for the iTunes App Store must "sign." Though more than 100,000 app developers have clicked "I agree," public copies of the agreement are scarce, perhaps thanks to the prohibition on making any "public statements regarding this Agreement, its terms and conditions, or the relationship of the parties without Apple's express prior written approval." But when we saw the NASA App for iPhone, we used the Freedom of Information Act (FOIA) to ask NASA for a copy, so that the general public could see what rules conrolled the technology they could use with their phones. NASA responded with the Rev. 3-17-09 version of the agreement (it has reportedly been revised somewhat since—please send us the current version if you are able). [ Read more ... ]

The Cell Phone Network: Law Enforcement's Surveillance Dream: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Yesterday, WNYC's On the Media (OTM) profiled our cell phone tracking case. In this case, the ACLU, Center for Democracy and Technology and the Electronic Frontier Foundation (EFF) asked the court to require that the government at least show probable cause before it can ask a wireless provider to fork over information about your whereabouts using GPS or cell tower tracking via your cell phone. We won in the district court (PDF); the government appealed that decision to the 3rd Circuit. [ Read more ... ]

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

Italy Convicts Google Execs To Protect Privacy: Via NPR.

Europeans are debating the overall reach of the Internet into their lives. An Italian court recently convicted three Google executives for privacy violations after a clip was posted on Google Video showing a disabled student being bullied by classmates in Turin. The ruling highlights a deep trans-Atlantic cultural gap: Americans see the ruling as undermining the concept of freedom of expression, while Europeans put privacy first — they consider it a fundamental human right. [ Read more ... ]

Introducing the iKey – Apple's answer to the humble door key: Via Telegraph(UK).

Apple has already revolutionised the personal stereo and mobile phone, but now the computer firm behind the iPhone has its sights set on the humble front door key.

The computer giant, which manufactures the iPod and iPhone, has plans to replace the traditional door key with a hi-tech alternative.

It is developing technology, already being nicknamed the "iKey", which will mean that rather than carrying around a bunch of keys, people will be able to use a single electronic device to unlock their car, front door and gain access to their office.

Users would simply have to enter a pin code and wave the device over an electronic pad fitted beside a door to open it.

The technology is revealed in a newly published patent application, which has generated speculation that the next model of the iPhone will contain this feature. [ Read more ... ]

Serious Apache Exploit Discovered: Via Slashdot.

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit."
Note: according to the advisory, this exploit is exclusive to Windows.

Read Original Article:(Via Slashdot.)

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

White House Cyber Czar: ‘There Is No Cyberwar’: Via Threat Level.

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. [ Read more ... ]