Search
Constitution Protects Location Information, CDT Argues - Via Center for Democracy and Technology:
In a July 31 amicus brief filed in a federal court in Pennsylvania, the Electronic Frontier Foundation, joined by CDT, ACLU and the ACLU of Pennsylvania, argued that cell phone location information is protected by the Fourth Amendment. The brief argues that a court should require the government to obtain a warrant based on probable cause in order to gain access to cell site location information stored by a cell phone company.
Amicus brief in In Re Application of United States [PDF] July 31, 2008
(Read Original Article - Via Center for Democracy and Technology.)
OpenDNS Wildly Popular After Kaminsky Flaw Disclosure - Via Threat Level:
LAS VEGAS -- When Dan Kaminsky disclosed last month that he'd discovered a serious vulnerability in the Domain Name System that would allow hackers to subvert DNS servers and send web surfers to malicious web sites, DNS server owners scrambled to apply a patch to fix the flaw.
Kaminsky said today in his talk about the security vulnerability at the Black Hat Security Conference that 120 million broadband consumers are now protected, thanks to DNS servers being patched in the thirty days since news of the bug went public.
But many users have been wary of trusting the patched servers or have sought alternatives while waiting for their DNS server to be patched. One alternative Kaminsky recommended last month was to use OpenDNS -- which wasn't affected by the vulnerability. read more »
DNS Flaw Much Worse Than Previously Reported - Via Threat Level:
LAS VEGAS -- Security researcher Dan Kaminsky finally revealed the full details of his reported DNS flaw. It turns out it's a lot worse than previously understood.
"Every network is at risk," Kaminsky said at the Black Hat conference here Wednesday. "That's what this flaw has shown."
Kaminsky disclosed the security vulnerability in the Domain Name System on July 13 but promised to withhold details of the bug for one month to give DNS server owners a chance to patch their systems. But a week ago, some of the details leaked after security firm Matasano inadvertently posted information about it online. read more »
Black Hat: Security Geeks Converge on Vegas - Via Threat Level:
LAS VEGAS -- More than 4,000 security professionals have converged in Las Vegas this week for the Black Hat Security Conference -- to be followed this weekend by the DefCon hacker conference.
IOActive penetration tester Dan Kaminsky is expected to draw a full house to his anticipated talk on the serious DNS security flaw he discovered earlier this year.
Other talks include a discussion on hacking highway toll systems, security vulnerabilities in implantable wireless medical devices and a demonstration on injecting law-enforcement Trojans onto target machines. read more »
Kaminsky's Grandmother Bakes Session Cookies for Black Hat - Via Threat Level:
Dan Kaminsky has been giving talks at the Black Hat Security Conference in Las Vegas for nine years. For five of those years his 85-year-old grandmother has been in the audience. The last three talks, she baked cookies for attendees -- what Kaminsky refers to as "session cookies."
Grandma Kaminsky, also known as Raia Maurer, made 250 Swedish lace cookies for the crowd this year. But that fell far short of the standing-room only audience that showed up to hear his talk.
I chatted a bit with Maurer who hails from Eastern Europe but emigrated to Canada with her husband in 1951 and later came to live with Kaminsky's family in California after her husband died. She bought Kaminsky his first computer -- or, rather, she gave him $1,800 to purchase parts to build his first computer.
She recalls the first time she heard him speak at Black Hat. read more »
Prescription Data Used To Assess Consumersv - Via washingtonpost.com :
Health and life insurance companies have access to a powerful new tool for evaluating whether to cover individual consumers: a health "credit report" drawn from databases containing prescription drug records on more than 200 million Americans.
Collecting and analyzing personal health information in commercial databases is a fledgling industry, but one poised to take off as the nation enters the age of electronic medical records. While lawmakers debate how best to oversee the shift to computerized records, some insurers have already begun testing systems that tap into not only prescription drug information, but also data about patients held by clinical and pathological laboratories.
Traditionally, insurance companies have judged an applicant's risk by gathering medical records from physicians' offices. But the new tools offer the advantage of being "electronic, fast and cheap," said Mark Franzen, managing director of Milliman IntelliScript, which provides consumers' personal drug profiles to insurers.
The trend holds promise for improved health care and cost savings, but privacy and consumer advocates fear it is taking place largely outside the scrutiny of federal health regulators and lawmakers. read more »
Cablevision Scores Copyright Victory Against Hollywood - Via Threat Level:
A federal appeals court on Monday lifted an injunction against Cablevision Systems that blocked it from offering a recording service that stored programming on the cable company's own servers instead of on an viewers' in-house recording devices.
Hollywood and television programmers alleged Cablevision’s plan would directly infringe their exclusive rights to both reproduce and publicly perform their copyrighted works. read more »
Congress Bows to Big Content, Scapegoats Higher Ed - Via EFF.org Updates:
Last week, after months of intensive wrangling, the House and the Senate finally agreed on a final version of the Higher Education Act (HEA). Buried in this massive bill, which touches on virtually every aspect of education, is a little provision requiring campuses to develop “plans to effectively combat the unauthorized distribution of copyrighted material, including through the use of a variety of technology-based deterrents.” Those deterrent include bandwidth shaping and traffic monitoring, but also use of filtering technologies such as Audible Magic. “To the extent practicable,” colleges and universities must also offer legal alternatives for file-sharing, such as music services like Ruckus.
There are at least three major problems with this. read more »
Lessig Predicts Cyber 9/11 Event, Restrictive Laws - Via Slashdot: Your Rights Online:
A number of readers are sending in links to a video from the Fortune Brainstorm Tech conference last month, in which Lawrence Lessig recounts a conversation over dinner with Richard Clarke, the former government counter-terrorism czar. Remembering that the Patriot Act was dropped on Congress just 20 days after 9/11 — the Department of Justice had had it sitting in a drawer for years — Lessig asked Clarke if DoJ had a similar proposed law, an "i-Patriot Act," to drop in the event of a "cyber-9/11." Clarke responded, "Of course they do. And Vint Cerf won't like it." Lessig's anecdote begins at about 4:30 in the video.
Registered Traveler Company Frozen After Losing Flier Data - Via Threat Level:
The Transportation Security Administration suspended Verified Identity Pass from enrolling any new passengers in its get-through-security-faster program on Tuesday, after the company lost (and then oddly found) a unencrypted laptop containing personal information of 33,000 people who had applied for the so-called Registered Traveler program.
The company learned of the loss of an unencrypted laptop from the San Francisco airport on July 26 that included enrollees' names, addresses, dates of birth and some drivers' license numbers. TSA suspended new enrollments in the company's Clear Pass program until the company complies with rules requiring that such data notifies all of the affected enrollees.
Current lanes and participants are not affected.
But just hours after that TSA announcement, a VIP spokeswoman Allison Beer said the company had just found the laptop in the very room it had reported it stolen from. Beer declined to speak on the record about whether the laptop had been returned or had been overlooked originally. read more »
FCC Rules Against Comcast for BitTorrent Blocking - Via EFF.org Updates:
On Friday, the FCC voted, 3-2, to punish Comcast for its surreptitious interference with BitTorrent uploads (a practice that EFF helped uncover and document in October 2007). The Commission adopted an order (text of which hasn't been released yet) finding that Comcast violated the neutrality principles set out in the FCC's 2005 "Internet Policy Statement." According to the statement released by FCC Chairman Martin, the order will require Comcast to disclose its practices and stop discriminating against BitTorrent traffic (Comcast, for its part, has already announced that it will be moving to different mechanisms to throttle high-bandwidth users.)
We're pleased that the FCC recognized that Comcast's behavior violated the Internet Policy Statement and could not be excused as "reasonable network management" -- we said as much in our comments to the FCC. We are particularly encouraged that the Chairman Martin specifically took Comcast to task for not adequately disclosing what it was up to -- for the free market to work, customers needs to know what they are buying.
But it's important to recognize that this is just the beginning, not the end, of the fight. The Commission made it clear that it intends to police this frontier of net neutrality on a case-by-case basis, responding to specific consumer complaints. read more »
ACLU Calls FCC Penalty Against Comcast a Step Forward Toward Net Freedom - Via American Civil Liberties Union:
Urges Commissioners to Persevere in Defense of Consumers’ Rights and Net Neutrality
FOR IMMEDIATE RELEASE
Contact: 202-675-2312, media@dcaclu.org
Washington, DC – Today the Federal Communications Commission is expected to penalize Comcast for violating the FCC’s principles to ensure open access to the Internet.
The following can be attributed to Caroline Fredrickson, director of the ACLU Washington Legislative Office:
“We applaud the FCC for taking enforcement action against Comcast. The nation’s second largest Internet service provider violated the commission’s open access rules by unlawfully blocking file-sharing services such as BitTorrent. Significantly, it violated the rules by which the Internet must operate if it is to remain an open forum. read more »
Appeals Court Reverses "Remote DVR" Decision - Via Center for Democracy and Technology:
The Second Circuit Court of Appeals today reversed a lower court decision that, as CDT and a number of others argued in a 2007 amicus brief, had the potential to chill innovation in products that use the Internet to provide storage and computing functions from remote locations. The lower court ruling had blocked Cablevision from rolling out a digital video recorder (DVR) system that stores recorded television programs on remote servers instead of in set top devices in the customers' homes. CDT applauds today's decision, which finds that providing such a remote DVR does not constitute direct copyright infringement. CDT also welcomes the court's finding that transitory data held in buffers for a mere 1.2 seconds do not constitute "copies" for purposes of the Copyright Act.
(Read Original Article - Via Center for Democracy and Technology.)
Consent No Cure For Health Info Privacy Issues - Via CDT - PolicyBeta:
An article in the Washington Post today reported on the use by health and life insurers of identifiable prescription drug records to make coverage decisions. This data is actually acquired by companies that act as data brokers or analysts on behalf of insurers, and individuals applying for insurance consent to having their prescription drug data gathered and used for this purpose. The article further notes that the gathering of this data will be even easier when this information is stored in electronic health records. read more »
FCC Reprimands Comcast in Traffic Management Dispute - Via Center for Democracy and Technology:
The FCC today voted 3-2 to reprimand Comcast for interfering with some of its subscribers' BitTorrent uploads and failing to disclose the action. The ruling is a major development in the long-running debate over "Internet neutrality" and "network management." CDT agrees with the ruling's apparent premise that broadband providers should not target specific applications for inferior treatment and should be much more transparent about network management practices. CDT has serious concerns, however, about the potential breadth of the Commission's assertion of authority and the risk that it could open the door to greater FCC regulatory involvement in Internet issues. The full impact of the ruling will depend on the actual text of the order, which is not yet available.
(Read Original Article - Via Center for Democracy and Technology.)
EFF Releases "Switzerland" ISP Testing Tool - Via EFF.org Updates:
San Francisco - Hours before the Federal Communications Commission (FCC) is expected to take action against Comcast for violating the FCC's net neutrality principles, the Electronic Frontier Foundation (EFF) is releasing "Switzerland," a software tool for customers to test the integrity of their Internet communications.
The FCC action, expected later today, is a response to formal complaints regarding efforts by Comcast to interfere with its subscribers' use of BitTorrent to share files over the Internet. These interference efforts were first documented and disclosed in October 2007 by EFF, the Associated Press, and a concerned Internet user, Robb Topolski. EFF subsequently urged the FCC to declare Comcast's efforts inconsistent with the Commission's 2005 "Internet Policy Statement," which sets a benchmark for neutral treatment of Internet traffic.
"The sad truth is that the FCC is ill-equipped to detect ISPs interfering with your Internet connection," said Fred von Lohmann, EFF Senior Intellectual Property Attorney. "It's up to concerned Internet users to investigate possible network neutrality violations, and EFF's Switzerland software is designed to help with that effort. Comcast isn't the first, and certainly won't be the last, ISP to meddle surreptitiously with its subscribers' Internet communications for its own benefit." read more »
Delicious
Digg
Reddit
Google
Yahoo
Technorati