Privacy Digest

Gov't Database Errors Leading To Unconstitutional Searches? - Via Slashdot:

Wired is running a story about a case the Supreme Court will be hearing on Tuesday that relates to searches based on erroneous information in government databases. In the case of Herring vs. US 07-513, the defendant was followed and pulled over based on a records indicating he had a warrant out for his arrest. Upon further review, the local county clerk found the records were in error, and the warrant notification should have been removed months prior. Unfortunately for Herring, he had already been arrested and his car searched. Police found a small amount of drugs and a firearm, for which Herring was subsequently prosecuted. Several friend-of-the-court briefs have been filed to argue this case, some calling for "an accuracy obligation on law enforcement agents [PDF] who rely on criminal justice information systems," and others defending such searches as good-faith exceptions [PDF].

(Read Original Article - Via Slashdot.)

Oregon Judge Says RIAA Made 'Honest Mistake,' Allows Subpoena - Via Slashdot :

NewYorkCountryLawyer writes "In Arista v. Does 1-17, the RIAA's case targeting students at the University of Oregon, the Oregon Attorney General's motion to quash the RIAA's subpoena — pending for about a year — has reached a perplexing conclusion. The Court agreed with the University that the subpoena, as worded, imposed an undue burden on the University by requiring it to produce 'sufficient information to identify alleged infringers,' which would have required the University to 'conduct an investigation,' but then allowed the RIAA to subpoena the identities of 'persons associated by dorm room occupancy or username with the 17 IP addresses listed' even though those people may be completely innocent. In his 8-page decision (PDF), the Judge also 'presumed' the RIAA lawyers' misrepresentations were an 'honest mistake,' made no reference at all to the fact, pointed out by the Attorney General, that the RIAA investigators (Safenet, formerly MediaSentry) were not licensed, rejected all of the AG's privacy arguments under both state and federal law, and rejected the AG's request for discovery into the RIAA's investigative tactics."

(Read Original Article - Via Slashdot .)

California Governor Signs Off On New Protections for Free Speech - Via EFF.org Updates:

California Governor Arnold Schwarzenegger yesterday signed Assembly Bill 2433 and filled a significant gap in protection for anonymous speech online. Authored by Assemblymember Paul Krekorian and co-sponsored by EFF, the California Anti-SLAPP Project and the California Newspaper Publishers Association, the new law allows speakers who successfully oppose the use of bogus out-of-state litigation to obtain their identities to recover attorneys' fees. Assemblymembers Sally Lieber and Anthony Portantino co-authored the bill.

One of the most pernicious threats to anonymity is the filing of trumped-up lawsuits as an excuse to force ISPs to reveal speakers’ identities. Once such a lawsuit is filed, speakers who want to protect their anonymity must find a way to pay a lawyer to go to court and prevent disclosure of their personal information. That can be a real hardship—in fact, even the threat of having to go to court may discourage many people from speaking out in the first place.  read more »

Chinese Skype Client Hands Confidential Communications to Eavesdroppers - Via EFF.org Updates:

This Wednesday, Information Warfare Monitor published damning evidence showing that TOM-Skype, the version of the voice and chat program distributed in China not only blocks keywords from chat conversations, but also spies on and remotely reports the contents of Skype users' private text conversations. This directly contradicts Skype's previous assurances that "full end-to-end security is preserved and there is no compromise of people’s privacy", even on the customized Chinese client.

This special breached version of Skype, distributed by the Chinese portal company TOM Online, has long been known to block certain contentious phrases from instant message conversations. IWM's Nart Villeneuve's research shows that when these keywords are mentioned in conversations, the client software also sends an encrypted message to one of eight remote servers hosted in China.

Due to poor security on these servers, Villeneuve was able to uncover what was being sent: extensive logs on user activity, including archives of more than 166,000 censored messages from 44,000 users.  read more »

On the “Anonymity” of the Facebook Dataset - Via michaelzimmer.org :

A group of researchers have released a dataset of Facebook profile information from a group of college students for research purposes, which I know a lot of people will find quite valuable. (Thanks to Fred Stutzman for bringing it to my attention.)

Here is the description from the Berkman Center’s announcement:

The dataset comprises machine-readable files of virtually all the information posted on approximately 1,700 FB profiles by an entire cohort of students at an anonymous, northeastern American university. Profiles were sampled at one-year intervals, beginning in 2006. This first wave covers first-year profiles, and three additional waves of data will be added over time, one for each year of the cohort’s college career.  read more »

Bookmark/Search this post with:

• Delicious
• Digg
• Reddit
• Google
• Yahoo
• Technorati

Huge System for Web Surveillance Discovered in China - Via NYTimes.com :

SAN FRANCISCO — A group of Canadian human-rights activists and computer security researchers has discovered a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words.

The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service.

The discovery draws more attention to the Chinese government’s Internet monitoring and filtering efforts, which created controversy this summer during the Beijing Olympics. Researchers in China have estimated that 30,000 or more “Internet police” monitor online traffic, Web sites and blogs for political and other offending content in what is called the Golden Shield Project or the Great Firewall of China.

The activists, who are based at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, discovered the surveillance operation last month. They said a cluster of eight message-logging computers in China contained more than a million censored messages. They examined the text messages and reconstructed a list of restricted words.  read more »

Chinese Skype Software Secretly Logs Political Chat Messages - Via Threat Level:

Editor: Interesting graphic removed. Go to original site for that [...]

A Chinese-language version of Skype scans users' chat messages for keywords such as "democracy," and sends a copy of the offending message to the company's servers, according to a report released Thursday by a Canadian online human rights group.

That's despite adamant claims by the Ebay-owned company that its software offers encrypted, safe communication.

Nart Villeneuve of the University of Toronto's Citizen Lab found that a Chinese version of the popular chat and internet phone-call software sent the full text of millions of messages with 'sensitive' keywords to servers controlled by Skype's Chinese partner TOM Online.

Captured messages discuss sensitive topics such as Taiwanese independence, tainted milk and the banned Falun Gong group.  read more »

Commissioner Cavoukian outlines what will need to be done to protect privacy in the 21st century - Via CNW Group | OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER/ONTARIO:

TORONTO, Sept. 26 /CNW/ - Ontario Information and Privacy Commissioner Ann Cavoukian is unveiling a key white paper outlining what will need to be done to protect privacy in the future, at a special presentation at the University of Waterloo, on Monday, September 29, 2008.

"As a regulator, I have been called many things during my tenure," said the Commissioner, "but rarely have I been called a dreamer. But that is precisely the practice one must engage in if privacy is to not only survive, but thrive, well into the future. But dreaming is not enough. As a pragmatist, I must embed that dream into reality. One way of doing so is seeking to embed privacy into the design and architecture of all technologies, so that it may live well into the future. So you might call me a radical pragmatist, because I dream BIG - in technicolour; there is no black and white anymore."  read more »

Palin Had a Third Private E-mail Account - Via Threat Level:

In addition to the two Yahoo accounts that were already known -- including one that was hacked earlier this month -- the Washington Post has learned that Alaska Governor Sarah Palin had a third private e-mail account on a closed network that she and her staff used to communicate outside of the government's official e-mail system.

The owner of ITS Alaska, a tech company based in Wasilla, told the Post that an e-mail system was set up last spring under the domain that Palin had used for her campaign for governor -- PalinForGovernor.com -- and that access to the system was confined to "her closest confidants and co-workers and advisers and the person she sleeps with."  read more »

MI6 Terror Photos, Data Accidentally Sold On Ebay - Via Slashdot:

Barence writes "In what's turning out to be a bad week for security in the UK, confidential MI6 documents, fingerprints and photos relating to suspected Al-Qaeda terrorists have been found in the memory of the second-hand Nikon Coolpix camera, which was bought on eBay for only £17. The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC. Remember, this is the same MI6 which plans to recruit new members via Facebook, a userbase not exactly famous for its dedication to privacy, security and discretion. The news comes on the back of yesterday's embarrassment over a local council whose VPN device ended up on eBay with confidential login details left on it."

(Read Original Article - Via Slashdot.)

Privacy 2.0: No Privacy at All - Columns by PC Magazine - Via Columns by PC Magazine :

Google's limiting the length of time it keeps records on people? Big deal. Why the public puts up with any tracking whatsoever is a mystery to me.

When Google said it would limit the length of time it kept records on people, privacy advocates thought this was a step in the right direction. That the public puts up with any tracking whatsoever amazes me.

In the news this week, AT&T and Verizon said they won't track users unless users want to be tracked. I found this paragraph in this Washington Post article to be the best summary, and also quite revealing:  read more »

Olympics reach a new low: trademarking the Canadian national anthem and threatening lawsuits over competing uses - Via Boing Boing :

The International Olympic Committee has trademarked a line from the Canadian national anthem, "with glowing hearts," and is threatening to sue anyone who uses the line in Canada, as part of the Vancouver Games.

This is par for the course. The IOC is a corrupt, bullying, greedy, hypocritical organization that uses trademark laws to limit the free speech and commerce of people who have the misfortune to attend or live near the games -- for example, in Athens, they forced people to take off or cover up t-shirts that had logos for companies that hadn't paid to sponsor the Olympics; and in Washington, they attacked decades-old businesses named after nearby Mount Olympia.

The Olympics cloak themselves in the rhetoric of international cooperation and development, but everything they touch turns to garbage: totalitarian surveillance camps where corporate greed rules all. The Canadian IOC ought to be disbanded over this -- it's an affront to the entire nation.

Parliament should undo its special legislation that allowed the IOC to assert trademarks over words like "Winter" as well -- our language is not property, it is freely usable by all of us.  read more »

Bill Would Rein In Laptop Searches at the Border - Via Center for Democracy and Technology:

Random, intrusive searches of the contents of laptop computers at the border would be outlawed by legislation introduced on September 26 by Senators Feingold, Cantwell, Wyden, and Akaka. The Traveler's Privacy Protection Act (S. 3612) would require U.S. Customs and Border Patrol officials to have a "reasonable suspicion" of a crime before they could search a laptop computer and other data storage devices; a court order based on probable cause would be needed to seize a device. Travelers could be present while electronic devices were searched, discriminatory searches would be barred, and strict time limits for searching would be imposed. The bill, which limits its protection to residents of the US, would displace recently-disclosed Customs policies permitting suspicionless laptop searches at the border that could last for weeks. September 29, 2008

Text of Bill S. 3612 [PDF] September 26, 2008

(Read Original Article - Via Center for Democracy and Technology.)

MPAA, RealNetworks Wage Court Battle Over DVD-Copying Software - Via Threat Level:

RealNetworks and the Motion Picture Association of America are suing one another over whether movie fans can copy their DVDs.

The Tuesday lawsuits came the same day RealNetworks released RealDVD, a $30 application allowing movie fans to easily make copies of their DVDs using their computer.

The Seattle company asked(.pdf) a federal judge to fend off a legal challenge brought the same day by the Motion Picture Association of America. The MPAA -- the litigation and lobbying arm of the Hollywood studios whose grip on the DVD is at a crossroads -- is demanding(.pdf) that a judge block(.pdf) the sale of RealDVD.

"RealNetworks’ RealDVD should be called StealDVD," said Greg Goeckner, the MPAA's executive vice president and general counsel. "RealNetworks knows its product violates the law."  read more »

New Jersey's Cablevision Hijacks DNS Error Pages - Via Slashdot:

Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." --- Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.

(Read Original Article - Via Slashdot .)

Editor: My provider, Verizon, has been doing this also for a while. But if you push hard enought they will give you alternate DNS servers without this 'feature'.