Undercover Feds on Social Networking Sites Raise Questions: Via Threat Level.

The next time someone ties to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family, according to an internal Justice Department document obtained by the Electronic Frontier Foundation.

The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends, according to the Associated Press.

The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.

The document says that evidence from social networking sites can: [ Read more ... ]

Secret Document Calls Wikileaks ‘Threat’ to U.S. Army: Via Threat Level.

Wikileaks presents a “threat to the U.S. Army” and publishes “potentially actionable information” for targeting military personnel, according to a classified intelligence report posted Monday on the whistleblowing site.

The 32-page report entitled Wikileaks.org – An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups? (.pdf) indicates the government’s concern that “current employees or moles” within the Defense Department or the U.S. government “are providing sensitive or classified information to Wikileaks.” To stop this, the 2008 report had suggested a campaign to expose and punish those who leak to the site, which was founded in 2007 by Chinese dissidents, journalists and mathematicians.

“Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the website that they will remain anonymous,” according to the report. “The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.” [ Read more ... ]

FBI Hoaxes Boost Online Fraud: Via Threat Level.

Online fraud in the United States doubled to a reported $560 million in losses last year as illicit phishing expeditions by thieves posing as the Federal Bureau of Investigation represented the biggest consumer complaint, according to a Friday government survey.

The e-mail phishing scams represented 16.6 percent of all complaints. The next closest category, at 12 percent, concerned consumer unhappiness about being billed for products never ordered or received, according to FBI data unveiled Friday.

Overall, the number of reported dollar losses stemming from online fraud doubled in 2009 from the year prior. [ Read more ... ]

Hi-tech governments growing keener on snooping, says report | Pinsent Masons LLP: Via Pinsent Masons LLP at Out-Law.com .

Western industrial countries are becoming more willing to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.

Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.

"When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will," it said in its 2010 report. "This is changing: the able have become willing and their traditional restraints have failed." [ Read more ... ]

The Limits of Identity Cards: Via Schneier on Security.

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, "Identity and its Verification," in Computer Law & Security Review, Volume 26, Number 1, Jan 2010.

Those faced with the problem of how to verify a person's identity would be well advised to ask themselves the question, 'Identity with what?' An enquirer equipped with the answer to this question is in a position to tackle, on a rational basis, the task of deciding what evidence will be useful for the purpose. Without the answer to the question, the verification of identity becomes a sadly familiar exercise in blind compliance with arbitrary rules.

Read Original Article:(Via Schneier on Security.)

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

Medical identity theft strikes 5.8% of U.S. adults: Via Network World at Computerworld Privacy News.

Identity thieves are not only interested in tapping financial resources, but are also after your medical identification data and services.

Medical identity theft typically involves stolen insurance card information, or costs related to medical care and equipment given to others using the victim's name. Roughly 5.8% of American adults have been victimized, according to a new survey from The Ponemon Institute. The cost per victim, on average, is $20,160.

Is your health privacy at risk?

"The National Study on Medical Identity Theft" is based on findings from 156,000 people who agreed to discuss identity theft in general. Among those surveyed, 5.8% provided specific details about how they had been hit by medical ID theft, in particular. [ Read more ... ]

Celebrate Human Rights Successes Tonight: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Tonight, the Human Rights Fund will celebrate the release of a new report. Called Perfecting Our Union: Human Rights Success Stories Across the United States, the report profiles how groups like the ACLU and the Human Rights Institute at Columbia University have used international human rights standards and strategies to improve people's lives in this country.

You're invited to attend the celebration tonight at the Public Interest Projects offices (45 W 36th St., 6th Floor) in New York tonight, from 5:30 to 7:30.

RSVP here. And check back here tomorrow for a link to the report.

Read Original Article:(Via Blog of Rights: Official Blog of the American Civil Liberties Union.)

CDT Issues Report Recommending Privacy Guidelines for Digital Signage Industry: Via CDT - Center for Democracy & Technology.

Washington -- On Monday, the Center for Democracy & Technology (CDT) released a report that includes a set of privacy recommendations for the rapidly growing digital signage industry.  The report focuses on the industry's adoption of identification and interactivity technologies such as facial recognition, mobile marketing, social networking, RFID tracking and license plate scanners.

The recommendations in CDT's report, "Building The Digital-Out-Of-Home Privacy Infrastructure," are based on the widely accepted Fair Information Practices (FIPs). [ Read more ... ]

SSRN-Privacy in the Digital Age: Fact or Fiction?: Via SSRN John H. Nugent Texas Woman's University School of Management.

Abstract:     
This paper examines the history, drivers, issues, and various legal approaches to protecting privacy (unified and sector) with a focus on the United States, and to a large degree on data privacy. A determination is made whether either approach affords the individual privacy in the digital age. The paper examines specific risks as well as fundamental challenges facing the privacy paradigm

Read Original Article:(Via John H. Nugent Texas Woman's University School of Management.)

If "God Has a Plan For Sex," Does Obama Have a Plan for Monitoring Programs Overseas?: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

(Originally posted on Daily Kos.)

On Saturday, the White House faith advisory council task force released recommendations for government agencies that do business with faith-based social service groups. These recommendations touch on several issues related to a recently filed lawsuit by the American Civil Liberties Union. In that case, the ACLU asked a court to order the United States Agency for International Development (USAID) to release documents related to its funding of religious abstinence-only-until-marriage programs overseas, which will likely uncover violations of the constitutional guarantee of separation of church and state. [ Read more ... ]

Pentagon Discloses Hundreds of Reports of Possibly Illegal Intelligence Activities: Via EFF.org Updates.

The Department of Defense has released more than 800 heavily-redacted pages of intelligence oversight reports, detailing activities that its Inspector General has “reason to believe are unlawful.” The reports are the latest in an ongoing document release by more than a half-dozen intelligence agencies in response to a Freedom of Information Act (FOIA) lawsuit filed by EFF in July 2009.

The reports, submitted to the Intelligence Oversight Board (IOB) by various Department of Defense components, cover the period from 2001 through 2008. The IOB’s role within the Executive Office of the President is to ensure that each component of the intelligence community works within the Constitution and all applicable laws. As such, the Inspector General of each intelligence agency is required to submit periodic reports to the IOB, which in turn is required to forward to the Attorney General any report identifying an intelligence activity that violates the law. Intelligence oversight reporting is rarely disclosed to the public. [ Read more ... ]

FTC: Identity Theft Is No. 1 Consumer Complaint | Threat Level | Wired.com: Via Threat Level | Wired.com .

That’s because identity theft was the top consumer complaint for 2009, the Federal Trade Commission reported Wednesday.

It was also the top complaint from the year before, although 5 percent fewer consumers reported it in 2009, the commission said.

Overall, of the 1.3 million complaints the agency received last year, 21 percent were for identity theft. Debt collection agencies ranked second, with 9 percent of complaints, according to the Consumer Sentinel Network Data Book released Wednesday. [ Read more ... ]

Redefining privacy in the era of personal genomics: Via Ars Technica.

DNA, the storage bank of genetic information for all living organisms, is challenging scientists and policy makers to reconsider the issue of privacy. With the completion of the human genome and advancements in DNA sequencing technologies, a person’s DNA can potentially be tested for risks related to a number of genetic diseases. This progress is promising for personalized medicine, but ethical and policy issues are coming to the forefront as well. After all, can DNA data ever be truly private and anonymous when DNA itself can also act as a unique identifier? [ Read more ... ]

Cell phones show human movement predictable 93% of the time: Via Ars Technica.

We'd like to think of ourselves as dynamic, unpredictable individuals, but according to new research, that's not the case at all. In a study published in last week's Science, researchers looked at customer location data culled from cellular service providers. By looking at how customers moved around, the authors of the study found that it may be possible to predict human movement patterns and location up to 93 percent of the time. These findings may be useful in multiple fields, including city planning, mobile communication resource management, and anticipating the spread of viruses. [ Read more ... ]

What you buy and where you shop may affect your credit: Via creditcards.com .

New credit card law requires probe of issuers' use of purchasing data

As credit card companies continue to tighten their lending standards on card users, some are using purchasing data -- gleaned from millions of card transactions processed daily -- to weed out who may or may not be good credit risks.

Have you used your credit card at merchants specializing in secondhand clothing, retread tires, bail bond services, massages, casino gambling or betting? Your credit card issuer may be taking note -- and making decisions about your creditworthiness based on your purchasing behavior. The reason: Buying used clothing or retread tires may be an indication of financial distress and a preamble to missed credit card payments or defaults.

Now, Congress and federal regulators will be probing the extent to which credit card issuers have used information about where a person shops or what they buy as reasons to lower credit limits or increase interest rates. [ Read more ... ]

Why Pete Warden Should Not Release Profile Data on 215 Million Facebook Users: Via Michael Zimmer.org .

Speaking of the research ethics related to automatically harvesting public social networking data, we are confronted this week with the story of Pete Warden, a former Apple engineer who has spent the last six months harvesting and analyzing data from some 215 million public Facebook profile pages.

According to Warden, he exploited a flaw in Facebook’s architecture to access public profiles without needing to be signed in to a Facebook account, effectively avoiding being bound by Facebook’s Terms of Service preventing such automated harvesting of data. As a result, he amassed a database of names, fan pages, and lists of friends for 215 million public Facebook accounts. [ Read more ... ]

Police want backdoor to Web users' private data: Via Politics and Law - CNET News.

Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

CNET has reviewed a survey scheduled to be released at a federal task force meeting on Thursday, which says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to "exchange legal process requests and responses to legal process" through an encrypted, police-only "nationwide computer network." (See one excerpt and another.) [ Read more ... ]

Report Details Hacks Targeting Google, Others: Via Threat Level.

It’s been three weeks since Google announced that it and numerous other U.S. companies were targeted in a recent sophisticated and coordinated hack attack dubbed Operation Aurora.

Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan, and about 34 mostly undisclosed companies were breached.

Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack. [ Read more ... ]

Privacy and Smart Grid - More Than Meets the Eye: Via Smart Grid at Technology Marketing Corp.

One of the speakers I enjoyed hearing at the Smart Grid Summit was Catherine Thompson, who spoke on the Privacy and Security session. Catherine is the Regulatory and Policy Advisor at the Ontario Information and Privacy Commissioner’s Office. We all know there are many privacy issues associated with smart grid, but we don’t often get to hear from someone with such a strong focus in this area.
 
Aside from hearing her insights on privacy, Catherine has kindly offered to share a paper that her office recently produced specifically about smart grid issues. The paper is titled “SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation,” and can be downloaded from our portal. Since most of you have not seen the paper yet, I’d like to summarize the key ideas here, and would encourage you to read it in full, and then see how these principles can be applied to your smart grid initiatives. [ Read more ... ]

Facebook Privacy, Security Fears Grow with Social Network Risks: Via Security from eWeek.

According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.

Businesses are growing more concerned about the use of social networks, starting with Facebook.

According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest social networking site. The statistics, which were included in Sophos' "Security Threat Report: 2010" (PDF), revealed that while 33 percent block Facebook for productivity reasons, businesses are also concerned with the prospect of spam, malware and data leakage on social networks. [ Read more ... ]

Future of Privacy Forum Release Behavioral Notices Study: Via Future of Privacy Forum.

Research Shows Transparency and Choice Significantly Increase Acceptance of Behavioral Ads

WASHINGTON – Today, the Future of Privacy Forum (FPF) released the results of a research study which tested the effectiveness of using new icons and key phrases to provide web surfers with more transparency and choice about behavioral advertising practices. FPF launched the notices initiative in May 2009 and partnered with a number of divisions at WPP, the global marketing communications company, to launch a consumer focused effort that would rely on the skill of advertising and communications professionals to engage users about efforts to provide relevant banner advertising. In February 2009, the Federal Trade Commission had expressed concern that privacy policies were not being read or understood, and urged the industry to develop new methods of providing notice to users about behavioral advertising practices.

The two phrases that performed significantly better than others in the 2600 internet user panel were, “Why did I get this ad?” and “Interest based ads.” [ Read more ... ]

Online Credit/Debit Card Security Failure: Via Schneier on Security.

Ross Anderson reports:

Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as "Verified by VISA" and "MasterCard SecureCode". This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It's getting hard to shop online without being forced to use it.

In a paper I'm presenting today at Financial Cryptography, Steven Murdoch and I analyse 3D Secure. From the engineering point of view, it does just about everything wrong, and it's becoming a fat target for phishing. So why did it succeed in the marketplace? [ Read more ... ]

Bookmark/Search this post with:

• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo