Global Internet Freedom and the U.S. Government: Via Freedom to Tinker.

Over the past two weeks I've testified in both the Senate and the House on how the U.S. should advance "Internet freedom." I submitted written testimony for both hearings which can be downloaded in PDF form here and here. Full transcripts will become available eventually but meanwhile you can click here to watch the Senate video and here to watch the House video. In both hearings I advocated a combination of corporate responsibility through the Global Network Initiative backed up by appropriate legislation given that some companies seem reluctant to hold themselves accountable voluntarily; revision of export controls and sanctions; and finally, funding and support for tools, and technologies and activism platforms that will counter-act suppression of online speech.
[ Read more ... ]

TJX Hacking Conspirator Gets 4 Years: Via Threat Level.

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts.

Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the condition that Zaman must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers. [ Read more ... ]

Hi-tech governments growing keener on snooping, says report | Pinsent Masons LLP: Via Pinsent Masons LLP at Out-Law.com .

Western industrial countries are becoming more willing to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.

Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.

"When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will," it said in its 2010 report. "This is changing: the able have become willing and their traditional restraints have failed." [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]

Better U.S. Net Rules for Iran, Cuba and Syria: Via EFF.org Updates.

The Treasury's Office of Foreign Assets Control (OFAC) announced on Monday key amendments to the regulation of United States sanctions against Cuba, Iran and Sudan.

The new provisions give a blanket license for the export of "certain services and software incident to the exchange of personal communications over the Internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging, provided that such services are publicly available at no cost to the user."

This clarification is just what EFF called for last June, and will go a long way to allay concerns that online service providers based in the U.S. cannot offer their services in those countries. Previously, despite the well-known freedom-enhancing capabilities of services like Twitter and Facebook in repressive regimes like Iran, it was unclear whether those companies could even offer their services there without falling foul of the United State's broad prohibition on the export of goods and services to these regimes. [ Read more ... ]

European Parliament Rips Global IP Accord: Via Threat Level.

The European Parliament delivered a political blow to Hollywood and the Obama administration, voting Wednesday 663 to 13 in opposition to a proposed and secret intellectual property agreement being negotiated by the European Union, United States and a handful of others.

Wednesday’s developments concerning the Anti-Counterfeiting and Trade Agreement are substantial because the European Union’s 27 countries vastly outnumber the remaining countries negotiating the deal. They are Australia, Canada, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. Ambassador Ron Kirk, the top U.S. trade official, is spearheading the deal that began being crafted under the George W. Bush administration.

Kirk’s office declined comment.

To be sure, there is a dispute and heavy confusion concerning whether internet service providers under ACTA would be forced to punish customers deemed copyright scofflaws by reducing or eliminating service, according to a string of leaked documents. So Parliament members also agreed Wednesday to oppose the measure if it contains so-called “three strikes” or “graduated response” policies — regardless of whether that’s now in the text.

And because of the text’s secrecy, Parliament on Wednesday also demanded (.pdf) that the private agreement still under negotiation be publicly released. [ Read more ... ]

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

International Women's Day: A Celebration of a World Advancing Women's Human Rights: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Every year on March 8, we celebrate the triumphs and struggles of women around the world. In my home country of Australia, the day is always special — and it's not unusual for a stranger to wish you a "happy women's day!" on your way to work. For the past 10 years or so my friends and I have made it a ritual to get up ridiculously early to mark the occasion with a women's breakfast. I always leave these events inspired by the past achievements that we as young women benefit from, and filled with a sense of purpose for the work that is still yet to be done. [ Read more ... ]

Italy Convicts Google Execs To Protect Privacy: Via NPR.

Europeans are debating the overall reach of the Internet into their lives. An Italian court recently convicted three Google executives for privacy violations after a clip was posted on Google Video showing a disabled student being bullied by classmates in Turin. The ruling highlights a deep trans-Atlantic cultural gap: Americans see the ruling as undermining the concept of freedom of expression, while Europeans put privacy first — they consider it a fundamental human right. [ Read more ... ]

Comprehensive National Cybersecurity Initiative: Via Schneier on Security.

On Tuesday, the White House published an unclassified summary of its Comprehensive National Cybersecurity Initiative (CNCI). Howard Schmidt made the announcement at the RSA Conference. These are the 12 initiatives in the plan: [ Read more ... ]

Tracing attack source key to cybersecurity strategy, Chertoff says: Via Computerworld Security News.

Michael Chertoff, former head of the U.S. Department of Homeland Security, talked of the difficulties in creating a national cybersucurity plan during an interview with Computerworld.

The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today.

Chertoff, who is participating in a panel discussion at the conference, said there is a growing need for the U.S to create a strong, formal strategy for responding to cyberattacks against American interests. [ Read more ... ]

Cyberwar Hype Intended to Destroy the Open Internet: Via Threat Level.

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering:  McConnell is the nice-seeming guy who is willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those not in the know.

When he was head of the country’s national intelligence, he scared President Bush with visions of e-doom, prompting the president to sign a comprehensive secret order that unleashed tens of billions of dollars into the military’s black budget so they can start making firewalls and malware into military equipment. And now McConnell, back safely in civilian life as a vice president at the secretive defense contracting giant Booz Allen Hamilton, is out in front of Congress and the media, peddling the same Cybaremaggedon! gloom.

And now he says we need to re-engineer the internet. [ Read more ... ]

In Italian Google Case, American and European Ideas of Privacy Collide: Via NYTimes.com .

“On the Internet, the First Amendment is a local ordinance,” said Fred H. Cate, a law professor at Indiana University. He was talking about last week’s ruling from an Italian court that Google executives had violated Italian privacy law by allowing users to post a video on one of its services.

In one sense, the ruling was a nice discussion starter about how much responsibility to place on services like Google for offensive content that they passively distribute.

But in a deeper sense, it called attention to the profound European commitment to privacy, [ Read more ... ]

If "God Has a Plan For Sex," Does Obama Have a Plan for Monitoring Programs Overseas?: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

(Originally posted on Daily Kos.)

On Saturday, the White House faith advisory council task force released recommendations for government agencies that do business with faith-based social service groups. These recommendations touch on several issues related to a recently filed lawsuit by the American Civil Liberties Union. In that case, the ACLU asked a court to order the United States Agency for International Development (USAID) to release documents related to its funding of religious abstinence-only-until-marriage programs overseas, which will likely uncover violations of the constitutional guarantee of separation of church and state. [ Read more ... ]

Leaked ACTA draft reveals plans for internet clampdown: Via Computerworld(NZ).

ISPs must snoop on subscribers or face being sued by content owners

The US, Europe and other countries including New Zealand are secretly drawing up rules designed to crack down on copyright abuse on the internet, in part by making ISPs liable for illegal content, according to a copy of part of the confidential draft agreement that was seen by the IDG News Service.

It is the latest in a series of leaks from the anticounterfeiting trade agreement (ACTA) talks that have been going on for the past two years. Other leaks over the past three months have consisted of confidential internal memos about the negotiations between European lawmakers.

The chapter on the internet from the draft treaty was shown to the IDG News Service by a source close to people directly involved in the talks, who asked to remain anonymous. Although it was drawn up last October, it is the most recent negotiating text available, according to the source.

It proposes making ISPs (internet service providers) liable under civil law for the content their subscribers upload or download using their networks. [ Read more ... ]

ACTA "internet enforcement" chapter leaks: Via Boing Boing .

Someone has uploaded a PDF to a Google Group that is claimed to be the proposal for Internet copyright enforcement that the USA has put forward for ACTA, the secret copyright treaty whose seventh round of negotiations just concluded in Guadalajara, Mexico. This reads like it probably is genuine treaty language, and if it is the real US proposal, it is the first time that this material has ever been visible to the public. According to my source, the US proposal is the current version of the treaty as of the conclusion of the Mexico round.

I've read it through a few times and it reads a lot like DMCA-plus. It contains, for example, a duty to technology firms to shut down infringement where they have "actual knowledge" that such is taking place. This argument was put forward in the Grokster case, and as Fred von Lohmann argued then, this is a potentially deadly burden to place on technology companies: in the offline world Xerox has "actual knowledge" that its technology is routinely used to infringe copyright at Kinko's outlets around the world -- should that create a duty to stop providing sales and service to Kinko's?

This also includes takedown procedures for trademark infringement, as well as the existing procedures against copyright infringement. [ Read more ... ]

Copyright Undercover: ACTA & the Web: Via Internet Evolution - The Big Report .

Let's pause a moment to consider the nature of copyright, the Internet, and governance. Copyright law has historically been made by and for the entertainment industry's supply chain. Copyright rules were not envisioned as an adequate or desirable regulation-set for any other realm: We don't try to shoehorn labor law, finance, education, healthcare, election campaigns, or parenting matters into copyright.

But once you take those activities onto the Internet, copyright becomes the first line of regulation governing everything. It's impossible to do anything on the Internet without making copies (you made between 5 and 50 copies of this article just by following a link to it). And since copyright regulates copying, any rule that affects copyright will affect all those realms, too.

That's what makes ACTA's secrecy so troubling, even if you don't care about copyright, fair use, or other wonky subjects. [ Read more ... ]

Our human rights vs. The Others: Via Salon: Glenn Greenwald.

(updated below - Update II)

Ten American Baptists were arrested two weeks ago in Haiti on charges that they exploited the chaos in that country by attempting to smuggle 33 young Haitian children across the border without permission -- either to bring them to a life of Christianity or (as some evidence suggests) to filter them into a child trafficking ring.  National Review's Kathryn Jean Lopez is deeply upset by the plight of at least one of the detained Americans, Jim Allen, whom she contends (based exclusively on his family's claims) is innocent.  Lopez demands that the State Department do more to "insist" upon Allen's release, and -- most amazingly of all -- complains about the conditions of his detention.   She has the audacity to cite a Human Rights Watch description of prison conditions in Haiti as "inhumane."  Lopez complains that Allen was waterboarded, stripped, frozen and beaten has "hypertension," was shipped thousands of miles away to a secret black site beyond the reach of the ICRC and then rendered to Jordan allowed to speak to his wife only once in the first ten days of his confinement, and was consigned to years in an island-prison cage with no charges denied his choice of counsel for a few days (though he is now duly represented in Haitian courts by a large team of American lawyers). [ Read more ... ]

Privacy and Medical issues of Airport body scanners: Via The Malta Independent Online.

The attempted terror attack on a Delta/Northwest flight to Detroit from Amsterdam, averted by quick passenger reaction, has brought the so-called body-scanners (or screeners) into the limelight. In Malta, the question was also raised by the local press at the MIA meeting when the annual statistics were presented in January.

The debate in the EU focuses on two controversial issues of security technology: on the one hand the ‘naked’ issue and data protection, and, to a lesser extent, the medical issue.

The ‘naked’ issue

As regards the first issue, while there was a lot of hype about how technology can hide ‘critical’ areas, one might consider that people on the beach do not look that different, do they?

However, people choose to so ‘present themselves’ on the beach, but here one does not have a choice. For people with some handicap it might mean extra unwanted exposure, and who guarantees that the photos are not stored in some way? [ Read more ... ]

EP ditches US SWIFT deal on bank data over privacy - : Via Banking : europa, europe | euronews.

An EU deal with the US has been judged not good enough for the European Parliament — the so-called SWIFT agreement on sharing bank data. This would have meant exposing ordinary Europeans’ accounts to American anti-terrorist investigators.

A nine-month interim agreement went into force provisionally at the start of this month. But Liberal, Socialist and Green euro-MPs opposed it. They said the correct balance between security and the protection of civil liberties was missing.

[...]

Washington previously had access to the data, collected by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which registers money transfers among states. EU diplomats say one way to regain access could be to seek bilateral agreements.

Read Original Article:(Via Banking : europa, europe | euronews.)

Wikileaks and Iceland MPs propose 'journalism haven': Via BBC News.

Iceland could become a "journalism haven" if a proposal put forward by some Icelandic MPs aided by whistle-blowing website Wikileaks succeeds.

The Icelandic Modern Media Initiative (IMMI), calls on the country's government to adopt laws protecting journalists and their sources.

It will be filed with the Althingi - Iceland's parliament - on 16 February.

If the proposal succeeds it will require the Icelandic government to consider introducing legislation.

Julian Assange, Wikileaks' editor, told BBC News that the idea was to "try and reform Iceland's media law to be a very attractive jurisdiction for investigative journalists".

He has been in Iceland for a number of weeks and is advising MPs on the IMMI.

The hope is that journalist-friendly laws will encourage media businesses to move to Iceland. [ Read more ... ]

Another View: Why Privacy Matters to the Swiss: Via DealBook Blog - NYTimes.com .

The United States, the European Union and its individual member countries, the Organization for Economic Cooperation and Development, a host of nongovernmental organizations and a phalanx of other interested parties have drawn a bead on Switzerland, howling that it refuses to see the light and pin up the names of foreign bank clients on the front doors of its banks.

[...]

Swiss banks in general, and the country’s banking secrecy laws in particular, have been blamed for a lot of the world’s evils, including tax evasion, tax fraud, capital flight, Third World poverty, money-laundering and the financing of terrorism. Let’s add climate change, continental drift and lumps in mashed potato to the charge sheet for good measure. But what exactly is this fabled “banking secrecy” now being harpooned by boatloads of Captain Ahabs, and why are the Swiss so attached to it? [ Read more ... ]

New Russian botnet tries to kill rival: Via Computerworld Cybercrime/Hacking News.

An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.

Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.

The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords.

Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. [ Read more ... ]

British Court Orders Release Of Torture Evidence In Extraordinary Rendition Case: Via American Civil Liberties Union.

Ruling May Affect British Resident's Case In ACLU Lawsuit Against Boeing Subsidiary For Its Role In Unlawful Extraordinary Rendition Program 

FOR IMMEDIATE RELEASE
CONTACT: (212) 549-2666; media@aclu.org

NEW YORK – The American Civil Liberties Union commended today's ruling by a British court that the British government must release evidence of torture in the case of British resident Binyam Mohamed, who was captured in Pakistan and detained in Morocco, Afghanistan and Guantánamo Bay as part of the Bush administration's extraordinary rendition program. While in detention, Mohamed was subjected to physical and psychological abuse by his captors. Upon his release, Mohamed sought documents from the British government that would confirm that U.K. officials were aware of and complicit in his abuse by U.S. forces. Today's ruling orders the disclosure of seven previously suppressed paragraphs from an earlier court ruling that summarize British government documents related to Mohamed's detention and torture while under the control of U.S. authorities. [ Read more ... ]

Wikileaks Meets Its Cash Goal — For Now: Via Threat Level.

The whistleblowing site Wikileaks has apparently raised the money it needs to continue operating for the time being, according to a message the organization sent out Wednesday night on Twitter.

“Achieved min. funraising [sic] goal. ($200k/600k); we’re back fighting for another year, even if we have to eat rice to do it,” read the tweet, without specifying whether it had raised the full $600,000 or just $200,000.

The site announced last December that it was ceasing day-to-day operations to focus on raising money. It said contributors could still send documents and tips through its anonymous submission tool. Last week, it was ceasing operations indefinitely because it had raised only $130,000 of the $200,000 it needed to maintain base operations annually. The site says it requires $600,000 to operate if it pays its staff of technologists and curators who sift through submissions to provide context for documents and other information valuable to its users.

The announcement page, beginning with: “We protect the world — but will you protect us?” has not changed, except to add that Wikileaks “will be back soon.” [ Read more ... ]