Privacy Digest

Report: Data Mining Ineffective Anti-Terrorist Tool - Via CDT - PolicyBeta:

A new National Research Council report cautions that government data mining programs cannot effectively identify patterns of terrorist activity. Pattern-based or predictive data mining was singled out as likely to generate huge numbers of useless leads. Because of this, the authors warned, pattern-based data mining should not be used to deny a person rights and liberties. This mirrors past conclusions that CDT and others have drawn about data mining efficacy.

The Committee that drafted the October 7th report, entitled “Protecting Individual Privacy in the Struggle Against Terrorists,” recommended that all U.S. data mining programs be re-evaluated according to criteria set forth in the 376-page document. The authors – which included former Secretary of Defense William Perry – made the case that even well-managed data mining efforts are of only limited usefulness and can infringe on Americans’ privacy.  read more »

World Bank Under Cyber Siege in 'Unprecedented Crisis' - Via FOXNews.com :

The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned.

It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July.

In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.  read more »

NSA Spying on Americans in the Green Zone - Via Center for Democracy and Technology:

The National Security Agency is intercepting and retaining communications of innocent Americans in Iraq's so-called "Green Zone"; agency workers even pass around the most titillating conversations, according to explosive allegations made by two NSA whistleblowers in an ABC News segment airing tonight. According to the report, collection of telephone conversations U.S. soldiers and aid workers in Iraq had with their families in the U.S. continued even after NSA analysts knew that the telephone numbers on which they were eavesdropping belonged to Americans who had no ties to terrorism. The report calls into question assurances the NSA and Justice Department repeatedly gave Congress that internally enforced "minimization procedures" are adequate to protect the private conversations of Americans.

• ABC News Story of NSA Whistleblower Allegations October 09, 2008 [off-site]
• Testimony of Assistant Attorney General Wainstein [PDF] September 06, 2007 [off-site]
• CDT memo on inadequacy of minimization procedures [PDF] September 07, 2007

(Read Original Article - Via Center for Democracy and Technology.)

NSA Snooped on Innocent Americans' Private Calls from Iraq, Former Operators Charge - Via Threat Level:

The National Security Agency routinely listened in on the intimate and innocent phone calls of Americans in Iraq, including government personnel, journalists and aid workers, as they called back into the United States, according to two former NSA operators who spoke to ABC News.

The accusations that the NSA routinely listened in on Americans' phone calls contradicts the Administration's repeated claims that its secret spying did not listen to any Americans other than suspected terrorists.

The conduct also appears to violate the rules that govern when the NSA can listen in to Americans' making calls overseas-- which then required high-level approval for each target.  read more »

Exclusive: Inside Account of U.S. Eavesdropping on Americans - Tonight on Nightline - Via ABC News: Nightline :

U.S. Officers' "Phone Sex" Intercepted; Senate Demanding Answers

Despite pledges by President George W. Bush and American intelligence officials to the contrary, hundreds of US citizens overseas have been eavesdropped on as they called friends and family back home, according to two former military intercept operators who worked at the giant National Security Agency (NSA) center in Fort Gordon, Georgia.  read more »

Satellite-Surveillance Program to Begin Despite Privacy Concerns - WSJ.com - Via Wall Street Journal / WSJ.com :

The Department of Homeland Security will proceed with the first phase of a controversial satellite-surveillance program, even though an independent review found the department hasn't yet ensured the program will comply with privacy laws.

Congress provided partial funding for the program in a little-debated $634 billion spending measure that will fund the government until early March. For the past year, the Bush administration had been fighting Democratic lawmakers over the spy program, known as the National Applications Office.

The program is designed to provide federal, state and local officials with extensive access to spy-satellite imagery -- but no eavesdropping -- to assist with emergency response and other domestic-security needs, such as identifying where ports or border areas are vulnerable to terrorism.

Since the department proposed the program a year ago, several Democratic lawmakers have said that turning the spy lens on America could violate Americans' privacy and civil liberties unless adequate safeguards were required.  read more »

Freedom Not Fear 2008 - Via EFF.org Updates:

Freedom Not Fear is the world's ongoing demonstration against the encroachment of civil liberties by anti-terrorist laws -- particularly in the online world. This year the protests take place this Saturday, October 11th in nearly thirty countries, including the very first events in the Americas.

The origin of the campaign comes from Europeans' anger at the EU's 2006 data retention directive, a pan-European law that requires ISPs to log email and web traffic data for a minimum of six months, and often more. Terabytes of personal data on millions of innocent Europeans are now being collated, paid for by customers and taxpayers, and open for access by any criminal or civil investigation, no matter how trivial.

Freedom Not Fear has since evolved into a more general warning: showing how fundamental freedoms like privacy, freedom of expression, and democratic participation lose when reactionary surveillance systems penetrate our open networks, justified by a hyperbolic rhetoric of fear.  read more »

China to make foreign firms reveal secret info - Via DAILY YOMIURI ONLINE (The Daily Yomiuri):

The Chinese government plans to introduce a new system requiring foreign firms to disclose secret information about digital household appliances and other products starting from May, sources said Thursday.

The envisaged system is likely to target products such as IC cards, digital copiers and possibly flat-panel TVs.

If a company refuses to disclose such information, the Chinese government plans to ban the firm from exporting the product to the Chinese market, as well as bar production and sales in the country, according to the sources.

Critics worry that such a system risks seeing the intellectual property of foreign firms passed onto their Chinese competitors.  read more »

Chinese Skype Client Hands Confidential Communications to Eavesdroppers - Via EFF.org Updates:

This Wednesday, Information Warfare Monitor published damning evidence showing that TOM-Skype, the version of the voice and chat program distributed in China not only blocks keywords from chat conversations, but also spies on and remotely reports the contents of Skype users' private text conversations. This directly contradicts Skype's previous assurances that "full end-to-end security is preserved and there is no compromise of people’s privacy", even on the customized Chinese client.

This special breached version of Skype, distributed by the Chinese portal company TOM Online, has long been known to block certain contentious phrases from instant message conversations. IWM's Nart Villeneuve's research shows that when these keywords are mentioned in conversations, the client software also sends an encrypted message to one of eight remote servers hosted in China.

Due to poor security on these servers, Villeneuve was able to uncover what was being sent: extensive logs on user activity, including archives of more than 166,000 censored messages from 44,000 users.  read more »

Chinese Skype Software Secretly Logs Political Chat Messages - Via Threat Level:

Editor: Interesting graphic removed. Go to original site for that [...]

A Chinese-language version of Skype scans users' chat messages for keywords such as "democracy," and sends a copy of the offending message to the company's servers, according to a report released Thursday by a Canadian online human rights group.

That's despite adamant claims by the Ebay-owned company that its software offers encrypted, safe communication.

Nart Villeneuve of the University of Toronto's Citizen Lab found that a Chinese version of the popular chat and internet phone-call software sent the full text of millions of messages with 'sensitive' keywords to servers controlled by Skype's Chinese partner TOM Online.

Captured messages discuss sensitive topics such as Taiwanese independence, tainted milk and the banned Falun Gong group.  read more »

Bill Would Rein In Laptop Searches at the Border - Via Center for Democracy and Technology:

Random, intrusive searches of the contents of laptop computers at the border would be outlawed by legislation introduced on September 26 by Senators Feingold, Cantwell, Wyden, and Akaka. The Traveler's Privacy Protection Act (S. 3612) would require U.S. Customs and Border Patrol officials to have a "reasonable suspicion" of a crime before they could search a laptop computer and other data storage devices; a court order based on probable cause would be needed to seize a device. Travelers could be present while electronic devices were searched, discriminatory searches would be barred, and strict time limits for searching would be imposed. The bill, which limits its protection to residents of the US, would displace recently-disclosed Customs policies permitting suspicionless laptop searches at the border that could last for weeks. September 29, 2008

Text of Bill S. 3612 [PDF] September 26, 2008

(Read Original Article - Via Center for Democracy and Technology.)

Police 'find' author of notorious virus - Via Techworld.com :

The infamous Gpcode 'ransomware' virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld.

The individual is believed to be a Russian national, and has been in contact with at least one anti-malware company, Kaspersky Lab, in an attempt to sell a tool that could be used to decrypt victims' files.

Initially sceptical, the company was able to verify that the individual was the author of the latest Gpcode attack - and probably earlier attacks in 2006 and 2007 - using a variety of forensic evidence, not least that he was able to provide a tool containing the RC4 key able to decrypt the work of the malware on a single PC.  read more »

New Border Search Policy Far Broader, New Documents Reveal - Via Threat Level:

Homeland Security chief Michael Chertoff likes to point to the recent publication of the Border Patrol's policy on examining laptops and documents at the border as an example of the new openness that his department is striving for.

But the new policy itself -- allowing border agents free rein to read and sift through traveler's papers and laptops -- turns out to be a much further departure from past policies than previously known, according to new documents wrested loose from the government by the Electronic Frontier Foundation and the Asian Law Caucus via a Freedom of Information Act lawsuit.

The old policy (.pdf) -- largely established in 1986 -- included a heading in bold reading: Customs Officers Should Not Read Personal Correspondence.

The U.S. Customs Service must guard the rights of individuals being inspected to ensure their personal privacy is protected. Therefore, as a general rule, Customs officers should not read personal correspondence […]

The new policy? It doesn't even mention personal letters as a special category.  read more »

Internal DHS Documents Detail Expansion of Power to Read and Copy Travelers' Papers - Via EFF.org Updates:

San Francisco - Recently obtained documents show that last year the Department of Homeland Security quietly reversed a two-decades-old policy that restricted customs agents from reading and copying the personal papers carried by travelers, including U.S. citizens. The documents were made public today by the Asian Law Caucus (ALC) and Electronic Frontier Foundation (EFF), which sued the government under the Freedom of Information Act (FOIA) to obtain policies governing the searches and questioning of travelers at the nation’s borders.

The documents show that in 2007, Customs and Border Protection (CBP) loosened restrictions on the examination of travelers' documents and papers that had existed since 1986. While CBP agents could previously read travelers' documents only if they had "reasonable suspicion" that the documents would reveal violations of agency rules, in 2007 officers were given the power to "review and analyze" papers without any individualized suspicion.  read more »

One Web Day DC e-Democracy Time Capsule » How to Contribute - Via One Web Day:

OneWebDay is a global event held September 22 celebrating the Web and highlighting key issues about the future of the Internet, with a focus in its third year on online political participation. To celebrate and document the recent flourishing of online political participation in what has become a new “town square,” the DC OWD Planning Committee is creating an E-Democracy Time Capsule. We invite everyone, from all corners of the United States and the world, to help us make history by contributing text, images, sound, and video describing their favorite E-Democracy tools, writing letters to the future about their hopes for Web-powered politics, profiling of E-Democracy Heroes, and discussing Internet policy issues that are relevant to ensuring a Web future where the potential for online political participation can continue to flourish.

(Read Original Article - Via One Web Day.)

PC World - EFF, Public Knowledge sue US gov't over secret IP pact - Via PC World :

Two digital rights advocacy groups have filed a lawsuit against the Office of the US Trade Representative (USTR) in an attempt to get the office to turn over information about a secret international treaty being negotiated to step up cross-border enforcement of copyright and piracy laws.

The Electronic Frontier Found