Privacy, Civil Liberties and Homeland Security

« February 2006 | Main | April 2006 »

March 31, 2006

Senate Commerce Committee moves to protect phone records

This is some legislation to keep an eye out for:

The Senate Commerce Committee approved legislation yesterday that makes it illegal for phone companies to sell consumer telephone records without the customer's consent. Fines would be as high as $30,000 per offense and telephone companies found guilty repeatedly could face fines up to $3 million. A similar bill with stiffer penalties is going through the House.

"The bill would also require carriers to inform consumers if their information was accessed without permission and let companies and individuals sue when their records are illegally obtained."

Apparently this is in response to Internet companies offering to obtain this information for a nominal fee. It will be interesting to see if the legislation will apply to government searches or government subcontractors.

Reuters published a story on it yesterday - check it out. :)

Posted by Meredith Mazzotta at 08:19 AM | Comments (0) | TrackBack

March 16, 2006

Information control in China

A Congressional Research Service (CRS) report, completed in November, has some great data on the surveillance the Chinese government performs on its citizens to regulate web content. The "Technical Methods of Content Filtering" section is particularly eyebrow-raising.

Empirical studies have found that China has one of the most sophisticated content-filtering Internet regimes in the world. The Chinese government employs increasingly sophisticated methods to limit content online, including a combination of legal regulation, surveillance, and punishment to promote self-censorship, as well as technical controls.

The report makes clear that while the Internet is a vehicle for information sharing and open communication, it is still possible for a government to make it difficult to access information -- or to track what information is being accessed by which people.

Posted by Meredith Mazzotta at 02:54 PM | Comments (0) | TrackBack

What does the government know that we don't?

This article in Parade by Lyric Wallwork Winik (February 26, 2006) takes a new angle on information security. What is the government hiding from us? What information should we have access to that we do not and why? While it doesn't answer many questions, it does raise some interesting insights and gives great examples of what the government has deemed "classified" information in the past.

Parade is an independent news magazine that is inserted into many of the nation's newspapers on Sundays.

Posted by Meredith Mazzotta at 02:46 PM | Comments (0) | TrackBack

March 13, 2006

Invasion of the computer snatchers

Brian Krebs wrote a great article for the Washington Post giving a detailed account of one hacker's journey to rob personal information from private computers via the web. Not only that, the invaded computers then become his "slaves," infected with viruses that harass the owners with pornographic website advertisements. This gives an interesting perspective - the life of the invader.

Krebs also participated in an online discussion in which he details the best methods for protecting yourself from identity theft and the stealing of personal information from your computer.

Posted by Meredith Mazzotta at 04:22 PM | Comments (0) | TrackBack

Surveys: Americans and privacy perceptions

The Ponemon Institute conducts surveys of Americans on their perceived trust of different organizations that are entrusted with personal information. One example: a survey (PDF format) asking which U.S. banks Americans trust the most, why, and how banks lose the trust of their customers.

Posted by Meredith Mazzotta at 03:26 PM | Comments (0) | TrackBack

Outsmarting the online snoops

This is a great article about what some private companies are doing to anonymize web surfers in the United States. They have created software that allows Internet users to browse websites without communicating private information (such as your computer's location, and other information) to the website being browsed.

The article appeared in PC World a few weeks ago and was reprinted in the Washington Post.

Posted by Meredith Mazzotta at 10:08 AM | Comments (0) | TrackBack

March 12, 2006

U.S. using biometric passports

I thought the use of new passport technology was somewhere in the distant future, but according to this Financial Times article, a pilot program is underway.

The passport chips contain all the personal information printed inside the passport, as well as a digitised photograph of the passport holder. At ports of entry, scanners will access these data and compare them with a national database for identity verification.

(via BoingBoing)

Posted by Laura McGann at 02:20 PM | Comments (0) | TrackBack

March 09, 2006

Has a hacker stolen your fingerprint?

A recent study by the Finnish military indicates hackers can steal your fingerprint thanks to a security loophole in Microsoft Corp.'s Fingerprint Reader, Computer World reports.

Fingerprint Reader is a PC authentication devise that allows users to log onto Web sites more quickly. Microsoft introduced the devise in September 2004.

Because the fingerprint image is transferred unencrypted from the Fingerprint Reader to the PC, it could be stolen using a variety of hardware and software technologies, called sniffers, that monitor such traffic, said Kiviharju, a researcher with the Finnish Defense Forces. "The fingerprint that can be sniffed is pretty good quality," he said. The fingerprint image could either be used to break into a PC or simply be stolen by attackers.

Microsoft license the technology for Fingerprint Reader from Digital Persona, a Redwood City-based company, which sells a similar device that does encrypt the data.

Experts have speculated that Microsoft's product lacks encryption because of a licensing agreement, which seeks to differentiate the two products.

Posted by Jessica Bernstein-Wax at 02:38 PM | Comments (0) | TrackBack

Has a hacker stolen your fingerprint?

A recent study by the Finnish military indicates hackers can steal your fingerprint thanks to a security loophole in Microsoft Corp.'s Fingerprint Reader, Computer World reports.

Fingerprint Reader is a PC authentication device that allows users to log onto Web sites more quickly. Microsoft introduced the device in September 2004.

Because the fingerprint image is transferred unencrypted from the Fingerprint Reader to the PC, it could be stolen using a variety of hardware and software technologies, called sniffers, that monitor such traffic, said [Mikko] Kiviharju, a researcher with the Finnish Defense Forces. "The fingerprint that can be sniffed is pretty good quality," he said.

The fingerprint image could either be used to break into a PC or simply be stolen by attackers.

Microsoft licenses the technology for Fingerprint Reader from Digital Persona, a Redwood City-based company, which sells a similar device that does encrypt the data.

Experts have speculated that Microsoft's product lacks encryption because of a licensing agreement, which seeks to differentiate the two products.

Posted by Jessica Bernstein-Wax at 02:38 PM | Comments (0) | TrackBack

New York explores antiterror Metrocard machines

Today's New York Daily News describes a plan to have Metrocard vending machines that can detect whether the user has recently handled explosives. Two companies are developing the machines, Cubic Corp. and GE Security.

The Metropolitan Transportation Authority is eying the merging of bomb-detecting, MetroCard and communications technology for possible deployment in its vast network.

A pilot project to test its effectiveness in a mass transit system is expected to be launched in Baltimore in the coming weeks.

"We will await the results of the testing," MTA spokesman Tom Kelly said.

Posted by Laura Spadanuta at 02:08 PM | Comments (0) | TrackBack

March 06, 2006

Financially responsible terrorists

When Walter and Deana Soehnge decided to pay down their growing JC Penney Platinum Mastercard debt with a lump payment of $6,522, they thought they were making a financially responsible move. Then they learned that placing a payment much higher than their usual amount required Mastercard to hold the funds and notify the Department of Homeland Security.

The Soehnges' story was reported by Providence Journal columnist Bob Kerr a couple of weeks ago, and republished on Capitol Hill Blue, a political Weblog.

Posted by Laura McGann at 09:42 PM | Comments (0) | TrackBack

Federal government cracks down on media leaks

The federal government is cracking down on leaks of even unclassified information by employees, The Washington Post reports.

Dave Eggen notes that agents have been conducting interviews with employees at the NSA, CIA and other intelligence units to ascertain who leaked information about the CIA's secret prisons and NSA spying program to the media.

Several employees have been forbidden by the Justice Department from sharing even the most innocuous information about the programs with the press.

Reporters at the Sacremento Bee were approached by federal agents regarding stories the newspaper published containing information from sealed court records.

Posted by Nicole Duarte at 05:49 PM | Comments (0) | TrackBack

Lack of security at Homeland Security

The Washington Post reports that security problems at the Department of Homeland Security have led two senators to call for an investigation into the agency's own security.

Guards at DHS say the agency mishandled a potential anthrax attack on the headquarters. A former guard named Derrick Daniels was interviewed by the Associated Press for the story.

An envelope with suspicious powder was opened last fall at the headquarters. Daniels and other current and former guards said they were shocked when superiors carried it past the office of Secretary Michael Chertoff, took it outside and then shook it outside Chertoff's window without evacuating people nearby.

The scare, caused by white powder that proved to be harmless, "stands as one glaring example" of the agency's security problems, Daniels said. "I had never previously been given training ... describing how to respond to a possible chemical attack."

Sens. Byron Dorgan of North Dakota and Ron Wyden of Oregon wrote the DHS's inspector general seeking an investigation.

Posted by Laura Spadanuta at 03:47 PM | Comments (0) | TrackBack

Tiny Alaska town installs 80 surveillance cameras

Dillingham, Alaska, population 2,400, has just installed 80 surveillance cameras courtesy of a $202,000 Homeland Security grant. Significantly larger Anchorage, Alaska has only 40 of the same surveillance cameras to protect its port. More than 200 area residents have signed a petition to have the cameras removed, citing concerns about privacy.

"A quiet city like Dillingham, without a single street light and more wildlife than humans, doesn't need one camera for every 30 residents," according to petition signer Tim Smeekins. "There are no jihadist sockeyes swimming into our bay, no militant moose, no bomb-bearing belugas."

The local police chief told the Associated Press that he hopes the cameras can also be used to end the drinking, deaths and drug deals at the Dillingham port every summer when the town fills up with fishermen.

The cameras will be fully operational this summer, have no audio capabilities and will be used to gather evidence, with video being stored only if a crime is reported.

Posted by Kathleen Miller at 01:47 PM | Comments (0) | TrackBack

March 01, 2006

Senate Judiciary Committee met on NSA spying: Grumbling ensued

David Welna and Steve Inskeep discussed the political grumblings as Congress examines the NSA spying program.

This issue was before the Senate Judiciary Committee Thursday. Congress is trying to get a better grasp on the nature and reach of the program while also trying to define the relevant legal questions as no one is denying the president circumvented the courts to put the program in place.

Highlights:
-Republican chairs of oversight committees are reluctant to hold public hearings on the president's authority because they might raise sticky questions about their own commitment to finding terrorists
-After former Attorney General John Ashcroft had gall bladder surgery in March 2004, he met with Deputy Attorney General Comey at the hospital because the domestic spying program had to be suspended due to judicial inquiries at the time. Senate Judiciary Chairman Arlen Specter said he wanted to bring both Ashcroft and Comey in front of the committee.
- Former CIA Director James Woolsey testified that the president did have the "war-time" authority to circumvent a federal statute that says a warrant is necessary before the government can electronically spy on US citizens.
-Perturbed by their own apparent irrelevance in this matter, some legislators are talking about introducing congressional oversight to the spying program.

NPR also has a page devoted to the NSA spying program issue

Posted by Nicole Duarte at 08:02 AM | Comments (0) | TrackBack