Wednesday, September 08, 2010

Again, no encryption.


The 4in stick contains more than 2,000 pages of highly-sensitive and confidential information intended to be seen only by senior officers.

Sections on countering the threat of terrorism on British streets include strategies for acid and petrol bomb attacks, blast control training and the use of batons and shields.

Analytic tools could help violate privacy, but they are useful for other purposes.

Yahoo reminds analytics customers over privacy

September 8, 2010 by Dissent

Brian Tarran writes:

Yahoo has written to its web analytics customers to remind them of their obligations to let site visitors opt-out of having their online behaviour tracked amid growing anxiety over data privacy.

In a blog post, the company reiterated that sites that use Yahoo’s web analytics tools are required to explain in their privacy policy that they use web beacons to analyse where visitors go and what they do while on the site, and provide a link to Yahoo’s opt-out mechanism.


Cameras, cameras everywhere, nor any of us see.

On Surveillance and Privacy

September 7, 2010 by Dissent

David Brin writes:

We are in for a time of major decision-making as the Moore’s Law of Cameras (sometimes called “Brin’s Corollary to Moore’s Law”) takes hold and elites of all kinds are tempted to utilize surveillance in Orwellian/controlling ways, often with rationalized good intentions.

Alas, many “champions of privacy and freedom” push the nebulous notion that dark outcomes can be prevented by passing laws against this or that elite looking at this or that kind of information. In other words, by restricting information flows.

For a decade, I have challenged such folks to name a time, in the history of humanity, when that general approach has ever worked for long at keeping elites blind, let alone in a world where cameras and databases proliferate like crocuses after a rainstorm. No one has ever come up with a single major example, of any kind, ever. Yet, they would bet our future freedom on that nebulous approach.

As Papa Heinlein said: “The chief thing accomplished by Privacy Laws is to make the [spy] bugs smaller.”

The alternative concept — to look back at them and watch the watchers via sousveillance or counter-transparency — is a hard sell, because it is counter-intuitive and easy for elites to propagandize against. And yet, it is the essence of what the Western Enlightenment has used as its tool set for achieving the miracles of the last 300 years. (I explain this concept in The Transparent Society and illustrate it in Earth.)

Read more of David’s commentary on the Institute for Ethics & Emerging Technologies.

Sometimes you need a warrant...

Breaking News on EFF Location Privacy Win: Courts May Require Search Warrants for Cell Phone Location Records

September 7, 2010 by Dissent

Woo hoo!

Kevin Bankston of EFF writes:

This morning, the Third Circuit Court of Appeals in Philadelphia issued its highly anticipated ruling in a hotly contested cell phone location privacy case. EFF filed a friend-of-the-court brief and participated at oral argument in the case, arguing that federal electronic privacy law gives judges the discretion to deny government requests for cell phone location data when the government fails to show probable cause that a crime has been committed.

The Third Circuit today agreed with EFF, holding that federal law allows judges the discretion to require that the government obtain a probable cause search warrant before accessing cell phone location data. The Court further agreed with EFF that location information that can be used to demonstrate or infer that someone or something was in a private space such as the home may be protected by the Fourth Amendment, rejecting the government’s argument that the privacy of location records held by phone companies is never constitutionally protected. Although the court did not definitively rule on the Fourth Amendment status of cell phone location information, it made clear that under some circumstances the privacy of such data could be constitutionally protected, and that judges have the discretion to require a warrant to avoid potentially unconstitutional seizures of location data.

The appeals court has remanded the case back to the original magistrate judge that initially denied the government’s request to obtain cell phone location data without probable cause, asking the lower court to shore up its original decision with new fact-finding into the government’s need for the requested data and the precision of that data in identifying a person’s location. EFF looks forward to participating in those proceedings and opposing any attempt by the government to appeal today’s decision. Thanks to our colleagues at the Center for Democracy and Technology, the American Civil Liberties Union and the ACLU of Pennsylvania for participating with us as friends-of-the-court in this case, and special thanks to Professor Susan Freiwald of the University of San Francisco Law School, who also submitted a brief and participated at oral argument along with EFF’s Kevin Bankston.

3d Circuit Opinion (Cell Site).pdf

Congratulations to EFF, CDT, ALCU, ACLUPA, and Susan Freiwald! Thank you all for your vigorous advocacy of our rights.

(Related) ...sometimes you don't.

Va. court: Police can use GPS to track suspect

September 7, 2010 by Dissent

Larry O’Dell of the Associated Press reports on an unsurprising verdict:

The same GPS technology that motorists use to get directions can be used by police without a warrant to track the movements of criminal suspects on public streets, the Virginia Court of Appeals said Tuesday.

In a case that prompted warnings of Orwellian snooping by the government, the court unanimously ruled that Fairfax County Police did nothing wrong when they planted a GPS device on the bumper of a registered sex offender’s work van without obtaining a warrant.

Read more on WTVR.


WANTED: a “bright line” for cell location data privacy

September 7, 2010 by Dissent

Law professor Dan Solove’s article, Fourth Amendment Pragmatism, generated a good amount of discussion among privacy advocates and the legal community. In one discussion over on Scott Greenfield’s Simple Justice blog, both Dan and law professor/former DOJ prosecutor Orin Kerr participated. Unlike some of us who think that Fourth Amendment case law has eroded Fourth Amendment protections and is an incoherent mess, Orin generally seems more positive about the state of things. When I bitched complained lamented that as a member of the public, I should be able to know whether I have a reasonable expectation of privacy or not, Orin responded by referring me, in part, to his article on the four models of Fourth Amendment protection and by writing:

As a citizen, you know when you have a reasonable expectation of privacy when the courts tell you — they announce a rule, and that rule sticks, to cover those facts. At that point there is no fluctuation or uncertainty: The rule is the rule.

After checking to make sure that there was no smiley emoticon at the end of his comment, I thought it quite striking how what seems so acceptable to him is so unacceptable to me. Given how fact- or situation-specific most decisions are and given that I don’t think we should need to wait for a court decision to find out if we had a reasonable expectation of privacy or not in a situation, I found Orin’s answer totally unsatisfactory.

Although many Fourth Amendment discussions are framed in terms of criminal activity and defendant’s rights, the Fourth Amendment applies to all of us and not just those engaging in criminal activity. How can we make informed decisions about whether to use a cell phone, whether to use cloud services, or whether to share information with an insurance carrier if we do not know the extent to which such activities would require a warrant to compel disclosure? In my opinion, the four-model approach that Orin sees as working well does not work at all – much less, well – if it means that our reasonable expectation of privacy depends on what jurists are considering the case in what jurisdiction and which of the four models they choose — at their discretion — to apply.

Today I read the new Third Circuit decision with a mixture of appreciation and frustration. While the court said that courts may require a warrant, which is certainly better than saying that they cannot require a warrant, saying what courts may do moves us no closer to a bright line by which citizens can be assured that their location data will not be searched without a warrant or demonstration of “probable cause.”

And so, with tongue firmly planted in cheek, I propose a seven-model approach to Fourth Amendment protection. The approach uses a different model for each day of the week so that citizens need only consider the day of the week to know whether they have a reasonable expectation of privacy or not. Don’t expect to see the article in any law journals, though. While psychologists have it drilled into our heads to avoid footnoting like the plague, it seems that many legal scholars cannot compose a single sentence that is footnote-free. Indeed, finding sufficient footnotes might be a bigger challenge than lack of actual legal scholarship in my endeavor. :)

Of course, Congress could actually remedy the situation by enacting legislation that would make the lines clearer. Don’t citizens and law enforcement both deserve to — and need to — know where the line is in what law enforcement may obtain without a warrant?

Sad statistics.

Study: Two-thirds of Web surfers fall prey to online crime

About two-thirds of Internet users globally and nearly three-quarters of Web surfers in the U.S. have been victims of online crime, according to a study to be released on Wednesday.

The top countries as far as reported victims are China, Brazil and India tied for second, and then the U.S., according to the findings of the study, titled "Norton Cybercrime Report: The Human Impact." More than 7,000 adults in 14 countries were interviewed for the study.

While one-quarter of respondents said they expect to be victimized by online crime, only half said they would change their behavior if they became a victim. Of those who have been victimized, 44 percent reported the crime to the police.

It takes an average of 28 days to resolve a cybercrime and costs on average $334, the report found. One-third of respondents who were victimized said they never fully resolved the matter.

(Related) What's important to teenage girls?

Report: Justin Bieber is 3 percent of Twitter

If you believe that Twitter is full of inane, immature narcissism, here's one in your solar plexus.

For an allegation has reached my eyes and baffled them into blindness. The allegation is that, at any given moment, at any given movement of your lungs and toes, 3 percent of Twitter's infrastructure is dedicated solely to the one person who most defines our hopes and our times.

I am not speaking of Kim Kardashian, nor of Rep. Jack Kimble. I am speaking of the one person who can unite men and women, young and old, sane and slightly less so: Justin Bieber.

Bieber apparently has huge racks of servers personally dedicated to every tweet about, to, and from his benign person. Indeed, in a follow-up tweet, Curtis offered that his twittering snitch revealed that all the more popular users of Twitter have their own dedicated servers.

Is the US the e-policeman of the world?

NSA Director Says the US Must Secure the Internet

Posted by Soulskill on Tuesday September 07, @01:27PM

"The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country's top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task. ' We made the Internet and it seems to me that we ought to be the first folks to get out there and protect it,' Alexander said. 'The challenge before us is large and daunting. But we have an obligation to meet it head-on.' It's unlikely that any of Alexander's comments Tuesday will do much to quiet the criticisms of the Obama administration's security efforts thus far. Speaking mostly in generalities, Alexander emphasized the administration's commitment to the Comprehensive National Cybersecurity Initiative, a plan developed by the Bush administration and recently partially de-classified by Obama administration officials."

(Related) If not cops, vigilantes?

Film industry hires cyber hitmen to take down internet pirates

September 8, 2010 by Dissent

Ben Grubb has a somewhat mind-boggling news story about how the film industry has hired firms to, well, engage in cybercrime:

The film industry is using pirate tactics to beat the pirates – by employing “cyber hitmen” to launch attacks that take out websites hosting illegal movies.

Girish Kumar, managing director of Aiplex Software, a firm in India, told this website that his company, which works for the film industry, was being hired – effectively as hitmen – to launch cyber attacks on sites hosting pirated movies that don’t respond to copyright infringement notices sent to them by the film industry.

Read the whole story in The Age. For this particular company, most of their work is in India, but some of his contracts are reportedly with American firms:

Kumar said that at the moment most of the payment for his company’s services came from the film industry in India.

“We are tied up with more than 30 companies in Bollywood. They are the major production houses.”

As for Hollywood films, he said they, too, used his services.

“We are tied up with Fox STAR Studios – Star TV and 20th Century Fox – who are a joint venture company in India.”

So let’s get this straight — they complain of infringement of copyright, and when they don’t get results, they resort to criminal behavior?

Have any of these companies responded to his statements?

Is any company in the DPRK “military free?”

Rupert Murdoch Publishes North Korean Flash Games

Posted by Soulskill on Wednesday September 08, @06:33AM

"You might recall back in June when it was noted that North Korea was developing and exporting flash games. Now, the isolated nation state is apparently home to some game developers that are being published by a subsidiary of News Corp. (The games include Big Lebowski Bowling and Men In Black). Nosotek Joint Venture Company is treading on thin ice in the eyes of a few academics and specialists that claim the Fox News owner is 'working against US policy.' Concerns grow over the potential influx of cash, creating better programmers that are then leveraged into cyberwarfare capabilities. Nosotek said that 'training them to do games can't bring any harm.' The company asserts its innocence, though details on how much of the games were developed in North Korea are sparse. While one of the poorest nations in the world could clearly use the money, it remains to be seen if hardliner opponents like the United States will treat Nosotek (and parent company News Corp.) as if they're fostering the development of computer programmers inside the DPRK. The United Nations only stipulates that cash exchanged with companies in the DPRK cannot go to companies and businesses associated with military weaponry or the arms trade. Would you feel differently about Big Lebowski Bowling if you knew it was created in North Korea?"

Philosophy is as philosophy does? Is fact checking before publication better that rapid publication with citations you can check as needed?

Stanford's Authoritative Alternative To Wikipedia

Posted by Soulskill on Tuesday September 07, @03:35PM

"For decades, Stanford has been working on a different kind of Wikipedia. It might even be considered closer to a peer-reviewed journal, since you have get submissions past a 120 person group of leading philosophers around the world, not to mention Stanford's administration. It has several layers of approval, but the authoritative model produces high quality content — even if it only amounts to 1,200 articles. Content you can read straight through to find everything pertinent — not hop around following link after link like the regular Wikipedia. You might question the need for this, but one of the originators says, 'Our model is authoritative. [Wikipedia's] model is one an academic isn't going to be attracted to. If you are a young academic, who might spend six months preparing a great article on Thomas Aquinas, you're not going to publish in a place where anyone can come along and change this.' The site has articles covering topics from Quantum Computing to technical luminaries like Kurt Friedrich Gödel and Alan Turing. The principal editor said, 'It's the natural thing to do. I'm surprised no one is doing it for the other disciplines.'"

No comments: