Tuesday, November 23, 2010

What did we learn from the Lower Merion “webcamgate” saga? Apparently very little.


Texas school districts weigh privacy vs. security concerns with school cameras

November 23, 2010 by Dissent

Katherine Leal Unmuth reports:

Ever wonder who’s watching the kids?

In several school districts across North Texas, thousands of security cameras monitor students during the school day, in an effort to keep campuses safe.

As some school districts bulk up the number of cameras in schools, others are questioning access among administrators, security officers and even police departments. Districts must weigh privacy rights with safety concerns.

Some districts are reportedly making live feeds directly accessible in real-time to police. Yikes! And the state is not providing policies or guidance? Double yikes:

The districts’ actions in many ways depend on differing interpretations of the Family Educational Rights and Privacy Act, or FERPA. Some believe they are education records that must be protected, while others view them as law enforcement records.

There’s no expectation of privacy in a public school,” said Perlich, the Richardson police spokesman. “The inside of their backpack is personal, but the inside of the school itself – no.”

Texas Education Agency DeEtta Culbertson said the agency does not offer specific guidelines on access to security cameras.

Curtis Clay, director of programs for the Texas School Safety Center at Texas State University in San Marcos, said he supports making footage accessible to police.

Read the whole news story. Really – read the whole thing. Kudos to Unmuth for her coverage of this and the details in her report.

Another tracking tool.


Go Card privacy probe due

Privacy Commissioner Linda Matthews will today hand the parliamentary speaker a report outlining her findings on the use of Go Card journey data in criminal investigations.

The probe was triggered by a brisbanetimes.com.au report in July revealing police were using Go Cards to pinpoint the movements of not only suspects but also potential witnesses.


Cloud security is dependent on the law

I am a true believer in the disruptive value of cloud computing, especially the long term drive towards so-called "public cloud" services. As I've noted frequently of late, the economics are just too compelling, and the issues around security and the law will eventually be addressed.

However, lately there has been some interesting claims of the superiority of public clouds over privately managed forms of IT, including private cloud environments. The latest is a statement from Gartner analyst Andrew Walls, pointing out that enterprises simply assume self-managed computing environments are more secure than shared public services:

"When you go to the private cloud they start thinking, 'this is just my standard old data centre, I just have the standard operational issues, there's been no real change in what we do', and this is a big problem because what this tells us is the data centre managers are not looking at the actual impact on the security program that the virtualisation induces."

"They see public cloud as being a little bit more risky therefore they won't go with it. Now the reality is, from my own experience in talking to security organisations and data centre managers around the world is that in many of these cases, you're far safer in the public cloud than you are on your own equipment."

… In fact, regardless of the technical and organizational realities, there is one element that is completely out of the control of both the customer and cloud provider that makes public cloud an increased risk: the law. Ignoring this means you are not completely evaluating the "security" of potential deployment environments.

It is easier to ask forgiveness than to gain permission...


DOJ has granted itself new surveillance powers

November 22, 2010 by Dissent

Chris Soghoian writes:

Electronic communications privacy law in the United States is hopelessly out of date. As several privacy groups have noted, the statute that governs when and how law enforcement agencies can obtain individual’s private files and electronic documents hasn’t really been updated since it was first written in 1986.

Over the past year, privacy groups, academics and many companies have gotten together to push for reform of the Electronic Communications Privacy Act (ECPA). These stakeholders have lobbied for reform of this law, and in turn, both the House and Senate have held hearings on various issues, ranging from cloud computing to cellular location data.

Of course, complaints about the existing statute are not limited to those wishing to protect user privacy — law enforcement agencies would very much like to expand their authority. However, as I document in this blog post, rather than going to Congress to ask for new surveillance powers, the Department of Justice, and in particular, the US Marshals Service, have simply created for themselves a new “roving” order for stored communications records.

Let that sink in for a second. Rather than wait for Congress to give it new authority, the Department of Justice has instead just given itself broad new surveillance powers.

Read more on Slight Paranoia.

Not everyone who flies is equal...


November 21, 2010

New TSA Sreening Procedures for Pilots Rolling Out

Follow up to previous postings on government implementation of whole body scanning technology at airports, this news release: "The Air Line Pilots Association, Int’l (ALPA), welcomed the Transportation Security Administration (TSA) announcement of expedited screening for airline pilots as important action to move the nation toward a threat-based strategy that focuses security resources where the risk is highest and away from a one-size-fits-all approach... ALPA proposed the creation of a highly secure and effective security screening system that would quickly and accurately verify the identity and employment status of active airline pilots. As a result, ALPA’s Crew Personnel Advanced Screening System (CrewPASS) program would identify individual pilots as trusted and, as a result, enhance the overall security of air travel and reduce passenger delays. In [the November 19, 2010] announcement, the TSA acknowledged ALPA for developing the CrewPASS concept and committed to phasing in CrewPASS nationally. The CrewPASS system is currently operating at Baltimore-Washington Thurgood Marshall International, Pittsburgh International, and Columbia Metropolitan airports."

  • TSA Statement from Administrator John S. Pistole: "In all such security programs, especially those that are applied nation-wide, there is a continual process of refinement and adjustment to ensure that best practices are applied and that feedback and comment from the traveling public is taken into account."



Commercial Air Passengers Struggle to Balance Desire for Privacy and Security

November 23, 2010 by Dissent

Ponemon has issued a press release about a new survey reported by Andy Greenberg over on Forbes yesterday (a copy of the full survey report is linked from Andy’s coverage). Here’s the Ponemon release:

As outrage over invasive airport security screening grows, a new Ponemon Institute study shows an overwhelming 79 percent of air travelers believe protection of their privacy rights is important. When asked to balance privacy and security when traveling with commercial airlines, however, 61 percent said security is most important, while only 18 percent said personal privacy is most important. And given a choice between a full-body scan or pat-down, 59 percent said they would prefer the scan, 18 would opt for a pat-down, while 23 percent said they were unsure.

The results are from a new independent study by privacy research firm Ponemon Institute, Concerns about New Airport Screening Procedures: U.S. Survey of Airline Passengers. The study, conducted from November 17 through 19, included responses from confidential interviews of 1,315 travelers at 12 major U.S. Airports. [Unsure if they were surveyed before or after going through security. Had they ever been scanned or patted down? Bob]

  • 79 percent of travelers expressed concern over being subjected to a pat-down, while 69 percent expressed concern over going through a full-body scan;

  • 67 percent of travelers either do not believe or are unsure that the new screening processes are necessary, while 33 percent believe they are necessary to ensure air travel safety; and,

  • 64 percent of travelers are not convinced airport security is doing a good job ensuring traveler safety;

Travelers also seemed more concerned over negative impacts from screening processes, such as exposure to radiation (51 percent vs. 34 percent) or inappropriate groping (49 percent vs. 33 percent) than over privacy implications associated with the screening techniques.

“Based on the results of our study, and in spite of the unfortunate stories that have been reported since the Transportation Security Agency began implementing its new screening techniques, passengers are struggling to balance their desire for privacy with their desire for air travel safety,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Few people are happy about the screening process, and a majority questions the efficacy and necessity of the process.”

Airports where passengers were interviewed for the study included: Hartsfield-Jackson Atlanta International Airport (ATL), Washington Reagan National Airport (DCA), Denver International (DEN), Dallas-Fort Worth International Airport (DFW), Detroit Metropolitan Wayne County Airport (DTW), Washington Dulles International Airport (IAD), Los Angeles International Airport (LAX), Newark Liberty International Airport (NWR), John F. Kennedy International Airport (JFK), LaGuardia Airport (LGA), Chicago O’Hare International Airport (OHD), and San Francisco International Airport (SFO).

It's all part of the reputation game...


Microsoft Spying on Users For Free

… Security researcher and privacy advocate Christopher Soghoian recently scored big through the Freedom of Information Act (FOIA) and received the total amount that the US Drug Enforcement Administration (DEA) paid to providers for pen registers and wiretaps for the last four years. Unlike a wiretap that records actual phone or Net conversations, a pen register gathers all phone numbers or email addresses to show with whom a person has been communicating. The DEA spent $6.7 million for pen registers and $6.5 million for wiretaps in 2010. Microsoft does not charge the government even a penny for surveillance of its users. Google charges $25 per user and Yahoo charges $29 per user.

… Microsoft may not be happy that the news is out, that it seems to have a very friendly relationship with the DEA, since it had a near meltdown in 2008 when Cryptome published the Microsoft Online Services Global Criminal Compliance Handbook.

… Microsoft promptly produced a DMCA notice and temporarily shut down Cryptome.

The DEA pricing document [PDF] states, "There are no current costs for information requested with Subpoenas, Search Warrants, Pen Registers, or Title III Collection with Microsoft Corporation."

… In regards to what the DEA doesn't pay to Microsoft, Soghoian told The Register that Microsoft should at least charge a penny per government surveillance to create a paper trail. "You don't like companies to make money spying on their customers, they should charge something. You can't FOIA Microsoft's invoices, because they don't send any invoices."

Another big ear.


US Launches Largest Spy Satellite Ever

Posted by Soulskill on Monday November 22, @02:33PM

"Space.com reports that over the weekend, a giant booster – a Delta 4 Heavy rocket — carrying a secret new spy satellite for the US National Reconnaissance Office roared into space to deliver into orbit what one reconnaissance official has touted as 'the largest satellite in the world.' The Delta 4 Heavy rocket is the biggest unmanned rocket currently in service and has 2 million pounds of thrust, capable of launching payloads of up to 24 tons to low-Earth orbit and 11 tons toward the geosynchronous orbits used by communications satellites. The mammoth vehicle is created by taking three Common Booster Cores — the liquid hydrogen-fueled motor that forms a Delta 4-Medium's first stage — and strapping them together to form a triple-barrel rocket, and then adding an upper stage. The exact purpose of the new spy satellite NROL-32 is secret, but is widely believed to be an essential eavesdropping spacecraft that requires the powerful lift provided by the Delta 4-Heavy to reach its listening post. 'I believe the payload is the fifth in the series of what we call Mentor spacecraft, a.k.a. Advanced Orion, which gather signals intelligence from inclined geosynchronous orbits,' says Ted Molczan, a respected sky-watcher who keeps tabs on orbiting spacecraft. Earlier models of the series included an unfurling dish structure about 255 feet in diameter with a total spacecraft mass of about 5,953.5 pounds, costing about $750 million and designed to monitor specific points or objects of interest such as ballistic missile flight test telemetry."

Because PDFs are a pain...


PDF ReDirect Lets You Merge, Rotate, Optimize, Encrypt & Print PDFs [Windows]

Among the many applications with a hint of usability, PDF ReDirect was particularly enticing because of the sheer number of favorable reviews. PDF ReDirect is a simple virtual printer that creates PDF files from document files but also bundles some PDF editing features, such as PDF file merging, page rotating, and PDF optimizing.

… If you need additional features, you’ll most likely have to use something else, which isn’t too bad considering there are some genuinely good tools available for free. For a watermarking feature, for example, the excellent PDF-XChange Viewer offers that and even more document markup options, such as commenting.

There is also PDFEscape, a web-based tool for merging, splitting and rotating PDF files. The open-source Inkscape also lets you move the objects in the actual PDF’s, although you can only import 1 PDF page at a time.

Another useful tool, since I work at several locations...


The First Unofficial Guide to Dropbox [Save PDF or Read Online]

This program acts as a “magic pocket” which is always with you and contains whatever you place in it. Put a file into your Dropbox and it’s on all of your computers and mobile devices, really handy if you own multiple devices. But there’s more to Dropbox: you can use it for file sharing, backing up your data and even remotely control your computer.

Download: Using The Magic Pocket: A Dropbox Manual


Read now on Scribd

No comments: