Monday, January 10, 2011

“We gotta do something!”

Confusion, FUD, or fundraising on the 2703(d) trail?

January 9, 2011 by Dissent

How many Twitter followers does it take to make sense of a court order?

As noted yesterday, Twitter received a court order under Title 18 § 2703, the Stored Communications Act, to provide information on the accounts of some people associated with WikiLeaks. Rather than just comply with the 2703(d) order, which Twitter certainly had the option to do, it chose to fight it. As a result, Twitter got the court to agree to unseal the order so that Twitter could notify its users and give them 10 days to try to quash it.

… Of course, if Twitter received an order, the likelihood is that Google, Facebook, and possibly others have also received similar orders. Yet we have heard nothing from Google or Facebook or any other entities other than Facebook’s “No comment at this time” response. Did they receive orders and just comply with the order – including the provision that they not notify their users – without trying to unseal the orders? Or haven’t they been ordered to produce records?

If Google and Facebook have not been served, why don’t they simply issue a statement stating that they have not received any order, but here is what they will do if they are? And if they have been served, I would encourage them to follow Twitter’s lead and fight to have the order unsealed.

Not that I expect the DOJ to find any helpful information or evidence. The people they are targeting are well aware of security issues (Jacob Applebaum, for example, is the a programmer who has contributed to the development of TOR) and I would be very surprised if they didn’t take precautions to secure their own communications on any sensitive matters.

But where things really got interesting (to me, anyway), is that it seems that WikiLeaks’ lawyer Mark Stephen claims that the order compels Twitter to provide information on all of WikiLeaks’ and the other individuals’ followers. Zack Whittaker of ZDnet reports on a BBC news story that I have not seen:

Mark Stephens on the BBC News also makes clear that the court order will also cover the “600,000 odd followers that Wikileaks has on Twitter“ [Just a coincidence that there were 600,000 documents leaked? Perhaps they will assign one document per Twit and sue accordingly... Is Guantanamo being expanded? Bob]

Chris Soghoian offers some insightful comments on the Twitter order on his blog. Some of the language of the order seems as confusing to him as it is to me and like, Chris, I look forward to seeing lawyers with expertise on 2703(d) orders chime in with their analysis.


Iceland summons US envoy over WikiLeaks probe

(AP) – 23 hours ago

LONDON (AP) — The American ambassador to Reykjavik has been summoned to explain why U.S. investigators are trying to access the private details of an Icelandic lawmaker's online activity as they try to build a criminal case against WikiLeaks.

… Jonsdottir is a one-time WikiLeaks collaborator also known for her work on Iceland's media initiative, which aims to turn the island nation into a free speech haven. Jonsdottir told The Associated Press she was too overwhelmed to comment Sunday, but in a recent post to Twitter, she said she was talking with American lawyers about how to beat the order — and was drumming up support in Iceland as well.

(Related) at least as a reaction... Were there no controls in place before the leaks?

US Government Strategy To Prevent Leaks Is Leaked

"The US government's 11-page document on how to get various US government agencies to prevent future leaks has been leaked. It doesn't get any more ironic than that. After the various leaks made by WikiLeaks, the US government understandably wants to limit the number of potential leaks, but their strategy apparently isn't implemented yet. It's clear that the Obama administration is telling federal agencies to take aggressive steps to prevent further leaks. According to the document, these steps include figuring out which employees might be most inclined to leak classified documents, by using psychiatrists and sociologists to assess their trustworthiness. The memo also suggests that agencies require all their employees to report any contacts with members of the news media they may have."

Local The same type of scheming occurs whenever someone opposes a law – not just his law.

Pot Grower's Privacy Challenged

"A map marking what are supposed to be secret locations of 60 warehouses and other buildings where medical marijuana is grown in Boulder has accidentally been made public by the city. Officials say an 'oversight' led them to publish the map on the city's Web site. Kathy Haddock, Boulder's senior assistant city attorney who advises the council on medical marijuana issues, said Thursday that the map would be removed from the city's Web site. No conspiracy here folks. In other news the council will decide at its Jan. 18 meeting whether Boulder should circumvent the open records act exemption for cultivation centers by requiring applicants for medical marijuana business licenses to waive their right to privacy. The council could force all growing centers to sign such a waiver as a condition of receiving a city-issued business license. While the risk this would make it easier for Federal authorities to raid grow-ops might not concern council members and others opposed to medical marijuana — I have to wonder what sort of mentality thinks exposing growers to the very real risk of armed robbery by criminals is justifiable."

For my Computer Security students. How do your seurity choices impact your customers elsewhere?

UK: Fears over privacy with Virgin emails

January 9, 2011 by Dissent

John Rees reports that Virgin Media may be running afoul of the Data Protection Act:

Virgin Media has been allocating previously used email addresses to new customers, leading to potential breaches of privacy.

If a new customer using a recycled address attempts to register with a website that happens to have been used by the former subscriber, the site will inform them that they are already registered.

The website will unwittingly send the new subscriber the former customer’s password on request, allowing them to view personal information- perhaps including bank account details.

Read more on This is Money

For my Ethical Hackers...

How to Delete Recent Searches Without Accidentally Leaving a Trace

For my Intro to IT students... Very basic for non-techies and those who think they are techies because they have a cell phone...

What Browser?: Check The Browser You Are Using (& Learn More)