Friday, December 30, 2011


“Youse guys vote da right way or it's free colonoscopies for everyone!” Isn't there a government funded/supported airport in almost every congressional district? If that's not enough, VIPR expands TSA's scope to trains, buses, elevators, tricycles, roller skates, sneakers...
"It looks like Congress' recent jabs at TSA were just posturing after all. Last Friday, President Obama signed a spending act passed by both houses of Congress. The act gives TSA a $7.85 billion budget increase for 2012 and includes funding for 12 additional multi-modal Visible Intermodal Prevention and Response (VIPR) teams and 140 new behavior detection officers. It even includes funding for 250 shiny new body scanners, which was originally cut from the funding bill last May."


If I read this correctly, by granting the telecomms immunity, the government took on sole responsibility?
Appeals Court Revives EFF’s Challenge to Government’s Massive Spying Program
December 29, 2011 by Dissent
Woo hoo! From EFF:
The 9th U.S. Circuit Court of Appeals today blocked the government’s attempt to bury the Electronic Frontier Foundation’s (EFF’s) lawsuit against the government’s illegal mass surveillance program, returning Jewel v. NSA to the District Court for the next step.
The court found that Jewel had alleged sufficient specifics about the warrantless wiretapping program to proceed. Justices rejected the government’s argument that the allegations about the well-known spying program and the evidence of the Folsom Street facility in San Francisco were too speculative.
“Since the dragnet spying program first came to light, we have been fighting for the chance to have a court determine whether it is legal,” said EFF Legal Director Cindy Cohn. “Today, the Ninth Circuit has given us that chance, and we look forward to proving the program is an unconstitutional and illegal violation of the rights of millions of ordinary Americans.”
Also today, the court upheld the dismissal of EFF’s other case aimed at ending the illegal spying, Hepting v. AT&T, which was the first lawsuit against a telecom over its participation in the dragnet domestic wiretapping. The court found that the so-called “retroactive immunity” passed by Congress to stop telecommunications customers from suing the companies is constitutional, in part because the claims remained against the government in Jewel v. NSA.
“By passing the retroactive immunity for the telecoms’ complicity in the warrantless wiretapping program, Congress abdicated its duty to the American people,” said EFF Senior Staff Attorney Kurt Opsahl. “It is disappointing that today’s decision endorsed the rights of telecommunications companies over those over their customers.”
Today’s decision comes nearly exactly six years after the first revelations of the warrantless wiretapping program were published in the New York Times on December 16, 2006. EFF will now move forward with the Jewel litigation in the Northern District of California federal court. The government is expected to raise the state secrets privilege as its next line of defense but this argument has already been rejected in other similar cases.
For the full opinion in Jewel:
For the full opinion in Hepting:
Previous coverage of Jewel v. NSA on PogoWasRight.org and in Pogo’s way-back archive.


I would really like to hear the arguments here. Why would the DA want information on anyone using the hashtags? (Think of it as the equivalent of asking for all emails with the Subject “Stupid DA Tricks”) If I commented on Occupy Boston's lack of a coherent plan using one of those tags, does that make me an “enemy of the state?”
Update: Judge refuses to quash subpoena of Twitter account used by person linked to Occupy Boston
December 29, 2011 by Dissent
Martine Powers reports:
A Suffolk Superior Court judge today ruled against a motion by lawyers from the American Civil Liberties Union to quash a subpoena for information from Twitter about a user involved with Occupy Boston.
On December 14, Suffolk District Attorney Daniel F. Conley filed a subpoena with the social networking site, asking for account information about a user named “p0isAn0n,” who is believed to have ties to the Occupy Boston movement.
Attorney Peter Krupp, on behalf of the ACLU, filed a motion to invalidate the subpoena based on First Amendment grounds.
But after a sidebar conference between the lawyers that lasted more than 30 minutes, Suffolk Superior Court Judge Carol Ball today ruled against the ACLU.
[...]
Read more on Boston Globe.
I wouldn’t expect First Amendment grounds to work if the criminal investigation concerns the hacking of any web sites. If all the user did, however, was tweet links to a data dump, then there are significant First Amendment issues. Unfortunately, we do not know why the D.A. wants that information and prosecutors generally get pretty wide latitude on criminal investigations.
So again, I ask, what will Twitter do? Will it turn over IP addresses associated with hashtags?
Twitter really needs to make some public statement about how it is handling this matter. Is it waiting to see if the lawyer appeals today’s ruling? Were Twitter’s lawyers in court today? What are they doing about other parties named/referenced in the subpoena where the subpoena appears defective by using hashtags instead of accounts (or the right accounts)?

(Related)
Court seals ACLU challenge to Twitter subpoena–Statement by the ACLU of Massachusetts
December 29, 2011 by Dissent
Following today’s court ruling where the court refused to quash the Twitter subpoena I’ve been covering on this blog, the ACLU of Massachusetts released the following statement:
We are disappointed and concerned that a Suffolk Superior Court judge today held a secret hearing over the objections of lawyers from the American Civil Liberties Union of Massachusetts, and then impounded all documents and motions filed in the case.
The matter involves a challenge to an already publicly-available and widely-reported administrative subpoena issued by the Suffolk District Attorney’s office on December 14, 2011 to Twitter, seeking personally identifying information for an anonymous Twitter user, as well as information on anyone “associated with” two Twitter hashtags: #d0xcak3 and #BostonPD. Twitter hashtags are essentially key words used to indicate a topic of conversation.
“The ACLU believes that courtrooms and court proceedings should be open to the public, except in rare and extraordinary circumstances,” said Carol Rose, executive director for the ACLU of Massachusetts. “Secret court proceedings, particularly proceedings involving First Amendment issues, are troubling as a matter of both law and democracy. In addition, the manner in which the administrative subpoena in this case was used, and its purported scope, is equally troubling and, in our opinion, well beyond what the Massachusetts statute allows.”
At the request of the government, and over the objection of ACLU attorneys, Judge Carol Ball today heard nearly 30 minutes of argument at sidebar–meaning that arguments by the attorneys were closed to the public, with several minutes of the hearing held with the judge hearing only attorneys from the prosecutor’s office and excluding the ACLU attorneys. Thereafter, the judge ruled that the record of the proceedings and all documents filed by the parties were impounded by the court.
Attorneys on the case are Peter Krupp of Lurie & Krupp, LLP; John Reinstein, senior legal counsel, and Laura Rótolo, staff attorney, of the ACLU of Massachusetts; and Aden Fine, staff attorney with the national ACLU Speech, Privacy and Technology Project.
This is where I wish a big mainstream news outfit – like, say, Associated Press – would go fight the seal as a matter of public interest. If the Fourth Circuit dealing with the DOJ/WikiLeaks case can realize that some things should be publicly available, I would hope the Massachusetts court would appreciate the need for as much as transparency as possible.


...it comes FREE with your social network!
December 29, 2011
EPIC Sues DHS Over Covert Surveillance of Facebook and Twitter
"EPIC has filed a Freedom of information Act lawsuit against the Department of Homeland Security to force disclosure of the details of the agency's social network monitoring program. In news reports and a Federal Register notice, the DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies. The legal authority for the DHS program remains unclear. EPIC filed the lawsuit after the DHS failed to reply to an April 2011 FOIA request. For more information, see EPIC: Social Networking Privacy."


No information is gathered from the suspect or his phone. Data comes from the Cell Provider's logs. Cheap way to avoid all that legal stuff?
De: 440,783 “Silent SMS” Used to Track German Suspects in 2010
December 29, 2011 by Dissent
Sean of F-Secure has an eye-opening blog post today:
… one of the most interesting things, from our point of view, was [Karsten] Nohl’s brief reference to recent reports (Dec. 13th) about various German police authorities having used nearly half a million “Silent SMS” to track suspects in 2010.
[...]
The Federal Ministry of the Interior provided details on December 6th. (PDF)
In the screenshot below, you can see the number of messages sent by three authorities since 2006.
[...]
So what exactly does this mean?
Well, basically, various German law enforcement agencies have been “pinging” mobile phones. Such pings only reply whether or not the targeted resource is online or not, just like an IP network ping from a computer would.
But then after making their pings, the agencies have been requesting network logs from mobile network operators. The logs don’t reveal information from the mobile phones themselves, but they can be used to locate the cell towers through which the pings traveled. And thus, can be used to track the mobile targeted.
Read more on F-Secure.
Can law enforcement in the U.S. legally use such silent SMS pings? Anyone know?


Business Opportunity? Buy the copyrights to all those old medical journals? Perhaps the rights to “How to file a copyright infringement lawsuit” are for sale?
"A recent New England Journal of Medicine editorial talks about the mini-mental state examination — a standardized screening test for cognitive impairment. After years of being widely used, the original authors claim to own copyright on the test and 'a licensed version of the MMSE can now be purchased [...] for $1.23 per test. The MMSE form is gradually disappearing from textbooks, Web sites, and clinical tool kits.' The article goes on to describe the working of copyright law and various alternative licenses, including GNU Free Documentation License, and ends with the following suggestion: 'We suggest that authors of widely used clinical tools provide explicit permissive licensing, ideally with a form of copyleft. Any new tool developed with public funds should be required to use a copyleft or similar license to guarantee the freedom to distribute and improve it, similar to the requirement for open-access publication of research funded by the National Institutes of Health.'"


In some cases these are the only backups users have. In other cases these are the only copies. Should/Do we care?
December 28, 2011
Commentary - Online Archives Disappear Along With Unique Collections
… This article by Matt Schwartz, with reporting by Eva Talmadge, in Technology Review, provides insight into the work of some individuals with a mission is to salvage the "intellectual" property of millions of web users whose terabytes of words, work and documents are disappearing despite quick, creative and technologically adroit efforts to save what can be called modern internet "history" on a global scale. This article documents some of the challenges in the struggle to manage massive data loss, the folks who are data defenders, and how truly valuable libraries collections are in serious danger. Variable associated with digitizing collections (copyright, cost, shear volume of the task, and global conflict to name just a few), continue to impact this dynamic problem.
  • "People tend to believe that Web operators will keep their data safe in perpetuity. They entrust much more than poetry to unseen servers maintained by system administrators they've never met. Terabytes of confidential business documents, e-mail correspondence, and irreplaceable photos are uploaded as well, even though vast troves of user data have been lost to changes of ownership, abrupt shutdowns, attacks by hackers, and other discontinuities of service. Users of GeoCities, once the third-most-trafficked site on the Web, lost 38 million homemade pages when its owner, Yahoo, shuttered the site in 2009 rather than continue to bear the cost of hosting it."


Can't imagine why anyone would want to make anonymous calls? Have you been reading my Blog? This one's fir Android...
At times, revealing your phone number to somebody is not the wisest decision – you might be unwantedly contacted [or subpoenaed Bob] after your initial correspondence. Fortunately there are anonymous numbers that can be used to call and text others.


Whatever you do, don't install this on your thumb drive and use it to hack your friend's (or the school's) WiFi...
How to find your Wi-Fi password
Fortunately there's an easy-to-use program that can retrieve the security information for networks saved on your computer.
Step 1: Download WirelessKeyView (or the 64-bit version of WirelessKeyView) to a computer that can connect to the wireless network.

(Related)
"Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Tactical Network Solutions has released the tool as an open-source project on Google Code, but also is selling a more advanced commercial version."

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)