Monday, March 05, 2007

Oops! (Not all information disclosures are large scale...)

http://www.wired.com/news/technology/0,72811-0.html?tw=rss.index

Top Secret: We're Wiretapping You

By Ryan Singel 02:00 AM Mar, 05, 2007

It could be a scene from Kafka or Brazil. Imagine a government agency, in a bureaucratic foul-up, accidentally gives you a copy of a document marked "top secret." And it contains a log of some of your private phone calls.

You read it and ponder it and wonder what it all means. Then, two months later, the FBI shows up at your door, demands the document back and orders you to forget you ever saw it.

By all accounts, that's what happened to Washington D.C. attorney Wendell Belew in August 2004. And it happened at a time when no one outside a small group of high-ranking officials and workaday spooks knew the National Security Agency was listening in on Americans' phone calls without warrants. Belew didn't know what to make of the episode. But now, thanks to that government gaffe, he and a colleague have the distinction of being the only Americans who can prove they were specifically eavesdropped upon by the NSA's surveillance program.

The pair are seeking $1 million each in a closely watched lawsuit against the government, which experts say represents the greatest chance, among over 50 different lawsuits, of convincing a key judge to declare the program illegal.

... The lawyers retrieved one of the remaining copies of the document -- presumably from Saudi Arabia -- and used it to file a complaint in U.S. District Court in Oregon in February of last year. They sought damages from the government of $1 million each for Belew and Ghafoor, and the unfreezing of Al-Haramain's assets, because that action relied on the allegedly illegal spying.

The lawsuit is poised to blow a hole through a bizarre catch-22 that has dogged other legal efforts to challenge the Bush administration's warrantless surveillance.

... Justice Department and phone company lawyers have asserted that the plaintiffs in those cases don't have legal standing to sue, because they have no proof that they were direct victims of the eavesdropping.

... That evidence also gives the courts enough to rule immediately on whether the president had the authority to spy on Belew and Ghafoor without a court order, said Jon Eisenberg, one of Belew's lawyers. "We know how many times he's been surveilled," Eisenberg told a judge last month. "There is nothing left for this court to do except hear oral arguments on the legality of the program."

... Other aspects of the case also support the plaintiffs' interpretation of the document. Last year, U.S. District Judge Garr King in Portland examined the document and read classified briefs filed by the Justice Department. Then he ordered the government to meet with the plaintiffs to discuss turning over more documents in discovery. It's not likely the court would have permitted the case to continue if the evidence didn't, in fact, indicate that the pair had been under surveillance.

And if the surveillance had been court ordered and lawful, King would have been obliged to dismiss the lawsuit. Under the Foreign Intelligence Surveillance Act, or FISA, targets of counter-intelligence or counter-terrorism surveillance can only sue the government when no warrant has been issued. Lawyers for Belew and Ghafoor seize on this point. "If there was a FISA warrant, the whole case would have crumbled on the first day," Nelson says. "Its pretty obvious from the government's conduct in the case, there was no warrant."



In an environment where government is scrambling to take data off the internet...

http://www.redding.com/news/2007/mar/04/online-jail-records-punish-and-protect/

Online jail records punish and protect

Shasta County jail officials say their motive for posting booking logs on the World Wide Web is mainly time. Staffing is short, and officers spend a lot of valuable time responding to routine inquiries about bails and charges.

But is it also a digital-age equivalent of slapping a prisoner in stocks in the town square?

Well, a few diligent crime-watchers might head to the county Web site to surf the mug shots and see which of their friends and neighbors got locked up over the weekend, but the online lineup is hardly a billboard on Interstate 5.

And yet it is accessible enough for lawyers, bail bond companies, reporters, relatives and neighbors wondering why the police were at so-and-so's house last night to easily find out basic information that is legally public anyway.

Some see an invasion of privacy here. Anyone worried about that can be reasonably sure of protecting themselves by obeying the law. [What happened to “presumed innocent?” Bob]

Besides, knowing who is locked up, and why, protects the rights of the accused as much as it might expose them to public opprobrium. There are countries where citizens are hauled to jail and never heard from again. [The old “We're not that evil” defense? Bob] Those unfortunate souls would surely prefer the alternative.

[Access is via :http://www.co.shasta.ca.us/html/In_Custody/incustody_disclaimer.aspx but don't worry, they have a disclaimer... Bob]



Am I reading this correctly? If you don't have a written record retention policy, you can't destroy electronic records?

http://ralphlosey.wordpress.com/2007/03/03/rule-37f-safe-harbor-requires-routines-that-most-companies-lack/

Rule 37(f) Safe Harbor Requires Routines That Most Companies Lack

New Rule 37(f) creates a “safe harbor” for a company to destroy ESI as part of its routine electronic records management practices. Unfortunately, this harbor is beyond the reach of most companies because they lack established routines for ESI retention and destruction. The rule states:

(f) Electronically stored information. Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good faith operation of an electronic information system.

The routine, good faith operation of an electronic records storage system can be proven by reference to a company’s written records retention policy. That is the document, usually very long and complicated, that tells you when to save records, and for how long, and when to delete them. If the deletion of ESI was in accordance with the company’s written manual on the subject, then you may be able to prove the loss of evidence was the result of routine and good faith operations. This assumes, however, that: a) the company has such a manual; and, b) the book is routinely followed. In reality, a company’s records retention policies are often ignored, and seldom enforced. [Too true Bob] That makes the routine needed for Rule 37(f) safe harbor protection a difficult element for most companies to prove.



Because you can never have enough surveillance...

http://yro.slashdot.org/article.pl?sid=07/03/05/0152204&from=rss

The Pentagon Wants a 'TiVo' to Watch You

Journal written by Jeremiah Cornelius (137) and posted by Zonk on Sunday March 04, @08:57PM

from the i-think-the-shulmans-are-particularly-funny-this-week dept. Privacy Technology

An anonymous reader writes "Danger Room, a Wired blog, today cites a study of future electronic snooping technologies from Reuters, written by the Pentagon's Defense Science Board. More than anything, it seems these outside advisers want a surveillance system that would put Big Brother to shame, and they're looking at the commercial sector to provide it. 'The ability to record terabyte and larger databases will provide an omnipresent knowledge of the present and the past that can be used to rewind battle space observations in TiVo-like fashion and to run recorded time backwards to help identify and locate even low-level enemy forces. For example, after a car bomb detonates, one would have the ability to play high-resolution data backward in time to follows the vehicle back to the source, and then use that knowledge to focus collection and gain additional information by organizing and searching through archived data.'"

[Study is at:

http://www.acq.osd.mil/dsb/reports/2006-02-Summer_Study_Strategic_Tech_Vectors_Vol_I_Web.pdf



Tools & Techniques

http://www.coloradoan.com/apps/pbcs.dll/article?AID=/20070305/BUSINESS/703050314

Eateries eye credit card security

Ruby Tuesday, others trying out technology to protect customers

By BRUCE HOROVITZ USA Today

Restaurant chains - under mounting pressure - are serving up new ways to shield customers from credit card fraud.

Ruby Tuesday today will announce that it will be the first national restaurant to offer an ultra-secure credit card processing system that leaves no credit card information with the restaurant. The system that will be in all of its 900 locations by mid-April sends the data to the bank in an encrypted form.

Meanwhile, some smaller chains - including Legal Sea Foods and Hooters - are testing devices that let patrons pay at the table so the credit card never leaves their sight.

These kinds of actions could change how people use credit cards at the nation's 935,000 restaurants, where they're expected to spend $537 billion in 2007. Some of the new steps mirror methods already common in Europe.

Identity fraud of all kinds costs consumers more than $56 billion annually. Late last year, several dozen retailers - including California Pizza Kitchen and El Pollo Loco - were named in ID theft class-action lawsuits for violating federal law that requires retailers to truncate credit card numbers on sales receipts.

Massachusetts is eyeing a bill that would hold retailers responsible for losses if credit card information is stolen from their equipment.



Would you like to buy an election?

http://hosted.ap.org/dynamic/stories/D/DIEBOLD_VOTING?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT

Diebold Weighs Strategy for Voting Unit

By M.R. KROPKO AP Business Writer Mar 4, 3:29 PM EST updated Mon, March 05, 2007

CLEVELAND (AP) -- Diebold Inc. saw great potential in the modernization of elections equipment. Now, analysts say, executives may be angling for ways to dump its e-voting subsidiary that's widely seen as tarnishing the company's reputation.

Though Diebold Election Systems - the company's smallest business segment - has shown growth and profit, it's faced persistent criticism over the reliability and security of its touch-screen voting machines. About 150,000 of its touch-screen or optical scan systems were used in 34 states in last November's election.

... Diebold headaches have abounded.

Some of its voting machines have been criticized for lacking a voter-verified paper trail for post-election audits. Last summer, the Open Voting Foundation issued a report alleging that Diebold touch-screen functions can be changed with the flip of an internal switch. Activists have found source code online. And there have also been numerous lawsuits and leaked internal memos.



We're thinking about scheduling a time to consider a plan to evaluate future efforts to eventually initiate a trend toward securing our data!”

http://www.cioinsight.com/article2/0,1540,2100407,00.asp

Report: Plugging Data Leaks Is High Priority

March 5, 2007 By Lisa Vaas, eWEEK

In the wake of incidents such as TJX's potentially massive loss of data to theft, reported in January, it shouldn't come as a surprise to find that 90 percent of companies plan to plug in new technology to secure electronic copies of intellectual property in the coming year.

That was one finding of a report from Enterprise Strategy Group, issued on March 5, entitled "Intellectual Property Rules." ESG surveyed 112 organizations, each with more than 1,000 employees, for the report. [http://www.enterprisestrategygroup.com/Default.asp?PAName=information]

One of the findings that surprised ESG was how big the IP problem is, according to Eric Ogren, a security analyst for ESG.

Protecting PII (personally identifiable information) such as the credit card numbers, Social Security numbers and other pieces of user and customer data are actually not the top priority with most organizations, Ogren said. "We asked upfront, what do you consider to be intellectual property?" he said. "What they want to protect is financial information, contracts and agreements. Only after that is PII."

Other IP that companies are looking to protect include, in order of reported priority, source code, competitive intelligence, internal research data, design specifications, customers' PII, trade secrets, CRM (customer relationship management) databases, patent documents and sponsored research data.

What's tough about protecting such data is that it comes in so many different forms. Much of it doesn't fit into a neat fixed-format, as would Social Security numbers or credit card numbers, for example. Instead, it comes from all over the network. Specifically, ESG's report shows that in the surveyed population, 21 percent of IP resides in corporate e-mail; 17 percent lives in corporate portals or intranets; 34 percent is stored in application databases such as SAP, Oracle or SQL Server; and 28 percent is kept in file systems, including spreadsheets, Word documents and the like.

... According to the report, 78 percent of those surveyed search for electronic versions of IP at least once a quarter.

... As for the biggest perceived threat when it comes to data loss, either malicious or sloppy insiders scare the respondents the most.

... The report puts forth four best practices for leakage protection.

First, ESG recommends, enterprises should define comprehensive requirements for IP and PII at the same time. Protecting against leakage of one protects against leakage of the other, the company maintains.

It's also necessary to segregate IP protection duties, according to ESG. That means empowering security teams to provide independent oversight of operations, including monitoring insider use of information.

ESG also suggests automating discovery of IP, to cut down on the time and money currently being devoted to it.

Finally, ESG recommends network-based solutions over distributed end-point software. "I don't think end-point software is going to solve it—it can't reside in all the places IP resides," Ogren said.



Interesting idea...

http://www.researchbuzz.org/wp/2007/03/04/over-25000-images-available-at-phillyhistory/

March 4, 2007

Over 25,000 Images Available at PhillyHistory

Filed under: Multimedia-Images, US-Pennsylvania

Here’s a great historic photography archive. PhillyHistory, at http://www.phillyhistory.org/, currently features only 25,000 images of Philadelphia dating back to the 1800s, with more images coming at the rate of 2000 a month.

From the front page you can search by street address or by neighborhood, but not by search term. From the search page you can do a keyword search or narrow it by year. A simple search for billboard found eight results, five to a page. Results include a thumbnail as well as a brief caption and description of the page.

The detail pages are terrific; they have a much larger picture and — this is the neat part — a map of the neighborhood and the place where the picture was taken. On the detail page you also have the option to buy glossies of the pictures — the one I looked at was $10 for a 5×7 and $20 and 8×10.

... In addition to the archived photographs this site also has a Historic Streets Index (search by name) as well as a nice Philadelphia-oriented link list and a blog. Plenty to see here, but you might have to try several different search terms.



Free is good.

http://www.fullbooks.com/

Thousands of full text free books



May come up more frequently than desirable.

http://www.alternativereel.com/streams-of-consciousness/Last_Call.html

Last Call! An Anthology of Drinking Quotes

No comments: