Wednesday, February 24, 2010

We need more computer forensic training at the high school level, we need ethics training at the school district level, and we need lawyers trained on digital evidence. I expect someone will be following this case microscopically, and we will get to see the evidence! (Please don't settle out of court!)

http://yro.slashdot.org/story/10/02/23/2030207/Federal-Judge-Orders-Schools-To-Stop-Laptop-Spying?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Federal Judge Orders Schools To Stop Laptop Spying

Posted by kdawson on Tuesday February 23, @06:03PM

CWmike writes

"A federal judge on Monday ordered the Pennsylvania school district accused of spying on its students to stop activating the cameras in school-issued MacBook laptops. According to the original complaint, Blake Robbins was accused by a Harriton High School assistant principal of 'improper behavior in his home' and shown a photograph taken by his laptop as evidence. In an appearance on network television last Saturday, Robbins said he was accused by the assistant principal of selling drugs and taking pills — but he claimed the pictures taken by his computer's camera showed him eating candy. Also on Monday, the company selling the software used by the school district to allegedly spy on its students blasted what it called laptop theft-recovery 'vigilantism.'"

jamie found two posts from stryde.hax pointing out suggestive information about one school district network administrator, and coaching students how to determine if their school-issued laptops were infected with the LANRev software used to operate the cameras remotely and in secret.

[From the “suggestive information” article:

In this post, Perbix discusses methods for remotely resetting the firmware lockout used to prevent jailbreaking of student laptops. A jailbreak would have allowed students to monitor their own webcam to determine if administrators were truly taking pictures or if, as the school administration claimed, the blinking webcams were just "a glitch." [First time I've seen this claim. Bob]

… In a September 2009 post that may come to haunt this investigation, Perbix posted a scripting method for remote enable/disable of the iSight camera in the laptops. This post makes a lot more sense when Perbix puts it in context on an admin newsgroup, in a post which makes it clear that his script allows for the camera to appear shut down to user applications such as Photo Booth but still function via remote administration:

… The truly amazing part of this story is what's coming out from comments from the students themselves. Some of the interesting points:

  • Possession of a monitored Macbook was required for classes

  • Possession of an unmonitored personal computer was forbidden and would be confiscated [It's our way or the highway... Bob]

… When I spoke at MIT about the wealth of electronic evidence I came across regarding Chinese gymnasts, I used the phrase "compulsory transparency". I never thought I would be using the phrase to describe America, especially so soon, but that appears to be exactly the case.

"Hi, I'm a 2009 Graduate of Harriton Highschool. [...] I and a few of my fellow peers were suspicious of this sort of activity when we first received the laptops. The light next to the web cam would randomly come on, whether we were in class, in study hall or at home minding our own business. We reported it multiple times, each time getting the response: "It's only a malfunction. if you'd like we'll look into it and give you a loaner computer."

… What amazes me most is that the family and lawyer filing the suit appear to have done no digital forensics going in, and no enterprising student hacker ever jailbroke a laptop and proved this was going on. The greatest threat to this investigation now is the possibility that the highly trained technical staff at LMSD could issue a LANRev script to wipe digital forensic evidence off all the laptops. This is why it is imperative for affected parents to have the hard drive removed from their children's laptops and digitally imaged before the laptop is connected to a network. With enough persistence, and enough luck, we may eventually learn the truth.

[You've read the stories, now buy the T-shirt!”

http://www.zazzle.com/lower_merion_school_district_scandal_parody_tshirt-235568003500926676


(Related) Digital evidence falls under the “need to capture” envelope – just with more urgency.

http://hardware.slashdot.org/story/10/02/23/2210224/Avoiding-a-Digital-Dark-Age?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Avoiding a Digital Dark Age

Posted by kdawson on Tuesday February 23, @06:49PM

al0ha writes to recommend a worthwhile piece up at American Scientist on the problems of archiving and data preservation in an age where all data are stored digitally.

"It seems unavoidable that most of the data in our future will be digital, so it behooves us to understand how to manage and preserve digital data so we can avoid what some have called the 'digital dark age.' This is the idea — or fear! — that if we cannot learn to explicitly save our digital data, we will lose that data and, with it, the record that future generations might use to remember and understand us. ... Unlike the many venerable institutions that have for centuries refined their techniques for preserving analog data on clay, stone, ceramic or paper, we have no corresponding reservoir of historical wisdom to teach us how to save our digital data. That does not mean there is nothing to learn from the past, only that we must work a little harder to find it."


(Related) Gee, maybe the school didn't need a warrant either?

http://yro.slashdot.org/story/10/02/24/025225/Utah-Considers-Warrantless-Internet-Subpoenas?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Utah Considers Warrantless Internet Subpoenas

Posted by kdawson on Wednesday February 24, @08:10AM

seneces writes

"The Utah State Legislature is considering a bill granting the Attorney General's Office the ability to demand customer information from Internet or cell phone companies via an administrative subpoena, with no judicial review (text of the HB150). This represents an expansion of a law passed last year, which granted that ability when 'it is suspected that a child-sex crime has been committed.' Since becoming law, last year's bill has led to more than one non-judicial request per day for subscriber information. Pete Ashdown, owner of a local ISP and 2006 candidate for the US Senate, has discussed his position and the effects of this bill."



Is this as easy as stealing candy from babies?

http://yro.slashdot.org/story/10/02/23/2236254/Criminals-Hide-Payment-Card-Skimmers-In-Gas-Pumps?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Criminals Hide Payment-Card Skimmers In Gas Pumps

Posted by kdawson on Tuesday February 23, @07:36PM

tugfoigel writes

"Wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become. Criminals hid bank card-skimming devices inside gas pumpsin at least one case, even completely replacing the front panel of a pump [and no one notices! Bob] — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank's fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah." [Fairly specific data – not just the same gas station. Bob]



No surprise.

http://www.pogowasright.org/?p=7960

Italian Court Finds Google Violated Privacy

February 24, 2010 by Dissent

Eric Sylvers and Eric Pfanner report:

Three Google executives were convicted of violating Italian privacy laws on Wednesday in a case that the company says could undermine freedom of expression on the Internet.

The case involved online videos showing an autistic boy being bullied by classmates in Turin. They were posted in 2006 on Google Video, an online video-sharing service that Google started before its acquisition of YouTube.

[...]

The officials who were found guilty are Peter Fleischer, Google’s chief privacy counsel; [Attention CPOs! Bob] David Drummond, senior vice president and chief legal officer, and George Reyes, a former chief financial officer. They executives, who were named because Italian law holds corporate executives responsible for a company’s actions, received six-month suspended sentences.

While the executives were found guilty of privacy violations, they were cleared of charges of defamation.

Though the executives will not have to serve prison time, the verdicts are nonetheless a black eye for Google, potentially tarnishing its self-styled “don’t be evil” image.

Read more in the New York Times.

The AFP reports:

Each executive was given a six-month suspended sentence for violation of privacy, [Google spokesperson Bill] Echikson told AFP today, adding that Google would appeal the verdict.

And the BBC provides some reactions from the defendants:

David Drummond, chief legal officer at Google and one of those convicted, said he was “outraged” by the decision.

“I intend to vigorously appeal this dangerous ruling. It sets a chilling precedent,” he said.

“If individuals like myself and my Google colleagues who had nothing to do with the harassing incident, its filming or its uploading onto Google Video can be held criminally liable solely by virtue of our position at Google, every employee of any internet hosting service faces similar liability,” he added.

Peter Fleischer, privacy counsel at Google, was also found guilty.

He questioned how many internet platforms would be able to continue if the decision held.

“I realise I am just a pawn in a large battle of forces, but I remain confident that today’s ruling will be over-turned on appeal,” he said.



“Yeah they look young and innocent now, but all Texans are potential criminals!”

http://www.pogowasright.org/?p=7966

Suit possible over baby DNA sent to military lab for national database

February 24, 2010 by Dissent

Mary Ann Roser reports:

An Austin lawyer threatened to pursue a new federal lawsuit Monday after learning that some newborn blood samples in Texas went to the U.S. military for potential use in a database for law enforcement purposes.

The Department of State Health Services never mentioned the database to Jim Harrington, director of the Texas Civil Rights Project, who settled a lawsuit in December with the state over the indefinite storage of newborn blood without parental consent, or to the American-Statesman, which first reported on the little-known blood storage practice last spring. Harrington said he thought another suit was likely unless the health department destroys the information obtained from the blood samples or obtains consent.

[...]

An article Monday by the Texas Tribune, a news Web site, said the state health department sent 800 anonymous samples to the military to help create a national mitochondrial DNA database. The samples were sent in 2003 and 2007, according to the department’s Web site.

Carrie Williams, a health department spokeswoman, said the program wasn’t mentioned because, “We don’t publicize every agency initiative or contract, and obviously this is a sensitive topic.”

Read more in the American-Statesman.



If the US doesn't even make the “Top 10%” let alone the “Top 10” (we're number 19) are we a “second rate country?”

http://www.bespacific.com/mt/archives/023600.html

February 23, 2010

New ITU Report: Measuring the Information Society 2010

News release: "Prices for information and communication technology (ICT) services are falling worldwide, yet broadband Internet remains outside the reach of many in poor countries, ITU says in its Measuring the Information Society 2010 report released today. The report features the latest ICT Development Index (IDI), which ranks 159 countries according to their ICT level and compares 2007 and 2008 scores. "The report confirms that despite the recent economic downturn, the use of ICT services has continued to grow worldwide," says Sami Al Basheer Al Morshid, Director of ITU’s Telecommunication Development Bureau (BDT). All 159 countries included in the IDI have improved their ICT levels, and mobile cellular technology continues to be a key driver of growth. In 2010, ITU expects the global number of mobile cellular subscriptions to top five billion. "At the same time, the report finds that the price of telecommunication services is falling — a most encouraging development," said Mr Al Basheer. The IDI combines 11 indicators into a single measure that can be used as a benchmarking tool globally, regionally, and at national level, as well as helping track progress over time. It measures ICT access, use and skills, and includes such indicators as households with a computer, the number of fixed broadband Internet subscribers, and literacy rates. The world’s Top 10 most advanced ICT economies features eight countries from Northern Europe, with Sweden topping the IDI for the second year in a row. The Republic of Korea and Japan rank third and eighth, respectively."



For my Access database class (Why do these guides always come out at the end of the Quarter?)

http://www.makeuseof.com/tag/quick-guide-started-microsoft-access-2007/

A Quick Guide To Get Started With Microsoft Access 2007

No comments: