Saturday, September 08, 2012

One to follow?
ACLU Sues Police for Seizing Man’s Phone After Recording Alleged Misconduct
The ACLU has sued the District of Columbia and two police officers for allegedly seizing the cellphone of a man who photographed a police officer allegedly mistreating a citizen, and for then stealing his memory card.
The suit, filed in federal court (.pdf) in Washington, D.C., alleges that the police officer violated Earl Staley, Jr.’s First Amendment and Fourth Amendment rights by improperly searching and seizing his property while he was exercising his right to photograph the police performing their duty.


They aren't secret, we just haven't told anyone except for a few people now housed at Guantanamo.
Two District Court Rulings That Cell-Site Data Not Protected Under the Fourth Amendment
September 7, 2012 by Dissent
Earlier this week, I posted a link to a report by David Kravets on how United States v. Antoine Jones is back in court, but this time on the cell phone location data records. In discussing the DOJ’s brief in the case, Orin Kerr writes:
It’s a good brief, I think, and I was particularly intrigued by the appendices. The appendices included two recent unpublished federal district court decisions on Fourth Amendment protection for cell-site data. To my knowledge, neither opinion has been public before — or if they were public, they are not on Westlaw. Here they are for those interested:
1) United States v. Gordon (D.D.C. February 2012) (Urbina, J.) (ruling, shortly after the Supreme Court’s decision in Jones, that cell-site information is not protected by the Fourth Amendment because Smith v. Maryland is controlling)
2) In re Application of the United States (D.D.C. October 2011) (Lamberth, J.) (redacted version of ruling filed under seal) (ruling after the D.C. Circuit’s decision in Maynard but before Jones that cell-site information is not protected under Smith v. Maryland, and distinguishing Maynard on the ground that cell-site data is much less revealing and detailed about a person’s life than is GPS information).


Hobby Hacking! I knew about this a few days early – the judge uses unencrypted wifi at home...
District Court Rules that the Wiretap Act Does Not Prohibit Intercepting Unencrypted Wireless Communications
September 7, 2012 by Dissent
Orin Kerr writes:
The decision is In re INNOVATIO IP VENTURES, LLC PATENT LITIGATION. MDL Docket No. 2303, Case No. 11 C 9308. (N.D.Ill. August 22, 2012), via Cybercrime Review. The opinion holds that anyone can monitor the unencrypted wi-fi communications of anyone else without implicating the Wiretap Act. I think the decision is wrong, and I wanted to explain why.
The court holds that unsecured wireless communications are not covered by the Wiretap Act because of the exception found in 18 U.S.C. § 2511(g)(i). That exception states:
(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;
The Court concludes that this exception covers unsecured wi-fi communications, so that it is entirely lawful to snoop in on someone else’s private communications over an unsecured wireless network:
Read more on The Volokh Conspiracy.

(Related) for my Computer Security students.
If you think a wireless router’s only job is to connect you to the world of the Internet, you’re missing out on a lot of its awesome goodness. Sure, maybe all you need is Internet access. In that case, you don’t really have to worry about all the tricks your router can do. But for those of you that want to maximize your experience, there are some advanced wireless router features that will make your life much easier.


Better to educate than simply ban a tool...
How Instagram became the social network for tweens
Well-intentioned parents who've kept their tweens off Facebook are catching on to the workaround: kids are turning to Instagram, the photo-sharing app that may as well be a social network.


I'm not a fan of so called “situational ethics.” If an action is right sometimes but wrong in some situations, you don't have the definition right!
Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses
September 7, 2012 by Dissent
From the Congressional Research Service, by Richard M. Thompson II:
… the constitutionality of domestic drone surveillance may depend upon the context in which such surveillance takes place. Whether a targeted individual is at home, in his backyard, in the public square, or near a national border will play a large role in determining whether he is entitled to privacy. Equally important is the sophistication of the technology used by law enforcement and the duration of the surveillance. Both of these factors will likely inform a reviewing court’s reasoning as to whether the government’s surveillance constitutes an unreasonable search in violation of the Fourth Amendment.
Read the full report on FAS.


Of course, but the constitution only applies to second-class citizens and similar scum. It never applies to Big Brother and friends.
Does Germany’s Plan To Create Its Own Spyware Violate Its Constitution?
September 7, 2012 by Dissent
Ryan Gallagher writes:
Are you a creative thinker who can write software and detect computer security vulnerabilities? If yes, federal police in Germany have a job for you.
The Bundeskriminalamt, or BKA, is Germany’s version of the FBI. The agency iscurrently recruiting for a number of IT specialists to help develop “technical surveillance methods” that can be used to secretly and remotely access computers during crime investigations. What that means, in plain English, is that the BKA is looking for people to help design in-house spyware than can be used to infiltrate computers and mine data.
Read more on Slate.


No surprise. But things like this make it seem likely that the FBI would have millions of iPhone details available for Anonymous to hack. No doubt it includes your Facebook “mugshots” too...
FBI launches $1 billion nationwide facial recognition system
September 7, 2012 by Dissent
Sebastian Anthony writes:
The US Federal Bureau of Investigation has begun rolling out its new $1 billion biometric Next Generation Identification (NGI) system. In essence, NGI is a nationwide database of mugshots, iris scans, DNA records, voice samples, and other biometrics, that will help the FBI identify and catch criminals — but it is how this biometric data is captured, through a nationwide network of cameras and photo databases, that is raising the eyebrows of privacy advocates.
Read more on ExtremeTech.


Automating copyright review... If you claim copyright on malware are you opening yourself to liability for its use?
"A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."


Raises an interesting question: What other security/privacy settings do they ignore?
Apache Web software overrides IE10 do-not-track setting
September 7, 2012 by Dissent
Stephen Shankland reports:
Apache, the most commonly used software to house Web sites, will ignore Microsoft’s decision to disable ad-tracking technology by default in Internet Explorer 10.
[...]
Roy Fielding, an author of the Do Not Track (DNT) standard and principal scientist at Adobe Systems, wrote a patch for Apache that sets the Web server to disable DNT if the browser reaching it is Internet Explorer 10. “Apache does not tolerate deliberate abuse of open standards,” Fielding titled the patch.
As a result of the Apache update, Web servers using the software will ignore DNT settings for people using IE10.
Read more on CNET.
So users who believe that they have DNT on by default will unknowingly have their protection bypassed by the Apache patch? Oh good, that will really help protect users’ privacy. NOT.


Are we reaching our limit of tolerance for Big Brother? (Was Ayn Rand right to forecast a John Galt?)
Jimmy Wales threatens to encrypt Wikipedia if UK passes snooping bill
September 7, 2012 by Dissent
Timothy B. Lee writes:
Wikipedia founder Jimmy Wales has joined the opposition to the Communications Data Bill that was proposed by the UK government earlier this year. Civil rights groups have raised the alarm about provisions that could require British ISPs to keep records of every website their customers visit for 12 months. Now Wales is threatening to enable encryption on Wikipedia for UK Web users to protect their privacy.
“If we find that UK ISPs are mandated to keep track of every single webpage that you read at Wikipedia, I am almost certain we would immediately move to a default of encrypting all communication to the UK, so that the local ISP would only be able to see that you are speaking to Wikipedia, not what you are reading,” Wales told members of parliament.
Read more on Ars Technica.


Ebooks to get cheaper?
Judge Approves E-Book Pricing Settlement Between Government and Publishers
In a decision that could start an e-book price war in the publishing industry, a federal judge on Thursday approved a settlement between the Justice Department and three major publishers in a civil antitrust case that accused the companies of collusion in the pricing of digital books.
… And the ruling promised to empower Amazon, the e-retailing giant, to drop the price of many e-books back to $9.99 or even lower in the coming months, a move that could pressure competing retailers to do the same.


The Physics of Computer Security. (By the way students, Mr. Schrodinger's cat is still missing...)
"A very interesting paper (PDF) has just hit the streets (or, at least, Physics Review Letters) about the Heisenberg uncertainty relationship as it was originally formulated about measurements. The researchers find that they can exceed the uncertainty limit in measurements (although the uncertainty limit in quantum states is still followed, so the foundations of quantum mechanics still appear to be sound.) This is really an attack on quantum entanglement (the correlations imposed between two related particles), and so may have immediate applications in cracking quantum cryptography systems. It may also be easier to read quantum communications without being detected than people originally thought."


Perspective
… On its own, Apple's iPhone business would be a Fortune 50 company.
It's also bigger than all of Microsoft. Not just Windows or Office -- the iPhone generated more sales than the entirety of Microsoft's product lineup over the past four quarters.


For my Statistics students...
The Probabilities of Large Terrorist Events
In a recent paper posted to the arXiv, my friend and colleague Aaron Clauset, along with his collaborator Ryan Woodard, set out to use a sophisticated statistical approach to address this problem.


Exerpts from:
… The California State Senate passed an open textbook bill this week — it now heads to Governor Jerry Brown’s desk — that would create an OER library for the textbooks in the most popular undergraduate classes at the state’s public universities.
… And so it begins: Colorado State University’s Global Campus will accept transfer credit for online education startup Udacity's CS 101.
edX, the MIT and Harvard MOOC initiative, will now offered proctored final exams to the students that sign up for its open enrollment online classes, reports The Chronicle of Higher Education. These tests will be given by Pearson (which also provides testing for Udacity). Vive la revolution

No comments: