|
|
Home | Privacy
FBI Wants ISPs to Track All Users
The FBI now wants ISPs to track every movement their users make. All the time. Forever.
FBI Director Robert Mueller on Tuesday called on Internet service providers to record their customers' online activities, a move that anticipates a fierce debate over privacy and law enforcement in Washington next year.
"Terrorists coordinate their plans cloaked in the anonymity of the Internet, as do violent sexual predators prowling chat rooms," Mueller said in a speech at the International Association of Chiefs of Police conference in Boston.
"All too often, we find that before we can catch these offenders, Internet service providers have unwittingly deleted the very records that would help us identify these offenders and protect future victims," Mueller said. "We must find a balance between the legitimate need for privacy and law enforcement's clear need for access."
The speech to the law enforcement group, which approved a resolution on the topic earlier in the day, echoes other calls from Bush administration officials to force private firms to record information about customers. Attorney General Alberto Gonzales, for instance, told Congress last month that "this is a national problem that requires federal legislation."
Justice Department officials admit privately that data retention legislation is controversial enough that there wasn't time to ease it through the U.S. Congress before politicians left to campaign for re-election. Instead, the idea is expected to surface in early 2007, and one Democratic politician has already promised legislation.
We hope that this outrageous breach of civil rights and privacy of netizens is stopped in its track by privacy activists. What's more likely is that a provision will be slipped into some omnibus spending bill in early 2007 and it will become law.
Posted on October 19, 2006
Permalink | | | Comments (View)
Hackers Crack the RFID Code
Hackers have managed to hack into the RFID chips that the U.S. government is putting into passports. The hackers' goal was to show the incredible security vulnerability of the emerging -- and very popular -- technology that embeds a computer chip wrapped with tiny radio antennae into everything from food products to passports.
High-tech passports touted as advances in national security can be spied on remotely and their identifying radio signals cloned, computers hackers were shown at a conference.
Radio frequency identification technology, referred to as RFID, used in cash cards and passports, can be copied, blocked or imitated, said Melanie Rieback, a privacy researcher at Vrije University in the Netherlands.
Rieback demonstrated a device she and colleagues at Vrije built to hijack the RFID signals that manufacturers have touted as unreadable by anything other than proprietary scanners.
"I spend most of my time making the RFID industry's life miserable," the doctorate student told AFP. "I am not anti-RFID. It has the potential to make people's lives easier, but it needs to be used responsibly."
Rieback and university compatriots expected to have a reliable portable version of their device, RFID Guardian, finished in six months and "had no plans to immediately mass-produce these things."
A cheer rose from the legion of hackers in the conference room when Rieback announced that the schematics and the computer codes for the device would be made public.
"The industry and government needs to not be scared of us," Rieback said. "They need to talk with us and to work with us. Hopefully, together we can come up with some kind of reasonable compromise."
*****
RFID equipment makers would be wise to ramp up encryption and other security while technology is catching on, according to Rieback. Rieback was not the only speaker at the gathering who claimed to have found RFID vulnerabilities.
"If you are using RFID on cows, who cares?" Rieback asked rhetorically. "But, with a passport, it only takes one breach at the wrong time and it could wreck it for the RFID industry."
We're not big fans of the current RFID technology. Kudos to Rieback for continuing to point out the serious security flaws of this technology.
Posted on August 7, 2006
Permalink | | | Comments (View)
NSA Eyes MySpace.com Users
The NSA (National Security Agency or No Such Agency, depending on who you talk to) is now keeping a watchful eye on social networking sites such as MySpace.com. Russell Shaw at ZDNet explains how the program is helping the agency create a full dossier on just about everyone.
New Scientist magazine reveals that the National Security Agency is funding research into how to add information from social networking site MySpace listings to profiles of individuals garnered from banking, retail and property records.
As detailed in a footnote to a paper entitled Semantic Analytics on Social Networks, data from online social networks and other databases can be combined to uncover facts about people. The footnote said the work was part-funded by an organization known as ARDA, which stands for Advanced Research Development Activity.
Published in January by the Congressional Research Service, a report named Data Mining and Homeland Security, noted that part of ARDA's role is to promote integration of heretofore format-incompatible data sets about people- data sets that could be combined to generate more complete profiles of individuals under suspicion for potential terrorist links.
To facilitate this integration, research is believed to be underway on Ressource Description Framework, a way of tagging data in a way that will promote more common uniformity with other data.
"By adding online social networking data to its phone analyses, the NSA could connect people at deeper levels, through shared activities, such as taking flying lessons," writes article author Paul Marks.
Complete integration of such databases with phone calling records now believed to be in the possession of the NSA could be utilized in this manner:
Calls from say, Pakistan to the U.S. could be data-mined, and if the recipients of those calls (identified from their phone numbers) called several other numbers within a few hours after receiving those calls from Pakistan, those other numbers could be checked for suspected terrorist links.
And with a list handy of those who have been called available, it wouldn't take much to go to MySpace (or an archived MySpace repository), and search for MySpace users who have posted personally identifiable information that would indicate the need to explore their backgrounds further. Information such as the "flying lessons" example Marks writes about.
I'll do you one better. I believe that computer facial matching software will soon advance to the point where photos stored on NSA computers of terrorist suspects could then be mapped for similarities to photos on MySpace and other social networking sites.
Since it appears unlikely that anyone is going to put a stop to this unconscionable data mining of the lives of innocent Americans, you might want to watch what you post on MySpace.com: it's all going into a database somewhere. But you already knew that, right?
Posted on June 12, 2006
Permalink | | | Comments (View)
Google, Subpoenas and Silly Putty
When they're not fighting off burdensome, privacy-invading, intrusive government subpeonas, the folks at Google spend their time investigating the myriad of uses for 250 lbs of Silly Putty.
Not long ago, I walked by the desk of software engineer JJ Furman, and saw that he had made an interesting addition to his desk: a large blob of Silly Putty, about the size of a grapefruit. Intrigued, I asked how he'd gotten so much of the stuff. The answer? A bulk order directly from the manufacturer! Of course.
I knew then that I wanted some, and it dawned on me that I probably wasn't the only one. So I set out to place a really, really big bulk order. An email went out to cohorts. Their orders came in. Three weeks later, I had an eighth of a ton of Silly Putty delivered to my desk.
Naturally, we were all curious to see what 250 pounds of Silly Putty would look like, so before distributing the stuff, we put it all in a single pile to see. Huge mistake.
The problem was that once together, Silly Putty doesn't like to come apart, and none of us had any idea of how to deal with this effect. We tried everything: very strong people (didn't work), scissors (stabbing worked, slicing didn't), 28-gauge steel wire (broke), 22-gauge steel wire (broke), 16-gauge steel wire (too thick), and twisting and breaking (worked well for "smaller" pieces -- under five pounds, that is.)
Two hours later, with the help of more than a dozen enthusiastic Googlers, everyone was finally able to walk away with a giant piece of Silly Putty.
And then what? Some people are giving it for holiday gifts. Others are using it to exercise their arms, play basketball (rebounds are tough), and of course, imprint entire newspaper pages.
Any regrets? Absolutely not.
We say: respond to the subpoena by mailing the government one ton of Silly Putty.
Posted on January 24, 2006
Permalink | | | Comments (View)
iTunes and Privacy Issues
The BBC reports on the iTunes controversy: bloggers discovered that a feature on iTunes was tracking user information without disclosing the info to users.
The row arose following the update to the iTunes software released by Apple on 10 January. The new version includes a MiniStore feature that recommends tracks to buy similar to those a user is listening to.
MiniStore looks for similar tracks when a user clicks on a tune in a playlist. It even makes recommendations about songs that were not bought via the hugely popular online music store.
iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations. When the MiniStore is hidden, this data is not sent to the iTunes Music Store.
Soon after the update was released, blogger Marc Garrett wrote a journal entry about MiniStore and the data it passes back to Apple.
Further work by other bloggers such as Kirk McElhearn found that the data being sent back to Apple to make the recommendations included artist, title, genre as well as unique identifiers for a computer and iTunes account.
Privacy advocates complained that Apple had not done enough to warn people about the information that was being collected, nor what was being done with the collected data.
By contrast Apple does mention in the licence agreement for iTunes that it contacts the Gracenote music database to work out which album is being played via the program.
"Apple should be clear about its information gathering practices," wrote Mr Garrett on his blog.
Apple said in response to a request for comment: "Apple does not save or store any information used to create recommendations for the MiniStore".
On its support website, the company has posted and updated information about how to turn the MiniStore feature off. Information on the page has been updated since the row about iTunes blew up.
"iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations," says the entry on its support website.
"When the MiniStore is hidden, this data is not sent to the iTunes Music Store."
Digital detective work by bloggers has confirmed that no data is passed to Apple when MiniStore is turned off.
The bottom line is that every service that recommends personalized products to you is tracking your preferences. We have no problem with that so long as everything is disclosed to the customer: otherwise, Amazon.com would have trouble recommending cool new books and CDs to us. But the problem arises when the company does something else with the information it has collected: like sell it to a third party. And that we do have a problem with.
Posted on January 16, 2006
Permalink | | | Comments (View)
|
|
