Group items tagged

Portugese prosecutors have declined to press charges against individuals accused of file sharing

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.

The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.

NSA defends the program by saying that it uses the location data to find "unknown associates of known intelligence targets." Basically, it's tracking where everyone goes, just in case people end up spending time with people the NSA deems as being terrorists.

Elsewhere in the article, they quote NSA officials repeatedly saying that the program is "tuned to be looking outside the United States," but not saying it only collects info outside the US. Also, they make clear, once a person leaves the US, the NSA no longer believes the 4th Amendment applies to them, so their location is fair game in this giant database.. Asked for specific numbers, an NSA person said:

Ultimately, taking several thousand photos with dozens of surveillance cameras is no greater a violation of privacy than a single photographer taking shots of crowd members. The problem here is the cover-up and the carelessness with which the gathered data was (and is) handled.

law enforcement automatically assumes a maximum of secrecy in order to "protect" its investigative techniques

The city claims it's not interested in pursuing this sort of surveillance at the moment, finding it to be lacking in "practical value." But it definitely is interested in all the aspects listed above, just not this particular iteration. It also claims it has no policies on hand governing the use of "situational awareness software," but only because it's not currently using any. Anyone want to take bets that the eventual roll out of situational awareness software will be far in advance of any guidance or policies?

Early Monday morning, Foxconn released a statement indicating that the riot started as a personal disagreement between factory workers in a dormitory and was eventually brought under control by police, but this clashes with reports trickling in from users of China's version of Twitter, Sina Weibo. Much like with the situations in Egypt and other Arab Spring countries earlier this year, microbloggers are painting a different picture than the one presented by official sources; numerous Weibo posts indicate that the riots were started not by a fight between workers in off-campus housing, but instead by security guards beating one or more workers nearly to death. Regardless of the cause, pictures leaking out from the scene show some destruction, including broken windows and a toppled guard post building.

If there’s one thing that needs constant reminding, it’s the explicit purpose of the copyright monopoly. Its purpose is to promote the progress of human knowledge. Nothing less. Nothing more.

[Congress has the power] to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.

has the power, and not the obligation

You may remember a high-profile, landmark ruling last year in Massachusetts, where charges against Simon Glik -- arrested for violating a state law that said it's "wiretapping" to record a police officer in public without his permission -- weren't just dropped, but the arrest was found to be both a First and Fourth Amendment violation. In the end, Boston was forced to pay Glik $170,000 for violating his civil rights. You would think that story would spread across Massachusetts pretty quickly and law enforcement officials and local district attorneys would recognize that filing similar charges would be a certified bad idea. Not so, apparently, in the town of Shrewsbury. Irving J. Espinosa-Rodrigue was apparently arrested and charged under the very same statute after having a passenger in his car videotape a traffic stop for speeding, and then posting the video on YouTube. Once again, the "issue" is that Massachusetts is a "two-party consent" state, whereby an audio recording can't be done without first notifying the person being recorded, or its deemed a "wiretap." This interpretation, especially when dealing with cops in public, is flat-out ridiculous and unconstitutional, as the Glik ruling showed.

This is hardly a surprise, but similar to the Joel Tenenbaum case, Jammie Thomas-Rasset (the other person sued for copyright infringement for using a file sharing system), has lost again. The appeals court (8th Circuit) has ruled that $9,250 per song infringed is perfectly reasonable and that the judge in the case, Michael Davis, erred in calling for a new trial after the initial jury verdict (the first of three). There were a number of procedural issues here, and it's worth pointing out that Thomas-Rasset herself more or less asked the court to bring back this first verdict and focus on the Constitutionality of the damages amount. So, the whole mess with the three separate district court trials sort of gets swept under the rug. However, the court simply isn't buying Thomas-Rasset's claim that the statutory damages are unconstitutionally punitive and a violation of due process. Basically, it says that the fact that statutory damages are completely out of whack with actual damages doesn't matter, because the point of statutory damages is that they're disconnected from actual damages on purpose (because, in theory, they're put in place because actual damages are difficult to assess).

The software, known as PC Rental Agent, was developed by Pennsylvania-based DesignerWare. It was licensed by more than 1,617 rent-to-own stores in the US, Canada, and Australia to report the physical location of rented PCs. A feature known as Detective Mode also allowed licensees to surreptitiously monitor the activities of computer users. Managers of rent-to-own stores could use the feature to turn on webcams so anyone in front of the machine would secretly be recorded. Managers could also use the software to log keystrokes and take screen captures.

In some cases, webcam activations captured images of children, individuals not fully clothed, and people engaged in sexual activities, the complaint alleged. Rental agreements never disclosed the information that was collected, FTC lawyers said.

PC Rental Agent also had the capability to display fake registration pages for Microsoft Windows, Internet Explorer, Microsoft Office, and Yahoo Messenger. When customers entered their names, addresses, and other personal information in the forms, the data was sent to DesignerWare servers and then e-mailed to the rent-to-own licensees.

"deny, disrupt, degrade and deceive" by any means possible.

A PowerPoint presentation from 2010 states that JTRIG activities account for five per cent of GCHQ's operations budget and uses a variety of techniques. These include "call bombing" to drown out a target's ability to receive messages, attacking targets in hotels, Psyops (psychological operations) against individuals, and going all the way up to disrupting a country's critical infrastructure.

According to reports in Der Spiegel last year, British intelligence has tapped the reservations systems of over 350 top hotels around the world for the past three years to set up Royal Concierge. It was used to spy on trade delegations, foreign diplomats, and other targets with a taste for the high life.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

Wednesday's report exposes serious risks in what banks, mortgage companies, and other financial services call "knowledge-based authentication." Representatives from these services frequently rely on a list of about 100 questions such as "What was your previous address?" or "Which company services your mortgage?" when trying to determine if the person on the phone or filling out an application is the individual he claims to be. Ready access to the data stored by the data aggregators can make the difference between a fraudulent application being approved or rejected. Krebs goes on to recount a story told by Gartner fraud analyst Avivah Litan about a fellow analyst who witnessed an identity thief in action.

JOHN MILLER: He's already said, "If I got amnesty, I would come back." Given the potential damage to national security, what would your thought on making a deal be? RICK LEDGETT: So, my personal view is, yes, it's worth having a conversation about. I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.

The reason for granting amnesty is as a recognition that Snowden was, in fact, a whistleblower

US surveillance agency may be using Google's advertising cookies to track and "pinpoint" targets for government hacking and location-tracking. According to Snowden's leaked presentation slides, both the NSA and the British equivalent, the GCHQ, are using a Google-specific ad cookie (know as "PREF") as a way of homing in on specific surveillance targets. While Google's cookie doesn't contain personal information like a name or email address, it does contain numeric codes that uniquely identify a user's browser.

“They’ve spent hundreds and hundreds of man-hours trying to reconstruct everything he has gotten, and they still don’t know all of what he took,” a senior administration official said. “I know that seems crazy, but everything with this is crazy.”

In recent days, a senior N.S.A. official has told reporters that he believed Mr. Snowden still had access to documents not yet disclosed. The official, Rick Ledgett, who is heading the security agency’s task force examining Mr. Snowden’s leak, said he would consider recommending amnesty for Mr. Snowden in exchange for those documents.

“So, my personal view is, yes, it’s worth having a conversation about,” Mr. Ledgett told CBS News. “I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.”

Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders.

Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X KEYSCORE.”" He further detailed that “the GCSB provides mass surveillance data into XKEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”