Group items tagged

The CNCI consists of a number of mutually reinforcing initiatives with the following major goals designed to help secure the United States in cyberspace: To establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions. To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies. To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace.

Parliamentarians need to recognize that copyright touches everyone and every technology in the digital age. It is no longer a question of inter-business regulation and deals. Getting copyright wrong has the potential to mess up our freedom of speech, prevent us from getting the benefits of new technologies, and damage society in other very profound ways. It is therefore deeply inappropriate for such fundamental proposals to have been introduced by both the government or the opposition parties at the behest of one side of the debate. That applies just as much to disconnection, which Mandelson introduced in the summer at the last minute under pressure again from the BPI and other rights holders.

The "Facebook Subpoena/Search Warrant Guidelines" from the Cryptome site are dated 2008, so there's a chance they've been superseded. The document spells out how law enforcement and intelligence agenices should go about requesting information about Facebook users, and details what information is turned over. Following is what Facebook will turn over about you, taken verbatim from the guide: Types of Information Available User Neoprint The Neoprint is an expanded view of a given user profile. A request should specify that they are requesting a “Neoprint of used Id XXXXXX”. User Photoprint The Photoprint is a compilation of all photos uploaded by the user that have not been deleted, along with all photos uploaded by any user which have the requested user tagged in them. A request should specify that they are requesting a “Photoprint of user Id XXXXXX”. User Contact Info All user contact information input by the user and not subsequently deleted by the user is available, regardless of whether it is visible in their profile. This information may include the following: Name Birth date Contact e-mail address(s) Physical address City State Zip Phone Cell Work phone Screen name (usually for AOL Messenger/iChat) Website With the exception of contact e-mail and activated mobile numbers, Facebook validates none of this information. A request should specify that they are requesting "Contact information of user specified by [some other piece of contact information]". No historical data is retained. Group Contact Info Where a group is known, we will provide a list of users currently registered in a group. We will also provide a PDF of the current status of the group profile page. A request should specify that they are requesting "Contact information for group XXXXXX". No historical data is retained. IP Logs IP logs can be produced for a given user ID or IP address. A request should specify that they are requesting the "IP log of user Id XXXXXX" or "IP log of IP address xxx.xxx.xxx.xxx". The log contains the following information: * Script – script executed. For instance, a profile view of the URL http://www.facebook.com/profile.php?id=29445421 would populate script with "profile.php" * Scriptget – additional information passed to the script. In the above example, scriptget would contain "id=29445421" * Userid – The Facebook user id of the account active for the request * View time – date of execution in Pacific Time * IP – source IP address IP log data is generally retained for 90 days from present date. However, this data source is under active and major redevelopment and data may be retained for a longer or shorter period. Special Requests The Facebook Security Team may be able to retrieve specific information not addressed in the general categories above. Please contact Facebook if you have a specific investigative need prior to issuing a subpoena or warrant.

Comcast The Comcast document is labeled "Comcast Cable Law Enforcement Handbook," and is dated 2007, so there's a possibility that it, too, has been superseded. As with the other documents, it explains how law enforcement agenices can get information, and details what information is available. There's a great deal of detail in the 35-page document, which describes what Internet, phone, and television information will be turned over. For example, here's the IP information it will make available: Comcast currently maintains Internet Protocol address log files for a period of 180 days. If Comcast is asked to respond for information relating to an incident that occurred beyond this period, we will not have responsive information and can not fulfill a legal request. (Comcast can process and respond to preservation requests as outlined below in this Handbook.) As expected, Comcast will also turn over the emails, including attachments, of those who use Comcast's email service, but "In cases involving another entity’s email service or account, Comcast would not have any access to or ability to access customer email in response to a legal request." Information Comcast turns over to law enforcement agencies varies according to the request. For example, a grand jury subpoena will yield more information than a judicial summons, as you can see in the excerpt below. Comcast notes, though, that this is just a sample, and that "Each request is evaluated and reviewed on a case by case basis in light of any special procedural or legal requirements and applicable laws." So the examples "are for illustration only."

For those who worry about privacy, though, all of this information is small potatoes. The real worry is about the use of what are called pen registers or trap-and-trace devices, which essentially capture all of your Internet activity --- the Web sites you visits, the emails you send and receive, IM traffic, downloads, and so on. Here's what the document says about them: Pen Register / Trap and Trace Device Title 18 U.S.C. § 3123 provides a mechanism for authorizing and approving the installation and use of a pen register or a trap and trace device pursuant to court order. All orders must be coordinated prior to submission to Comcast. Law enforcement will be asked to agree to reimburse Comcast's reasonable costs incurred to purchase and/or install and monitor necessary equipment. See "Reimbursement," below.

The DMCA Chills Free Expression and Scientific Research. Experience with section 1201 demonstrates that it is being used to stifle free speech and scientific research. The lawsuit against 2600 magazine, threats against Princeton Professor Edward Felten's team of researchers, and prosecution of Russian programmer Dmitry Sklyarov have chilled the legitimate activities of journalists, publishers, scientists, students, programmers, and members of the public. The DMCA Jeopardizes Fair Use. By banning all acts of circumvention, and all technologies and tools that can be used for circumvention, the DMCA grants to copyright owners the power to unilaterally eliminate the public's fair use rights. Already, the movie industry's use of encryption on DVDs has curtailed consumers' ability to make legitimate, personal-use copies of movies they have purchased. The DMCA Impedes Competition and Innovation. Rather than focusing on pirates, some have wielded the DMCA to hinder legitimate competitors. For example, the DMCA has been used to block aftermarket competition in laser printer toner cartridges, garage door openers, and computer maintenance services. Similarly, Apple has used the DMCA to tie its iPhone and iPod devices to Apple's own software and services. The DMCA Interferes with Computer Intrusion Laws. Further, the DMCA has been misused as a general-purpose prohibition on computer network access, a task for which it was not designed and to which it is ill-suited. For example, a disgruntled employer used the DMCA against a former contractor for simply connecting to the company's computer system through a virtual private network ("VPN").

Statistical validation of results, as Shaffer described it, simply involves testing the null hypothesis: that the pattern you detect in your data occurs at random. If you can reject the null hypothesis—and science and medicine have settled on rejecting it when there's only a five percent or less chance that it occurred at random—then you accept that your actual finding is significant. The problem now is that we're rapidly expanding our ability to do tests. Various speakers pointed to data sources as diverse as gene expression chips and the Sloan Digital Sky Survey, which provide tens of thousands of individual data points to analyze. At the same time, the growth of computing power has meant that we can ask many questions of these large data sets at once, and each one of these tests increases the prospects than an error will occur in a study; as Shaffer put it, "every decision increases your error prospects." She pointed out that dividing data into subgroups, which can often identify susceptible subpopulations, is also a decision, and increases the chances of a spurious error. Smaller populations are also more prone to random associations. In the end, Young noted, by the time you reach 61 tests, there's a 95 percent chance that you'll get a significant result at random. And, let's face it—researchers want to see a significant result, so there's a strong, unintentional bias towards trying different tests until something pops out. Young went on to describe a study, published in JAMA, that was a multiple testing train wreck: exposures to 275 chemicals were considered, 32 health outcomes were tracked, and 10 demographic variables were used as controls. That was about 8,800 different tests, and as many as 9 million ways of looking at the data once the demographics were considered.