OUR mobile carriers know our locations: where our phones travel during working hours and leisure time, where they reside overnight when we sleep. Verizon Wireless even sells demographic profiles of customer groups — including ZIP codes for where they “live, work, shop and more” — to marketers. But when I called my wireless providers, Verizon and T-Mobile, last week in search of data on my comings and goings, call-center agents told me that their companies didn’t share customers’ own location logs with them without a subpoena. . . .
Why Can't We Access Our Own Data?
Today, many if not most people understand that we are under constant surveillance in one way or another, whether by a public surveillance camera or our own cell phones. What if you wanted to start collecting that data on yourself? From the New York Times:
Maine House Passes Law Requiring Warrants for Police to Track Cell Phones
One might think that the strict language of the Fourth Amendment on illegal search and seizure would mean that it would be unconstitutional for police to track anyone's cell phone without a warrant. But you would be wrong, as the Bill of Rights has been systematically undermined by the Democratic and Republican parties in the Congress. Some states are pushing back, however. A new bill Maine would require law enforcement agencies to obtain a warrant to track a person's cell phone. From Slate:
Lawmakers in Maine are putting themselves at the forefront of efforts to curb excessive surveillance by instituting new privacy safeguards. On Wednesday, the state House voted 113-28 in favor of legislation that would in all but exceptional cases prohibit law enforcement agencies from tracking cellphones without a warrant. If enacted, LD 415 would make Maine the first state in the country to require authorities to obtain a search warrant before tracking cellphones or other GPS-enabled devices. The law would also require that law enforcement agencies notify a person that she was tracked within three days, unless they can prove that secrecy is necessary, in which case a delay can be granted for up to 180 days. LD 415 would additionally require the publication of an annual report online detailing the number of times location data were sought by law enforcement agencies.
Federal Government Continues Push to Disembowel the Fourth Amendment
The Department of Justice, the FBI and federal judges are continuing their push to disembowel the Fourth Amendment, submitting the United States Constitution to death by a thousand cuts. In secret hearings, federal officials are arguing to federal judges that the Constitution simply does not apply to them, and these judges agree. Of course, the legislature does not object, since the Democratic and Republican parties are strong proponents of the national security police state and surveillance society, and the bulk of the public simply don't care. From CNET:
CNET has learned that U.S. District Judge Susan Illston in San Francisco rejected Google's request to modify or throw out 19 so-called National Security Letters, a warrantless electronic data-gathering technique used by the FBI that does not need a judge's approval. Her ruling came after a pair of top FBI officials, including an assistant director, submitted classified affidavits.
The litigation taking place behind closed doors in Illston's courtroom -- a closed-to-the-public hearing was held on May 10 -- could set new ground rules curbing the FBI's warrantless access to information that Internet and other companies hold on behalf of their users. The FBI issued 192,499 of the demands from 2003 to 2006, and 97 percent of NSLs include a mandatory gag order.
FBI Internet Surveillance Plan Will Aid Totalitarian Governments and Criminal Networks Wordwide
From Foreign Policy:
The FBI wants a new law that will make it easier to wiretap the Internet. Although its claim is that the new law will only maintain the status quo, it's really much worse than that. This law will result in less-secure Internet products and create a foreign industry in more-secure alternatives. It will impose costly burdens on affected companies. It will assist totalitarian governments in spying on their own citizens. And it won't do much to hinder actual criminals and terrorists.Read the whole article for an interesting history of this issue over the last 30 years.
Texas Set to Enact New Bill Protecting Email from Government Snooping
From Ars Technica:
Assuming that Texas Governor Rick Perry does not veto it, the Lone Star State appears set to enact the nation’s strongest e-mail privacy bill. The proposed legislation requires state law enforcement agencies to get a warrant for all e-mails regardless of the age of the e-mail.On Tuesday, the Texas bill (HB 2268) was sent to Gov. Perry’s desk, and he has until June 16, 2013 to sign it or veto it. If he does neither, it will pass automatically and take effect on September 1, 2013. The bill would give Texans more privacy over their inbox to shield against state-level snooping, but the bill would not protect against federal investigations. The bill passed both houses of the state legislature earlier this year without a single "nay" vote.
Despite the Texas law, all Americans remain vulnerable to email snooping attacks from the federal government.
Australian Govt Drops Microsoft Office Standard, Opts for ODF
The Delimiter reports:
In a move which appears to reverse its previous approach based on Microsoft’s file formats, the Australian Government’s central IT decision-making agency appears to have decided that it will standardise its office documents on the Open Document Format going forward. . . .ODF is an Open Document Format, originally developed by Sun Microsystems for the Open Office suite of programs.
Sheridan added: “Support for ODF is available from a wide range of office productivity suites across a variety of operating system platforms, in both open-source and proprietary implementations, allowing agencies a great deal of flexibility in selecting a product which conforms to the COE Policy standard. Standardising on a format supported by a wide range of office suites provides for the greatest possible degree of interoperability without mandating the use of a specific product, as well as providing the best basis for reliable interchange of information between agencies deploying differing office productivity suites.”
How Does a Password Hack Work?
A fairly well-detailed article at Ars Technica on the "Anatomy of a Hack" shows how hackers go about the process of cracking supposedly secure passwords.
In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.The strength and speed of this attack is not surprising however, since the passwords were encrypted with the MD5 algorithm, which is widely considered to be cryptographically broken. The first flaws were found in the algorithm in the 1990's, and many more followed over the course of the last ten years. So the question is: are a lot of websites still using broken encryption schemes? And if so, how many? And which ones?
Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results . . . Even the least successful cracker of our trio—who used the least amount of hardware, devoted only one hour, used a tiny word list, and conducted an interview throughout the process—was able to decipher 62 percent of the passwords. Our top cracker snagged 90 percent of them.
Subscribe to:
Posts (Atom)