CISPA Passed in the House

With a bipartisan vote of 248 - 168, the Cyber-Intelligence Sharing and Protection act has passed in the House.  The bill was scheduled to be voted on tomorrow, but after a few changes were made to limit the way government can use the information, the House moved to approve the bill.

From the USA Today article:

"This is the last bastion of things we need to do to protect this country," Republican Rep. Mike Rogers, chairman of the House Intelligence Committee, said after more than five hours of debate. 

More than 10 years after the Sept. 11, 2001, terror attacks, proponents cast the bill as an initial step to deal with an evolving threat of the Internet age. The information sharing would be voluntary to avoid imposing new regulations on businesses, an imperative for Republicans.

4/26 Week in Review

Policy and Law

CISPA Veto threat from Obama

The Obama administration has threatened to veto the Cyber-Intelligence Sharing and Protection Act because it does not do enough to protect the privacy of American citizens.

California GPS warrant bill

The California Senate has passed SB 1434 out of committee, so it may come to a floor vote in the near future. The bill was originally designed to require a search warrant to obtain GPS information about cell phone subscribers. The version that was passed eliminated the reporting component, which would have required cell companies to report the number and nature of GPS requests they responded to. Without this requirement the policy will have no teeth because there is no way to know how many GPS requests have been made and how many of those were accompanied by a warrant.

Megaupload may not go to Trial

International law and US copyright law meet, and confuse everyone involved. MegaUpload was one of the largest file sharing services on the web, accounting for 4% of overall web traffic (according to them) and encouraging copyright violation (according to US attorneys). A US judge says the MegaUpload case may never go to trial because criminal charges have not been filed in the US. Defense attorneys say criminal charges can't be filed in a copyright case involving someone located physically outside of the US. We'll see what happens with this one.

War and Info War

Obama Approves CIA Drone Strikes 

The Obama administration has expanded the CIA's ability to take out suspected terrorists without first verifying their identities. The CIA has been able to do this in Pakistan, and can now conduct such strikes in Yemen. Targets will be selected based on human and signals intelligence. 

Reporters and Information Warfare

Tom VandenBrook and his editor were investigating the "Pentagon Propaganda Contractors"  when they became the target of information warfare techniques - Facebook accounts, websites and blogs were created using their identities and someone continues to post information trying to undermine their credibility.

Surveillance and Privacy

TSA to match boarding passes to id

This seems like a security precaution that should have been enforced 11 years ago - match the boarding pass name to the name on the photo id. Definitely not foolproof, but better than millions of dollars on scanners that don't work.

NSA has all of your email

A thirty year veteran of the NSA says the new massive data center they are building is an indication of how much domestic spying is taking place - more, according to William Binney - under President Obama than under W.

Researcher collects 4 years worth of teen phone data

A UT Dallas researcher uses an NIH grant to provide Blackberries to junior high kids, and tracks every data transaction for four years.

Obama Approves CIA Drone "Signature Strikes"

President Obama has granted the CIA the ability to use drones to kill suspected terrorists in Yemen even when their identity isn't known. From the Washington Post article:

The expanded authority will allow the CIA and JSOC to fire on targets based solely on their intelligence “signatures” — patterns of behavior that are detected through signals intercepts, human sources and aerial surveillance, and that indicate the presence of an important operative or a plot against U.S. interests. 

Until now, the administration had allowed strikes only against known terrorist leaders who appear on secret CIA and JSOC target lists and whose location can be confirmed.

Nine strikes have been conducted in four months, more than all of last year. A strike using the new authority has been conducted this week. The authority to kill before confirming identity has already been granted in Pakistan operations.

image: dronewarsuk.wordpress.com

Obama Threatens CISPA With Veto

According to CNet, The Office of Management and Budget has said the Cyber Intelligence Sharing and Protection Act:

The American people expect their Government to enhance security without undermining their privacy and civil liberties. Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections. The Administration's draft legislation, submitted last May, provided for information sharing with clear privacy protections and strong oversight by the independent Privacy and Civil Liberties Oversight Board.

image: www.digitaltrends.com

Ancestry.com Acquires Archives.com for $100 Million

Genealogy site Ancestry.com has acquired Archives.com - also a site that helps users research genealogy - for $100 Million. From the TechCrunch article:

Similar to Ancestry.com, Archives.com focuses on helping its users discover their family history. The service’s archive of 2.1 billion historical records includes photos, newspapers and vital records. Just recently, Archives.com made news when it partnered with the U.S. National Archives to make the complete 1940 U.S. census available online. The service currently has about 380,000 paying subscribers who pay $39.95 a year for access to the site.

Facebook Focusing on Anti-Virus

Facebook is teaming up with some of the top names in anti-virus to both improve its "blacklist" - the list of untrusted web sites that it blocks - and to start offering "free" (for 6 months) anti-virus from these companies. From the TechCrunch Article:

It is partnering with Microsoft, McAfee, TrendMicro, Sophos, and Norton/Symantec to enhance its own URL blacklisting system; and it is launching a new service, the Antivirus Marketplace, with these five companies, to offer a selection of antivirus software to protect users even further. That software will be free of charge for the first six months of use.

Samsung TV's Are Hackable

What might seem like an obvious consequence to some; TV's and devices connected to wireless networks are hackable. An Italian researcher has found that he can send a Samsung TV into an endless restart loop by sending a string via wifi using the same protocol that allows the television to recognize new remote controls. From the ThreatPost article:

Italian security researcher Luigi Auriemma was trying to play a trick on his brother when he accidentally discovered two vulnerabilities in all current versions of Samsung TVs and Blu-Ray systems that could allow an attacker to gain remote access to those devices. 

Auriemma claims that the vulnerabilities will affect all Samsung devices with support for remote controllers, and that the vulnerable protocol is on both TVs and Blu-Ray enabled devices.

California GPS Warrant Bill Has Reporting Requirement Stripped

California Senators have decided to vote SB 1434 out of committee, but not before removing the requirement that Cellphone providers report how often they reveal customer location information and for what purpose. From the San Francisco Chronicle Article:

The wireless industry vehemently opposes the “California Location Privacy Bill,” particularly the reporting requirements. 

“These reporting mandates would unduly burden wireless providers and their employees – who are working day and night to assist law enforcement to ensure the public’s safety and to save lives,” the CTIA wireless trade group said in a letter to Leno.

image: surveillanceandcivicaction.pbworks.com

20% of Macs Have Viruses - for PCs

Anti-virus firm Sophos has conducted a research study where they followed 100,000 Macs over a seven day period. Sophos researchers discovered that 20% of these Macs carried viruses that did not infect the host machine, but were ready to infect PC users. From the TechWeekEurope article:

...while the spread of malware to and from Macs is no different than that for Windows computers, a lack of anti-virus implementation means that it sticks around for longer. Some samples collected by Sophos found malware dating back to 2007. 

“Sadly, cybercriminals view Macs as a soft target, because their owners are less likely to be running anti-virus software,” he wrote. “Bad guys may also believe that Mac users are likely to have a higher level of disposable income than the typical Windows user. So, they might believe the potential for return is much higher.”

image: www.businessinsurance.org

Anonymous Builds a Site To Post Information - Anonymously

According to an Ars Technica article, Anonymous has built a site similar to paste bin, with the exception that posts made to the site are encrypted to the server and unmoderated. An encrypted site that would allow authors to set an expiration date for their posts would offer a greater sense of anonymity and freedom from prosecution. From the article:

Hacker group Anonymous and the People's Liberation Front have created a data-sharing site calledAnonPaste, meant to host pastes of code and other messages without any moderation or censorship of the information posted. The new site, which uses a free .tk web address, allows users to set a time for the paste to expire. It claims that data is encrypted and decrypted in the browser using 256 bit AES, so the server doesn't see any of the information included in the paste.The site says it's taking donations in the form of WePay or BitCoins. 

The two groups launched AnonPaste as an alternative to the popular code-sharing site Pastebin, which has struggled to deal with its growing reputation as the popular hangout for malicious code or stolen data. Recently Pastebin has seen a huge growth in traffic, but it's also faced increasing DDOS attacks—one in February used over 20,000 unique IP addresses alone.

TSA to Match Boarding Passes to Photo ID

The TSA has announced that it will begin a pilot program to match your photo id with your boarding pass to ensure that the persona carrying the pass is the person identified in the photo id. From the Information Week article:

The Transportation Security Administration (TSA) has begun testing a new system that verifies an air traveler's identity by matching photo IDs to boarding passes and ensures that boarding passes are authentic. 

The Credential Authentication Technology/Boarding Pass Scanning System (CAT/BPSS) is being tested at Washington's Dulles International Airport, and the pilot program will be expanded to Houston's George Bush Intercontinental and Luis Munoz Marin International Airport in Puerto Rico within the next few weeks.

Seems like we should have tried this step before the invasive body scans.

image: www.katu.com

Reporters Subjected to Information Warfare

According to US News, a reporter and editor were subjected to information warfare tactics when fake Facebook accounts, websites, and wikipedia entries were created in their names. The pair are investigating a story on the use of information warfare - especially the "Pentagon propaganda contractors". It is unclear who is behind the attacks. From the article:

For example, Internet domain registries show the website TomVandenBrook.com was created Jan. 7 — just days after Pentagon reporter Tom Vanden Brook first contacted Pentagon contractors involved in the program. Two weeks after his editor Ray Locker's byline appeared on a story, someone created a similar site, RayLocker.com, through the same company.

If the websites were created using federal funds, it could violate federal law prohibiting the production of propaganda for domestic consumption.

Iran Copies U.S. Drone

Iran has announced that they have broken the software encryption of the downed U.S. drone and they are starting to make their own version of the drone. From Reuters:

Iran said the unmanned aircraft was shot down, but Washington disputes that and says the security systems mean Iran is unlikely to get valuable information from the Lockheed Martin Corp drone.
"The Americans should be aware to what extent we have infiltrated the plane," Fars news agency quoted Hajizadeh as saying. "Our experts have full understanding of its components and program."

U.S. officials have expressed doubt as to whether Iran has actually been able to make as much progress as they claim.

image: abcnews.go.com/

MegaUpload Copyright Case May Not Go To Trial

The U.S. judge in the MegaUpload case says the case may never go to trial because criminal charges haven't been filed in the U.S., according to the New Zealand Herald:

He said further study needed to be made of the failure to serve Megaupload, adding; "I frankly don't know that we are ever going to have a trial in this matter." 

He said the arguments around the future of the data on the 1100 computers servers seized from Megaupload could be "premature". He wanted more information on why Megaupload had not been served.

This story illustrates how complicated international copyright law can be - Kim Dotcom's attorneys say he can't be criminally charged  in the U.S. because he is in New Zealand, that he can only face civil charges. Meanwhile, thousands of subscribers still don't have access to their files, some of which are legal files.

NSA Has All of Your Email

A whistleblower from the National Security Agency (NSA), William Binney, believes the NSA holds copies of all email sent and received by U.S. citizens, and that domestic spying has increased under President Obama. The embedded video below is from Democracy Now:

Researcher Collects 4 Years Worth of Teen Mobile Communications

A University of Texas at Dallas researcher has used an NIH grant to provide Blackberries to 281 third and fourth graders and tracked every message that came in and out of those devices for four years, half a million messages each month. From the Forbes article:

The kids are now high school seniors; the capture of their digital communications over the past four years provides an intimate look at their private lives. There have been countless studies about how kids use technology, but this detailed collection is the first of its kind. 

Previous studies have involved looking at teens’ social networking pages, blogs, and chat rooms — all publicly available. “No previous published research has provided adolescents with cell phones or smart phones and recorded the content of their electronic communication,” write the researchers in a recent paper. “The only previous study that measured the content of text messaging required college students to write down all text messages for a 24-hr period in a diary.”

image: en.wikipedia.org/wiki/BlackBerry

Black Boxes May Be Required In All Cars

According to InfoWars.com, the senate has passed a bill that would require black boxes on all new cars by 2015. From the article:

Section 31406 of Senate Bill 1813 (known as MAP-21), calls for “Mandatory Event Data Recorders” to be installed in all new automobiles and legislates for civil penalties to be imposed against individuals for failing to do so.

Although the text of legislation states that such data would remain the property of the owner of the vehicle, the government would have the power to access it in a number of circumstances, including by court order, if the owner consents to make it available, and pursuant to an investigation or inspection conducted by the Secretary of Transportation.

image: www.streetsblog.org

April 19 Week in Review

Policy(ish)

1. CIA asks Obama administration for the authority to use Drones to Kill terror suspects in Yemen before their identities have been confirmed
2. Google Street view debacle, in order: 
1. $25k fine for refusing to cooperate
2. FCC decides they are not violating wiretap act, 
3. EPIC calls for new investigation
3. Nicholas Merril, a local Internet Service Provider spends years fighting the PATRIOT Act, is starting a new ISP with Privacy baked in

Crime and Consequence

1. Feds shut down “the Farmers Market” – similar to Silk Road, uses TOR to anonymize users. Not well enough, apparently!
2. Ohio Man Arrested for attack on police web site – accused of being part of Anonymous. Defend yourself against that accusation.
3. What to do with MegaUpload servers, and all of the legitimate, non-infringing content. This story shows how copyright enforcement has potential as a denial of service technique.

Corporate Warfare

1. Berners-Lee says users should demand your data back - free your own info from Facebook (etc) and watch innovation take off.
2. Sergey Brin – Facebook, Apple = Evil
3. Aereo DVR startup grabs broadcast tv airwaves (which are "free") and allows you to record shows and watch them later. Sued by broadcasters for intellectual property infringement.
4. The Pebble - watch connects with mobile phones to display apps on your wrist. Raises millions on Kickstarter, we'll see if lawsuits or API changes follow.

CIA "Signature Strikes" - Using Drones to Kill Unidentified Suspects

The CIA has asked the Obama Administration for the authority to conduct "signature strikes" - drone strikes that target suspected terrorists based on behavior patterns and known associations, not verified identity. From the Washington Post article:

Securing permission to use these “signature strikes” would allow the agency to hit targets based solely on intelligence indicating patterns of suspicious behavior, such as imagery showing militants gathering at known al-Qaeda compounds or unloading explosives...

Last year, a U.S. drone strike inadvertently killed the American son of al-Qaeda leader Anwar al-Awlaki. The teenager had never been accused of terrorist activity and was killed in a strike aimed at other militants.

Stop Cyber Spying Week

The Electronic Frontier Foundation has joined OpenMedia.ca, CIPPIC and a number of other civil society organizations to protest CISPA and other impending cyber security legislation. The EFF web site lists some steps you can take to protest CISPA, and some good analysis of the policy and related efforts, but I would suggest reading the legislation first and really understanding what these politicians and corporations are trying to accomplish. It's interesting to me that the only site I came across with the link right to the actual legislation is the "Your Anon News" site.

Here's the link: The Cyber Intelligence Sharing and Protection Act (H.R. 3523): http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3523:

image: youranonnews.tumblr.com

Tools to Help You Discover Key Search Terms

Search Engine Watch has a great resource - a list of tools to help you discover key search terms people are using with Google, Twitter, Yahoo, etc. From the article:

Billions of searches are conducted each day on popular search engines and social networking websites by people all around the world. What are they looking for? A number of major search engines provide a way to glimpse into the web's query stream to discover the most popular search trends, keywords, and topics.

Berners-Lee Says: Demand Your Data Back

Tim Berners-Lee says we should demand our data back from major companies like Google, Facebook, and Twitter. The idea is if we think of this data as ours, not the property of these various companies, we can start to standardize those data and really build some personalized apps. From The Guardian article:

Exploiting such data could provide hugely useful services to individuals, he said, but only if their computers had access to personal data held about them by web companies. "One of the issues of social networkingsilos is that they have the data and I don't … There are no programmes that I can run on my computer which allow me to use all the data in each of the social networking systems that I use plus all the data in my calendar plus in my running map site, plus the data in my little fitness gadget and so on to really provide an excellent support to me."

image: datanamics.wordpress.com

Feds Shut Down Online Narcotics Ring Using Tor

A site called "The Farmers Market" used Tor to anonymize customers IP addresses when they purchased LSD, Hash, and other illicit drugs. After a two year investigation, federal authorities have shut down the site. This doesn't bode well for the Silk Road, the illegal version of ebay which also uses Tor. From the ArsTechnica article:

"The Farmer's Market," as the online store was called, was like an Amazon for consumers of controlled substances, according to a 66-page indictment unsealed on Monday. It offered online forums, Web-based order forms, customer service, and at least four methods of payment, including PayPal and Western Union. From January 2007 to October 2009, it processed some 5,256 orders valued at $1.04 million. The site catered to about 3,000 customers in 35 countries, including the United States.

image: www.digitaltrends.com

SmartWatch Smashes Funding Records on Kickstarter

Forbes has a post on the amazing amount of money Pebble has raised on Kickstarter - over $3 million in four days. The article points out that this money is based on future sales, so the startup team retains all of the equity in their business. This same funding strategy should be applied to a whole range of markets, especially movies and music. What will be really interesting with this particular device is to see Apple's reaction, especially in the context of Sergey Brin's (and Tim Wu - author of The Master Switch) accusation that Apple has teamed up with Entertainment and Networking monopolies to try and control the ecosystem, threatening freedom on the Internet.

From the Forbes article on Pebble:

All of this comes as somewhat of a surprise for Kickstarter, a three-year-old startup itself, that has been at the forefront of the crowdfunding movement. As Amanda Peyton writes on her slash blog, “I guess the big lesson here is that you can have a secret plan to disrupt one market (how creativity is funded) and end up making an arguably even larger splash in another one (consumer electronics r&d, marketing, sales, business models, etc.) Was this part of Kickstarter’s plan all along? Obviously there’s no way to tell, but my guess is probably not.” And, indeed, it is Kickstarter’s disruptive effects in the categories of product design, games and filmmaking, more so than on other creative endeavors, that are the most startling.

EPIC Calls for New Google Privacy Investigation

The Electronic Privacy Information Center (EPIC) has called on the FCC to initiate a new investigation of Google after the FCC's announcement that Google's collection of unencrypted data did not violate wiretap laws, while simultaneously charging Google $25,000 for hampering the investigation. From the LA Times article:

"By the agency's own admission, the investigation conducted was inadequate and did not address the applicability of federal wiretapping law to Google's interception of emails, user names, passwords, browsing histories and other personal information," EPIC's Executive Director Marc Rotenberg wrote in the letter. "Given the inadequacy of the FCC's investigation and the law enforcement responsibilities of the attorney general, EPIC urges you to investigate Google's collection of personal Wi-Fi data from residential networks."

Google Drive Launches Next Week - 5 GB of Cloud Storage Free

The Next Web has an article outlining Google's planned offering for next week - Google Drive. Supposedly the launch will include 5 gb of free storage in the new cloud service. From the TNW article:

Sometimes we get lucky, and today is one of those days. I got a draft release from a partner of Google’s upcoming Google Drive service and it gives away a wealth of information about how Google plans to take on the incumbent Dropbox. The short story? 5 GB of storage, and it launches next week, likely on Tuesday athttp://drive.google.com

Ohio Man Arrested in Cyber Attack on Police Web Site

CNet has an article on a man that was recently arrested for attacks on a number of police web sites, one such attack took out the Salt Lake City Police web site for three months. From the article:

John Anthony Borell III, of Toledo, Ohio, has been charged with two counts of felony computer intrusion and is scheduled to appear in U.S. District Court today. 

He is accused of bringing down two police Web sites in late January, causing thousands of dollars in damage, according to court documents.

Supposedly Borell is a member of Anonymous - whether this allegation is based on his own claims or those of law enforcement remains to be seen. This raises another interesting question about Anonymous; what if you are accused of being part of the group, how is that proven or disproven unless you admit to it? The other interesting question comes from the fact that Anonymous is decentralized - how do we know if a planned action is truly an Anonymous attack?

Teen Arrested for Denial of Service Attack on Terrorism Hotline

A UK Teen used a script to bombard the anti-terrorism hotline with phone calls for 24 hours, and posted a video of himself crank-calling the hotline - supposedly in protest of the extradition of UK citizens to the U.S. From the ComputerWorld article:

A group called itself TeaMp0isoN posted on YouTube a recording of a prank phone made to the Anti-Terrorist Hotline, staffed by police in order to take tips from the public on potential terrorist-related activity. Police said no confidential communications systems were breached, and that the call appeared to have just been recorded on the receiving end.

What To Do With MegaUploads Servers?

A U.S. Judge said lawyers for MegaUpload, the Justice Department and the server hosting company need to work out an agreement as to who will maintain the 1,100 servers the company has put up. The DOJ says allowing the company to continue to host the servers is like allowing the thief to keep the money, since some of the material on the servers infringes on copyright. On the other hand, of the 150 million subscribers, some of the posted material is legitimate and should be returned to the owners. From the ComputerWorld Article:

The EFF's Samuels suggested the DOJ may be the appropriate steward of the servers and the data. With the DOJ seizing more and more websites for copyright infringement, the agency needs to put plans in place to deal with the owners of legitimate data on those sites, she said.

Los Alamos Labs Conduct Cyber Defense Exercise

A simulated attack on the Los Alamos National Labs brought together 100 participants from various agencies to try and defend the labs in real time as threats unfolded and new information was shared. This type of activity is fantastic both for team building and testing procedures under pressure. From the InfoSecurity magazine article:

Describing the results of the exercise, Harper said: "We’ve had a trial by fire and it’s toughened our teams. Now we can strengthen and optimize our joint defenses to ensure we’re a national resource ready to develop responses and templates to assist government and industry."

FCC Says Google Did Not Wiretap

The FCC has agreed that Google did not violate federal wiretap laws when it downloaded "payload" data as it roamed the country taking photos for Google street view. The FCC did fine Google $25,000 for hindering the investigation when the lead Google engineer declined to testify under the fifth amendment. From the wired news article:

The commission concluded Friday, in an order unveiled Monday, that no wiretapping laws were violated when the search giant’s Street View mapping cars eavesdropped on open Wi-Fi networks across America. The FCC said that, between 2008 and 2010, “Google’s Street View cars collected names, addresses, telephone numbers, URL’s, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States.”

Broadcasters Sue Startup DVR for Live Broadcast

Wired News reports that startup Aereo is being sued by broadcasters including: ABC, CBS, Fox, NBC and Univision. The complaint brought against Aereo alleges copyright infringement against the broadcasters. Aereo takes live tv that can be received by antennae, records it in the cloud and makes it available on a variety of devices, including the iPad. From the article:

“Unless restrained by this court, Aereo’s unlawful conduct causes plaintiffs to lose control over the dissemination of their copyrighted programming, disrupts their relationships with licensed distributors and viewers and usurps their right to decide how and on what terms to make available and license content over new internet distribution media. That constitutes irreparable harm and Aereo’s service should be enjoined,” Bruce Keller, their lawyer, wrote the federal judge presiding over the litigation.

As Wired points out, this has been done before. In 1984 Hollywood argued that the VCR would kill the movie industry, just as AT&T argued allowing other companies to create telephone handsets would destroy the network, and numerous other examples.

image: www.digitaltrends.com

Google Fined $25k by FCC for StreetView Data Collection

The Google engineer in charge of the street view project has plead the fifth under questioning by the FCC, leaving the FCC report on the Google Streetview data collection charges unfinished. The New York Times reports that the FCC will fine Google $25,000 for obstructing the investigation into why and how it collected "payload data" - the unencrypted wireless information the street view car "accidentally" collected. From the article:

Google said Sunday that it disagreed with the F.C.C.’s characterization of its lack of cooperation, but that its collection of what is called payload data — Internet communications, including texts and e-mails — was legal, if regrettable. “It was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal,” a spokeswoman said.

image: www.fastcompany.com/

Sergey Brin Calls Facebook, Apple Threats to Internet

In an interview with The Guardian, Sergey Brin calls anti-piracy legislation, Facebook, Apple, and governments that try to censor their citizens the biggest threats to Internet freedom. Oppressive regimes are obvious threats, but some may wonder why Apple and Facebook are on that list. Brin points to the walled garden approach that both companies employ, trying to keep subscribers plugged into the Apple and Facebook application through agreements with third party app and service providers. From the article:

Brin said he and co-founder Larry Page would not have been able to create Google if the internet was dominated by Facebook. "You have to play by their rules, which are really restrictive," he said. "The kind of environment that we developed Google in, the reason that we were able to develop a search engine, is the web was so open. Once you get too many rules, that will stifle innovation."

A New ISP Hopes to Provide Cheap Service With Privacy Baked In

After 6 years of legal challenges, Nicholas Merrill is finally able to talk about the secret surveillance request he received from the FBI asking him to reveal personal information of subscribers to his Internet Service. His response to the initial request in 2006 was to ask the ACLU for help, even though he could face jail time just for asking. Now he is setting out to raise funds for an ISP that would include privacy protecting technology including encrypted end to end traffic and limited logging, at a reasonable price. From the CNet article:

Merrill, 39, who previously ran a New York-based Internet provider, told CNET that he's raising funds to launch a national "non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption" that will sell mobile phone service and, for as little as $20 a month, Internet connectivity. 

The ISP would not merely employ every technological means at its disposal, including encryption and limited logging, to protect its customers. It would also -- and in practice this is likely more important -- challenge government surveillance demands of dubious legality or constitutionality.

image: www.bgr.com

Maryland: Employers Not Allowed to Ask for Facebook Passwords

Maryland has become the first state to ban employers from asking employees for Facebook passwords, according to the Hill's Technology Blog. Requesting an employees Facebook password has been legal until now. From the post:

The bill has its genesis in a controversy that began when Maryland Corrections Officer Robert Collins returned to work following a leave of absence taken after the death of his mother. While completing a re-certification process needed to return to duty, Collins was asked for his personal Facebook password, ostensibly to check for known gang activity. He refused, and obtained the assistance of the Maryland chapter of the American Civil Liberties Union, which quickly filed a lawsuit, bringing the case onto the national stage.

April 12 Week in Review

Policy 

We have a new Arizona law, a new policy called CISPA that some are saying will be worse than SOPA, and Steve Wozniak says patent law suits threaten innovation.

1. A new Arizona Law will make it illegal to: terrify, intimidate, threaten, harass, annoy or offend, to use ANY ELECTRONIC OR DIGITAL DEVICE and use any obscene, lewd or profane language or suggest any lewd or lascivious act, or threaten to inflict physical harm to the person or property of any person. 
2. RT has a post about a new policy, called the Cyber Intelligence Sharing and Protection Act, or CISPA. CISPA will allow for information sharing about cyber attacks, but is vaguely written and may open the door for censorship because corporations and government will be closely teamed, sharing 'secret' information with one another.
3. The Australian Financial Review has an interview with Steve Wozniak, Apple's cofounder, in which Steve raises concerns about the patent wars: “Companies like Apple, Facebook, Twitter and Yahoo! all started by new thinkers with new ideas. Now, with this big patent situation, there are certain categories that are heavily blocked off because the big companies make sure they own it all.”

Chinese companies willingly censor while Iran builds a censorship infrastructure:

1. Reporters Without Borders says the system will include a new search engine, email, and will discriminate based on identity. 
2. The Next Web reports that China's top web firms commit to better future "management of their platforms" after last week's rumors of revolution led the government to require them to turn off the comment function of the micro-blogging sites. From the article: In comments that appeared on a state television broadcast last night, each of the firms — which run a range of services including search, gaming, microblogs and more — have pledged to “firmly support and cooperate with relevant government departments in cracking down and probing web rumors".

And Lastly, drones catch pirates by laser:

The Fire Scout drones would bounce millions of laser pulses off distant objects to create a 3D "radar" image of any boats on the high seas — a technology known as LIDAR or LADAR — so that their new software could automatically compare the 3D images to pirate boat profiles on record. A first test is scheduled to take place with seven small boats off the California coast this summer. 

"The automatic target recognition software gives Fire Scout the ability to distinguish target boats in congested coastal waters using LADAR, and it sends that information to human operators, who can then analyze those vessels in a 3D picture," said Ken Heeke, program officer in the Office of Naval Research's Naval Air Warfare and Weapons Department.

Wireless Attacks on Insulin Pumps

Mcafee has confirmed that hackers can attack pace makers remotely, threatening patients lives, according to Tech Week Europe. From the article:

Implants such as pacemakers and insulin pumps, sit within patients and keep them alive. They are increasingly being given radio communications so they can be remotely controlled and updated, minimising the number of times they need to be accessed through surgery, and allowing information to be sent and received. 

Researchers from McAfee have shown they can take control of insulin pumps implanted inside diabetes patients, while scientists at the University of Massachussetts have shown they can use radio attacks to turn off defibrillators inside heart patients. 

The problem is that the security on the radio link is breakable, and the implants’ operation can be remotely over-ridden.

As remotely connected technology is included in our electric meters, cars, and glasses, we will see more vulnerabilities that can threaten our daily lives.

image: www.wired.com

China's Top Internet Firms Agree to Censor

The Next Web reports that China's top web firms commit to better future "management of their platforms" after last week's rumors of revolution led the government to require them to turn off the comment function of the micro-blogging sites. From the article:

In comments that appeared on a state television broadcast last night, each of the firms — which run a range of services including search, gaming, microblogs and more — have pledged to “firmly support and cooperate with relevant government departments in cracking down and probing web rumours.” 

Furthermore, Tencent’s chief administration officer Chen Yidan is reported to have admitted that the company, and other online services, “must shoulder social responsibility, strengthen supervision of harmful information and adopt effective measures.”

Iran Creating A "Clean" Internet

Ars Technica has an article on Iran's plans to build a country-wide intranet to protect its citizens from the evils of the Internet. From the article:

Reporters Without Borders drew attention to Iran’s national Internet plan when it was first proposed in 2011. The organization says that the system "consists of an Intranet designed ultimately to replace the international Internet and to discriminate between ordinary citizens and the 'elite' (banks, ministries and big companies), which will continue to have access to the international Internet." 

In addition to developing its own Intranet system, Reporters Without Borders says that the Iranian government is also creating its own custom electronic mail service and a national search engine called Ya Haq (Oh Just One) that is intended to replace Google. In order to obtain an account on the state-approved mail service, users will have to register their identity with the government.

While unfortunate, this will be a great opportunity to watch how a nation-state develops a censorship program. The use of identity and discrimination between the "elites" and everyone else are two interesting first steps.

image: www.2oceansvibe.com

Apple's Steve Wozniak Fears Patent Wars Reduce Innovation

The Australian Financial Review has an interview with Steve Wozniak, Apple's cofounder, in which Steve raises concerns about the patent wars:

“Companies like Apple, Facebook, Twitter and Yahoo! all started by new thinkers with new ideas. Now, with this big patent situation, there are certain categories that are heavily blocked off because the big companies make sure they own it all.”

I'm finishing up Tim Wu's The Master Switch with my Internet and Public Policy class, and this book is definitely worth the read. Wu covers the history of innovation in the US, including the film, radio, telephone, and television industries, and ends discussing whether the Internet will fall victim to the type of closed system described by Wozniak above.

Open Access Publisher Sued Over Copyright Violation

The Chronicle reports that 3 major publishers are suing an open access text book publisher for copyright violation. The startup - Boundless Learning - claims to aggregate open education resources to provide a free alternative to expensive textbooks. Much like music and movies, technology is challenging the economics of scholarship. Unlike music and movies, I think there is a better chance of coming up with a rational business model that allows scholars to be compensated for their work without charging $85 and up for textbooks. Scholars are much more likely to agree to change from traditional distribution to digital, changing the middle man (person) from traditional publishers to electronic outlets. From the article:

A group of three large academic publishers has sued the start-up Boundless Learning in federal court, alleging that the young company, which produces open-education alternatives to printed textbooks, has stolen the creative expression of their authors and editors, violating their intellectual-property rights. The publishers Pearson, Cengage Learning, and Macmillan Higher Education filed their joint complaint last month in the U.S. District Court for the Southern District of New York. 

The publishers’ complaint takes issue with the way the upstart produces its open-education textbooks, which Boundless bills as free substitutes for expensive printed material. To gain access to the digital alternatives, students select the traditional books assigned in their classes, and Boundless pulls content from an array of open-education sources to knit together a text that the company claims is as good as the designated book. The company calls this mapping of printed book to open material “alignment”—a tactic the complaint said creates a finished product that violates the publishers’ copyrights.

image: pandodaily.com

Mercedes Remotely Upgrades Car Software

The Txnologist has a report on the new method Mercedes is using to upgrade it's CU - Car Operating System. The software can now be remotely upgraded; no need for a USB stick or to bring it into the dealer. All of the usual privacy and surveillance questions come to mind - the ones that started with the Internet, have moved on to include mobile and the GPS issues of location privacy, will now be compounded in the automobile. Where you are at any point in time, how long it takes to get from A to B, who is with you in the car, what music you listen to, what apps you and your passengers use, etc.

From the article:

This new system upgrades on the fly, he said, the first such in-car application to do so. “It’s seamless to the customer,” Link said. “I have a friend who was excited about his system upgrade, which required him to plug in his stick and leave his car running for 45 minutes. Who wants to do that? In a process called ‘reflashing,’ the Mercedes system can turn on the car operating system (CU), download the new application, then cut itself off. It doesn’t require you to do anything at all.”

The implications of this go far beyond transparent upgrade of your streaming music system. Consider that the average car has 70 to 100 electronic control units (ECUs) and even econoboxes have lines of code in the tens of millions — the Mercedes S-Class has more than 20 million. According to Link, software-related recalls are a big problem for carmakers, costing $75 to $95 per car. Not only is it expensive, but it’s a hassle for drivers—nobody likes bringing their car to the shop.

image: http://reviews.cnet.com/2300-31347_7-10007345-7.html

FBI: Hacking Attacks on Smart Meters Will Spread

Krebs on Security has obtained a report from the FBI that details some of the hacking attacks on smart-meters over the last few years, claiming attacks have cost utility companies millions, and that these type of attacks are likely to spread. The attacks are centered on stealing power, rather than making life miserable for a homes inhabitants by cutting off power at random times or increasing the recorded usage without homeowners knowledge. A whole new type of cyberbully is possible with smart readers. Smart meters allow utility companies to keep track of electricity usage without having to send a meter reader out to each home, improving accuracy. From the blog post:

Sometime in 2009, an electric utility in Puerto Rico asked the FBI to help it investigate widespread incidents of power thefts that it believed was related to its smart meter deployment. In May 2010, the bureau distributed an intelligence alert about its findings to select industry personnel and law enforcement officials. 

Citing confidential sources, the FBI said it believes former employees of the meter manufacturer and employees of the utility were altering the meters in exchange for cash and training others to do so. “These individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters,” the alert states.

image: www.can-you-hear-us-now.com

Drones to Catch Pirates Using Artificial Intelligence

Innovation News Daily has a report on the US Navy's use of drones to capture small pirate ships. The drones will use radar vision technology to map out images in a surveillance area, searching for specific crafts by matching the laser created images to recognized pirate ship profiles. The use of artificial intelligence reduces the amount of data that needs to be sorted by humans. From the article:

The Fire Scout drones would bounce millions of laser pulses off distant objects to create a 3D "radar" image of any boats on the high seas — a technology known as LIDAR or LADAR — so that their new software could automatically compare the 3D images to pirate boat profiles on record. A first test is scheduled to take place with seven small boats off the California coast this summer.

"The automatic target recognition software gives Fire Scout the ability to distinguish target boats in congested coastal waters using LADAR, and it sends that information to human operators, who can then analyze those vessels in a 3D picture," said Ken Heeke, program officer in the Office of Naval Research's Naval Air Warfare and Weapons Department.

image: /www.innovationnewsdaily.com

What a Facebook Response to a Subpoena Looks Like

ZDNet has an interesting post on what a Facebook response to a subpoena looks like. The Boston Phoenix conducted an in-depth report on the Craigslist killer, and since he had died, the records related to the case could be released publicly. From the post:

The 71-page document is actually two documents in one. The first eight pages are the actual subpoena; the remaining 62 pages are from Facebook. Most of the pages sent over from the social networking giant consist of a single photograph, plus formal details such as the image’s caption, when the image was uploaded, by whom, and who was tagged. Other information released includes Wall posts, messages, contacts, and past activity on the site.

New US Surveillance Policy Under Consideration

RT has a post about a new policy, called the Cyber Intelligence Sharing and Protection Act, or CISPA. RT says CISPA will be worse than SOPA/PIPA in it's ability to censor the web. I'll have to take a look myself, but the blog post includes quotes from the Center for Democracy and Technology, which I consider a reliable source:

Kendall Burman of the Center for Democracy and Technology tells RT that Congress is currently considering a number of cybersecurity bills that could eventually be voted into law, but for the group that largely advocates an open Internet, she warns that provisions within CISPA are reason to worry over what the realities could be if it ends up on the desk of President Barack Obama. So far CISPA has been introduced, referred and reported by the House Permanent Select Committee on Intelligence and expects to go before a vote in the first half of Congress within the coming weeks.

image: surveillanceandcivicaction.pbworks.com

Hotel Inserts Ads Into Web Pages

NY Times Bits Blog has an interesting post about a web developer in NY City that noticed his Marriot Wifi access came with an additional space on each web page, including his personal blog, that would allow the hotel chain to insert it's own advertisements. This is a great illustration of how much power ISPs actually have, and how much trust we demonstrate every time we go online:

Justin Watt, a Web engineer, was browsing the Web in his room at theCourtyard Marriott in Midtown Manhattan this week when he saw something strange. On his personal blog, a mysterious gap was appearing at the top of the page. 

After some sleuthing, Mr. Watt, who has a background in developing Web advertising tools, realized that the quirk was not confined to his site. The hotel’s Internet service was secretly injecting lines of code into every page he visited, code that could allow it to insert ads into any Web page without the knowledge of the site visitor or the page’s creator. (He did not actually see any such ads.)

image: www.marriott.com