Internet Democracy Project Formed by Civil Rights Groups
The American Civil Liberties Union , Computer Professionals for Social Responsibility , and the Electronic Privacy Information Center joined together on July 6 to launch the Internet Democracy Project, which aims to "encourage participation by non-governmental organizations in Internet governance and to promote the principles of a civil society." The new organization took part in the ICANN Net governance meeting in Yokohama this month, and is publishing a number of relevant papers on its Web site. One paper articulates what a "civil society" is: "Civil society supports freedom of association, freedom of expression, participatory democracy, and respect for diversity. A vigorous civil society is also an important limit on the power of governments and on the power of the commercial sector." Right now, the organization appears to be an ICANN watchdog, but look for it to expand into other areas of Internet development and governance. You can find many good resources links on the home page.
http://www.internetdemocracyproject.org/
Latest Update on UK's Draconian Net Surveillance Law
Dan Gilmore of the San Jose Mercury News summarizes the latest on the UK's Regulation of Investigatory Powers Bill (RIP), which gives unprecedented powers to police to intercept online communications and force the disclosure of encryption keys. The article notes that while the British business and ISP communities have organized opposition to the bill, the public at large remains generally unaware of the civil liberties implications of this legislation. At press time, parliamentary maneuvering in the House of Lords aimed at scuttling the bill.
http://www.mercurycenter.com/svtech/news/indepth/docs/dg071100.htm
MSNBC has this article on a network sniffing system called Carnivore that the FBI uses to tap traffic at ISPs. When the FBI obtains a court order for a wiretap on somebody's network traffic, it goes to that person's ISP and installs a PC with sniffer software in a secure cage. The system then can record e-mail and other network traffic. According to the article, the FBI has so far used these taps in "infrastructure protection" cases, to combat terrorism and drug-trafficking, and to hunt hackers. However, the way typical Ethernet networks operate, Carnivore can access all traffic through a target's ISP. It can investigate much more than just the target's traffic. Naturally this has privacy advocates up in arms. At least one ISP fought the installation of the Carnivore system in court and lost.
http://www.msnbc.com/news/431355.asp?0nm=B16M
FBI Carnivore PostScript
Last issue, (Above) we reported on the FBI's Carnivore computer wiretap. Since then, public outcry has led the Justice Department to investigate its use. Online privacy advocates have also complained about the system. One major ISP, EarthLink, initially refused the FBI's requests to hook up Carnivore until compelled by a court order, at which point Carnivore promptly brought down some of its servers. EarthLink came to an agreement with the FBI and will now perform court-ordered monitoring with its own equipment and software. CNet has that story. Robert X. Cringely, meanwhile, speculates on the real purpose of Carnivore: to give the US government the ability to turn off the Internet.
CNet: http://news.cnet.com/news/0-1005-200-2257522.html
Cringely: http://www.pbs.org/cringely/pulpit/pulpit20010713.html
Net Bill of Lost Rights
CNet has an insightful article which point by point demolishes your expectation of any civil liberties in cyberspace. They give examples of laws which allow people to legally snoop your e-mail, restrict your freedom of speech via civil lawsuits, allow your health records to be disclosed, and allow your employers to monitor your websurfing. Not only is your online privacy almost non-existent from a technical point of view, but it is also legally compromised. A must read for anybody online, if only to let you know where you stand when you hook up.
http://home.cnet.com/techtrends/0-1544321-7-2181834.html
Bad Week for Windows Security: E-Mail on Windows Is Not Your Friend
Two severe Windows security bugs were discovered recently, both exploitable through e-mail. Ominously, simply receiving an e-mail can compromise your system. Security experts - the ones we trust from long experience - are saying these potentially catastrophic bugs can be much more devastating than the recent "I Love You" virus. The first problem, described by SANS, affects all Windows machines which run Explorer 4.0 or higher and Microsoft Access 97/2001. SANS has links to Microsoft fixes and workarounds. Another bug has also been discovered in versions of Outlook by which viruses can infect your computer via e-mail even if you don't open any attachments. SecurityFocus has the details on that one. The fix appears to be upgrading to Explorer 5.01 Service Pack 1 or Explorer 5.5 on all systems except Windows 2001.
SANS: http://www.sans.org/newlook/resources/win_flaw.htm
SecurityFocus: http://www.securityfocus.com/templates/article.html?id=61
Web Bugs of the Tracking Kind
CNet explains a type of Web behavior tracking technology known as the Web Bug. A Web Bug is essentially a link to a 1 pixel transparent GIF which can be embedded in a Web page. The user will never see anything and cookie blockers will not detect it, but it can be used effectively to track where the user has been. Needless to say, online advertising companies are making full use of this method.
http://news.cnet.com/news/0-1007-200-2247960.html
The Dangers of File Sharing Programs
File sharing programs like Napster that allow users to share content with other people's hard drives will only become more popular as the Web moves towards greater interconnectivity. Greater connectivity, however, brings with it a host of new security concerns, as users of the entertainment portal Scour have found out. Scour lets users search and download multimedia files shared across millions of computers. And that's the problem. Scour actively searches Web sites and shared PC files for content, and Internet users who haven't secured their computer's hard drives risk inadvertently sharing files as Scour penetrates their drives in search of files. Scour plans to modify its search bots but the use of such technology by malicious parties to retrieve personal financial data and other sensitive information is starting to come to light. The LA Times has an excellent and readable story on the subject with lots of detail.
Scour: http://www.scour.com/
LA Times: http://www.latimes.com/business/updates/lat_scour000714.htm
Inside Echelon
Those of you following the saga of Echelon, the electronic surveillance network run by Western governments, should read this article by Duncan Campbell. Campbell is the author of a report to the European Parliament about the capabilities of the network, a report which brought the intelligence gathering system to widespread public attention for the first time. In this article, Duncan gives an overview of Echelon and tries to "clear up the confusion, to say what Echelon is (and isn't), where it came from and what it does. Echelon, or systems like it, will be with us a long time to come." Consider this a fine digest of the lengthy and technical report to the Parliament.
http://www.heise.de/tp/english/inhalt/te/6929/1.html
PacketStorm Security Site
Copyright � 1996-2004 by PrivacyandSpying Com