Privacy

Mobile devices today are far more capable, and capacious, than the analog bricks of decades past. That also creates new security risks, which the feds are asking the public to address in comments due Friday.

"Mobile devices are expected to continue to become more powerful and communicate at higher speeds, eventually giving people the power and functionality of a full desktop," the National Institute of Standards and Technology says in its draft of Guidelines on Cell Phone and PDA Security. "Besides increasing productivity, such improvements are rapidly turning cell phones into extensive data reservoirs capable of holding … Read more

The whopping housing bill that President Bush signed into law last week does far more than merely address the nation's real estate woes. Some sections have raised serious privacy concerns.

Tucked in near the end of the Housing and Economic Recovery Act is a requirement that banks and online payment networks annually collect and report to the IRS electronic payments made to online merchants. It takes effect in 2011, and will affect what information companies like PayPal collect from their sellers and could raise privacy and auditing complications.

The housing bill also finalized the SAFE Mortgage Licensing Act. As … Read more

The U.S. Department of Homeland Security has concocted a remarkable new policy: It reserves the right to seize for an indefinite period of time laptops taken across the border.

A pair of DHS policies from last month say that customs agents can routinely--as a matter of course--seize, make copies of, and "analyze the information transported by any individual attempting to enter, re-enter, depart, pass through, or reside in the United States." (See policy No. 1 and No. 2.)

DHS claims the border search of electronic information is useful to detect terrorists, drug smugglers, and people violating "… Read more

The Bush administration's newly created National Cyber Security Center remains shrouded in secrecy, with officials refusing to release information about its budget, what contractors will run it, and how its mission relates to Internet surveillance.

In correspondence with the U.S. Senate posted on Thursday, the Bush administration said it would not provide that information publicly. An 18-page, partially redacted letter from DHS said that disclosure could affect "the conduct of federal programs, or other programs or operations essential to the interests of our nation."

The censored letter--a nonredacted, "For Official Use Only" version was … Read more

A trio of politicians in the U.S. House of Representatives is continuing a campaign against the concept of Web monitoring to display advertisements, most recently with a series of letters this week exchanged with broadband provider Embarq.

Embarq provides Internet connectivity to about 1.3 million subscribers, making it the fourth-largest DSL provider in the country. It has acknowledged experimenting earlier this year with NebuAd, which intercepts and performs deep packet inspection of what's flowing through a company's network in hopes of delivering relevant, anonymized ads.

In two letters (No. 1, and No. 2) to the House … Read more

An internal review by University of Colorado officials has found that a controversial research project conducted by a team of computer scientists did not constitute research misconduct. University lawyers have also stated their belief that the team probably did not violate US wiretapping laws.

As I reported in a blog post yesterday, a team of researchers from both the University of Colorado and University of Washington recently presented a controversial study in which they recorded a limited portion of the communications of users of Tor -- a popular anonymizing proxy network.

According to a written statement posted by the research team, … Read more

A group of researchers from the University of Colorado and University of Washington could face both civil and criminal penalties for a research project in which they snooped on users of the Tor anonymous proxy network. Should federal prosecutors take interest in the project, the researchers could also face up to 5 years in jail for violating the Wiretap Act.

The team of two graduate students and three professors neither sought legal review of the project, nor ran it past the Human Subjects Committee at their university, putting them in a particularly dangerous position.

The academic paper, "Shining Light in Dark Places: Understanding the Tor Network&… Read more

A team of computer scientists has published source code that can in some circumstances bypass encryption used in Microsoft's BitLocker and Apple's FileVault and be used to view the contents of supposedly secure files.

We reported in February on their research, which describes how the contents of a computer's memory could be dumped to a hard drive and the encryption keys forcibly extracted.

The source code includes tools for imaging the target computer's memory through USB and Netboot, and analyzing the memory image to extract AES and RSA encryption keys, even if they're partially degraded. … Read more

The major national cable providers are all to sign a troubling yet major censorship deal with a private anti-child porn organization. The deal would give the National Center for Missing and Exploited Children (NCMEC) carte blanche power to issue a takedown of any customer's content hosted on a cable provider's servers.

The group will provide each cable company with a list of Web site addresses that they believe contain child porn. The cable companies will then, per the agreement, scrub the content from their servers.

A press release describing the agreement states that: