The federal government thinks identity and passwords need to be fixed to keep the internet healthy, but is declining, thankfully, to try to fix it themselves. Instead, they are pushing internet entrepreneurs to build something robust and open.
Read full article at http://feeds.wired.com/~r/wired/index/~3/3Uts2JG5xFc/
Similar Blog & News Articles
When it comes to last year’s holiday gifts, Uncle Sam wants to know if you’ve been bad or good. So be good for goodness sake!
What do an online donation to the International Red Cross, a bank transfer to family members living in Vietnam, and a payment sent through PayPal for an expensive rug in Turkey have in common? The government wants to know about them. And, if new rules proposed by the Financial Crimes Enforcement Network, or FinCEN, go into effect, the government will — along with your name, address, bank account number, and other sensitive financial information.
In September, FinCEN, an agency component of the Department of the Treasury, proposed a set of rules (pdf) that would require banks and money transmitters to report to the government any cross-border electronic funds transfer. Yesterday, we submitted a comment (pdf) opposing the agency’s proposal.
Essentially, under the proposed rules, anytime you electronically transfer money into or out of the country, the government wants to know. The proposed rules require banks and money transmitters, like PayPal or Western Union, to submit reports documenting the amount of money sent or received, where that money came from, and where it is going. Depending on the type of transfer, a variety of information would be included in the reports, including the name, address, bank account number, and taxpayer ID number of the sender; the amount and currency of the funds transfer; and the name and address of the recipient. Passport numbers or alien ID numbers could also be required for some transfers.
The government wants reports on all electronic bank-to-bank transfers, regardless of whether the transfer is $1 or $1,000,000. For money transmitters, reports would be filed for transfers at or above $1,000. FinCEN estimates it will receive 750 million reports every year, and the agency wants to keep the data for ten years. Once the reports are filed with FinCEN, other federal law enforcement agencies — the FBI, IRS, ICE, and the DEA — would all have access to the data.
Shortly after FinCEN announced the rules in September, EFF filed a FOIA request seeking documentation that would justify the agency’s law enforcement need for the regulations. We also sought information demonstrating that FinCEN had taken adequate data-security precautions for handling such a massive amount of sensitive information. The agency produced some records, but the documents provided no evidence that the proposed rules are necessary to deter money laundering and terrorism financing, or that the agency had adequately assessed the privacy implications of the proposed rules.
In our comment, we opposed the rules for three reasons:
1. The new reports are unlikely to be effective in preventing terrorism financing — the primary impetus behind the regulations in the first place.
2. While the agency sought the advice of financial institutions, other law enforcement agencies, and even foreign governments when developing the rule, FinCEN never solicited the opinions of privacy advocates during the drafting process.
3. The agency has not provided any evidence that the technological systems are in place to safely receive, transmit, and store the vast quantities of highly-sensitive information the rules would require.
We strongly oppose the government’s attempt to pry into the sensitive financial dealings of citizens, especially when there is no demonstrated need and no evidence that the agency is equipped to handle that much sensitive information. Comments on the proposed rules are due December 29th, and can be submitted here. We urge you to join us in opposing these intrusive new regulations.
I recently had another occasion to meet with Reporter Martin Kaste from NPR's "All Things Considered". Last time we met to play a game of cat-and-mouse in the streets of San Francisco to demonstrate the current state of cellular telephone and wireless device tracking. This time we discussed an issue closer to my heart.
"Right now, anybody is just one search term and a click on Google away from most of the same files that I have seen as part of my work," he says.
Fischbach believes the easy-to-find images are a kind of public hazard.
He worked for one defendant who went to prison because of one night of ill-advised Web surfing. The easy-to-find images are also tempting weapons in messy custody battles and divorces — he's convinced that in some of the cases he's worked on, one spouse has been framed by another. All of this makes Fischbach wonder why more isn't done to block some of the more obvious sources of these "radioactive" files.
"It's the same thing as any other public nuisance. Part of the government's job is not just to go out there and stop people from doing bad things, but to stop good people from having to fall victim to that," he says.
It's probably not constitutional for the government to block offending Web sites outright, but Fischbach says Internet service providers and search engines could volunteer to filter the images that reach their customers, just as e-mail providers filter out known viruses.
He's been suggesting this idea for years, and now somebody is trying it.
Audio and transcript: http://www.npr.org/templates/story/story.php?storyId=129526579
Similar Wikipedia Articles
"Secret Service paid TJX Hacker $75,000 a Year"
According to Wired, a convicted hacker and credit card thief was paid to work undercover for the U.S. Secret Service. A convicted accomplice told Wired that Albert Gonzalez was paid $75,000 a year in cash as a confidential informant to the U.S. Government.
Though the Secret Service would not comment, a former federal prosecutor told Wired that the payment was not unusual. He compared it to "million-dollar payouts" to informants involved in organized crime investigations. According to Department of Justice guidelines, agents are required to advise confidential informants that payments "may be taxable income that must be reported to appropriate tax authorities".
Albert Gonzalez was arrested in 2008 and accused of running one of the largest identity theft crimes in U.S. history. After his arrest Gonzalez lead instigators to more than $1 million buried behind his parent's home.
Similar Blog & News Articles
Disgruntled Hacker [Debt Collector] Disables More Than 100 Cars Remotely
Cleveland-based Pay Technologies is a company that sells hidden wireless black boxes that allow car dealers to remotely disable a car’s ignition, or trigger the horn to begin honking, as a not-so-gentle reminder that a payment is due. The Webtech Plus responds to commands issued through a central website, and relayed over a wireless pager network.
A car dealer in Austin Texas began receiving complaints from hundreds of stranded customers late last month. According to the dealership's manager, the complaints stopped several days later, when he reset all the Webtech Plus employee passwords. Then police obtained access logs from Pay Technologies, and traced an IP address to a former employee. Police say he hacked into the dealership's computer system to deactivate the starters on the cars and set off their horns.
To call the suspect a "hacker" is really an insult to hackers. On the other hand, anyone who's ever spoken with a debt collector probably isn't very surprised by allegations of unethical behavior.
According to the dealership, the employee's account had been closed when he was terminated last month, but they allege he got in through another employee’s account. They claim he was working his way alphabetically through a database of all 1,100 customers whose cars were equipped with the device.
Similar Blog & News Articles
- Hacker Disables More Than 100 Cars Remotely :: Wired: Threat Level
- Ex-employee accused of remotely disabling 100 cars :: CNET News.com
- Bad Password Management Will Stop You in Your Tracks :: Forbes.com: News
- Disgruntled Former Employee Wirelessly Bricks 100 Cars in Texas :: DailyTech Main News Feed
- Disgruntled Dealership Employee Remotely Disables 100 Vehicles :: ShoppingBlog.com
What do you call the sacrifice of one person's privacy in an attempt to save the privacy of over 1300? If you're a bank, you call it collateral damage.
When I was a kid I earned my first paycheck passing out fliers for a neighbor who was starting a pool cleaning business. With my first $13 in hand, my grandfather took me to the a bank in walking distance to my home, got me a tour of the vault from the branch manager, a neat pouch to hold all my coin, a full explanation of the principals of savings and loans, and helped me open my very first savings account. Believe it or not, back then, all my account information was stored on a double-sided index card behind the teller.
Today, things are much more complicated. Gone are the index cards and passbooks, most of the employees, tellers and branches, a good deal of the service, interest-bearing accounts with only $13 in them, and a lot of the customers' money. Today, it's all computerized, and most banks even attach various penalties to discourage human contact.
I know an awful lot about electronic data systems, but I don't pretend to fully understand how the modern banking system works. Sometimes, I think I do--from a mechanical (as opposed to financial) perspective. But then something convinces me that I don't. For instance, you know how every so often your bank emails its customers' names, addresses, Social Security numbers, and loan information to Gmail? ... CONTINUE READING »
Similar Blog & News Articles
- Bank Sends Sensitive E-mail to Wrong Gmail Address, Sues Google :: Wired: Threat Level
- Google, bank resolve issue over misfired e-mail :: CNET News.com
- Judge Orders Gmail Account Deactivated After Bank Screws Up :: Wired: Threat Level
- Bank Sends Email to Wrong Gmail User, Sues Google For His Identity :: Mashable!
- Judge Rules Against Gmail User After Bank Screws Up :: Mashable!
- Bank sues Google for ID of Gmail user :: Latest from Computerworld
- Bank snafu sets up privacy clash with Google :: Business