HazDat
10Jan/11

Filed Under “Things You Thought You Could Take for Granted”: Court Holds there is a Reasonable Expectation of Privacy in the Contents of Emails

Show of hands: How many people have a reasonable expectation of privacy when you send an email? It turns out, as late as December 2010, you may have had no reasonable expectation of privacy when it came to your email correspondence -- at least that was the opinion of the United States Department of Justice (DOJ). And, between your Internet Service Provider's (ISP) Terms of Service (TOS), and the 1986 Stored Communications Act (18 U.S.C. §§ 2701-2712), you may not have under various circumstances.

M. Scott Koller, of McKennon | Schindler in Newport Beach, CA has written a very comprehensive overview of the decision, why it was ever in doubt, and the 1986 act that got us here in the first place.

Read more at http://www.reasonableexpectation.com/2011/01/09/stored-email-protected-by-the-4th-amendment/

Share
8Jan/11

When it comes to last year’s holiday gifts, Uncle Sam wants to know if you’ve been bad or good. So be good for goodness sake!

Via EFF:

What do an online donation to the International Red Cross, a bank transfer to family members living in Vietnam, and a payment sent through PayPal for an expensive rug in Turkey have in common? The government wants to know about them. And, if new rules proposed by the Financial Crimes Enforcement Network, or FinCEN, go into effect, the government will — along with your name, address, bank account number, and other sensitive financial information.

In September, FinCEN, an agency component of the Department of the Treasury, proposed a set of rules (pdf) that would require banks and money transmitters to report to the government any cross-border electronic funds transfer. Yesterday, we submitted a comment (pdf) opposing the agency’s proposal.

Essentially, under the proposed rules, anytime you electronically transfer money into or out of the country, the government wants to know. The proposed rules require banks and money transmitters, like PayPal or Western Union, to submit reports documenting the amount of money sent or received, where that money came from, and where it is going. Depending on the type of transfer, a variety of information would be included in the reports, including the name, address, bank account number, and taxpayer ID number of the sender; the amount and currency of the funds transfer; and the name and address of the recipient. Passport numbers or alien ID numbers could also be required for some transfers.

The government wants reports on all electronic bank-to-bank transfers, regardless of whether the transfer is $1 or $1,000,000. For money transmitters, reports would be filed for transfers at or above $1,000. FinCEN estimates it will receive 750 million reports every year, and the agency wants to keep the data for ten years. Once the reports are filed with FinCEN, other federal law enforcement agencies — the FBI, IRS, ICE, and the DEA — would all have access to the data.

Shortly after FinCEN announced the rules in September, EFF filed a FOIA request seeking documentation that would justify the agency’s law enforcement need for the regulations. We also sought information demonstrating that FinCEN had taken adequate data-security precautions for handling such a massive amount of sensitive information. The agency produced some records, but the documents provided no evidence that the proposed rules are necessary to deter money laundering and terrorism financing, or that the agency had adequately assessed the privacy implications of the proposed rules.

In our comment, we opposed the rules for three reasons:

1. The new reports are unlikely to be effective in preventing terrorism financing — the primary impetus behind the regulations in the first place.

2. While the agency sought the advice of financial institutions, other law enforcement agencies, and even foreign governments when developing the rule, FinCEN never solicited the opinions of privacy advocates during the drafting process.

3. The agency has not provided any evidence that the technological systems are in place to safely receive, transmit, and store the vast quantities of highly-sensitive information the rules would require.

We strongly oppose the government’s attempt to pry into the sensitive financial dealings of citizens, especially when there is no demonstrated need and no evidence that the agency is equipped to handle that much sensitive information. Comments on the proposed rules are due December 29th, and can be submitted here. We urge you to join us in opposing these intrusive new regulations.

Read full article at http://www.eff.org/deeplinks/2010/12/sending-money-overseas-holidays-government-wants

Share
31Aug/10

A Click Away…

I recently had another occasion to meet with Reporter Martin Kaste from NPR's "All Things Considered". Last time we met to play a game of cat-and-mouse in the streets of San Francisco to demonstrate the current state of cellular telephone and wireless device tracking. This time we discussed an issue closer to my heart.

"Right now, anybody is just one search term and a click on Google away from most of the same files that I have seen as part of my work," he says.

Fischbach believes the easy-to-find images are a kind of public hazard.

He worked for one defendant who went to prison because of one night of ill-advised Web surfing. The easy-to-find images are also tempting weapons in messy custody battles and divorces — he's convinced that in some of the cases he's worked on, one spouse has been framed by another. All of this makes Fischbach wonder why more isn't done to block some of the more obvious sources of these "radioactive" files.

"It's the same thing as any other public nuisance. Part of the government's job is not just to go out there and stop people from doing bad things, but to stop good people from having to fall victim to that," he says.

It's probably not constitutional for the government to block offending Web sites outright, but Fischbach says Internet service providers and search engines could volunteer to filter the images that reach their customers, just as e-mail providers filter out known viruses.

He's been suggesting this idea for years, and now somebody is trying it.

Listen to NPR's A Click Away: Preventing Online Child Porn Viewing

Audio and transcript: http://www.npr.org/templates/story/story.php?storyId=129526579

Similar Wikipedia Articles

Share
14Mar/10

FTC Queues-in on Netflix Member Privacy

Attn. MPAA: There are much worse ways to copy movies than with a computer.

In 2007 prosecutors in Anchorage Alaska accused 34 year old stripper Mechele Linehan of plotting a murder based on the 1994 movie "The Last Seduction". Life so closely imitated art, said prosecutors, that they even tried to have the movie played for the jury.

Rockstar Games Grand Theft Auto

In 2008 a teenager confessed that he was trying to imitate scenes from the video game "Grand Theft Auto" when he robbed a murdered a taxicab driver in Bangkok Thailand. Movies like "The Deer Hunter" (1978) are even believed to have inspired several "copycat" suicides in the late 1970's and early 80's.

All of this may seem like fodder for censorship advocates, but that debate has largely come and gone in favor preserving the First Amendment's right to free speech. Wise as the framers of the U.S. Constitution may have been, few would accuse them of being clairvoyant. After all, who could have predicted the impact the Internet would some day have on both the precept of free speech and the concept of privacy?

Though many speak of the "right to privacy", it is not, at least as far as the U.S. Constitution is concerned, a right at all. It is, nonetheless, an ethos that has long been coveted by Americans, and is implicit in the Fourth Amendment's:

...right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...

Of course, mention the term "search" to most people today, and it's far more likely to conjure thoughts of friends lists", home pages and e-books, than actual people, houses and papers. And while, in just the past few years, popular culture has come to embrace the sharing of intimate, private and personal details with virtual strangers, the desire to remain "secure" seems to be very much alive in the 21st Century. In fact, more than any other, the Fourth Amendment has played a central, albeit contested, role in the litigation of hi-tech criminal evidence.

I know what you watched last summer...

So, what does all this have to do with your Netflix queue? Though Americans, and many other people around the world, may be willing to voluntarily divulge personal information, either in trade for modern conveniences and services, or increasingly, for a sense of online significance, we're not quite as enthusiastic when it's taken from us and shared without any tangible return. It's no longer a secret that the monetary value of data has been pre-calculated into the return on investment (ROI) of so many of today's business models, but consumers still tend to expect a certain level of security. In recent years the bar has been set pretty low. Still, it may surprise many to learn that "anonymous" usage data can be deciphered into personally-identifiable intelligence, as proven by a pair of researchers at the University of Texas using what was thought to be anonymous user data provided to contestants in the three-year $1 million "Netflix Prize" to improve the site's recommendation results.

The UT's results brought both unwanted attention from the Federal Trade Commission and a lawsuit from a private firm, resulting in Netflix's decision last week to cancel a planned sequel to the prize awarded last year.

It's not hard to imagine how this sort of data could be exploited to peddle shoes to people who have rented all six seasons of "Sex in the City", or BestBuy ads targeted at fans of NBC's "Chuck".

Dreamworks Minority Report (2002)

It's no longer extraordinary to see similar data exploited in the process of investigating crimes either. Certainly the viewing interests and habits of the individuals mentioned above have been considered relevant discovery by law enforcement. In these cases, there's little, if anything, to decipher.  Anything that Netflix knows about you, your account, and your viewing habits, is subject to a warrant, and, with or without much imagination, could be incriminating. How many of us haven't seen a good fictional car case, a well-written murder plot, a scripted street-fight, or a perfectly executed crime? The consumption of such fiction could be hazardous to your defense, if it proceeds similar accusations.

Now, imagine the same evidence available to anyone, without a warrant, subpoena, or probable cause. Perhaps someone at the FTC had the movie "Minority Report" in their queue.

Share
28Sep/09

The problem is, banks have too many humans.

What do you call the sacrifice of one person's privacy in an attempt to save the privacy of over 1300? If you're a bank, you call it collateral damage.

rmb-logoWhen I was a kid I earned my first paycheck passing out fliers for a neighbor who was starting a pool cleaning business. With my first $13 in hand, my grandfather took me to the a bank in walking distance to my home, got me a tour of the vault from the branch manager, a neat pouch to hold all my coin, a full explanation of the principals of savings and loans, and helped me open my very first savings account. Believe it or not, back then, all my account information was stored on a double-sided index card behind the teller.

Today, things are much more complicated. Gone are the index cards and passbooks, most of the employees, tellers and branches, a good deal of the service, interest-bearing accounts with only $13 in them, and a lot of the customers' money. Today, it's all computerized, and most banks even attach various penalties to discourage human contact.

I know an awful lot about electronic data systems, but I don't pretend to fully understand how the modern banking system works. Sometimes, I think I do--from a mechanical (as opposed to financial) perspective. But then something convinces me that I don't. For instance, you know how every so often your bank emails its customers' names, addresses, Social Security numbers, and loan information to Gmail? ... CONTINUE READING »

Share
23Sep/09

You Tweet, therefore: YOU ARE HERE.

TwitterVisionHow Twitter says they'll hide your location from twits with subpoenas.

Recently, Twitter announced that they would be adding geolocation features to their service, allowing users to embed their physical location in their Twitter feed. As not to alarm: Twitter has always maintained that this would be an opt-in feature. But, frankly, any web site you visit is privy to some information about your physical location by virtue of the IP address assigned to your computer by your Internet Service Provider (ISP) from a group of IP addresses reserved for your neighborhood. The logs kept by a web server, combined with a subpoena to the appropriate ISP, usually yield a street address for the subscriber assigned that IP address.

SmarterWare's Gina Trapani (formerly of Lifehacker.com) is attending the Twitter Conference in LA. She's posted updates explaining how Twitter plans to deploy this service and how they intend to protect its Twitter geolocation users from subpoenas. According to Gina, "Twitter will scrub geo-data stored in tweets more than 14 days old to avoid getting subpoena’d about a user’s location in the past. They will outright delete the location information from their database, not just anonymize." ... CONTINUE READING »

Share
17Sep/09

“Blood in the Birdcage” (Forensics: You Decide, Discovery Channel)

Investigation_Discovery_300One body. One suspect. Two theories. A laptop. A birdcage. A bloody crime scene. Two trials. Two hung juries. No convictions. One unsolved mystery.

From Investigation Discovery:

"When a beloved music professor -- David Stagg -- discovers the dead body of his long-time partner, Bill Jennings, he claims he's walked into the aftermath of a tragic suicide. But as investigators descend on the scene, they immediately realize that this reported suicide is clearly a homicide. Is it possible the professor is behind this vicious crime, or has he been falsely accused? The forensic experts on each side battle it out. Which side will you agree with?" (60 min. - First aired 9/14/2009 on Investigation Discovery / Discovery ID's "Forensics: You Decide)

Suicide letter, or coverup?

Suicide letter, or coverup?

Friends from the couple's active social group were in total disbelief. Few could imagine David Stagg involved in the murder of his long-time partner. Forensic evidence was inconclusive. Though blood evidence was found throughout the crime scene, no blood or defensive wounds could be found on David Stagg. An unknown set of fingerprints were found at the scene. Computer evidence from Jennings' laptop showed--at least from Jennings' perspective--a tumultuous relationship. But, enough to justify a motive for murder?

There were also a series of suicidal emails and typed letters left by Jennings that charted a history of both love for Stagg, and deep emotional turmoil. And, one final letter--typed on April 24, 2004, the night of the murder--would become one of the most contested pieces of evidence that two juries would have to consider.

On one thing, both sides agreed: Bill Jennings did not take his own life. ... CONTINUE READING »

Share
10Sep/09

Let’s play $100 Password!

$100 Dollar Password

You probably won't find much sympathy for Elane Cioni. A mistress scorned, she's been convicted of hacking into the email account of her former-boss, the man with whom she was having an affair, and then his wife, his other girlfriends, and even his kids. (I suppose, that doesn't engender much sympathy for her main-target either.) But, you might be surprised to find out Cioni's not a very good hacker.

You might also be surprised to learn that there's a market for professional hacking and, similar to many legitimate professions, the jobs are going offshore. When it comes to password hacking, those who can, do. Those who can't, outsource. When Cioni wanted back into her boyfriend's life she turned to one of an increasing number of web sites with offers like this:

"Need to monitor your Child? Your Spouse? Your Boyfriend/Girlfriend? We Hack Passwords for $100 USD. We Crack all major web based emails. This include Hotmail, Yahoo! AOL and Gmail. We Provide Proofs Before payment." ... CONTINUE READING »

Share
9Sep/09

Electronic privacy is for the birds.

Source: Wikipedia

Source: Wikipedia

In a match between Bird-brain vs. broadband, you might be surprised to see who wins.

An old friend of mine pointed out what sounded like an interesting story out of South Africa. Tired of slow download speeds, a South African call center pitted a racing pigeon against Telkom South Africa Ltd.’s ADSL data service to see which could move a 4GB file faster. In total it took just under three hours for the bird to fly approximately 50 miles--about 30 times faster than the ADSL service, which had only downloaded 4% of the file in the same time.

I'm afraid we're not really comparing apapane to apapane, or even apapane to ostriches. I doubt, for instance, that the pigeon would fair quite as well over, say, a 500 or 5000 mile "data run". ... CONTINUE READING »

Share
31Aug/09

U.S. Gov. authorizes long-layovers for laptops.

DHSIt's sometimes hard to remember, but it wasn't that long ago that most carry-on's bypassed so much as an x-ray screening. Then came the obligatory laptop and shoe removal. And, eventually, the "drink 'em or lose 'em" rule, accompanied by the ever-perplexing debate over what constitutes a "liquid", and how many ounces of it you can carry through a TSA line.

(I once overheard a TSA agent explaining to a traveler that, "anything that can be liquefied is a liquid". I felt compelled to explain that, at the right temperature, the whole airplane could be liquefied--but kept my mouth shut, for fear of missing my flight.)

In recent months, some international travelers have been greeted with an indignity that makes the "patdown" look like a "fist-bump". In the past 10 months, over 1000 people had their laptop computers "detained" and subsequently searched. Most would assume that this was with probable cause, but, the DHS maintains that probable cause is not required for such a search. ... CONTINUE READING »

Share

Log In


Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map