THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

The move, which follows a decision by the European Union’s council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as a sinister extension of the surveillance state which drives “a coach and horses” through privacy laws.

The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room.

Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.

Under the Brussels edict, police across the EU have been given the green light to expand the implementation of a rarely used power involving warrantless intrusive surveillance of private property. The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.

A remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as any offence attracting a jail sentence of more than three years. (Source-The Times Online)

If any of my readers would like advice on securing your computer and/or home network against unwanted intrusion or wiping your hard drive to military specifications, let me know in the comments. Without knowing what resources the governemt currently employ I can’t guarantee absolute security, but I’m willing to bet too many of you are making it far too easy for the government to snoop on your personal computer.

Any trace of even deleted porn, warez or pirated music and movies can be detected by means available to anyone, let alone the government. Even if you think you have nothing to hide, even if you seriously think this will help the police nab criminals or terrorists, you should still be concerned over the rapid loss of our rights to privacy. Soon they’ll be asking, nicely I’m sure, that everyone wear transponding devices (”we can make it look just like fashion jewellery!”) so that the government can know where you are and what you’re doing 24/7. What better way to make sure those rotten criminals and terrorists don’t bother you anymore.

No matter how corrupt and sloppy the establishment press becomes, they always find a way to go lower. Time Magazine has just published what it purports to be a news article by Massimo Calabresi claiming that “nobody cares” about the countless abuses of spying powers by the Bush administration; that “Americans are ready to trade diminished privacy, and protection from search and seizure, in exchange for the promise of increased protection of their physical security”; and that the case against unchecked government surveillance powers “hasn’t convinced the people.” Not a single fact — not one — is cited to support these sweeping, false opinions.

Worse still — way worse — this “news article” decrees the Bush administration to be completely innocent, even well-motivated, even in those instances where technical, irrelevant lawbreaking has been found…

Does Calabresi or his Time editors have the slightest idea how secret, illegal spying powers have been used, towards what ends they’ve been employed and with what motives? No, they have absolutely no idea. Not even members of Congressional Intelligence Committees know because the Bush administration has kept all of that concealed. So Time just makes up facts to defend the Bush administration with wholly baseless statements that one would expect to come pouring out of the mouths only of Dana Perino and Bill Kristol — the “motivating factor” for secret, illegal spying was nothing “other than law and order or national security.” This article literally has more factual errors — pure, retraction-level falsehoods — than it has paragraphs. It makes Joe Klein look like a knowledgable and conscientious surveillance expert. It’s one of the most falsehood-plagued articles I’ve seen in quite some time.

The proposition that “polls consistently” find that Americans don’t mind incursions into their civil liberties is a rank falsehood.

Read the full article for a well-supported contention that Americans do care about the situation. What to do about it may well be the most important question in the upcoming election.

A quick tally of the record of civil liberties erosion in the United States since 9/11 suggests that the majority of Americans are ready to trade diminished privacy, and protection from search and seizure, in exchange for the promise of increased protection of their physical security. Polling consistently supports that conclusion, and Congress has largely behaved accordingly, granting increased leeway to law enforcement and the intelligence community to spy and collect data on Americans. Even when the White House, the FBI or the intelligence agencies have acted outside of laws protecting those rights — such as the Foreign Intelligence Surveillance Act — the public has by and large shrugged and, through their elected representatives, suggested changing the laws to accommodate activities that may be in breach of them.

In all the examples of diminished civil liberties, there are few, if any, where the motivating factor was something other than law and order or national security. There are no scandalous examples of the White House using the Patriot Act powers for political purposes or of individual agents using them for personal gain. The Justice IG report released Thursday, for example, examined some 50,000 National Security Letters issued in 2006 to see whether the FBI misused that specialized kind of warrantless subpoena. The IG found some continuing abuse of the power, but blamed it for the most part on sloppiness and bad management, not nefarious intent. In a press release accompanying the report, Fine said, “The FBI and Department of Justice have shown a commitment to addressing these problems.”

For now, however, civil libertarians will have to continue to argue that the danger lies not in how the government’s expanded powers are being used now, but how they might be used in the future. So far, that argument hasn’t convinced the people.

There’s an old joke; The two most destructive attitudes in society are ignorance and apathy…but I don’t know and I don’t care. It seems this may no longer be a joke.

Do the words attributed to Ben Franklin apply here? “Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety“, used as a motto on the title page of An Historical Review of the Constitution and Government of Pennsylvania (1759). It could be argued that the colonialists could not envision the threats we now face and that Franklin (or Richard Jackson or whoever) would not have been so absolute in saying that had they lived today.

Is security and national defense sufficient cause to restrict liberty and add conditions to our freedoms? Or are those concepts being used by a malevolent government in order to suppress dissent and control the population through fear and intimidation?

These are perhaps the most important questions we face as we move into the 21st century.

MI5 seeks powers to trawl records in new terror hunt

Millions of commuters could have their private movements around cities secretly monitored under new counter-terrorism powers being sought by the security services.

Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.

The request by the security services, described by shadow Home Secretary David Davis last night as ‘extraordinary’, forms part of a fierce Whitehall debate over how much access the state should have to people’s private lives in its efforts to combat terrorism.

It comes as the Cabinet Office finalises Gordon Brown’s new national security strategy, expected to identify a string of new threats to Britain – ranging from future ‘water wars’ between countries left drought-ridden by climate change to cyber-attacks using computer hacking technology to disrupt vital elements of national infrastructure.

The fear of cyber-warfare has climbed Whitehall’s agenda since last year’s attack on the Baltic nation of Estonia, in which Russian hackers swamped state servers with millions of electronic messages until they collapsed. The Estonian defence and foreign ministries and major banks were paralysed, while even its emergency services call system was temporarily knocked out: the attack was seen as a warning that battles once fought by invading armies or aerial bombardment could soon be replaced by virtual, but equally deadly, wars in cyberspace.

While such new threats may grab headlines, the critical question for the new security agenda is how far Britain is prepared to go in tackling them. What are the limits of what we want our security services to know? And could they do more to identify suspects before they strike?

One solution being debated in Whitehall is an unprecedented unlocking of data held by public bodies, such as the Oyster card records maintained by Transport for London and smart cards soon to be introduced in other cities in the UK, for use in the war against terror. The Office of the Information Commissioner, the watchdog governing data privacy, confirmed last night that it had discussed the issue with government but declined to give details, citing issues of national security.

Currently the security services can demand the Oyster records of specific individuals under investigation to establish where they have been, but cannot trawl the whole database. But supporters of calls for more sharing of data argue that apparently trivial snippets – like the journeys an individual makes around the capital – could become important pieces of the jigsaw when fitted into a pattern of other publicly held information on an individual’s movements, habits, education and other personal details. That could lead, they argue, to the unmasking of otherwise undetected suspects.

Individuals wrongly identified as suspicious might lose high-security jobs, or have their immigration status brought into doubt, he said. Ministers are also understood to share concerns over civil liberties, following public opposition to ID cards, and the debate is so sensitive that it may not even form part of Brown’s published strategy.

But if there is no consensus yet on the defence, there is an emerging agreement on the mode of attack. The security strategy will argue that in the coming decades Britain faces threats of a new and different order. And its critics argue the government is far from ready.

(Source)

What they need are some technologically intelligent people who can conceive of ways to protect their citizens without violating all their liberties.

…WAY wrong. This is just mind blowing.

Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand?

No? Well, David Ritz has. And amazingly, he lost the case.

Here are just a few of the gems that the court has the audacity to call ”conclusions of law.” Read them while you go donate to David’s legal defense fund. He got screwed here, folks, and needs your help.

“Ritz’s behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law.” You might not know what a zone transfer is, but I do. It’s asking a DNS server for all the particular public info it provides about a given domain. This is a common task performed by system administrators for many purposes. The judge is saying that DNS zone transfers are now illegal in North Dakota.

“The Court rejects the test for “authorization” articulated by defendant’s expert, Lawrence Baldwin. To find all access “authorized” which is successful would essentially turn the computer crime laws of this country upside down.” That’s untrue. The judge is trying to hang David out to dry, even when provided evidence of what actually constitutes hacking or cracking. Accessing a server on the public internet that is set up to provide that public info is not a crime, and saying that it is not a crime doesn’t suddenly damage computer crime law. The judge just amended the definition of “unauthorized” to include public internet servers that were expressly configured to provide info to anybody who asks for that info.

“Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.” I’m not touching the “hijacking computers” statement—who knows what the judge means, and I don’t think it’s wise to assume that the judge’s definition matches the common one. But what really jumps out here is this: Publication of WHOIS information. You know, business records. Who owns a domain. Public information. The judge has arbitrarily decided that it is illegal to take information from WHOIS data—necessary information when compiling a report on a company or activity, to make sure you’re talking about the right person—and put it in a spam report or on a website.

Mickey Chandler calls the court documents in this case “12 pages of bad law,” and I couldn’t agree more.

It appears this North Dakota judge hasn’t a clue about the internet and didn’t bother to consult anyone who does.  No court should be allowed to pass judgment on a citizen without a full understanding of the elements of a case.  In addition to contributing to the defendant’s fund, this story should be circulated widely to encourage the higher courts to overturn the sentence and reprimand the judge.

Despite what should have been an unavoidable lesson in pathetic networking by TJMaxx, companies continue to roll out networks apparently without a clue as to how to set them up or secure them.

Boeing’s new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane’s control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner’s passenger compartment, designed to give passengers in-flight internet access, is connected to the plane’s control, navigation and communication systems, an FAA report reveals.

The revelation is causing concern in security circles because the physical connection of the networks makes the plane’s control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it’s aware of the issue and has designed a solution it will test shortly.

“This is serious,” said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). “This isn’t a desktop computer. It’s controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right.” (Wired News)

Passport cards for Americans who travel to Canada, Mexico, Bermuda and the Caribbean will be equipped with technology that allows information on the card to be read from a distance.The technology was approved Monday by the State Department and privacy advocates were quick to criticize the department for not doing more to protect information on the card, which can be used by U.S. citizens instead of a passport when traveling to other countries in the western hemisphere.

The technology would allow the cards to be read from up to 20 feet away. This process only takes one or two seconds, said Ann Barrett, deputy assistant secretary for passport services at the State Department. The card would not have to be physically swiped through a reader, as is the current process with passports.

The technology is “inherently insecure and poses threats to personal privacy, including identity theft,” Ari Schwartz, of the Center for Democracy and Technology, said in a statement. Schwartz said this specific technology, called “vicinity read,” is better suited for tracking inventory, not people.

The State Department said privacy protections will be built into the card. The chip on the card will not contain biographical information, Barrett said.

And the card vendor – which has yet to be decided – will also provide sleeves for the cards that will prevent them from being read from afar, she said.

A 2004 law to strengthen border security called for a passport card that frequent border crossers could use that would be smaller and more convenient than the traditional passport. Currently, officials must swipe travelers’ passports through an electronic reader at entry points.

The technology change for passport cards was initially proposed in October 2006, and public comments closed on Jan. 7, 2007. The State Department received more than 4,000 comments, and most were about the security of the technology.  (Source)

After months of delay, the State Department finally, on the last day of the year, submits this decision to the Federal Register.  After taking that long, couldn’t they have improved the technology so that security concerns could have been alleviated?