Eideard

Now who would want to see my email?
Daylife/AP Photo used by permission

Senate Judiciary Committee chairman Patrick Leahy (D-Vermont) has proposed sweeping digital privacy protections that would require the government, for the first time, to get a probable-cause warrant to obtain e-mail and other content stored in the cloud.

Leahy’s proposal (.pdf) would nullify a provision of the 1986 Electronic Communications Privacy Act that allows the government to acquire a suspect’s e-mail or other stored content from an internet service provider without showing probable cause that a crime was committed, as long as the content has been stored on a third-party server for 180 days or more. The government had only needed to show that it has “reasonable grounds to believe” the information would be useful in an investigation…

“We think this is the beginning of the discussion. This is a very positive step,” Chris Calabrese, legal counsel for the American Civil Liberties Union, said by telephone…

But the Leahy bill, which has not been sent to committee for review, is a give-and-take of sorts when it comes to other forms of electronic privacy…

The measure would also expand, or at least clarify, the information the government may obtain with so-called National Security Letters. They allow the FBI, without a court order, to obtain telecommunication, financial and credit records relevant to a government investigation. The Leahy bill adds “electronic communication identifiable information” and strikes “electronic communication transactional records.”

“It is not appropriate for the government to be able to get detailed information on everybody who you communicated with,” Kevin Bankston, a privacy lawyer with the Electronic Frontier Foundation, said by telephone.

That said, the bill is “a great leap forward,” Bankston said.

The struggle takes us all the way back to the founding of this nation. There have always been those who are committed to the power of the government over the rights of individuals. And some libertarians who refused to consider the question of benefits to the common good superseding any individual’s rights.

I wish Senator Leahy well with his attempt and will zap off an email via www.congress.org to my elected representatives suggesting they support the bill, too.

Egypt’s shutdown of the Internet within its borders is an action unlike any other in the history of the World Wide Web and it might have only taken a few phone calls to do it.

“It’s something I’ve never seen; it’s totally unprecedented,” said James Cowie, the co-founder and chief technology officer of Renesys, an IT company in New Hampshire that helps Internet service providers monitor the security of Web networks and infrastructure.

“Over a period a period of about 20 minutes, it’s as if each of the primary service providers started pulling the routes that lead to them. It wasn’t like a simultaneous withdrawal.

“Nobody flipped an off switch or hit a big red button. It was one by one until they were all gone.”

The Egyptian government cut off nearly all online services between midnight and 12:30 a.m., Egyptian time, on Friday, Cowie said — something he noted on his company’s blog as he witnessed the blackout…

“Egypt is a modern country; the government doesn’t own the Internet,” Cowie said. “There are private companies of varying sizes that own and operate their own infrastructure. But it seems that they got a call and so they turned it off.”

This is perfectly legal according to the laws of some countries. And if ISPs wish to do business in such countries they will sign contracts that agree to the laws of the land.

Some members of Congress are trying to change that.

An internet firm linked to many of the internet’s criminal gangs has been shut down.

The US Federal Trade Commission said Belize-based 3FN aided gangs that ran botnets, carried out phishing attacks and traded in images of child abuse.

The servers and net hardware of 3FN have been seized and are due to be sold off as the firm is dismantled.

The operators of 3FN must also pay back $1.08 million they are reputed to have made by hosting criminal sites…

It was involved in distributing spyware, viruses and trojans, had a hand in many phishing schemes and helped gangs sell illegal images. It also acted as a discussion forum for many spammers.

In particular, said the FTC, the net firm worked with fraudsters who run botnets and helped them steal data by seeding hijacked computers with keyloggers. It maintained a library of more than 4500 malicious programs that could pilfer data from hijacked PCs.

In June last year, the FTC used an injunction to cut 3FN off from other hosting providers and sever its connections to the net.

Now the FTC has gone a step further and won a court order that will see the company stop trading and its hardware confiscated. The FBI has been ordered to carry out the shut down and seizure operation.

Overdue.

A Milan court convicted three Google executives on Wednesday for violating the privacy of an Italian boy with autism by letting a video of him being bullied be posted on the site in 2006.

Google said it was confident it would avoid formal investigation by the European Commission. It said the Milan verdict “poses a crucial question for the freedom on which the internet is built” as none of its employees had anything to do with the video.

“They didn’t upload it, they didn’t film it, they didn’t review it and yet they have been found guilty,” said Google’s senior communications manager, Bill Echikson, in Milan.

The court convicted senior vice-president and chief legal officer David Drummond, former Google Italy board member George De Los Reyes and global privacy counsel Peter Fleischer. Senior product marketing manager Arvind Desikan was acquitted…

The complaint was brought by an Italian advocacy group for people with Down’s Syndrome, Vivi Down, and the boy’s father, after four classmates at a Turin school uploaded a clip to Google Video showing them bullying the boy…

The video was filmed with a mobile phone and posted on the site in September 2006.

Google argued that it removed the video immediately after being notified and cooperated with Italian authorities to help identify the bullies and bring them to justice.

It says that, as hosting platforms that do not create their own content, Google Video, YouTube and Facebook cannot be held responsible for content that others upload…

Why Albuquerque? Because not only does New Mexico lead the nation in lawsuits per capita, the Duke City hosted the famous McDonald’s million-dollar lawsuit for injuries sustained when a little old lady spilled her hot coffee in her lap – in her car – and was injured because it was hot coffee.

It’s like the lawsuits against firearms manufacturers for letting bullets come out the gun barrel when someone pulls the trigger.

The Federal Trade Commission had a rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic junk shut down by a district court judge.

The FTC order shuts off Pricewert LLC, which does business under a variety of names including Triple Fiber Network (3FN) and APS Telecom, a company it said actively recruit and collude with criminals seeking to distribute a whole host of nastiness including child pornography, spyware, viruses, trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest. The FTC said Pricewert advertised its services in the darkest corners of the Internet, including a forum established to facilitate communication between criminals.

The FTC also alleges that the defendant engaged in the deployment and operation of botnets. Botnets can be used for a variety of illicit purposes, including sending spam and launching denial of service attacks. According to the FTC, the defendant recruited bot herders and hosted the command-and-control servers – the computers that relay commands from the bot herders to the compromised computers known as “zombie drones…”

Pricewert, based in San Jose, California, shielded its criminal clientele by either ignoring take-down requests issued by the online security community or shifting its criminal elements to other Internet Protocol addresses it controlled to evade detection…

In an interview with The Washington Post’s Security Fix, FTC Chairman Jonathan Leibowitz said, “Anything bad on the Internet, they were involved in it. We’re very proud, because in one fell swoop we’ve gone after a big facilitator of some of the utterly worst conduct.”

Will they do anything about ISP’s capping bandwidth, now? That’s not exactly gracious conduct.

Privacy? Har, har, har…
Daylife/Reuters Pictures used by permission

An internet privacy law is coming, Congressman Rick Boucher promised, as he steered his committee into the marshes of online behavioral advertising, deep packet inspection and location-tracking services.

Boucher, a Virginia Democrat and longtime ally of digital rights groups, now heads the House subcommittee on Communications, Technology and the Internet. He said wants the committee to write a broad online privacy law this year.

For instance, Boucher made it clear he’s concerned about ISPs using so-called deep packet inspection technology, or DPI, to examine the data packets it delivers to and from its customers. “The thought that a network operator could track a user’s every move on the Internet, record the details of every search and read every email or attached document is alarming.”

But the Center for Democracy and Technology’s Leslie Harris warned the committee not to get too wrapped up with any particular technology, since the privacy threats change quickly — pointing out that current privacy laws are good in some areas — video rental records, for one — and non-existent in others…

It’s not clear how broad a law Boucher has in mind, though it’s likely to be some codification of generally accepted data-privacy practices. Those include telling people when you collect data and why, letting them choose to join in or not, using the data only for the reason you collected it, letting people see and correct the information and destroying it when its not longer needed…

The Free Press’s Ben Scott summed up what he and many consumer advocates would like to see in an overarching privacy bill.

“It needs to cover intentionality, behavior, and outcome,” Scott said. “Why do you want my information? What are you going to do with it? And what does that mean for me?”

I’ll second that.

The topic of ISP data retention is up once again in the halls of Congress. A new bill, known as the “Internet SAFETY Act,” seeks to compel ISPs and anyone who hosts a Wi-Fi access point to log all information that could identify users, in order to assist police investigating child pornography. Actually two companion pieces of legislation – one working its way through the Senate as S.436, and the other through the House as H.R.1076. Their sponsors are Senator John Cornyn and Representative Lamar Smith, and both are republicans hailing from Texas.

“While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children,” said Cornyn in a Thursday press conference. “Keeping our children safe requires cooperation on the local, state, federal, and family level.”

Both bills are virtually identical, and contain the same language. “[Providers] of an electronic communication service or remote computing service” will be required to retain “all records … pertaining to the identity of a user of a temporarily assigned network address” for two years.

Observers interpret the law to mean anyone who runs a network that assigns users a temporary IP address, internal or external – which would cast ISPs like AT&T in the same lot as coffee shops and corporate networks using DHCP.

The last serious try at this crap came from the now absent and unlamented Alberto Gonzales. The Attorney General with a shallow memory – and an even shallower interpretation of civil liberties.

Daylife/AP Photo by Susan Walsh

A senior U.S. lawmaker plans to introduce a bill in January that would bar Internet providers like AT&T Inc from blocking Web content, setting up a renewed battle over so-called network neutrality.

Sen. Byron Dorgan, a North Dakota Democrat, believes a law is essential to prevent telephone and cable companies from discriminating against Internet content, even though regulators have taken actions to enforce free Web principles.

Dorgan has been influential on the issue, and will be among the highest ranking Democrats on the Senate’s Commerce Committee when it reconvenes in January.

The net neutrality fight pits Internet service providers (ISPs) like AT&T against content companies like Google Inc and Microsoft Corp.

And consumers like you and me.

The ISPs, which also include Verizon Communications Inc. and cable company Comcast Corp, say they need to manage the ever-growing traffic on their networks without government interference.

Content companies say the ISPs hold too power much to block or slow down traffic requiring more bandwidth, such as movie downloads, or certain content altogether.

President-elect Barack Obama supports net neutrality legislation. The election of Obama and more Democrats who back the concept adds momentum to the cause.

Every little bit helps, whether you access the Web in a competitive urban market or any of the stretches of suburban and rural America limited to few if any choices for service.

Six weeks ago, at the end of September, a loose organization of security researchers and network professionals announced that their collective efforts to fight badware had finally borne fruit. After years of complaints and shady dealings, the rogue ISP Atrivo was finally forced offline when the company’s last remaining uplink provider severed its business relationship with the beleaguered baddie.

Later in October, the FTC announced that it had won a major injunction against the international spam operation HerbalKing.

Now, on the relative heels of these announcements, comes news of a third major takedown. As of yesterday, the rogue ISP McColo has been taken offline, hopefully for good.

McColo’s website is down, and has been that way since at least Tuesday afternoon. Security Fix, meanwhile, is holding back most of the details of its investigation, presumably pursuant to the Washington Post publishing its own story. One fun tidbit of information the blog has deigned to release is that McColo had its hands in more than just a sticky, spammy pie. The company’s elite clientele included distributors of child pornography, commercial websites to allow purchase and delivery of the same, plus the usual group of thieves, fraudsters, and generally bad people.

No one expects the dip in overall spam traffic to be anything more than temporary, whether McColo itself comes back online or not, and the size of the drop in spam levels following an ISP takedown may ultimately prove to be a poor metric when evaluating the effectiveness of a successful white hat campaign.

Every little step towards shutting down criminals and sleaze – since the marketplace has little or no effect – is worthwhile.

http://arstechnica.com/news.ars/post/20081112-spam-sees-big-nosedive-as-rogue-isp-mccolo-knocked-offline.html