The CNN Wire reported on 30 Apr 2008 that a nationwide computer failure shut down terminals at U.S. Customs entry points. However, a backup system on laptops appears to have worked, instituted after previous system failures (e.g., 18 Aug 2005, RISKS-24.02).
Protecting Yourself From Suspicionless Searches While Traveling Posted by Jennifer Granick, 1 May 2008 The Ninth Circuit's recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers' rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers' data. The letter also asks Congress to pass legislation protecting travelers' laptops and smart phones from unlimited government scrutiny. If privacy at the border is important to you, contact Congress now and ask them to take action! In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home? ... http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t
Some federal air marshals have been denied entry to flights they are assigned to protect when their names matched those on the terrorist no-fly list, and the agency says it's now taking steps to make sure their agents are allowed to board in the future. [Source: Audrey Hudson, *Washington Times*, 29 Apr 2008] http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080429/NATION/782525487/1001
"There has been outrage in Italy after the outgoing government published every Italian's declared earnings and tax contributions on the Internet." Apparently this was not a bug, but intentional. In any case, the full details of every Italian's income and tax returns were posted without warning on the Net for anyone to see, for at least 24 hours. (BBC report) <http://news.bbc.co.uk/1/hi/world/europe/7376608.stm>
18-month-old Elijah Luck died on 29 Apr 2008 after his aunt called 911 from the family's Comwave VoIP phone at home in in Coventry, but an ambulance reportedly took more than half an hour to arrive—with the call center being slow in transfering the call to the Calgary dispatch. <http://www.canada.com/calgaryherald/news/story.html?id=3cb08a17-9abf-4a50-9665-51a15732df5d&k=39015> [Also noted by Mark Brader. No guarantees on longevity of URLs. PGN] http://www.ctv.ca/servlet/ArticleNews/print/CTVNews/20080501/voip_911call_080501/20080501/?hub=TopStories&subhub=PrintStory http://calsun.canoe.ca/News/Columnists/Platt_Michael/2008/05/02/5448331-sun.php
A woman caught up in a mysterious Internet hijacking scandal that has sparked a federal privacy investigation into the Canadian Human Rights Commission says she was shocked, angry and confused at suddenly finding herself publicly associated with white supremacists. ... In response to a subpoena, Bell Canada linked Jadewarr to Ms. Hechme's personal Internet account, and provided her address and telephone number at the public hearing. [Source: Colin Perkel, Internet hijacking 'disturbing', says Ottawa woman, Canadian Press, 27 Apr 2008 http://www.theglobeandmail.com/servlet/story/RTGAM.20080427.whijacknet0427/BNStory/National/home Luckily for Ms. Hechme the Human Right of Privacy is protected by a different Federal Commission in Canada.
Subject: Microsoft Helps Law Enforcement Get Around Encryption - New York Times X-URL: http://www.nytimes.com/idg/IDG_852573C4006938808825743900804723.html?ref=technology&pagewanted=print Microsoft Helps Law Enforcement Get Around Encryption, 30 Apr 2008 The growing use of encryption software like Microsoft's own BitLocker by cyber criminals has led Microsoft to develop a set of tools that law enforcement agents can use to get around the software, executives at the company said. Microsoft first released the toolset, called the Computer Online Forensic Evidence Extractor (COFEE), to law enforcement last June and it's now being used by about 2,000 agents around the world, said Anthony Fung, senior regional manager for Asia Pacific in Microsoft's Internet Safety and Anti-Counterfeiting group. Microsoft gives the software to agents for free. ... Miscellaneous thoughts: 00) Who says it's only "cyber criminals" using file encryption; and [what we used to think of was..] law enforcement using such tools? Note Fung's group's title. 01) This reminds me of Spy vs. Spy; except where both sides work for the same side. It brings in all the issues the NSA has faced over the decades: ("Do we plug this hole now; or will Boris see we did, and stop using their version of X?") Who is MSFT's real customer; the user or the LE/FI community? How long before Redmond gets pressured to weaken BitLocker because COFEE can't help? What will their response be? 10) Wigglers, a faux-use mouse designed to forestall a screen-saver activation, have been around for a while. How long until some encryption code author puts a random pop-up interrogation into their code? I.e. even if the system is ""busy"" it suddenly asks for a response, a simple CAPTCHA. When it gets a wrong answer, it stops and demands the full pass-phrase. [Another approach would be to immediately demand same when a new device is found by the OS.] 11) We are seeing more laptops & phones being searched and/or confiscated by DHS at US borders. I suspect many multinational corporations will sacrifice an encrypted laptop rather than reveal its contents. 100) Will shortcoming of COFEE et.al. push the legal system into a major test case of coerced passphrase release? ["Give up your password or rot in jail?"] May you live in interesting times.
An article in the Contra Costa Times 26 April under the headline "1,500 gallons of gas swiped" [http://www.contracostatimes.com/lafayette/ci_9057588?nclick_check=1] implies that the thief/thieves used an access code on the pumps, which had not been changed from the manufacturer's default, to keep the volume of pumped gas from being reported. Here are a couple of paragraphs excerpted from the article: "... Between March 31 and April 7, he [the proprietor] noticed large disparities between what his fuel counters were showing and what was actually sloshing around in his station's underground storage tanks. ... "He contacted police and soon figured out that someone had unlocked a panel on one of the pumps and punched in a code on an internal key pad. The code disables the pump from requiring remote authorization to activate. The authorization system is legitimately used to cut off gas flow and allow maintenance workers to clean valves. ... "... someone versed in fuel pump maintenance was a likely culprit, since a lay person or even a station owner like himself lacks the technical knowledge to pull off such a feat. ... "[The proprietor] installed reinforced locks in his underground storage tanks and entered a new authorization code inside the fuel pumps—changing it from a default code entered by the pump manufacturer, which is why he suspects the thief had trade knowledge." William R. Nico, California State University East Bay Hayward, CA 94542-3092 www.mcs.csueastbay.edu/~nico (510)885-3386 Math. and Comp. Science Emeritus
A BBC consumer programme "Watchdog" reported recently (28 Apr 2008) on cases where credit card companies' computer based fraud detection systems were disabling users cards when they detected unusual, and possibly fraudulent, spending patterns. However, all the users concerned were on holiday abroad (New York, South Africa & Rome ) and left stranded with little or no money it then took four or five days and a lot of effort to get the cards re-enabled. In some case this caused the users to have to cancel significant chunks of a 'holiday of a life-time'. In one case the bank *had* tried to contact the user by sending an e-mail to his home address, whilst he was stuck in New York with no money. The bank's responses were essentially that these systems were there to protect their users from fraud and that users should let their banks know when they are likely to be going somewhere different so that such situations can be avoided. However, the cancellations had happened to some users despite doing this. It seems the decisions were made solely by the computers with no recourse to the users' branch manager (for example) or to any information provided by the user on their whereabouts. The banks mentioned seemed to only be prepared to pay a small amount of compensation (100 pounds max for the situations in the programme), nothing near what it cost some users to call their bank's customer services from South Africa. (Being able to contact the banks' customer services departments easily from abroad was another sore point.) The main learning point is that you should always take several different means of paying when you go abroad. British Telecommunications plc Adastral Park, Martlesham, Ipswich, UK, IP5 3RE Kearton.Rees@bt.com | www.btbrand.bt.com
I was recently the victim of a (very minor) assault. This was reported to the police, and in due course I went to the police station to provide a formal witness statement. The officer charged with making the statement said that,to save time, he would type up the statement as I gave it rather than writing it down by hand and then typing it up later. He then led me into a computer room, much as one would find in a school or university for use by the students (indeed, some of the notices on the wall seemed to imply that the room was often used for training courses but happened to be vacant at that time) and logged in to Windows. He then opened up a folder with a large number of MS Word documents and clicked on one to open it. Initially I assumed that this was a template file, but when it appeared on the screen it didn't appear to have the blank spaces and "WRITE WITNESS' NAME HERE" phrases that one would expect. Intrigued, I looked closer and saw that the text appeared to be a witness statement about another assault that had happened about a week before mine. This was confirmed when the officer asked me not to look at the text at the bottom of the screen, because it was a private witness statement about another crime. The officer then set about typing up my witness statement thus: he added several blank lines at the beginning of the document and then began cutting and pasting sentences or sometimes whole paragraphs from the bottom half (the old statement) to the top half (my statement). After pasting each section in, he went over it changing the details as appropriate. The reason he gave for doing this was that he wanted to make sure that he had included all the necessary sections and formulaic wording so that it would be acceptable in court. Once he had finished taking my statement, he chose 'Save As' and entered a filename, saving it in the same folder. All the file names were prepended with a date (presumably he had not discovered, or not been allowed to use, the 'sort by date' option). I would say "The RISKS are obvious", but given recent discussion I feel I ought to attempt to enumerate them. 1. I was shown the personal data of another victim. Of course, I looked away as soon as I suspected it was not just an "example crime" (which was before he told me that it was real) but others might not have been so scrupulous. 2. As featured in previous RISKS bulletins, Word files can sometimes retain data that had supposedly been deleted. If the witness statement is sent electronically to the other parties in the case, they too may be able to extract confidential information about the case used as a template (and perhaps the one used as a template for that file, and so on). 3. I have used a similar editing method in the past when writing less important documents such as homework assignments, and in my experience it is very easy to accidentally omit a section or leave it unchanged from the previous version. Especially in the case of omitting a section, this error could then propagate to subsequent statement files and potentially invalidate several pieces of evidence. 4. The file was kept under the old name (but not saved) until the end of the interview (which lasted over an hour). If there had been a power cut or system crash, the file would presumably have been lost. Conversely, if the file had been saved accidentally, or even autosaved, presumably the old statement would have been overwritten. I prefer to remain anonymous to protect the officer involved from being made a scapegoat for what are obviously, at least to a certain extent, institutional failings. I will however name the police force involved: Cambridgeshire Police [England].
Last night I was awakened at 2 a.m. by an alarm beeping every thirty seconds. A few minutes of stumbling around trying to find the high- pitched, hard-to-localize sound revealed it to be our Kidde Nighthawk carbon monoxide detector. Its digital display was reading "Err." It was not showing a low battery condition, but just to be sure, I replaced the batteries, to no avail. I then took the unit down and looked for directions on the back. A sticker on the back said "UNIT ERROR: Intermittent audible alarm every 30 seconds. Refer to User's Guide for details." Was there any cause for concern? Well, probably not, since this obviously was not the ALARM CONDITION, signaled by a different pattern of beeps. On the other hand, it is human nature to ignore real warnings through wishful thinking (radar echoes at Pearl Harbor in 1941 must be incoming __American_ planes). I didn't want to make that mistake, so I decided I should at least check the User's Guide... but could I find it? Not likely. I was wide awake by now, so I figured I might as well try to download it from the manufacturer's website. Among other things, if I had enough mental clarity to do this it would prove to me that I wasn't anoxic. I found it, downloaded it, and in the "unit malfunction" section I learned that "Seven years after initial power up, this unit will 'chirp' every thirty seconds to indicate that it is time to replace the alarm. The unit will not detect CO in this condition." Since the sticker on the back showed it was assembled in November, 2000, I figured that the mystery was solved, took the batteries out, went back to sleep, and replaced the unit the next day. Apart from this planned obsolescence being "very convenient," as the Church Lady used to say, the RISK is of confusing users just in a situation where things should be as clear and unambiguous as possible. Was there really not enough room on the back of the device itself to note that it would beep and show "Err" seven years after installation? And was it really impossible to program a different message than "Err" for the seven-year expiration condition?
[Re: Face scans for air passengers to begin in UK this summer (Brian Randell), RISKS-25.13] > Officials say automatic screening more accurate than checks by humans True enough. Assuming the goal is to match a face to a known face. People are notoriously terrible at this. To do better is not that hard today. But, presumably, that's not what the guards do - match a face to a face. If they did, I would never get through any airport anywhere. My hair is shorter and grayer, my face is thinner, I don't have a mustache anymore, and I am slowly balding. But I don't think that's what they are there to do - at least not exclusively. > But there is concern that passengers will react badly to being rejected by > an automated gate. To ensure no one on a police watch list is incorrectly > let through, the technology will err on the side of caution and is likely > to generate a small number of "false negatives" - innocent passengers > rejected because the machines cannot match their appearance to the > records. "False negative"? False rejection or false positive or false detection is more like it. Given that the system is designed to detect mismatches, it is a "false negative" when it fails to detect a mismatch. A false negative would be allowing someone through when they should not go through. > They may be redirected into conventional passport queues, or officers may > be authorised to override automatic gates following additional checks. Seems to me like this is no better than randomly picking off one in 20 passengers for more detailed scrutiny. > Ministers are eager to set up trials in time for the summer holiday rush, > but have yet to decide how many airports will take part. If successful, > the technology will be extended to all UK airports. ... So they want to do it when there are lots and lots of passengers instead of when the traffic is light and delays relatively short. That way when it fails it will be a huge disaster instead of a small one? Will the passengers have to frown to get on a plane now? I predict they will be frowning anyway with all of the security crap they will have to go through. Fred Cohen, 572 Leona Drive, Livermore, CA 94550 1-925-454-0171 http://all.net/ Join http://tech.groups.yahoo.com/group/FCA-announce/join
The last time I renewed my passport I got the new EU issue, with facial RFID embedded. It imposed huge quality demands on the passport picture, and I can only assume there is somewhere a check comparing old with new (would be a bit daft otherwise). However, I noted immediately that: (a) The scanning equipment had not arrived at the issuing embassy. Thus, no final check to see if the chip actually worked, and AFAIK there's no data on field failure rates yet. (b) There did not appear to be any shielding for the chip as the U.S. passports have. So principally the EU passport creates an extra risk for me in hostile areas, which is an interesting take on my human rights.. There is, however, a flipside to this lack of shielding. Given (a) above, and given that I occasionally work with broadcast equipment it is not inconceivable my jacket has already passed through the beam of a microwave transmitter whilst dangling off my bag. Oops..
It is interesting to note that among the reactions to this first spam (those quoted in the article, anyway) only Richard Stallman had recognized the features which would in time make the net great: the ability to focus messages to specific well selected groups of people, as well as the inherent freedom of expression. IMHO this shows the difference between visionaries and high-talkers.
> Perhaps Mr. Brown would be so kind as to elucidate exactly what he thinks > the RISKS are? Unfortunately his e-mail address did not appear, so I'll reply to the list. I apologise if this is redundant, but I guess maybe some other people asked themselves the same question. Here are some of the risks which I thought of within a few minutes of reading the original article: * Real-time financial transaction data being sent "by e-mail", as if e-mail guaranteed either delivery of the message (full mailbox, spam filter badly configured) or that only the intended recipient of the mail would see it. The first of those means that the person paying for the service may well not get it (with potentially hilarious consequences in the form of lawsuits, as experts try to prove to a court exactly where an e-mail got lost); the second means that the information may be retransmitted to a number of "interested" parties ("hey Martha, I thought Joe was in Cleveland, turns out he's in New York" - yeah, negotiating a takeover, and trying to do it quietly). At one site with which I am very familiar and which I have no reason to believe is untypical, there is a complete parallel network of information between the administrative assistants of directors who have delegate access to their bosses' e-mail. (This gets particularly interesting when someone changes jobs and their delegation privileges are forgotten.) * Overreaction by managers, especially since the corporate culture of a company which signs up for this service is unlikely to be particularly laid-back when it comes to expenses. Example: I'm on my way to the airport and I find I've left my ticket at home. No big deal, it's fully refundable, I'll charge another one to the company card and we'll sort out the refund when I return. Only the meeting is in somewhere "nice", and when my boss gets the ticket, he decides I'm taking my wife (etc.) along and cancels the card while I'm in the air. The bottom line is that if you're going to give employees a company card, you have to have the procedures and accountability in place to control its usage after the fact. If you're worrying that your staff may charge a $400 dinner contrary to policy, don't give them the card. Maybe the junior executive charging that meal had to do so because the CEO got a big call from Tokyo halfway through the meal. But the credit card terminal only has room to enter "Tip", not "note to corporate finance". Perhaps Ron works for a nicer organisation than many other people. I ran the above paragraphs past a couple of colleagues and they both smiled knowingly. Nick Brown, Strasbourg, France. PS: And, of course, there's our oldest friend, plain simple programming and operational errors. A field shifts by one while someone at Mastercard is reorganising chunks of their database in Excel and hey presto, someone at Google gets a copy of someone at Microsoft's expenses.
Keep an eye out for this book: Hal Abelson, Ken Ledeen, Harry Lewis Blown to Bits: Your Life, Liberty, and Happiness after the Digital Explosion Addison Wesley, June 2008 "There is no simpler or clearer statement of the radical change that digital technologies will bring, nor any book that better prepares one for thinking about the next steps." Lawrence Lessig (from the cover)
Please report problems with the web pages to the maintainer