Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Regarding the BA plane which took off with both engine cowls unlatched. The bit of the story that frightened me most was from one of the BBC accounts which said: “Last July Airbus said there had been 32 reported fan cowl door detachment events, but none of the cases resulted in a fire.'' This suggests to me that maintenance crews are not paying anything like enough attention to this. If the cowl comes loose it might, as in this case, cause a fire and an emergency landing. But it could even be worse. A lump of metal falling from a preceding plane is now thought to have caused the Concorde disaster at Paris some years ago.
Cory Doctorow, *The Guardian*'s technology blog, 5 Jun 2013 "As I write this, the European Parliament is involved in a world-beatingly gnarly wrangle over the new General Data Protection Regulation.'' http://www.guardian.co.uk/technology/blog/2013/jun/05/data-protection-eu-anonymous Cory's blog item on the relative ease of de-identifying supposed anonymizations should be no surprise to RISKS readers. It is a very nice assessment of some of the risks. Ed Felten (Princeton) and Seth David Schoen (EFF) are quoted, among others. It is very well worth your reading, as it opens up some gigantic cans of worms (although quite unlike the Diet of Worms). PGN
Revealed: NSA collecting phone records of millions of Americans daily Paul Owen, *The Guardian*, 6 Jun 2013 http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order Under the terms of the order, the numbers of both parties on a call are handed over, as is location data and the time and duration of all calls. The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April. The order, a copy of which has been obtained by the Guardian, requires Verizon on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries. The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk—regardless of whether they are suspected of any wrongdoing. The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19. Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered. The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government's domestic spying powers. Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama. The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets. The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order. The court order expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the court order itself. "We decline comment," said Ed McFadden, a Washington-based Verizon spokesman. The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls". The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information". The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data—the nearest cell tower a phone was connected to—was also transactional data, and so could potentially fall under the scope of the order. While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively. It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders. The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration's surveillance activities. For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on "secret legal interpretations" to claim surveillance powers so broad that the American public would be "stunned" to learn of the kind of domestic spying being conducted. Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized. Julian Sanchez, a surveillance expert with the Cato Institute, explained: "We've certainly seen the government increasingly strain the bounds of 'relevance' to collect large numbers of records at once—everyone at one or two degrees of separation from a target—but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion." The April order requested by the FBI and NSA does precisely that. The law on which the order explicitly relies is the so-called "business records" provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration's extreme interpretation of the law to engage in excessive domestic surveillance. In a letter to attorney general Eric Holder last year, they argued that "there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows." "We believe," they wrote, "that most Americans would be stunned to learn the details of how these secret court opinions have interpreted" the "business records" provision of the Patriot Act. Privacy advocates have long warned that allowing the government to collect and store unlimited "metadata" is a highly invasive form of surveillance of citizens' communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication. Such metadata is what the US government has long attempted to obtain in order to discover an individual's network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack. The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, Internet and e-mail records. A furore erupted in 2006 when USA Today reported that the NSA had "been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth" and was "using the data to analyze calling patterns in an effort to detect terrorist activity." Until now, there has been no indication that the Obama administration implemented a similar program. These recent events reflect how profoundly the NSA's mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency's focus on domestic activities. In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically. At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: "The NSA's capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter." Additional reporting by Ewen MacAskill and Spencer Ackerman
Al Gore, 6 Jun 2013, http://t.co/KONSBtTWjc The former vice president slammed the overreach of the NSA's surveillance powers on Twitter.
Tom Kaneshige, *CIO*, 30 May 2013 Cloud storage, text messaging, poor accountability and the "Bad Leaver" open the doors to data breaches in a BYOD environment, says a cyber-crime expert in this CIO.com interview. http://www.cio.com/article/734231/The_BYOD_Mobile_Security_Threat_Is_Real
> If the Government takes money off rich people and gives it to poor people, > this may seem to be "fairer" and reduce inequality, It does. A previous poster has eloquently explained this. > but it rewards people who rely on welfare and punishes those who provide > for themselves I would not use the term 'reward' or 'punish'. People on low incomes who rely on benefits are often struggling to afford the basics. Many are not able to find well-paid work. OTOH taking a little from the wealthiest will not hurt them. > (hence in the UK a lifetime on welfare is quite a popular career option). This is a myth often spread by certain elements in the media. In truth the majority of benefits goes to those who do work but are on low-incomes. Describing a lifetime on welfare as a 'popular' career option is insulting to the majority who would get a (better) job if they could.
Hidden dependencies are a risk with any program. And then we get dependencies on the bug. We get away with this because if typically doesn't matter in a world that isn't very precise. I wonder how many financial instruments depended on the 1-2-3 bug which treated 2000 as a leap year. I happened to be well-aware of the problem because my very first program in 1963 calculated leap years on an IBM 1620. We often get away with accepting these problems because proportionality rules in the analog arena. And typically the models we are using are indeed in the analog domain. But when we operate in the digital domain we can run into trouble. (I posted related comments about big data as http://rmf.vc/IPBigData). This is why I keep complaining about the leap second. In the analog world it's just a pesky second but in the digital world we don't round "1/2/2020 23:59:59" because we know that that is really 1/2/2020 though using epoch+seconds it might not be. For that matter essentially none of the date/times in databases for the last 40 years are correct since they just pretend leap seconds don't exist. They can't because time function simply don't have the information to do interval calculations.
This has to do with content licensing issues and the blame falls on the content owners, not Apple. In a sense, it is related to the DVD zone problem. Content owners license Apple to distribute movies and other content on a country-by-country basis. To comply with the terms of these agreements, Apple has to limit sales to the customer's home country, thus the ToS restrictions. And the EU doesn't help here; licensing, like much else, is still on a national basis. Steve Wildstrom www.wildstrom.com/steve
Please report problems with the web pages to the maintainer