The very scary future of state control, censorship, and totalitarianism in the age of the internet. A presentation from Amesys, a subsidiary of Bull S.A. "explained the significance of Eagle to a government seeking to control activities inside its borders. Warning of an “increasing need of high-level intelligence in the constant struggle against criminals and terrorism,” the document touted Eagle’s ability to capture bulk Internet traffic passing through conventional, satellite, and mobile phone networks, and then to store that data in a filterable and searchable database. This database, in turn, could be integrated with other sources of intelligence, such as phone recordings, allowing security personnel to pick through audio and data from a given person all at once, in real time or by historical time stamp. In other words, instead of choosing targets and monitoring them, officials could simply sweep up everything, sort it by time and target, and then browse through it later at their leisure. The title of the presentation -- ”From Lawful to Massive Interception” -- gestured at the vast difference between so-called lawful intercept (traditional law enforcement surveillance based on warrants for specific phone numbers or IP addresses) and what Amesys was offering."

'The Digital Rights Forum is a public debate on the important issues surrounding digital rights, with each event designed around the general over-arching topic of digital rights, puls a more narrowly focused subject. On Friday, the 18th of May, the forum will tackle the issue of Online Privacy.

With our lives ever more integrated with the web and social media, staying safe online is becoming an increasing concern to everyone. From mobile apps to websites and email, protecting our personal information and online privacy has never been more complicated and more important. Faced with software vulnerabilities such as contacts being leaked onto the Internet by mobile application providers, the increasing push toward revealing more private and personal information on social networks, and attempts by some to protect their businesses through litigation or processes which require the disclosure of personal information, the modern digital landscape has made protecting one's privacy more difficult than ever before.

With this in mind, this Digital Rights Forum will discuss the current state of data protection and online privacy in the current context of social networks and mobile applications.'

Featuring Billy Hawkes (the DPC, no less!), and Devore from Boards.

'In order to stop you from visiting www.jamesjoycesulysses.com, the national censorwall must intercept all your outgoing internet requests and examine them to determine whether they are for the banned website. That's the difference between the old days of censorship and our new digital censorship world. Today, censorship is inseparable from surveillance.' Very good point from Cory Doctorow

'According to data from YouHaveDownloaded.com, a range of downloads have been actioned from the Palace including a cam copy of Tower Heist, a telesync copy of Arthur Christmas, and music from The Beach Boys.' I love this. The data is, of course, filled with potential inaccuracies -- and that's the point

'The Court judgement therefore goes well beyond saying what a court may decide, by means of an injunction: it also sets out the limits of Member States’ powers to legislate to draft ISPs as copyright police. It will be a crucial precedent in future arguments about the Digital Economy Act, in the UK, HADOPI in France, various blocking requirements in Italy, and numerous other schemes across the EU. As victories for ISPs in the copyright wars go, this one was comprehensive. It will be seen as a landmark ruling for years to come.' woot

'The [Dutch] councils are working with a specialist Amsterdam research firm, using the type of computer software previously deployed only in counterterrorism, monitoring [LinkedIn, Facebook and Twitter] traffic for keywords and cross-referencing any suspicious information with digital lists of social welfare recipients.

Among the giveaway terms, apparently, are “holiday” and “new car”. If the automated software finds a match between one of these terms and a person claiming social welfare payments, the information is passed on to investigators to gather real-life evidence.' With a 30% false positive rate, apparently -- let's hope those investigations aren't too intrusive!

jaysus. the Epic Marketplace online ad network performs a history stealing attack to determine if the viewer has recently visited 'pages about getting pregnant and fertility, including at the Mayo Clinic'. very very scummy -- massive privacy violation (via Adam Shostack)

scummy. don't use TwitPic if they are planning to monetize your photos, even if it's currently just for a "small number of celebrities". (via my dad)

seriously Apple, WTF were you thinking?

'Internet blocking is ineffective. The current proposal lacks sufficient checks and balances, and may even require ISPs and telcos to break other laws to comply. It will inevitably result in innocents being tarred as offenders. Data Protection principles (such as “Adequate, Relevant, and Not Excessive” are being blatantly ignored to implement an ineffective solution. Far better is to shut down the shop by removing the images at source and invest time, energy, and resources into a more transparent effort to manage this issue.' well said

'if you Liked a story on a website by pressing the Like button, you’re not only sharing the content on your wall but you’re also automatically subscribing and giving permission for future newsfeed updates to site owners. This happens every time and anywhere you Like something.' ugh, spammy, Facebook

'offenders must be identified by their IP address. In his judgement, Birss cast doubt on the accuracy with which this link could be made, due to the problem of unauthorised users gaining access to a unsecured networks.' wow, the judgement that keeps on giving

'When demonstrating FareBot, many people are surprised to learn that much of the data on their ORCA card is not encrypted or protected. This fact is published by ORCA, but is not commonly known and may be of concern to some people who would rather not broadcast where they’ve been to anyone who can brush against the outside of their wallet. Transit agencies across the board should do a better job explaining to riders how the cards work and what the privacy implications are.' (via Boing Boing)

quietly passed into law on the 26th Jan.  DRI say 'the Bill requires telecommunications companies, internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; internet communications have to be retained for one year … This will impose significant costs on those obliged to retain and secure the data, and those costs will be passed on to their already hard-pressed customers. And it is likely to drive international telecommunications and internet companies to European states which have introduced far less demanding regimes.'

from Malcolm Hutty, Head of Public Affairs at LINX (UK ISP organisation). insightful and a good summary of the state of the art in ISP-hosted filtering/blocking solutions.  The final few slides are especially useful

fast work from new FF leader Micheal Martin: 'None of those who complained consented to their details being used to contact them in this way and none could establish how Fianna Fáil obtained their addresses.'

'we've built an easy way to quickly download to your computer everything you've ever posted on Facebook and all your correspondences with friends: your messages, Wall posts, photos, status updates and profile information. If you want a copy of the information you've put on Facebook for any reason, you can click a link and easily get a copy of all of it in a single download.' excellent

'Off-the-cuff bravado aimed at [4chan] has led to what must already rank as one of the worst ever data leaks, by the anti-filesharing solicitors ACS:Law' [...] 'the law firm is faced with the threat of a fine by the [UK] Information Commissioner, who is keen to use new powers that raise the maximum penalty to £500,000.'

'The country's Federal Data Protection and Information Commissioner, Hanspeter Thür, took Logistep to court and this week won a major victory. The Federal Supreme Court ruled that IP addresses are in fact personal information and that companies like Logistep can't go about slurping them up for mere civil cases like file-swapping lawsuits. Logistep must cease all current copyright infringement data collection.'

do you trust the default set of root CAs in modern web browsers? sounds like we probably shouldn't

on "Haystack", a vaporous censorship-evading product aimed at Iran's internet surveillance, which as of yet is a site soliciting donations and a lot of press, and not a lot of techie details

surprise! 'The U.S. Marshals Service admitted this week that it had surreptitiously saved tens of thousands of images recorded with a millimeter wave system at the security checkpoint of a single Florida courthouse.'

'developed for the express purpose of allowing consumers to "opt out" of the behavioral advertising delivered by our member companies' -- opt out of the top 50 or so ad programs with a couple of clicks, via Jordan Sissel. great stuff

Macromedia created a "parallel" cookie infrastructure, which is not cleared/controlled by browser cookie controls. Heinous! I had no idea. Checking mine, it was full of ad-tracking crap

'John Laker, 25, allegedly copped an eyeful of Jo Margetson, 29, when the latter "entered the X-ray machine by mistake". She was "horrified" as Laker "pressed a button to take a revealing photo" and remarked [on the size of her breasts].' as Conrad says, "who didn't see this coming?" Wonder how many other "revealing photos" are on that hard drive

Ugh, very bad idea indeed. A backchannel for spammers/phishers/attackers from the mail reader is something we definitely do not want to provide. This is why we chose to cut URLs at the registrar boundary for URIBL lookups in SpamAssassin

so, it seems the wireless ISPs don't have sufficient IPv4 space for their customers, and are filtering access to the internet via NAT; unfortunate side effect is that this breaks data retention as defined in the UK. wonder if the same applies here?

LinkMachineGo knew the true identity of Belle du Jour way back when -- and set a Google trap to ensnare snooping journos. nice work

massive fail. 'By simply disabling Javascript in his browser, he was able to [...] dump the router’s configuration file [...which] included the administrative login and password in cleartext.'

'Ohm notes, this illustrates a central reality of data collection: "data can either be useful or perfectly anonymous but never both."'

'The platform API remains fundamentally broken and gives users no way to prevent applications from accessing their photos. Facebook would be best served by fixing this instead of dismissing users’ concern for privacy as “misleading rumors.”'

'A UK firm that turns mobile messages into text faces questions over its privacy standards, technology and finances following a BBC investigation' .. 'claims to the BBC suggest that the majority of messages have been heard and transcribed by call centre staff in South Africa and the Philippines.' 'The fact that messages appear to have been read by workers outside of the European Union raises questions about the firm's data protection policy.'

according to this, a retired cop has set up a company called Lucid Intelligence with 'the records of four million Britons, and 40 million people worldwide, mostly Americans', and plans to 'charge members of the public for access to his database to check whether their data security has been breached.' How is this legal under Data Protection law? wtf