Archive for August, 2008
It’s all fun and games until it’s you under surveillance right? Well the NSA has developed a program specifically to track those journalist and bloggers who venture to talk about the department. Below are excerpts from an article revealing the program:
“NSA maintains a database that tracks unofficial and negative articles written about the agency. Code named ‘FIRSTFRUITS,’ the database is operated by the Denial and Deception (D&D) unit within SID [Signals Intelligence Division]. High priority is given to articles written as a result of possible leaks from cleared personnel.
According to those familiar with FIRSTFRUITS, Bill Gertz of The Washington Times features prominently in the database. Before [NSA Director Michael] Hayden’s reign and during the Clinton administration, Gertz was often leaked classified documents by anti-Clinton intelligence officials in an attempt to demonstrate that collusion between the administration and China was hurting U.S. national security. NSA, perhaps legitimately, was concerned that China could actually benefit from such disclosures.
In order that the database did not violate United States Signals Intelligence Directive (USSID) 18, which specifies that the names of ‘U.S. persons’ are to be deleted through a process known as minimization, the names of subject journalists were blanked out. However, in a violation of USSID 18, certain high level users could unlock the database field through a super-user status and view the ‘phantom names’ of the journalists in question. Some of the ‘source’ information in FIRSTFRUITS was classified — an indication that some of the articles in the database were not obtained through open source means. In fact, NSA insiders report that the communications monitoring tasking system known as ECHELON is being used more frequently for purely political eavesdropping having nothing to do with national security or counter terrorism.
In addition, outside agencies and a ‘second party,’ Great Britain’s Government Communications Headquarters (GCHQ) are permitted to access the journalist database,. FIRSTFRUITS was originally developed by the CIA but given to NSA to operate with CIA funding. The database soon grew to capacity, was converted from a Lotus Notes to an Oracle system, and NSA took over complete ownership of the system from the CIA.
Tens of thousands of articles are found in FIRSTFRUITS and part of the upkeep of the system has been outsourced to outside contractors, such as Booz Allen, which periodically hosts inter-agency Foreign Denial and Deception meetings within its Sensitive Compartmented Information Facility or ‘SCIF’ in Tyson’s Corner, Virginia. Currently, in addition to NSA and GCHQ, the National Geospatial-Intelligence Agency (NGA), the Defense Intelligence Agency (DIA), and National Reconnaissance Office (NRO) routinely access the database, which is, in essence, a classified and more powerful version of the commercial NEXIS news search database.
In addition to Gertz, other journalists who feature prominently in the database include Seymour Hersh of The New Yorke,; author and journalist James Bamford, James Risen of The New York Times, Vernon Loeb of The Washington Post, John C. K. Daly of UPI, and this journalist [Wayne Madsen].
August 21st, 2008
Despite the consistent coverage the RFID chip is easily hackable, the DHS remains determined to put American’s at the risk of identity theft in exchange for the chance to easily track our whereabouts by radio signal. Not to mention the ease for them to collect information.
This is exactly why they will begin collecting information recording personal data for all those that cross the border. When an US citizen opts to perfectly, legally cross the border they are also opting to engage int the following:
- All data collected by states but be shared with DHS in order to compare information
- This data will be merged and kept in a database for 15 years
- There is no opt-out policy for citizens
- Again, but do we really want the government tracking our every movement by radio signal?
The DHS’s response to privacy concerns was as follows:
“A person opts to go over the border, their information is going to be collected and held anyway,” she said. “If you don’t want to go over the border, you don’t have to.”
We have until Monday to file complaints with the DHS. Call this number to voice your concerns:202-282-8495
August 21st, 2008
Two great judge rulings today.
1. Judges have ruled in favor of the MIT students, removing the gag order. Judge O’Toole said the MBTA failed to present an adequate case for the gag order. Notably, that the students’ presentation was meant to be delivered to people, and was not a computer-to-computer “transmission.” Second, the MBTA could not prove the student’s had caused $5,000 worth of damage to the subway system.
2. Federal Judge Jerome Niedermeie in Vermont has ruled that prosecutors can’t force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase in order to hold up the Fifth Amendment.
August 20th, 2008
In response to allegation by the Massachusetts Bay Transportation Authority lawsuit, which effected censored research claims on the weakness of the RFID technology, the MIT issued the following statements. (btw taken from EFF’s site)
- The MIT students, through their Professor Ron Rivest, initiated contact with the MBTA. The students wanted to let the MBTA know what they found and wanted to provide some ideas about how to fix the system.
- The meeting referenced in the MBTA’s statement was held on Monday, not Tuesday.
- In the course of the Monday meeting, the MIT students confirmed that the DEFCON presentation would not provide technical details sufficient for others to use their research to defeat the security systems in place at the MBTA. To address the concerns raised by the MBTA, the MIT students asked DEFCON to revise the description of the presentation originally posted on the conference website.
- After the Monday meeting, the students understood that the MBTA’s concerns were resolved, and that the students were to provide a confidential vulnerability assessment by the end of the week. Contrary to the MBTA statement, the students did not believe that the MBTA wanted to see a copy of the presentation slides, and they did not agree to provide them to the MBTA.
- Between the Monday meeting and Friday, there were communications between various people involved in this dispute, including (contrary to the MBTA statement) communications between MIT Professor Rivest and the MBTA.
- The students provided the MBTA with a confidential vulnerability assessment by the end of the week and prior to their scheduled presentation, as promised. The vulnerability assessment was marked “Confidential” because the MIT students felt it was in the best interests of the MBTA to keep the information in the report confidential.
- The students did not understand that the MBTA wanted a copy of the presentation slides until Friday.
- The MBTA went to court on Friday afternoon before providing notice to the MIT students of their intent to sue, and sought an immediate hearing. The MBTA’s actions deprived the students of an opportunity to have representation in court on Friday at the initial hearing held in the federal district court in Boston. (A subsequent hearing was held Saturday morning.)
August 13th, 2008
The EFF addressed that the government continues to try and shield the public from how insecure RFID technology is today. District Judge Douglas Woodlock of the U.S. District Court in Massachusetts granted a temporary restraining order requested by the Massachusetts Bay Transit Authority for three students trying to expose the weakness in the technology..
The MBTA sought to bar three students enrolled at the Massachusetts Institute of Technology — Zack Anderson, R.J. Ryan and Alessandro Chiesa — from presenting a talk at DefCon about vulnerabilities in magnetic stripe tickets and RFID cards that are used in the MBTA’s payment system.
The MBTA feared that the students planned to teach the audience how to fraudulently use the cards without additional payments to the system.
The EFF believes the judge’s order sets a dangerous precedent. EFF staff attorney Marcia Hoffman told reporters:
“Basically, what the court is suggesting here is that giving a presentation involving security to other security researchers is a violation of federal law,” she said. “As far as I know, this is completely unprecedented, and it has a tremendous chilling effect on sharing this sort of research. . . . And we intend to fight it with everything we’ve got.”
My questions however are as follows:
- Why did the MBTA invest in such an easily corruptable technology?
- Is there any relation to the opposed use of RFID in the REAL ID linked to this?
- Seriously-this technology sucks. Why is anyone using it for transaction or identification purposes?
August 11th, 2008
Sleeping with the enemy indeed. Liberal bloggers are jumping into the fray with Ron Paul activists to create the Accountability Now PAC in order to defend civil liberties.
Here are their plans according the the New York Times Caucus:
AccountabilityNow, which aims to play a political role from which groups like the American Civil Liberties Union are barred, plans to buy print ads with the new funds criticizing Mr. Hoyer and Representative Ileana Ros-Lehtinen, a Miami-area Republican, for co-sponsoring a measure endorsing a naval blockade of Iran, and they also plan to buy space to call for Congress to look into the F.B.I.’s handling of the anthrax investigation. By 2010, AccountabilityNow hopes to field primary candidates that support its civil libertarian, anti-war positions.
I’m intrigued for sure.
August 8th, 2008
What do you get when you add FISA and the new Homeland Security Customs search practices?
Well here is an excellent way to put it from Steve Bellovin:
“…it would seem to make little difference if the information is ‘imported’ into the US via a physical laptop or via a VPN, or for that matter by a Web connection. The right to search a laptop for information, then, is equivalent to the right to tap any and all international connections, without a warrant or probable cause. (More precisely, one always has a constitutional protection against ‘unreasonable’ search and seizure; the issue is what the definition of ‘unreasonable’ is.)”
Other great article’s referring to this topic:
Here is what recently went down on an elevator ride at my work:
Elevator news reel says that Obama is planning on giving each family a $1000 reimbursement to help cover increasing energy costs
Old man in elevator: “Look here at what Obama’s planning. I can’t wait to get that.”
Me: “I’d rather he just cut taxes and fix this problem long term.”
Entire elevator: Silence accompanied by death glare
Old man started to argue but is forced to get off at his floor while the other women giggled nervously.
For the record, I’m counting it as a victory.
August 5th, 2008
