The FBI appears to have adopted an invasive Internet surveillance technique that collects far more data on innocent Americans than previously has been disclosed.
Instead of recording only what a particular suspect is doing, agents conducting investigations appear to be assembling the activities of thousands of Internet users at a time into massive databases, according to current and former officials. That database can subsequently be queried for names, e-mail addresses or keywords.
[...] Call it the vacuum-cleaner approach. It’s employed when police have obtained a court order and an Internet service provider can’t “isolate the particular person or IP address” because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department’s Computer Crime and Intellectual Property Section. (An Internet Protocol address is a series of digits that can identify an individual computer.)
In a telephone conversation afterward, Ohm said that full-pipe recording has become federal agents’ default method for Internet surveillance. “You collect wherever you can on the (network) segment,” he said. “If it happens to be the segment that has a lot of IP addresses, you don’t throw away the other IP addresses. You do that after the fact.”
“You intercept first and you use whatever filtering, data mining to get at the information about the person you’re trying to monitor,” he added.
January 30, 2007
Sony BMG Settlement [4:00 pm]
The U.S. Federal Trade Commission said on Tuesday Sony BMG agreed to settle charges that it secretly embedded potentially damaging anti-piracy software in some of its CDs.
The settlement requires Sony BMG, a joint venture of Sony Corp. (6758.T) and Germany’s Bertelsmann AG (BERT.UL), to make further disclosures, to allow consumers to exchange the CDs at issue and reimburse consumers for up to $150 to repair any damage to their computers, the FTC said.
“Consumers’ computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content,” FTC Chairman Deborah Majoras said in a statement.
The FTC Press Release, Sony BMG Settles FTC Charges, also includes links to the documents in the complaint and the settlement — In the Matter of Sony BMG Music Entertainment, a general partnership.
Business Opportunities [12:46 pm]
The developing market in exploitable software bugs — with both white hats and black hats participating: A Lively Market, Legal and Not, for Software Bugs
Companies like Microsoft do not endorse such bounty programs, but they have even bigger problems: the willingness of Internet criminals to spend large sums for early knowledge of software flaws that could provide an opening for identity-theft schemes and spam attacks.
The Japanese security firm Trend Micro said in December that it had found a Vista flaw for sale on a Romanian Web forum for $50,000. Security experts say that the price is plausible, and that they regularly see hackers on public bulletin boards or private online chat rooms trying to sell the holes they have discovered, and the coding to exploit them.
Especially prized are so-called zero-day exploits, bits of disruption coding that spread immediately because there is no known defense.
Software vendors have traditionally asked security researchers to alert them first when they find bugs in their software, so that they could issue a fix, or patch, and protect the general public. But now researchers contend that their time and effort are worth much more.
â€œTo find a vulnerability, you have to do a lot of hard work,â€ said Evgeny Legerov, founder of a small security firm, Gleg Ltd., in Moscow. â€œIf you follow what they call responsible disclosure, in most cases all you receive is an ordinary thank you or sometimes nothing at all.â€
Motives? [12:41 pm]
So, what is Google trying to accomplish, really? I can only read this as a pre-emptive strike on something, but I just don’t know what it is that Google is worried about. Google Halts â€˜Miserable Failureâ€™ Link to President Bush
Writing on the Google blog, Matt Cutts, the head of the Googleâ€™s Webspam team, said that Google bombs had not â€œbeen a very high priority for us.â€ But he added: â€œOver time, weâ€™ve seen more people assume that they are Googleâ€™s opinion, or that Google has hand-coded the results for these Google-bombed queries. Thatâ€™s not true, and it seemed like it was worth trying to correct that misperception.â€
Mr. Cutts was not available on Friday to expand on his blog, a Google spokeswoman said. A White House spokesman had no comment on the issue.
Despite the changes by Google, some other Google bombs are still operative.