'Big Sultan' comes to 'Islamist' Turkey with new presidential surveillance center.

'Big Sultan' comes to 'Islamist' Turkey with new presidential surveillance center. (Bugun).

A center is being installed in Turkish President Recep Tayyip Erdoğan’s extravagant presidential palace, where all national security camera footage and drone surveillance will be collected and monitored.

A new Big Brother-esque surveillance center in President Recep Tayyip Erdoğan’s TRY 1.4 billion (USD 540 million) presidential palace has been completed.

The center will allow the president to monitor all 77 million citizens at all times, with its 143 different screens providing access to all MOBESE (law enforcement CCTV) cameras in all 81 municipalities, all images taken by unmanned aerial vehicles (UAV) as well as all security camera footage.

Able to directly receive information from the systems belonging to the Disaster and Emergency Management Authority (AFAD), the National Intelligence Agency (MİT), the police and the gendarmerie, the center will also be able to project a target’s personal details and information instantaneously. Hmmmm.......Big Sultan watches you......any cases of paranoia in the family? Read the full story here.

"Yes We Scan" Why Does Apple Include Government Certificate Authorities on the Mac?

"Yes We Scan" Why Does Apple Include Government Certificate Authorities on the Mac? HT: Cryptogon ; Zit Seng’s Blog:

I’ve been sitting on this information for some time, waiting to get more research done before I publish a post. But since word has come out about how Lenovo preloads what amounts to very bad spyware on their PCs, I thought I should also just go right ahead to spill the beans on the Mac.

Yes, that’s right. Superfish is bad. The problem with the Mac is only slightly related in that it also involves SSL certificates. It’s also bad, in a different way. I haven’t found out how the situation got to be like this, but I’ll just tell you what is happening.

The Certificate Authorities are usually trustworthy. Usually. Except, when you look into the list Certificate Authorities trusted by the Mac. There are the usual big name Certificate Authorities like Verisign, GeoTrust, Symantec and Thawte. But how about these ones:

Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 2
Subject: C=JP, O=Japanese Government, OU=ApplicationCA
Subject: C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root
…To be clear, the U.S. government has several more Certification Authority certificates installed in the Mac.

But governments are the good people right? Erm, I don’t know. There are people who don’t trust their own government. For example, U.S. citizens may be concerned about their NSA (or FBI) spying activities. They are afraid about the NSA being able to break encryption codes.

Well, it turns out that NSA’s job is a lot easier. There are no codes to break.

 They just intercept your communication, carry out a man-in-the-middle attack, and what else do they need? You think your HTTPS connection is securely encrypted, but wait, couldn’t the U.S. government generate a brand new fake certificate, give it to the NSA, and then serve that to you? Your web browser won’t raise any alarm bells. The SSL certificate is valid, and it is signed by a Certificate Authority that is trusted by your computer.


So, just to get this straight. Not only does the U.S. government have the privilege of intercepting any of your HTTPS connections and present valid, trusted, SSL certificates to you, the Japanese government and the Chinese government have the same privileges. Read the full story here.

The White House Wants to Issue You an Online ID.

The White House Wants to Issue You an Online ID. HT: Motherboard.

A few years back, the White House had a brilliant idea: Why not create a single, secure online ID that Americans could use to verify their identity across multiple websites, starting with local government services. 

The New York Times described it at the time as a "driver's license for the internet."

Sound convenient? It is. Sound scary? It is.

Next month, a pilot program of the "National Strategy for Trusted Identities in Cyberspace" will begin in government agencies in two US states, to test out whether the pros of a federally verified cyber ID outweigh the cons.

The goal is to put to bed once and for all our current ineffective and tedious system of using passwords for online authentication, which itself was a cure for the even more ineffective and tedious process of walking into a brick-and-mortar building and presenting a human being with two forms of paper identification.

The program is just entering a test phase with select state government agencies only (there are currently plans to expand the trial out to 10 more organizations.) 

But it's not far-fetched to think we're moving toward a standardized way to prove our identity in cyberspace the same way we do offline.

The White House argues cutting down on inefficiencies and fraud would bolster the information economy. In an era where we have cars that drive themselves and flying robots delivering beer, you have to wonder how much longer people are going to put up with standing in line at the DMV for four hours to hand a teller (with a taxpayer-paid salary) a copy of your birth certificate and piece of mail to prove you are you.

If an analysis of the pilot programs in Michigan and Pennsylvania find the centralized ID saves time and money and spares us the DMV line, privacy advocates are going to have a hell of a fight ahead of them.Read the full story here.

EU 'apparatchiks' to force Britons to publish details of wills and property......burglars popping the Champagne.

EU 'apparatchiks' to force Britons to publish details of wills and property......burglars popping the Champagne.HT: Telegraph.

New legislation planned in Brussels is set to heap fresh costs and paperwork on families’ financial planning, as well as leaving their affairs open to unwanted public scrutiny.

A European law is being drafted whose original aim was to prevent corporate money-laundering. The objective, supported by the UK, was to force companies to disclose on a register the money and other assets held inside trusts or equivalent legal arrangements.

But officials in Brussels have widened out the proposals as the bill has evolved, to include trusts. The effect could be to force millions of families to compile elaborate accounts of their assets and financial arrangements including insurance policies, property and bequests made in their wills, for entry into a register. And that register, if legislators get their way, could be made available to any member of the public.

British lawyers and tax experts are baffled by the potential implications. Most are bitterly opposed to the costs and intrusion that could result. The use of trusts or what the EU would define as “legal arrangements” is commonplace in Britain and Ireland, but not elsewhere in Europe. 

As a result many run-of-the-mill transactions between British individuals, or between individuals and financial institutions, would fall within the net of the law if applied to the UK. Similar transactions in Europe would not be affected, lawyers say.

Richard Frimston, partner at solicitors Russell-Cooke, said: “The European Parliament thinks all trusts are the work of the devil designed to aid tax dodgers. But trusts are an integral part of English law and underpin the most everyday of transactions.”Hmmmm....Robbers and potential kidnappers will love this 'database.'Read the full story here.

Google: "Gmail users cannot expect privacy while sending mails."

Google: "Gmail users cannot expect privacy while sending mails." HT: Ciol.By CIOL Bureau

Google made the statement that people can't expect privacy when sending a message to a Gmail address in a response to a class action complaint filed in multi-district litigation

SANTA MONICA, USA: In a stunning admission contained in a brief filed recently in federal court, lawyers for Google said people should not expect privacy when they send messages to a Gmail account.
Consumer Watchdog said that people who care about their email correspondents' privacy should not use the Internet giant's service.

Google's brief said: "Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient's [email provider] in the course of delivery. Indeed, 'a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties."

"Google has finally admitted they don't respect privacy," said John M. Simpson, Consumer Watchdog's Privacy Project director. "People should take them at their word; if you care about your email correspondents' privacy don't use Gmail."
Google made the statement that people can't expect privacy when sending a message to a Gmail address in a response to a class action complaint filed in multi-district litigation.
The suit says Google violates federal and state wiretap laws when the company reads emails to determine what ads to serve based on the message's content. The class action complaint was filed under seal because it details many of Google's business practices about the way it handles email.Read the full story here.

Is Your Smart Meter Spying On You?

Is Your Smart Meter Spying On You? HT: Washington's Blog  

Preface: The original intent of smart meters may been good … conserve energy by setting up a “smart grid” to maximize the efficiency of energy distribution. But there are questions about potential health effects from smart meters.  And – in this era of pervasive spying – it’s important to know where the threats to our privacy are coming from.
Burglars, Hackers and the Government All Want to See Your Smart Meter Data
NBC News reports:

Researchers examining the privacy implications of smart-meter technology found that one German provider’s devices contained vulnerabilities that allowed them to snoop on unencrypted data to determine whether or not the homeowners were home.
After signing up with the German smart-meter firm Discovergy, the researchers detected that the company’s devices transmitted unencrypted data from the home devices back to the company’s servers over an insecure link. The researchers, Dario Carluccio and Stephan Brinkhaus, intercepted the supposedly confidential and sensitive information, and, based on the fingerprint of power usage, were able to tell not only whether or not the homeowners were home, away or even sleeping, but also what movie they were watching on TV.

The New York Times points out:

Writing in Friday’s issue of the journal Science, the environmental scientist Jan Beyea foresees a world in which epidemiologists could harvest data on how people live from day to day — their use of electric blankets or microwave ovens, for example — and correlate such activities with the likelihood of developing certain health conditions. The meter data could serve as a check on information obtained from the questionnaires that are used in such studies, he said.
With data from thousands or millions of smart meters, researchers could design tools to measure how many times a day a refrigerator door was opened, relevant to dietary and obesity research, or sleep patterns, relevant to a wide range of health research, he wrote.

Network World notes:

Smart meters provide highly detailed energy-use data. The info can be used by police to find and to bust indoor pot farms, by insurance companies to determine health care premiums, and by criminals to determine if you own high-dollar appliances and when is the best time to steal them. And that’s only the tip of the potential privacy invasion iceberg.
***
In central Ohio, police file at least 60 subpoenas each month for energy-use records of people suspected in indoor marijuana growing operations, reported the Columbus Dispatch. Most of the houses with indoor pot growing operations are reportedly in quiet neighborhoods without much traffic. DEA agent Anthony Marotta said the subpoena is only one tool used to catch “grow house” operators. Police get a tip about suspicious activity, but if undercover officers don’t discover anything illegal during a stake out, then utility consumption records can be sought. “How else can I get an indicator to get probable cause if I can’t see anything?” Marotta said to reporter Dean Narciso.
***
The U.S. Department of Energy warned [PDF] that smart grid technology can provide a highly detailed household profile of energy consumption and said policies are needed to restrict utilities from sharing consumer usage data with third parties. The National Institute of Standards and Technology (NIST) outlined Potential Privacy Impacts that Arise from the Collection and Use of Smart Grid Data [PDF].
From reading it, a person might wonder if smart meters will be real-time surveillance spies. It suggests that insurance companies might use the smart meter data to determine health care premiums, such as if there is high usage at night which would indicate sleep behavior problems. Besides looking to bust pot farmers, law enforcement might use the data as “real-time surveillance to determine if residents are present and current activities inside the home.” The press might wish to see the smart meter data of celebrities. Criminals may want to see the data to determine the best time for a burglary and what high dollar appliances you might have to steal. Marketers might want the data for profiling and targeting advertisements. Creditors might want the data to determine if behavior indicates creditworthiness.
***
Lockheed Martin general manager of Energy and Cyber Services said the smart grid could include as many as 440 million new hackable points by the end of 2015, reported Computerworld.

National Geographic notes:

 ”It’s not hard to imagine a divorce lawyer subpoenaing this information, an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary,” the private nonprofit Electronic Frontier Foundation noted in a blog post about smart meters.
***
The European Union’s data protection watchdog warned earlier this year that smart meters, while bringing significant potential benefits, also could be used track whether families “are away on holiday or at work, if someone uses a specific medical device or a baby-monitor, how they like to spend their free time and so on.” The European Data Protection Supervisor urged that member states provide the public with more information on how the data is being handled.
***
The California Public Utilities Commission (CPUC) … was involved in producing a comprehensive report on privacy with the National Institute of Standards and Technology (NIST) that summarizes, often in chilling detail, the many ways in which privacy breaches could occur on the smart grid, and recommends best practices for preventing those breaches. “As Smart Grid implementations collect more granular, detailed, and potentially personal information, this information may reveal business activities, manufacturing procedures, and personal activities in a given location,” the NIST report said.

The San Francisco Chronicle reports:

Critics of “smart meters” have often warned that the advanced electricity and gas meters can invade privacy by revealing when someone is and isn’t home.
According to the American Civil Liberties Union, they have reason to worry.
The civil rights group on Wednesday reported that California’s three big, investor-owned utilities had disclosed individual account information on thousands of their customers last year, usually to government agencies armed with subpoenas.

Last year, the United States Congressional Research Service addressed some of the  issues involved:

Data recorded by smart meters must be highly detailed, and, consequently, it may show what individual appliances a consumer is using. The data must also be transmitted to electric utilities—and possibly to third parties outside of the smart grid—subjecting it to potential interception or theft as it travels over communications networks and is stored in a variety of physical locations.
These characteristics of smart meter data present privacy and security concerns that are likely to become more prevalent as government-backed initiatives expand deployment of the meters to millions of homes across the country. In the American Recovery and Reinvestment Act of 2009 (ARRA), Congress appropriated funds for the implementation of the Smart Grid Investment Grant (SGIG) program administered by the Department of Energy. This program now permits the federal government to reimburse up to 50% of eligible smart grid investments, which include the cost to electric utilities of buying and installing smart meters. In its annual report on smart meter deployment, the Federal Energy Regulatory Commission cited statistics showing that the SGIG program has helped fund the deployment of about 7.2 million meters as of September 2011.15 At completion, the program will have partially funded the installation of 15.5 million meters. By 2015, the Institute for Electric Efficiency expects that a total of 65 million smart meters will be in operation throughout the United States.

The CRS discussed some of the laws which may govern smart meter data:

If smart meter data and transmissions fall outside of the protection of the Fourth Amendment, they may still be protected from unauthorized disclosure or access under the Stored Communications Act (SCA), the Computer Fraud and Abuse Act (CFAA), and the Electronic Communications Privacy Act (ECPA). These statutes, however, would appear to permit law enforcement to access smart meter data for investigative purposes under procedures provided in the SCA, ECPA, and the Foreign Intelligence Surveillance Act (FISA), subject to certain conditions. Additionally, an electric utility’s privacy and security practices with regard to consumer data may be subject to Section 5 of the Federal Trade Commission Act (FTC Act). The Federal Trade Commission (FTC) has recently focused its consumer protection enforcement on entities that violate their privacy policies or fail to protect data from unauthorized access. This authority could apply to electric utilities in possession of smart meter data, provided that the FTC has statutory jurisdiction over them. General federal privacy safeguards provided under the Federal Privacy Act of 1974 (FPA) protect smart meter data maintained by federal agencies, including data held by federally owned electric utilities.

The CRS report notes the incompleteness of the laws applying to smart meters. And – given that the FISA court has recently been shown to rubber-stamp mass surveillance on millions of Americans without any protection – we’re not sure that the current legal protections regarding smart meter data are worth the paper they’re written on.
England is just as bad. As the Telegraph writes:

The devices, which the government plans to install in every home by 2020, will also tell energy firms what sort of appliances are being used, allowing companies to target customers who do not reduce their energy consumption.

Privacy campaigners have expressed horror at the proposals, which come as two million homes have ‘spy’ devices fitted to their rubbish bins by councils who record how much residents are recycling.

***

In its impact assessment, however, the Department for Energy and Climate Change (DECC) says there “is theoretically scope… for using the smart metering communications infrastructure to enable a variety of other services, such as monitoring of vulnerable householders by health authorities or social services departments.”
It adds: “Information from smart meters could also make it possible for a supplier to determine when electricity or gas was being used in a property and, to a degree, the types of technology that were being used within the property. This could be used to target energy efficiency advice and offers of measures, social programmes etc to householders.”
Doretta Cocks, founder of the Campaign for Weekly Waste Collection, said: “This is Orwellian. We’re already under surveillance for what we put outside the home in bins and now we could be watched for what we’re doing inside as well.
***
Guy Herbert, general secretary of NO2ID, said: “Information from smart meters might be useful to energy providers and perhaps even their customers, but there’s no reason for any public authority to have access to it – unless they’ve a warrant to do so.
“This document is a prime example of government efforts to shoehorn data sharing and feature creep into every new policy.
***
The DECC document adds households could even have their power to some appliances turned off remotely to help the national grid if there is too much demand.
***
Consumer Focus, the watchdog, has also expressed concern about the privacy implications of the meters, saying consumers are “at risk of unfair, excessive, inequitable and inefficient charging” because energy companies could use the new data to introduce more complex tariffs to maximise profits at peak times.

And the Age reports that smart meter data from Australian homeowners is shared with random companies:

Detailed information about electricity customers’ power usage, which gives insights into when a house is occupied, is being shared with third parties including mail houses, debt collectors, data processing analysts and government agencies.
Customers with smart meters who sign up for Origin Energy’s online portal must consent to their data being shared with a string of third parties. The data is stored in Australia but shared with US company Tendril, which is described by Origin as a smart energy technology provider.
Australia’s privacy watchdog said the technology could threaten people’s privacy. ”We are starting to see people voicing concern about the level of data that these meters can collect,” federal Privacy Commissioner Timothy Pilgrim said.
***
Mr Pilgrim said electricity companies had a legal responsibility to delete or ”de-identify” personal information that was no longer needed. However, an Origin spokesman said the company kept former customers’ data for retrospective queries and ”tax and compliance purposes”.
The state government aims to install smart meters – which log electricity use every half-hour – in all Victorian homes by the end of next year.
***
Customer information can only be accessed by staff involved in billing. He said the electricity retailer only shared information with third parties when they had a ”legitimate business need to do so in order to meet our service obligations to our customers”.

In the ultimate irony, one of the biggest proponents of smart meters – Northern California’s main utility, Pacific Gas & Electric – was busted in April for spying on anti-smart meter groups:

On Thursday 4th April 2013, the California Public Utilities Commission (CPUC) approved a settlement in its investigation into Pacific Gas and Electric Company (PG&E) for spying on anti-Smart Meter groups.  PG&E will be required to pay $390,000 to the state’s General Fund.
This infiltration by PG&E was part of an on-going surveillance program conducted by PG&E and Edelman, a public relations firm PG&E hired in January of 2010 in response to escalating Smart Meter complaints and problems.
As part of this program, the director of the PG&E Smart Meter program, William “Ralph” Devereaux, other PG&E employees and third parties spied on groups with the knowledge of senior PG&E staff.  PG&E employees and senior management exchanged emails insulting and demeaning the members of the anti-SmartMeter groups.  For example, these PG&E customers were referred to “insurgents.”
PG&E coordinated moving an entire Smart Meter deployment yard to derail a non-violent protest and sent an employee to surreptitiously observe and report on the reactions of the protestors, who also transmitted pictures of them to PG&E.  This “spy” expressed his pleasure in observing and taking photos of anti-SmartMeter activists.

Note: Several utilities – including Pacific Gas & Electric – allow you to opt out of the smart meter program. If you insist, they will remove the smart meter from your home.

"CHANGE" - Russia may deem civil servants’ use of Gmail, Facebook ‘high treason’.

"CHANGE" - Russia may deem civil servants’ use of Gmail, Facebook ‘high treason’.(RT).

Lower House deputy Ilya Kostunov sent letters to Deputy PM Dmitry Rogozin (who oversees the Russian defense industry sector), the heads of the Defense Ministry, Federal Security Service and the Communications Ministry with a request to make official recommendation on usage of the popular US internet services such as Gmail and Facebook and sometimes also hardware devices produced by US companies.

The politician told Izvestia daily that the instructions should be made part of the civil servants’ contracts “so that they understood that by sending information through US services they not only fill up the dossiers on themselves and their organizations but can provide aid to a foreign state or organization that are engaged in anti-Russian activities”. “This falls under article 275 of the Russian Criminal Code as this is high treason,” he added.
Persons convicted under this article face up to 20 years in prison.
The MP told reporters that in the letter he reminded ministers and state officials about the scandal involving the US National Security Agency and its classified program PRISM that collects and analyses data on the Internet. According to the newspapers that broke the story the US special services have direct access to the servers of such companies as Microsoft, Apple, Yahoo, Google, Facebook, Skype, AOL and others.
“Certainly, the heads of United States intelligence assured that they were strictly observing the law and protected US citizens’ right for privacy. But as far as foreign citizens such as Russians are concerned they and other intelligence services from NATO countries have no limitations at all” Kostunov explained.
According to the MP, foreigners were not only studying the electronic correspondence but also remotely used microphones and video cameras to learn more about the civil servants’ movement, habits, contacts and behavior.
Besides, careless handling of classified information by using free and popular internet services can lead to it falling into the hands of independent hackers, Kostunov warned.
The politician suggested the introduction of obligatory encryption for all information transferred via the internet.
Experts and public figures agreed that proper regulation is necessary. Even the chairman of the unregistered Pirate Party of Russia said that using personal accounts of free services for official state correspondence was “totally unacceptable”.
An internet presence once became a fashion among Russian officials, especially during the presidency of Dmitry Medvedev who presents himself as a keen supporter of hi-tech and the newest digital trends. At the same time, this tendency recently started to fade.
For example Deputy PM Rogozin, whose tweets never failed to make headlines in conventional media, has announced that he would no longer tweet personally leaving this to his press service.

Prime Minister Dmitry Medvedev, on the contrary, said in a recent interview that all his posts and other movements in social networks were personal. Medvedev’s Facebook account has recently gained one million likes.Read the full story here.

'Big Brother' Skype monitors your chat – Microsoft is reading everything you write.

'Big Brother' Skype monitors your chat – Microsoft is reading everything you write.HT: H-Online.

Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service. A few hours after their Skype messages, they observed the following in the server log:

65.52.100.214 - - [30/Apr/2013:19:28:32 +0200] "HEAD /.../login.html?user=tbtest&password=geheim HTTP/1.1"

Utrace map - Zoom The access is coming from systems which clearly belong to Microsoft.

Source: Utrace They too had received visits to each of the HTTPS URLs transmitted over Skype from an IP address registered to Microsoft in Redmond. URLs pointing to encrypted web pages frequently contain unique session data or other confidential information. HTTP URLs, by contrast, were not accessed. In visiting these pages, Microsoft made use of both the login information and the specially created URL for a private cloud-based file-sharing service.

In response to an enquiry from heise Security, Skype referred them to a passage from its data protection policy:

"Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links."Hmmmm......It was clear from day one why They 'removed' messenger chat.Read the full story here.

Related: Skype Denies System Upgrade Will Help Spy on Users

" Google Data Will" - How to plan what will happen to your 'private' Google data.

" Google Data Will" - How to plan what will happen to your 'private' Google data. HT: SophosSecurity.By Lisa Vaas.

Google has launched a new tool that lets users plan what will happen to their private data after they die.

Announced on Google's blog by Product Manager Andreas Tuerk on Thursday, the tool is called Inactive Account Manager.
(You have to love the humility: "Not a great name, we know," Tuerk writes.
The Googlers could have had a field day with the name, but discretion, obviously, won the day. 

One commenter's suggested name: "My Will." Better, and still classy!)

The Inactive Account Manager is located on the Google Account settings page, under the "Account Management" choice in the "Account" tab.


I had to hunt around to find it: you have to click on the option that says "Control what happens to your account when you stop using Google. Learn more and go to setup."

There, you can tell Google what to do with your Gmail messages and data from other Google services if your account becomes inactive for any reason.

One choice is to have your data deleted after periods of three, six, nine or 12 months of inactivity.
Another option is to pass on data from some or all of these services to your designated beneficiaries.Hmmmm........'Death is just the beginning'?Read the full 'Afterlife' Story here.

Video - - NSA Whistleblower: ‘Everyone Is Under Virtual Surveillance’, Including members of Congress.

HT: TheDailyBail.

The New National Identification System Is Coming.

The New National Identification System Is Coming.(OM).

“Maybe we should just brand all the babies.” With this joke, Ronald Reagan swatted down a national identification card — or an enhanced Social Security card — proposed by his attorney general in 1981. For more than three decades since, attempts to implement the proposal have all met with failure, but now national ID is back, and it’s worse than ever.

As in 1981, immigration restrictions have provided the justification. In the name of stopping illegal employment, proposals floated by a bipartisan group of senators would create both a physical national ID — an “enhanced” Social Security card — and even more menacingly an Internet-based, electronic ID that could be accessed anywhere to confirm identity.
After the election, Sen. Chuck Schumer (D-N.Y.), who is leading the Democrats immigration push, told NBC News that one of his top priorities was to “make sure that there is a non-forgeable document” for all employees. After years of pushing for one, Sen. Schumer may have broken through GOP opposition. “We’re going to have to come up with something, but the principle we all agree on,” Sen. Chuck Schumer said this week.
Sen. John McCain (R-Ariz.) told Politico that he was for “a super Social Security card that would have some sort of biometric things like a fingerprint in it.” Sen. Lindsay Graham (R-S.C.)—also, a longtime supporter of national ID — agrees. “You’ll have documents that can’t be faked,” he told CBS News after the election.
This path was the inevitable consequence of America’s broken immigration system. First, Congress made it prohibitively difficult to come. Then, unable to enforce that, they conscripted businessmen to police their workforce for them. Now that document fraud has ruined this scheme, the government wants even more surveillance.
But national ID is more than just a card with a name and number — it is a system. It must contain data collected by the government on every legal worker that compares that name and number to you. This means the federal government must start collecting biometric information: pictures, fingerprints, retina scans, DNA, and whatever else is needed to make the system work.

Even worse than a physical card, the Department of Homeland Security (DHS) and Social Security Administration (SSA) has created an electronic national ID called electronic employment verification (EEV). The current rendition is known as E-Verify, which has combined DHS’s immigration database with the SSA’s database, containing your name, address, legal status, work authorization, and social security number.
The Senate immigration bill will mandate all employers use E-Verify to check the immigration status of their employees. Right now, employers can voluntarily submit the employee’s name and number to check if they match the name and number in the system. If the names or numbers don’t match, you must take further steps to prove your identity at SSA offices.
The system creates a guilty-until-proven-innocent approach to employment that also allows DHS to monitor every worker throughout the country. Some proposed mandates would require employees who work multiple jobs to automatically visit SSA offices — the new DMVs of employment — to prove that they really do work both jobs.
“People say ‘National ID,’ ” Sen. Schumer told Politico. “[But] that’s a card that you’d have to show whenever anyone, a police officer or anyone came up to you.” Actually, that’s not true. National ID is any mandatory system that could identify you at any given time. E-Verify combined with biometrics from state DMVs or elsewhere would meet that definition.
National ID need not be shown every time you go outside — it could just be used at checkpoints, airports, and toll booths or to access the Internet, firearms, prescription drugs, jobsites, or apartment buildings. Both the federal government and several states already prohibit renting to unauthorized immigrants. Potential tenants may soon be required to pass E-Verify to obtain housing with a similar “multiple homes” check.
To argue that the same expansion of use — already being applied to the SS card — will not also apply to E-Verify is not believable. The calls for a national ID — electronic or otherwise — by these senators undermine their credibility when they claim their plan will actually stop illegal entries at the border. If it did, national ID and E-Verify would be unnecessary. America needs immigration reform, but what it doesn’t need is more bureaucracy and universal surveillance.Hmmmmm........Let's hope Pres Obama is the first to check his with E-Verify.Read the full story here.

FlashBack MFS - The Other News Jan 12 -2012: 

• Obama Plans to Create Internet ID for All Americans.(Fox).President Obama is putting plans in motion to give the Commerce Department authority to create an Internet ID for all Americans, a White House official told CNET.com.White House Cybersecurity Coordinator Howard Schmidt told the website it is "the absolute perfect spot in the U.S. government" to centralize efforts toward creating an "identity ecosystem" for the Internet.The National Strategy for Trusted Identities in Cyberspace is currently being drafted by the Obama administration and will be released by the president in a few months."We are not talking about a national ID card. We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities," Commerce Secretary Gary Locke said at an event Friday at the Stanford Institute for Economic Policy Research, according to CNET.com.Hmmmm......This is the kind of totalitarian, policestate Stalin loved.Who's going to be Beria?Read the full story here.  

FBI intent on sniffing out those who leaked possible US Stuxnet role.

FBI intent on sniffing out those who leaked possible US Stuxnet role.(NakedSecurity).by Lisa Vaas.Federal investigators in the US are tightening the screws on former senior government officials who might have leaked info about the Stuxnet worm, according to The Washington Post.
Last June, Attorney General Eric H. Holder Jr. started the inquiry into loose lips.
As Naked Security recounts here, the Stuxnet virus was seemingly created by the US, under the regime of President George W. Bush, to target Iran's nuclear facility in Natanz.
The US pulled Israel into the cyber-espionage effort, with stunning results.
Those results included slowing down and speeding up a centrifuge's delicate parts, which resulted in damage so extreme that, according to The New York Times, debris from a damaged centrifuge was laid across the conference table at the White House's Situation Room to demonstrate the malware's potential power.
But the obligingly destructive Stuxnet spun out of control and escaped into the wider world, damaging systems well beyond Iran.
In spite of the virus going maverick, President Barack Obama secretly authorized continued attacks, according to the NYT.
 The code name for the Stuxnet operation was Olympic Games.
Olympic Games, indeed: The administration's efforts to find and punish those who informed the press about Stuxnet are reaching strenuous levels.
One person familiar with the investigation told the Washington Post that prosecutors are pursuing "everybody - at pretty high levels, too... There are many people who’ve been contacted from different agencies."

That includes several current and former senior government officials. The Washington Post reports that investigators are confronting these high-level officials with evidence of contact with journalists that's based on extensive analysis of their email accounts and phone records.
Six officials have already been prosecuted for disclosing classified information, and more senior-level officials may yet be implicated.
The FBI's manhunt has been aided by increasingly sophisticated data-crunching tools to sift through huge volumes of email.
Outside of its use in investigating Olympic Games leaks, such data-crunching technology has led to one recent prison term—that of John Kiriakou, a former CIA officer sentenced on Friday to 30 months in prison for disclosing to a journalist the identity of an undercover CIA officer - and the high-profile resignation of Gen. David H. Petraeus, who resigned as CIA director after the FBI discovered emails implicating him in an extramarital affair.
Glenn Greenwald at The Guardian has written an extensive and thoughtful post about how the Stuxnet leaks investigation demonstrates, in his opinion, the Obama administration's devotion to maintaining and increasing its secrecy power.
 It's not hard to come to the same conclusion that Mother Jones did: war has been declared against whistleblowers, and the administration is taking it to what some believe are troubling extremes.

The Guardian's Greenwald writes:

"Given how subservient the federal judiciary is to government secrecy claims, it is not hyperbole to describe unauthorized leaks as the only real avenue remaining for learning about what the US government does - particularly for discovering the bad acts it commits. That is why the Obama administration is waging an unprecedented war against it - a war that continually escalates - and it is why it is so threatening."

John Brennan, Pres Obama's nominee to be the director of the CIA: "too much freedom is possible."

John Brennan, Pres Obama's nominee to be the director of the CIA: "too much freedom is possible."HT: IsraelMatzav.John Brennan, President Obama's nominee to be the director of the CIA, argued for government censorship in his graduate school thesis, claiming 'too much freedom is possible' in a discussion of Egypt in 1980 under Anwar Sadat.
In his 1980 graduate thesis at the University of Texas at Austin, John Brennan denied the existence of “absolute human rights” and argued in favor of censorship on the part of the Egyptian dictatorship.
“Since the press can play such an influential role in determining the perceptions of the masses, I am in favor of some degree of government censorship,” Brennan wrote. “Inflamatory [sic] articles can provoke mass opposition and possible violence, especially in developing political systems.”

Brennan ultimately concluded that human rights do not exist because they cannot be “classified as universal.”“The United States should be expected to pass a more strict human rights test [than Egypt] because its environment is more conducive to the realization of those rights,” Brennan concluded. “

An economic comparison between Egypt and one of its wealthy Arab neighbors such as Saudi Arabia or Kuwait would be equally unfair due to the wealth of those countries.”
“[T]he stage of economic development and political development have a direct impact on human rights,” he wrote. “The former enables a political system to offer its citizens welfare (e.g. health services) and security (e.g. military defense).” “The fact that absolute human rights do not exist (with the probable exception of freedom from torture) makes the [human rights] analysis subject to innumerable conditional criticisms,” he wrote. “The exact definition of human rights and possible justifications for violations is determined by a particular perspective. A change in perspective causes a drastic change in the analysis.”
“Human rights, therefore, does [sic] not take precedence over all other political goals,” Brennan concluded.
“Since absolute rights do not exist, any attempt by a nation to apply a human rights test to another nation (e. g. Carter administration human rights policy) is extremely difficult. Such a policy would be full of inconsistencies and therefore its implementation would be onerous.”
In other words, Brennan favors double standards. By comparison, here's what the US Declaration of Independence has to say about human rights:

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. — That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, — That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

President Obama has definitely found his ideological soulmates in John FN Kerry (who was confirmed on Tuesday), Chuck Hagel and John Brennan.Hmmm.....A man is known by the company he keeps!Read the full story here.

By the way, here's a video of Brennan talking about Hezbullah in 2006.(Hat Tip: Daily Caller).

Privacy vs. Security - EU Eyes Massive Collection of Air Passenger Data.

Privacy vs. Security - EU Eyes Massive Collection of Air Passenger Data.(Spiegel).A proposal to require European Union members to store huge amounts of data on flight passengers entering or leaving the EU will soon be up for debate, and the discussion is likely be fierce. Critics say the measure violates travelers' right to privacy. European parliamentarians next week are to debate a controversial draft law that would create massive national police databases of flight passengers entering or leaving the 27-nation European Union, including everything from addresses to meal preference.
The proposal for a "passenger name record" (PNR) would require airlines and booking agencies to hand over passenger data to national authorities, which would then routinely search for anything conspicuous. The data would be saved for five years and would include names, seat assignments, travel destinations, phone numbers, hired travel agencies and potential re-bookings, among other details.
In order to process the enormous amount of information, each individual member state would be required to delegate a national police unit to gather, save, evaluate and, when appropriate, forward the information onto other relevant authorities. The bill states that its purpose is to root out not just known terrorists, but also people "previously unsuspected of involvement in serious crime and terrorism" whose data suggests they "may be involved in such crime," like human trafficking or the drug trade.
The law would apply exclusively to flights entering and leaving the EU, not within its borders. However the European Commission said an inclusion of intra-EU flights remains a possibility.Read the full story here.

The Biggest Threat to Free Speech and Intellectual Property That You’ve Never Heard Of.

The Biggest Threat to Free Speech and Intellectual Property That You’ve Never Heard Of.(ACLU).By Sandra Fulton.As we have seen in the failed attempts of SOPA/PIPA, and the floundering Anti-Counterfeiting Trade Agreement, intellectual property (“IP”) laws are often poorly constructed, hastily proposed and ultimately both ineffective and potentially abusive.
Now, the latest threat to free speech in guise of IP reform is a multilateral trade agreement currently being negotiated (in secret) by the Office of the United States Trade Representative (“USTR”). That agreement—the Trans-Pacific Partnership, or “TPP”—would reportedly include dramatic changes to intellectual property laws, changes that could potentially permit the patenting of plants, animals, and medical procedures.
And, while some of the proposed changes run contrary to enacted federal law, the USTR is not only pushing for TPP, it is doing its best to avoid congressional oversight. For instance, they recently rebuffed a request from the staff director on the Senate Finance Committee's international trade subcommittee to review documents pertaining to the negotiations. Senator Wyden, chairman of the subcommittee, wrote:

[M]y office is responsible for conducting oversight over the USTR and trade negotiations. To do that, I asked that my staff obtain the proper security credentials to view the information that USTR keeps confidential and secret. This is material that fully describes what the USTR is seeking in the TPP talks on behalf of the American people and on behalf of Congress. More than two months after receiving the proper security credentials, my staff is still barred from viewing the details of the proposals that USTR is advancing.

USTR later gave in a bit and allowed the Senator himself to view the documents but still refused the staffer’s access.
Prominent senators aren’t the only ones being kept in the dark. Consumer and advocacy groups are also totally shut out of the negotiations, while certain interested corporations have a preferred seat at the table. As Senator Wyden further explained:

The majority of Congress is being kept in the dark as to the substance of the TPP negotiations, while representatives of U.S. corporations – like Halliburton, Chevron, PHRMA, Comcast, and the Motion Picture Association of America – are being consulted and made privy to details of the agreement.

Aside from the cloak and dagger nature of the negotiations, some of the most troubling aspects of the TPP are significant expansions of patent protections.
While we tend to hear a lot about how IP regulations will affect online content, leaked versions of TPP would require the signatory countries to permit the patenting of plants and animals as well as diagnostic, therapeutic and surgical methods of treatment of humans or animals—all without explicit limits on enforcement. Current U.S. law forbids the enforcement of surgical patents against medical practitioners for good reason. We do not want doctors wondering if they’ll be risking a patent infringement suit every time they want to try a new surgical technique.
While the ACLU believes that the First Amendment can be served by effective IP protections that provide artists, writers, scientists and other innovators and creators with the incentive to innovate and create, any IP enforcement regime must be crafted carefully and after full public deliberation. Expect to hear much more about TPP in the coming days. We’ll be digging into the leaked draft, and will continue to raise concerns with the USTR and Congress about both the secrecy of the negotiations and the substantive problems in the agreement. The patent laws must yield to the First Amendment, and it seems likely that the opposite has been true in the USTR’s efforts on TPP.Read the full story here.

President Obama's White House circulating draft of executive order on cybersecurity.

"Emperor' President Obama's White House circulating draft of executive order on cybersecurity. (TheHill).The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned. The draft proposal, which has been sent to relevant federal agencies for feedback, is a clear sign that the administration is resolved to take action on cybersecurity even as Congress remains gridlocked on legislation that would address the threat. The draft executive order would establish a voluntary program where companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government, according to two people familiar with the document. The concept builds off of a section in the cybersecurity bill from Sen. Joe Lieberman (I-Conn.) that was blocked last month by Senate Republicans, who called it a backdoor to new regulations. The draft has undergone multiple revisions and is brief, spanning no more than five pages. It is still being worked on and is subject to change, the people familiar with the draft stressed.
It's also unclear whether the final product will get the president's approval to move forward. A new draft of the executive order is expected to be shared with agencies next week. A spokeswoman for the White House declined to comment on whether a draft for a executive order was being circulated, but said it is one of the options the administration is weighing. "An executive order is one of a number of measures we’re considering as we look to implement the president’s direction to do absolutely everything we can to better protect our nation against today’s cyberthreats," said White House spokeswoman Caitlin Hayden. "We are not going to comment on ongoing internal deliberations.” "The White House needs to step back and say, 'Does this make a meaningful contribution in the near term?' " Lewis said. Additionally, he cautioned that industry would balk at electing to join a program led by DHS, which is plagued with a spotty track record when it comes to leading national security efforts. "Find me a company that says 'I'm going to voluntarily agree to be regulated by DHS.' Nobody is going to volunteer to have DHS regulate them," Lewis said.Read the full story here.

Twitter + Location = "We Know Your House".

Twitter + Location = "We Know Your House".(NSS).By Anna Brading. Yesterday, we wrote about how Michael Dell's daughter had been too open with details of her family's activities and location, and gave some advice on how to post wisely on social networks. One of our readers, James, then left a comment on the story alerting us to WeKnowYourHouse.com.
Calling itself "another social networking privacy experiment", WeKnowYourHouse scours Twitter for people using the word "home" in their tweets and picks up their associated geolocation, then publishes said tweet to its site along with information about where the tweeter is. The site tells you where the person is, plots them on a map, shows you the Google Street View picture of that location, tells you nearby places they've found on Foursquare, crime statistics for the area, local photos posted to Instagram near that location, and even shows an advert where you can "Meet local sl**s". Nice. The site promises that it only keeps the last hour of data, and then fully deletes it, but it's scary to see how much information can be compiled against someone so quickly, using information that is freely available.Read the full story here.

Want to disable Facebook facial recognition? Read this.

Want to disable Facebook facial recognition? Read this.(NakedSecurity).Facebook is acquiring facial recognition firm Face.com, for an estimated $60 million.Facebook already uses Face.com's facial recognition technology to help it put a name to faces in photos uploaded to the social network. Now, with the acquisition of Face.com, the technology is coming in house. So what does Facebook facial recognition actually do? There are billions of photographs on Facebook's servers. As your Facebook friends upload their pictures, Facebook will try to determine if any of the photos look like you. And if it finds what it believes to be a match, it may urge one of your Facebook friends to tag the photo with your name. That's what Facebook does with its facial recognition database right now. But nobody knows what it might do with it in the future. Questions which are raised by Facebook's facial recognition capabilities include how securely the database of information is stored, and how else might Facebook try to use it - including whether they might use the data to make money. So.. How can you disable Facebook's facial recognition technology? Sadly, you can't.Read the full story here.

Google Transparency Report: Government takedown requests up 103% in US," we've been asked to take down political speech.

Google Transparency Report: Government takedown requests up 103% in US,"Just like every other time before, we've been asked to take down political speech,". (Google).Google has released new data for its Transparency Report, which provides details of government requests to takedown content across the company’s websites and services.
The report — dated July-December 2011 — now includes details of government requests to take down blog posts, videos and other information on Google services during the period. It also includes all state-led requests to share other information, including user IP addresses.
Google calls the latest findings “troubling” and it notes that requests to remove political content are a trend that it is continuing to see, rather than the brief blip that it had optimistically hoped they were.
The headline focus is no doubt on the US, where Google says that it has seen a 103 percent increase in state-led takedown requests – the highest increase worldwide (CHANGE?).
Many of these are related to user’s private data, as a Google engineer explained to Forbes, and the majority were not actioned on, as the report explains."It's alarming not only because free expression is at risk, but because some of these requests come from countries you might not suspect -- Western democracies not typically associated with censorship."
Requests from Turkish information technologies officials centered on videos of the founder of modern-day Turkey, and Google responded by making the targeted clips unavailable in that country.

There’s little surprise that Pakistan, which controversially (and briefly) blocked Twitter last month, got in touch with Google about content on YouTube, albeit without success:

We received a request from the Government of Pakistan’s Ministry of Information Technology to remove six YouTube videos that satirized the Pakistan Army and senior politicians. We did not comply with this request.

Of the other requests, a bizarre one stands out from Canada:

We received a request from the Passport Canada office which unsuccessful sought to remove a YouTube video of a Canadian citizen urinating on his passport and flushing it down the toilet.

As well as these new additions, Google has added a new category for trademark-related requests. This is presumably to reflect the increasing number of requests that it receives from brands, but it will also help distinguish business-related requests from the spicier and more sinister government led communication.Read the full story here.

Who's got control of the remote?Is your TV watching you? Samsung’s latest sets with built-in cameras spark concerns.

Who's got control of the remote?Is your TV watching you? Samsung’s latest sets with built-in cameras spark concerns.(Dailymail).Samsung’s latest breed of plasmas and HDTVs may allow hackers, or even the company itself, to see and hear you and your family, and collect extremely personal data.
The new models, which are closer than ever to personal computers, offer high-tech features that have previously been unavailable, including a built-in HD camera, microphone set and face and speech recognition software.
This software allows Samsung to recognise who is viewing the TV and personalises each person’s experience accordingly. The TV also listens and responds to specific voice commands.
High-tech: Samsung’s latest sets feature built-in HD cameras, microphone sets and face and speech recognition software
But some critics have suggested that the TV company could be spying on you, or even watching and listening to you – without your knowledge – through these features.
Gary Merson, who runs website HD guru, said that because there is no way of disconnecting the camera and microphone, users cannot be 100 per cent sure that Samsung is not collecting data and passing it on to third parties.
Merson said: ‘What concerns us is the integration of both an active camera and microphone. A Samsung representative tells us you can deactivate the voice feature; however this is done via software, not a hard switch like the one you use to turn a room light on or off. ‘And unlike other TVs, which have cameras and microphones as add-on accessories connected by a single, easily removable USB cable, you can’t just unplug these sensors.suggests that the Samsung’s new models could be hacked into
‘During our demo, unless the face recognition learning feature was activated, there was no indication as to whether the camera (such as a red light) and audio mics are on. And as far as the microphone is concerned, there is no way to physically disconnect it or be assured it is not picking up your voice.’
Merson claims that this problem raises questions about whether Samsung can watch someone watching their TV, and listen to them, at will, via the microphone and internet connection.
It also sparks concerns, he says, about where Samsung stores this data that it collects and how secure it is.
He goes on to suggest that the TV sets could be hacked into if, for instance, they are run by operating systems that have a prior history of hacking.
When Samsung was approached to provide information on the set’s privacy features or the company’s policies, it did not respond.Read the full story here.