(INTECO) The participants of the Conference "Trust in the information Society" announce the Conclusions of Leon, a document that addresses the European Commission and Member States with the aim to draw the attention to the conclusions for the consideration of them in the development of the future European Digital Agenda. Trust in the Information Society? was divided into five sessions: Digital Life and Trust; Trustworthy networking and computing services; Management of Digital Identities in the Common European Framework; Development of the Legal Framework of the EU with regard to the Protection of Data and Privacy; International Cooperation and e-Trust.
(Guardian) Britons online are a discriminating bunch who trust specialist advice sites and their friends' social content more than the views of celebrity bloggers or tweeters, according to a survey conducted by ICM on behalf of the Guardian and first direct. The survey, of a random sample of 752 adults, asked Britons from a nationally representative online panel for their opinions on trust in the digital age. The over-riding conclusion is that we're a cautiously trusting bunch - 56% of respondents thought that "most people can be trusted", whether online or in the real world.
(Official Google Blog) In mid-December, Google detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China. However, it soon became clear that what at first appeared to be solely a security incident was something quite different. First, this attack was not just on Google.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information, rather than the content of emails themselves. Third, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
These attacks and the surveillance they have uncovered - combined with the attempts over the past year to further limit free speech on the web - have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
(BBC) A German computer scientist has published details of the secret code used to protect the conversations of more than 4bn mobile phone users. Karsten Nohl, working with other experts, has spent the past five months cracking the algorithm used to encrypt calls using GSM technology. The work could allow anyone - including criminals - to eavesdrop on private phone conversations.
(BBC) The White House has appointed its cyber tsar, following a seven-month search. Howard Schmidt, a former eBay and Microsoft executive who advised President Bush, was appointed after others turned down the job. Mr Schmidt has been set the task of uniting various disparate agencies and organisations to shore up the country's defence against cyber attack. See also Obama cyber czar choice worries about smartphones, social networking (Network World).
(BBC) Many young people are using 'proxy servers' to get round their schools' internet security systems. The free services offer instant access to banned websites, including online games and social networking. Figures suggest the use of proxies has risen sharply in recent years. Security experts are warning that pupils who log on put themselves at risk of cyber crime.
(BBC) A group claiming to be the Iranian Cyber Army managed to redirect Twitter users to its own site displaying a political message. Twitter said the attack had been carried out by getting at the servers that tell web browsers where to find particular sites. The site said it would start an investigation into what allowed the "unplanned downtime" to take place. see also Twitter hack by 'Iranian Cyber Army' is really just misdirection (Guardian).
(Associated Press) BlackBerry users in the Mideast business centers of Dubai and Abu Dhabi who were directed by their service provider to upgrade their phones were actually installing spy software that could allow outsiders to peer inside, according to the device's maker. The Abu Dhabi-based mobile service provider Etisalat, which is majority owned by the United Arab Emirates government, earlier sent text messages to BlackBerry customers in the country instructing them to follow a link to update their phones. Etisalat says it has more than 145,000 BlackBerry users in the UAE.
(Times) The identities of more than four million Britons are being offered for sale on the internet. Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers and even PINs are available to the highest bidder. At least a quarter of a million British bank and credit card accounts have been hacked into by cybercriminals, exposing consumers to huge financial losses. Most of the personal data has been gathered as a result of "phishing" - a process whereby members of the public are duped into handing over their key details, such as user names, passwords and credit card details. They are then sold to the highest bidder on online forums or hacking websites. See Identity theft: is your personal data for sale on the internet? Lucid Intelligence, Garlik etc (Improbulus).
(OUT-LAW News) The Government will create two new public bodies to help protect Government and citizens from digital security threats. It will set up one strategy body -the Office of Cyber Security (OCS) - and one operations centre to increase the UK's cyber security - the Cyber Security Operations Centre (CSOC). They will be functional by March 2010.
(BBC News) Video-sharing website YouTube has removed hundreds of pornographic videos which were uploaded in what is believed to be a planned attack. Many started with footage of children's videos before groups of adults performing graphic sex acts appeared on screen. YouTube owner Google said it was aware and addressing the problem.
(RAPID) In a video posted on her website, Viviane Reding, the European Union's Commissioner for Information Society and Media, called on Member States to act to ensure that Europe's electronic communication networks are well protected. "So far, the EU's 27 Member States have been quite negligent. Europe needs a 'Mister Cyber Security', a security tsar with authority to act immediately if a cyber attack is underway, a Cyber Cop in charge of the coordination of our forces and of developing tactical plans to improve our level of resilience." See also website of the EU Ministerial Conference on Critical Information Infrastructure Protection, Tallinn, 27-28 April 2009.
(RAPID) The Commission has released a new Communication on Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience COM (2009)149. The Commission called for action to protect critical information infrastructures by making the EU more prepared for and resistant to cyber attacks and disruptions. At the moment Member States' approaches and capacities differ widely. A low level of preparedness in one country can make others more vulnerable, while a lack of coordination reduces the effectiveness of countermeasures.
(BBC) A reward of $250,000 has been offered by Microsoft to find who is behind the Downadup/Conficker virus. Since it started circulating in October 2008 the Conficker worm has managed to infect millions of computers worldwide. The Conficker worm is a self-replicating program that takes advantage of networks or computers that have not kept up to date with Windows security patches. It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer it digs deep, setting up defences that make it hard to extract.
(BBC) Facebook's 120 million users are being targeted by a virus designed to get hold of sensitive information like credit card details. 'Koobface' spreads by sending a message to people's inboxes, pretending to be from a Facebook friend.
(OUT-LAW News) The European Commission has launched a consultation on how it can strengthen the European Union's response to computer attacks. The Commission is canvassing views ahead of a debate about an EU-wide co-ordination of computer security.
(RAPID) The European Commission has proposed legislation on establishing a Critical Infrastructure Warning Information Network (CIWIN) to strengthen information-sharing on critical infrastructure protection between EU Member States.
The proposed legislation sets up a secure information technology system managed by the Commission and hosted by the Joint Research Centre in Ispra - CIWIN - with the aim of assisting EU Member States in exchanging good practices and information on shared threats, vulnerabilities and activities to protect critical infrastructure, such as for example in the transport and energy sectors.
(Times) The Ministry of Defence faces an investigation by the Information Commissioner after the disappearance of a computer hard drive containing details of Armed Forces personnel and thousands of potential recruits. Richard Thomas, the commissioner, will decide what steps to take after the MoD has completed its own inquiry. The removable hard drive was supposed to have been stored in a secure room with only limited access to personnel with special pass codes. Officials at EDS, the world's second-biggest computer company, said it was possible that the hard drive had been taken home by an employee or moved to another part of the company's office in Hook, Hampshire. Details relating to the 100,000 serving members of the Armed Forces include bank and driving licence information, next-of- kin addresses and dates of birth.
(Guardian) MPs demanded a "cultural change" in public sector data handling after it emerged that a computer hard drive with the private details of 100,000 armed forces personnel had gone missing. The hard drive was being held by EDS, the Ministry of Defence's main IT contractor. It contains the names, addresses, passport numbers, dates of birth and driving licence details of those serving in the army, navy and RAF. It also includes next-of-kin details, as well as information on 600,000 potential services applicants and the names of referees. Officials said it may also include some bank account details.
To prevent the loss of sensitive data, organisations must change their cultures. Safeguarding data for government departments has never been an easy task but the last few weeks could lead to greater regulatory and commercial scrutiny than ever before.
(Silicon.com) Unencrypted data on all 84,000 prisoners in England and Wales has gone missing after a Home Office contractor lost a USB stick on which it had been stored. Contractor PA Consulting alerted the Home Office to the loss - and confirmed tha "rigorous" searches had failed to uncover the whereabouts of the memory stick and its cache of sensitive information. According to a Home Office statement, the missing USB stick contains: Data relating to all prisoners in England and Wales - 84,000 (names, dates of birth and in some cases, expected prison release data and date of Home Detention Curfew); Data relating to prolific and other priority offenders, approximately 10,000 individuals (names and dates of birth, but not addresses); Drug Interventions Programme data, with offenders' initials but not full names.
(Georgetown Journal of International Affairs) by Gadi Evron. What would happen if tomorrow the Internet ceased to function? To most critics, and particularly state officials and policy makers, the possibility that the Internet could one day suddenly disappear is no more than a mere speculation, a highly improbable concept. On May 2007, the events that took place in Tallinn, the capital of Estonia, proved everyone wrong. On that day, Estonia fell victim to the first-ever, real Internet war. This article delves into the political context that shaped the incident and analyzes some of the key lessons and policy implications that emerged as a consequence.
(BBC News) Web criminals are stepping back from infecting computers themselves and creating "one-stop shops" which offer gigabytes of data for a fixed price. Speaking at InfoSecurity Europe, security firm Finjan said it had seen thousands of such online services. Experts at the conference said web fraud was skyrocketing and called for police to urgently address the problem. Security guru Bruce Schneier said anti-cyber crime efforts needed to be closely allied to the scale of threats. See also Economist article.
(BBC) Web payment firm Paypal has said it will block "unsafe browsers" from using its service as part of wider anti-phishing efforts. Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it. Paypal said it was "an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4".
(Techworld.com) For the second time in a week, Russia has been named and shamed for its rising profile as a global malware hub. Last week, Sophos ranked Russia as number 2 on its league table of spam-relaying countries, behind the U.S., but well ahead of the usual suspect, China. Now Australian security company PC Tools reckons that Russia has overtaken China again, but this time as a producer of active malware such as viruses, Trojans and spyware.
(BBC) A 20-year-old ethnic Russian man is the first person to be convicted for taking part in a "cyber war" against Estonia. Dmitri Galushkevich was fined 17,500 kroons (£830) for an attack which blocked the website of the Reform Party of Prime Minister Andrus Ansip. The assault, between 25 April and 4 May 2007, was one of a series by hackers on Estonian institutions and businesses. At the time, Estonia accused the Russian government of orchestrating the attacks. Moscow denied any involvement. Kremlin spokesman Dmitry Peskov told the BBC in May 2007 that the allegations were "completely untrue".
(Times) A shadowy internet group has succeeded in taking down a Scientology website after effectively declaring war on the Church and calling for it to be destroyed. The group, which goes by the name of Anonymous, is a disparate collection of hackers and activists. It called for a wave of attacks against Scientology after accusing the Church of "campaigns of misinformation" and "suppression of dissent."
(Press Association) A new ban on Whitehall staff removing unencrypted laptops containing personal data from their offices has begun. A massive operation to ensure that civil servants comply with the new rule, laid down by Cabinet Secretary Sir Gus O'Donnell on Monday night, is now under way. As well as communicating the policy to all staff, departments will have to ensure that officials can continue to do their jobs within the constraints of the ban.This is likely to involve the encryption of large swathes of data.
(ZDNet.co.uk) Secretary of state for defence Des Browne has admitted that the laptop lost by the Ministry of Defence containing details of up to 600,000 defence personnel was not encrypted, and also that services personnel have previously lost two more laptops containing similar unencrypted recruitment information. On 9 January, the unencrypted laptop was stolen from a recruiting officer's car which had been left overnight in a car park in Edgbaston, Birmingham. The information on the stolen laptop included 3,700 people's bank details, as well as other data on up to 600,000 people, including their names. Approximately 153,000 people also had data including addresses, passport details, national insurance numbers, driver's licence details, doctors' addresses and National Health Service numbers compromised.
Police in the U.K. are in talks with the FBI about establishing an international biometric database for tracking down the world's most wanted criminals and terrorists. The so-called "server in the sky" database would share criminals' biometric data, such as fingerprints and iris scans, internationally. The Washington Post reported last month that the FBI is spending $1 billion to develop the world's largest centralized biometrics database, a system the agency calls Next Generation Identification.
(Press Association) Top Gear presenter Jeremy Clarkson has admitted he was wrong to brand the scandal of lost CDs containing the personal data of millions of Britons a "storm in a teacup" after falling victim to an internet scam. The outspoken star printed his bank details in a newspaper to try and make the point that his money would be safe and that the spectre of identity theft was a sham. He also gave instructions on how to find his address on the electoral roll and details about the car he drives. However, in a rare moment of humility Clarkson has now revealed the stunt backfired and his details were used to set up a £500 direct debit payable from his account to the British Diabetic Association. see also
Twice bitten: acts of stupidity can lead to identity theft (Cnet).
(RAPID) The Dutch Telecom Regulator OPTA has imposed a fine totalling 1 million euro on three Dutch enterprises for illegally installing software - so called spyware and adware - on more than 22 million computers in the Netherlands and elsewhere. The companies fined now by OPTA operated together under the name DollarRevenue, which was considered to be among the 10 largest spyware distributors in the world. They managed to install the software on personal computers via downloads from the Internet and by exploiting security loopholes in computer programmes. The illegally installed software allowed the companies to spy on the consumer's on line behaviour and triggered pop-up windows containing specific advertising material. Unlawful access to a personal computer to stall information such as spyware and adware is prohibited under European law, namely article 5(3) of the EU's ePrivacy Directive of 2002. National regulators are called upon to enforce this prohibition by deterrent measures. Yesterday's decision by OPTA is the first time that a national regulator has resorted to drastic fines against a company acting in violation of the EU ban.
(BBC) The details of three million candidates for the driving theory test have gone missing, Ruth Kelly has told MPs. Names, addresses and phone numbers - but not financial data - were among details on a computer hard drive which went missing in the US in May. It belonged to a contractor to the Driving Standards Agency, the transport secretary told MPs.
(Guardian) The government has offered a £20,000 reward for the safe return of two missing CDs containing personal details of half the British population.
The Metropolitan police, which has been heading the search for the data, has asked thousands of government workers to check their desks and homes "in case the package or discs have turned up".
(RAPID) Technology developments can enhance the protection of privacy and at the same time allow law enforcement authorities for a secure and timely access to information, including personal data. The Conference on Public Security, Privacy and Technology, organised by the European Commission brings together public and private sectors representatives to discuss this topics. See Closing speech on Public Security, Privacy and Technology by Franco Frattini, European Commissioner responsible for Justice, Freedom and Security. Programme.
(BBC) A huge campaign to poison web searches and trick people into visiting malicious websites has been thwarted. The booby-trapped websites came up in search results for search terms such as "Christmas gifts" and "hospice". Windows users falling for the trick risked having their machine hijacked and personal information plundered. The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.
(ZDNet.co.uk) In the wake of the largest-ever data breach to hit the UK, the Information Commissioner's Office has criticised the apparent lack of technological safeguards in government departments and called for "privacy-enhancing technologies" to be built into future projects.
(BBC) The UK government's "basic competence" has been questioned by the Tories after the loss in the post of computer discs with 25m people's personal details on them. The child benefit data on them includes names, ages, bank and address details.
(BBC) Animal rights activists are thought to be the first Britons to be asked to hand over to the police keys to data encrypted on their computers. The request for the keys is being made under the controversial Regulation of Investigatory Powers Act (RIPA). Police analysing machines seized during raids on activist's homes carried out in May have asked for the keys. The activists could face jail if they do not comply and snub a further formal request to hand over the keys.
(OUT-LAW) Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect yesterday. The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term. The measure has been criticised by civil liberties activists and security experts who say that the move erodes privacy and could lead a person to be forced to incriminate themselves.
(Economist) Hacking used to be done by kids for kicks or bragging rights. Nowadays, it's big business for organised crime, often out of reach of the law, on the far side of the world. Connect an unprotected personal computer to the internet for more than 15 seconds and it will almost certainly be attacked by a virus or worse. That's how ruthlessly effective the army of malicious robots, dispatched by criminals to scour the net for vulnerable computers, has become.
The European Commission will commit $212.16 million to research on counterterrorism technologies. The grants will cover 44 research projects, including the development of automatic surveillance systems for water distribution systems. Funding will also be allocated for the development of a European ballistic database, which will analyze and store firearms information and allow sharing of information among European police forces, the Commission said in a statement.
DirecTV lost an important case : Programmers, security researchers, and anyone who believes in a limited government won. The 9th Circuit Court of Appeals tossed out a default judgment against a pair of alleged DirecTV television pirates, saying an "unauthorized decryption device" law the company invoked against them does not apply. That law promises statutory damages of $100,000 per violation.
In a presentation before the European Parliament last week, EU security commissioner Franco Frattini outlined a new set of anti-terror proposals, including plans for a Europol explosives database, airplane passenger list databases, and legislation that would criminalize publication of bomb-making instructions on the Internet. The proposals are based on the findings of a research group that included law enforcement officials and experts from private industry.
(vnunet.com) Monster.com has admitted that the number of job seekers on its website who had their personal data stolen is greater than the 1.3 million originally reported. Monster.com kept the original attack secret for five days before alerting users to the problem. The company's database holds around 73 million CVs. Iannuzzi claimed that only a few hundred had cancelled their accounts, along with a "handful" of employers.
(ENISA) ENISA presents the 1st European report on current practices on measuring successful awareness raising initiatives in information security across the EU, with responses from 67 European organisations headquartered in 9 different countries. The main areas studied are: The importance of information security awareness, Techniques to raise information security awareness, and Mechanisms to measure the effectiveness of awareness programmes.
(Guardian) Experts are warning internet users to be more careful with their private information after secret code from the popular social-networking site Facebook was published on the internet. This is the first time that some of the site's secret operational code has been made public. Although it does not allow hackers to access private information directly, it could help criminals close in on personal data, according to one expert.
(BBC) Using public wi-fi hotspots has got much riskier as security experts unveil tools that nab login data over the air. Demonstrated at the Black Hat hacker conference in Las Vegas, the tools make it far easier to steal account details, said Robert Graham of Errata Security. Identifying files called cookies are stolen in the attack which let hackers pose as their victim. This gives attackers access to mail messages or the page someone maintains on sites such as MySpace or Facebook.
(Economist) Suppose you are a computer hacker and you discover a bug in a piece of software that, if it were known to the bad guys, would enable them to steal money or even a person's identity. How might you sell your discovery for the highest price? A service has been launched intended to make the whole process of selling bugs more transparent while giving greater rewards to hackers who do the right thing.
The US Congress really doesn't get tech. Politicians charged that peer-to-peer networks can pose a "national security threat" because they enable federal employees to share sensitive or classified documents accidentally from their computers.
(Infoworld) The GAO reports that identity theft really isn't a problem. The problem, apparently, is that the process of notifying consumers whenever their personal financial information has been compromised is confusing us simple-minded folks.
(BBC) Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts. Some cyber criminals have exploited file-sharing networks and popular webpages to attack targets.
A hacker has managed to penetrate one of the Pentagon's e-mail systems, leading officials to take up to 1,500 accounts offline. The e-mail system did not contain classified information relating to military operations, a spokesman said.
British democracy could be undermined by moves to use electronic voting in elections: the risks involved in swapping paper ballots for touch screens far outweigh any benefits they may have, says the Open Rights Group report.
(Europa) A public consultation has started on the future of ENISA, the European Network and Information Security Agency. This public consultation was announced on 1 June in a Commission Communication on the evaluation of ENISA. ENISA was established in order to enhance the capability of the Community, the Member States and consequently the business community to prevent, to address and to respond to major network and information security risks, from 14 March 2004 for an initial period of five years. The ENISA Regulation mandates an evaluation of the Agency by 17 March 2007, notably with the aim to determine whether the duration of the Agency should be extended beyond the period of five years.
(Euroap) ENISA, the European Network and Information Security Agency together with the International Telecommunication Union (ITU), is launching a new portal for IT security standards, for the first time giving Europe one, single access point for IT security standards. The project, called 'ICT Security Standards Roadmap', was initiated by the ITU Telecommunication Standardisation Sector (ITU-T). From the beginning of 2007, it became a collaborative effort between ENISA, ITU-T, and the Network and Information Security Steering Group (NISSG). One of the objectives of this security standards portal is to provide a central tracking facility for NIS standards. It facilitates identification of standards and standardization activities, as well as coordination among standardization bodies, reduction of duplicate work and easier identification of existing gaps.
NATO defense ministers agreed that fast action is needed to tackle the threat of cyberattacks on key Internet sites. Estonia suffered an onslaught of cyberattacks on private and government Internet sites, peaking in May after a decision to move a Soviet-era statue from a square in Tallinn prompted outrage from Russian nationals in Estonia and a diplomatic row with Moscow.
(Europa) A public consultation has started on the future of ENISA, the European Network and Information Security Agency. This public consultation was announced on 1 June in a Commission Communication on the evaluation of ENISA. ENISA was established in order to enhance the capability of the Community, the Member States and consequently the business community to prevent, to address and to respond to major network and information security risks, from 14 March 2004 for an initial period of five years.
The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs continues the hackers came out on top. The hacker "BtCB" posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.
On April 27, officials in Estonia relocated a Soviet-era war memorial. The move incited rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a large and sustained distributed denial-of-service attack on several Estonian national Web sites, including those of government ministries and the prime minister's Reform Party. A distributed denial-of-service, or DDoS, attack occurs when hundreds or thousands of compromised computers are enlisted.
(Guardian) A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with Nato urgently examining the offensive and its implications.
(BBC) One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis". About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code.
(BBC) Bloggers 'crossed the line' when they posted a software key that could break the encryption on some HD-DVDs, the AACS copy protection body has said. A row erupted on the internet after popular website Digg began taking down pages that its members had highlighted were carrying the key. The website said it was responding to legal "cease and desist" notices from the Advanced Access Content System. Digg's users responded by posting ever greater numbers of websites with the key, and the site eventually sided with its users. see also In Web Uproar, Antipiracy Code Spreads Wildly (New York Times);
(ITU) WSIS Action Line C5: Building Confidence and Security in the Use of ICTs. The 2nd WSIS Action Line C5 facilitation meeting will be held 14-15 May 2007 at ITU Headquarters (Room K) in Geneva, Switzerland from 9:30-17:30 both days. The meeting is open to all stakeholders and will be held in conjunction with a cluster of events 14-25 May surrounding World Telecommunication and Information Society Day (May 17th). The invitation letter and draft agenda is available here. See also Partnerships for Global Cybersecurity Web site and Background on WSIS Action Line C5.
Because British law enforcement officers don't have the authority to seize encryption keys, an increasing number of criminals are able to evade justice, a senior police officer said. Suspected terrorists, pedophiles and burglars have all walked free because encrypted data couldn't be opened. Earlier this summer, the British government announced that it plans to activate Part 3 of the Regulations of Investigatory Powers (RIP) Act, which will give the police the power, in some circumstances, to demand an encryption key from a suspect. This part of the RIP Act has been heavily criticized in the past by some security professionals and academics who believe that it is a dangerous and badly written piece of legislation that cannot be properly implemented.
(AP) An international dispute over a wireless computing standard took a bitter turn with the Chinese delegation walking out of an IEEE meeting. The delegation's walkout escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that IEEE used underhanded tactics to prevent global approval of WAPI.
(Silicon.com) A City banker at the heart of the DrinkOrDie software piracy ring has been sentenced to two-and-a-half years in prison at the Old Bailey in London. Alex Bell, 29, was one of four criminals involved in the DrinkOrDie group which cracked encryption and digital rights management code on software. Two of the others were handed lesser sentences while a third was released on a suspended sentence. The maximum penalty would have been 10 years. Although they billed themselves as latter day Robin Hood's the judge at the centre of the case said their motives were not benevolent but owed more to self-promotion and the kudos in tech circles linked to such criminal activity.
(Reuters) A German company launched a new mobile handset targeted at business executives that secures that lines are free from eavesdroppers, sparking criticism that it could also make criminals harder to catch. Berlin-based Cryptophone, a unit of privately held GSMK, developed the phone by inserting an encryption software inside a standard handheld computer phone. This ensures that calls can only be decoded by a similar handset or a computer running the software. But the phone is seen as a mixed blessing in some European countries. While the benefits for business managers exchanging sensitive information are obvious, such a device could potentially have the side effect of helping criminals. Security specialists in the Netherlands said the device could threaten criminal investigation by the Dutch police, which is one of the world's most active phone tappers, listening in to 12,000 phone numbers every year. But privacy lobbyists say the new handset is a "freedomphone" much more than a "terrorphone." "It's a tremendous step forward, because the level of surveillance by authorities is breathtaking," said Simon Davies, director of Privacy International in Britain.
(BBC) Hundreds of government laptops with potentially sensitive information are being lost or stolen, a study shows. One in 17 key public sector workers, like government or defence officials, say they have either lost theirs or had them stolen, said security firm Thales. Those who do hold on to them admit they do not use any kind of encryption to protect sensitive information.
(Economist) An explosive row over how to protect intellectual property in Europe. Should a new piece of encryption software or an internet business method be covered by patents, or do copyright and trade secrets suffice? These questions underlie a heated controversy in Europe pitting open-source advocates, software developers and academics against big software firms, intellectual property lawyers and the European Commission. Because of the row, the European Parliament has again postponed the first reading of a directive on computer-related inventions.
(EPSG) organised by British Computer Society Electronic Publishing Specialist Group and the Copyright Licensing Agency. This one-day seminar will look at the philosophical issues surrounding copyright in a digital environment (authenticity, ethics, privacy, manipulability, knowledge-sharing) and some practical aspects of safeguarding the current laws (rights management, encryption, collective administration, education). It will also enquire into the view that these laws are out-moded as well as ask what there is to replace them.
(FT) The BBC is trying to placate the concerns of Hollywood film studios at its decision to broadcast TV channels unencrypted. The concerns have stalled negotiations with the studios as the BBC seeks to secure broadcasting rights for Hollywood films.
UK - BBC channels may share listings with TV porn (BBC) The BBC has warned that its regional channels BBC Wales and BBC Scotland will be demoted to positions on the Sky on-screen guide alongside porn channels such as Playboy if TV watchdogs don't intervene. The corporation claimed BSkyB has threatened to relegate BBC1 and BBC2 to slots 214 and 215 on Sky's electronic version of the Radio Times, which 6.6 million subscribers must use find and tune into channels. The threat was made after the corporation decided to go it alone and not pay BSkyB for encryption and its slots on the programme guide. Viewers in Scotland, Wales and Northern Ireland would have to trawl through hundreds of channels to find their local versions because they would be listed in the 900s next to adult channels such as Playboy TV and Fantasy TV.
Inside Cisco's eavesdropping apparatus (CNET News.com) Cisco Systems has created a more efficient and targeted way for police and intelligence agencies to eavesdrop on people whose Internet service provider uses their company's routers.The company recently published a proposal that describes how it plans to embed "lawful interception" capability into its products. Among the highlights: Eavesdropping "must be undetectable," and multiple police agencies conducting simultaneous wiretaps must not learn of one another. If an Internet provider uses encryption to preserve its customers' privacy and has access to the encryption keys, it must turn over the intercepted communications to police in a descrambled form.
Cisco's decision to begin offering "lawful interception" capability as an option to its customers could turn out to be either good or bad news for privacy.
Keeping e-mail encryption alive (AP) Phil Zimmermann's invention for encrypting e-mail, Pretty Good Privacy, was so good that the government considered it munitions subject to tough export controls. Prosecutors threatened him with criminal charges when others leaked it overseas. The government ultimately backed off. But now, the company that makes the most popular version of PGP is the one pulling the plug.
Microsoft makes moves to avoid Brussels fine (FT) Microsoft has made concessions that addressed some of the key concerns raised by Brussels. It would make available to the industry information on two technical standards, an encryption language called Kerberos and an internet standard known as Common Internet File System.
Judge Dismisses Felten Encryption Lawsuit Against RIAA (Newsbytes A federal judge has thrown out a lawsuit by civil liberties groups who claimed that the Recording Industry Association of America (RIAA) was planning to use the Digital Millennium Copyright Act (DMCA) to keep a Princeton University professor from publishing research on security flaws in music industry anti-piracy software.
FBI software cracks encryption wall (MSNBC) The FBI is developing software capable of inserting a computer virus onto a suspect?s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as ?Magic Lantern,? enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement.
High-Tech Leaders Slam Encryption Back Door Bill (Newsbytes)
A coalition of high-tech companies urged Sen. Judd Gregg not to move forward with legislation that would give law enforcement back door access to all U.S.-made encryption products.
No Regrets About Developing PGP (Phil Zimmermann) Open letter: The Washington Post carried an article that misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.
Stopping Bin Laden: How Much Surveillance Is Too Much? (Newsbytes) Alleged terrorism mastermind Osama Bin Laden is as reliant on modern technology as were the thousands of people killed Sept. 11 in deadly terrorist hijackings according to one expert on cyber-security and encryption policy.
Opening Encryption 'Back Door' Problematic -Experts (Reuters) Lawmakers may be asked to give the FBI a "software key" to encryption technology that would allow the agency to unlock secret Internet messages but experts warn the measure would impair commerce and violate privacy right without deterring terrorism.
UK government rejects key-escrow resurrection (ZDNet UK) The Home Office has confirmed that it will not try to resurrect the key escrow debate in light of last week's terrorist attacks on America, but will continue with the enforcement of current encryption laws later this year.
Professor unveils anti-copying flaws (ZDNet News) A talk speech on cracking digital watermarks went ahead, as encryption researcher Edward Felten addressed security experts as planned at a conference in Washington, D.C.
Hong Kong Mulls Measures To Fight Computer Crime (Newsbytes)
The Hong Kong government is considering a number of legislative and other initiatives to tackle cyber crime, including forcing people to hand over encryption keys and requiring Internet service providers (ISPs) to keep subscriber records longer.
The Key to Encryption (Wired) Personal data used in online transactions is often encrypted at the least significant time. Virtually all cases of credit card theft happen when a malicious hacker gains access to an e-commerce site's server, and is then able to access the database that contains customer information -- which by then is often unencrypted and exposed. see also E-Commerce Fears? Good Reasons and DoDoes Media Fuel Buyers' Fears? .
EU proposes plan to secure Internet (CNET News.com ) In an effort to eradicate security threats to the member countries of the European Union, the European Commission released a plan to increase cooperation between members to better secure the Internet. The plan calls for more effective threat-warning systems, larger investments in security research and education, a standardized policy for encryption, and harsher punishments for cybercriminals.
EU warns on e-mail spy threat (FT) Public users of e-mail in the European Union should use encryption technology for their personal e-mails to ensure that they are not spied on by a US-led spy network called Echelon, the European parliament said.
Anti-piracy program for digital TV (Los Angeles Times) In a letter sent to the Federal Communications Commission, the Consumer Electronics Association said the majority of TV makers plan to equip their digital TVs with a new technology that can block viewers from making digital copies. FireWire raises the bar for those seeking to copy protected material. Instead of just one secret encryption key that might easily be defeated, digital cable networks will have dynamic encryption that is different for every user.
'No limits' browser planned (BBC) A group of hackers are developing a web browser that it claims will make it easier for people to circumvent censorship and avoid the attentions of law enforcers. The software, which is due to be unveiled in July, uses a combination of encryption and a Gnutella-like network to avoid any of the limits corporations and governments are trying to place on anyone using the web.
Descramble That DVD in 7 Lines (Wired) Descrambling DVDs just got even easier, thanks to a pair of MIT programmers. Using only seven lines of Perl code, Keith Winstein and Marc Horowitz have created the shortest-yet method to remove the thin layer of encryption that is designed to prevent people from watching DVDs without proper authorization.
Yahoo! shows tougher line on piracy than child porn (ZDNet UK) Internet piracy is given a higher priority, by Yahoo!, than protecting children online, it emerges this week, as the Internet portal removes 13 chatrooms found to be trading encryption techniques, whilst ignoring hundreds of paedophile groups that it was alerted to six months ago.
Music Meets Technology (EMF) Brussels 8 & 9 March 2001. Be up-to-date with the latest in online music! The European Multimedia Forum would like to invite you to participate in Europe in Music: Music Meets Technology and its Concert Gala featuring Music from Central and Eastern Europe. The Europe in Music programme brings together all actors of the online music value chain to share knowledge and become partners to legally move
music online. It is the sole initiative of this kind in Europe. Conference topics include: - Legal update; - Watermarking & encryption systems, digital rights management systems; - Payment systems and customer care tools; marketing & sales; - New distribution business models; - the PACT project, through which you can have your project funded by the EU.
Anti-virus becoming less important than content control (Register) By 2007 firms will spend more on content filtering and encryption technology than they do on anti-virus software according to a report by industry analysts Frost & Sullivan. The growth of content filtering will be driven by companies increased desire to control their employees' use of email and the Internet.
Revised encryption rules (DoC) The U.S. Department of Commerce's Bureau of Export Administration (BXA) published an amendment to its export regulations on encryption products. The new rule amends the Export Administration Requirements (EAR) and liberalizes exports and re-exports of encryption products to the fifteen European Union member states plus Australia, the Czech Republic, Hungary, Japan, New Zealand, Norway, Poland and Switzerland.