Liberty Watch

  Knowing George Bush

From CNET News

A Defense Department agency recently considered--and rejected--a far-reaching plan that would sharply curtail online anonymity by tagging e-mail and Web browsing with unique markers for each Internet user.

The idea involved creating secure areas of the Internet that could be accessed only if a user had such a marker, called eDNA, according to a report in Friday's New York Times.

eDNA grew out of a private brainstorming session that included Tony Tether, president of the Defense Advanced Research Projects Agency ( DARPA ), the newspaper said, and that would have required at least some Internet users to adopt biometric identifiers such as voice or fingerprints to authenticate themselves.

A DARPA spokeswoman said on Friday that the idea, which had been proposed by the agency, was no longer being considered. We were intrigued by the difficult computing science research involved in creating network capabilities that would provide the same level of accountability in cyberspace that we now have in the physical world.

Depending on how eDNA might have been implemented, Congress could have enacted a law requiring Internet providers to offer connectivity only to authenticated users, or government regulations could have ordered that fundamental protocols such as TCP/IP be rewritten or new ones created to handle authentication techniques.

Friday's report comes as a DARPA unit, the Information Awareness Office, has come under fire for its plan to create a prototype of a massive database that would collect information about everything from Americans' credit card purchases to veterinary records and public information.

At the same time, the government has had notable success in strengthening its oversight of Internet activities. Earlier this week, the Senate passed a bill, expected to be signed by President Bush this month, to create a Department of Homeland Security in a massive reorganization of federal agencies. A portion of the bill, the Cyber Security Enhancement Act, expands the ability of police to conduct Internet or telephone eavesdropping without first obtaining a court order, and grants Internet providers more latitude to disclose information about subscribers to police.

Also this week, a secretive federal court removed procedural barriers for federal agents conducting surveillance, giving them broad authority to monitor Internet use, record keystrokes and employ other surveillance methods against terror and espionage suspects.

  Bush Baby Blair

We read in today's papers that Blair is trashing the concept of democary in favour of his 'special relationship' with the warmonger Bush. It seems a timely reminder from The Times therefore about the disrespect he shows the British people.

Britain 'leads way' in eroding privacy. By David Rowan

Individual privacy is being eroded in Britain to a far greater extent than in other developed countries, according to an international study of state surveillance in the year since September 11.

Many states have rushed through restrictive anti-terrorism and security laws in response to last year's terrorist attacks, but the Blair Government is singled out for an anti-privacy "pathology" that the report claims is leading to mass surveillance of the population.

In the 400-page report, to be published tomorrow, Privacy International, a London-based campaign group, and the US Electronic Privacy Information Center, give warning of a significant loss of personal freedom. The Privacy and Human Rights survey notes that in many of the 53 countries studied, communications surveillance has grown, intrusive "personal profiling" of individuals has increased, and data protection laws have been watered down.

The report states: In the rush to strengthen national security and to reduce the risk of future terrorist acts, governments around the world turned to legal authority and new technology to extend control over individuals. Many of these proposals have had far-reaching consequences for the protection of privacy.

The report highlights the British Government's use of the terrorist threat to introduce new requirements for personal communications data to be stored and to launch a new debate about a national identity card. David Blunkett, the Home Secretary, also sought in June to extend the Regulation of Investigatory Powers Act to allow private e-mail and telephone records to be shared among more than 1,000 government agencies. After facing strong protests, Mr Blunkett withdrew the proposal a few weeks later and announced that he had "blundered".

Simon Davies, director of Privacy International, said the report highlighted a systematic attack on the right to privacy by all levels of the British Government. The UK demonstrates a pathology of antagonism toward privacy. The rate of growth of video surveillance, communications surveillance and information collection has exceeded the growth rate in such countries as Singapore and Israel.

The erosion of privacy in Britain was not a new trend. Crime and public order laws passed in recent years have placed substantial limitations on numerous rights, including freedom of assembly, privacy, freedom of movement, the right of silence, and freedom of speech, the report states. It cites a number of illegal spying and surveillance activities by government agencies, often in violation of the European Convention on Human Rights, and estimates that 1.5 million CCTV cameras are now monitoring public spaces.

Amnesty International says today that anti-terrorism laws introduced in Britain in the wake of September 11 are inconsistent with international human rights and should be repealed.

The charity claims that the Anti-Terrorism Crime and Security Act, passed last November, contravenes fundamental human rights and calls for an immediate repeal of section 4, which empowers the Home Secretary to detain foreign nationals indefinitely, without charge or trial, if they pose a risk to national security.

  MicroShafted by Microsoft

From Silicon

Software giant Microsoft is coming under fire for its latest big brother security initiative, called Palladium.

Palladium is the name of a new system, part-hardware, part-software, which the company (in partnership with the likes of Intel) proposes be installed on every PC. It will provide high-level authentication of users, and will use encryption to control who can access content - be it Word documents or audio files.

It would also provide built-in support for the kind of digital rights management technology being promoted by the music industry to fight back against the increasingly popular P2P networks.

However, details on what exactly Microsoft is doing are scarce, as the venture was not announced with any press conference or official explanation from Microsoft. The story was given as an exclusive to US magazine Newsweek , and Microsoft still hasn't told European journalists about the technology.

But according to the article, Microsoft is supported in the venture by chip giants Intel and AMD, who will together provide the hardware component of the system. Microsoft told Newsweek the system has the potential to block viruses and spam from getting into computers.

The impact upon digital rights management is the most obvious implication of the new system. It will allow music companies to distribute content digitally and then control how it is subse quently used. The Palladium component in a computer will decide whether or not a music file has can legally be played on a certain computer. If the file is forwarded on to someone else who doesn't have the "permission" to use it, the file will simply not play.

Intel is refusing to talk specifically about Palladium. However the idea does seem to have evolved out of its Trusted Computing Platform Alliance (TCPA), which has also been plagued by gripes over civil liberties.

Microsoft will also be able to use the technology to step-up its crackdown on software piracy by linking the PC, its software and the identity of the PC owner and embedding the information in the hardware.

  Plodding All Over Your Emails

From The Observer

Millions of personal emails, other internet information and telephone records are to be made accessible to the police and intelligence services in a move that has been denounced by critics as one of the most wide-ranging extensions of state power over private information.

Plans being drawn up by Europol, the police and intelligence arm of the European Union, propose that telephone and internet firms retain millions of pieces of data - including details of visits to internet chat rooms, and of calls made on mobile phones and text messages.

In a move that has been condemned by privacy campaigners, a draft document passed to The Observer reveals that the EU is now drawing up a 'common code' on data retention which will be applicable in all member states. Security and police sources said new powers on accessing personal data will come into force in Britain towards the end of the year.

It is typical that such a significant change in the control over private information is being worked out in secret, said Dr Ian Brown, a leading expert on data privacy and director of the Foundation for Information Policy Research. It does seem to have been Britain that has put pressure on other member states to put in place this type of legislation. In 99 per cent of cases it will be used properly, but what about the other one per cent? There is not enough scrutiny of what is going on.'

The Europol document was drawn up at a private meeting of police, intelligence services and customs and excise officials from across Europe in The Hague last April. It lists 10 areas where companies will be required to keep information to help in the fight against international terrorism, domestic crime and drug running.

Companies that run internet sites will be required to retain passwords used by individuals, record which website addresses are visited, and keep details of webpages looked at and any credit card or bank details used for subscriptions. The information retained about emails will include who sent the message, where the email went, its contents and the time and date it was sent.

It is believed that Britain will push for the data to be kept for up to five years. At the moment much of it is only kept for one or two months, for billing purposes, by the companies that run internet and email services.

The internet does not recognise national boundaries and international companies don't need the confusion of dealing with separate codes in different countries. The Europol document says the use of telephones - land lines and mobiles - will be monitored. Numbers dialled, when and where they were dialled from and personal details such as the address, date of birth and bank details of the subscriber who paid for the call will also be kept.

  Flick Off Big Brother

From Ananova

New research suggests it may be possible to eavesdrop on computers just by watching the flicker of LED lights. US scientists believe it's possible to correlate the flash of light emitting diodes with the data being processed.

They say it could mean many millions of devices are vulnerable. The research is titled Information Leakage from Optical Emanations. The work suggests software-controlled LEDs can carry a modulated optical signal that echoes the flow of data.

This means attackers could gain access to classified or personal data just by watching and de-coding the flickering light. No physical access to the machine being watched is required. The paper says deciphering the flashes requires little apparatus, can be   done at a considerable distance, and is completely undetectable.

  Seedy CD Companies

From Free Press

The next time you go to buy a compact disc, better flip it over and read the fine print. There's a small but growing chance that it may not work in your CD player, thanks to new copyright protection efforts on the part of record labels.

In their continuing efforts to win the "cut off your nose to spite your face" award, labels have begun quietly releasing copy-protected compact discs that, critics say, lack the quality of traditional CDs and can fail to play in all CD decks over time. Most don't play, even when new, in computers' CD and DVD drives and some standard decks.

While most copyright-protected discs have so far been sold abroad, a small but growing number are hitting shelves locally. Universal Music Group's "More Music From The Fast and the Furious" CD carries a label warning that there might be playback problems due to the copyright protection. Universal has said that it plans to copyright protect all its discs by the end of 2002.

The copyright protection attempts to prevent illegal copies by introducing slight errors that normal CD players can compensate for, but which trip up more sensitive computer CD drives. Those errors are magnified when discs are copied to a computer hard drive, ruining the sound quality.

The new protection has a number of groups up in arms -- for example, folks who buy music legitimately and want to load it onto custom-mixed CDs and portable digital music players. The U.S. Supreme Court specifically upheld consumers' rights to copy music onto different media for their own personal use in a case several years ago, when record labels sued the makers of MP3 players.

Sony Electronics and the other creator of the CD format, Philips Electronics, have said the changes reduce the quality of CDs to the point where they should no longer carry the Compact Disc logo, a trademark that Philips controls. In the meantime, labels are trying to anticipate the problems by putting stickers on copyrighted CDs with warnings about playback trouble and issues with computer CD drives.

The music recording industry is building a track record of inconveniencing and insulting its best customers with overly broad attempts to prevent piracy.

In the meantime, watch what you buy, and don't be shy about returning discs that don't play all the CD players you own. Why not keep buying it in different shops until you get a copy that works. Consumer laws protect us from goods that are "not fit for purpose".

  Brothers in Alarm

From The Register

Privacy abusers were honoured this week in the fourth annual Big Brother Awards.

Watchdog organisation Privacy International bestows the awards to the government and private sector organisations judged to have done the most to invade personal privacy in Britain. Privacy International's Director, Simon Davies, said that through the judging it became clear that government agencies and companies have stooped to an all time low in the wilful violation of our privacy" He said the outlook for the future was grim in large part because September 11 has given organisations the opportunity to promote bad policy on the basis of fears about terrorism.

Villains

Sir Richard Wilson, the Cabinet Secretary, was judged the Worst Public Servant for his long standing commitment to opposing freedom of information, data protection and ministerial accountability.

Wilson was also up for a "Lifetime Menace award", but was beaten in that category by the national Identification and data sharing scheme, which is involved in promoting the concept of a national ID.

The Department of Education and Skills, for creating a student tracking system, beat the Home Office and the Internet Watch Foundation for the Most Heinous Government Organisation award.

The Most Appalling Project trophy went to the National Criminal Intelligence Service (NCIS), for its proposal to archive and warehouse all email, Internet and telephone call traffic records.

Controversy

The most controversial category turned out to be the Most Invasive Company award, which went to Norwich Union, following last year's controversy over the use of unapproved genetic tests to assess eligibility for life insurance. Norwich has also won the award because of its 'Pay as you Drive' satellite vehicle tracking project . It came ahead of the other contenders The Countryside Alliance and the Internet Watch Foundation.

Norwich Union says the allegations against it are incorrect. James Evans, a spokesman for Norwich Union, said that it abides by the Association of British Insurers code of practice on genetic testing. The company has never asked anyone for a genetic test, he added.

Evans said the 'Pay as you Drive' satellite vehicle tracking project was "innovative technology" and suggested that its use would be voluntary, although since the scheme is at a very early stage of development it would seem difficult to draw firm conclusions on it.

Heroes

It wasn't all bad news though. A number of people were presented with "Winston" awards for outstanding contribution to privacy protection. They were: Maurice Frankel, Campaign for Freedom of Information, Lord Andrew Phillips, The Daily Telegraph presumably for some recent liberal editorials, ex-spy David Shaylor and Ilka Schroeder, MEP.

  House Nounce

From Wired

The U.S. House of Representatives seems less in favor of putting government-mandated copy-protection technology in most consumer electronics devices, an idea proposed by Sen. Ernest Hollings (D-S.C.) that was discussed in a Senate Commerce Committee hearing last Thursday. [Mr. Coble] is concerned that this approach is too interventionist and could lead to standards which favor certain brands of software over others, and which could quickly become obsolete as technology improves or changes, a spokesman for Rep. Howard Coble, the chairman of the House Judiciary Subcommittee on Intellectual Property, told Wired News.

  Stop PoliceWare

From www.StopPoliceWare.org

The SSSCA is a bill, pushed by the entertainment industry, to be proposed in Congress by Senators Fritz Hollings (D-SC) and Ted Stevens (R-Alaska). The acronym stands for "Security Systems Standards and Certification Act".

The law would force all new personal computers and digital home entertainment devices sold in the United States to have government-approved "policeware" built-in.

This policeware would restrict your use of copyrighted material on these devices -- including music files and CD's, video clips, DVD's, e-books, and more.

You, if you're one of the millions of Americans who uses your computers to burn music CD's, listen to MP3's, share video files, etc. You'd face up to five years in federal prison and a $500,000 fine.

Think you'd be able to get around the law by removing the policeware from your personal computer? Think again -- anyone who defies the government by disabling or tampering with the policeware on their own computer, in the privacy of their own home or business, would also face five years in the slammer.

Since alternative operating systems like Linux and FreeBSD would most likely refuse to incorporate government policeware into their code, users of these open-source systems would also be eligible for hard time.

  PC Surveillance

From Reuters

Reputed mobster Nicodemo Scarfo Jr. pleaded guilty to illegal gambling recently in a New Jersey federal court, ending the case that inadvertently produced the first ruling supporting the government's right to spy on personal computers.

According to the plea agreement, Scarfo agreed to serve a minimum 33 months in prison and not to contest a longer term that may be imposed when he is sentenced June 10 by U.S. District Court. Scarfo, who remains under house arrest until the sentencing, also agreed to two to three years of supervised release following the jail term. He may also be fined as much as $250,000, or twice the gross proceeds from the illegal bookmaking operation he admitted he ran between 1998 and 1999.  By pleading guilty, Scarfo avoided a lengthy trial and a maximum eight-year prison term on an extortion charge, which the government dropped in exchange for the plea, according to his attorney.

The case began as a commonplace bookmaking case until defense attorneys demanded disclosure of FBI secret surveillance of the office computer Scarfo used to keep track of bets. Then, as the first such case in federal courts, it drew national attention to the issue of computer privacy rights vs. law enforcement's right to use secret computer technology.

Acting under a search warrant, agents broke into Scarfo's office in 1999 and installed a so-called key logger device on the computer that cracked into encrypted files. Defense attorneys argued the search was an illegal wiretap that violated Scarfo's constitutional privacy rights.

Prosecutors said "national security" was at stake and invoked the federal Classified Information Privacy Act to keep details of the surveillance secret. After six months of legal wrangling, U.S. District Court Judge Nicholas Politan ruled in the government's favor in December.

David Sobel, general counsel at the Electronic Privacy Information Center in Washington, D.C., which supported Scarfo's position, said, "I think this case gave us the first glimpse of very sophisticated government investigative techniques that are likely to become more common. Increasingly, the courts are going to be confronted with the privacy and constitutional issues raised by the use of these advanced new techniques. What the Scarfo case shows is that the techniques are going to be classified, which makes a full examination of how they work much more difficult.

  Chipping Away at Liberty

From The Scotsman

A US techology company is seeking to market the first-ever computer ID chip that can be embedded beneath a person's skin.

For airports, nuclear power plants and other high security facilities, the immediate benefits could be a security system that is close to fool-proof - but human rights groups warn that the chip could lead to encroachments on civil liberties.

The implant technology is another case of science fiction becoming fact: advocates say it would make ID cards next to impossible to counterfeit - a computer chip would be difficult to remove and mimic.

The VeriChip, produced by Florida-based Applied Digital Solutions, is yet another sign that 11 September has catapulted the science of security into an uncharted realm - with new fears for privacy. "The problem is that you always have to think about what the device will be used for tomorrow," said Lee Tien, a senior attorney for the Electronic Frontier Foundation, a pro-privacy group. "It's what we call function creep. At first a device is used for applications we all agree are good, but then it slowly is used for more than it was intended."

The line in the sand that we draw is that the use of the VeriChip would always be voluntary, said Keith Bolton, chief technology officer and a vice-president at Applied Digital. We would never provide it to a company that intended to coerce people to use it." Bolton acknowledged that the devastation of 11 September had strengthened the company's resolve to market the human chip. "It's a sad time when people have to wonder whether it's safe in their own country," he said.

The company also foresees the chip being used to help emergency workers identify a lost Alzheimer's patient or access an unconscious patient's medical history. Jeff Jacobs, a Florida man who suffers from a number of serious allergies, hopes to become the first person to purchase the chip. They [doctors] would know who to contact, they would know what medications I'm on, and it's quite a few , he said.

Applied Digital says technology to let the chip to be used for tracking is already well under development. In some countries, kidnapping has become an epidemic that limits tourism and business - and eight Latin American countries are encouraging the company to pursue the internal tracking devices.

How to get an implant

• A person or company buys the chip from Applied Digital for about $200 and the company encodes it with the desired information. The person seeking the implant takes the tiny device - about the size of a grain of rice - to their doctor, who can insert it with a large needle device.
• The doctor monitors the device for several weeks to make sure it doesn't move and no infection develops.
• The device has no power supply - it contains a 1mm magnetic coil that is activated when a scanning device is run across the skin above it. A tiny transmitter on the chip sends out the data.
• Without a scanner, the chip cannot be read. Applied Digital plans to give away chip readers to hospitals and ambulance companies, in the hope that they will become standard equipment.

  Bro Blunkett and the Police

From The Telegraph

The long-standing independence of the police from political interference is threatened by reforms proposed by the Government, according to Oliver Letwin, the Conservative home affairs spokesman. Writing in The Daily Telegraph he called on David Blunkett, the Home Secretary, to rethink key provisions of the Police Reform Bill, currently before the House of Lords.

Letwin said the Tories shared Mr Blunkett's desire for police reform and accepted that a number of outdated practices needed to be changed. But this Bill goes much further. It gives the Home Secretary of the day the power to run the operations of every police force in England and Wales.

The Bill threatened to undermine one of the cornerstones of the rule of law - the operational independence of the country's 43 chief constables. It is chief constables applying the law, rather than politicians, who determine who is arrested and for what, Letwin said.

However, Mr Blunkett was proposing to extend his powers to control the operations of individual forces by going over the heads of chief constables. The Home Secretary would be able to circumvent the police authority and direct the chief constable on a plan of action, thereby breaking the conventional lines of communication. The likely long-term effect would be to enable the Home Secretary to dictate how chief constables should run their forces, and send in Home Office officials to take over poorly-performing divisions.

Letwin questioned assurances from Mr Blunkett that he would use the powers only as a last resort. Hardly before the ink is dry on the Bill, Mr Blunkett has already threatened chief constables like Sir John Stevens, Metropolitan Police Commissioner, that he will be the first victim of the Whitehall 'hit squads' if targets on street crime and robbery are not reached.

He also served notice that the Tories would oppose Mr Blunkett's plan for a new army of uniformed civilian patrols and "community support officers", who will be given the power to detain suspects for up to 30 minutes until a police officer arrived. Mr Letwin said the changes would weaken neighbourhood policing, turning it into a low-level activity not good enough for "real" policemen to undertake.

  A Bevee of Brothers

From The Register

The great and the good, when it comes to privacy invasion, have been "honoured" for their efforts to mess up life for the rest on us online.

Privacy International has shortlisted the UK government agencies, civil servants, companies and initiatives which have done most to invade personal privacy for its fourth annual "Big Brother" awards.

Sir Richard Wilson, the Cabinet Secretary, earns a nomination as worst civil servant for his long standing commitment to opposing freedom of information, data protection and ministerial accountability . He's also up for a "lifetime menace award".

Home Secretary David Blunkett, for his patronage of the proposed national ID card and Michael Cashman MEP, for his opposition in the European Parliament to controls over email spam, are also up for consideration as worst public servant.

In the companies category The Countryside Alliance, for holding data on (among many other categories) sexual, political, religious, health, intelligence and lifestyle information on a vast range of individuals, is also up for a gong. The Internet Watch Foundation and Norwich Union, for using unapproved genetic tests for potentially fatal diseases when assessing whether to offer life cover, are also in the running.

Among the projects attracting the opprobrium of Privacy International is The National Criminal Intelligence Service (NCIS), for its proposal to archive and warehouse all email, internet and telephone call traffic records. Brickbats were also thrown at the Electoral Reform Society for the way it plans to introduce electronic voting which provides woefully scant assessment of the substantial privacy and security threats , according to Privacy International.

The Department of Education and Skills, for creating a student tracking system, The Internet Watch Foundation and (naturally) the Home Office are nominated in the most heinous government organisation category.

The awards will be judged by a panel of experts, comprising lawyers, academics, consultants, journalists and civil rights activists prior to an awards ceremony at the London School of Economics on March 4.

  Windows Gaping In

From CNET

Microsoft on Wednesday amended the privacy policy for its Windows Media Player after a noted computer security expert warned that the software keeps track of the DVD titles people watch.

In a Web advisory, computer privacy and security consultant Richard Smith detailed what he termed "a number of serious privacy problems" with the Windows Media Player for the Windows XP operating system.

The posting flagged a feature that allows Microsoft to log what DVDs play on a particular PC through the use of an electronic tracking file known as a "cookie." Each time a new DVD movie is played on a computer, the WMP software contacts a Microsoft Web server to get title and chapter information for the DVD, Smith wrote in his advisory. When this contact is made, the...server is giving an electronic fingerprint which identifies the DVD movie being watched and a cookie which uniquely identifies a particular (Windows Media Player). With (these) two pieces of information, Microsoft can track what DVD movies are being watched on a particular computer.

In addition, the player creates its own database of all DVD titles watched, Smith wrote. Smith went on to criticize the Windows Media privacy policy, which as of Tuesday did not disclose the DVD reporting feature.

In response, Microsoft said that it had changed its privacy policy Wednesday morning. "It is now amended," said David Caulton, lead product manager for Microsoft's Windows Digital Media division. As of this morning, we have updated the policy to specifically call out that DVD metadata involves a call to the network and a cookie.

The metadata at issue lets people using WMP and XP navigate through DVDs with more information than simple track numbers. The metadata, including track titles, DVD cover art, and credits, sits on the WindowsMedia.com Web site, from where the player retrieves it.

To keep track of what metadata a particular computer has already downloaded, the WindowsMedia.com server assigns the querying computer a cookie, as do most media and commerce Web sites. But until the privacy policy was amended, Microsoft did not specify how it was connecting the information it was gathering, leaving consumers and privacy and security gadflies such as Smith to spin their own scenarios.

Microsoft can be (using) DVD title information for direct marketing purposes , Smith speculated in his advisory. For example, the WMP start-up screen or e-mail offers can be customized to offer new movies to a WMP user based on previous movies they have watched. Microsoft can be keeping aggregate statistics about what DVD movies are the most popular.

Microsoft denied that the information collected would let it target individual users. One thing Smith says that's simply wrong is that e-mail offers could be customized, " Caulton said. We don't have any information about who user No. 345216436 is, so there's no way to send them e-mail.

Caulton contended that Microsoft's cookie did not give the company any individually identifying information, that customers concerned about it could disable cookies in their browser, and that the database on the computer hard drive--which lets people access downloaded DVD metadata when they're offline--was stored in a proprietary, machine-readable format that could not be easily read by a third party.

  Nanny State Workround

From The Register

Peek-A-Booty, cDc's much vaunted anonymity app, is vaporware no more - it went public at the landmark CodeCon conference in San Francisco's DNA Lounge on Sunday.

Peek-A-Booty is designed to let surfers access sites blocked by government restrictions, and is essentially, a distributed proxy network. It uses a peer-to-peer model, masking the identity of each node. So the user can route around censorship that blocks citizens' access to specific IP addresses, because the censor doesn't know they're going there. If you're a Peek-A-Booty node, you might be doing it on their behalf. So the software isn't itself a browser, but simply requires the user to use localhost in the proxy field of their preferred browser.

Working out the general architecture was the easy bit. The tricky bit, explained cDc developers Paul Baranowski and Joey De Villa, was anticipating and thwarting a wide variety of the attack measures, from outside or inside the Peek-A-Booty network itself.

Peek-A-Booty nodes send out standard SSL, so the censorware can't distinguish the request from any other secure electronic transaction: the authors describe this as a form of steganography. But a rogue node inside such a network could harvest the addresses of all the other nodes, so Peek-A-Booty deploys a "virtual circuit", borrowing ideas from the Crowds anonymous web browser.

Most P2P systems really want their nodes to be found, our problem is that you want to be found, but you really don't want to be found, said Baronowski. So Peek-A-Booty uses random forwarding based on probability - no one knows where the connection originated except the originator - and eschews time to live packets. For security, there's no attempt at initial discovery - you'll get sent details of a node by word of mouth, or from some other secure source. Baranowski and de Villa expect that citizens groups (NGOs) will become trusted servers. But as a one-time operation, you can use Peek-A-Booty to download Peek-A-Booty.

The pair are working on the code full time, so they need funding. There's a basic website , but you'll need to mail the authors to get access to CVS tree. The pair got a tremendous ovation from third day CodeCon attendees, and if it withstands attack, will be a boost for human rights. Bravo.

  Investigator

Right now, your boss, your spouse or the government could secretly be reading all your typed words - even the ones you deleted - while surreptitiously snapping your picture.

Sound alarming? The man who makes it possible is the first to agree. "It's horrifying!" said Richard Eaton, who develops, markets and even answers the technical help line for WinWhatWhere Corp. software. I'm Mr. Guard-My-Privacy, so it's kind of ironic, '' said Eaton, Every time I add a feature into it, usually it's something that I've fought against for a long time.

His qualms haven't stopped him from selling the product, though - more than 200,000 copies of it, to everyone from suspicious spouses to the FBI.

And Eaton is building ever-more-detailed monitoring tricks into his Investigator software. The latest version, released this month, can snap pictures from a WebCam, save screen shots and read keystrokes in multiple languages.

Investigator already can read every e-mail, instant message and document you send and receive, even if you delete - or never even saved - what you typed. The $99 downloadable program runs "hidden in plain sight". It changes names every so often, and files containing the information it gathers are given arbitrary old dates to make them difficult to find.

The monitor can choose to have a user's every move sent to an e-mail address, or the program can be instructed to look for keywords like "boss," "pornography" or "terrorist" and only send records when it finds those prompts.

  Patriotic Terrorists

by, Ross Regnart

Under the Patriot Act the U.S. Government can use a "new charge" to arrest Mob members. The Act---redefined "Terrorist Association" as any criminal activity that may "relate" to supporting terrorists.

For prosecution, the U.S. Patriot Act merged common criminal activity with supporting terrorism: The act states: criminals and terrorists use the same criminal networks and organizations to "Market" illegal-drugs; both participate in and have an interest in world criminal activity.

Police can now use secret evidence against anyone: The Act opened a back door for police to use "secret evidence" against non-terrorists and alleged criminals. Government need only allege an individual or organization's activities "relate" to a "criminal market' that terrorists use or depend on for their support in order to cause an arrest and/or property confiscation.

What is a "Terrorist Associate"? The Act's wording "relate to" "join" "influence on" "assist" "support" and "criminal market" are so vague, government may charge as "Terrorist Associates" both legal and illegal businesses and individuals who never intended to support terrorists. It is foreseeable "illegal drug marketers" will be charged as "Terrorist Associates" since it is appears impossible to stop terrorists from using their networks to sell drugs or other criminal activity. Under the Act police need little probable cause to arrest citizens and only a "preponderance of evidence" to confiscate their property. Police may use "secret evidence" to do both. Under such circumstances, "innocent citizens" may not be able to defend themselves" or recover their property.

Charged Defendants Under the Act start out guilty---having to prove they did not reasonably have reason to know the person(s), organization or entity they associated or networked with had committed a terrorist act or would commit one in the future.

What constitutes Terrorism under the Patriot Act may be arbitrarily decided by police: Any physical act that is legal or illegal may be alleged by police to be terrorism under 18USC 2331. Example: Union demonstrators fighting with strike breakers. No one need be injured for police to make a terrorist charge; demonstrators need only appear intended to intimidate or coerce a civilian population; or to influence the policy of a government .