A week ago, we posted news that federal prosecutors were seeking jail time for Chad Dixon, an Indiana man who made money teaching others how to pass polygraph examinations. Now, reader Frosty Piss writes that Dixon "was sentenced Friday to eight months in prison. Prosecutors described Chad Dixon as a 'master of deceit.' Prosecutors, who had asked for almost two years in prison, said Dixon crossed the line between free speech protected under the First Amendment and criminal conduct when he told some clients to conceal what he taught them while undergoing government polygraphs. Although Dixon appears to be the first charged publicly, others offering similar instruction say they fear they might be next. 'I've been worried about that, and the more this comes about, the more worried I am,' said Doug Williams, a former police polygraphist in Oklahoma who claims to be able to teach people to beat what he now considers a 'scam' test."
New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."
theodp writes "Back in the day, leprosy patients were stigmatized and shunned, quarantined from society in Leper Colonies. Those days may be long gone, but are our mapping, GPS, and social media technologies in effect helping to create modern-day 'Leper Colonies'? The recently-shuttered GhettoTracker.com (born again as Good Part of Town) generated cries of racism by inviting users to rate neighborhoods based on 'which parts of town are safe and which ones are ghetto, or unsafe'. Calling enough already with the avoid-the-ghetto apps, The Atlantic Cities' Emily Badger writes, "this idea toes a touchy line between a utilitarian application of open data and a sly wink toward people who just want to steer clear of 'those kinds of neighborhoods.'" The USPTO has already awarded avoid-crime-ridden-neighborhoods-like-the-plague patents to tech giants Microsoft, IBM, and Google. So, when it comes to navigational apps, where's the line between utility and racism? 'As mobile devices get smarter and more ubiquitous,' writes Svati Kirsten Narula, 'it is tempting to let technology make more and more decisions for us. But doing so will require us to sacrifice one of our favorite assumptions: that these tools are inherently logical and neutral...the motivations driving the algorithms may not match the motivations of those algorithms' users.' Indeed, the Google patent for Storing and Providing Routes proposes to 'remove streets from recommended directions if uploaded route information indicates that travelers seem to avoid the street.' Even faster routes that 'traverse one or more high crime areas,' Google reasons, 'may be less appealing to most travelers'."
First time accepted submitter SGT CAPSLOCK writes "It certainly seems like more and more Internet Service Providers are taking up arms to combat their customers when it comes to data usage policies. The latest member of the alliance is Mediacom here in my own part of Missouri, who has taken suit in applying a proverbial cork to their end of a tube in order to cap the bandwidth that their customers are able to use. My question: what do you do about it when every service provider in your area applies caps and other usage limitations? Do you shamefully abide, or do you fight it? And how?"
An anonymous reader writes "Using a Lego Mindstorms set, a Mac, and optical character recognition, Austrian professor Peter Purgathofer created a makeshift ebook copier. From the article: 'It's sort of a combination of high tech meets low. The scanning is done by way of the Mac's iSight camera. The Mindstorms set does two things: Hits the page-advance button on the Kindle (it appears to be an older model, like the one in the picture above), then mashes the space bar on the Mac, causing it to take a picture.' Purgathofer calls the creation a 'reflection on the loss of long established rights.' Check out the Vimeo video for a demonstration."
Do you worry that the widespread use of plate-scanning cameras might be used in ways that violate your privacy ? Now you can ratchet your worry level up a bit: Ars Technica reports that "This week, the California State Senate approved a bill that would create the nation’s first electronic license plate. Having already passed the state’s assembly, the bill now goes to Gov. Jerry Brown (D) for his signature." From the article: "The idea is that rather than have a static piece of printed metal adorned with stickers to display proper registration, the plate would be a screen that could wirelessly (likely over a mobile data network) receive updates from a central server to display that same information. In an example shown by a South Carolina vendor, messages such as 'STOLEN,' 'EXPIRED,' or something similar could also be displayed on a license plate. ... The state senator who introduced the bill, Sen. Ben Hueso, a Democrat who represents San Diego, did not respond to Ars' multiple requests for an interview or comment. It still remains unclear as to exactly why this bill was proposed and what its objectives are. The precise technical details of the program are similarly unclear, as is how long plate information would be retained and who would have access to it."
Frosty P writes "Congressman Rush D. Holt, a New Jersey Democrat, has proposed legislation (summary, full text) that would prohibit the agency from installing 'back doors' into encryption, the electronic scrambling that protects e-mail, online transactions and other communications. Representative Holt, a physicist, said Friday that he believed the NSA was overreaching and could hurt American interests, including the reputations of American companies whose products the agency may have altered or influenced. 'We pay them to spy,' Mr. Holt said. 'But if in the process they degrade the security of the encryption we all use, it's a net national disservice.'"
Ars Technica reports that security researcher Rob Graham of Errata Security, after analyzing nearly 23,000 Tor connections through an exit node that Graham controls, believes that the encryption used by a majority of Tor users could be vulnerable to NSA decryption: "About 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key," rather than stronger elliptic curve encryption. More from the article: "'Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys,' Graham wrote in a blog post published Friday. 'Assuming no "breakthroughs," the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.' He went on to cite official Tor statistics to observe that only 10 percent of Tor servers are using version 2.4 of the software. That's the only Tor release that implements elliptical curve Diffie-Hellman crypto, which cryptographers believe is much harder to break. The remaining versions use keys that are presumed to be weaker."
itwbennett writes "The federal judge presiding over the U.S. electronic books case against Apple has barred the company from striking deals that would ensure that it could undercut prices of other retailers in the e-book market and also prohibited Apple from letting any one publisher know what deals the company is striking up with other publishers. For its part, Apple said it plans to appeal the ruling (PDF), denying that it conspired to fix ebook pricing. Meanwhile, Amazon is alerting customers of their potential payout, which could be as much as $3.82 for every eligible Kindle book."
Rob @CmdrTaco Malda writes "I've been advising Epic Browser, a startup building a privacy-focused, Chrome-based browser that starts where incognito mode ends. Epic employs a host of tactics designed to make what happens inside your browser stay there, to the tune of a thousand blocks in a typical hour of browsing. They also provide a built-in proxy service. If the corporations and governments are going to watch us, there's no reason to make it any easier for them. Epic has Mac and Windows builds for now. Their site goes into far greater detail about how they block tracking methods most browsers don't."
wabrandsma writes "Quoting Bruce Schneier in the Guardian: 'The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it. Government and industry have betrayed the internet, and us. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do."
coolnumbr12 writes "The U.S. government has had enough of the Syrian Electronic Army's hacks of Western media and government outlets. A week after the SEA shut down the New York Times, the FBI Cyber Division unit has officially added the pro-Assad hacker collective to its wanted list. The FBI issued an advisory that included information about the SEA, its capabilities, and some of its more heinous attacks. The advisory also warns networks to be on the lookout for attacks, and that anyone found to be aiding the SEA will be seen as terrorists actively aiding attacks against the U.S. websites."
coondoggie writes "What might have started out a whimsical protest against government surveillance tactics has morphed into more as a small town in Colorado has found itself overwhelmed with requests and cash for a unmanned aircraft hunting license that doesn't exist."
Trailrunner7 writes "In response to a lawsuit by the Electronic Frontier Foundation, the Department of Justice is preparing to release a trove of documents related to the government's secret interpretation of Section 215 of the PATRIOT Act. The declassified documents will include previously secret opinions of the Foreign Intelligence Surveillance Court. The decision by the Justice Department to release the documents is the second legal victory in recent weeks for the EFF related to the National Security Agency's intelligence collection programs. In August, the group won the release of a 2011 FISC opinion that revealed that the court ruled that some of the NSA's collection programs were illegal and unconstitutional. The newest decision will result in the release of hundreds of pages of documents related to the way the government has been interpreting Section 215, which is the measure upon which some of the NSA's surveillance programs are based. In a status report released Wednesday regarding the EFF's suit against the Department of Justice, attorneys for the government said that they will release the documents by Sept. 10."
An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.
rjnagle writes "I'm concerned about the implications of storing personal data on Gmail, Facebook, and other social media sites. I'm less worried about individual data than the accumulating mass of data which potentially be used against me (for targeted marketing, credit reporting and who knows what else?) One solution I'm considering is just to abandon individual accounts and start clean and new gmail/facebook accounts. So while Google/Doubleclick might possess lots of data about me from 2001-2012, from this point on, they only have a clean slate. Would this kind of solution address my privacy concerns? (assuming I remove cookies, change IP address before doing so etc). Or are an individual's profile by now so unique that simply creating a new gmail or Facebook account would fail to prevent these data collection agencies from figuring out who I am? Insights and tips are appreciated."
cold fjord writes with this excerpt from The Hill: "The National Rifle Association joined the American Civil Liberties Union's lawsuit on Wednesday to end the government's massive phone record collection program. In a brief filed in federal court, the NRA argues that the National Security Agency's database of phone records amounts to a 'national gun registry.' 'It would be absurd to think that the Congress would adopt and maintain a web of statutes intended to protect against the creation of a national gun registry, while simultaneously authorizing the FBI and the NSA to gather records that could effectively create just such a registry,' the group writes. ... In its filing, the gun-rights group claims that the NSA's database would allow the government to identify and track gun owners based on whether they've called gun stores, shooting ranges or the NRA. 'Under the government's reading of Section 215, the government could simply demand the periodic submission of all firearms dealers' transaction records, then centralize them in a database indexed by the buyers' names for later searching,' the NRA writes."
An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."
hypnosec writes "A cyber defense and IT security company has claimed that the reason behind recent surge in number of clients connecting to Tor is in fact a relatively unknown botnet and not NSA or genuine adoption of Tor. In late August there was a huge increase in Tor network traffic and number of clients connecting to the Tor network. As of this writing number of connections has quadrupled with over 2,500,000 clients connecting to the network. According to Fox-it, the surge in traffic is because of a botnet dubbed 'Mevade.A,' which is known to have Tor connectivity features. The company noted that the botnet may have links to a previously detected botnet dubbed 'Sefnit,' which also featured Tor connectivity. Fox-it claimed that they have found "references that the malware is internally known as SBC to its operators.""
An anonymous reader writes "GamePolitics reports that the Postal Regulatory Commission has ordered [PDF] the U.S. Postal Service to equalize the rates paid by mailers who send round trip DVDs, and concluding (sort of) a dispute that has been underway for more than four years. The new postage rates take effect on September 30th. Some mailers, prominantly Netflix, send their round-trip movie DVDs as 'letters,' but GameFly's gaming disks are sent in slightly bigger envelopes as 'flats' to avoid breakage, and so GameFly has paid a much higher postage rate. GameFly argued that this was unfair discriminatory treatment because USPS was providing special hand-sorting treatment for Netflix disks without charging Netflix for the extra handling. But now there's a new twist: the Postal Service wants to reclassify DVD mailing [PDF] as a competitive product, where the prices would not be limited by the rate of inflation, because it says that mailed DVDs compete with the internet, streaming services, and kiosks such as Redbox. The regulatory agency is accepting responses [PDF] from interested persons until September 11th to the Postal Service's latest comments on its request [PDF]."