Sent from my BlackBerry® wireless device

Begin forwarded message:

From: Arrakis <arrakistor@...>
Date: September 2, 2008 10:22:37 PM GMT-04:00
To: gold-silver-crypto@...
Subject: [gsc] XeroBank CryptoRouters now available

http://xerobank.com/cryptorouter.php

Normal traffic goes in, encrypted traffic comes out.

Now it's easy to achieve communications integrity. Plug in a
CryptoRouter into your network, and all traffic passing through
it will be protected by XeroBank's Blacknet. CryptoRouters create
instant internet anonymity, and can be used to anonymously link
remote office environments through closed-group routing.

CryptoRouters are designed to be the ultimate network security
device. They extend the XeroBank network and it's protection to
wherever they are installed. All communications routed through
the CryptoRouter are transparently encrypted and anonymized. They
are equipped with the VIA Padlock encryption engine, allowing a
throughput of up to 20 Gbps of AES-256 encryption.

http://news.cnet.com/8301-1009_3-10028589-83.html

This guest post is from Marc Weber Tobias, an attorney and physical security
specialist.

If someone asks to borrow your cell phone, or you leave it unattended, beware!

http://tiny.cc/9BWAp

<http://www.nytimes.com/2008/08/30/business/30pipes.html?_r=1&oref=slogin&par
tner=rssuserland&emc=rss&pagewanted=print
>

New York Times

August 30, 2008

Internet Traffic Begins to Bypass the U.S.
By JOHN MARKOFF

SAN FRANCISCO  The era of the American Internet is ending.

----- Forwarded message from EDRI-gram newsletter <edrigram@...> -----

From: EDRI-gram newsletter <edrigram@...>
Date: Wed, 27 Aug 2008 23:01:55 +0300
To: edri-news@...
Subject: EDRI-gram newsletter - Number 6.16, 27 August 2008
X-Mailer: Microsoft Outlook Express 6.00.2900.3138

============================================================

            EDRI-gram

biweekly newsletter about digital civil rights in Europe

     Number 6.16, 27 August 2008


============================================================
Contents
============================================================

1. Italian justice wants to "seize" a foreign website
2. Cloning e-passports
3. Problems with online FoI in the Georgia-Russia conflict
4. Copyright experts against the EU extension of the copyright term
5. Call for worldwide protests against surveillance
6. UK government goes on with its plan for data retention
7. Seminar on the Telecoms Package and Network Filtering
8. Dispute between UK government and EU over the use of PNR
9. Secret reports on new five year plan for "European Home Affairs"
10. ENDitorial: Wiretapping - the Swedish way
11. Recommended Action
12. Agenda
13. About

============================================================
1. Italian justice wants to "seize" a foreign website
============================================================

In an investigation started by the Bergamo Prosecutors, an Order of the
Justice for preliminary investigation of the Court of Bergamo was issued on
1 August 2008, asking for the "seizure" of the PirateBay website, hosted
outside Italy, for displaying a collection of links to allegedly illegal
duplicated material. The order was implemented by 10 August 2008 by forcing
Italian Internet providers to block the access to that site, both to its
domain, as well as to its associated IP number.

The PirateBay owners quickly reacted and changed their IP address and set up
a new website called labaia.org (La Baia means The Bay in Italian). They
have also promoted measures to bypass the "blacklisting": "We have already
changed IP for the website - that makes it work for half the ISPs again. And
we want you all to inform your Italian friends to switch their DNS to
OpenDNS so they can bypass their ISPs filters. This will also let them
bypass the other filters installed by Italian ISPs, as a bonus."

But the case is worse, as revealed by the EDRi-member ALCEI. The
interpretation of the concept of "seizure", in an extremely extended and
seriously questionable manner, triggers a serious threat for the rights
of citizens and companies that are not, in any way, involved in this
inquiry.

ALCEI explains in a letter sent to the Italian Data Protection Authority
(Garante per la protezione dei dati personali) that the "enforcement of
the Court order, exceeded what the Justice said. Users attempting to connect
to the "seized" site are redirected to the IP number 217.144.82.26,
belonging to servers located in the United Kingdom and apparently registered
by the pro-music.org domain, a music industry association protecting their
brands and intellectual property rights. If the above is true, then a
private association, outside the Italian jurisdiction, is collecting
internet traffic data that, when matched with those retained by the ISPs,
would allow the identification and possible criminal investigation of third
parties absolutely not involved in the Bergamo's criminal case."

But besides the case as such, ALCEI also underlines the fact that this
case - per se "one among many" - is of the utmost importance when
examined in a broad perspective because it falls into a wider and long
lasting  lobby to legislators, politicians, magistrates and law
enforcement officers to share the (wrong) idea that "filtering is good
for citizen security" and the ISPs must be liable for everything that
happens on the net, whether under their direct control or not.

Italy has already passed legislation, for some years now, that goes
toward these directions (for a variety of alleged "reasons", such as the
all-purposes "minor protection excuse" or to fight "illegal" online
gambling etc. - and now, once again, for "copyright sake").
Italian politicians are pushing at the European Union level the idea of
forcing search engine providers to filter "questionable" queries.

The relevant question that the Italian EDRI members are asking is: "Is
it the case that Italy is on the edge of a civil rights aggression? Maybe
not. For a number of reasons (ignorance, disinterest, electoral
convenience) Italy seems to be more prone to copyright lobbyists
interests than other European countries."

GIP Bergamo - Decree 1 August 2008 (only in Italian, 1.08.2008)
http://www.ictlex.net/?p=934

10 August 2008, Italy blocks Pirate Bay (only in Italian,10.08.2008)
http://punto-informatico.it/2381433/PI/Brevi/10-agosto-2008-italia-blocca-pirate\
-bay.aspx

Italian authorities attempt to take on Pirate Bay (11.08.2008)
http://www.out-law.com/page-9336

Fascist state censors Pirate Bay (10.08.2008)
http://thepiratebay.org/blog/123

A complaint to the Garante per i dati personali in the "piratebay" case
(only in Italian, 16.08.2008)
http://www.alcei.it/index.php/archives/129

EDRi-gram: ENDitorial: "Frattinising" isn't the only threat (26.09.2007)
http://www.edri.org/edrigram/number5.18/frattinising

============================================================
2. Cloning e-passports
============================================================

Jeroen van Beek, a computer researcher at the University of Amsterdam, has
shown in some tests conducted for The Times that the new micro-chipped
passports, introduced in UK to protect against terrorism and organised
crime, can be easily cloned.

The researcher has succeeded in cloning the chips of two British passports
in which he introduced the pictures of Osama bin Laden and a suicide bomber
and in passing the cloned chips as genuine through Golden Reader, which is
the standard passport reader software used by the UN agency setting
standards for e-passports and which is also recommended for use at airports.
The cloning operation took less than an hour. Van Beek developed his cloning
method based on previous researches made in UK, Germany and New Zealand.

The micro-chipped passports contain a small radio frequency chip and an
antenna attached to the back page of the passport. The chip responds to an
encrypted signal sent by an electronic reader, by sending the holder's ID
and the biometric details back to the reader. Therefore, a copied chip could
be palmed at an unattended reader or a copy of a passport that hasn't even
been stolen could be used if the bearer resembled the original holder.

To any concerns expressed in relation to the safety of the data on the
e-passports, the Home Office has always argued that faked chips can be
discovered at border checkpoints because, when checked against an
international database, they would not match the key. The e-passports are
protected by a digital signature which, when altered, brings the rejection
of the passport by the reader. The validation of the signatures on
e-passports requires the exchange of PKI certificates between the
authorities of the issuing countries or the use of ICAO's PKD (Public Key
Directory) system. However, ICAO PKD system is not universally used and many
countries, UK included, use the bilateral exchange of certificates with
other countries.

The Dutch researcher not only changed the data on the e-passports but
succeeded in writing a new signature that will pass through the system,
under certain circumstances. According to the reader performances, to the
exchange of certificates between countries or to the use or not of PKD, the
signature might not even be checked.

"We're not claiming that terrorists are able to do this to all passports
today or that they will be able to do it tomorrow (...) But it does raise
concerns over security that need to be addressed in a more public and open
way" said Mr van Beek.

The flaws also contradict Home Office's claims that the 3 000 blank
passports that were stolen last week were worthless and raise questions
about the 4 billion pound ID scheme of the Government which uses the same
biometric technology. Dominic Grieve, the Shadow Home Secretary, has asked
the ministers to take urgent measures to solve the security flaws. "It is of
deep concern that the technology underpinning a key part of the UK's
security can be compromised so easily" said Grieve.

Researcher gives Elvis and bin Laden fake e-passports (6.08.2008)
http://www.theregister.co.uk/2008/08/06/epassport_alteration_demo/

'Fakeproof' e-passport is cloned in minutes (6.08.2008)
http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece

How to clone the copy-friendly biometric passport (4.08.2006)
http://www.theregister.co.uk/2006/08/04/cloning_epassports/

How to clone a biometric passport while it's still in the bag (6.03.2007)
http://www.theregister.co.uk/2007/03/06/daily_mail_passport_clone/

============================================================
3. Problems with online FoI in the Georgia-Russia conflict
============================================================

The conflict between Russia and Georgia over South Ossetia region has
extended to Internet, both countries having launched cyber-attacks and
blocking each other's broadcasting sites.

Georgian authorities have blocked access to Russian news broadcasters and
websites, the action being justified by Georgia's Interior Ministry with the
argument that Russian broadcasts would "scare our population" which the
government could not allow.

Mamia Sanadiradze, founder and CEO of Caucasus Online, the biggest Georgian
ISP, told Reuters: "People from the (Georgian) security agencies asked me to
block Russian sites. There were threats from viruses, we faced
disinformation and so on. (...) I hope that when war is over, we will
unblock these sites."

On the other hand, Georgian online news media and the Georgian government
websites have been attacked by Russian hackers,
including the President's site. In order to remain accessible, the foreign
ministry website changed its URL address.

Security researchers claim to have evidence showing a link between Russian
state businesses and the cyber-attacks against Georgia. Denial of service
attacks against Georgian websites started a day before the break out of the
military conflict over South Ossetia.

Don Jackson, a SecureWorks researcher said that logs showed that part of the
attack was run from command and control servers located on the networks of
Rostelecom and Comstar, two Russian state-run companies. "We know that the
Russian government controls those servers theoretically, if they have not
been 'pwned' by somebody else," Jackson told eWeek. The two companies made
changes in routing tables that blocked internet traffic to Georgia. The same
networks were used to launch denial of service attacks and cache poisoning
attacks against Georgian networks, according to SecureWorks.

Reporters Without Borders condemn the violation of online freedom of
information. "The Internet has become a battleground in which information is
the first victim. On the one side, the main Georgian ISPs severed access to
Russian websites. On the other side, Georgian government websites were
attacked by Russian hackers. With newspapers and radio and TV stations
putting out very little independent news, the Internet is a vital tool for
the public, so these attacks must stop at once."

Russian and Georgian websites fall victim to a war being fought online as
well as in the field (13.08.2008)
http://www.rsf.org/article.php3?id_article=28167

Georgia cuts access to Russian websites, TV news (19.08.2008)
http://www.reuters.com/article/internetNews/idUSLJ36223120080819

Georgia accuses Russia of coordinated cyberattack (11.08.2008)
http://news.cnet.com/8301-1009_3-10014150-83.html?hhTest=1

Bear prints found on Georgian cyber-attacks (14.08.2008)
http://www.theregister.co.uk/2008/08/14/russia_georgia_cyberwar_latest/

Russian cybercrooks turn on Georgia (11.08.2008)
http://www.theregister.co.uk/2008/08/11/georgia_ddos_attack_reloaded/

============================================================
4. Copyright experts against the EU extension of the copyright term
============================================================

New voices from the major copyright experts in the European universities and
research centers question the current EU proposals of extension of the
copyright term for the performing artists and sound recordings.

As previously covered in the past EDRi-gram, the first letter was addressed
to EU Commission President Jose Manuel Barroso and sent on 18 July 2008 by
the leading European centres for intellectual property research that
explained that the new measures "will damage European creative endeavour and
innovation beyond repair."

Professor Bernt Hugenholtz, Director of the Institute for Information Law
(IViR) that was commissioned by the EC to draft two major studies on the EU
copyright and policy, questioned the Commission decision, calling its
policies: "less the product of a rational decision-making process than of
lobbying by stakeholders." Prof. Hugenholtz was very unhappy about the
Commission decision that totally contradicts and ignores IViR's scientific
findings:

"As you are certainly aware, one of the aims of the 'Better Regulation'
policy that is part of the Lisbon agenda is to increase the transparency of
the EU legislative process. By wilfully ignoring scientific analysis and
evidence that was made available to the Commission upon its own initiative,
the Commission's recent Intellectual Property package does not live up to
this ambition. Indeed, the Commission's obscuration of the IViR studies and
its failure to confront the critical arguments made therein seem to reveal
an intention to mislead the Council and the Parliament, as well as the
citizens of the European Union.

In doing so the Commission reinforces the suspicion, already widely held
by the public at large, that its policies are less the product of a rational
decision-making process than of lobbying by stakeholders. This is
troublesome not only in the light of the current crisis of faith as regards
the European lawmaking institutions, but also - and particularly so - in
view of European citizens' increasingly critical attitudes towards
intellectual property law."

Further arguments against the decision come from a statement from another
leading IP centre in European - Max Planck Institute for Intellectual
Property, Competition and Tax Law. In an article that concerns the
Commission's plans to prolong the protection period for performing artists
and sound recordings, the authors emphasize that there is no specific reason
for a term extension and argue that the proposal diverts the attention from
the social problem that performing artists, in particular at
the start of their career, often have a very bad negotiation position
vs. publishers and record companies - which should be remedied by special
copyright contract law.

The document concludes in pointing out that: "no persuasive economic or
social reason can be found in favour of a term extension since extending the
term would neither increase the incentives to invest nor would it provide
financial security and a sufficient livelihood for all ageing musicians,
especially not for those who need it the most. It would rather have a
negative impact upon future creators and musicians, since they would need to
wait longer to build upon older works in order to create new ones. Besides,
a term extension would also be to the detriment of consumers and the
information society since sound recordings would be locked up for another 45
years."

Open Letter concerning European Commission's `Intellectual Property Package'
(18.08.2008)
http://www.ivir.nl/news/Open_Letter_EC.pdf

"Statement of the Max Planck Institute for Intellectual Property,
Competition and Tax Law Concerning the Commission's Plans to Prolong the
Protection Period for Performing Artists and Sound Recordings"
by Nadine Klass, Josef Drexl, Reto M. Hilty, Annette Kur and Alexander
Peukert", IIC 2008, p. 586-596.

Commission adviser accuses Barroso of intentionally misleading European
policy-makers and citizens on copyright (21.08.2008)
http://www.openrightsgroup.org/2008/08/21/commission-adviser-accuses-barroso-of-\
intentionally-misleading-european-policy-makers-and-citizens-on-copyright/

EDRi-gram: Extension of the copyright term for performers and record
producers (30.07.2008)
http://www.edri.org/edrigram/number6.15/extension-copyright-performers

============================================================
5. Call for worldwide protests against surveillance
============================================================

Civil rights organizations call for protests against the constant increase
of surveillance conducted by governments and enterprises. A rally under the
motto "Freedom not Fear" will be held in Berlin on 11 October 2008. The
organizers agree that it is high time to take to the streets in order to
defend basic constitutional rights in the light of an ongoing
intensification of security and surveillance measures. The rally turns
against the promotion of the Federal Criminal Police Office
("Bundeskriminalamt") to a central, executive police agency with the
permission to secretively spy into citizens' home computers.

After last year's demonstration for democracy and civil rights, which was
the largest in Germany in 20 years with over 15 000 participants, protesters
in several countries will, for the first time simultaneously, take to the
streets to demonstrate for their freedom. Currently, 15 countries have
announced their participation in the international action day on 11 October.
Such unanimous protests are mainly due to the ongoing shift of
politicians to push through negotiations on surveillance and control
measures behind closed doors. Among others, the international protest
criticizes the planned registration of all air travellers in the EU,
the planned delivery of data to the USA, biometric data in EU identification
documents, as well as the retention of telecommunication data such as phone
connections or a caller's whereabouts for all 455 million Europeans.

Against this political spiral of interior armament motivated by
crime-related dangers, civil society places the call for "Freedom not Fear".
A moratorium for all surveillance activities and the reduction of all mass
scale surveillance, as well as an expansion of digital rights are demanded
to protect and strengthen civil liberties. In addition, activists call for
an independent review of every single planned or existing surveillance and
control measure in terms of its effectiveness and undesired side-effects.

In the run-up to this action day, the German Work Group on Data Retention
("Arbeitskreis Vorratsdatenspeicherung") calls for participation in the
Munich demonstration "Freiheit Wei_-Blau - Stoppt den \berwachungswahn" on
20 September 2008, which targets the restrictions of the right to free
assembly and other surveillance measures in the state of Bavaria. In
addition, the OneWebDay on 22 September 2008, will serve as a means for
further mobilisation for the "Freedom not Fear" action day.

Action day "Freedom not Fear" on 11 October 2008
http://www.freedom-not-fear.eu

Planned activities for 11 October 2008
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

(Contribution by Patrick Breyer - Working Group on Data Retention - Germany)

============================================================
6. UK government goes on with its plan for data retention
============================================================

UK government intends to oblige ISPs and telephone companies to keep
Internet personal data traffic for at least 12 months and local, health
authorities and lots of other public bodies are to be given access to
details of everyone's personal Internet information.

On 15 August 2008, the Home Office published a consultation paper which
makes clear that the personal data will now be available for crime and
public order investigations and may even be used to prevent people
self-harming. Furthermore, as the measure is the result of an EU directive,
the data will be made available to public investigators across Europe.

The measure will cover VOIP as well and access to personal Internet and text
data will be available to all public bodies licensed under the 2000
Regulation of Investigatory Powers Act (RIPA), meaning that hundreds of
public bodies including local councils, health authorities, the Health and
Safety Commission, the Food Standards Agency or Ofsted (the education
standards watchdog), may require telecom companies to hand them over the
personal data.

UK government intends to go further by introducing a draft communications
bill this autumn which would require all the telecommunications companies to
hand over this data to one central "super" database. The police and other
public authorities will be able to access this database directly without
having to make a request to the company which keeps the records.

The database had been planned to be bundled with the EU Data Retention
Directive that is to be legally implemented in UK by March 2009. The
consultation paper published by the Home Office is meant to transpose the
Directive as a standalone statutory instrument. Laws made by statutory
instruments do not need a Parliament vote.

Home Office civil servants are working on plans for the central database
within the Interception Modernisation Programme (IMP). The IMP budget was
part of the intelligence agencies' undisclosed funding bid to the
Comprehensive Spending Review last year. Sources disclosed that secret
briefings gave a cost for the database that could reach nine figures.

The proposition faces opposition as many fear that a single database under
Government's control would be vulnerable to attacks or errors that may lead
to information leaks.

Chris Huhne, the Liberal Democrats' home affairs spokesman, said the
government could not be trusted with sensitive data. "We will be told it is
for use in combating terrorism and organised crime but if Ripa powers are
anything to go by, it will soon be used to spy on ordinary people's kids,
pets and bins" he said.

In the consultation paper, the Home Office also gave an estimation of a cost
of over 60 million euro that the storage of such an amount of Internet data
may be imposed on the Internet industry. Besides, the Home Office admitted
that the companies might have to store "a billion incidents of data exchange
a day". The Government has already paid about 23 million euro over five
years to telecom companies for access to data about citizens' use of phones
and the Internet.

'Snooper's charter' to check texts and emails (13.08.2008)
http://www.guardian.co.uk/uk/2008/aug/13/privacy.civilliberties/print

Home Office - A consultation paper - Final phase of the transposition of
Directive 2006/24/EC (08.2008)
http://www.statewatch.org/news/2008/aug/uk-ho-consult-mand-ret-internet.pdf

Government pays telcos #18.5 million for records retention (7.08.2008)
http://www.out-law.com/page-9333

UK.gov to spend hundreds of millions on snooping silo (19.08.2008)
http://www.theregister.co.uk/2008/08/19/ukgov_uber_database/

EDRIgram: UK Government will store all phone, Internet traffic data
(21.05.2008)
http://www.edri.org/edrigram/number6.10/uk-isp-traffic-data

EDRIgram: ICO worried about a UK Government-owned traffic data database
(4.06.2008)
http://www.edri.org/edrigram/number6.11/ico-uk-govt-database

============================================================
7. Seminar on the Telecoms Package and Network Filtering
============================================================

The telecoms package seminar on the 27 August 2008 in the European
Parliament arranged by Swedish MEP Christofer Fjellner had a remarkably
large audience. Over 100 persons came to listen to the five speakers from
both industry and civil society.

Over all, the speakers called for better understanding of the so
called "copyright amendments" to the package that allegedly have been
introduced to the detriment of the 'completion of the internal market'
for the telecoms industry. Netzpolitik.org was also streaming the event.

After the introduction by MEP Fjellner, Monica Horten from Westminster
University made clear the new technology "Deep Packet Inspection"
potentially could be used to censor the Internet in Europe just as it
does in China. Similar hardware is in place in both Chinese and
European networks. The differences are law, automation and industrial
rather than political programming.

Eddan Katz from Electronic Frontier Foundation warned that public
interest values and the hopes for a transforming participative web
would be squashed if the language in the package is not being cleared
up.

Jeffery Lawrence from Intel's main point was that the conflict between
rightsholders and technology industry is not new, but that the
principle of policing consumers is new. Would Europe consider such
policy, there is indeed a need for discussion and analysis beyond the
traditional conflict mentioned.

Nuria Rodriguez Murillo from BEUC urged the European parliament to
ensure legal certainty for consumers, as well as standing up for the
principle already voted on in the so called Bono report which states
that people should not be cut of the Internet.

The last speaker Francisco Mingorance from Business Software Alliance
warned against the French model where technology mandates are
introduced by the state or by courts. Such mandating could overrule
copyright licences like the GPL.

It is unclear whether the Members of the European Parliament will even
agree on the existence of the "copyright amendments" in the upcoming
plenary debate next week. Netizens, as well as citizens, of Europe
should keep their fingers crossed that their legislators know what
they are voting on in three weeks time. Hopefully, to quote Monica
Horten, our MEPs will say "As policy-makers, we have a duty to promote
the vibrant and open character of the Internet."

Seminar on the Telecoms Package and Network Filtering
http://www.european-agenda.com/events/22414.php

Event stream by Netzpolitik
http://netzpolitik.org/2008/live-aus-dem-ep-seminar-on-internet-filtering/

Deep Packet Inspection
http://en.wikipedia.org/wiki/Deep_packet_inspection

(Contribution by Erik Josefsson - Sweden)

============================================================
8. Dispute between UK government and EU over the use of PNR
============================================================

UK Government fights EU proposals to restrict the way it uses passenger name
record (PNR) information to monitor immigration, claiming that the data it
collects is crucial to control cross-border movements.

With the EU planning to make all European states share PNR data, UK
government argues there is a "real risk" the action "would degrade e-Borders
by prohibiting the use of PNR data for combating immigration offences". A
spokeswoman for the Home Office stated: "The collection of passenger name
records is a vital tool in Britain's fight against organised crime,
terrorism and immigration offenders."

UK wants to go further than EU and share data from internal EU flights, sea
and rail travel. The House of Lords EU Select Committee warned in a report
published in July that if the government made pressures for radical changes
to the EU proposal, it might loose the co-operation of Europe. The report
recommended that the PNR data be used for the purpose of fighting against
terrorism and combating serious crime, stating at the same time that a clear
definition should be given to what "serious crime" means. It recommended a
comprehensive list that would cover the term.

The Home Office responded on 6 August accepting the need for greater clarity
about what crimes should be covered by "serious crime" but rejected the
recommendation for a comprehensive list as being "overly prescriptive". It
also said that its e-Borders programme gathering PNR data on 50
million passengers' movements, had been a "real success in strengthening the
UK border" leading to 25 000 alerts and 2 100 arrests for offences ranging
from murder and possession of firearms to drug-smuggling. It also stated
that loosing Europe's support was not a possibility. "Negotiations are
ongoing, there are outstanding issues but we will work closely with the EU
to agree a text."

Dominic Grieve, Shadow Home Secretary, said that if the government wanted to
extend the purposes of using passengers' details, it should be precise about
"what the objective is, why it is necessary and what safeguards it will put
in place to protect the privacy of the innocent" and he added: "Given the
government's proven and serial inability to protect personal data the public
will not agree to this lightly."

The Home Affairs Spokesman for the Liberal Democrats, Chris Huhne, also
considered this was another example that the government was more and more
invading people's personal lives. He also commented: "It is deeply worrying
that ministers are prepared to forgo the possible co-operation of our
European partners."

Actually, even the EU Proposal for a Council Framework Decision on the
use of Passenger Name Record (PNR) is far from perfect, facing large
opposition from privacy rights advocates and associations.

In a letter to the Council of the European Union, ECTAA, the European Travel
Agents' and Tour Operators' Associations, makes several proposals for the
Framework Decision. Among other things, the members of the association
believe the decision should only cover data for passengers on flight into
and out of the EU and that it should not be extended to intra-EU flights.

Gov't battles EU over use of air-passenger data (11.08.2008)
http://news.zdnet.co.uk/security/0,1000000189,39459924,00.htm

Ministers' fears on EU data plan (6.08.2008)
http://news.bbc.co.uk/2/hi/uk_news/politics/7544877.stm

Clash erupts on use of airline data to fight crime (7.08.2008)
http://www.ft.com/cms/s/0/14152182-6418-11dd-844f-0000779fd18c.html?nclick_check\
=1

European Travel Agents' and Tour Operators' Associations (ECTAA) letter to
the Council of EU on Proposal for a Council Framework Decision on the use of
Passenger Name Record (PNR) data for law enforcement purposes (1.08.2008)
http://www.statewatch.org/news/2008/aug/eu-pnr-ectaa-comments.pdf

EDRIgram - PNR Data infringes human rights (9.04.2008)
http://www.edri.org/edrigram/number6.7/pnr-human-rights-ecj

============================================================
9. Secret reports on new five year plan for "European Home Affairs"
============================================================

A new secret report, made available by Statewatch, drafted by the "Future
Group" of Interior and Justice Ministers from six EU member states (Germany,
France, Sweden, Portugal, Slovenia, and Czech Republic) suggests a series of
proposals to boost EU integration in policing and intelligence-gathering,
including the creation an EU-US Area of cooperation for "freedom, security
and justice."

The group's controversial proposals are certain to trigger major disputes,
proposing that the EU members states should pool information in a central
intelligence unit, creating a network of "anti-terrorist centres",
standardising police surveillance techniques and extending the sharing of
DNA and fingerprint databases to include CCTV video footage and material
gathered by "spy drones".

The report also includes a decision to expand the current European
Gendarmerie Force (EGF), which currently only involves France, Italy, Spain,
Portugal and the Netherlands, into an EU body, that could be used also for
paramilitary intervention overseas.

Claiming efficient fight against terrorism, the report suggests an
Euro-Atlantic pact of cooperation with the United States. The document needs
to be finalized by 2014 at the latest and would not just cover terrorism and
passenger data but would cover the whole area of justice and home affairs -
policing, immigration, sharing database data and biometrics. The difference
in privacy regulation could be a problem in achieving
this pact, but the US seems to push hard for this new pact:

"All the evidence from dozens of high-level EU-USA meetings on justice and
home affairs since 11 September 2001 shows that it is a one-way street with
the EU trying to fend off USA demands. When the EU does not cave in the USA
simply negotiates bilateral deals with individual member states. A permanent
EU-USA pact would be disastrous for privacy and civil liberties." explains
Tony Bunyan, Statewatch editor.

Bruno Waterfield, Brussels correspondent for The Daily Telegraph has
expressed the way in which security has been escalated to a level that he
calls "securocracy". He believes it started at the national and EU level
with "interoperability" that allowed a more wildly exchange of the
information held on databases. This gave the idea of "availability", that
meant "the exchange of any of this information, defined as important for
security purposes, was required". And the latest stage is "convergence".
"This concept heralds a new era by standardising European police
surveillance techniques and creating "tool-pools" of common data gathering
systems to be operated at the EU level" says Waterfield.

Future Report: Freedom, Security, Privacy - European Home Affairs in an open
world (06.2008)
http://www.statewatch.org/news/2008/jul/eu-futures-jha-report.pdf

Secret EU security draft risks uproar with call to pool policing and give US
personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity

Secret EU report moots sharing personal data with US (7.08.2008)
http://euobserver.com/22/26585

New European spying proposals 'threaten British security' (7.08.2008)
http://www.telegraph.co.uk/news/worldnews/europe/2512219/New-European-spying-pro\
posals-threaten-British-security.html

EU plan: The rise and rise of the securocrats (7.08.2008)
http://blogs.telegraph.co.uk/bruno_waterfield/blog/2008/08/07/eu_plan_the_rise_a\
nd_rise_of_the_securocrats

============================================================
10. ENDitorial: Wiretapping - the Swedish way
============================================================

The Swedish Parliament, Riksdagen, adopted 18 June 2008 a law which
obliges all telecom and Internet providers to transfer all communication
that passes the Swedish border to Fvrsvarets radioanstalt (FRA), or the
National Defence Radio Establishment as it is officially called in
English. It is the Swedish national authority for signals intelligence.

Even though domestic Internet communication is between two persons residing
Sweden, the same information may cross national borders through Germany,
Denmark and USA. That is how the Internet works. This means that all Swedes
as well as people residing outside of Sweden may be subject to the
surveillance of FRA. FRA may transfer information to other countries and the
Guardian has recently reported (7 August 2008) of a Secret EU security draft
which would give USA "Wholesale exchange of (personal) data". It is within a
greater international perspective one should view the Swedish legislation.

It is possible that Sweden has the most valuable information. 80 % of the
Russian telecom and internet communication passes through Sweden. Thus, it
is not an accident that FRA has one of the most powerful computers in the
world, together with some computers in the USA and one computer in the UK
which operates computations on nuclear weapons. There is an ongoing debate
over the true motive for the adoption of the law. This is only one of the
theories. Many countries and companies, including Finland, Norway, Google
and TeliaSonera, use the Swedish cables and are very critical of the FRA
wiretapping law.

The FRA wiretapping law adopted in June 2008 consists of four statutes,
including a newly adopted statute on signals intelligence and changes in
three other statutes.

The law will enter into force by 1 January 2009 and the actual operations
will start later in the year. FRA has a mandate to search for "external
threats", which involves everything from military threats, terrorism,
IT-security, supply problems, ecological imbalances, ethnic and religious
conflicts, migration to economic challenges in the form of currency and
interest speculation. This very broad mandate has attracted a lot of
criticism. There is no requirement that the FRA should have a reason to
suspect crime or a court order before a Swedish citizen is to be under
surveillance. This must be seen against the background that the police may
ask FRA for support in its efforts of crime control.

In contrast to what the law actually says, the Government denies that the
police may use the FRA and say that FRA will only monitor "phenomena" and
not individuals. The critics ask how it is possible to monitor phenomena
without monitoring individuals.

As one of the critics, I have accused the Government of "doublethink" and
"newspeak" in their defence of the law. The Governments statements are full
of contradictions, which they ignore. The main Government Party in a
coalition of four parties even deny the core of the law, which obligates all
telecom and Internet providers to transfer all communication that passes the
Swedish border to FRA.

In the eve of the vote of 18 June 2008 there were strong indications that
more than the necessary four parliamentarians of the centre-right coalition
would shift side and thus deny the adoption of the statutes. There was
intense pressure on these parliamentarians and on the day before the vote,
Fredrick Federley, a critic in the centre party, struck a deal with the
Minister of Defence, Sten Tolgfors, which involved that additional
protection would be added in the interest of privacy at a later point in
time. This made the resistance in the coalition parties to crumble.

In the end, only one parliamentarian shifted sides, Camilla Lindberg, of
the liberal party who became a national hero while Fredrick Federley, in the
eyes of many, lost a lot of credibility as a civil rights promoter. Another
member of the liberal group, Birgitta Ohlsson, abstained. The two members of
the liberal group had concerns that the additional protection would not
change the fact that the law obliges all telecom and Internet providers to
transfer all communication that passes the Swedish border to FRA.

This did not quiet the critics. By 14 July 2008 the resistance in the
liberal party had regrouped and they published an op-editorial in the daily
Dagens Nyheter signed by the necessary four parliamentarians and three
previous party leaders representing 25 years of leadership in the liberal
party, all demanding the Government should recall the law. Later, two
liberal parliamentarians joined the other four and stated live on TV that
they were willing to support a motion to recall the law. The Government is
making serious efforts to divide the group and make one or several of them
return to the Government side.

As of this date, the Government has not been successful. The six liberal
parliamentarians must team up with the social democrats, the green party and
the left before the end of September 2008. After that, it is impossible to
table motions from the opposition which will enter into force during 2009
and recall the law.

To conclude, the showdown for Swedish wiretapping by FRA is in September
2008.

Government Proposal on Defence Intelligence (only in Swedish, 8.03.2007)
http://www.regeringen.se/content/1/c6/07/83/67/2ee1ba0a.pdf

Secret EU security draft risks uproar with call to pool policing
and give US personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity

EDRi-gram: ENDitorial: Sweden is listening to all internet and phone
conversations (2.07.2008)
http://www.edri.org/edrigram/number6.13/sweden-fra-adoption

EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008)
http://www.edri.org/edrigram/number6.11/nsa-fra-sweden

(contribution by Mark Klamberg - Doctoral candidate, Stockholm University -
Department of Law)

============================================================
11. Recommended Action
============================================================

EDRi member FoeBuD e.V. has set up a contest for finding a RFID warning sign
to be passed on to the EU's process in RFID legislation. Since the industry
came up with a similar contest but looking for a somewhat "friendly" design,
FoeBuD is looking for a precise warning sign that would shows the dangers
for citizens' rights when RFID technology is involved.

There are two categories in FoeBuD's contest: strict and freestyle. In the
strict category, a design for an official RFID warning sign is wanted. The
winning design in this category shall be sent to the EU as a proposal for
marking RFID tags and readers. It should follow the rules for warning and
danger signs as e.g. DIN 4844-2 shows. The freestyle category is what its
name says: be free to find a nice and striking sign that shows the problem.

Everyone is free to participate until 12 September 2008. The designs are
expected to be public domain. The contest papers are only in German, but,
apart from explaining what RFID is and its dangers, the main message is:
Send the design before the deadline to "FoeBuD e.V., Marktstrasse 18, 33602
Bielefeld, Germany". Questions and digital-only designs may be sent to
"mail at foebud.org". Submissions are confirmed to have arrived via email.
The winners will be announced in October 2008.

The contest papers (only in German)
http://www.foebud.org/rfid/rfid-warn-logo-wettbewerb-foebud-ausschreibung.pdf

============================================================
12. Agenda
============================================================

3-5 September 2008, Prague, Czech Republic
The Third International Conference on Legal, Security and Privacy Issues in
IT
http://www.lspi.net/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/

19 September 2008, Brussels, Belgium
High Level Expert Conference: Towards a European Policy on RFID
http://www.rfid-in-action.eu/conference

20 September 2008, Munchen, Germany
Demonstration Freiheit Weiss Blau
http://wiki.vorratsdatenspeicherung.de/Freiheit_Weiss_Blau

22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/

22 September 2008, Worldwide
OneWebDay - an Earth Day for the internet.
http://onewebday.org/

24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm

11 October 2008, Worldwide
Action day "Freedom not fear"
Protests, demonstrations and activities against the surveillance mania
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

15-17 October 2008, Strasbourg, France
30th International Data Protection and Privacy Conference
http://www.privacyconference2008.org/

20-21 October 2008, Strasbourg, France
European Dialogue on Internet Governance (EuroDIG)
http://www.eurodig.org/

3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org

10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology, and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference

============================================================
13. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram@...>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request@...
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request@...
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram@...> if you have any problems with subscribing or
unsubscribing

----- Forwarded message from Roger Dingledine <arma@...> -----

From: Roger Dingledine <arma@...>
Date: Thu, 21 Aug 2008 15:44:21 -0400
To: or-announce@...
Subject: Tor 0.2.0.30 is released


Tor 0.2.0.30 switches to a more efficient directory distribution design,
adds features to make connections to the Tor network harder to block,
allows Tor to act as a DNS proxy, adds separate rate limiting for relayed
traffic to make it easier for clients to become relays, fixes a variety
of potential anonymity problems, and includes the usual huge pile of
other features and bug fixes.

https://www.torproject.org/download.html

Changes in version 0.2.0.30 - 2008-07-15
   o New v3 directory design:
     - Tor now uses a new way to learn about and distribute information
       about the network: the directory authorities vote on a common
       network status document rather than each publishing their own
       opinion. Now clients and caches download only one networkstatus
       document to bootstrap, rather than downloading one for each
       authority. Clients only download router descriptors listed in
       the consensus. Implements proposal 101; see doc/spec/dir-spec.txt
       for details.
     - Set up moria1, tor26, and dizum as v3 directory authorities
       in addition to being v2 authorities. Also add three new ones:
       ides (run by Mike Perry), gabelmoo (run by Karsten Loesing), and
       dannenberg (run by CCC).
     - Switch to multi-level keys for directory authorities: now their
       long-term identity key can be kept offline, and they periodically
       generate a new signing key. Clients fetch the "key certificates"
       to keep up to date on the right keys. Add a standalone tool
       "tor-gencert" to generate key certificates. Implements proposal 103.
     - Add a new V3AuthUseLegacyKey config option to make it easier for
       v3 authorities to change their identity keys if another bug like
       Debian's OpenSSL RNG flaw appears.
     - Authorities and caches fetch the v2 networkstatus documents
       less often, now that v3 is recommended.

   o Make Tor connections stand out less on the wire:
     - Use an improved TLS handshake designed by Steven Murdoch in proposal
       124, as revised in proposal 130. The new handshake is meant to
       be harder for censors to fingerprint, and it adds the ability
       to detect certain kinds of man-in-the-middle traffic analysis
       attacks. The new handshake format includes version negotiation for
       OR connections as described in proposal 105, which will allow us
       to improve Tor's link protocol more safely in the future.
     - Enable encrypted directory connections by default for non-relays,
       so censor tools that block Tor directory connections based on their
       plaintext patterns will no longer work. This means Tor works in
       certain censored countries by default again.
     - Stop including recognizeable strings in the commonname part of
       Tor's x509 certificates.

   o Implement bridge relays:
     - Bridge relays (or "bridges" for short) are Tor relays that aren't
       listed in the main Tor directory. Since there is no complete public
       list of them, even an ISP that is filtering connections to all the
       known Tor relays probably won't be able to block all the bridges.
       See doc/design-paper/blocking.pdf and proposal 125 for details.
     - New config option BridgeRelay that specifies you want to be a
       bridge relay rather than a normal relay. When BridgeRelay is set
       to 1, then a) you cache dir info even if your DirPort ins't on,
       and b) the default for PublishServerDescriptor is now "bridge"
       rather than "v2,v3".
     - New config option "UseBridges 1" for clients that want to use bridge
       relays instead of ordinary entry guards. Clients then specify
       bridge relays by adding "Bridge" lines to their config file. Users
       can learn about a bridge relay either manually through word of
       mouth, or by one of our rate-limited mechanisms for giving out
       bridge addresses without letting an attacker easily enumerate them
       all. See https://www.torproject.org/bridges for details.
     - Bridge relays behave like clients with respect to time intervals
       for downloading new v3 consensus documents -- otherwise they
       stand out. Bridge users now wait until the end of the interval,
       so their bridge relay will be sure to have a new consensus document.

   o Implement bridge directory authorities:
     - Bridge authorities are like normal directory authorities, except
       they don't serve a list of known bridges. Therefore users that know
       a bridge's fingerprint can fetch a relay descriptor for that bridge,
       including fetching updates e.g. if the bridge changes IP address,
       yet an attacker can't just fetch a list of all the bridges.
     - Set up Tonga as the default bridge directory authority.
     - Bridge authorities refuse to serve bridge descriptors or other
       bridge information over unencrypted connections (that is, when
       responding to direct DirPort requests rather than begin_dir cells.)
     - Bridge directory authorities do reachability testing on the
       bridges they know. They provide router status summaries to the
       controller via "getinfo ns/purpose/bridge", and also dump summaries
       to a file periodically, so we can keep internal stats about which
       bridges are functioning.
     - If bridge users set the UpdateBridgesFromAuthority config option,
       but the digest they ask for is a 404 on the bridge authority,
       they fall back to contacting the bridge directly.
     - Bridges always use begin_dir to publish their server descriptor to
       the bridge authority using an anonymous encrypted tunnel.
     - Early work on a "bridge community" design: if bridge authorities set
       the BridgePassword config option, they will serve a snapshot of
       known bridge routerstatuses from their DirPort to anybody who
       knows that password. Unset by default.
     - Tor now includes an IP-to-country GeoIP file, so bridge relays can
       report sanitized aggregated summaries in their extra-info documents
       privately to the bridge authority, listing which countries are
       able to reach them. We hope this mechanism will let us learn when
       certain countries start trying to block bridges.
     - Bridge authorities write bridge descriptors to disk, so they can
       reload them after a reboot. They can also export the descriptors
       to other programs, so we can distribute them to blocked users via
       the BridgeDB interface, e.g. via https://bridges.torproject.org/
       and bridges@....

   o Tor can be a DNS proxy:
     - The new client-side DNS proxy feature replaces the need for
       dns-proxy-tor: Just set "DNSPort 9999", and Tor will now listen
       for DNS requests on port 9999, use the Tor network to resolve them
       anonymously, and send the reply back like a regular DNS server.
       The code still only implements a subset of DNS.
     - Add a new AutomapHostsOnResolve option: when it is enabled, any
       resolve request for hosts matching a given pattern causes Tor to
       generate an internal virtual address mapping for that host. This
       allows DNSPort to work sensibly with hidden service users. By
       default, .exit and .onion addresses are remapped; the list of
       patterns can be reconfigured with AutomapHostsSuffixes.
     - Add an "-F" option to tor-resolve to force a resolve for a .onion
       address. Thanks to the AutomapHostsOnResolve option, this is no
       longer a completely silly thing to do.

   o Major features (relay usability):
     - New config options RelayBandwidthRate and RelayBandwidthBurst:
       a separate set of token buckets for relayed traffic. Right now
       relayed traffic is defined as answers to directory requests, and
       OR connections that don't have any local circuits on them. See
       proposal 111 for details.
     - Create listener connections before we setuid to the configured
       User and Group. Now non-Windows users can choose port values
       under 1024, start Tor as root, and have Tor bind those ports
       before it changes to another UID. (Windows users could already
       pick these ports.)
     - Added a new ConstrainedSockets config option to set SO_SNDBUF and
       SO_RCVBUF on TCP sockets. Hopefully useful for Tor servers running
       on "vserver" accounts. Patch from coderman.

   o Major features (directory authorities):
     - Directory authorities track weighted fractional uptime and weighted
       mean-time-between failures for relays. WFU is suitable for deciding
       whether a node is "usually up", while MTBF is suitable for deciding
       whether a node is "likely to stay up." We need both, because
       "usually up" is a good requirement for guards, while "likely to
       stay up" is a good requirement for long-lived connections.
     - Directory authorities use a new formula for selecting which relays
       to advertise as Guards: they must be in the top 7/8 in terms of
       how long we have known about them, and above the median of those
       nodes in terms of weighted fractional uptime.
     - Directory authorities use a new formula for selecting which relays
       to advertise as Stable: when we have 4 or more days of data, use
       median measured MTBF rather than median declared uptime. Implements
       proposal 108.
     - Directory authorities accept and serve "extra info" documents for
       routers. Routers now publish their bandwidth-history lines in the
       extra-info docs rather than the main descriptor. This step saves
       60% (!) on compressed router descriptor downloads. Servers upload
       extra-info docs to any authority that accepts them; directory
       authorities now allow multiple router descriptors and/or extra
       info documents to be uploaded in a single go. Authorities, and
       caches that have been configured to download extra-info documents,
       download them as needed. Implements proposal 104.
     - Authorities now list relays who have the same nickname as
       a different named relay, but list them with a new flag:
       "Unnamed". Now we can make use of relays that happen to pick the
       same nickname as a server that registered two years ago and then
       disappeared. Implements proposal 122.
     - Store routers in a file called cached-descriptors instead of in
       cached-routers. Initialize cached-descriptors from cached-routers
       if the old format is around. The new format allows us to store
       annotations along with descriptors, to record the time we received
       each descriptor, its source, and its purpose: currently one of
       general, controller, or bridge.

   o Major features (other):
     - New config options WarnPlaintextPorts and RejectPlaintextPorts so
       Tor can warn and/or refuse connections to ports commonly used with
       vulnerable-plaintext protocols. Currently we warn on ports 23,
       109, 110, and 143, but we don't reject any. Based on proposal 129
       by Kevin Bauer and Damon McCoy.
     - Integrate Karsten Loesing's Google Summer of Code project to publish
       hidden service descriptors on a set of redundant relays that are a
       function of the hidden service address. Now we don't have to rely
       on three central hidden service authorities for publishing and
       fetching every hidden service descriptor. Implements proposal 114.
     - Allow tunnelled directory connections to ask for an encrypted
       "begin_dir" connection or an anonymized "uses a full Tor circuit"
       connection independently. Now we can make anonymized begin_dir
       connections for (e.g.) more secure hidden service posting and
       fetching.

   o Major bugfixes (crashes and assert failures):
     - Stop imposing an arbitrary maximum on the number of file descriptors
       used for busy servers. Bug reported by Olaf Selke; patch from
       Sebastian Hahn.
     - Avoid possible failures when generating a directory with routers
       with over-long versions strings, or too many flags set.
     - Fix a rare assert error when we're closing one of our threads:
       use a mutex to protect the list of logs, so we never write to the
       list as it's being freed. Fixes the very rare bug 575, which is
       kind of the revenge of bug 222.
     - Avoid segfault in the case where a badly behaved v2 versioning
       directory sends a signed networkstatus with missing client-versions.
     - When we hit an EOF on a log (probably because we're shutting down),
       don't try to remove the log from the list: just mark it as
       unusable. (Bulletproofs against bug 222.)

   o Major bugfixes (code security fixes):
     - Detect size overflow in zlib code. Reported by Justin Ferguson and
       Dan Kaminsky.
     - Rewrite directory tokenization code to never run off the end of
       a string. Fixes bug 455. Patch from croup.
     - Be more paranoid about overwriting sensitive memory on free(),
       as a defensive programming tactic to ensure forward secrecy.

   o Major bugfixes (anonymity fixes):
     - Reject requests for reverse-dns lookup of names that are in
       a private address space. Patch from lodger.
     - Never report that we've used more bandwidth than we're willing to
       relay: it leaks how much non-relay traffic we're using. Resolves
       bug 516.
     - As a client, do not believe any server that tells us that an
       address maps to an internal address space.
     - Warn about unsafe ControlPort configurations.
     - Directory authorities now call routers Fast if their bandwidth is
       at least 100KB/s, and consider their bandwidth adequate to be a
       Guard if it is at least 250KB/s, no matter the medians. This fix
       complements proposal 107.
     - Directory authorities now never mark more than 2 servers per IP as
       Valid and Running (or 5 on addresses shared by authorities).
       Implements proposal 109, by Kevin Bauer and Damon McCoy.
     - If we're a relay, avoid picking ourselves as an introduction point,
       a rendezvous point, or as the final hop for internal circuits. Bug
       reported by taranis and lodger.
     - Exit relays that are used as a client can now reach themselves
       using the .exit notation, rather than just launching an infinite
       pile of circuits. Fixes bug 641. Reported by Sebastian Hahn.
     - Fix a bug where, when we were choosing the 'end stream reason' to
       put in our relay end cell that we send to the exit relay, Tor
       clients on Windows were sometimes sending the wrong 'reason'. The
       anonymity problem is that exit relays may be able to guess whether
       the client is running Windows, thus helping partition the anonymity
       set. Down the road we should stop sending reasons to exit relays,
       or otherwise prevent future versions of this bug.
     - Only update guard status (usable / not usable) once we have
       enough directory information. This was causing us to discard all our
       guards on startup if we hadn't been running for a few weeks. Fixes
       bug 448.
     - When our directory information has been expired for a while, stop
       being willing to build circuits using it. Fixes bug 401.

   o Major bugfixes (peace of mind for relay operators)
     - Non-exit relays no longer answer "resolve" relay cells, so they
       can't be induced to do arbitrary DNS requests. (Tor clients already
       avoid using non-exit relays for resolve cells, but now servers
       enforce this too.) Fixes bug 619. Patch from lodger.
     - When we setconf ClientOnly to 1, close any current OR and Dir
       listeners. Reported by mwenge.

   o Major bugfixes (other):
     - If we only ever used Tor for hidden service lookups or posts, we
       would stop building circuits and start refusing connections after
       24 hours, since we falsely believed that Tor was dormant. Reported
       by nwf.
     - Add a new __HashedControlSessionPassword option for controllers
       to use for one-off session password hashes that shouldn't get
       saved to disk by SAVECONF --- Vidalia users were accumulating a
       pile of HashedControlPassword lines in their torrc files, one for
       each time they had restarted Tor and then clicked Save. Make Tor
       automatically convert "HashedControlPassword" to this new option but
       only when it's given on the command line. Partial fix for bug 586.
     - Patch from "Andrew S. Lists" to catch when we contact a directory
       mirror at IP address X and he says we look like we're coming from
       IP address X. Otherwise this would screw up our address detection.
     - Reject uploaded descriptors and extrainfo documents if they're
       huge. Otherwise we'll cache them all over the network and it'll
       clog everything up. Suggested by Aljosha Judmayer.
     - When a hidden service was trying to establish an introduction point,
       and Tor *did* manage to reuse one of the preemptively built
       circuits, it didn't correctly remember which one it used,
       so it asked for another one soon after, until there were no
       more preemptive circuits, at which point it launched one from
       scratch. Bugfix on 0.0.9.x.

   o Rate limiting and load balancing improvements:
     - When we add data to a write buffer in response to the data on that
       write buffer getting low because of a flush, do not consider the
       newly added data as a candidate for immediate flushing, but rather
       make it wait until the next round of writing. Otherwise, we flush
       and refill recursively, and a single greedy TLS connection can
       eat all of our bandwidth.
     - When counting the number of bytes written on a TLS connection,
       look at the BIO actually used for writing to the network, not
       at the BIO used (sometimes) to buffer data for the network.
       Looking at different BIOs could result in write counts on the
       order of ULONG_MAX. Fixes bug 614.
     - If we change our MaxAdvertisedBandwidth and then reload torrc,
       Tor won't realize it should publish a new relay descriptor. Fixes
       bug 688, reported by mfr.
     - Avoid using too little bandwidth when our clock skips a few seconds.
     - Choose which bridge to use proportional to its advertised bandwidth,
       rather than uniformly at random. This should speed up Tor for
       bridge users. Also do this for people who set StrictEntryNodes.

   o Bootstrapping faster and building circuits more intelligently:
     - Fix bug 660 that was preventing us from knowing that we should
       preemptively build circuits to handle expected directory requests.
     - When we're checking if we have enough dir info for each relay
       to begin establishing circuits, make sure that we actually have
       the descriptor listed in the consensus, not just any descriptor.
     - Correctly notify one-hop connections when a circuit build has
       failed. Possible fix for bug 669. Found by lodger.
     - Clients now hold circuitless TLS connections open for 1.5 times
       MaxCircuitDirtiness (15 minutes), since it is likely that they'll
       rebuild a new circuit over them within that timeframe. Previously,
       they held them open only for KeepalivePeriod (5 minutes).

   o Performance improvements (memory):
     - Add OpenBSD malloc code from "phk" as an optional malloc
       replacement on Linux: some glibc libraries do very poorly with
       Tor's memory allocation patterns. Pass --enable-openbsd-malloc to
       ./configure to get the replacement malloc code.
     - Switch our old ring buffer implementation for one more like that
       used by free Unix kernels. The wasted space in a buffer with 1mb
       of data will now be more like 8k than 1mb. The new implementation
       also avoids realloc();realloc(); patterns that can contribute to
       memory fragmentation.
     - Change the way that Tor buffers data that it is waiting to write.
       Instead of queueing data cells in an enormous ring buffer for each
       client->OR or OR->OR connection, we now queue cells on a separate
       queue for each circuit. This lets us use less slack memory, and
       will eventually let us be smarter about prioritizing different kinds
       of traffic.
     - Reference-count and share copies of address policy entries; only 5%
       of them were actually distinct.
     - Tune parameters for cell pool allocation to minimize amount of
       RAM overhead used.
     - Keep unused 4k and 16k buffers on free lists, rather than wasting 8k
       for every single inactive connection_t. Free items from the
       4k/16k-buffer free lists when they haven't been used for a while.
     - Make memory debugging information describe more about history
       of cell allocation, so we can help reduce our memory use.
     - Be even more aggressive about releasing RAM from small
       empty buffers. Thanks to our free-list code, this shouldn't be too
       performance-intensive.
     - Log malloc statistics from mallinfo() on platforms where it exists.
     - Use memory pools to allocate cells with better speed and memory
       efficiency, especially on platforms where malloc() is inefficient.
     - Add a --with-tcmalloc option to the configure script to link
       against tcmalloc (if present). Does not yet search for non-system
       include paths.

   o Performance improvements (socket management):
     - Count the number of open sockets separately from the number of
       active connection_t objects. This will let us avoid underusing
       our allocated connection limit.
     - We no longer use socket pairs to link an edge connection to an
       anonymous directory connection or a DirPort test connection.
       Instead, we track the link internally and transfer the data
       in-process. This saves two sockets per "linked" connection (at the
       client and at the server), and avoids the nasty Windows socketpair()
       workaround.
     - We were leaking a file descriptor if Tor started with a zero-length
       cached-descriptors file. Patch by "freddy77".

   o Performance improvements (CPU use):
     - Never walk through the list of logs if we know that no log target
       is interested in a given message.
     - Call routerlist_remove_old_routers() much less often. This should
       speed startup, especially on directory caches.
     - Base64 decoding was actually showing up on our profile when parsing
       the initial descriptor file; switch to an in-process all-at-once
       implementation that's about 3.5x times faster than calling out to
       OpenSSL.
     - Use a slightly simpler string hashing algorithm (copying Python's
       instead of Java's) and optimize our digest hashing algorithm to take
       advantage of 64-bit platforms and to remove some possibly-costly
       voodoo.
     - When implementing AES counter mode, update only the portions of the
       counter buffer that need to change, and don't keep separate
       network-order and host-order counters on big-endian hosts (where
       they are the same).
     - Add an in-place version of aes_crypt() so that we can avoid doing a
       needless memcpy() call on each cell payload.
     - Use Critical Sections rather than Mutexes for synchronizing threads
       on win32; Mutexes are heavier-weight, and designed for synchronizing
       between processes.

   o Performance improvements (bandwidth use):
     - Don't try to launch new descriptor downloads quite so often when we
       already have enough directory information to build circuits.
     - Version 1 directories are no longer generated in full. Instead,
       authorities generate and serve "stub" v1 directories that list
       no servers. This will stop Tor versions 0.1.0.x and earlier from
       working, but (for security reasons) nobody should be running those
       versions anyway.
     - Avoid going directly to the directory authorities even if you're a
       relay, if you haven't found yourself reachable yet or if you've
       decided not to advertise your dirport yet. Addresses bug 556.
     - If we've gone 12 hours since our last bandwidth check, and we
       estimate we have less than 50KB bandwidth capacity but we could
       handle more, do another bandwidth test.
     - Support "If-Modified-Since" when answering HTTP requests for
       directories, running-routers documents, and v2 and v3 networkstatus
       documents. (There's no need to support it for router descriptors,
       since those are downloaded by descriptor digest.)
     - Stop fetching directory info so aggressively if your DirPort is
       on but your ORPort is off; stop fetching v2 dir info entirely.
       You can override these choices with the new FetchDirInfoEarly
       config option.

   o Changed config option behavior (features):
     - Configuration files now accept C-style strings as values. This
       helps encode characters not allowed in the current configuration
       file format, such as newline or #. Addresses bug 557.
     - Add hidden services and DNSPorts to the list of things that make
       Tor accept that it has running ports. Change starting Tor with no
       ports from a fatal error to a warning; we might change it back if
       this turns out to confuse anybody. Fixes bug 579.
     - Make PublishServerDescriptor default to 1, so the default doesn't
       have to change as we invent new directory protocol versions.
     - Allow people to say PreferTunnelledDirConns rather than
       PreferTunneledDirConns, for those alternate-spellers out there.
     - Raise the default BandwidthRate/BandwidthBurst to 5MB/10MB, to
       accommodate the growing number of servers that use the default
       and are reaching it.
     - Make it possible to enable HashedControlPassword and
       CookieAuthentication at the same time.
     - When a TrackHostExits-chosen exit fails too many times in a row,
       stop using it. Fixes bug 437.

   o Changed config option behavior (bugfixes):
     - Do not read the configuration file when we've only been told to
       generate a password hash. Fixes bug 643. Bugfix on 0.0.9pre5. Fix
       based on patch from Sebastian Hahn.
     - Actually validate the options passed to AuthDirReject,
       AuthDirInvalid, AuthDirBadDir, and AuthDirBadExit.
     - Make "ClientOnly 1" config option disable directory ports too.
     - Don't stop fetching descriptors when FetchUselessDescriptors is
       set, even if we stop asking for circuits. Bug reported by tup
       and ioerror.
     - Servers used to decline to publish their DirPort if their
       BandwidthRate or MaxAdvertisedBandwidth were below a threshold. Now
       they look only at BandwidthRate and RelayBandwidthRate.
     - Treat "2gb" when given in torrc for a bandwidth as meaning 2gb,
       minus 1 byte: the actual maximum declared bandwidth.
     - Make "TrackHostExits ." actually work. Bugfix on 0.1.0.x.
     - Make the NodeFamilies config option work. (Reported by
       lodger -- it has never actually worked, even though we added it
       in Oct 2004.)
     - If Tor is invoked from something that isn't a shell (e.g. Vidalia),
       now we expand "-f ~/.tor/torrc" correctly. Suggested by Matt Edman.

   o New config options:
     - New configuration options AuthDirMaxServersPerAddr and
       AuthDirMaxServersperAuthAddr to override default maximum number
       of servers allowed on a single IP address. This is important for
       running a test network on a single host.
     - Three new config options (AlternateDirAuthority,
       AlternateBridgeAuthority, and AlternateHSAuthority) that let the
       user selectively replace the default directory authorities by type,
       rather than the all-or-nothing replacement that DirServer offers.
     - New config options AuthDirBadDir and AuthDirListBadDirs for
       authorities to mark certain relays as "bad directories" in the
       networkstatus documents. Also supports the "!baddir" directive in
       the approved-routers file.
     - New config option V2AuthoritativeDirectory that all v2 directory
       authorities must set. This lets v3 authorities choose not to serve
       v2 directory information.

   o Minor features (other):
     - When we're not serving v2 directory information, there is no reason
       to actually keep any around. Remove the obsolete files and directory
       on startup if they are very old and we aren't going to serve them.
     - When we negotiate a v2 link-layer connection (not yet implemented),
       accept RELAY_EARLY cells and turn them into RELAY cells if we've
       negotiated a v1 connection for their next step. Initial steps for
       proposal 110.
     - When we have no consensus, check FallbackNetworkstatusFile (defaults
       to $PREFIX/share/tor/fallback-consensus) for a consensus. This way
       we can start out knowing some directory caches. We don't ship with
       a fallback consensus by default though, because it was making
       bootstrapping take too long while we tried many down relays.
     - Authorities send back an X-Descriptor-Not-New header in response to
       an accepted-but-discarded descriptor upload. Partially implements
       fix for bug 535.
     - If we find a cached-routers file that's been sitting around for more
       than 28 days unmodified, then most likely it's a leftover from
       when we upgraded to 0.2.0.8-alpha. Remove it. It has no good
       routers anyway.
     - When we (as a cache) download a descriptor because it was listed
       in a consensus, remember when the consensus was supposed to expire,
       and don't expire the descriptor until then.
     - Optionally (if built with -DEXPORTMALLINFO) export the output
       of mallinfo via http, as tor/mallinfo.txt. Only accessible
       from localhost.
     - Tag every guard node in our state file with the version that
       we believe added it, or with our own version if we add it. This way,
       if a user temporarily runs an old version of Tor and then switches
       back to a new one, she doesn't automatically lose her guards.
     - When somebody requests a list of statuses or servers, and we have
       none of those, return a 404 rather than an empty 200.
     - Merge in some (as-yet-unused) IPv6 address manipulation code. (Patch
       from croup.)
     - Add an HSAuthorityRecordStats option that hidden service authorities
       can use to track statistics of overall hidden service usage without
       logging information that would be as useful to an attacker.
     - Allow multiple HiddenServicePort directives with the same virtual
       port; when they occur, the user is sent round-robin to one
       of the target ports chosen at random.  Partially fixes bug 393 by
       adding limited ad-hoc round-robining.
     - Revamp file-writing logic so we don't need to have the entire
       contents of a file in memory at once before we write to disk. Tor,
       meet stdio.

   o Minor bugfixes (other):
     - Alter the code that tries to recover from unhandled write
       errors, to not try to flush onto a socket that's given us
       unhandled errors.
     - Directory mirrors no longer include a guess at the client's IP
       address if the connection appears to be coming from the same /24
       network; it was producing too many wrong guesses.
     - If we're trying to flush the last bytes on a connection (for
       example, when answering a directory request), reset the
       time-to-give-up timeout every time we manage to write something
       on the socket.
     - Reject router descriptors with out-of-range bandwidthcapacity or
       bandwidthburst values.
     - If we can't expand our list of entry guards (e.g. because we're
       using bridges or we have StrictEntryNodes set), don't mark relays
       down when they fail a directory request. Otherwise we're too quick
       to mark all our entry points down.
     - Authorities no longer send back "400 you're unreachable please fix
       it" errors to Tor servers that aren't online all the time. We're
       supposed to tolerate these servers now.
     - Let directory authorities startup even when they can't generate
       a descriptor immediately, e.g. because they don't know their
       address.
     - Correctly enforce that elements of directory objects do not appear
       more often than they are allowed to appear.
     - Stop allowing hibernating servers to be "stable" or "fast".
     - On Windows, we were preventing other processes from reading
       cached-routers while Tor was running. (Reported by janbar)
     - Check return values from pthread_mutex functions.
     - When opening /dev/null in finish_daemonize(), do not pass the
       O_CREAT flag. Fortify was complaining, and correctly so. Fixes
       bug 742; fix from Michael Scherer. Bugfix on 0.0.2pre19.

   o Controller features:
     - The GETCONF command now escapes and quotes configuration values
       that don't otherwise fit into the torrc file.
     - The SETCONF command now handles quoted values correctly.
     - Add "GETINFO/desc-annotations/id/<OR digest>" so controllers can
       ask about source, timestamp of arrival, purpose, etc. We need
       something like this to help Vidalia not do GeoIP lookups on bridge
       addresses.
     - Allow multiple HashedControlPassword config lines, to support
       multiple controller passwords.
     - Accept LF instead of CRLF on controller, since some software has a
       hard time generating real Internet newlines.
     - Add GETINFO values for the server status events
       "REACHABILITY_SUCCEEDED" and "GOOD_SERVER_DESCRIPTOR". Patch from
       Robert Hogan.
     - There is now an ugly, temporary "desc/all-recent-extrainfo-hack"
       GETINFO for Torstat to use until it can switch to using extrainfos.
     - New config option CookieAuthFile to choose a new location for the
       cookie authentication file, and config option
       CookieAuthFileGroupReadable to make it group-readable.
     - Add a SOURCE_ADDR field to STREAM NEW events so that controllers can
       match requests to applications. Patch from Robert Hogan.
     - Add a RESOLVE command to launch hostname lookups. Original patch
       from Robert Hogan.
     - Add GETINFO status/enough-dir-info to let controllers tell whether
       Tor has downloaded sufficient directory information. Patch from Tup.
     - You can now use the ControlSocket option to tell Tor to listen for
       controller connections on Unix domain sockets on systems that
       support them. Patch from Peter Palfrader.
     - New "GETINFO address-mappings/*" command to get address mappings
       with expiry information. "addr-mappings/*" is now deprecated.
       Patch from Tup.
     - Add a new config option __DisablePredictedCircuits designed for
       use by the controller, when we don't want Tor to build any circuits
       preemptively.
     - Let the controller specify HOP=%d as an argument to ATTACHSTREAM,
       so we can exit from the middle of the circuit.
     - Implement "getinfo status/circuit-established".
     - Implement "getinfo status/version/..." so a controller can tell
       whether the current version is recommended, and whether any versions
       are good, and how many authorities agree. Patch from "shibz".
     - Controllers should now specify cache=no or cache=yes when using
       the +POSTDESCRIPTOR command.
     - Add a "PURPOSE=" argument to "STREAM NEW" events, as suggested by
       Robert Hogan. Fixes the first part of bug 681.
     - When reporting clock skew, and we know that the clock is _at least
       as skewed_ as some value, but we don't know the actual value,
       report the value as a "minimum skew."

   o Controller bugfixes:
     - Generate "STATUS_SERVER" events rather than misspelled
       "STATUS_SEVER" events. Caught by mwenge.
     - Reject controller commands over 1MB in length, so rogue
       processes can't run us out of memory.
     - Change the behavior of "getinfo status/good-server-descriptor"
       so it doesn't return failure when any authority disappears.
     - Send NAMESERVER_STATUS messages for a single failed nameserver
       correctly.
     - When the DANGEROUS_VERSION controller status event told us we're
       running an obsolete version, it used the string "OLD" to describe
       it. Yet the "getinfo" interface used the string "OBSOLETE". Now use
       "OBSOLETE" in both cases.
     - Respond to INT and TERM SIGNAL commands before we execute the
       signal, in case the signal shuts us down. We had a patch in
       0.1.2.1-alpha that tried to do this by queueing the response on
       the connection's buffer before shutting down, but that really
       isn't the same thing at all. Bug located by Matt Edman.
     - Provide DNS expiry times in GMT, not in local time. For backward
       compatibility, ADDRMAP events only provide GMT expiry in an extended
       field. "GETINFO address-mappings" always does the right thing.
     - Use CRLF line endings properly in NS events.
     - Make 'getinfo fingerprint' return a 551 error if we're not a
       server, so we match what the control spec claims we do. Reported
       by daejees.
     - Fix a typo in an error message when extendcircuit fails that
       caused us to not follow the \r\n-based delimiter protocol. Reported
       by daejees.
     - When tunneling an encrypted directory connection, and its first
       circuit fails, do not leave it unattached and ask the controller
       to deal. Fixes the second part of bug 681.
     - Treat some 403 responses from directory servers as INFO rather than
       WARN-severity events.

   o Portability / building / compiling:
     - When building with --enable-gcc-warnings, check for whether Apple's
       warning "-Wshorten-64-to-32" is available.
     - Support compilation to target iPhone; patch from cjacker huang.
       To build for iPhone, pass the --enable-iphone option to configure.
     - Detect non-ASCII platforms (if any still exist) and refuse to
       build there: some of our code assumes that 'A' is 65 and so on.
     - Clear up some MIPSPro compiler warnings.
     - Make autoconf search for libevent, openssl, and zlib consistently.
     - Update deprecated macros in configure.in.
     - When warning about missing headers, tell the user to let us
       know if the compile succeeds anyway, so we can downgrade the
       warning.
     - Include the current subversion revision as part of the version
       string: either fetch it directly if we're in an SVN checkout, do
       some magic to guess it if we're in an SVK checkout, or use
       the last-detected version if we're building from a .tar.gz.
       Use this version consistently in log messages.
     - Correctly report platform name on Windows 95 OSR2 and Windows 98 SE.
     - Read resolv.conf files correctly on platforms where read() returns
       partial results on small file reads.
     - Build without verbose warnings even on gcc 4.2 and 4.3.
     - On Windows, correctly detect errors when listing the contents of
       a directory. Fix from lodger.
     - Run 'make test' as part of 'make dist', so we stop releasing so
       many development snapshots that fail their unit tests.
     - Add support to detect Libevent versions in the 1.4.x series
       on mingw.
     - Add command-line arguments to unit-test executable so that we can
       invoke any chosen test from the command line rather than having
       to run the whole test suite at once; and so that we can turn on
       logging for the unit tests.
     - Do not automatically run configure from autogen.sh. This
       non-standard behavior tended to annoy people who have built other
       programs.
     - Fix a macro/CPP interaction that was confusing some compilers:
       some GCCs don't like #if/#endif pairs inside macro arguments.
       Fixes bug 707.
     - Fix macro collision between OpenSSL 0.9.8h and Windows headers.
       Fixes bug 704; fix from Steven Murdoch.
     - Correctly detect transparent proxy support on Linux hosts that
       require in.h to be included before netfilter_ipv4.h.  Patch
       from coderman.

   o Logging improvements:
     - When we haven't had any application requests lately, don't bother
       logging that we have expired a bunch of descriptors.
     - When attempting to open a logfile fails, tell us why.
     - Only log guard node status when guard node status has changed.
     - Downgrade the 3 most common "INFO" messages to "DEBUG". This will
       make "INFO" 75% less verbose.
     - When SafeLogging is disabled, log addresses along with all TLS
       errors.
     - Report TLS "zero return" case as a "clean close" and "IO error"
       as a "close". Stop calling closes "unexpected closes": existing
       Tors don't use SSL_close(), so having a connection close without
       the TLS shutdown handshake is hardly unexpected.
     - When we receive a consensus from the future, warn about skew.
     - Make "not enough dir info yet" warnings describe *why* Tor feels
       it doesn't have enough directory info yet.
     - On the USR1 signal, when dmalloc is in use, log the top 10 memory
       consumers. (We already do this on HUP.)
     - Give more descriptive well-formedness errors for out-of-range
       hidden service descriptor/protocol versions.
     - Stop recommending that every server operator send mail to tor-ops.
       Resolves bug 597. Bugfix on 0.1.2.x.
     - Improve skew reporting: try to give the user a better log message
       about how skewed they are, and how much this matters.
     - New --quiet command-line option to suppress the default console log.
       Good in combination with --hash-password.
     - Don't complain that "your server has not managed to confirm that its
       ports are reachable" if we haven't been able to build any circuits
       yet.
     - Detect the reason for failing to mmap a descriptor file we just
       wrote, and give a more useful log message.  Fixes bug 533.
     - Always prepend "Bug: " to any log message about a bug.
     - When dumping memory usage, list bytes used in buffer memory
       free-lists.
     - When running with dmalloc, dump more stats on hup and on exit.
     - Put a platform string (e.g. "Linux i686") in the startup log
       message, so when people paste just their logs, we know if it's
       OpenBSD or Windows or what.
     - When logging memory usage, break down memory used in buffers by
       buffer type.
     - When we are reporting the DirServer line we just parsed, we were
       logging the second stanza of the key fingerprint, not the first.
     - Even though Windows is equally happy with / and \ as path separators,
       try to use \ consistently on Windows and / consistently on Unix: it
       makes the log messages nicer.
      - On OSX, stop warning the user that kqueue support in libevent is
       "experimental", since it seems to have worked fine for ages.

   o Contributed scripts and tools:
     - Update linux-tor-prio.sh script to allow QoS based on the uid of
       the Tor process. Patch from Marco Bonetti with tweaks from Mike
       Perry.
     - Include the "tor-ctrl.sh" bash script by Stefan Behte to provide
       Unix users an easy way to script their Tor process (e.g. by
       adjusting bandwidth based on the time of the day).
     - In the exitlist script, only consider the most recently published
       server descriptor for each server. Also, when the user requests
       a list of servers that _reject_ connections to a given address,
       explicitly exclude the IPs that also have servers that accept
       connections to that address. Resolves bug 405.
     - Include a new contrib/tor-exit-notice.html file that exit relay
       operators can put on their website to help reduce abuse queries.

   o Newly deprecated features:
     - The status/version/num-versioning and status/version/num-concurring
       GETINFO controller options are no longer useful in the v3 directory
       protocol: treat them as deprecated, and warn when they're used.
     - The RedirectExits config option is now deprecated.

   o Removed features:
     - Drop the old code to choke directory connections when the
       corresponding OR connections got full: thanks to the cell queue
       feature, OR conns don't get full any more.
     - Remove the old "dns worker" server DNS code: it hasn't been default
       since 0.1.2.2-alpha, and all the servers are using the new
       eventdns code.
     - Remove the code to generate the oldest (v1) directory format.
     - Remove support for the old bw_accounting file: we've been storing
       bandwidth accounting information in the state file since
       0.1.2.5-alpha. This may result in bandwidth accounting errors
       if you try to upgrade from 0.1.1.x or earlier, or if you try to
       downgrade to 0.1.1.x or earlier.
     - Drop support for OpenSSL version 0.9.6. Just about nobody was using
       it, it had no AES, and it hasn't seen any security patches since
       2004.
     - Stop overloading the circuit_t.onionskin field for both "onionskin
       from a CREATE cell that we are waiting for a cpuworker to be
       assigned" and "onionskin from an EXTEND cell that we are going to
       send to an OR as soon as we are connected". Might help with bug 600.
     - Remove the tor_strpartition() function: its logic was confused,
       and it was only used for one thing that could be implemented far
       more easily.
     - Remove the contrib scripts ExerciseServer.py, PathDemo.py,
       and TorControl.py, as they use the old v0 controller protocol,
       and are obsoleted by TorFlow anyway.
     - Drop support for v1 rendezvous descriptors, since we never used
       them anyway, and the code has probably rotted by now. Based on
       patch from Karsten Loesing.
     - Stop allowing address masks that do not correspond to bit prefixes.
       We have warned about these for a really long time; now it's time
       to reject them. (Patch from croup.)
     - Remove an optimization in the AES counter-mode code that assumed
       that the counter never exceeded 2^68. When the counter can be set
       arbitrarily as an IV (as it is by Karsten's new hidden services
       code), this assumption no longer holds.
     - Disable the SETROUTERPURPOSE controller command: it is now
       obsolete.

Unexpected issues with non-repudation

Laptops could betray users in the developing world
http://tiny.cc/5dQGS
or
http://technology.newscientist.com/article.ns?id=mg19826596.100&print=true
8.6.5
Colin Barras

Abstract:

This document aims to raise awareness about the many security threats based on
the IP protocol, those that we are currently facing, and those we may still have
to deal with in the future. It provides advice for the secure implementation of
the IP, and also insights about the security aspects of the IP that may be of
help to the Internet operations community.

PDF: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf

Crypto-Gram Newsletter
August 15, 2008

by Bruce Schneier
Chief Security Technology Officer, BT
schneier@...
http://www.schneier.com

A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.

You can read this issue on the web at
<http://www.schneier.com/crypto-gram-0808.html>. These same essays appear in the
"Schneier on Security" blog: <http://www.schneier.com/blog>. An RSS feed is
available.

In this issue:

     * Memo to the Next President
     * TSA Proud of Confiscating Non-Dangerous Item
     * Homeland Security Cost-Benefit Analysis
     * News
     * Hacking Mifare Transport Cards
     * Information Security and Liabilities
     * Software Liabilities and Free Software
     * Schneier/BT News
     * Congratulations to Our Millionth Terrorist!
     * TrueCrypt's Deniable File System
     * The DNS Vulnerability
     * Comments from Readers

Memo to the Next President

Obama has a cyber security plan.

It's basically what you would expect: Appoint a national cyber security advisor,
invest in math and science education, establish standards for critical
infrastructure, spend money on enforcement, establish national standards for
securing personal data and data-breach disclosure, and work with industry and
academia to develop a bunch of needed technologies.

I could comment on the plan, but with security the devil is always in the
details -- and, of course, at this point there are few details. But since he
brought up the topic -- McCain supposedly is "working on the issues" as well --
I have three pieces of policy advice for the next president, whoever he is.
They're too detailed for campaign speeches or even position papers, but they're
essential for improving information security in our society. Actually, they
apply to national security in general. And they're things only government can
do.

One, use your immense buying power to improve the security of commercial
products and services. One property of technological products is that most of
the cost is in the development of the product rather than the production. Think
software: The first copy costs millions, but the second copy is free.

You have to secure your own government networks, military and civilian. You have
to buy computers for all your government employees. Consolidate those contracts,
and start putting explicit security requirements into the RFPs. You have the
buying power to get your vendors to make serious security improvements in the
products and services they sell to the government, and then we all benefit
because they'll include those improvements in the same products and services
they sell to the rest of us. We're all safer if information technology is more
secure, even though the bad guys can use it, too.

Two, legislate results and not methodologies. There are a lot of areas in
security where you need to pass laws, where the security externalities are such
that the market fails to provide adequate security. For example, software
companies who sell insecure products are exploiting an externality just as much
as chemical plants that dump waste into the river. But a bad law is worse than
no law. A law requiring companies to secure personal data is good; a law
specifying what technologies they should use to do so is not. Mandating software
liabilities for software failures is good, detailing how is not. Legislate for
the results you want and implement the appropriate penalties; let the market
figure out how -- that's what markets are good at.

Three, broadly invest in research. Basic research is risky; it doesn't always
pay off. That's why companies have stopped funding it. Bell Labs is gone because
nobody could afford it after the AT&T breakup, but the root cause was a desire
for higher efficiency and short-term profitability -- not unreasonable in an
unregulated business. Government research can be used to balance that by funding
long-term research.

Spread those research dollars wide. Lately, most research money has been
redirected through DARPA to near-term military-related projects; that's not
good. Keep the earmark-happy Congress from dictating how the money is spent. Let
the NSF, NIH and other funding agencies decide how to spend the money and don't
try to micromanage. Give the national laboratories lots of freedom, too. Yes,
some research will sound silly to a layman. But you can't predict what will be
useful for what, and if funding is really peer-reviewed, the average results
will be much better. Compared to corporate tax breaks and other subsidies, this
is chump change.

If our research capability is to remain vibrant, we need more science and math
students with decent elementary and high school preparation. The declining
interest is partly from the perception that scientists don't get rich like
lawyers and dentists and stockbrokers, but also because science isn't valued in
a country full of creationists. One way the president can help is by trusting
scientific advisers and not overruling them for political reasons.

Oh, and get rid of those post-9/11 restrictions on student visas that are
causing so many top students to do their graduate work in Canada, Europe and
Asia instead of in the United States. Those restrictions will hurt us immensely
in the long run.

Those are the three big ones; the rest is in the details. And it's the details
that matter. There are lots of serious issues that you're going to have to
tackle: data privacy, data sharing, data mining, government eavesdropping,
government databases, use of Social Security numbers as identifiers, and so on.
It's not enough to get the broad policy goals right. You can have good
intentions and enact a good law, and have the whole thing completely gutted by
two sentences sneaked in during rulemaking by some lobbyist.

Security is both subtle and complex, and -- unfortunately -- doesn't readily
lend itself to normal legislative processes. You're used to finding consensus,
but security by consensus rarely works. On the internet, security standards are
much worse when they're developed by a consensus body, and much better when
someone just does them. This doesn't always work -- a lot of crap security has
come from companies that have "just done it" -- but nothing but mediocre
standards come from consensus bodies. The point is that you won't get good
security without pissing someone off: The information broker industry, the
voting machine industry, the telcos. The normal legislative process makes it
hard to get security right, which is why I don't have much optimism about what
you can get done.

And if you're going to appoint a cybersecurity czar, you have to give him actual
budgetary authority. Otherwise he won't be able to get anything done, either.

Obama's plan:
http://www.barackobama.com/2008/07/16/...
http://www.barackobama.com/2008/07/16/...
McCain:
http://www.scmagazineus.com/...
Dual-use technologies:
http://www.schneier.com/blog/archives/2008/05/...

Good legislation:
http://www.schneier.com/essay-141.html
http://www.schneier.com/blog/archives/2007/01/...

Liabilities:
http://www.schneier.com/essay-025.html
http://www.schneier.com/essay-116.html

Research redirected through DARPA:
http://query.nytimes.com/gst/fullpage.html?...
Congressional earmarks:
http://www.ostp.gov/pdf/1pger_earmark.pdf

Student visa problems:
http://www7.nationalacademies.org/visas/...
http://www.aau.edu/research/Gast.pdf

This essay originally appeared on Wired.com:
http://www.wired.com/politics/security/commentary/...
TSA Proud of Confiscating Non-Dangerous Item

This is just sad. The TSA confiscated a battery pack not because it's dangerous,
but because other passengers might *think* it's dangerous. And they're proud of
the fact.

My guess is that if Kip Hawley were allowed to comment on my blog, he would say
something like this: "It's not just bombs that are prohibited; it's things that
look like bombs. This looks enough like a bomb to fool the other passengers, and
that in itself is a threat."

Okay, that's fair. But the average person doesn't know what a bomb looks like;
all he knows is what he sees on television and the movies. And this rule means
that all homemade electronics are confiscated, because anything homemade with
wires can look like a bomb to someone who doesn't know better. The rule just
doesn't work.

And in today's passengers-fight-back world, do you think anyone is going to
successfully do anything with a fake bomb?

Late Note: the TSA webpage has been updated; they admit that they overreacted.

http://www.tsa.gov/press/happenings/scot_peele.shtm
Homeland Security Cost-Benefit Analysis

In an excellent paper by Ohio State political science professor John Mueller,
"The Quixotic Quest for Invulnerability: Assessing the Costs, Benefits, and
Probabilities of Protecting the Homeland," there are some common sense premises
and policy implications.

The premises:

"1. The number of potential terrorist targets is essentially infinite.

"2. The probability that any individual target will be attacked is essentially
zero.

"3. If one potential target happens to enjoy a degree of protection, the agile
terrorist usually can readily move on to another one.

"4. Most targets are 'vulnerable' in that it is not very difficult to damage
them, but invulnerable in that they can be rebuilt in fairly short order and at
tolerable expense.

"5. It is essentially impossible to make a very wide variety of potential
terrorist targets invulnerable except by completely closing them down."

The policy implications:

"1. Any protective policy should be compared to a "null case": do nothing, and
use the money saved to rebuild and to compensate any victims.

"2. Abandon any effort to imagine a terrorist target list.

"3. Consider negative effects of protection measures: not only direct cost, but
inconvenience, enhancement of fear, negative economic impacts, reduction of
liberties.

"4. Consider the opportunity costs, the tradeoffs, of protection measures."

The whole paper is worth reading.

http://psweb.sbs.ohio-state.edu/faculty/jmueller/...
News

A disgruntled employee holds the San Francisco computer network hostage, proving
that trusted insiders can do a lot of damage.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/...
http://www.darkreading.com/blog.asp?...
http://www.computerworld.com/action/article.do?...
Locksmiths hate computer geeks who learn lockpicking.
http://www.theglobeandmail.com/servlet/story/...
http://www.crypto.com/papers/safelocks.pdf

Funny radio skit on identity theft, by Mitchell & Webb.
http://www.youtube.com/watch?v=CS9ptA3Ya9E

This report, "Assessing the risks, costs and benefits of United States aviation
security measures" by Mark Stewart and John Mueller, is excellent reading.
Reinforcing the cockpit door is cost effective; sky marshals are not. The final
paper will eventually be published in the Journal of Transportation Security. I
never even knew there was such a thing.
http://hdl.handle.net/1959.13/28097
New York Times op-ed on the same subject:
http://www.nytimes.com/2008/07/21/opinion/...

Who can not feel a little chill of fear after reading this: "Britain on alert
for deadly new knife with exploding tip that freezes victims' organs." Yes, it's
real. The knife is designed for people who need to drop large animals quickly:
sharks, bears, etc.
http://www.dailymail.co.uk/news/article-1035729/...
http://www.waspknife.com/
I have no idea why Britain is on alert for it. Maybe because knife crimes are on
the rise.
http://www.nytimes.com/2008/07/17/world/europe/...

A high-level British government employee supposedly had his BlackBerry stolen by
Chinese intelligence. But the story doesn't make sense. If you're a Chinese
intelligence officer and you manage to get an aide to the British Prime Minister
to have sex with one of your agents, you're not going to immediately burn him by
stealing his BlackBerry. That's just stupid. If anything, you'd clone the
Blackberry and return it. This is much more likely to be petty theft.
http://www.timesonline.co.uk/tol/news/politics/...

Clever Washington DC metro Farecard hack:
http://www.washingtonpost.com/wp-dyn/content/...
In this article about British speed cameras, and a trick to avoid them that does
not work, is this sentence: "As vehicles pass between the entry and exit camera
points their number plates are digitally recorded, whether speeding or not."
Without knowing more, I can guarantee that those records are kept forever.
http://www.theregister.co.uk/2008/07/21/...

Here's someone in the UK, a passenger in a car, who moons a speeding camera and
gets his picture published even though the car was not speeding. How did they
know to look at the picture in the first place?
http://news.bbc.co.uk/1/hi/england/tyne/7378695.stm

They were confiscating sunscreen at Yankee Stadium as an anti-terrorism measure.
This story has a happy ending, though. A day after The New York Post published
this story, Yankee Stadium reversed its ban. Now, if only the Post had that same
effect on airport security.
http://www.nypost.com/seven/07222008/news/...
http://www.schneier.com/blog/archives/2008/06/...
http://www.salon.com/sports/daily/?last_story=/...
Adeona is an open source laptop tracking service.
http://adeona.cs.washington.edu/index.html
http://www.pcworld.com/businesscenter/article/...
From a Washington Post article on terrorist plots, comes this quote: "Batiste
confided, somewhat fantastically, that he wanted to blow up the Sears Tower in
Chicago, which would then fall into a nearby prison, freeing Muslim prisoners
who would become the core of his Moorish army. With them, he would establish his
own country." *Somewhat* fantastically? What would the Washington Post consider
to be truly fantastic? A plan involving Godzilla? Clearly they have some very
high standards. I'm sick of people taking these idiots seriously. This plot is
beyond fantastic, it's delusional.
http://www.washingtonpost.com/wp-dyn/content/...
http://www.schneier.com/blog/archives/2007/06/...

SanDisk has introduced Write-Once Read-Many Memory (WORM) cards for forensic
applications.
http://www.sandisk.com/Corporate/PressRoom/...
Great World War II deception story in an obituary of former OSS agent Roger
Hall. Hall's book about his OSS days, "You're Stepping on My Cloak and Dagger,"
is a must-read.
http://www.philly.com/inquirer/obituaries/...
Video demonstrating how easy it is to social engineer your way into clubs by
pretending you're the DJ.
http://www.5min.com/Video/...

3,000 blank British passports stolen. Looks like an inside job to me.
http://www.time.com/time/world/article/...
http://www.foxnews.com/story/0,2933,393581,00.html
http://news.sky.com/skynews/Home/Politics/...
This is an engaging and fascinating video presentation by Professor James Duane
of the Regent University School of Law, explaining why -- in a criminal matter
-- you should never, ever, ever talk to the police or any other government
agent. It doesn't matter if you're guilty or innocent, if you have an alibi or
not -- it isn't possible for anything you say to help you, and it's very
possible that innocuous things you say will hurt you. Definitely worth half an
hour of your time.
http://video.google.com/videoplay?...
And this is a video of Virginia Beach Police Department Officer George Bruch,
who basically says that Duane is right.
http://video.google.com/videoplay?...

Remember when I said that I keep my home wireless network open? Here's a reason
not to listen to me. "When Indian police investigating bomb blasts which killed
42 people traced an email claiming responsibility to a Mumbai apartment, they
ordered an immediate raid. But at the address, rather than seizing militants
from the Islamist group which said it carried out the attack, they found a group
of puzzled American expats." Of course, the terrorists could have sent the
e-mail from anywhere. But life is easier if the police don't raid *your*
apartment.
http://www.guardian.co.uk/world/2008/jul/29/...
http://www.schneier.com/blog/archives/2008/01/...

Suspect in 2001 anthrax attacks kill self. Fascinating stuff, although this
early story leaves me with more questions than answers.
http://www.cnn.com/2008/CRIME/08/01/...

The U.S. government has published its policy for seizing laptops at borders:
they can take your laptop anywhere they want, for as long as they want, and
share the information with anyone they want.
http://www.washingtonpost.com/wp-dyn/content/...
http://www.cbp.gov/linkhandler/cgov/travel/...
http://yro.slashdot.org/yro/08/08/01/0958242.shtml
http://www.schneier.com/essay-217.html

Schneier misquote:
http://www.schneier.com/blog/archives/2008/08/...

Good perspective on Gary McKinnon's extradition to the United States.
http://www.guardian.co.uk/commentisfree/2008/aug/01/...
Italians use soldiers to prevent crime. More security theater than anything
else.
http://www.nytimes.com/2008/08/05/world/europe/...

Laptop with Trusted Traveler identities lost, presumed stolen, and then found.
http://www.orlandosentinel.com/business/...
http://cbs5.com/local/tsa.security.clear.2.788083.html
http://www.tsa.gov/press/releases/2008/0804.shtm
http://www.schneier.com/blog/archives/2007/01/...
http://www.schneier.com/blog/archives/2008/06/...
http://www.schneier.com/blog/archives/2006/11/...
http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/...
My essay on Trusted Traveler:
http://www.schneier.com/essay-199.html

Lots of NSA forms, obtained via the Freedom of Information Act:
http://www.thememoryhole.org/2008/07/...

Security idiocy story from the Dilbert blog:
http://dilbert.com/blog/entry/true_story/

These indictments against the largest ID theft ring ever were really big news,
but I don't think it's that much of a big deal. These crimes are still easy to
commit and it's still too hard to catch the criminals. Catching one gang, even a
large one, isn't going to make us any safer.
http://www.washingtonpost.com/wp-dyn/content/...
http://money.cnn.com/2008/08/05/news/companies/...
http://technology.timesonline.co.uk/tol/news/world/...
http://www.iht.com/articles/ap/2008/08/06/business/...
http://www.theregister.co.uk/2008/08/06/...
http://ap.google.com/article/...
If we want to mitigate identity theft, we have to make it harder for people to
get credit, make transactions, and generally do financial business remotely.
http://www.schneier.com/blog/archives/2005/04/...

The headline says it all: "'Fakeproof' e-passport is cloned in minutes."
http://www.timesonline.co.uk/tol/news/uk/crime/...
http://www.schneier.com/essay-125.html

DMCA does not apply to the U.S. government:
http://arstechnica.com/news.ars/post/...
Random killing on a Canadian Greyhound bus, and the predictable security
overreaction:
http://www.schneier.com/blog/archives/2008/08/...

The Onion: Are the Chinese Olympics a trap?
http://www.theonion.com/content/video/...

Amber Alerts as security theater:
http://www.boston.com/bostonglobe/ideas/articles/...

Bypassing Microsoft Vista's memory protection:
http://searchsecurity.techtarget.com/news/article/...
http://taossa.com/archive/bh08sotirovdowd.pdf
http://arstechnica.com/news.ars/post/...
Seems like the procedure has changed for flying without ID. Now they ask
personal questions from your credit history.
http://philosecurity.org/2008/08/10/...
This only works if you've lost your ID, not if you refuse to show it.
http://www.schneier.com/blog/archives/2008/06/...

The UK has made public its previously classified National Risk Register. Seems
like the greatest threat to national security is a flu pandemic.
http://www.cabinetoffice.gov.uk/reports/...

Interesting paper on the risk of anthrax as a terrorist weapon:
http://www.stratfor.com/weekly/busting_anthrax_myth

I don't know the details, but detecting pump and dump scams seems like a really
good use of data mining.
http://news.bbc.co.uk/1/hi/technology/7552009.stm
http://news.yahoo.com/s/zd/20080811/tc_zd/230711
Data mining works best when there's a well-defined profile you're searching for,
a reasonable number of attacks per year, and a low cost of false alarms.
http://www.schneier.com/blog/archives/2006/03/...

Over-hyping risks against children, and the effectiveness of giving them cell
phones:
http://www.cnn.com/2008/TECH/ptech/08/11/...

The UK police seized a copy of the War on Terror board game because -- and it's
almost too stupid to believe -- the balaclava "could be used to conceal
someone's identity or could be used in the course of a criminal act." Don't they
realize that balaclavas are for sale everywhere in the UK? Or that scarves,
hoods, handkerchiefs, and dark glasses could also be used to conceal someone's
identity?
http://www.cambridge-news.co.uk/cn%5Fnews%5Fhome/...
Sounds like a fun game, though:
http://www.waronterrortheboardgame.com/
Hacking Mifare Transport Cards

London's Oyster card has been cracked, and the final details will become public
in October. NXP Semiconductors, the Philips spin-off that makes the system, lost
a court battle to prevent the researchers from publishing. People might be able
to use this information to ride for free, but the sky won't be falling. And the
publication of this serious vulnerability actually makes us all safer in the
long run.

Here's the story. Every Oyster card has a radio-frequency identification chip
that communicates with readers mounted on the ticket barrier. That chip, the
"Mifare Classic" chip, is used in hundreds of other transport systems as well --
Boston, Los Angeles, Brisbane, Amsterdam, Taipei, Shanghai, Rio de Janeiro --
and as an access pass in thousands of companies, schools, hospitals, and
government buildings around Britain and the rest of the world.

The security of Mifare Classic is terrible. This is not an exaggeration; it's
kindergarten cryptography. Anyone with any security experience would be
embarrassed to put his name to the design. NXP attempted to deal with this
embarrassment by keeping the design secret.

The group that broke Mifare Classic is from Radboud University Nijmegen in the
Netherlands. They demonstrated the attack by riding the Underground for free,
and by breaking into a building. Their two papers (one is already online) will
be published at two conferences this autumn.

The second paper is the one that NXP sued over. They called disclosure of the
attack "irresponsible," warned that it will cause "immense damages," and claimed
that it "will jeopardize the security of assets protected with systems
incorporating the Mifare IC." The Dutch court would have none of it: "Damage to
NXP is not the result of the publication of the article but of the production
and sale of a chip that appears to have shortcomings."

Exactly right. More generally, the notion that secrecy supports security is
inherently flawed. Whenever you see an organization claiming that design secrecy
is necessary for security -- in ID cards, in voting machines, in airport
security -- it invariably means that its security is lousy and it has no choice
but to hide it. Any competent cryptographer would have designed Mifare's
security with an open and public design.

Secrecy is fragile. Mifare's security was based on the belief that no one would
discover how it worked; that's why NXP had to muzzle the Dutch researchers. But
that's just wrong. Reverse-engineering isn't hard. Other researchers had already
exposed Mifare's lousy security. A Chinese company even sells a compatible chip.
Is there any doubt that the bad guys already know about this, or will soon
enough?

Publication of this attack might be expensive for NXP and its customers, but
it's good for security overall. Companies will only design security as good as
their customers know to ask for. NXP's security was so bad because customers
didn't know how to evaluate security: either they don't know what questions to
ask, or didn't know enough to distrust the marketing answers they were given.
This court ruling encourages companies to build security properly rather than
relying on shoddy design and secrecy, and discourages them from promising
security based on their ability to threaten researchers.

It's unclear how this break will affect Transport for London. Cloning takes only
a few seconds, and the thief only has to brush up against someone carrying a
legitimate Oyster card. But it requires an RFID reader and a small piece of
software which, while feasible for a techie, are too complicated for the average
fare dodger. The police are likely to quickly arrest anyone who tries to sell
cloned cards on any scale. TfL promises to turn off any cloned cards within 24
hours, but that will hurt the innocent victim who had his card cloned more than
the thief.

The vulnerability is far more serious to the companies that use Mifare Classic
as an access pass. It would be very interesting to know how NXP presented the
system's security to them.

And while these attacks only pertain to the Mifare Classic chip, it makes me
suspicious of the entire product line. NXP sells a more secure chip and has
another on the way, but given the number of basic cryptography mistakes NXP made
with Mifare Classic, one has to wonder whether the "more secure" versions will
be sufficiently so.

News:
http://www.guardian.co.uk/technology/2008/jun/26/...
http://www.ru.nl/ds/research/rfid/
http://technology.timesonline.co.uk/tol/news/...
http://www.youtube.com/watch?v=NW3RGbQTLhE
http://news.cnet.com/8301-10784_3-9985886-7.html?...
http://www.secureidnews.com/news/2008/07/10/...
http://news.cnet.co.uk/software/...
http://www.techradar.com/news/world-of-tech/...
One of the papers:
http://www.cs.ru.nl/~flaviog/publications/...

Dutch court ruling:
http://zoeken.rechtspraak.nl/resultpage.aspx?...
Secrecy and security:
http://www.schneier.com/crypto-gram-0205.html#1

Other research on Mifare:
http://www.computerworld.com/action/article.do?...
http://www.cs.virginia.edu/~evans/pubs/usenix08/
http://eprint.iacr.org/2008/166
http://staff.science.uva.nl/~delaat/sne-2006-2007/...
http://www.translink.nl/media/bijlagen/nieuws/...
Chinese compatible chip:
http://www.fmsh.com/english/product_chipcard.php?...
http://www.fmsh.com/english/products/...

This essay originally appeared in the Guardian.
http://www.guardian.co.uk/technology/2008/aug/07/...
Information Security and Liabilities

A recent study of Internet browsers worldwide discovered that over half -- 52%
-- of Internet Explorer users weren't using the current version of the software.
For other browsers the numbers were better, but not much: 17% of Firefox users,
35% of Safari users, and 44% of Opera users were using an old version.

This is particularly important because browsers are an increasingly common
vector for internet attacks, and old versions of browsers don't have all their
security patches up to date. They're open to attack through vulnerabilities the
vendors have already fixed.

Security professionals are quick to blame users who don't use the latest update
and install every patch. "Keeping up is critical for security," they say, and
"if someone doesn't update their system, it's their own fault that they get
hacked." This sounds a lot like blaming the victim: "He should have known not to
walk down that deserted street; it's his own fault he was mugged." Of course the
victim could have �and quite possibly should have � taken further
precautions, but the real blame lies elsewhere.

It's not as if patching is easy. Even in a corporate setting, systems
administrators have trouble keeping up with the never-ending flow of software
patches. There could easily be dozens per week across all operating systems and
applications, and far too often they break things. Microsoft's Automatic Update
feature has automated the process, but that's the exception. Patching is triage,
and administrators are constantly prioritizing it along with everything else
they're doing.

It's the system that's broken. There's no other industry where shoddy products
are sold to a public that expects regular problems, and where consumers are the
ones who have to learn how to fix them. If an automobile manufacturer has a
problem with a car and issues a recall notice, it's a rare occurrence and a big
deal ďż˝ and you can take you car in and get it fixed for free. Computers are
the only mass-market consumer item that pushes this burden onto the consumer,
requiring him to have a high level of technical sophistication just to survive.

It doesn't have to be this way. It is possible to write quality software. It is
possible to sell software products that work properly, and don't need to be
constantly patched. The problem is that it's expensive and time consuming.
Software vendors won't do it, of course, because the marketplace won't reward
it.

The key to fixing this is software liabilities. Computers are also the only
mass-market consumer item where the vendors accept no liability for faults. The
reason automobiles are so well designed is that manufacturers face liabilities
if they screw up. A lack of software liability is effectively a vast government
subsidy of the computer industry. It allows them to produce more products
faster, with less concern about safety, security, and quality.

Last summer, the House of Lords Science and Technology Committee issued a report
on "Personal Internet Security." I was invited to give testimony for that
report, and one of my recommendations was that software vendors be held liable
when they are at fault. Their final report included that recommendation. The
government rejected the recommendations in that report last autumn, and last
week the committee issued a report on their follow-up inquiry, which still
recommends software liabilities.

Good for them.

I'm not implying that liabilities are easy, or that all the liability for
security vulnerabilities should fall on the vendor. But the courts are good at
partial liability. Any automobile liability suit has many potential responsible
parties: the car, the driver, the road, the weather, possibly another driver and
another car, and so on. Similarly, a computer failure has several parties who
may be partially responsible: the software vendor, the computer vendor, the
network vendor, the user, possibly another hacker, and so on. But we're never
going to get there until we start. Software liability is the market force that
will incentivise companies to improve their software quality -- and everyone's
security.

This essay was previously published in the Guardian:
http://www.guardian.co.uk/technology/2008/jul/17/...

House of Lords documents
http://www.publications.parliament.uk/pa/ld200607/...
http://www.official-documents.gov.uk/document/cm72/...
http://www.publications.parliament.uk/pa/ld200708/...
Liability as a way to fix externalities:
http://www.schneier.com/blog/archives/2007/01/...
Software Liabilities and Free Software

Whenever I write about software liabilities, many people ask about free and open
source software. If people who write free software, like Password Safe, are
forced to assume liabilities, they will simply not be able to and free software
would disappear.

Don't worry, they won't be.

The key to understanding this is that this sort of contractual liability is part
of a contract, and with free software -- or free anything -- there's no
contract. Free software wouldn't fall under a liability regime because the
writer and the user have no business relationship; they are not seller and
buyer. I would hope the courts would realize this without any prompting, but we
could always pass a Good Samaritan-like law that would protect people who
distribute free software. (The opposite would be an Attractive Nuisance-like law
-- that would be bad.)

There would be an industry of companies who provide liabilities for free
software. If Red Hat, for example, sold free Linux, they would have to provide
some liability protection. Yes, this would mean that they would charge more for
Linux; that extra would go to the insurance premiums. That same sort of
insurance protection would be available to companies who use other free software
packages.

The insurance industry is key to making this work. Luckily, they're good at
protecting people against liabilities. There's no reason to think they won't be
able to do it here.
Schneier/BT News

Schneier interviewed by RU Sirius, in April:
http://www.rusiriusradio.com/2007/04/02/...
http://www.10zenmonkeys.com/2007/04/10/...
Congratulations to Our Millionth Terrorist!

The U.S terrorist watch list has hit one million names. I sure hope we're giving
our millionth terrorist a prize of some sort.

Who knew that a million people are terrorists. Why, there are only twice as many
burglars in the U.S. And fifteen times more terrorists than arsonists.

Is this idiotic, or what?

Some people are saying fix it, but there seems to be no motivation to do so. I'm
sure the career incentives aren't aligned that way. You probably get promoted by
putting people on the list. But taking someone off the list...if you're wrong,
no matter how remote that possibility is, you can probably lose your career.
This is why in civilized societies we have a judicial system, to be an impartial
arbiter between law enforcement and the accused. But that system doesn't apply
here.

Kafka would be proud.

Okay, so it's not a million people. Seems to be about 400,000 people, only 5% of
Americans. Not that 400,000 terrorists is any less absurd.

"Screening and law enforcement agencies encountered the actual people on the
watch list (not false matches) more than 53,000 times from December 2003 to May
2007, according to a Government Accountability Office report last fall."

Okay, so I have a question. How many of those 53,000 were arrested? Of those who
were not, why not? How many have we taken off the list after we've investigated
them?

http://www.aclu.org/privacy/35968prs20080714.html
http://www.fbi.gov/ucr/cius_04/offenses_reported/...
http://www.fbi.gov/ucr/cius_04/offenses_reported/...
http://www.cnn.com/2008/US/07/16/watch.list/index.html
http://www.propublica.org/article/...
Bob Blakely runs the numbers.
http://notabob.blogspot.com/2008/07/...

Jon Stewart makes fun of the list, too:
http://www.thedailyshow.com/video/index.jhtml?...
TrueCrypt's Deniable File System

Together with Tadayoshi Kohno, Steve Gribble, and three of their students at the
University of Washington, I have a new paper that breaks the deniable encryption
feature of TrueCrypt version 5.1a. Basically, modern operating systems leak
information like mad, making deniability a very difficult requirement to
satisfy.

The students did most of the actual work. I helped with the basic ideas, and
contributed the threat model. Deniability is a very hard feature to achieve.

"There are several threat models against which a DFS could potentially be
secure:

"* One-Time Access. The attacker has a single snapshot of the disk image. An
example would be when the secret police seize Alice's computer.

"* Intermittent Access. The attacker has several snapshots of the disk image,
taken at different times. An example would be border guards who make a copy of
Alice's hard drive every time she enters or leaves the country.

"* Regular Access. The attacker has many snapshots of the disk image, taken in
short intervals. An example would be if the secret police break into Alice's
apartment every day when she is away, and make a copy of the disk each time."

Since we wrote our paper, TrueCrypt released version 6.0 of its software, which
claims to have addressed many of the issues we've uncovered. We did not have
time to analyze version 6.0. But, honestly, I wouldn't trust it.

http://www.schneier.com/paper-truecrypt-dfs.html
http://www.truecrypt.org/docs/?...
http://www.truecrypt.org/docs/?...

Articles:
http://www.darkreading.com/document.asp?...
http://www.pcworld.com/businesscenter/article/...
http://yro.slashdot.org/article.pl?sid=08/07/17/2043248
The DNS Vulnerability

Despite the best efforts of the security community, the details of a critical
Internet vulnerability discovered by Dan Kaminsky about six months ago have
leaked. Hackers are racing to produce exploit code, and network operators who
haven't already patched the hole are scrambling to catch up. The whole mess is a
good illustration of the problems with researching and disclosing flaws like
this.

The details of the vulnerability aren't important, but basically it's a form of
DNS cache poisoning. The DNS system is what translates domain names people
understand, like www.schneier.com, to IP addresses computers understand:
204.11.246.1. There is a whole family of vulnerabilities where the DNS system on
your computer is fooled into thinking that the IP address for www.badsite.com is
really the IP address for www.goodsite.com -- there's no way for you to tell the
difference -- and that allows the criminals at www.badsite.com to trick you into
doing all sorts of things, like giving up your bank account details. Kaminsky
discovered a particularly nasty variant of this cache-poisoning attack.

Here's the way the timeline was supposed to work: Kaminsky discovered the
vulnerability about six months ago, and quietly worked with vendors to patch it.
(There's a fairly straightforward fix, although the implementation nuances are
complicated.) Of course, this meant describing the vulnerability to them; why
would companies like Microsoft and Cisco believe him otherwise? On July 8, he
held a press conference to announce the vulnerability -- but not the details --
and reveal that a patch was available from a long list of vendors. We would all
have a month to patch, and Kaminsky would release details of the vulnerability
at the Black Hat conference early next month.

Of course, the details leaked. How isn't important; it could have leaked a
zillion different ways. Too many people knew about it for it to remain secret.
Others who knew the general idea were too smart not to speculate on the details.
I'm kind of amazed the details remained secret for this long; undoubtedly it had
leaked into the underground community before the public leak two days ago. So
now everyone who back-burnered the problem is rushing to patch, while the hacker
community is racing to produce working exploits.

What's the moral here? It's easy to condemn Kaminsky: If he had shut up about
the problem, we wouldn't be in this mess. But that's just wrong. Kaminsky found
the vulnerability by accident. There's no reason to believe he was the first one
to find it, and it's ridiculous to believe he would be the last. Don't shoot the
messenger. The problem is with the DNS protocol; it's insecure.

The real lesson is that the patch treadmill doesn't work, and it hasn't for
years. This cycle of finding security holes and rushing to patch them before the
bad guys exploit those vulnerabilities is expensive, inefficient and incomplete.
We need to design security into our systems right from the beginning. We need
assurance. We need security engineers involved in system design. This process
won't prevent every vulnerability, but it's much more secure -- and cheaper --
than the patch treadmill we're all on now.

What a security engineer brings to the problem is a particular mindset. He
thinks about systems from a security perspective. It's not that he discovers all
possible attacks before the bad guys do; it's more that he anticipates potential
types of attacks, and defends against them even if he doesn't know their
details. I see this all the time in good cryptographic designs. It's
over-engineering based on intuition, but if the security engineer has good
intuition, it generally works.

Kaminsky's vulnerability is a perfect example of this. Years ago, cryptographer
Daniel J. Bernstein looked at DNS security and decided that Source Port
Randomization was a smart design choice. That's exactly the work-around being
rolled out now following Kaminsky's discovery. Bernstein didn't discover
Kaminsky's attack; instead, he saw a general class of attacks and realized that
this enhancement could protect against them. Consequently, the DNS program he
wrote in 2000, djbdns, doesn't need to be patched; it's already immune to
Kaminsky's attack.

That's what a good design looks like. It's not just secure against known
attacks; it's also secure against unknown attacks. We need more of this, not
just on the internet but in voting machines, ID cards, transportation payment
cards ... everywhere. Stop assuming that systems are secure unless demonstrated
insecure; start assuming that systems are insecure unless designed securely.

Details of the attack:
http://darkoz.com/?p=15
http://blog.invisibledenizen.org/2008/07/...
News articles:
http://news.bbc.co.uk/2/hi/technology/7496735.stm
http://www.doxpara.com/?p=1162
http://www.kb.cert.org/vuls/id/800113
http://www.blackhat.com/html/bh-usa-08/...
http://it.slashdot.org/it/08/07/21/2212227.shtml
http://blog.wired.com/27bstroke6/2008/07/...
http://addxorrol.blogspot.com/2008/07/...
http://blog.wired.com/27bstroke6/2008/08/...

Patch treadmill:
http://www.schneier.com/crypto-gram-0103.html#1

Assurance:
http://www.schneier.com/blog/archives/2007/08/...

The security mindset:
http://www.schneier.com/blog/archives/2008/03/...

Dan Bernstein's work:
http://cr.yp.to/djbdns/forgery.html
http://cr.yp.to/djbdns/dnscache.html

This essay previously appeared on Wired.com:
http://www.wired.com/politics/security/commentary/...
Comments from Readers

There are hundreds of comments -- many of them interesting -- on these topics on
my blog. Search for the story you want to comment on, and join in.

http://www.schneier.com/blog

CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on security: computer and otherwise. You can
subscribe, unsubscribe, or change your address on the Web at
<http://www.schneier.com/crypto-gram.html>. Back issues are also available at
that URL.

Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and
friends who will find it valuable. Permission is also granted to reprint
CRYPTO-GRAM, as long as it is reprinted in its entirety.

CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the best
sellers "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an
inventor of the Blowfish and Twofish algorithms. He is the Chief Security
Technology Officer of BT (BT acquired Counterpane in 2006), and is on the Board
of Directors of the Electronic Privacy Information Center (EPIC). He is a
frequent writer and lecturer on security topics. See <http://www.schneier.com>.

Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily
those of BT.

Copyright (c) 2008 by Bruce Schneier.

============================================================

            EDRI-gram

biweekly newsletter about digital civil rights in Europe

     Number 6.15, 30 July 2008


============================================================
Contents
============================================================

EDRi receives a 15Keuros donation from XS4ALL and its customers
1. Extension of the copyright term for performers and record producers
2. France: more than 50 000 signatures against EDVIGE
3. University researcher may publish their findings on NXP Mifare chip
4. France pushes for ISPs' involvement in fighting illegal file sharing
5. EC wants to provide freedom for the authors from collecting societies
6. Hungarian Competition Office challenges the Microsoft deal
7. FRA has a long history of spying on Swedes
8. Macedonia: Public outcry over new legislation for preventive surveillance
9. Serbian Telecom Agency publishes Internet traffic interception rules
10. Recommended Action
11. Recommended Reading
12. Agenda
13. About

============================================================
EDRi receives a 15Keuros donation from XS4ALL and its customers
============================================================

In the beginning of May 2008, a critical network error caused an Internet
blackout for a great number of people in the Netherlands. The problem,
by some said to be the biggest in internet history in Holland, caused
over a hundred thousand DSL lines to be disconnected for up to four
days, among them many subscribers to Dutch Internet provider XS4ALL.

After the problem had been found and fixed, XS4ALL sent its customers a
letter to apologise and offered them a present to make up for all the
inconvenience the problem had caused. Since freedom and privacy
have been key values for XS4ALL ever since its beginning in 1993,
customers could also, instead of the present, choose to have a donation
made in their name to one of three organisations: EDRi, Press Now or
Amnesty International. This has resulted in a donation of 15 262,50 euro to
EDRi. A nice outcome of such an unpleasant incident!

EDRi would like to express its thanks to XS4ALL and its customers for
this donation. The association is proud that it has been selected as
beneficiary by XS4ALL and its customers, together with only two other
prestigious organizations. This reveals the importance of the digital
rights issues, and acknowledges the work of EDRi since its creation in
June 2002.

Recent examples for issues EDRi is working on are the mandatory
retention of communication traffic data, the EU-USA agreement on the
access to Passenger Name Records (PNR) and the Pr|m treaty on the
exchange of biometric data amongst EU member states. But also
technological developments like the upcoming widespread
deployment of RFID applications demand attention with regard to threats
for data protection, individuals privacy and security.

EDRi has observer status to the World Intellectual Property Organization
and to Council of Europe Group of specialists on human rights in the
information society, and is a member of the European Commission Expert
Group on RFID. EDRi members have played a key role in civil society
participation to the United Nations World Summit on the Information
Society (WSIS), most notably with the organization and leadership of two
civil society caucuses, on human rights in the information society and
on privacy and security issues. They currently are among the main civil
society actors in WSIS follow-up process, especially the United Nations
Internet Governance Forum.

In a context where civil liberties are more and more threatened in the
digital world, EDRi will use this generous support from XS4ALL and its
customers to pursue its actions and to set up new projects and campaigns.

Individual donations are an important source of funding for EDRi that
are also crucial to enable our regular activities like the publication
of our bi-weekly newsletter EDRi-gram while maintaining our independent
position.

If you also want to support our activities, please direct your donations
to EDRi's bank account at the KBC Bank Auderghem-Centre, Chaussie de
Wavre 1662, 1160 Bruxelles, Belgium

Name: European Digital Rights AISBL
Bank account nr.: 733-0215021-02
IBAN: BE32 7330 2150 2102
BIC: KREDBEBB

For more information please consult http://www.edri.org/about/sponsoring
where you also find information on how to get in contact with us.

XS4ALL announcement (only in Dutch, 07.07.2008)
http://www.xs4all.nl/nieuws/bericht.php?msect=nieuws&id=992&taal=nl

============================================================
1. Extension of the copyright term for performers and record producers
============================================================

On 16 July 2008, disregarding the well substantiated findings and opinions
of the Amsterdam Institute for Information Law, the Cambridge Study for the
UK Government and the Bournemouth University statement signed by 50 leading
academics in June 2008, the European Commission (EC) adopted an initiative
proposing the extension of the copyright term for the recorded performances
as well as records.

Actually, two initiatives were adopted by the European Commission
related to copyright, proposing the extension of the copyright term for the
recorded performances and phonograms and the harmonisation of the
copyright term to cover co-written works as well. The EC also adopted a
Green Paper on Copyright in the Knowledge Economy.

"The copyright measures adopted today should underline that we take a
holistic approach when it comes to intellectual property. The proposal on
term extension has a strong social component and the Green Paper is deeply
embedded in the overall societal and knowledge context. (...) I am committed
to concentrate all necessary efforts to ensure that performers have a decent
income and that there will be a European-based music industry in the years
to come," stated Internal Market and Services Commissioner Charlie McCreevy.

The EC proposition is to extend the term of protection for the recorded
performances and the records from 50 to 95 years. From the
proposal would thus benefit not only the performers but also the record
producers. The justification of the measure is that the performers should be
able to benefit from their work even in the old age and that the record
producers may obtain additional revenues under the conditions of a decline
of the physical sales and a relatively slow growth on the online sales. The
initiative has also in view to harmonise the way of calculating the term of
protection to cover the collective works, proposing that the term of
protection of a musical composition should expire 70 years after the death
of the last surviving author, whether it refers to the lyrics author or the
music composer.

The concerns raised by the initiatives adopted by the EC are very serious:
"This Copyright Extension Directive, proposed by Commissioner McCreevy, is
likely to damage seriously the reputation of the Commission. It is a
spectacular kowtow to one single special interest group: the multinational
recording industry (Universal, Sony/BMG, Warner and EMI) hiding behind the
rhetoric of aging performing artists" says a letter sent on 18 July 2008 by
the leading European centres for intellectual property research addressed to
EU Commission President Jose Manuel Barroso.

The letter includes an impact assessment of the negative effects of the
proposal. "The Commission is required to conduct an impact study for each
directive it proposes. We, the leading European centres for intellectual
property policy research, have collectively reviewed the empirical evidence.
Our findings are unanimous. The proposed Copyright Extension Directive will
damage European creative endeavour and innovation beyond repair."

In a letter sent to The Times, the group of intellectual property research
centres considers the copyright extension is beneficial mostly for rights
holders doing nothing for innovation and creativity. The signatories believe
the proposed copyright system will alienate the younger generation even
more. They believe that other measures would be more appropriate to support
the aging performers as well as the young ones. The copyright term is meant
to balance the interests of consumers and creators and granting further
intellectual property rights without a proper basis is not beneficial to the
competitiveness of the EU either. The commission should not take the record
industry's word claiming that by this extension the consumer prices will not
rise, that performing artists will earn more, and the record industry will
invest in discovering new talents (as if a 50 year period was not enough for
that).

The EU proposal will further on proceed to the Council of Ministers and
the European Parliament.

Intellectual Property: Commission adopts forward-looking package
(16.07.2008)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/08/1156&format=HTML&a\
ged=0&language=EN&guiLanguage=fr

EU Commission proposes copyright term extension and ignores all the evidence
(16.07.2008)
http://www.soundcopyright.eu/blog/eu-commission-proposes-copyright-term-extensio\
n-and-ignores-all-evidence

Term Extension "will damage Commission's reputation", top legal advisers
tell Barroso (18.06.2008)
http://www.soundcopyright.eu/blog/term-extension-will-damage-commissions-reputat\
ion-top-legal-advisers-tell-barroso

Letter of Group to Barroso (16.06.2008)
http://www.openrightsgroup.org/wp-content/uploads/sound-recordings-barroso.pdf

Creativity stifled? A Joined Academic Statement on the Proposed Copyright
Term Extension for Sound Recordings (16.06.2008)
http://www.cippm.org.uk/images/Bournemouth%20Statement.pdf

Copyright extension is the enemy of innovation - Letter to The Times
(21.07.2008)
http://www.timesonline.co.uk/tol/comment/letters/article4374115.ece

ALCS study - Authors' earnings from copyright and non-copyright sources: A
survey of 25,000 British and German writers (13.07.2007)
http://www.cippm.org.uk/publications/alcs/ACLS%20Full%20report.pdf

EDRI-gram: ENDitorial: The battle for Sound Copyright (12.03.2008)
http://www.edri.org/edrigram/number6.5/battle-sound-copyright

============================================================
2. France: more than 50 000 signatures against EDVIGE
============================================================

The mobilization against EDVIGE, the newly created database to be used by
French intelligence services and the administrative police, has been
growing. Within only two weeks, the petition was signed by more than 50 000
individuals and 500 organizations.

French Parliamentarians are also standing up against EDVIGE: not only more
than 40 of them have signed the petition, but 10 have addressed written
questions to the French Interior Minister, to ask for the withdrawal of this
file.

Complaints against the French government have also started. Lesbian and gay
associations are asking the HALDE (High Authority for the Fight against
Discriminations) to give its opinion on the fact that EDVIGE will retain
data on the sexual orientation and health. Other complaints are starting to
be filed with the French highest administrative court for the annulment of
the decree creating EDVIGE.

It also seems that the French government is trying to circumvent the French
Data Protection Authority (CNIL) in the future. Following an inquiry from
the HALDE president, French Minister of Interior Michhle Alliot-Marie
proposed that the HALDE be consulted prior to any new database creation,
while this is actually the CNIL legal attribution. The HALDE indicated that
it has never formulated such a request.

This is happening while the French Congress has just approved, with only a
two votes majority, important changes in the Constitution. One of them is to
replace many independent administrative authorities by a single "Fundamental
Rights Defender", to be nominated by the French president and whose role
would be to control the respect of fundamental rights by the administration,
and report only to the president and to the Parliament. While the list of
existing authorities to be replaced by this new institution is still to be
determined by law, one may wonder whether the HALDE and the CNIL will still
exist in their current form, and whether such a change would strengthen or,
on the contrary, weaken their current prerogatives.

EDRi-gram: Enditorial: Massive Mobilization Against Edvige, The New French
Database (16.07.2008)
http://www.edri.org/edrigram/number6.14/edvige-french-database

Newropeans : Edwige : Sarkozy, the current EU chairman, tries to set up a
police state in France (18.07.2008)
http://www.newropeans-magazine.org/content/view/8379/1/

Heise: Frankreich: Geheimdienst-Datenbank "Edvige" beunruhigt die
Vffentlichkeit (in German only, 23.07.2008)
http://www.heise.de/newsticker/Frankreich-Geheimdienst-Datenbank-Edvige-beunruhi\
gt-die-Oeffentlichkeit--/meldung/113202

'Non ` EDVIGE': Petition website, with actions, press releases and press
articles (only in French, since 10.07.2008)
http://nonaedvige.ras.eu.org/

(Contribution by Meryem Marzouki, EDRI-member IRIS- France)

============================================================
3. University researcher may publish their findings on NXP Mifare chip
============================================================

On 18 July 2008, the Dutch Court in Nijmegen dismissed the initial claim in
its preliminary ruling in the case of Chip maker NXP against the publication
by the University of Nijmegen of the security problems regarding Mifare
Classic Chip, dismissing the initial claim.

NXP had asked the judge to order the University of Nijmegen to stop the
publication of its research results on the way to crack the security of
cards using the NXP chip, arguing that the publication would allow law
infringers to easily break into security systems and to fraudulently use the
public transportation. In NXP's opinion, the publication would cause
considerable damage and security risks for NXP and users all over the world.

The Rechtbank Arnhem court decided that prohibiting the publication of the
University article would violate the researcher's freedom of expression
covered by article 10 of the European Convention of Human Rights.
Restrictions in such matters are applicable only in order to protect a
pressing social need which has to be convincingly demonstrated.

The judge's opinion was that Radboud University Nijmegen had acted with due
care and that the publication of the results of scientific research and the
information of the public about the serious deficits of the chip serves
great interests and helps in taking measures against the risks of the
security leak of the respective chip. The potential damage that NXP claims
is not a result of the publication of the research results but of the
production of a chip that has shown deficiencies, which is the
responsibility of NXP itself.

"I don't think anyone truly believes you can prevent reverse engineering
techniques from being published," said Karsten Nohl who worked at breaking
the algorithm of the chip last year at the Last HOPE hacker conference on 18
July. "I'm very happy that the court upheld the right to open research and
freedom of publication. (...) I'm also happy that the court understood that
publishing vulnerabilities is a crucial part of the evolution of security
and a different court outcome would have slowed down that evolution of smart
card security and left too many systems vulnerable" he said to CNET News.

NXP was disappointed at the ruling saying that the changing of the system
will not be easy for all users of the system; for some the amendment will
take months but for others it is going to take years.

Henri Ardevol, general manager of automatic fare collection for NXP, stated:
"Migration to a different format is one option. (...) We introduced Mifare
Plus earlier this year, and it is designed to help migrate from Mifare
Classic to a higher level of security...We will be developing plans for how
to guide these migrations." He also said it was too early to say whether NXP
would appeal the ruling.

The article will be published at the beginning of October 2008 during a
scientific conference in Malaga, Spain.

Dutch Scientists Can't Be Blamed for Deficient Mifare Chip (18.07.2008)
http://www.jorisvanhoboken.nl/?p=183

Dutch court allows publication of Mifare security hole research (18.07.2008)
http://news.cnet.com/8301-1009_3-9994120-83.html

Oyster hack will be published, rules Dutch court (22.07.2008)
http://www.out-law.com/page-9279

Radboud University Nijmegen Press release - Security Flaw in Mifare Classic
(18.07.2008)
http://www.ru.nl/english/general/radboud_university/vm/press_release_july/

EDRIgram - Dutch University sued to stop publishing research on chip
technology (16.07.2008)
http://www.edri.org/edrigram/number6.14/dutch-university-chip

============================================================
4. France pushes for ISPs' involvement in fighting illegal file sharing
============================================================

Christine Albanel, the French Minister of Culture and Communication, has
gathered her European homologues for an informal meeting in Versailles on 21
and 22 July 2008 in an attempt to push the French Hadopi law model to be
embraced by Europe.

Some of the main issues approached during the meeting were piracy,
telecommunications reform, the European Heritage Label project and the
illegal trafficking of culturally significant objects. Much of the
discussions at the meeting turned around copyright and illegal file sharing
over the Internet. Without being discouraged by the very large opposition to
the Creation and Internet draft law (so called Hadopi law), the French
Minister took again the opportunity to offer Europe the French system as its
contribution to the EU Telecommunication Package.

Albanel expressed her concern on the lack of consistency and harmonization
of the methods to fight illegal file sharing at the European level: "The
fight against pirating music, audiovisual and cinema works has imposed
itself in our debates as stakes of prime importance. (...) It is indubitably
a complex and delicate issue the solution of which will not reside on a
single category of player but, on the contrary, on an increased cooperation
between various involved parties."

The Minister continued to underline the importance of the ISPs in the fight
against illegal file sharing: "the Internet access providers and the
telecom operators have to play an active role - as some of them do
individually or within the framework of inter-professional agreements -, in
making their subscribers aware and systematically supplying them with
information" referring here to the gradual response system proposed by the
French law which will oblige the operators and ISPs to send warning messages
issued by the High Authority for work dissemination and protection of
copyright (HADOPI). The text of the draft law is still facing opposition
from EPs, ISPs and consumer associations.

Ministers at the meeting agreed on the "need to inform" society of the
consequences of Internet piracy and underlined the need to maintain the
balance between economic constraints and public-interest objectives.
Commissioner Viviane Reding proposed that ISPs be obliged to inform clients
on the legislation related to copyright and the "consequences of
piracy" when signing a contract.

Some "anti-piracy" measures might appear in the Telecom Package that will be
debated by the European Parliament on 22 September 2008. Also this Autumn,
the French Senate will make the first reading for the Hadopi law.

In the meantime, the UK Government has issued for public consultation
a document on the legislative options to address illicit P2P file-sharing.
(see the Recommended Action section in this EDRi-gram).

Main results of the informal meeting of Ministers for Culture and
Audiovisual Affairs - Versailles, 21-22 July 2008
http://www.eu2008.fr/PFUE/cache/offonce/lang/en/accueil/PFUE-07_2008/PFUE-22.07.\
2008/informelle_des_ministres_de_la_culture_et_de_l_audiovisuel__principaux__res\
ultats;jsessionid=15E08D403A01319B9AD918EDDA626E8C

Internet Piracy: the providers must inform their clients (only in French,
23.07.2008)
http://afp.google.com/article/ALeqM5jzoG9VuGSqhNaeYfGrbjbwqzZNfg

Piracy: Bruxelles wants to inform, Paris wants an active role of ISPs
(only in French, 24.07.2008)
http://www.silicon.fr/fr/news/2008/07/24/piratage___bruxelles_veut_informer__par\
is_souhaite_un_role_actif_des_fai

Hadopi law: the ISPs show their mistrust (only in French, 25.06.2008)
http://www.silicon.fr/fr/news/2008/06/25/loi_hadopi_les_fai_affichent_leur_defia\
nce

Hadopi: is it for ISPs to educate Internet users? (only in French,
24.07.2008)
http://www.neteco.com/152896-hadopi-fai-eduquer-internaute.html

Piracy: Christine Albanel gives a lecture to her European colleagues
(only in French, 23.07.2008)
http://www.zdnet.fr/actualites/internet/0,39020774,39382432,00.htm

EDRIgram - France promotes the three-strike scheme in Europe (2.07.2008)
http://www.edri.org/edrigram/number6.13/france-europe-3-strikes

============================================================
5. EC wants to provide freedom for the authors from collecting societies
============================================================

Against the high pressure from rights managers, the European Commission
decided to ban certain copyright handling practices, mainly the obligation
of an author not to move from a collective society to another.

On 16 July 2007, Competition Commissioner Neelie Kroes asked 24 European
collecting societies managing copyright on behalf of music authors to
eliminate the clause from their contracts preventing authors from moving to
another collecting society.

The Commission had opened an investigation following complaints from
broadcasting group RTL and the UK online music provider Music Choice. In
February 2007, the Commission sent a formal statement of objections to the
International Confederation of Societies of Authors and Composers (CISAC)
regarding the restrictiveness of certain business practices. In March 2007,
CISAC proposed a set of draft commitments that the EU executive decided to
market-test on 14 June 2007. On 10 July 2007, a large coalition of
broadcasting corporations and telecoms providers sent a letter to Commission
President Josi Manuel Barroso and Competition Commissioner Neelie Kroes,
protesting against CISAC commitments and urging the EU executive not to
accept settlement proposals.

The Commission believes the present proposed measure is meant to support the
authors, who will be free to choose what collecting society they want. The
Commission also asks for the elimination of the territorial restrictions
preventing a collecting society from offering licences to commercial users
outside their domestic territory. The EC considers that the territorial
restrictions introduced by 17 collecting societies in their contracts lead
to a strict segmentation of the market on a national basis. The result is
that a commercial user such as RTL wanting to provide pan-european services
will have to negotiate separately with each national collecting society.

Competition Commissioner Neelie Kroes said: "This decision will benefit
cultural diversity by encouraging collecting societies to offer composers
and lyricists a better deal in terms of collecting the money to which they
are entitled. It will also facilitate the development of satellite, cable
and internet broadcasting, giving listeners more choice and giving authors
more potential revenue. However, the Commission has been careful to ensure
that the benefits of the collective rights management system are not put
into question in terms of levels of royalties for authors and available
music repertoire."

CISAC argues that "the principle that creators are free to join whatever
society they choose is already well established and widely applied by
societies throughout the EEA.  As for the issue of exclusivity, the EEA
societies have accepted for decades that contracts between them should be
based on non-exclusive arrangements." In CISAC's opinion, the decision will
"inevitably lead to a catastrophic fragmentation of repertoire and therefore
to legal uncertainty for music users".

The European Composer and Songwriter Alliance (ECSA) has also criticized the
Commission's decision considering it "an attack on cultural diversity"
because it will affect small and medium-sized businesses and individual
writers. On 3 July 2008, ECSA threatened to "play havoc" with the music
market in case the Commission proceeded with the decision. David Ferguson, a
film and television composer, spokesman for ECSA, said the ban would concern
the growing markets of online, cable and satellite retransmission of music
and not the traditional forms of exploitation.

Kroes's spokesperson accused ECSA of speaking only on behalf of the large
collecting societies, failing to represent the wider category of music
authors.

The decision applies immediately and the collecting societies have 120 days
to inform the Commission about the implementation of the requested measures.

Commission cracks down on music copyright managers (17.07.2008)
http://www.euractiv.com/en/infosociety/commission-cracks-music-copyright-manager\
s/article-174307?Ref=RSS

Antitrust: Commission prohibits practices which prevent European collecting
societies offering choice to music authors and users (16.07.2008)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/08/1165&format=HTML&a\
ged=0&language=EN&guiLanguage=en

ECSA: response to European Commission antitrust decision (16.07.2008)
http://www.britishacademy.com/public-news/ecsa-press-release-in-response-to-ec-a\
ntitrust-decision.html

Proposed Commitments for Performing Rights under Article 9 of Regulation
no.1/2003 (7.03.2007)
http://ec.europa.eu/comm/competition/antitrust/cases/decisions/38698/commitments\
.pdf

CISAC regrets the European Commission's decision concerning reciprocal
representation contracts (16/07/08)
http://www.cisac.org/CisacPortal/listeArticle.do?numArticle=900&method=afficherA\
rticleInPortlet

Music authors 'at war' with Commission over copyrights (4.07.2008)
http://www.euractiv.com/en/infosociety/music-authors-war-commission-copyrights/a\
rticle-173925

============================================================
6. Hungarian Competition Office challenges the Microsoft deal
============================================================

The public procurement procedure of 25 billion HUF (approx. 100 million
euro) for the supply of "Microsoft or other equivalent solutions" was
published in January 2008 in the Tenders Electronic Daily, Supplement to the
Official Journal of the EU. After the successful closing of the procedure,
three companies distributing open source software challenged the result.
They argued that the tender was anti-competitive, because Microsoft products
were directly favoured in the procedure.

The Hungarian Public Procurement Authority refused the request to annul the
procedure. This latter decision has been challenged by the Hungarian
Competition Office (HCO) before the court. HCO claims that the tender
infringed the principle of equal treatment and was restrictive on
competition. The first court hearing was held on 8 July 2008, but no
judgement was made. The next hearing will be held this Autumn.

Neither Microsoft nor the open source software companies are directly
involved in the legal dispute; however if the court decides in favour of the
HCO, the judgement may change the current practice on public procurement of
software in Hungary. It has been an established custom in public procurement
of software that some well-known software or software manufacturers are
expressly mentioned in the calling for tenders. The State's main argument is
that it is merely a practical way to provide the specifications of the
tender. Depending on the final outcome of the ongoing proceedings, this
practice may need to be reconsidered in order to avoid possible legal
disputes based on competition infringement claims.

Simultaneously with the court proceedings, the three companies (ULX Kft.,
Multiracis Kft. and Open SKM) requested the European Commission and
personally Neelie Kroes, the Competition Commissioner, to take the
appropriate steps to put an end to this unlawful situation.

Hungarian companies send complaint to the European Commission on Microsoft's
monopoly (3.06.2008)
http://www.openskm.com/doc/pressrelease_ec.pdf

Something Rotten in Hungary (21.05.2008)
http://www.theserverside.com/news/thread.tss?thread_id=49451

EDRi-gram: Microsoft appeals the EC fine but faces even more complaints
(21.05.2008)
http://www.edri.org/edrigram/number6.10/microsoft-ec-fine

(contribution by Laszls Psk - Lexical Lawyers Association - Hungary)

============================================================
7. FRA has a long history of spying on Swedes
============================================================

The Swedish National Defence Radio Establishment FRA that has made the
headlines last month with its law on spying on all communication, has
recently announced that it has reported a blogger to the Chancellor of
Justice for distributing what they consider classified material proving
the Agency was spying on Swedes starting with 1996.

Henrik Alexandersson is the name of the blogger that criticized the new FRA
surveillance law. He published two lists of FRA's alleged
classified material on his blog. The first document is a list of 103 Swedish
citizens that were under surveillance in the early 90's for having contacts
with Russia. The other publication is a list of connections between Russian
and Swedish corporations from 1996, which may imply that FRA was illegally
listening to cable bound traffic.

According to FRA's director-general Ingvar Ekesson all surveillance material
regarding personal acts are destroyed after 18 months, although these
documents imply that this isn't the fact.

Alexandersson explained on his blog that he was not worried about FRA's
complaint: "My comment is that it seems that FRA is trying to scare and
threaten me to silence. This is something I won't accept. The documents stay
on the blog."

"They want to shift focus from how they misbehaved to chopping the head off
of the messenger. I don't think that they see the PR-related difficulties
with going out and trying to throw a blogger in prison." he added in a
declaration for Medievdrlden.

On the other hand, one of the people on the list made public by
Alexandersson has reported FRA to the Chancellor of Justice claiming that he
was under illegal surveillance in the 1990s for doing business with Russia.

FRA is still under pressure following its new legislation that broadens
substantially its powers to intercept data in the area of Internet
communications. The answer to a written question from MEP Benont Hamon shows
that the Commission has not been informed so far by Sweden regarding this
normative act.

FRA: 103 intercepted Swedes (only in Swedish, 18.07.2008)
http://henrikalexandersson.blogspot.com/2008/07/fra-103-avlyssnade-svenskar.html

Evidence that the FRA has already spy of cable? (only in Swedish,
24.07.2008)
http://henrikalexandersson.blogspot.com/2008/07/beviset-p-att-fra-lyssnat-i-kabe\
l.html

FRA reports blogger to Justice Chancellor (28.07.2008)
http://www.thelocal.se/13322/20080728/

FRA stores Swedish telephone calls and e-mails (only in Swedish, 24.06.2008)
http://svt.se/svt/jsp/Crosslink.jsp?a=1175152

WRITTEN QUESTION by Benont Hamon (PSE) to the Commission
Subject: Swedish Government plan to broaden the remit of the intelligence
agency FRA(17.06.2008)
http://www.europarl.europa.eu/sidesSearch/search.do?type=QP&language=EN&term=6&a\
uthor=28159#

EDRi-gram: ENDitorial: Sweden is listening to all internet and phone
conversations(2.07.2008)
http://www.edri.org/edrigram/number6.13/sweden-fra-adoption

(contribution by Josef Andersson - Sweden)

============================================================
8. Macedonia: Public outcry over new legislation for preventive surveillance
============================================================

Several leading human rights NGOs from Macedonia issued a reaction to
the Parliament and the Government of Republic of Macedonia on 24 June 2008,
regarding the recent changes in the Law on Criminal Procedure and the Law on
Interception of Communications, allowing special investigative measures
(such as surveillance).

The Foundation Open Society Institute - Macedonia, the Association for
Criminal Justice and Criminology of Macedonia and the Helsinki Committee for
Human Rights of the Republic of Macedonia expressed deep concern because of
the fast-track adoption of changes in the legislation "without no expert
discussion whatsoever." These changes can turn Macedonia from a state based
on a rule of law into a "police state unconcerned with respect of basic
human rights and freedoms."

As a result of expert analysis of the new legislation, the signatories
stated: "Besides enlarging the possibility for implementation of special
investigative procedures for crimes outside of the sphere of organized
crime, these changes also allow wide preventive implementation of these
measures, even in cases without reasonable doubt of hard crimes and
corruption. These changes are not in line with the European and world human
rights standards, nor are common as acceptable method for fighting crime and
corruption."

A similar manner of adopting the new version of the Law on
Interception of Communications is also expected these days. The current
draft also raises serious concerns regarding abuse of privacy.

NGO representatives require that the adoption of this type of
legislation should be accompanied by "widespread expert and scientific
public discussion involving the institutions of the judiciary and the civil
society, through a democratic process aiming to achieve reasonable balance
between the efficiency in fighting crime and corruption, and the basic human
rights of privacy."

The EDRi-member Metamorphosis Foundation also voices concern from the
perspective of the development of the information society, especially
because the changes in the legislation do not define the mechanisms to
control and prevent arbitrary abuse of the new powers, and because the
minimum standards for public consultation including all stakeholders have
not been met during the drafting and adoption. New technologies enable easy
ways that directly influence the lives of the growing number of Internet
users in Macedonia, which can involve privacy abuse; therefore carrying out
the legislative process in an inclusive and transparent manner is of special
significance.

Popular Macedonian bloggers also voiced concern due to an unexplained
drastic increase of the state security budget (from about 0.4 million euro
to over 24 millione euro) and the changes in the Law on Criminal Procedure
which provide extremely wide powers to implement surveillance. The links to
such posts received high number of votes on the social bookmarking service
Kajmak.ot.

The influential blog Vuna reacted: "they raised the secret police
budget 60 times. Nobody offered an explanation. I wonder if they work 60
times more secretive, or will they survey 60 times more people. This is an
introduction to a dystopian scenario."

The blogger Volan synthesised the information from the traditional
media on the changes of the Law on Criminal Procedure via links and quotes
in the post "'The Big Ears' - legalized. The Big Brother watches, listens
and records - legally this time. "providing space for discussion used by
tens of readers who posted various comments".

(Contribution by Filip Stojanovski, EDRI-member Metamorphosis - Macedonia)

============================================================
9. Serbian Telecom Agency publishes Internet traffic interception rules
============================================================

Serbia's Republic Agency for Telecommunications (RATEL) published on 21 July
2008 a document of Instructions for Technical Requirements for Subsystems,
Devices, Hardware and Installation of Internet Networks. The document
explains the technical requirements for authorized monitoring of some
telecom services and provides a list of obligations for the telecom
operators.

According with the present text, the ISPs will have to let the police access
their databases, including users' e-mail content or browsing history. This
regulation seems to be the Serbian version of the data retention directive,
since the scope is defined as fighting cyber crime and terrorism.

Danica Radovanovic explains on his blog at GlobalVoices what are the present
requirements: "Internet Service Providers (ISP) are obligated to enable
governmental bodies to access updated databases with personal data on users,
contracts, maximum speed of data transfer, identification addresses as well
as access to database about email users. ISPs are also obligated to provide
hardware and software for passive monitoring in real time, collecting and
analysing Internet activities, statistics, interception of email,
attachments, web mail, IP video traffic, phone traffic, interception of IM
traffic, peer-to-peer networks, service of email and forwarding the email
content towards the centre of governmental bodies for supervision. Technical
requirements (hardware and software) should enable reconstruction of traffic
interception up to the level of application and filtering within these
criteria: user name, user phone number, email address, IP address, MAC
address, IM identification."

So far it is not clear what are the specific institutions that could access
those data and under what circumstances, since the document made available
by RATEL includes only the technical requirements. According to a
declaration made for B92 by RATEL chairman Jovan Radunovic: "If they (state
institutions) get a court order then they can monitor the location that one
uses the internet from, and only then they can view the content. These rules
are not under RATEL's jurisdiction. RATEL has, in order to provide
protection from terrorism, enabled the state organs to do this. We expect
they will respect all privacy rules"

Serbia: New Instructions and Law Regulations on Online Privacy (26.07.2008)
http://globalvoicesonline.org/2008/07/26/serbia-new-instructions-and-law-regulat\
ions-on-online-privacy/

State to have access to e-mails, browsing history (28.07.2008)
http://www.b92.net/eng/news/society-article.php?yyyy=2008&mm=07&dd=28&nav_id=522\
60

RATEL's new law and our privacy (25.07.2008)
http://www.jazzva.com/2008/07/25/ratels-new-law-and-our-privacy/

Document of Instructions for Technical Requirements for Subsystems, Devices,
Hardware and Installation of Internet Networks (only in Serbian, 21.07.2008)
http://www.ratel.org.rs/editor_files/File/dozvole/uputstva/Tehnicki_uslovi_za_in\
ternet.pdf

============================================================
10. Recommended Action
============================================================

UK consultation on legislative options to address illicit P2P file-sharing
http://www.berr.gov.uk/consultations/page47141.html
Other opinions
http://www.openrightsgroup.org/2008/07/24/government-to-consult-on-legislation-t\
o-curb-illicit-filesharing-as-industry-agrees-voluntary-scheme/
http://www.theregister.co.uk/2008/07/25/three_strikes_dead_hurrah

============================================================
11. Recommended Reading
============================================================

The Commission (DG markt) - Green Paper on Copyright in the Knowledge
Economy.

The Green Paper focuses on the role of copyright in fostering dissemination
of knowledge for research, science and education. The Green Paper is
intended as the starting point for a structured debate on the long-term
future of copyright policy in these fields. Copyright policy has
increasingly emerged as a transversal issue, involving not only the internal
market and cultural policies but also information society, competition and
consumer interests. The Green Paper is an attempt to organise this debate
and point to future challenges in fields that have not been a focal point up
to now, e.g. scientific and scholarly publishing, and the role of libraries,
researchers and the persons with a disability.
http://ec.europa.eu/internal_market/copyright/docs/copyright-infso/greenpaper_en\
.pdf

============================================================
12. Agenda
============================================================

3-5 September 2008, Prague, Czech Republic
The Third International Conference on Legal, Security and Privacy Issues in
IT
http://www.lspi.net/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/

19 September 2008, Brussels, Belgium
High Level Expert Conference: Towards a European Policy on RFID
http://www.rfid-in-action.eu/conference

22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/

24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm

11 October 2008, Worldwide
Action day "Freedom not fear"
Protests, demonstrations and activities against the surveillance mania
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

15-17 October 2008, Strasbourg, France
30th International Data Protection and Privacy Conference
http://www.privacyconference2008.org/

20-21 October 2008, Strasbourg, France
European Dialogue on Internet Governance (EuroDIG)
http://www.eurodig.org/

3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org

10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology, and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference

============================================================
13. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram@...>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request@...
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request@...
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

http://specials.rediff.com/money/2008/jul/29cyber.htm

Anish Mohammed wrote:
>
>
> Hi Sarad,
>   Tom bearson had done an analyis of Skype protocol. I had met him at
> Asiacrypt, he seems to give the impression that he was surprised at the
> good quality of code and protocol.
> regards
> Anish

    Sure. however, that was in 2005, and they have released new versions
several times since then - more than enough opportunity to add a
backdoor to the code. Like most closed-source crypto, even when audited,
you can only trust the exact audited release, not a point release beyond
it (and often, are forced to trust that the compiled binary you have
matches the source that was audited anyhow)

    It is interesting to note that skype, mere days post audit, "had to"
rush out a bugfix release to fix a previously unknown buffer overflow.
To be fair to tom, the overflow was almost certainly (like the more
recent issue with file transfers) in an externally called dll from the
os (so wasn't part of his remit) but even so - the audited version was
available for less than a month after the release of the audit, then
everyone was advised to upgrade urgently....

http://www.heise.de/english/newsticker/news/113353

http://code.google.com/p/obstcp/

Found it an interesting read. If you are working on deniable
cryptography, you might too

http://www.schneier.com/paper-truecrypt-dfs.pdf

http://yro.slashdot.org/yro/08/07/17/2043248.shtml

============================================================

            EDRI-gram

biweekly newsletter about digital civil rights in Europe

     Number 6.14, 16 July 2008


============================================================
Contents
============================================================

1. Vote in the EP committees on the Telecom Package
2. Dutch University sued to stop publishing research on chip technology
3. Russian blogger sentenced for comments on the blog
4. Copiepresse attacks EC for copyright infringement, but gets dismissed
5. Complaint against the French govt to annul the biometric passport decree
6. Irish Human Rights Commission added to data retention challenge
7. Privacy complaints related to Google's Street View
8. New threats for UK file-sharers
9. Liberty groups win long court battle against UK wiretapping
10. ENDitorial: Massive mobilization against EDVIGE, the new French database
11. Recommended Reading
12. Agenda
13. About

============================================================
1. Vote in the EP committees on the Telecom Package
============================================================

The IMCO (Internal Market Committee) and ITRE (Committee on Industry,
Research and Energy) committees of the European Parliament (EP) adopted on
the 7 July 2008 the Telecom package, including the amendments that were
considered by some NGOs as endangering the principle of the neutrality of
the Internet.

One of the MEPs supervising the Telecom package, including the amendments to
the five directives that should reform the EU legal framework on electronic
communications has explained that the vote on these amendments had nothing
to do with copyright enforcement: "There has been a great deal of dismay in
the committee at the interpretation being put on these amendments.(...) The
interpretation of them is alarmist and scare-mongering and deflects from the
intention which was to improve consumers' rights." declared MEP Malcolm
Harbou for BBC.

But the NGOs supported their initial comments that the present adopted texts
could open the way to the regulation of users via the Internet Service
Providers under the control of national regulators.  They also praised
the civic response to their campaign that has reached some MEPs, who
highlighted part of the problematic amendments in the Telecom Package during
the EP committees debates.

Other privacy issues related with the management of traffic data has created
problems within the IMCO committee that should have included the opinion
from the Civil Rights Committee (LIBE). But the Socialist and Green MEPs
from the IMCO committee did not back up the suggestion of the LIBE committee
to allow the processing of electronic traffic data by "any natural or legal
person".

Other discussions in the ITRE committee of the EP rejected the idea of a
unique EU telecom authority and suggested instead a new group called Body of
European Regulators in Telecoms (BERT), formed by the 27 national regulatory
authorities.

ITRE committe backed up the proposals to enhance the use of radio
frequencies, but demanded several safeguards on media pluralism, public
interest or emergency services.

The final vote on the Telecom package was initially planned on 2 September,
but since it is clear that there will be some debates on the above-mentioned
topics, the vote was delayed for the session starting on 22 September.

MEPs back contested telecoms plan (8.07.2008)
http://news.bbc.co.uk/2/hi/technology/7495085.stm

The "Telecoms Package": out of the shadows, into the light (10.07.2008)
http://www.laquadrature.net/en/the-%E2%80%9Ctelecoms-package%E2%80%9D-out-shadow\
s-light

MEPs discard plan for single EU telecoms watchdog (9.07.2008)
http://www.euractiv.com/en/infosociety/meps-discard-plan-single-eu-telecoms-watc\
hdog/article-174068

EU Parliament split over electronic data protection (10.07.2008)
http://www.euractiv.com/en/infosociety/eu-parliament-split-electronic-data-prote\
ction/article-174108?Ref=RSS

EDRi-gram: Control on Internet users pushed with the new telecom package
(2.08.2008)
http://www.edri.org/edrigram/number6.13/telecom-package-internet

============================================================
2. Dutch University sued to stop publishing research on chip technology
============================================================

Dutch chipmaker NXP Semiconductors has sued the Dutch Computer Security
Group of Radboud University in Nijmege in order to stop the publication of
research results showing security flaws in NXP's Mifare Classic wireless
smart cards used in transit and building entry systems around the world.

The technology is used for the transit system in The Netherlands, in the
subway systems in London, Hong Kong and Boston, as well as in cards for
accessing buildings and facilities, covering 80 percent of the market.

The security researchers of the Dutch university have checked the Mifare
system used with Oyster cards for transport in London and recently succeeded
in cracking the encryption on a card and clone it. They added credit to it
and moved freely around London's Underground network.

According to Dr. Bart Jacobs, professor of computer security at the
university, by using a computer and an RFID reader, in just a few seconds,
the Oyster card's encryption can be cracked. "We need to eavesdrop on the
communication between a card and a card reader. From that communication we
can deduce secret cryptographic keys that are used to protect the contents
of the card. Once we have the keys we 'own' the card and can manipulate it
as we like" said Jacobs.

The University issued a statement in March this year saying: "Because some
cards can be cloned, it is in principle possible to access buildings and
facilities with a stolen identity. This has been demonstrated on an actual
system." Jacobs demonstrated how the London transit system can be used for
free. He obtained the key used by the London transit system then he passed
by passengers carrying Oyster cards and was able to collect their card
information on his laptop and make a clone of it. The scientist has given
NXP the opportunity to fix the security problems waiting with the
publication and presentation of the results for some time but as NXP did not
solve the issue decided to go on with the university plans of publishing the
research.

The Dutch university's research builds upon Karsten Nohl's work, a graduate
student of the University of Virginia, and expert on the security for NXP.
"NXP has had half a year now to inform about the lack of security in their
product, but instead they have used the best part of that to dismiss our
research, dismiss the Dutch group's research, and to claim that everything
is purely theoretical. So, if anything, NXP has invoked this type of public
demonstration, since they have often claimed that 'yes in theory it may be
insecure but in practice it isn't'. So had they not kept up the
disinformation that (the Mifare could actually be secure) nobody would have
paid attention to the Dutch group actually hacking the Oyster card" stated
Nohl.

The Computer Security Group publication comes during a long and heated
public debate in the Dutch parliament and the media on the merits of large
scale computer systems, their quality and security standards and the
government's capacity to manage these kind of projects. The publication of
the University research may be essential for this debate.

The Dutch court decision is expected on 17 July 2008.

Censoring Dutch Academia: Computer Security Scholars taken to Court
(8.07.2008)
http://www.jorisvanhoboken.nl/?p=173

Dutch chipmaker sues to silence security researchers (9.07.2008)
http://news.cnet.com/8301-10784_3-9985886-7.html?hhTest=1

Has London's Oyster travelcard system been cracked? (26.06.2008)
http://www.guardian.co.uk/technology/2008/jun/26/hitechcrime.oystercards

Cryptoanalysis of Crypto-1
http://www.cs.virginia.edu/~kn5f/pdf/Mifare.Cryptanalysis.pdf

Security Flaw in Mifare Classic - press release Digital Security group,
Radboud University Nijmegen (12.03.2008)
http://www.ru.nl/english/general/radboud_university/vm/security_flaw_in/

London transit cards cracked and cloned (26.06.2008)
http://news.cnet.com/8301-10789_3-9978486-57.html?hhTest=1

NXP sues academic research team - what are they afraid of? (10.07.2008)
http://www.thetechherald.com/article.php/200828/1463/

============================================================
3. Russian blogger sentenced for comments on the blog
============================================================

On 7 July 2008, a Russian blogger was sentenced to one year suspended jail
after having been found guilty of "inciting hatred and enmity" for a comment
left on a LiveJournal weblog.

According to Kommersant newspaper, the young blogger Savva Terentiev was
saying on the blog that "Those who become cops are scum," and calling for
officers to be put on a bonfire. For his alleged offence, inciting hatred
and denigrating the human dignity of a social group, the prosecutors were
asking for a significant fine and two years behind bars, which seemed
excessive. During the trial, Terentyev referred to his statements on the
blog that corrupt cops should burned in Auschwitz-like ovens as "hyperbole
and exaggeration," and apologized to concentration camp victims and the
police officers he might have "involuntarily hurt with the contested
commentary." The final court decision was to sentence the blogger to one
suspended jail year.

Free speech campaigners are concerned about the fact that the ruling might
create a dangerous precedent for free speech on the Internet, especially in
Russia where the mainstream traditional media is biased in favour of the
authority.

"This was an absolutely unjustified verdict. (...) Savva for sure wrote a
rude comment ... but this verdict means it will be impossible to make rude
comments about anybody" told Alexander Verkhovsky, director of the SOVA
centre in Moscow, a non-governmental group that monitors extremism, to
Reuters agency.

Recently, the Russian President Dmitry Medvedev has expressed his views on
the freedom of speech saying Russia should use a light touch when policing
the Internet."Thank God we live in a free society. (...) It's possible to go
on to the Internet and get basically anything you want. In that regard,
there are no problems of closed access to information in Russia today, there
weren't any yesterday and there won't be any tomorrow," he said last month
in an interview with Reuters.

Russian blogger sentenced for "extremist" post (7.07.2008)
http://uk.news.yahoo.com/rtrs/20080707/tot-uk-russia-blogger-566e283.html

Russian Blogger Sentenced Over LiveJournal Comment (7.07.2008)
http://www.theotherrussia.org/2008/07/07/russian-blogger-sentenced-over-livejour\
nal-comment/

EDRi-gram: More control over the Internet wanted in Russia (7.05.2008)
http://www.edri.org/edrigram/number6.9/internet-control-russia

============================================================
4. Copiepresse attacks EC for copyright infringement, but gets dismissed
============================================================

The Belgium newspaper Association Copiepresse has initiated a legal
complaint against the European Commission (EC) arguing that it infringes its
copyright through the NewsBrief and NewsExplorer aggregation services.

Copiepresse became famous for its copyright suit against Google and other
search engines claiming copyright infringement over the aggregation services
done by the search engines. The association has initiated a new action in
the Belgian Court of Seizures considering that the European Commission is
counterfeiting its member's news articles by using small part of them in
order to prepare a news collation marketed as NewsBrief and NewsExplorer.

The Belgium Court rejected the Copiepresse claim, confirming the EC opinion
that the competent courts on the matter are the European Courts.

Copiepresse announced that they wouldn't appeal the decision, claiming
"startegic reasons" and explaining that they just wanted to get the EC out
in the open, since they didn't reply to any message on the topic. But at the
same time the Association announced that they would continue the case in the
Bruxelles civil court, where an action of cease&desist has already been
introduced.

The European Commission representatives claimed in court that its services
are just press reviews, that fall under the exemptions from the copyright
law protection.

The judge initially ordered a judicial expertise in order to gather more
technical information about how the site was built, but then he dismissed
this evidence and took his decisions only on jurisdictional grounds.

Copiepresse sues the European Commission to the civil court (only in French,
27.06.2008)
http://www.actu24.be/article/regions/regionbruxelles/infosbxl/copiepresse_poursu\
it_la_commission_europeenne_devant_le_trib_civil/162754.aspx

Belgian press beef with EU beaten in Belgian court (1.07.2008)
http://www.theinquirer.net/gb/inquirer/news/2008/07/01/copiepresse-slapped-eu-co\
urt

Belgian agency to sue European Commission again over news aggregator
(2.07.2008)
http://www.out-law.com/page-9227

EDRi-gram: Belgium newspaper group continues its actions against search
engines (25.10.2006)
http://www.edri.org/edrigram/number4.20/belgium

============================================================
5. Complaint against the French govt to annul the biometric passport decree
============================================================

Two French associations, EDRi-member Imaginons un riseau internet solidaire
(IRIS) and Ligue des droits de l'Homme (LDH), have filed a complaint
against the French government before the highest administrative Court. They
ask the French Conseil d'Itat to annul the decree issued on 30 April 2008 by
the French government on biometric passports.

The associations consider the decree had been issued under an irregular
procedure by  publishing the Opinion in the Official Journal 6 days after
the decree had been published, instead of presenting them at the same time,
as required by law.

The provisions of the decree stipulate the collection of eight fingerprints
for passport applicants starting with 6 years old children and the creation
of a central biometric database for retaining and processing the collected
data.

IRIS and LDH argue that the nature, the quantity and the retaining period of
these data in a central database are disproportionate with regards to the
decree's objectives, which remain the same as in the previous passport
decree of December 2005, where fingerprints were not required. Moreover,
they believe that the decree is violating the national as well as
international legislation regarding the protection of the personal data. It
also violates international legislation related to children.

The two associations link the requirements of this decree to the provisions
of the draft law on biometric ID cards currently being prepared. They state
that, if the decree is not annulled, the government would, under the pretext
of more easily issuing identity cards and passports, influence the debate in
the French Parliament on the biometric identity card project.
.
Biometric passport : IRIS and LDH ask the State Council to annul the decree
(only in French, 4.07.2008)
http://www.iris.sgdg.org/info-debat/comm-passeport0708.html

Common Press Release - IRIS and LDH (only in French, 4.07.2008)
http://www.iris.sgdg.org/info-debat/recours-passeport0708.pdf

Text of the legal complaint (only in French 4.07.2008)
http://www.iris.sgdg.org/info-debat/recours-passeport0708.pdf

EDRIgram: The French Government goes against CNIL in biometric passports
(21.05.2008)
http://www.edri.org/edrigram/number6.10/cnil-biometric-passports

============================================================
6. Irish Human Rights Commission added to data retention challenge
============================================================

The High Court in Dublin has allowed the Irish Human Rights Commission to
become a party to the data retention challenge being brought by Digital
Rights Ireland. The Human Rights Commission, which is a state body, will be
an amicus curiae (friend of the court) with the ability to make submissions
about the fundamental rights implications of data retention. The Chief
Executive of the Commission Iamonn Mac Aodha stated:

"This case raises important issues about the extent to which laws and
measures governing the monitoring of one's private life by the State in
pursuit of tackling crime possess sufficient human rights safeguards". Mr
MacAodha continued "one of the priorities of the IHRC is to address
potential threats to human rights that may emerge with developments in
communications technology such as in the present case where issues of
individual security and privacy are raised."

Irish Human Rights Commission given permission to appear in DRI action
(4.07.2008)
http://www.digitalrights.ie/2008/07/04/irish-human-rights-commission-given-permi\
ssion-to-appear-in-dri-action/

IHRC granted leave to appear in Data Protection Case in the High Court
(1.07.2008)
http://www.ihrc.ie/home/wnarticle.asp?NID=200&T=N&Print

(Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland)

============================================================
7. Privacy complaints related to Google's Street View
============================================================

Privacy International has complained to the Information Commissioner's
Office (ICO) against Google's Street View cars, which grab real photographs
of streets and people, that get loaded into Google Maps.

Street View distinctive cars have been recently spotted on London. The
system allows Google's users to view 360 degree photographs of streetscapes
in towns and cities that have been catalogued by Google cameras.

Privacy International has expressed its reservations towards Google's
practice in a letter sent to the company: "You may be aware that Privacy
International has stated, both privately to Google legal staff and to the
media, that we are concerned about a number of potential violations of
national law that this technology may create," said the letter signed by
director Simon Davies.

Google had stated the company had implemented a technology that would blur
faces and vehicle number plates allowing at the same time high quality
images. Google's senior privacy counsel Jane Horvath  had answered to Davies
explaining that the face and number plate blurring technology had been in
place since May. "As with all such systems operating at this scale our
blurring technology is not perfect - we occasionally miss a face or license
plate, for example if they are partially covered, or at a difficult angle.
(...) However, we tested the technology thoroughly before launch and I am
confident that it finds and blurs the vast majority of identifiable faces
and license plates. For the few that we miss, the tools within the product
make it easy for users to report a face or license plate for extra blurring.
As always, users can still ask for their image to be removed from the
product entirely" said Horvarth.

In its letter, Privacy International was asking from Google to provide,
within seven days, technical specifications of the blurring technology used,
otherwise it would have to make a complaint to ICO. Having not received the
required information, the privacy group placed the complaint which was
confirmed by a spokeswoman for ICO: "Yes, we have received a complaint about
this and we are looking into it. We are contacting Google to get more
details of the scheme" said the spokeswoman to The Register.

This comes at a time when ICO asks for changes to European data protection
laws to keep up with changing technology. "European data protection law is
increasingly seen as out of date, bureaucratic and excessively prescriptive.
It is showing its age and is failing to meet new challenges to privacy, such
as the transfer of personal details across international borders and the
huge growth in personal information online. (...)"It is high time the law is
reviewed and updated for the modern world." said Richard Thomas, UK ICO. The
ICO has hired RAND Corporation to review European data protection laws for
possible reforming.

Some recent rulings of the Court of Appeal might be to Google's advantage.
"If the photographs had been taken to show the scene in a street by a
passer-by and later published as street scenes, that would be one thing, but
they were not taken as street scenes but were taken deliberately, in secret
and with a view to their subsequent publication," said Lord Hope in one of
his ruling.

On the other hand, while reluctant for some time, giving in to privacy
advocates' pressure, Google has added a link to its privacy policy from its
front page. Google home page contains now the word 'privacy' near the
bottom, beside the copyright notice. The word is a link to a page containing
all Google's privacy information.

Google's spycar revs up UK privacy fears (7.07.2008)
http://www.theregister.co.uk/2008/07/07/google_spycar_slammed/

Privacy group protests about Street View, but Google says blurring protects
privacy (7.07.2008)
http://www.out-law.com/page-9239

Google's controversial Street View hits the UK (3.07.2008)
http://www.out-law.com/page-9233

Google bows to pressure, adds privacy link to home page (7.07.2008)
http://www.out-law.com/page-9237

Google, privacy and Street View (4.07.2008)
http://www.bbc.co.uk/blogs/technology/2008/07/google_privacy_and_street_view.htm\
l

EDRIgram - Google StreetView might breach EU laws (21.05.2008)
http://www.edri.org/edrigram/number6.10/google-streetview-eu

============================================================
8. New threats for UK file-sharers
============================================================

After the letters sent from Virgin Media to its customers on alleged
file-sharing activities, British Telecom (BT), the UK's largest broadband
provider, has started a similar activity.

The Register has received information from one of the BT subscribers that
has received such a letter from the Customer Security Team
stating: ""I have received a complaint regarding one of our customers
offering copyrighted material over the internet. On investigation, I have
found that your account was used to make this offer."

The letter contained evidence put forward by BPI, that was shared by BT with
its customer and consisted, in this case, of the P2P programme Ares user
agent, a time stamp, a file name and an IP address. The letter provided
information on how to secure their WiFi connection, but also threaten with
disconnection if similar activities continued: "Sorry, but we're obliged to
point out that further similar problems may have to lead to the termination
of your account, as such activity contravenes BT's Acceptable Use Policy."

More aggressive threats have been reported being sent by Virgin Media to
approx 800 subscribers with the following text on the envelope: "Important.
If you don't read this, your broadband could be disconnected". Virgin Media
spokeswoman claimed that the text was a mistake and explained that this was
part of an education campaign: ""We are not accusing our customers of doing
anything, we are alerting them to the fact that illegal file sharing has
been tracked to their account. This could have been someone else in the
house or an unsecured wireless network. This is an education campaign."

In sending these letters, the ISPs do not share confidential information
with BPI and do not monitor their users, but only receive from the BPI
investigators the collected IP addresses of the customers having
participated in alleged p2p copyrighted material sharing. The ISP identifies
the exact individual and sends him (her) the template letter.

Even though the BPI campaign has attracted two of the major British ISPs in
this "education campaign", other ISPs have promptly rejected such
collaboration. Carphone Warehouse make it clear that they just give access
to Internet:
"We are the conduit that gives users access to the internet. We do not
control the internet, nor do we control what our users do on the internet. I
cannot foresee any circumstances in which we would voluntarily disconnect a
customer's account on the basis of a third party alleging a wrongdoing",
said Charles Dunstone, the chief executive of Carphone Warehouse, to BBC.

Virgin admits disconnection threat mistake (3.07.2008)
http://www.out-law.com/page-9235

We won't cut off users, says Virgin (3.07.2008)
http://www.guardian.co.uk/technology/2008/jul/03/virgin.filesharers

Virgin warns 800 punters for file-sharing (3.07.2008)
http://www.theregister.co.uk/2008/07/03/virgin_letters_numbers/

BT starts threatening music downloaders with internet cut-off (26.06.2008)
http://www.theregister.co.uk/2008/06/26/bt_bpi_letter/

EDRi-gram: British ISPs warn Internet downloaders on the risk of being
prosecuted (18.06.2008)
http://www.edri.org/edrigram/number6.12/british-isp-virgin-letters

============================================================
9. Liberty groups win long court battle against UK wiretapping
============================================================

After nine years of legal battle by civil rights groups in London and
Dublin, the European Court of Human Rights ruled on 1 July 2008 that UK
Government had violated Human Rights by tapping their communications
between 1990 and 1997.

Liberty groups, along with British Irish Rights Watch and the Irish Council
for Civil Liberties, have claimed their communications were subject to
indiscriminate surveillance by MoD's Electronic Test Facility that had
eavesdropped on their phone, fax, email and data communications between 1990
and 1997.

After having first lodged complaints with the UK's Interception of
Communications Tribunal, the DPP and the Investigatory Powers Tribunal
without results because the local courts ruled "there was no contravention
to the Interception of Powers Act 1985". Finally, the groups obtained the
European Human Rights Court ruling that the UK had violated article 8 of the
European Convention on Human Rights providing the right to respect for
private and family life and correspondence.

The court found that the 1985 Act has given the UK government "virtually
unlimited" discretion to intercept communications between the UK and an
external receiver, as well as "wide discretion" to decide which
communications were listened to or read. The government had guidelines to
ensure a "safeguard against abuse of power", but the UK's 1985 interception
law "had not indicated with sufficient clarity... the scope or manner of the
exercise of the very wide discretion of the conferred on the State to
intercept and examine external communications" so as to guard against abuse
of power.

For 10 years now, the 1985 Act has been replaced by RIPA which has the same
objective to detect terrorism and serious crime but it is mostly applied by
local councils for minor infringements.

The court ruled that procedures regarding the use and storage of intercepted
material should be established so as to make these procedures more
transparent for the public. "While secret surveillance is a valuable tool,
the mechanisms for intercepting our telephone calls and emails should be as
open and accountable as possible, and should ensure proportionate use of
very wide powers" said Alex Gask, Liberty's legal officer.

The ruling will have strong implications for UK's present legislation on
phonetapping and interception of communications, and as Mark Kelly, Director
of the Irish Council for Civil Liberties believes, clear implications for
many other member states of the Council of Europe member states, such as
Ireland: "Our lax data interception regime will require a thorough overhaul
in order to ensure that it meets the standards required by the European
Court of Human Rights under Article 8."

Liberty called for an overhaul of RIPA. However, the Home Office stated on 2
July it did not think the ruling had any implications on RIPA and UK's
current legislation covering covert investigations.

Court rules 90s UK.gov wiretaps violated human rights (2.07.2008)
http://www.theregister.co.uk/2008/07/02/echr_ripa_judgement/

Security: UK phonetap laws breach privacy (2.07.2008)
http://www.guardian.co.uk/uk/2008/jul/02/privacy.humanrights

UK surveillance breaches human rights, rules ECHR (2.07.2008)
http://www.out-law.com/page-9228

============================================================
10. ENDitorial: Massive mobilization against EDVIGE, the new French database
============================================================

Remember the movie 'Das Leben der Anderen' (The Lives of Others), where a
Stasi agent was monitoring a playwriter's life? This doesn't translate
anymore in French into 'La vie des autres', but rather into EDVIGE, the name
of a newly created database to be used by French intelligence services and
the administrative police.

EDVIGE will file "individuals, groups, organisations and moral persons
which, due to their individual or collective activity, are likely to attempt
to public order". Not only these persons will be filed (without any offence
committed), but also "those who undertake or have undertaken direct and non
fortuitous relations with them." Filing starts at age 13.

This, clearly, means filing everyone, in view of "informing the government
and the representatives of the State" in any and all French town and region.
In other words, EDVIGE, which has been created by a decree issued on 27 June
2008 in the framework of the merging of two French intelligence services (RG
and DST), is the perfect instrument of a political police.

EDVIGE will contains data on "civil status and occupation; physical
addresses, phone numbers, email addresses; physical characteristics,
photographs and behaviour; identity papers; car plate numbers; fiscal and
patrimonial information; moves and legal history."

As highlighted by lesbians and gays associations, this will include data on
sexual orientation and health, in particular HIV seropositivity. This has
been confirmed by a representative of the Interior ministry, who declared
that "the mention of these data will only be authorised for incidental need
in relation with an activity. In the intelligence field, this mainly means
activism." Moreover, French EDRI member IRIS notes that the inclusion of
"identity papers" in these data is particularly significant in the context
of the newly created French biometric passport including 8 fingerprints and
of the draft law in preparation on biometric ID cards.

A large mobilization against EDVIGE immediately started, with a petition
calling for the withdrawal of this file. This petition is hosted and
maintained by RAS ('Riseau associatif et syndical'), an NGO acting as an ISP
for its members, almost 200 activist NGOs and trade unions, among them EDRI
member IRIS. The petition has already gathered since 10 July 2008 more than
16.000 individual signatures, and more than 170 signatures from
associations, trade unions and political parties from the opposition.
Signatories will organize into a global coordination against the EDVIGE
file, and are preparing various actions starting from next September. In the
mean time, some of these groups will file a complaint against the French
government, requesting the annulment of the EDVIGE decree.

But EDVIGE is not alone. Her twin sister, CRISTINA, has also been created on
the same day. CRISTINA aims at "Centralising inland intelligence for
homeland security and national interests." But that's all that we know about
CRISTINA: using the article 26.III provision of the French Data Protection
Act, the government decided not to publish the decree creating CRISTINA. As
a consequence, the CNIL's opinion on CRISTINA has not been published either,
except to attest that this opinion was "favourable, with reservations."
Actually, the same secret has been observed for 6 other newly created files,
related to inland and foreign intelligence, as well as military services.
Not a good sign for these "Sarkozy's babies."

Decree n0 2008-632 creating EDVIGE file (only in French, 27.06.2008)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=IOCC0815681D

CNIL's opinion on EDVIGE (only in French, 16.06.2008)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=CNIX0816023X

Tjtu: L'Intirieur reconnant qu'+Edvige; sera utilisi pour ficher les
militants (only in French, 12.07.2008)
http://www.tetu.com/rubrique/infos/infos_detail.php?id_news=13236

IRIS: Appel ` signatures : IRIS soutient l'appel pour l'abandon du fichier
EDVIGE (only in French, 11.07.2008)
http://www.iris.sgdg.org/info-debat/comm-edvige0708.html

'Non ` EDVIGE': Petition website, with press releases and press articles
(only in French, since 10.07.2008)
http://nonaedvige.ras.eu.org/

Decree n0 2007-914 of 15 May 2007, as modified by Decree n02008-631 of 27
June 2008 to create CRISTINA and other files (only in French, 01.07.2008
consolidated version)
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000649189&dateT\
exte=20080716

CNIL's opinion on CRISTINA (only in French, 16.06.2008)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=CNIX0816024X

(Contribution by Meryem Marzouki, EDRI-member IRIS- France)

============================================================
11. Recommended Reading
============================================================

UK: Biometrics Assurance Group Annual Report 2007
A government expert group has warned of a 'large impact' on the National
Identity Scheme from those who cannot use fingerprinting, such as many
elderly people.
http://www.ips.gov.uk/passport/downloads/FINAL-BAG-annual-report-2007-v1_0.pdf

============================================================
12. Agenda
============================================================

19-20 July 2008, Stockholm, Sweden
International Association for Media and Communication Research
pre-conference - Civil Rights in Mediatized Societies: Which data privacy
against whom and how ?
http://www.iamcr.org/content/view/301/1/

23-25 July 2008, Leuven, Belgium
The 8th Privacy Enhancing Technologies Symposium (PETS 2008)
http://petsymposium.org/2008/

3-5 September 2008, Prague, Czech Republic
The Third International Conference on Legal, Security and Privacy Issues in
IT
http://www.lspi.net/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/

22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/

24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm

11 October 2008: Europe-wide action day "Freedom not fear"
Protests, demonstrations and activities against the surveillance mania
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

15-17 October 2008, Strasbourg, France
30th International Data Protection and Privacy Conference
http://www.privacyconference2008.org/

20.-21 October 2008, Strasbourg, France
European Dialogue on Internet Governance (EuroDIG)
http://www.eurodig.org/

3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org

10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology, and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference

============================================================
13. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram@...>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request@...
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request@...
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram@...> if you have any problems with subscribing or
unsubscribing

CRYPTO-GRAM

                 July 15, 2008

               by Bruce Schneier
       Chief Security Technology Officer, BT
              schneier@...
             http://www.schneier.com


A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.

You can read this issue on the web at
<http://www.schneier.com/crypto-gram-0807.html>.  These same essays
appear in the "Schneier on Security" blog:
<http://www.schneier.com/blog>.  An RSS feed is available.


** *** ***** ******* *********** *************

In this issue:
      CCTV Cameras
      News
      Kill Switches and Remote Control
      LifeLock and Identity Theft
      Schneier/BT News
      The First Interdisciplinary Workshop on Security and
        Human Behavior
      The Truth About Chinese Hackers
      Man-in-the-Middle Attacks
      Comments from Readers


** *** ***** ******* *********** *************

      CCTV Cameras



Pervasive security cameras don't substantially reduce crime.  There are
exceptions, of course, and that's what gets the press.  Most famously,
CCTV cameras helped catch James Bulger's murderers in 1993.  And earlier
this year, they helped convict Steve Wright of murdering five women in
the Ipswich area.  But these are the well-publicized exceptions.
Overall, CCTV cameras aren't very effective.

This fact has been demonstrated again and again: by a comprehensive
study for the Home Office in 2005, by several studies in the US, and
again with new data announced last month by New Scotland Yard.  They
actually solve very few crimes, and their deterrent effect is minimal.

Conventional wisdom predicts the opposite.  But if that were true, then
camera-happy London, with something like 500,000, would be the safest
city on the planet.  It isn't, of course, because of technological
limitations of cameras, organizational limitations of police and the
adaptive abilities of criminals.

To some, it's comforting to imagine vigilant police monitoring every
camera, but the truth is very different. Most CCTV footage is never
looked at until well after a crime is committed. When it is examined,
it's very common for the viewers not to identify suspects. Lighting is
bad and images are grainy, and criminals tend not to stare helpfully at
the lens. Cameras break far too often. The best camera systems can still
be thwarted by sunglasses or hats.  Even when they afford quick
identification -- think of the 2005 London transport bombers and the
9/11 terrorists -- police are often able to identify suspects without
the cameras. Cameras afford a false sense of security, encouraging
laziness when we need police to be vigilant.

The solution isn't for police to watch the cameras. Unlike an officer
walking the street, cameras only look in particular directions at
particular locations.  Criminals know this, and can easily adapt by
moving their crimes to someplace not watched by a camera -- and there
will always be such places.  Additionally, while a police officer on the
street can respond to a crime in progress, the same officer in front of
a CCTV screen can only dispatch another officer to arrive much later. By
their very nature, cameras result in underused and misallocated police
resources.

Cameras aren't completely ineffective, of course. In certain
circumstances, they're effective in reducing crime in enclosed areas
with minimal foot traffic.  Combined with adequate lighting, they
substantially reduce both personal attacks and auto-related crime in car
parks. And from some perspectives, simply moving crime around is good
enough. If a local Tesco installs cameras in its store, and a robber
targets the store next door as a result, that's money well spent by
Tesco. But it doesn't reduce the overall crime rate, so is a waste of
money to the township.

But the question really isn't whether cameras reduce crime; the question
is whether they're worth it. And given their cost (500 million pounds in
the past 10 years), their limited effectiveness, the potential for abuse
(spying on naked women in their own homes, sharing nude images, selling
best-of videos, and even spying on national politicians) and their
Orwellian effects on privacy and civil liberties, most of the time
they're not. The funds spent on CCTV cameras would be far better spent
on hiring experienced police officers.

We live in a unique time in our society: the cameras are everywhere, and
we can still see them. Ten years ago, cameras were much rarer than they
are today.  And in 10 years, they'll be so small you won't even notice
them.  Already, companies like L-1 Security Solutions are developing
police-state CCTV surveillance technologies like facial recognition for
China, technology that will find their way into countries like the UK.
The time to address appropriate limits on this technology is before the
cameras fade from notice.

CCTV research:
http://electronics.howstuffworks.com/police-camera-crime1.htm
http://www.scotcrim.u-net.com/researchc2.htm
http://news.bbc.co.uk/1/hi/uk/2192911.stm
http://www.homeoffice.gov.uk/rds/pdfs05/hors292.pdf
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/08/14/MNIPRHRPE.DTL
or http://tinyurl.com/688f76
http://www.temple.edu/cj/misc/PhilaCCTV.pdf
http://archives.cnn.com/2002/LAW/10/21/ctv.cameras/
http://www.guardian.co.uk/uk/2008/may/06/ukcrime1

London's cameras:
http://www.channel4.com/news/articles/society/factcheck+how+many+cctv+cameras/22\
91167
or http://tinyurl.com/65vwq8
http://www.ico.gov.uk/upload/documents/library/data_protection/practical_applica\
tion/surveillance_society_full_report_2006.pdf
or http://tinyurl.com/ya76db

CCTV abuses:
http://news.bbc.co.uk/2/hi/uk_news/england/merseyside/4609746.stm
http://www.timesonline.co.uk/tol/news/uk/article743391.ece
http://news.bbc.co.uk/2/hi/europe/4849806.stm

Orwellian cameras:
http://wuntvor.mirror.waffleimages.com/files/44/44cb4b91287cfcd8111d471867502a3c\
ac861ab0.jpg
or http://tinyurl.com/3l8jtk
http://lifeandhealth.guardian.co.uk/family/story/0,,2280044,00.html

Privacy concerns:
http://epic.org/privacy/surveillance/
http://www.aclu.org/privacy/spying/14863res20020225.html

Surveillance in China:
http://www.rollingstone.com/politics/story/20797485/chinas_allseeing_eye
or http://tinyurl.com/5zwc5w

A rebuttal:
http://www.guardian.co.uk/commentisfree/2008/jul/03/ukcrime.civilliberties
or http://tinyurl.com/66ryhp

Commentary:
http://gritsforbreakfast.blogspot.com/2008/07/schneier-nows-time-to-limit-cctv-w\
aste.html
or http://tinyurl.com/6jsexf

More good survey articles:
http://ipvideomarket.info/review/show/145
http://gritsforbreakfast.blogspot.com/2008/07/cctv-proponents-should-abandon-cla\
ims.html
or http://tinyurl.com/5erp65

This essay was previously published in The Guardian.
http://www.guardian.co.uk/technology/2008/jun/26/politics.ukcrime


** *** ***** ******* *********** *************

      News



The Storm worm is being used to sell pharmaceuticals such as Viagra.
http://www.darkreading.com/document.asp?doc_id=156139&WT.svl=news1_1
http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html

I've never figured out the fuss over ransomware.  Yes, it encrypts your
data and charges you money for the key.  But how is this any worse than
the old hacker viruses that put a funny message on your screen and
erased your hard drive? The single most important thing any company or
individual can do to improve security is have a good backup strategy.
It's been true for decades, and it's still true today.
http://blogs.computerworld.com/ransomware_malware_armageddon_approaches
or http://tinyurl.com/6bf7lm

Magnetic ring attack on electronic locks: impressive.
http://www.toool.nl/blackbag/?p=204

A great "security through obscurity" story, about a collection of coins
and currency worth hundreds of millions of dollars being moved without a
whole lot of security:
http://www.schneier.com/blog/archives/2008/06/security_throug_1.html

It's possible to eavesdrop on encrypted compressed voice, at least a
little bit, through traffic analysis:
http://technology.newscientist.com/channel/tech/dn14124-compressed-web-phone-cal\
ls-are-easy-to-bug.html
or http://tinyurl.com/3u7j6b

A Jura F90 Coffee Machine can be hacked remotely over the Internet.
http://www.securityfocus.com/archive/1/493387

A runner-up in last year's Underhanded C Contest was a flawed
implementation of RC4 that, after some use, just passed plaintext
through unencrypted.  Plausibly deniable, and very clever.
http://underhanded.xcott.com/?page_id=9

Dilbert on workplace surveillance:
http://dilbert.com/strips/comic/2008-06-20/

New technology to detect chemical, biological, and explosive agents.
https://publicaffairs.llnl.gov/news/news_releases/2007/NR-07-03-07.html
or http://tinyurl.com/54rmk4

Swimming pools around Shanghai are examining liquids by smelling them.
This liquid ban has gotten weirder.
http://www.reuters.com/article/oddlyEnoughNews/idUSPEK18633820080620

A new study claims that insiders aren't the main threat to network
security.  The whole insiders vs. outsiders debate has always been one
of semantics more than anything else.  If you count by attacks, there
are a lot more outsider attacks, simply because there are orders of
magnitude more outsider attackers.  If you count incidents, the numbers
tend to get closer: 75% vs. 18% in this case.  And if you count damages,
insiders generally come out on top -- mostly because they have a lot
more detailed information and can target their attacks better.  Both
insiders and outsiders are security risks, and you have to defend
against them both.  Trying to rank them isn't all that useful.
http://www.pcworld.com/businesscenter/article/147098/insider_threat_exaggerated_\
study_says_.html
or http://tinyurl.com/5dmfde

Confused security reasoning by Toronto Mayor David Miller: "'In a day
when you can't bring a large tube of toothpaste on a plane how can you
allow guns to wander through Union Station, the biggest transit hub in
Canada?' he asked his colleagues on city council."  By that logic, I
think we can ban anything from anywhere.
http://toronto.ctv.ca/servlet/an/local/CTVNews/20080623/gun_violence_080623/2008\
0623/?hub=TorontoNewHome
or http://tinyurl.com/6dqbco

UK teens are using Google Earth to find swimming pools they can crash.
How long before someone finds a more serious crime that can be aided by
Google Earth?
http://www.reghardware.co.uk/2008/06/18/tech_aids_pool_crashing/

I've seen the IR screening guns at several airports, primarily in Asia.
The idea is to keep out people with bird flu, or whatever the current
fever scare is.  This essay explains why it won't work:
http://scienceblogs.com/effectmeasure/2008/06/why_fever_screening_at_airport.php
or http://tinyurl.com/69tht2

Carrier pigeons bringing contraband into prisons in Brazil:
http://news.bbc.co.uk/1/hi/world/americas/7472537.stm
I think this is the first security vulnerability found in RFC 1149:
"Standard for the transmission of IP datagrams on avian carriers." Deep
packet inspection seems to be the only way to prevent this attack,
although adequate fencing will prevent the protocol from running in the
first place.
http://www.faqs.org/rfcs/rfc1149.html

Top ten anti-terrorism patents -- not a joke.  My favorite is the
airplane trap door.
http://www.neatorama.com/2008/06/27/top-10-strangest-anti-terrorism-patents/
or http://tinyurl.com/5sct5d

The Pentagon is consulting social scientists on security.  The article
talks a lot about potential conflicts of interest and such, and less on
what sorts of insights the social scientists can offer.  I think there
is a lot of potential value here.
http://www.nytimes.com/2008/06/18/arts/18minerva.html

One, possibly the only, writer of the Nugache worm was arrested in
Wyoming.  The 19-year-old will plead guilty.
http://blog.wired.com/27bstroke6/2008/06/hacker-launches.html
http://www.jacksonholestartrib.com/articles/2008/06/30/news/wyoming/doc48656c8a9\
3378754215938.txt
or http://tinyurl.com/4obdmo

It's been a while since I've written about electronic voting machines,
but Dan Wallach has an excellent blog post about the current line of
argument from the voting machine companies and why it's wrong.
http://www.freedom-to-tinker.com/?p=1304

This paper measures insecurity in the global population of browsers,
using Google's web server logs.  Why is this important?  Because
browsers are an increasingly popular attack vector.  The results aren't
good.
http://www.techzoom.net/publications/insecurity-iceberg/index.en
http://www.ofcourseimright.com/?p=29

Random stupidity in the name of terrorism, part one:  An air traveler in
Canada is first told by an airline employee that it is "illegal" to say
certain words, and then that if she raised a fuss she would be falsely
accused.
http://www.theglobeandmail.com/servlet/story/RTGAM.20080627.blatch28/BNStory/spe\
cialComment/home
or http://tinyurl.com/6b927p

Random stupidity in the name of terrorism, part two:  A British man is
forced to give up his hobby of photographing buses because he's being
harassed too often.
http://www.theregister.co.uk/2008/06/24/bus_spotter_clampdown/

Random stupidity in the name of terrorism, part three:  Israelis label a
random homicidal Palestinian nut a terrorist:
http://www.cnn.com/2008/WORLD/meast/07/02/israel.bulldozer/

Random stupidity in the name of terrorism, part four:  New Jersey public
school locked down after someone saw a ninja.  Turns out the ninja was
actually a camp counselor dressed in black karate garb and carrying a
plastic sword.
http://www.boston.com/news/odd/articles/2008/06/25/school_locked_down_after_ninj\
a_sighted_in_woods/
or http://tinyurl.com/6h84n2

A fine newspaper headline: "Giraffe helps camels, zebras escape from
circus."
http://ap.google.com/article/ALeqM5h1AqbvSMYPxJrla6-Fgym8WIzEsgD91KNJD00
or http://tinyurl.com/5egkud

The U.K. is learning that encrypting disks means that you don't have to
worry if they're lost.
http://www.schneier.com/blog/archives/2008/07/encrypting_disk.html

Time bomb neckties.  Not to be worn at airports.
http://www.etsy.com/view_listing.php?listing_id=12792904

Automatic profiling is useless:
http://www.theregister.co.uk/2008/06/24/home_office_passenger_profiling/
or http://tinyurl.com/5p9e6n

The U.S. wants to do it anyway: "The Justice Department is considering
letting the FBI investigate Americans without any evidence of
wrongdoing, relying instead on a terrorist profile that could single out
Muslims, Arabs or other racial or ethnic groups."
http://www.usatoday.com/news/washington/2008-07-02-terror-profiling_N.htm
or http://tinyurl.com/5nvlt5
I've written about profiling before:
http://www.schneier.com/blog/archives/2005/07/profiling.html

These are sunglasses that hide your face from cameras.  It's either real
or a hoax, I can't tell which.
http://www.hackaday.com/2008/06/27/anti-paparazzi-sunglasses/
http://www.abrutis.com/video-lunettes+anti+paparazzi-11937.html

In a continued cheapening of the word "terrorism," the Premier of New
South Wales called a potential rail-worker strike "industrial terror
tactics."  Terrorism is a heinous crime, and a serious international
problem.  It's not a catchall word to describe anything you don't like
or don't agree with, or even anything that adversely affects a large
number of people.  By using the word more broadly than its actual
meaning, we muddy the already complicated popular conceptions of the
issue.  The word "terrorism" has a specific meaning, and we shouldn't
debase it.
http://www.news.com.au/story/0,23599,23981698-421,00.html

George Carlin on airport security, filmed before 9/11.
http://www.youtube.com/watch?v=KBxzvSbGJ2w

Petty thieves are exploiting the "war on photography" to steal memory cards:
http://www.schneier.com/blog/archives/2008/07/exploiting_the.html

Great essay on TSA stupidity:
http://www.schneier.com/blog/archives/2008/07/good_essay_on_t_1.html

Security cartoon on password guessing:
http://www.cartoonbank.com/product_details.asp?mscssid=QCH1RR81LSM79KXHUFAC1SUSE\
8V18VU3&sitetype=1&did=4&sid=125244
or http://tinyurl.com/59p9mc

Daniel Solove on the new FISA law:
http://www.concurringopinions.com/archives/2008/07/the_new_foreign.html

Using a file erasure tool is considered suspicious:
http://www.latimes.com/technology/la-fi-consumer6-2008jul06,0,325447.story

Unbreakable fighting umbrellas.
http://blog.wired.com/gadgets/2008/07/unbreakable-fig.html
Be sure to watch the video.


** *** ***** ******* *********** *************

      Kill Switches and Remote Control



It used to be that just the entertainment industries wanted to control
your computers -- and televisions and iPods and everything else -- to
ensure that you didn't violate any copyright rules. But now everyone
else wants to get their hooks into your gear.

OnStar will soon include the ability for the police to shut off your
engine remotely. Buses are getting the same capability, in case
terrorists want to re-enact the movie Speed. The Pentagon wants a kill
switch installed on airplanes, and is worried about potential enemies
installing kill switches on their own equipment.

Microsoft is doing some of the most creative thinking along these lines,
with something it's calling "Digital Manners Policies." According to its
patent application, DMP-enabled devices would accept broadcast "orders"
limiting their capabilities. Cell phones could be remotely set to
vibrate mode in restaurants and concert halls, and be turned off on
airplanes and in hospitals. Cameras could be prohibited from taking
pictures in locker rooms and museums, and recording equipment could be
disabled in theaters. Professors finally could prevent students from
texting one another during class.

The possibilities are endless, and very dangerous. Making this work
involves building a nearly flawless hierarchical system of authority.
That's a difficult security problem even in its simplest form.
Distributing that system among a variety of different devices --
computers, phones, PDAs, cameras, recorders -- with different firmware
and manufacturers, is even more difficult. Not to mention delegating
different levels of authority to various agencies, enterprises,
industries and individuals, and then enforcing the necessary safeguards.

Once we go down this path -- giving one device authority over other
devices -- the security problems start piling up. Who has the authority
to limit functionality of my devices, and how do they get that
authority? What prevents them from abusing that power? Do I get the
ability to override their limitations? In what circumstances, and how?
Can they override my override?

How do we prevent this from being abused? Can a burglar, for example,
enforce a "no photography" rule and prevent security cameras from
working? Can the police enforce the same rule to avoid another Rodney
King incident? Do the police get "superuser" devices that cannot be
limited, and do they get "supercontroller" devices that can limit
anything? How do we ensure that only they get them, and what do we do
when the devices inevitably fall into the wrong hands?

It's comparatively easy to make this work in closed specialized systems
-- OnStar, airplane avionics, military hardware -- but much more
difficult in open-ended systems. If you think Microsoft's vision could
possibly be securely designed, all you have to do is look at the dismal
effectiveness of the various copy-protection and
digital-rights-management systems we've seen over the years. That's a
similar capabilities-enforcement mechanism, albeit simpler than these
more general systems.

And that's the key to understanding this system. Don't be fooled by the
scare stories of wireless devices on airplanes and in hospitals, or
visions of a world where no one is yammering loudly on their cell phones
in posh restaurants. This is really about media companies wanting to
exert their control further over your electronics. They not only want to
prevent you from surreptitiously recording movies and concerts, they
want your new television to enforce good "manners" on your computer, and
not allow it to record any programs. They want your iPod to politely
refuse to copy music to a computer other than your own. They want to
enforce *their* legislated definition of manners: to control what you do
and when you do it, and to charge you repeatedly for the privilege
whenever possible.

"Digital Manners Policies" is a marketing term. Let's call this what it
really is: Selective Device Jamming. It's not polite, it's dangerous. It
won't make anyone more secure -- or more polite.

Kill switches:
http://www.informationweek.com/news/mobility/showArticle.jhtml?articleID=2024009\
22
or http://tinyurl.com/6jy2ac
http://www.nypost.com/seven/06082008/news/regionalnews/busting_terror_114567.htm
or http://tinyurl.com/5p5kaj
http://blog.wired.com/defense/2008/06/the-pentagons-n.html
http://spectrum.ieee.org/may08/6171

Digital Manners Policies:
http://arstechnica.com/news.ars/post/20080611-microsoft-patent-brings-miss-manne\
rs-into-the-digital-age.html
or http://tinyurl.com/449bcc
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=\
%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220080125102%22.PGNR.&OS=DN/2\
0080125102&RS=DN/20080125102
or http://tinyurl.com/68thpf

This essay originally appeared in Wired.com.
http://www.wired.com/politics/security/commentary/securitymatters/2008/06/securi\
tymatters_0626
or http://tinyurl.com/4htrb4


** *** ***** ******* *********** *************

      LifeLock and Identity Theft



LifeLock, one of the companies that offers identity-theft protection in
the United States, has been taking quite a beating recently. They're
being sued by credit bureaus, competitors and lawyers in several states
that are launching class action lawsuits. And the stories in the media
... it's like a piranha feeding frenzy.

There are also a lot of errors and misconceptions. With its aggressive
advertising campaign and a CEO who publishes his Social Security number
and dares people to steal his identity -- Todd Davis, 457-55-5462 --
LifeLock is a company that's easy to hate. But the company's story has
some interesting security lessons, and it's worth understanding in some
detail.

In December 2003, as part of the Fair and Accurate Credit Transactions
Act, or FACTA, credit bureaus were forced to allow you to put a fraud
alert on their credit reports, requiring lenders to verify your identity
before issuing a credit card in your name. This alert is temporary, and
expires after 90 days.  Several companies have sprung up -- LifeLock,
Debix, LoudSiren, TrustedID -- that automatically renew these alerts and
effectively make them permanent.

This service pisses off the credit bureaus and their financial
customers. The reason lenders don't routinely verify your identity
before issuing you credit is that it takes time, costs money and is one
more hurdle between you and another credit card. (Buy, buy, buy -- it's
the American way.) So in the eyes of credit bureaus, LifeLock's
customers are inferior goods; selling their data isn't as valuable.
LifeLock also opts its customers out of pre-approved credit card offers,
further making them less valuable in the eyes of  credit bureaus.

And, so began a smear campaign on the part of the credit bureaus. You
can read their points of view in New York Times article, written by a
reporter who didn't do much more than regurgitate their talking points.
And the class action lawsuits have piled on, accusing LifeLock of
deceptive business practices, fraudulent advertising and so on.  The
biggest smear is that LifeLock didn't even protect Todd Davis, and that
his identity was allegedly stolen.

It wasn't. Someone in Texas used Davis's SSN to get a $500 advance
against his paycheck. It worked because the loan operation didn't check
with any of the credit bureaus before approving the loan -- perfectly
reasonable for an amount this small. The payday-loan operation called
Davis to collect, and LifeLock cleared up the problem. His credit report
remains spotless.

The Experian credit bureau's lawsuit basically claims that fraud alerts
are only for people who have been victims of identity theft. This seems
spurious; the text of the law states that anyone "who asserts a good
faith suspicion that the consumer has been or is about to become a
victim of fraud or related crime" can request a fraud alert. It seems to
me that includes anybody who has ever received one of those notices
about their financial details being lost or stolen, which is everybody.

As to deceptive business practices and fraudulent advertising -- those
just seem like class action lawyers piling on. LifeLock's aggressive
fear-based marketing doesn't seem any worse than a lot of other similar
advertising campaigns. My guess is that the class action lawsuits won't
go anywhere.

In reality, forcing lenders to verify identity before issuing credit is
exactly the sort of thing we need to do to fight identity theft.
Basically, there are two ways to deal with identity theft: Make personal
information harder to steal, and make stolen personal information harder
to use. We all know the former doesn't work, so that leaves the latter.
If Congress wanted to solve the problem for real, one of the things it
would do is make fraud alerts permanent for everybody. But the credit
industry's lobbyists would never allow that.

LifeLock does a bunch of other clever things. They monitor the national
address database, and alert you if your address changes. They look for
your credit and debit card numbers on hacker and criminal websites and
such, and assist you in getting a new number if they see it. They have a
million-dollar service guarantee -- for complicated legal reasons, they
can't call it insurance -- to help you recover if your identity is ever
stolen.

But even with all of this, I am not a LifeLock customer. At $120 a year,
it's just not worth it. You wouldn't know it from the press attention,
but dealing with identity theft has become easier and more routine.
Sure, it's a pervasive problem. The Federal Trade Commission reported
that 8.3 million Americans were identity-theft victims in 2005. But that
includes things like someone stealing your credit card and using it,
something that rarely costs you any money and that LifeLock doesn't
protect against. New account fraud is much less common, affecting 1.8
million Americans per year, or 0.8 percent of the adult population. The
FTC hasn't published detailed numbers for 2006 or 2007, but the rate
seems to be declining.

New card fraud is also not very damaging. The median amount of fraud the
thief commits is $1,350, but you're not liable for that. Some
spectacularly horrible identity-theft stories notwithstanding, the
financial industry is pretty good at quickly cleaning up the mess. The
victim's median out-of-pocket cost for new account fraud is only $40,
plus ten hours of grief to clean up the problem. Even assuming your time
is worth $100 an hour, LifeLock isn't worth more than $8 a year.

And it's hard to get any data on how effective LifeLock really is.
They've been in business three years and have about a million customers,
but most of them have joined up in the last year. They've paid out on
their service guarantee 113 times, but a lot of those were for things
that happened before their customers became customers. (It was easier to
pay than argue, I assume.) But they don't know how often the fraud
alerts actually catch an identity thief in the act. My guess is that
it's less than the 0.8 percent fraud rate above.

LifeLock's business model is based more on the fear of identity theft
than the actual risk.

It's pretty ironic of the credit bureaus to attack LifeLock on its
marketing practices, since they know all about profiting from the fear
of identity theft. FACTA also forced the credit bureaus to give
Americans a free credit report once a year upon request. Through
deceptive marketing techniques, they've turned this requirement into a
multimillion-dollar business.

Get LifeLock if you want, or one of its competitors if you prefer. But
remember that you can do most of what these companies do yourself. You
can put a fraud alert on your own account, but you have to remember to
renew it every three months. You can also put a credit freeze on your
account, which is more work for the average consumer but more effective
if you're a privacy wonk -- and the rules differ by state. And maybe
someday Congress will do the right thing and put LifeLock out of
business by forcing lenders to verify identity every time they issue
credit in someone's name.

LifeLock:
http://www.lifelock.com

FACTA:
http://www.ftc.gov/opa/2004/06/factaidt.shtm
http://www.treasury.gov/offices/domestic-finance/financial-institution/cip/pdf/f\
act-act.pdf
or http://tinyurl.com/yqh9vh

Fraud alerts:
http://www.consumersunion.org/creditmatters/creditmattersfactsheets/001626.html
or http://tinyurl.com/564hrn

New York Times article:
http://www.nytimes.com/2008/05/24/business/yourmoney/24money.html?8dpc

Lawsuits:
http://www.networkworld.com/news/2008/022108-credit-reporting-firm-sues-lifelock\
.html
or http://tinyurl.com/6dqoa3
http://www.insidetech.com/news/2148-id-protection-ads-come-back-to-bite-lifelock\
-pitchman
or http://tinyurl.com/5vzdkr

Identity theft:
http://www.schneier.com/crypto-gram-0504.html#2
http://www.ftc.gov/opa/2007/11/idtheft.shtm
http://www.consumer.gov/sentinel/pubs/top10fraud2007.pdf
http://www.privacyrights.org/ar/idtheftsurveys.htm#Jav2007

Free credit reports:
http://www.annualcreditreport.com/
http://blog.washingtonpost.com/securityfix/2005/09/beware_free_credit_report_sca\
m_1.html
or http://tinyurl.com/66vjwk
http://www.msnbc.msn.com/id/7803368/
http://ezinearticles.com/?The-Free-Credit-Report-Scam&id=321877

Defending yourself:
http://www.nytimes.com/2008/05/24/business/yourmoney/24moneyside.html
http://www.savingadvice.com/blog/2008/06/04/102143_never-pay-someone-to-protect-\
your-identity.html
or http://tinyurl.com/66ddv7

This essay originally appeared in Wired:
http://www.wired.com/politics/security/commentary/securitymatters/2008/06/securi\
tymatters_0612
or http://tinyurl.com/3kkskp


** *** ***** ******* *********** *************

      Schneier/BT News


Schneier interview in The Edge:
http://www.theedgedaily.com/cms/content.jsp?id=com.tms.cms.article.Article_71a20\
bfd-cb73c03a-18992130-695434f1
or http://tinyurl.com/5fw4su

Video of a panel Schneier was on at Supernova; the topic was security
and privacy.
http://conversationhub.com/2008/07/10/session-video-privacy-and-security-in-the-\
network-age/


** *** ***** ******* *********** *************

   The First Interdisciplinary Workshop on Security and Human Behavior



The First Interdisciplinary Workshop on Security and Human Behavior (SHB
08) was held at MIT earlier this month.  From the website:

"Security is both a feeling and a reality, and they're different.  There
are several different research communities: technologists who study
security systems, and psychologists who study people, not to mention
economists, anthropologists and others.  Increasingly these worlds are
colliding.

"*  Security design is by nature psychological, yet many systems ignore
this, and cognitive biases lead people to misjudge risk. For example, a
key in the corner of a web browser makes people feel more secure than
they actually are, while people feel far less secure flying than they
actually are. These biases are exploited by various attackers.

"*  Security problems relate to risk and uncertainty, and the way we
react to them. Cognitive and perception biases affect the way we deal
with risk, and therefore the way we understand security -- whether that
is the security of a nation, of an information system, or of one's
personal information.

"*  Many real attacks on information systems exploit psychology more
than technology. Phishing attacks trick people into logging on to
websites that appear genuine but actually steal passwords. Technical
measures can stop some phishing tactics, but stopping users from making
bad decisions is much harder. Deception-based attacks are now the
greatest threat to online security.

"*  In order to be effective, security must be usable -- not just by
geeks, but by ordinary people. Research into usable security invariably
has a psychological component.

"*  Terrorism is perceived to be a major threat to society. Yet the
actual damage done by terrorist attacks is dwarfed by the secondary
effects as target societies overreact. There are many topics here, from
the manipulation of risk perception to the anthropology of religion.

"*  There are basic research questions; for example, about the extent to
which the use and detection of deception in social contexts may have
helped drive human evolution.

"The dialogue between researchers in security and in psychology is
rapidly widening, bringing in more and more disciplines -- from security
usability engineering, protocol design, privacy, and policy on the one
hand, and from social psychology, evolutionary biology, and behavioral
economics on the other."

About a year ago, Ross Anderson and I conceived this conference as a way
to bring together computer security researchers, psychologists,
behavioral economists, sociologists, philosophers, and others -- all of
whom are studying the human side of security.  I've read a lot -- and
written some -- on psychology and security over the past few years, and
have been continually amazed by some of the research that people outside
my field have been doing on topics very relevant to my field.  Ross and
I both thought that bringing these diverse communities together would be
fascinating to everyone.  So we convinced behavioral economists
Alessandro Acquisti and George Loewenstein to help us organize the
workshop, invited the people we all have been reading, and also asked
them who else to invite.  The response was overwhelming.  Almost
everyone we wanted was able to attend, and the result was a 42-person
conference with 35 speakers, including Nicholas Humphrey, Frank Furedi,
and James Randi.

http://www.cl.cam.ac.uk/~rja14/shb08.html

Agenda:
http://www.cl.cam.ac.uk/~rja14/shb08/agenda.html

Invitees and their work:
http://www.cl.cam.ac.uk/~rja14/shb08/index.html

Summaries and notes on the talks:
http://www.lightbluetouchpaper.org/2008/06/30/security-psychology/
http://www.ljean.com/files/SHBnotes.html

Audio from the workshop:
http://www.crypto.com/blog/shb08/

Photos:
http://www.cl.cam.ac.uk/~fms27/shb-2008/
http://www.lukechurchphotography.com/gallery/5341110_NYVVd#326538830_N3ELV
or http://tinyurl.com/5t7r2c

News articles:
http://redtape.msnbc.com/2008/07/cambridge-mass.html


** *** ***** ******* *********** *************

      The Truth About Chinese Hackers



The popular media conception is that there is a coordinated attempt by
the Chinese government to hack into U.S. computers -- military,
government corporate -- and steal secrets. The truth is a lot more
complicated.

There certainly is a lot of hacking coming out of China. Any company
that does security monitoring sees it all the time.

These hacker groups seem not to be working for the Chinese government.
They don't seem to be coordinated by the Chinese military. They're
basically young, male, patriotic Chinese citizens, trying to demonstrate
that they're just as good as everyone else. As well as the American
networks the media likes to talk about, their targets also include
pro-Tibet, pro-Taiwan, Falun Gong and pro-Uyghur sites.

The hackers are in this for two reasons: fame and glory, and an attempt
to make a living. The fame and glory comes from their nationalistic
goals. Some of these hackers are heroes in China. They're upholding the
country's honor against both anti-Chinese forces like the pro-Tibet
movement and larger forces like the United States.

And the money comes from several sources. The groups sell owned
computers, malware services, and data they steal on the black market.
They sell hacker tools and videos to others wanting to play. They even
sell T-shirts, hats and other merchandise on their Web sites.

This is not to say that the Chinese military ignores the hacker groups
within their country. Certainly the Chinese government knows the leaders
of the hacker movement and chooses to look the other way. They probably
buy stolen intelligence from these hackers. They probably recruit for
their own organizations from this self-selecting pool of experienced
hacking experts. They certainly learn from the hackers.

And some of the hackers are good. Over the years, they have become more
sophisticated in both tools and techniques. They're stealthy. They do
good network reconnaissance. My guess is what the Pentagon thinks is the
problem is only a small percentage of the actual problem.

And they discover their own vulnerabilities. Earlier this year, one
security company noticed a unique attack against a pro-Tibet
organization. That same attack was also used two weeks earlier against a
large multinational defense contractor.

They also hoard vulnerabilities. During the 1999 conflict over the
two-states theory conflict, in a heated exchange with a group of
Taiwanese hackers, one Chinese group threatened to unleash multiple
stockpiled worms at once. There was no reason to disbelieve this threat.

If anything, the fact that these groups aren't being run by the Chinese
government makes the problem worse. Without central political
coordination, they're likely to take more risks, do more stupid things
and generally ignore the political fallout of their actions.

In this regard, they're more like a non-state actor.

So while I'm perfectly happy that the U.S. government is using the
threat of Chinese hacking as an impetus to get their own cybersecurity
in order, and I hope they succeed, I also hope that the U.S. government
recognizes that these groups are not acting under the direction of the
Chinese military and doesn't treat their actions as officially approved
by the Chinese government.


This essay originally appeared on the Discovery Channel website:
http://dsc.discovery.com/technology/my-take/computer-hackers-china.html
or http://tinyurl.com/5lv3ac


** *** ***** ******* *********** *************

      Man-in-the-Middle Attacks



Last week's dramatic rescue of 15 hostages held by the guerrilla
organization FARC was the result of months of intricate deception on the
part of the Colombian government. At the center was a classic
man-in-the-middle attack.

In a man-in-the-middle attack, the attacker inserts himself between two
communicating parties. Both believe they're talking to each other, and
the attacker can delete or modify the communications at will. The Wall
Street Journal reported how this gambit played out in Colombia:

"The plan had a chance of working because, for months, in an operation
one army officer likened to a "broken telephone," military intelligence
had been able to convince Ms. Betancourt's captor, Gerardo Aguilar, a
guerrilla known as "Cesar," that he was communicating with his top
bosses in the guerrillas' seven-man secretariat. Army intelligence
convinced top guerrilla leaders that they were talking to Cesar. In
reality, both were talking to army intelligence."

This ploy worked because Cesar and his guerrilla bosses didn't know one
another well. They didn't recognize one another's voices, and didn't
have a friendship or shared history that could have tipped them off
about the ruse. Man-in-the-middle is defeated by context, and the FARC
guerrillas didn't have any.

And that's why man-in-the-middle, abbreviated MITM in the
computer-security community, is such a problem online: Internet
communication is often stripped of any context. There's no way to
recognize someone's face. There's no way to recognize someone's voice.
When you receive an e-mail purporting to come from a person or
organization, you have no idea who actually sent it. When you visit a
website, you have no idea if you're really visiting that website. We all
like to pretend that we know who we're communicating with -- and for the
most part, of course, there isn't any attacker inserting himself into
our communications -- but in reality, we don't. And there are lots of
hacker tools that exploit this unjustified trust, and implement MITM
attacks.

Even with context, it's still possible for MITM to fool both sides --
because electronic communications are often intermittent. Imagine that
one of the FARC guerrillas became suspicious about who he was talking
to. So he asks a question about their shared history as a test: "What
did we have for dinner that time last year?" or something like that. On
the telephone, the attacker wouldn't be able to answer quickly, so his
ruse would be discovered. But e-mail conversation isn't synchronous. The
attacker could simply pass that question through to the other end of the
communications, and when he got the answer back, he would be able to reply.

This is the way MITM attacks work against web-based financial systems. A
bank demands authentication from the user: a password, a one-time code
from a token or whatever. The attacker sitting in the middle receives
the request from the bank and passes it to the user. The user responds
to the attacker, who passes that response to the bank. Now the bank
assumes it is talking to the legitimate user, and the attacker is free
to send transactions directly to the bank. This kind of attack
completely bypasses any two-factor authentication mechanisms, and is
becoming a more popular identity-theft tactic.

There are cryptographic solutions to MITM attacks, and there are secure
web protocols that implement them. Many of them require shared secrets,
though, making them useful only in situations where people already know
and trust one another.

The NSA-designed STU-III and STE secure telephones solve the MITM
problem by embedding the identity of each phone together with its key.
(The NSA creates all keys and is trusted by everyone, so this works.)
When two phones talk to each other securely, they exchange keys and
display the other phone's identity on a screen. Because the phone is in
a secure location, the user now knows who he is talking to, and if the
phone displays another organization -- as it would if there were a MITM
attack in progress -- he should hang up.

Zfone, a secure VoIP system, protects against MITM attacks with a short
authentication string. After two Zfone terminals exchange keys, both
computers display a four-character string. The users are supposed to
manually verify that both strings are the same -- "my screen says 5C19;
what does yours say?" -- to ensure that the phones are communicating
directly with each other and not with an MITM. The AT&T TSD-3600 worked
similarly.

This sort of protection is embedded in SSL, although no one uses it. As
it is normally used, SSL provides an encrypted communications link to
whoever is at the other end: bank and phishing site alike. And the
better phishing sites create valid SSL connections, so as to more
effectively fool users. But if the user wanted to, he could manually
check the SSL certificate to see if it was issued to "National Bank of
Trustworthiness" or "Two Guys With a Computer in Nigeria."

No one does, though, because you have to both remember and be willing to
do the work. (The browsers could make this easier if they wanted to, but
they don't seem to want to.) In the real world, you can easily tell a
branch of your bank from a money changer on a street corner. But on the
internet, a phishing site can be easily made to look like your bank's
legitimate website. Any method of telling the two apart takes work. And
that's the first step to fooling you with a MITM attack.

Man-in-the-middle isn't new, and it doesn't have to be technological.
But the internet makes the attacks easier and more powerful, and that's
not going to change anytime soon.

Wall Street Journal article:
http://online.wsj.com/article/SB121518490923829025.html

MITM hacker tools:
http://www.monkey.org/~dugsong/dsniff/
http://www.oxid.it/
http://ettercap.sourceforge.net/
http://sourceforge.net/projects/airjack/
http://www.wsniff.com/
http://www.theta44.org/karma/

Problems with two-factor authentication:
http://www.schneier.com/crypto-gram-0503.html#2

NSA secure phones:
http://www.fas.org/irp/program/security/_work/stu3.html

Zfone:
http://zfoneproject.com/faq.html#mitm

AT&T TSD 3600:
http://www.flickr.com/photos/21746901@N08/2275723713/

Checking SSL certificates:
http://www.microsoft.com/protect/yourself/phishing/spoof.mspx

The essay originally appeared on Wired.com.
http://www.wired.com/politics/security/commentary/securitymatters/2008/07/securi\
tymatters_0710


** *** ***** ******* *********** *************

      Comments from Readers



There are hundreds of comments -- many of them interesting -- on these
topics on my blog. Search for the story you want to comment on, and join in.

http://www.schneier.com/blog


** *** ***** ******* *********** *************

CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on security: computer and otherwise.  You can
subscribe, unsubscribe, or change your address on the Web at
<http://www.schneier.com/crypto-gram.html>.  Back issues are also
available at that URL.

Please feel free to forward CRYPTO-GRAM, in whole or in part, to
colleagues and friends who will find it valuable.  Permission is also
granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

CRYPTO-GRAM is written by Bruce Schneier.  Schneier is the author of the
best sellers "Beyond Fear," "Secrets and Lies," and "Applied
Cryptography," and an inventor of the Blowfish and Twofish algorithms.
He is the Chief Security Technology Officer of BT (BT acquired
Counterpane in 2006), and is on the Board of Directors of the Electronic
Privacy Information Center (EPIC).  He is a frequent writer and lecturer
on security topics.  See <http://www.schneier.com>.

Crypto-Gram is a personal newsletter.  Opinions expressed are not
necessarily those of BT.

Copyright (c) 2008 by Bruce Schneier.

http://www.schneier.com/blog/archives/2008/05/blackberry_givi_1.html

http://economictimes.indiatimes.com/News/News_By_Industry/Telecom/Open_code_or_s\
hut_shop_DoT_tells_RIM/articleshow/3084129.cms

At Hyderabad
http://www.seclab.cs.sunysb.edu/iciss08/cfp.html

At hyderabad
www.crsind.com/brochure-08.pdf