Mrs. Mecomber's Scrapbook

Talking technology, computers, and the Internet… for the average computer user

Posts Tagged government

Library of Congress to Archive Tweets

Apr 17

Posted by Mrs. Mecomber in Internet, Twitter, computers, crime, surveillance | 4 Comments

I’ve seen the government do a lot of stupid things; this is way up on the list.

Library of Congress to House Entire Twitter Archive

The U.S. Library of Congress, which archives many forms of media for their cultural and historical significance, has announced it will keep a digital archive of every public tweet that has been broadcast on Twitter since its inception in March 2006.

It’s only appropriate that the initial announcement of this project was given on the Library of Congress’ Twitter account (@librarycongress) and was followed up by a Facebook message before the official press release is issued.

Even though tweets, as messages on Twitter are called, can only be 140 characters long, the amount of information to archive is significant. There are 50 million tweets per day and the total number of tweets already number well into the billions.

Hmmm I don’t remember them asking me if I wanted my tweets archived by them… and what about non-Americans? Is the LOG only archiving Americans’ tweets, or all, everywhere, ever?

The comments on the story were mainly along the same vein:

Oh god, that is a stupid idea. Somehow, endless streams of, “OMG”, “u rock”, and “<3", doesn't really strike me as something worth saving.

Ah, but the LOG has a fix for that. They are going to archive ALL tweets, but only highlight tweets from the *important* people:

Recognizing that the inane tweets will certainly outnumber the significant ones, the Library of Congress plans to highlight the culturally and historically important tweets, such as the first-ever tweet sent by Twitter co-founder Jack Dorsey, President Obama’s tweet announcing his win in the 2008 election and a set of tweets that helped a photojournalist get released from prison in Egypt.

This Twitter archive isn’t evidence of a new focus for the Library of Congress; it has been collecting and archiving websites and online media for a decade now. The Library of Congress currently houses 167 terabytes (or 167,000 gigabytes – the largest iPod storage is only 64 gigabytes) of information pulled from the Internet during that time.

So the Library of Congress has been storing everything, anyway.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: ,

Government Gmail Use: Is It Wise?

Jan 14

Posted by Mrs. Mecomber in Google, crime, email programs, news | 2 Comments

I saw this excellent article by Paul Strassman (writing a guest post for Larry Dignan) at ZDNet. I admit, though- I did not know that government officials– in this case, the Department of Defense– use Gmail for their government correspondence. Holy cow!

Federal Chief Information Officer Vivek Kundra has been a consistent advocate of increasing the government’s use of commercially available technologies, such as Gmail. In fact, as the District of Columbia’s chief technology officer, Kundra implemented Google Apps, including Gmail, for all District employees.

A number of Department of Defense (DoD) organizations are already using Gmail. Meanwhile, Google has made secure Gmail the default choice in light of the cyberattack the company detailed on Tuesday.

…Once you can wiretap, you can eventually figure out how to distinguish Gmail traffic from other traffic, and reverse engineer how Gmail data is replicated across servers.

There is no defense against a hostile party with full physical access to your server room. That is why Google’s only logical option is to withdraw all physical servers from China.

There are two Google data centers in China, almost surely co-hosted on shared facilities and not owned by Google. Similarly, there is a co-hosted facility in Russia. Unless a facility is owned and operated by Google it would be always suspect, and even then it would not qualify to operate DoD classified mail.

DoD should therefore not consider Gmail as a viable option because it cannot be trusted. Only a secure DoD Private Cloud, isolated from the Internet, can be seen as an acceptable option.

It’s a contentious issue- the comments on the post are filled with such incredulity as I express. And an update to the post was issued later today, when Google spokesman spoke out:

The premise of Mr. Strassman’s post is without merit: there’s no need to withdraw servers that store Gmail information from China because there aren’t any there.

I think Mr. Strassman’s post IS merited… because while Mr. Strassman does mention the recent cyberattack on Google’s Gmail as an impetus for moving DoD mail away from Gmail, the premise IS that the DoD, and truly all government offices, should have their own secure email system outside of the “cloud” maintained by global business. It’s just good sense. It blows my mind that the DoD has email with Gmail! Doesn’t the government have their own system?! It mirrors the same bafflement that I have regarding the SSL issues with online banking websites– their security is pitiable, whereas my photo-sharing account is tighter than a drum. Crazy!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: , ,

Microsoft Denies NSA Backdoor in Windows 7

Nov 30

Posted by Mrs. Mecomber in computers, crime, surveillance | 4 Comments

This is eyebrow-raising.

Microsoft denies it built ‘backdoor’ in Windows 7
Don’t worry, company tells users; NSA involved only in security compliance standards

November 19, 2009 (Computerworld) Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system.

“Microsoft has not and will not put ‘backdoors’ into Windows,” a company spokeswoman said, reacting to a Computerworld story Wednesday.

On Monday, Richard Schaeffer, the NSA’s information assurance director, told the Senate’s Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 “to enhance Microsoft’s operating system security guide.”

Pardon me, but I find it VERRRRY hard to believe anything Microsoft OR the NSA has to say. Maybe they did, maybe they didn’t. It does not help that both companies resort to Newspeak, either: “enhance” the security guide?? Enhance, huh?

*bells and whistles*

The story goes on:

Microsoft’s rejection of the idea that it’s hidden a backdoor in Windows came as no surprise to security researchers, who yesterday expressed doubt that the company would put its reputation at such risk. “I can’t imagine NSA and Microsoft would do anything deliberate, because the repercussions would be enormous if they got caught,” Roger Thompson, the chief research officer of antivirus vendor AVG Technologies, said yesterday.

John Pescatore, an analyst with Gartner Research, agreed. “[The concerns] are way overstated,” he said today in an e-mail. “NSA worked with Microsoft and others, like Cisco, on security configuration standards for [their] products.”

Cisco, in fact, has built “lawful intercept” capabilities into its products, including its Internetworking Operating System (ISO) and its VoIP (Voice over Internet Protocol) lines. The term describes the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications under authorization, such as electronic wiretap orders.

“Lawful intercept” capabilities, eh? What law? This is surveillance without probable cause. I’d like to know where in the Constitution it says government can monitor the activities of American citizens.

It’s getting crazy out there…

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: , ,

Federal Data-Protection Law

Nov 24

Posted by Mrs. Mecomber in crime, security news | Comments off

On the surface, this sounds like good news. Basically, it’s a bill that would create a national standard for protection of data, and would require notification of breaches of sensitive data. Data breaches, data sharing, and data theft has become FAR too common, and businesses and the government have treated it very lightly. So, I’m hoping this new bill would help resolve it– of course, I’m also hoping the government hasn’t added a ton of pork or liberty-killing bills dog-eared with this bill. :-p

Federal data-protection law inches forward
The Personal Data Privacy and Security Act was approved by the Senate Judiciary Committee

A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee.

The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration.

If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data.

Under the proposed law, all private and government entities handling sensitive data would be required to implement specific risk assessment and vulnerability testing measures. They also would be required to deploy measures for controlling access to sensitive data, detecting and logging unauthorized accesses to the data, and protecting data while it is in transit and at rest.

The bill would introduce a federal breach-notification standard under which companies would be required to notify not just individuals affected by a data breach, but also, in some cases, credit reporting agencies and the U.S. Secret Service. It would establish a new Office of Federal Identity Protection within the Federal Trade Commission and stiffen penalties for identity theft and related fraud.

The law would also provide notification exemptions for companies that have taken adequate measures — such as encryption — to protect sensitive data. Companies would also not be required to immediately disclose a breach if it would hinder a criminal investigation. But such exemptions would need to be vetted by the Secret Service. The law provides for penalties against executives of companies that willfully conceal a data breach.

Here’s hoping we see some change….

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: , , ,

More Thought Control Regulations Coming

May 29

Posted by Mrs. Mecomber in Internet, crime, news | 3 Comments

I happened across this news alert at the Volokh Conspiracy website. Yikes!!

Federal Felony To Use Blogs, the Web, Etc. To Cause Substantial Emotional Distress Through “Severe, Repeated, and Hostile” Speech?

That’s what a House of Representatives bill, proposed by Rep. Linda T. Sanchez and 14 others, would do. Here’s the relevant text:

Whoever transmits in interstate or foreign commerce any communication, with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior, shall be fined under this title or imprisoned not more than two years, or both….

["Communication"] means the electronic transmission, between or among points specified by the user, of information of the user’s choosing, without change in the form or content of the information as sent and received; …

["Electronic means"] means any equipment dependent on electrical power to access an information service, including email, instant messaging, blogs, websites, telephones, and text messages.

1. I try to coerce a politician into voting a particular way, by repeatedly blogging (using a hostile tone) about what a hypocrite / campaign promise breaker / fool / etc. he would be if he voted the other way. I am transmitting in interstate commerce a communication with the intent to coerce using electronic means (a blog) “to support severe, repeated, and hostile behavior” — unless, of course, my statements aren’t seen as “severe,” a term that is entirely undefined and unclear. Result: I am a felon, unless somehow my “behavior” isn’t “severe.”

2. A newspaper reporter or editorialist tries to do the same, in columns that are posted on the newspaper’s Web site. Result: Felony, unless somehow my “behavior” isn’t severe.

3. The politician votes the wrong way. I think that’s an evil, tyrannical vote, so I repeatedly and harshly condemn the politician on my blog, hoping that he’ll get very upset (and rightly so, since I think he deserves to feel ashamed of himself, and loathed by others). I am transmitting a communication with the the intent to cause substantial emotional distress, using electronic means (a blog) “to support severe, repeated, and hostile behavior.” (I might also be said to be intending to “harass” — who knows, given how vague the term is? — but the result is the same even if we set that aside.) Result: I am a felon, subject to the usual utter uncertainty about what “severe” means.

4. A company delivers me shoddy goods, and refuses to refund my money. I e-mail it several times, threatening to sue if they don’t give me a refund, and I use “hostile” language. I am transmitting a communication with the intent to coerce, using electronic means “to support severe, repeated, and hostile behavior.” Result: I am a felon, if my behavior is “severe.”

5. Several people use blogs or Web-based newspaper articles to organize a boycott of a company, hoping to get it to change some policy they disapprove of. They are transmitting communications with the intent to coerce, using electronic means “to support severe, repeated, and hostile behavior.” Result: Those people are a felon. [sic] (Isn’t threatening a company with possible massive losses “severe”? But again, who knows?)

6. John cheats on Mary. Mary wants John to feel like the scumbag that he is, so she sends him two hostile messages telling him how much he’s hurt her, how much she now hates him, and how bad he should feel. She doesn’t threaten him with violence (there are separate laws barring that, and this law would apply even in the absence of a threat). She is transmitting communications with the intent to cause substantial emotional distress, using electronic means “to support severe, repeated, and hostile behavior.” Result: Mary is a felon, again if her behavior is “severe.”

The examples could be multiplied pretty much indefinitely. The law, if enacted, would clearly be facially overbroad (and probably unconstitutionally vague), and would thus be struck down on its face under the First Amendment. But beyond that, surely even the law’s supporters don’t really want to cover all this speech.

More and more laws are being passed that are something very akin to “thought control” laws. I was recently interviewed by the Associated Press (more on that later) about the FTC’s upcoming vote on whather to pass a law that restricts bloggers from expressing opinions about advertising.. it’s a very convoluted issue, made very murly by the FTC itself.. I’ll have more on it later. You can read about the issue here if you want.

But have you been paying attention to the pattern? The government wants more and more control of the Internet, especially the “little guys” and their opinions and thoughts. It’s getting PRETTY scary, folks. I think it’s getting time to put away the tuxedo shirts, stop playing Mr. Nice Guys, and roll up the sleeves for some pushing back. This is OUR Internet and I am very happy being independent without YOU, Mr. Government. :-p

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: ,