Grumpasaurus.com

Sears distributing spyware edition

It’s not that Sears fails to notify users it intends to spy on them. Indeed, the email sent to users states that the application “monitors all of the internet behavior that occurs on the computer on which you install the application, including…filling a shopping basket, completing an application form, or checking your…personal financial or health information.”

The rub is that this unusually frank warning comes on page 10 of a 54-page privacy statement that is 2,971 words long. Edelman, who is a frequent critic of spyware companies, said the Sears document fails to meet standards established by the Federal Trade Commission when it settled with Direct Revenue and Zango over the lack of disclosure about the extent of their snoopware.

Military Is Expanding Its Intelligence Role in U.S.

The Pentagon has been using a little-known power to obtain banking and credit records of hundreds of Americans and others suspected of terrorism or espionage inside the United States, part of an aggressive expansion by the military into domestic intelligence gathering.

The C.I.A. has also been issuing what are known as national security letters to gain access to financial records from American companies, though it has done so only rarely, intelligence officials say.

Banks, credit card companies and other financial institutions receiving the letters usually have turned over documents voluntarily, allowing investigators to examine the financial assets and transactions of American military personnel and civilians, officials say.
…
But it was not previously known, even to some senior counterterrorism officials, that the Pentagon and the Central Intelligence Agency have been using their own “noncompulsory” versions of the letters. Congress has rejected several attempts by the two agencies since 2001 for authority to issue mandatory letters, in part because of concerns about the dangers of expanding their role in domestic spying.

What we’ve got here is an agency that is forbidden from spying on citizens… spying on citizens… without a warrant… keeping the information in a database (read: forEVER)… and using this information in completely unaccountable, untold ways. Oh, and the Pentagon, NSA, and FBI are also in the act.

This is unconstitutional, illegal, and exceedingly dangerous. Whatever remained of our democracy is teetering on the brink of elimination.

Interesting how the righty jackasses screaming about jackbooted thugs in powder blue helmets are totally OK with this when there’s a Republican administration in charge. Idiots. Don’t you know that your names too are going to be on the list eventually?

… oooh, American Idol’s on!

Why mixing poor security design with a new technology the bureaucrats don’t understand and combining them with highly important, personally-identifying, required travel documents is a really, really bad combination

Six months ago, with the help of a rather scary computer expert, I deconstructed the life of an airline passenger simply by using information garnered from a boarding-pass stub he had thrown into a dustbin on the Heathrow Express. By using his British Airways frequent-flyer number and buying a ticket in his name on the airline’s website, we were able to access his personal data, passport number, date of birth and nationality. Based on this information, using publicly available databases, we found out where he lived, his profession, all his academic qualifications and even how much his house was worth.

It would have been only a short hop to stealing his identity, committing fraud in his name and generally ruining his life.

Great news then, we thought, that the UK had just begun to issue new, ultra-secure passports, incorporating tiny microchips to store the holder’s details and a digital description of their physical features (known in the jargon as biometrics). These, the argument went, would make identity theft much more difficult and pave the way for the government’s proposed ID cards in 2008 or 2009.

Today, some three million such passports have been issued, and they don’t look so secure. I am sitting with my scary computer man and we have just sucked out all the supposedly secure data and biometric information from three new passports and displayed it all on a laptop computer.

I have, of course, mentioned how the US is switching to RFID passports in the near future. Also, how to make a RFID jammer wallet… for what good it will do you.

Ex-Head of H.P. Faces Charges

Patricia C. Dunn, the former chairwoman of Hewlett-Packard, and four other people will be named in indictments expected to be filed by California’s attorney general today in the spying case at the company, according to lawyers involved in the case.

In addition to Ms. Dunn, Attorney General Bill Lockyer intends to indict Kevin T. Hunsaker, a former senior lawyer at H.P.; Ronald L. DeLia, a Boston-area private detective; Joseph DePante, owner of Action Research Group, a Melbourne, Fla., information broker; and Bryan Wagner, a Littleton, Colo., man who is said to have obtained private phone records while working for Mr. DePante.

All of those named face four charges: using of false or fraudulent pretenses to obtain confidential information from a public utility, unauthorized access to computer data, identity theft, and conspiracy to commit each of those crimes. All of the charges are felonies.

Carly “the Hatchet” Fiorina’s coming to Hewlett Packard was the worst thing that ever happened to that company (most notably, the merger with Compaq, which was almost as bad as AOL-Time Warner). Fiorina drove a former flagship company into an amorphous, unweildy limpid and that, combined with her unethical, self-serving corruption, irretrievably sullied HP’s name (Fiorina is GOP, of course). In short: she ran that company into the ground… and got a $21 million severance package for her troubles.

Dunn was Carly’s replacement and it looks like she brought the culture of corruption with her. Unethical, amoral, and apparently illegal.

There’s an interesting parallel between the corporate illegalities and spying and the actions of the current administration (you know, the one with the “CEO” president), but I think it goes back further than just this administration. The current corruption, from WorldCom to Enron to HP can be traced to the unending GOP attempts to deregulate anything and everything associated with capitalism.

Should we be surprised? Perhaps, but only that these guys got caught.

The civil suits to follow should be quite entertaining.

Right on

A federal judge today denied the government’s motion to dismiss the Electronic Frontier Foundation’s (EFF’s) case against AT&T for collaborating with the NSA in illegal spying of millions of ordinary Americans. This allows the case to go forward in the courts.

Though perhaps not readily apparent, this is huge news (and, I think, might not have been reached but for the Hamdi case). The government had filed a brief supporting the dismissal on the grounds that proceeding in the case would destroy state secrets and harm national security. They’ve abused this defense a number of times, always in support of government activities even the bedwetters who exchanged their notions of liberty for paternalistic security after 9/11 would recognize as authoritarian power grabs. AT&T’s motion was denied as well.

Read is the 72-page court order denying both AT&T’s and the government’s motions for dismissal.

Learn more about the case. Donate to the EFF if you can.

Greenwald has much more on the import of this decision.

Why? Because they just redesigned their privacy policy so that AT&T owns your confidential data. I always love it when companies violate our privacy and I love it even more when companies rewrite their privacy policy in order to better aid a government conducting illegal warrantless wiretaps.

AT&T has issued an updated privacy policy that takes effect Friday. The changes are significant because they appear to give the telecom giant more latitude when it comes to sharing customers’ personal data with government officials.

The new policy says that AT&T — not customers — owns customers’ confidential info and can use it “to protect its legitimate business interests, safeguard others, or respond to legal process.”

The policy also indicates that AT&T will track the viewing habits of customers of its new video service — something that cable and satellite providers are prohibited from doing.

Moreover, AT&T (formerly known as SBC) is requiring customers to agree to its updated privacy policy as a condition for service — a new move that legal experts say will reduce customers’ recourse for any future data sharing with government authorities or others.

I hear “my way or the highway” is a great customer satisfaction model.

If you have no other telecom recourse in your area, it’s a contract of adhesion and void. If you do have another option in your area and you currently use AT&T, I urge you to switch. Qwest was the only domestic carrier to fight the government’s illegal requests. If you only long-distance, may I suggest Working Assets?

Update: I wanted to point out that if you are an AT&T customer and they change these terms on you and will not provide you service unless you agree to these new terms, this renders your contract void. This means that you can get out of your contract, regardless of the length, with no penalty whatsoever. In legal terms, they have voided the existing contract and given you a new contract offer (whose terms include taking on the terms of the previous contract). As they voided the previous agreement, there is no early termination fee to worry about.

Not that they won’t try, of course, but you can tell them to sit & spin… and know that the law is on your side. [fn1]

[fn1] This is not legal advice. Before taking action, be sure to consult your attorney. Who is not me. At all.