US government Internet traffic to be screened: report

The Obama administration is planning to use the National Security Agency to screen Internet traffic between government agencies and the private sector, the Washington Post reported Friday. The project was first initiated by the previous administration of president George W. Bush and was due to be set in motion in February. The aim is to protect the government computer network from attacks from outside, the Post said quoting Homeland Security Secretary Janet Napolitano. Her department has been tasked with guiding the NSA in the fight against cyberterrorism, she said. The plans risk re-igniting the fierce debate here about the protection of civil liberties, with the Bush administration accused of having tightened controls on telecommunications and Internet networks. In the Bush-era, the NSA was given the task of carrying out unauthorized wire taps on telephone calls between the United States and abroad. But Napolitano said the NSA would only be charged with looking at data going to or from the government system. 'Each time a private citizen visited a 'dot.gov' website or sent an email to a civilian government employees, that action would be screened for potential harm to the network,' the Post wrote. The daily quoted a Bush administration official as saying the program would focus on malicious content potentially in any note sent to a government address. 'What we're interested in is finding the code, the thing that will do the network harm, not reading the email itself,' they said.

http://www.ejc.net/media_news/us_government_internet_traffic_to_be_screened_report/

UK - MI6 boss in Facebook entry row

(BBC) Personal details about the life of the next head of MI6, Sir John Sawers, have been removed from social networking site Facebook amid security concerns. His wife had put details about their children and the location of their flat on the site.

http://news.bbc.co.uk/2/hi/uk_news/8134807.stm

Article 29 Working Party on online social networking

Article 29 Working Party issued on 22 June 2009 an opinion on how European privacy laws affect social networking sites such as Facebook or Myspace.

The opinion states the social networking sites should be responsible for the compliance to European privacy laws and, on the other hand, that users of such sites should upload pictures or information about other individuals only with the consent of the respective individuals.

Presently, social networking users share pictures and tag friends' images without requiring a prior consent and generally, communicate publicly, placing their own and others' private information on shared "walls".

The Data Protection Authorities recommend that users are given the opt out choice and are warned of the privacy risks and on the personal data that is being made available to others. The opinion says that "the homepage should contain a link to a complaint facility covering data protection issues for both members and non-members".

The group also draws attention to the processing of personal data on the Internet for commercial purposes, recommending that before using the collected data aimed for personalised advertisements, the sites should obtain the prior consent of the respective users. Data on sensitive topics such as race, religion or sexual orientation should not be processed or passed on to advertisers and individuals should be allowed to adopt a pseudonym. Special attention should be given to the processing of the minors' personal data. This is an opinion that has been lately supported by the European Commission which has announced future strong measures to regulate online tailored ads.

The opinion also advises imposing limits on retaining the data of inactive users believing that abandoned accounts, together with their accompanying data, should be deleted.

The Article 29 Working Party's opinion is based on the principle that social networking websites must be subject to the EU Data Protection Directive even when their headquarters are outside the European Union space.

The group interprets the definition of "data controller" as covering the service providers who, therefore, must adhere to privacy laws. Although an exception is made for personal or "household" users, when users broadcast or gather information very widely via such sites, they become data controllers themselves which could affect users who organise concerts, human rights letter-writing campaigns or try to sell a homemade product online.

The recommendations are not binding but show the trend in the legislative measures that might be taken in the future at the national as well as EU level. The group has focused lately on privacy issues related to search engines and its initiatives have led to actions in this direction. The big search engines such as Google, Microsoft and Yahoo!, have been pressed to reduce the retention period of data collected from their users.

The opinion has implications on the way the responsibility of social networks themselves is seen in carrying images and information that could breach protecting privacy and security rules.

The European Commission has lately focused more on protecting citizens and consumers' privacy and social networking websites are considered potentially dangerous for inexpert users.

Information Society Commissioner Viviane Reding has shown her support to this line of action and has kept pushing the major players in this field in adopting a code of conduct meant to protect young users, threatening to otherwise take further action to protect privacy.

http://www.edri.org/edri-gram/number7.13/article-29-social-networks

Botnets pushing up spam loads

Botnet-controlled PCs are responsible for some 83 per cent of all spam messages, according to a recent report. Security firm MessageLabs said in a recent report that despite efforts to shut down service providers notorious for hosting shady operations, spam vendors are continuing to send out huge loads of junk mail through the use of botnet-infected systems.

http://www.v3.co.uk/v3/news/2245041/botnets-pushing-spam-loads

Kazakhstan to tighten internet law

Kazakhstan's parliament has approved a law tightening state control of the internet, which, media rights activists say, will limit freedom of speech in the former Soviet state.

The bill would subject blogs, chat rooms and social networking sites to possible criminal prosecution, enabling the courts to block all websites considered in breach of Kazakh law.

Media rights activists say the law is designed to allow arbitary crackdowns on anyone opposing Nursultan Nazarbayev, Kazakhstan's president.

But authorities say the legislation aims to curb the distribution of child pornography, extremist literature and other unsuitable material.

"This law is not a regulation of the internet. The amendments introduced to the law are aimed at stopping the dissemination of illegal information on the internet," the government's state information agency said.

http://english.aljazeera.net//news/europe/2009/06/2009625115714327645.html

Kevin Anderson: Net surveillance and filters are a reality for Europe, too

The internet is playing such a key role in ­getting information out of Iran that attention has focused, once again, on how much Iran controls the internet within its borders. Iran controls the internet gateways into the country, and in 2006 the government outlawed any connection faster than 128kbps – until the policy met stiff opposition from business leaders and even members of the Iranian parliament.

It's easy to point to countries such as Iran, which the Open Net Initiative says maintains some of the most extensive internet controls in the world, while overlooking the increasing filtering and surveillance of the internet in Europe.

Yaman Akdeniz, the director of Cyber-Rights and Cyber-Liberties, spoke at the recent Deutsche Welle Global Media Forum about the increasing number of websites blocked in Turkey. In 2007, the Turkish parliament fast-tracked ­legislation to regulate the internet, ­passing the bill in just 59 minutes. Supporters defended the legislation on the grounds that it would protect children. In two years, the number of sites blocked went from zero to 2,600.

But many of the sites being blocked have little to do with protecting children from inappropriate content. Blogger, Google's blogging service, was blocked temporarily because one blog was being used to distribute pirated videos of football matches. Richard Dawkins's site was blocked over complaints from Turkish creationists, and Turkey is one of a handful of countries in the world that completely blocks YouTube, Akdeniz says. The Turkish government had asked YouTube to remove videos seen as defamatory to the founder of modern Turkey, Mustafa Kemal Atatürk. YouTube's owner, Google, offered to block Turkish users from seeing the offending videos, but the Turkish government demanded the videos be taken down from the global site.Of course, whether in Iran or Turkey, the filters are ineffectual.

The Turkish government may be able to block YouTube on computers, but they haven't figured out how to block the service on Apple's iPhone. But it's not just on the edge of Europe, in Turkey. Let's look to the heart of Europe, to Germany, which has just passed a law to crack down on child ­pornography sites by adding offending sites to a DNS blacklist.

German net activists launched an e-petition opposing the plan. They needed to get at least 50,000 signatures in six weeks for the petition to be read in parliament, but they needed only three days to get that number. When the ­petition was closed six weeks later, it had 130,000 signatures, making it the most successful e-petition.

Instead of using filtering technology, the internet community suggested targeting the offending sites. Using leaked blacklists – such as Germany was proposing – net activists were able to get 60 sites containing child pornography shut down, by contacting international internet service providers, the internet activist and blogger Markus Beckedahl said.

The German government backed down on completely blocking the sites after civil rights and even victims' rights groups joined internet activists to oppose the plan. Now, internet users coming to a restricted site will see a ­government warning telling them viewing child pornography is a crime, but the user will still be able to access the site.

Child pornography is an easy target, and it has long been used as a rallying cry by internet censors. But we often don't know what is being blocked.

Here in the UK, it is illegal to even look at the list of blocked sites kept by the Internet Watch Foundation. And while a crackdown on websites makes good headlines, net activists question whether the filtering works or tackles the issue of the exploitation of children.

"Instead of effectively investing time and efforts to have illegal content removed from the internet, the German government is choosing censorship and blocking – an easy and dangerous way out," says Beckedahl.Akdeniz told Deutsche Welle, "In a sense, blocking access to these Web sites does not necessarily make the problem go away. We just push it off our computer screens — whether in Germany or the United Kingdom or any other country- but that doesn't necessarily mean the serious problem of sexual exploitation of children and child pornography disappear from the Internet."

http://www.guardian.co.uk/technology/2009/jun/24/kevin-anderson-internet-filtering

China blocks Google services

Google suffered intensive disruption in China Wednesday night just days after it was warned by the authorities to scale back its search operations. Search functions and Gmail were inaccessible for more than an hour in a move seen by web watchers as a warning shot across the bows by China's censors. 'This is definitely a warning to Google, as well as other foreign companies,' said Xiao Qiang, the founder of China Digital Times. 'It is also a strong warning to Chinese netizens. The government is showing its determination to keep the internet under control.' Earlier in the day, the main state and communist party media - Xinhua and People's Daily - condemned Google for providing links to pornographic websites through its search engine. Last week, the government ordered the US company to halt foreign website searches as a punishment. Many Chinese netizens believe the move is intended to distract attention away from the domestic controversy over Green Dam censorship software, which must be sold with all new computers from 1 July. In a rare move, the US has lodged a complaint over the tightening of censorship rules. Google agreed to self-censor in compliance with requests by local officials after setting up a China subsidiary and locally hosted website in 2005. One reason for this controversial decision was that its services were frequently being disrupted or slowed. That has been rare since.

http://www.ejc.net/media_news/china_blocks_google_services/

Tracking GhostNet: Investigating a Cyber Espionage Network

This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.

Pentagon approves creation of cyber command

The Pentagon will create a Cyber Command to oversee the U.S. military's efforts to protect its computer networks and operate in cyberspace, under an order signed by Defense Secretary Robert Gates on Tuesday. The new headquarters, likely to be based at Fort Meade, Maryland, outside Washington, D.C., will be responsible for defending U.S. military systems but not other U.S. government or private networks, Pentagon spokesman Bryan Whitman said. Asked if the command would be capable of offensive operations as well as protecting the Department of Defense, Whitman declined to answer directly. U.S. officials have voiced growing concern in recent years about being vulnerable to attacks on the country's civilian or military networks as technology takes on an ever-increasing role, including in military operations. President Barack Obama said last month he would name a White House-level czar to coordinate government efforts to fight cybercrime. The United States has said many attempts to penetrate its networks appear to come from China but it has stopped short of accusing Chinese authorities of being responsible. Whitman said the new command will consolidate existing Pentagon efforts to protect its networks and operate in cyberspace.

http://www.ejc.net/media_news/pentagon_approves_creation_of_cyber_command/

The Proxy Fight for Iranian Democracy

By Jim Cowie

If you put 65 million people in a locked room, they're going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran's crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC.

A proxy server is a simple bit of software that you run on your computer. It effectively lets you share your computer with anonymous strangers as a "repeater" for content that they aren't allowed to fetch themselves. For example, an Iranian web browser might be manually configured to use your computer (identified by an IP address and a port number) as a Web proxy. When your anonymous friend reads twitter.com, or posts a tweet, the request goes via your computer, instead of to Twitter's web server directly. Except for a little delay, and the fact that your friend gets to see what the uncensored Internet looks like from New York or London or São Paolo instead of Tabriz or Qom, surfing through a proxy is pretty much like surfing without one.

As you might imagine, open web proxies are valuable commodities in places where it's forbidden, possibly dangerous, to surf the Internet. Iran's opposition movement has been vigorously trading lists of open proxies over the past week. And as you might further imagine, the Iranian government censors have worked overtime to identify these proxies and add them to the daily blacklists.

As an experiment, we geolocated a list of about 2,000 web proxies (unique IP addresses and port numbers) that were shared on Twitter and other web sites over the course of the last week, to see if we could discern patterns in the places that are hosting them. Most of these are no longer reachable from inside Iran, of course, precisely because they were made public. The following map shows the distribution of those proxies worldwide.

The USA and Western Europe were well-represented, but so were China, India, Russia, Romania, Bulgaria, Vietnam, ... 87 countries in all, a pretty impressive breadth of representation, considering the relatively small size of this sample. (You can also see about a dozen Iranian IP addresses represented in the set. Not surprisingly, all but one of these belong to networks originated by DCI, the government-run service provider who operates the modern-day Internet equivalent of the Alamūt Castle.)

Full story:

http://www.circleid.com/posts/20060622_proxy_fight_for_iranian_democracy/