Archive for Legal Aspects
Author: Dave Lewis
May 15, 2008 at 8:39 am · Filed under Crime, Hacker, Legal Aspects
Marcia Savage has a nice write up on the Dave & Busters data breach.
From Search Security:
Three men were indicted on charges of hacking into computer systems at 11 Dave & Buster’s restaurants and stealing credit and debit card numbers.
The 27-count federal indictment unsealed Monday in New York charges Maksym Yastremskiy of Kharkov, Ukraine, and Aleksandr Suvorov of Estonia with wire fraud, computer fraud, aggravated identity theft, and other crimes in connection with the scam, which occurred last year. Turkish officials arrested Yastremskiy last July and German authorities arrested Suvorov in March. The third suspect, Albert Gonzalez of Miami, was arrested this month on one count of wire fraud conspiracy.
The indictment alleges that the trio schemed to break into cash register terminals at various locations of the Dallas-based restaurant chain between April 30 and Sept. 22, 2007. They are accused of stealing credit and debit card Track 2 magnetic stripe data and selling it to others who used it to make fraudulent purchases. Track 2 data includes the customer’s account number, expiration data and security code.
Read on.
Article Link
Author: Dave Lewis
April 23, 2008 at 1:32 pm · Filed under Legal Aspects, Privacy
From Threat Level/Wired:
Federal agents at the border do not need any reason to search through travelers’ laptops, cell phones or digital cameras for evidence of crimes, a federal appeals court ruled Monday, extending the government’s power to look through belongings like suitcases at the border to electronics.
The unanimous three-judge decision reverses a lower court finding that digital devices were “an extension of our own memory” and thus too personal to allow the government to search them without cause. Instead, the earlier ruling said, Customs agents would need some reasonable and articulable suspicion a crime had occurred in order to search a traveler’s laptop.
On appeal, the government argued that was too high a standard, infringing upon its right to keep the country safe and enforce laws. Civil rights groups, joined by business traveler groups, weighed in, defending the lower court ruling.
The 9th U.S. Circuit Court of Appeals sided with the government, finding that the so-called border exception to the Fourth Amendment’s prohibition on unreasonable searches applied not just to suitcases and papers, but also to electronics.
Well, there are always ways to store your data elsewhere and not carry it on your laptop. This is not meant with the criminal element in mind. But, if you have business information on your system that you are afraid might be gathered in the course of a search (don’t laugh, it happens in France) then encrypt it or leave it at home. There are ways to hide your data in plain sight. Here is, one of my favs, the USB watch.
Or the James Bond-esque USB pen. No, it doesn’t shoot poison darts with this particular model.
Article Link
Author: Dave Lewis
April 1, 2008 at 8:24 am · Filed under Legal Aspects, Vendor News
Oops.
From Yahoo Finance:
IBM Corp. has been temporarily banned from new federal contracts as prosecutors examine interactions between employees of the company and the Environmental Protection Agency.
The suspension went into effect last Thursday “while the agency reviews concerns raised about potential activities involving an EPA procurement,” the agency said Monday in an e-mailed statement. Under a reciprocal agreement among federal agencies, when one issues a ban, the others follow it.
EPA said it will not comment further on the matter.
IBM said it was cooperating with the U.S. Attorney’s Office for the Eastern District of Virginia, which served grand jury subpoenas seeking documents and testimony relating to the EPA contract.
This will most likely get worked out in short order. Bad press though. Ouch.
Article Link
Author: Dave Lewis
March 24, 2008 at 7:16 am · Filed under Legal Aspects, Privacy
From the Globe and Mail:
Eighteen months ago, Lakehead University in Thunder Bay, Ont., had an outdated computer system that was crashing daily and in desperate need of an overhaul. A new installation would have cost more than $1-million and taken months to implement. Google’s service, however, took just 30 days to set up, didn’t cost the university a penny and gave nearly 8,000 students and faculty leading-edge software, said Michael Pawlowski, Lakehead’s vice-president of administration and finance.
U.S.-based Google spotlighted the university as one of the first to adopt its software model of the future, and today Mr. Pawlowski boasts the move was the right thing for Lakehead, saving it hundreds of thousands of dollars in annual operating costs. But he notes one trade-off: The faculty was told not to transmit any private data over the system, including student marks.
The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. organizations. It is at odds with Canada’s privacy laws, which require organizations to protect private information and inform individuals when their data has been shared.
Article Link
Tags: Google, Google Privacy, Patriot Act
Author: Dave Lewis
March 23, 2008 at 9:35 pm · Filed under Legal Aspects, Wireless
It appears that there is some interesting legislation afoot in Maryland. From the Herald-Mail “Purposely surfing the Internet on someone else’s wireless connection, without permission, would be a crime under a bill Del. LeRoy E. Myers Jr. presented Tuesday.”
This is an odd one because, if I remember correctly, XP is a bit of a promiscuous wench when in comes to associating with any open wireless connection. For example, in my neighbourhood in Toronto if I were to search for a wireless connection I find no less than 20 connections. Of that group 5 or six are wide open. I’m a little torn here as I can understand not wanting other folks on my wireless access but, I can always enable the security features (and I have). If someone were to access and surf the interweb after that point then yes, that would be theft. But, if you leave your access wide open aren’t you just asking for trouble?
Myers, R-Washington/Allegany, said his bill is meant to clarify intentional theft vs. accidental use.
He told the House Judiciary Committee that one of his neighbors, after buying a new laptop computer, got onto the Internet, thinking it was through a cable TV hookup.
Actually, the connection was through Myers’ home wireless Internet system.
He said he didn’t want unintentional use like that to be prosecuted the same as computer hacking.
According to the bill, intentional unauthorized access to another person’s computer, network, database or software is a misdemeanor. The penalty is up to three years imprisonment and a fine of up to $1,000.
Hmm, this would a difficult one to prove. The fine is so low as to not be worth prosecuting. Although, the three year jail sentence has some teeth.
Thoughts?
Article Link
Author: Dave Lewis
March 20, 2008 at 7:44 am · Filed under Crime, Legal Aspects
I still loath that “cyber” word. Anyway, this is an interesting article that comes on the heels of one a couple weeks ago wherein the Australian police made it known that they want the ability to track computer crime suspects wherever they might be.
An group of international cyber cops is ramping up plans to fight online crime across borders.
The unit, known as the Strategic Alliance Cyber Crime Working Group, met this month in London and is made up of high-level online law enforcement representatives from the FBI, Australia, Canada, New Zealand, and the United Kingdom. One of the main goals of the group, which was founded in 2006, is to fight cyber crime in a common way by sharing intelligence, swapping tools and best practices, and strengthening and synchronizing their respective laws.
And it has its work cut out for it.
The Government Accountability Office last year said there is concern about threats that nation-states and terrorists pose to our national security through attacks on US computer-reliant critical infrastructures and theft of our sensitive information.
Read on.
Article Link
Author: Dave Lewis
March 19, 2008 at 10:35 am · Filed under Legal Aspects, Privacy
The German government seems to have managed to run into a road block…the courts. With a raft of, well, interesting legislation coming out of the German government of late it really comes as little surprise that the German court has jammed a stick in their spokes.
From Reuters:
A reaction to bomb attacks in Madrid and London in the last few years, the law obliges telecom firms to keep a record of who contacted whom, and the time and location of calls.
The Federal Constitutional Court ruled data may be stored, but details may only be transferred to investigators in the event of inquiries into serious crime.
The decision was the latest in a series of rulings against tighter security measures introduced by Chancellor Angela Merkel and previous governments and it drew praise from civil liberty campaigners who want greater data protection and privacy rights.
“The grand coalition (of Merkel’s Christian Democrats and Social Democrats) should finally draw the lesson of these verdicts and stop crossing the limits of constitutionality on citizen rights,” said Claudia Roth from the Greens party.
The data in question was originally supposed to be retained by ISPs for six months. No word on who would’ve had to foot the bill on the cost of the additional storage if the bill had passed.
Article Link
Author: Dave Lewis
March 6, 2008 at 10:33 am · Filed under Forensics, Legal Aspects
Um, wow. While I can fully understand and appreciate their frustration, I see this as a legal minefield. They may want this power but, I cannot fathom how they would intend to examine systems that reside in another country unless there was a reciprocal agreement in place.
From ABC (AU):
The New South Wales Cabinet has approved new powers for police designed to help them track terrorist threats, fraudsters and paedophiles through computer networks.
The proposed laws would allow police to search computers networked to those listed on a search warrant.
Police could also seize computer hard drives and memory sticks for up to seven days.
Police Minister David Campbell says police are currently only able to search computer hardware found on a premises named in a search warrant.
He says with the changes, they will be able to go a step further and search other networked computers, regardless of where they are located.
“What we know is that there are organised crime gangs who use the internet and other forms of technology to hide their crimes,” he said.
I can see their pain point. But, I think this will open a can o’ worms.
Article Link
Author: Dave Lewis
March 6, 2008 at 7:49 am · Filed under Legal Aspects
Ah, the joys of sober second thought. Julius Baer, the bank that tried to bring down Wikileaks, has backed away from the saber rattling. They have dropped their lawsuit.
From the Guardian UK:
The decision by Julius Baer to drop the lawsuit comes following a volte face on Friday by US judge Jeffrey White who reversed a previous injunction ordering the closure of Wikileaks.
Last month, judge White ordered the removal from Wikileaks of the documents relating to Julius Baer and the closure of the website.
This came after the bank sued Wikileaks and San Mateo company Dynadot, trying to stop the alleged “unlawful dissemination of stolen bank records and personal account information of its customers”.
Dynadot, which provided Wikileaks’ domain name in the US, agreed to disable the website in exchange for the bank removing it from the lawsuit.
However, the bank’s lawsuit backfired when dozens of lawyers from free speech and civil rights groups rallied to support Wikileaks.
Article Link
Tags: Wikileaks, Julius Baer, Dynadot, Whistleblowing
Author: Dave Lewis
February 27, 2008 at 8:23 am · Filed under Legal Aspects
The EFF and the ACLU have intervened in the strange case of the Swiss bank Julius Baer vs. whistle blower site, Wikileaks. In a bid to quash information leaked on the popular site the bank has managed to propel this story to the front page of damn near every publication on the net.
From EFF:
In early February, Swiss bank Julius Baer filed suit in federal district court against Wikileaks for hosting 14 allegedly leaked documents regarding personal banking transactions of Julius Baer customers. Also sued was Wikileaks’ domain name registrar, Dynadot LLC. On February 15, following a stipulation between Julius Baer and Dynadot, the court issued a permanent injunction, disabling the wikileaks.org domain name and preventing that domain name from being transferred to any other registrar.
“Dynadot’s private agreement to disable access to its customer’s domain name — and the court’s endorsement of that agreement — raise serious First Amendment concerns,” EFF Staff Attorney Matt Zimmerman. “This unwarranted injunction should remind everyone who hosts critical information on the Web that such information may only remain accessible as long as your service provider or registrar is willing to stand up for you against obviously overreaching legal attacks.”
For more on the EFF/ACLU perspective read on.
Article Link
Tags: Wikileaks, Julius Baer, Wikileaks Case
Next entries »
Explore
Security Bloggers Network
