[infowarrior] - EC outlines anti-terror database measures
Original URL: http://www.theregister.co.uk/2005/11/28/anti_terror_databases/ EC outlines anti-terror database measures By OUT-LAW.COM Published Monday 28th November 2005 11:46 GMT The European Commission last week adopted two measures designed to assist in the fight against terrorism and serious crime by improving the development of and access to common European databases. Of particular interest to the Commission in this context are the databases for the planned Visa Information System (VIS), the Schengen Information System (SIS) and EURODAC. VIS The VIS is intended to be a system for the exchange of visa data between Member States and thus primarily an instrument to support the common visa policy. It will also facilitate checks at the external borders and within the Member States, assisting the exchange of data between Member States on applications and on the decisions in respect of those applications. Click Here Following a recently adopted proposal on accessing the VIS, Member States authorities responsible for internal security and Europol will be entitled to consult the database for the purposes of the prevention, detection and investigation of terrorist offences and the types of crime and offences in respect of which Europol is competent to act. SIS and SIS II SIS is the system that currently enables competent authorities to obtain information regarding certain categories of persons and property in relation to the free movement of people and police cooperation. SIS II will replace the current intergovernmental Schengen Information System with EU legislation and enable the enlargement of the Schengen area to the new Member States. It works by allowing authorities, through an automatic query procedure, to obtain information related to alerts on persons and objects, and is used, in particular, for police and judicial cooperation in criminal matters, as well as for the control of persons at the external borders or on national territories and for the issuance of visas and residence permits. The SIS has been operational since March 1995 and now includes 13 EU Member States plus Norway and Iceland. UK and Ireland do not yet participate in the SIS but will do so in the future. However, the involvement of these countries will be limited to the exchange of information supporting police and judicial cooperation in criminal matters. SIS II will allow for the integration of new Member States into the system, and allow all members of the Schengen states to benefit from improvements in technology, bringing about, says the Commission, more security and more efficiency. EURODAC Since 15 January 2003, the fingerprints of anyone over the age of 14 who applies for asylum in the EU (except Denmark, for the time being), in Norway and in Iceland have been stored in a database called EURODAC. EURODAC was created in the context of the development of an asylum policy common to all the Member States of the European Union. Agreements have been recently signed with Denmark and Switzerland in order to make EURODAC applicable to those states as well. EURODAC aims at facilitating the so-called Dublin II Regulation, which determines the Member State responsible for examining an asylum application. This Regulation establishes a series of criteria that allocate responsibility for examining an asylum application to the Member State that permitted the applicant to enter or to reside. That Member State is responsible for examining the application according to its national law and is obliged to take back its applicants who are irregularly in another Member State. Access to the system is restricted to the sole purposes stated in the EURODAC Regulation. It does not contain details such as the name of a person because it relies only on biometric comparison and each participating state ensures that the national supervisory authority on data protection monitors independently the lawfulness of the processing of the data. EURODAC is the first common Automated Fingerprint Identification System (AFIS) within the European Union. The new Commission measures Vice-President Franco Frattini, Commissioner responsible for Justice, Freedom and Security, said yesterday: It is essential in the fight against terrorism and organised crime for the relevant services of the Member States and relevant bodies of the European Union, such as Europol, to have the fullest and most up-to-date information if they are to perform their tasks properly and effectively. The new proposals include a Council Decision that will set out how and when Europol and the security agencies of Member States will be entitled to access the VIS. Basically, they will be given guaranteed access to VIS in the course of their duties in relation to the prevention, detection and investigation of criminal offences, including terrorist acts and threats, subject to strict compliance with the rules governing the protection of personal data. The Commission has also adopted a
[infowarrior] - Fuzzy logic behind Bush's cybercrime treaty
Fuzzy logic behind Bush's cybercrime treaty By Declan McCullagh http://news.com.com/Fuzzy+logic+behind+Bushs+cybercrime+treaty/2010-1071_3-5 969719.html Story last modified Mon Nov 28 04:00:00 PST 2005 If you believe President Bush, a cybercrime treaty about to be voted on by the U.S. Senate is needed to thwart online vandals and track down Internet miscreants. Bush claims the treaty, formally approved by a Senate committee this month, will deny safe havens to criminals, including terrorists, who can cause damage to U.S. interests from abroad, using computer systems. But in reality, the Convention on Cybercrime will endanger Americans' privacy and civil liberties--and place the FBI's massive surveillance apparatus at the disposal of nations with much less respect for individual liberties. For instance, if the U.S. and Russia ratify it, President Vladimir Putin would be able to invoke the treaty's powers to unmask anonymous critics on U.S.-based Web sites and perhaps even snoop on their e-mail correspondence. This is no theoretical quibble: The onetime KGB apparatchik has squelched freedom of speech inside Russia and regularly muzzles journalists and critics. There's an easy fix. The U.S. Senate could attach an amendment to the treaty saying the FBI may aid other nations only if the alleged crime in their country also is a crime here. The concept is called dual criminality, and the treaty lets nations choose that option. Requiring dual criminality would let the FBI investigate actual transnational crimes, such as computer intrusions and virus creation. But trumped-up offenses, like a blogger questioning President Putin, would not trigger U.S. aid. Unfortunately, neither the Bush administration nor the Senate Foreign Relations Committee has been willing to make that change, calling it too rigid. This is in the interest of U.S. law enforcement, which aggressively utilizes these treaties to gain evidence abroad and would be hamstrung by a rigid dual-criminality provision in all cases, said a Nov. 8 report prepared by committee chairman Sen. Richard Lugar, R-Ind. Therefore, the United States will be able to use this (treaty) to obtain electronic evidence in cases involving money laundering, conspiracy, racketeering, and other offenses under U.S. law that may not have been criminalized in all other countries. No wonder that U.S. Internet service providers are worried about becoming surveillance arms for despotic regimes. One lobbyist told me the industry doesn't believe the Bush administration's assurances that the treaty's awesome powers will never be misused. (Remember that this is the same administration that said the same thing about the Patriot Act--and has been proven wrong.) Mutual assistance: Internet surveillance Fully half of the treaty, drafted by the Council of Europe, deals with mutual assistance. (The Council is a quasi-governmental group of 46 nations, including European nations, Russia, the U.S., Canada, Japan and Mexico.) The text spells out exactly what that means in practice. Included on the list: Internet providers must cooperate with electronic searches and seizures without reimbursement; the FBI must conduct electronic surveillance in real time on behalf of another government; U.S. businesses can be slapped with expedited preservation orders preventing them from routinely deleting logs or other data. One lobbyist told me the industry doesn't believe the Bush administration's assurances that the treaty's awesome powers will never be misused. In a letter to the Senate, the American Civil Liberties Union spelled out some of the problems. France and Germany have laws prohibiting the advertisement for sale of Nazi memorabilia or even discussing Nazi philosophy, activities that are protected in the United States under the First Amendment, the letter said. These countries could demand assistance from the United States to investigate and prosecute individuals for activities that are constitutionally protected in this country. Other potential problems with the treaty include requiring that participating nations outlaw Internet-based copyright infringement as a criminal offense even if it's not done for a profit, and prohibiting, in some cases, the distribution of computer programs that can be used for illicit purposes. It's true that there are some positive elements of the treaty that promise to help reduce cybercrime. But the lack of dual criminality is a real concern, especially when it's easily fixed with an amendment. Now's the time to let your senators know what you think. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - Symantec refuses to sell audit tool outside the US
Symantec refuses to sell audit tool outside the US By John Leyden Published Friday 25th November 2005 12:12 GMT http://www.theregister.co.uk/2005/11/25/symantec_l0phtcrack_export_controver sy/print.html Exclusive Symantec has stopped selling a password auditing tool to customers outside the US and Canada, citing US Government export regulations. A Reg reader who works for a large UK supermarket was this month unable to buy a copy of LC 5, a tool developed by @stake prior to its recent acquisition by Symantec. LC 5 is the commercial version of a password auditing / breaking tool better known as L0phtCrack. Click Here A month ago I could have bought it from the @stake web site, that website has gone and the product has not appeared on the Symantec web site. I inquired if I could purchase the product, only to be told that it will only be sold to US and Canadian customers, our correspondent informs us. I guess I'll just have to go back to using John the Ripper. Symantec's restrictions recall the dark days of the crypto wars when users outside the US were not entitled to buy products featuring strong ciphers. These rules, relaxed by the Clinton administration and following a long running campaign by cryptography experts and net activists, are once again rearing their head. Symantec's response to our reader (below) suggests the policy was imposed on it by the US government. Unfortunately, due to strict US Government export regulations Symantec is only able to fulfill new LC5 orders or offer technical support directly with end-users located in the United States and commercial entities in Canada, provided all screening is successful. Commodities, technology or software is subject to U.S. Dept. of Commerce, Bureau of Industry and Security control if exported or electronically transferred outside of the USA. Commodities, technology or software are controlled under ECCN 5A002.c.1, cryptanalytic. You can also access further information on our web site at the following address: http://www.symantec.com/region/reg_eu/techsupp/enterprise/index.html Beyond confirming that the statement you have received from your reader is correct, Symantec declined to field questions on the rationale for its policy and whether it applies to other products. Any US government policy to impose export regulations on security technologies would be futile since, to cite only one reason, many security firms are based outside the US and therefore unaffected by such regulations. ® You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - RIAA now targetting mash-ups
MashupTown, a site that hosts and distributes mashups (two or more songs ingeniously mixed together to make a third) has taken down all of its files after complaints from the RIAA to its hosting partner. Mashups are a really dumb target for the RIAA. There's just no universe in which someone who downloads a mashup of Prince's 1999 and the Benny Goodman orchestra performing In the Mood thinks, Well, now I've heard that, I have no need to buy the CDs those songs originated on. In other words, if the RIAA genuinely only goes after its customers because it wants to keep from losing sales, attacking mashups won't and can't accomplish that. This action amounts to the RIAA saying, This art is illegal because it displeases us. http://www.boingboing.net/2005/11/28/riaa_targets_mashups.html Links to: http://viprhealthcare.typepad.com/mashup_of_the_week_podcas/2005/11/riaa_go_ away.html You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - OT: Symantec musical
(c/o WP) Here's a little musical biscuit you might want to choke down only once: Symantec Revolution [2.6MB MP3], a song promoting Symantec (the people behind Norton Antivirus) based on the 1991 hit Good Vibrations by Marky Mark and the Funky Bunch. The lyrics name-drop Symantec CEO John Thompson and boast of how No-ki-a and Chevron think we're tough!. Here's a sample from the breakdown: Enterprise is hot, I'm telling you Do we know e-commerce? You bet we do! Shelf space means the world to us 'Cause our brands are causing quite a fuss (Bass!) We're the leader in internet security People trust our work implicitly This world-wide conference is to prove Symantec is hot, hot, hot, so raise the roof! More info, and the MP3 of the song, if you're daring enough to listen to it, can be found at: http://accordionguy.blogware.com/blog/_archives/2005/11/22/1418119.html You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
[infowarrior] - For Some Technology Companies, 'Beta' Becomes a Long-Term Label
For Some Technology Companies, 'Beta' Becomes a Long-Term Label By DAVID KESMODEL THE WALL STREET JOURNAL ONLINE November 28, 2005 http://online.wsj.com/public/article/SB113268410649404315-CmlEYCMNLKztOfB8PW MfA0IiiXA_20061128.html?mod=blogs Few people would fly on an airline that advertised its planes had untested engines, or swallow a pill from a drug company that admitted the side effects were unknown. Yet when it comes to software, it seems consumers are much more adventurous. Technology companies like Google Inc. and Microsoft Corp. are changing the way they develop products by using the masses to identify problems in their unfinished programs, known as beta versions. For years, the term beta referred to a relatively short period of testing by a select group of outsiders. These days, beta editions are not only released to the public, but also stay in that mode for months, or even years. Google News, Google's news aggregator, has been in beta for three years. Microsoft's antispyware application has been in beta for nearly a year. Betas also have become a marketing device in a fiercely competitive industry, allowing software and Internet firms to release new products or services sooner and cultivate early buzz. Betas, which once had been quietly distributed, are trumpeted in press releases and at news conferences. I deplore it as a consumer; I admire it as a marketing professional, said Peter Sealey, a marketing professor at the University of California at Berkeley and former chief marketing officer at Coca-Cola Co. I can't come up with anything else in the entire marketing world where marketers knowingly introduce a flawed or inadequate product [and] it helps grow your user base. Critics say the technology companies risk alienating users by broadly releasing products that sometimes are riddled with bugs, or by dragging their feet to complete their beta products. The companies say consumers benefit from the practice because the widespread testing helps them make critical improvements and determine which extra features users want. From IBM to Etsy Beta, the second letter of the Greek alphabet, has been part of the lexicon of the computer industry for decades. At International Business Machines Corp. in the 1960s, software developers on mainframe computers worked through two phases, alpha and beta, said Burton Grad, a computer programmer for IBM at the time who now tracks software history for the nonprofit Computer History Museum. An alpha test was an internal review of the program's design. A beta test was an invitation-only review by a few customers. In the case of IBM, the customers included banking giants and oil companies. We depended on them to do the testing that we could not do in a real-life situation, said Mr. Grad. This was not for the public. Betas didn't change much with the advent of personal computers. Companies like Microsoft drafted small groups to beta-test software before it was sold to the masses. But the Internet has altered the landscape because companies can easily release software to thousands of consumers through their Web sites, enabling them to draft as many beta testers as they want. Early public betas included the Netscape Web browser in 1994 and the ICQ instant-messaging service launched in 1997 and sold a year later to America Online. These days, many public betas are Web-based applications that companies can update by changing code on their servers. For Mr. Grad, 77 years old, the evolution of beta software is reflected in the business endeavor of Robert Kalin, his 25-year-old grandson. Mr. Kalin's Internet startup Etsy.com, a marketplace for handcrafted bags and jewelry, carries the beta label at the top of its site. It goes against the grain for me, Mr. Grad said. For his part, Mr. Kalin likens beta to a philosophy. He said, It's like letting the public in on your experiments. Although the site is open for business, he said, it remains in beta because features are still being added, such as an upcoming tool to let users request custom-made products. The Beta Excuse Escalating competition among Google, Microsoft, Yahoo Inc. and Time Warner Inc.'s America Online has helped up the ante in the beta game, analysts said. Companies like Microsoft have long talked about products months before they launch, in part to create fear and uncertainty for competitors, said Joe Wilcox, a senior analyst at Jupiter Research. Now, they can release an unfinished product in beta, hold a press conference and attract a phalanx of users. Things can go wrong and [companies] can throw up their hands and say, 'Sorry, but, hey, it's in testing,' Mr. Wilcox said. You have what I call the beta excuse. It's bad for companies because it hurts perception of the quality of their products. Mr. Wilcox has criticized Microsoft on his blog for releasing services in beta that were not up to snuff to get a marketing edge. MSN's search engine was panned following its beta release. Consumers trying