I found this pretty interesting, to find out names of sources that a journalist talked to about the government’s secret wiretapping of Americans without court orders, federal investigators are using phone records. So they look to the phone companies for names to find out who talked to the Times about the investigation into how the Feds used the phone companies to spy on its citizens.

In the leak investigation, Justice Department officials are using phone records in an Arlington, Va. federal grand jury proceeding to ferret out James Risen’s sources, according to the New York Times. One presumes the government is using subpoenas or National Security Letters to get Risen or his suspected sources’ phone records, then hauling former government officials in front of the grand jury. But given that this Administration operates on the belief that the Fourth Amendment does not apply during wartime, that the Justice Department is not pursuing criminal charges against officials involved in wiretapping Americans without court approval and that the Administration claims to have King-like powers in the Time of Terror, the presumption that legal process was involved might be quaint.

And so explains my reluctance to even look at an iPhone, considering buying one could lock you in a contract with AT&T until 2010! To learn what that gets you, check the ongoing AT&T coverage at eff.org.

Hushmail was always known as a secure, private webmail company that markets itself by saying that “…not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.” But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.” So while the stored email is protected by the user’s passphrase, if this passphrase is authorized serverside by the user logging in via SSL the user is not using the more secure method with the Java Applet that they provide to have the passphrase encrypted (and I suspect hashed) before it’s sent over the wire. The advantage of the later approach is that the server never has the chance to see the ‘real’ password, but the user(s) gave up the ghost when they used the the SSL practice, which I suspect they never thought would lead to their downfall, especially when you look at how Hushmail markets themselves. So while not having to install that Java Applet is more convenient, it’s clearly less secure, “The rub of that option is that Hushmail has — even if only for a brief moment — a copy of your pass phrase. As they disclose in the technical comparison of the two options, this means that an attacker with access to Hushmail’s servers can get at the passphrase and thus all of the messages.” Continue reading →

Update: so someone started a petition on the Apple forums proposing that Apple either build iTunes for Linux, or they ‘unlock’ the locked database they introduced. Want to see the thread? Well it was here, but apparently Apple saw fit to remove it. That, along with their firmware upgrades to the iPhone that would undo (or even brick) previously modified phones, it’s pretty obvious they don’t want to have ‘open’ products. Check Digg for more coverage/commentary.

After being excited about the new iPod’s released by Apple just weeks ago, now we’re hearing that they may contain code to lock people out of their own devices. BoingBoing picks up the story, “The latest iPods have a cryptographic “checksum” in their song databases that prevents third-party applications from synching with the portable music players. This means that iPods can no longer be used with operating systems where iTunes doesn’t exist — like Linux, where gtkpod and Amarok are common free tools used by iPod owners to load their players. Notice that this has nothing to do with piracy – this is about Apple limiting the choices available to people who buy their iPod hardware.” I know that as a Linux user I’m certainly in the minority of computer users, however Linux has been seen as a true alternative to Windows by some of Apple’s biggest competitors, Dell and HP. Additionally, it’s amazing that with the recent momentum towards opening up digital rights in their distribution of (some) DRM free songs from the iTunes store that Apple would choose to limit their customer’s choice by limiting how they can use your device. This is exactly what we’re concerned about when we say Digital Rights. How do you have rights if something you buy has limits on how you can use it? Now some are speculating that the lack of DRM is the reason Apple wants to lock their iPods down, “It’s hard to understand why Apple would do this, but the most likely explanations are that Apple wants to be sure that competitors can’t build their own players to load up iPods — now that half of the major labels have gone DRM free, it’s conceivable that we’d get a Rhapsody or Amazon player that automatically loaded the non-DRM tracks they sold you on your iPod (again, note that this has nothing to do with preventing piracy — this is about preventing competition with the iTunes Store).”

There are reports of what is going on, as far as a technical level, “At the very start of the database, a couple of what appear to be SHA1 hashes have been inserted which appear to lock the iTunes database to one particular iPod and prevent any modification of the database file. If you try to do either of these, the hashes will not match and the iPod will report that it contains “0 songs” when the iTunesDB would otherwise be perfectly adequate.” Of course it’s pretty much assumed that some hackers will be able to get around this, but then any ‘updates’ released by Apple will fill these holes as they appear. So while this is hardly the first time a big company has tried to lock in customers, it comes somewhat unexpected from a company like Apple. I saw a sticker at Defcon that summed up all of the digital rights concern with the simple phrase, “If you can’t open it, you don’t own it” and that’s true on many levels. Here’s hoping that Apple will think about how their new scheme limit’s their users’ digital rights, and has an ‘update’ that returns them to the freedom they deserve. Otherwise I, and I’m sure many more, users will migrate to another audio player.