Nice to see that others are coming to the same conclusion, after considering all the facts, that telecoms don’t deserve any immunity (retroactive or otherwise) in regards to their illegal wiretapping activities.

Classified documents and testimony about the National Security Agency’s warrantless wiretapping program show that it’s not necessary to grant retroactive immunity to telephone companies accused of unlawfully opening their networks to government spies, key congressional Democrats said on Wednesday. In a five-page statement (PDF), U.S. House of Representatives Judiciary Committee Chairman John Conyers and 18 Democrats on that panel contended the Bush administration has “not established a valid and credible case justifying the extraordinary action of Congress enacting blanket retroactive immunity.” Skepticism about the Bush administration’s once-secret eavesdropping program is nothing new for the Democrats who signed onto the statement. The key difference here is that they say their latest conclusions are based on a series of classified reports and briefings to which many of them only recently had access. “Our review of classified documents has reinforced serious concerns about the potential illegality of the administration’s actions in authorizing and carrying out its warrantless surveillance program,” they wrote.

Now que Dubya squawking on about how we’re less safe because he can’t pardon AT&T and others from breaking the law and ignoring our constitutional rights. Big Business meet Big Brother.

Hushmail was always known as a secure, private webmail company that markets itself by saying that “…not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.” But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.” So while the stored email is protected by the user’s passphrase, if this passphrase is authorized serverside by the user logging in via SSL the user is not using the more secure method with the Java Applet that they provide to have the passphrase encrypted (and I suspect hashed) before it’s sent over the wire. The advantage of the later approach is that the server never has the chance to see the ‘real’ password, but the user(s) gave up the ghost when they used the the SSL practice, which I suspect they never thought would lead to their downfall, especially when you look at how Hushmail markets themselves. So while not having to install that Java Applet is more convenient, it’s clearly less secure, “The rub of that option is that Hushmail has — even if only for a brief moment — a copy of your pass phrase. As they disclose in the technical comparison of the two options, this means that an attacker with access to Hushmail’s servers can get at the passphrase and thus all of the messages.” Continue reading →

While data-mining techniques used for marketing should be viewed with a skewed eye, the fact that AT&T has developed a C language variant called Hancock to mine gigabytes of telephone and Internet records should raise red flags automatically. “…the phone company uses Hancock-coded software to crunch through tens of millions of long distance phone records a night to draw up what AT&T calls “communities of interest” — i.e., calling circles that show who is talking to whom. The system was built in the late 1990s to develop marketing leads, and as a security tool to see if new customers called the same numbers as previously cut-off fraudsters — something the paper refers to as “guilt by association.” [...] recent revelations that the FBI has been requesting “communities of interest” records from phone companies under the USA PATRIOT Act without a warrant. Where the bureau got the idea that phone companies collect such data has, until now, been a mystery. According to a letter from Verizon to a congressional committee earlier this month, the FBI has been asking Verizon for “community of interest” records on some of its customers out to two generations — i.e., not just the people that communicated with an FBI target, but also those who talked to people who talked to an FBI target.” Yep, let’s spread that net far and wide…here’s hoping AT&T is held accountable in it’s current federal court trial on its secret internet spying rooms in its domestic internet switching facilities for the NSA.

Just got wind of a great article, How Do Spammers and Online Stalkers Find Me?  From things as simple as online white and yellow pages to filling out forms with too much personal information to chain letters and hoaxes (you know, when the forwarded email has 100s of addresses from all the past forwards).  This is posted on their site as a way to keep kids safe online, but it’s information that everyone needs to know.  When you go online, you need to think about your privacy, as it can effect your security, and the security of others close to you. Also, note the unsettling fact that even though this article was written in August of 2001 it’s still current.

After the Democrats voted to expand the National Security Agency’s (NSA’s) authority to spy on Americans without warrants, EFF has stepped up to show how to fight it. “Congress Caves on Warrantless Snooping — What Happened, and How To Fix It”

We also have to take the fight back to Congress, and for that we need your help. The most important check on the abuse of power ultimately isn’t Congress — it’s you. It’s up to you to hold your representatives accountable for allowing this egregious change or supporting it outright. Don’t let them think for a second that this went unnoticed: send them a letter here, call them to voice your opposition, and visit their home offices in your district during the August recess. Spread the word to your friends and family about what Congress has done and urge them to take action, too.

Fortunately, the law has a sunset date, and, more importantly, congressional leaders are already signaling that they want to revise the law before then. Restoring protections for your fundamental rights shouldn’t wait even a day. Neither should our efforts to make sure that happens — take action now.

It’s time to contact your representative and express your outrage, this must be rolled back.