Memex 1.1

A Fox reporter went to the everything-must-go sale at McCain-Palin campaign HQ. And, guess what?

We saw laptops ranging between $400 and $600 with logins like “WARROOM08.” We couldn’t log on without a password, but staffers assured us the hard drive would be zapped before it was sold, and the computer would probably work.

The hottest item? Blackberry phones at $20 a piece. There were only 10 left. All of the batteries had died. There were no chargers for sale. But people were snatching them up. So, we bought a couple.

And ended up with a lot more than we bargained for.

When we charged them up in the newsroom, we found one of the $20 Blackberry phones contained more than 50 phone numbers for people connected with the McCain-Palin campaign, as well as hundreds of emails from early September until a few days after election night.

We traced the Blackberry back to a staffer who worked for “Citizens for McCain,” a group of democrats who threw their support behind the Republican nominee. The emails contain an insider’s look at how grassroots operations work, full of scheduling questions and rallying cries for support.

But most of the numbers were private cell phones for campaign leaders, politicians, lobbyists and journalists.

We called some of the numbers.

“Somebody made a mistake,” one owner told us. “People’s numbers and addresses were supposed to be erased.”

“They should have wiped that stuff out,” another said. But he added, “Given the way the campaign was run, this is not a surprise.”

We called the McCain-Palin campaign, who says, “it was an unfortunate staff error and procedures are being put in place to ensure all information is secure.”

Source: McCain Campaign Sells Info-Loaded Blackberry to FOX 5 Reporter.

From an interview by Internet Evolution:

Internet Evolution: You’ve had a front-row seat for the commercialization, regulation, and funding of the Internet. What’s been the biggest surprise for you about how the Internet has evolved? And what’s been your biggest disappointment?

Esther Dyson: Well, surprise and disappointment are the same… There are two big things: First, I was a much bigger fan of anonymity then than I am now. I thought it was cool. And it is, but it turns out anonymity really encourages bad behavior. I’m not in favor of the government tracking everybody and so forth, [but] at least persistent pseudonyms and communities and stuff like that makes everything a nicer place.

It’s like a lot of things. I’m pro choice, but I think abortion is an unfortunate thing. I think the same thing about anonymity: Everybody should have the right to it, but it’s not something one wants to encourage. And that’s not weasel words, that’s the reality of it.

[Anonymity] should be allowed. People should be able to make that choice, and there are many reasons to make that choice. If you live in an oppressive regime, you may well want people to be able to remain anonymous or have secret communications. But at the same time, it should not be encouraged, and it should be acknowledged that it’s a response to a bad situation.

Source: Internet Evolution - Dialogue - Esther Dyson, Chairman, EDventure Holdings.

The story continues. Here’s Bill Thompson’s distinctive take on it.

As we have seen with flu trends, sometimes the “interesting” knowledge that can be extracted is well-concealed until comparisons can be made with other sources, as it was the correlation between some search terms and the real-world data that mattered.

Of course Google has not revealed which search terms it analysed because doing so would undermine the model’s effectiveness.

Unfortunately it is being equally reticent about how it has ensured that the data its uses is properly anonymised so that users cannot be identified on the basis of their queries.

A letter from the Electronic Privacy Information Center (EPIC) and Patient Privacy Rights to Google boss Eric Schmidt has not been answered, leaving those concerned with online privacy uncertain over the broader implications of the project.

But as Cade Metz points out in an insightful article in The Register, we may all be happy to know that a ‘flu outbreak is coming, but what happens when the disease involved is more life-threatening and the government asks Google for the names and IP addresses of anyone whose search terms indicate that they are infected?

It’s not that I don’t trust Google. I don’t trust any company, government department or individual without a good reason to do so.

In the case of search engines that claim to protect my privacy I want to know just how they do it and will not accept vague reassurances.

Cory Doctorow is one of this country’s most valuable immigrants. But, as this scarifying essay reveals, he will be leaving if Brown’s ID Card scheme is implemented.

A few years later, I was living with my partner, and had fathered a British daughter (when I mentioned this to a UK immigration official at Heathrow, he sneeringly called her “half a British citizen”). We were planning a giant family wedding in Toronto when the news came down: the Home Secretary had unilaterally, on 24 hours’ notice, changed the rules for highly skilled migrants to require a university degree…

My partner and I scrambled. We got married. We applied for a spousal visa. A few weeks later, I presented myself in Croydon at the Home Office immigration centre to turn over my biometrics and have a visa glued into my Canadian passport. I got two years’ breathing room. My family could stay in Britain.

Then came last week’s announcement: effective immediately, spousal visa holders (and foreign students) would be issued mandatory, biometric radio-frequency ID papers that we will have to carry at all times. And I started to look over my shoulder…

Now, we immigrants are to be the beta testers for Britain’s sleepwalk into the surveillance society. We will have to carry internal passports and the press will say, “If you don’t like it, you don’t have to live here – it’s unseemly for a guest to complain about the terms of the hospitality.” But this beta test is not intended to stop with immigrants. Government freely admits that immigrants are only the first stage of a universal rollout of mandatory biometric RFID identity cards. What happens to us now will happen to you, next.

Not me, though. If the government of the day when I renew my visa in 2010 requires that I carry these papers as a condition of residence, the Doctorows will again leave their country and find a freer one. My wife – born here, raised here, with family here – is with me. We won’t raise our British daughter in the database nation. It’s not safe.”

I’ve never voted Tory in my life, but next time I will if this proposal isn’t dropped. And so, I hope, will most of the country.

Many thanks to Ray Corrigan for pointing me to Cory’s article, which I’d missed in all the guff about the banking crisis.

Citizen Lab at the University of Toronto has just released its analysis of surveillance and security practices on China’s TOM-Skype platform. No surprises. They uncovered discovered a huge surveillance system that monitors and archives certain Internet text conversations that include politically charged words.

The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service.

John Markoff of the NYT has a report.

PDF of the Citizen Lab report available from here.

I’ve always assumed that Skype was compromised — which is why I would never use it for confidential conversations. Wonder what eBay have to say about it all?

From The Register…

The Home Office has today terminated a £1.5m contract with PA Consulting after it lost the personal details of the entire UK prison population.

In August the firm admitted to officials that it had downloaded the prisons database to an unencrypted memory stick, against the security terms of its contract to manage the JTrack prolific offender tracking system. The data included names, addresses and dates of birth, and was broken down by how frequently individuals had offended.

Following an inquiry into the gaffe, Jacqui Smith told the House of Commons today that PA Consulting’s £8m of other Home Office contracts are now also under review. She said: “The Home Office have decided to terminate this contract. My officials are currently working with PA to take this work back in-house without affecting the operation of JTrack.”

Data handling for JTrack has been taken on by the Home Office, and maintenance and training are due in-house by December.

The inquiry found the Home Office had transferred the data to PA Consulting securely, but that the firm then dumped it to unlabelled USB memory to transfer it between computers at its premises. The stick hasn’t been found. Smith said: “This was a clear breach of the robust terms of the contract covering security and data handling.”

What took them so long?

From BBC NEWS…

A computer containing a million bank customers’ personal data has reportedly been sold on an internet auction site.

The Daily Mail says an ex-worker for archiving firm Graphic Data sold it for £35 on eBay without removing sensitive information from the hard drive.

The Royal Bank of Scotland (RBS) and its subsidiary, Natwest, have confirmed their customers’ details were involved.

RBS said Graphic Data had told it the PC had apparently been “inappropriately sold on via a third party”.

It said historical information relating to credit card applications for their bank and others had been on the machine.

The information is said to include account details and in some cases customers’ signatures, mobile phone numbers and mothers’ maiden names.

It is thought the problem came to light when Andrew Chapman, an IT manager from Oxford, bought the computer, noticed and raised the alarm…

Might be worth considering this from Good Morning Silicon Valley.

If you’re looking to get outraged by a government’s intrusion into the electronic lives of its citizens, you don’t need to look all the way to China. The U.S. Department of Homeland Security recently revealed its current border policy on laptops, iPods and other gadgets carried into the country by returning travelers or foreign visitors, and it boils down to this: Without explanation, we can seize your laptop or any device capable of storing information (including cell phones, thumb drives, video tapes, and old-fashioned analog paper). We can keep it as long as we want. We can look through the contents, and we can share them with other agencies or private entities. And we can do all this whenever and to whomever we want — no reasonable cause needed, not even a vague suspicion of wrongdoing. And, of course, this is all OK because we are protecting our treasured American freedom.

Answer: probably yes. I’ve long suspected that anyway. Now comes this interesting report from an Austrian online news site…

According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations.

This has been confirmed to heise online by a number of the parties present at the meeting. Skype declined to give a detailed response to specific enquiries from heise online as to whether Skype contains a back door and whether specific clients allowing access to a system or a specific key for decrypting data streams exist. The response from the eBay subsidiary’s press spokesman was brief, “Skype does not comment on media speculation. Skype has no further comment at this time.” There have been rumours of the existence of a special listening device which Skype is reported to offer for sale to interested states.

There has long been speculation that Skype may contain a back door. Because the vendor has not revealed details of its proprietary Skype protocol or of how the client works, questions as to what else Skype is capable of and what risks are involved in deploying it in an enterprise environment remain open.

Last week, Austrian broadcaster ORF, citing minutes from the meeting, reported that the Austrian police are able to listen in on Skype connections. Interior ministry spokesman Rudolf Gollia declined to provide heise online with a comment on the matter. He did, however, offer general comments on the meeting, which were, however, contradicted by other attendees…

I use Skype quite a lot and find it very useful for family stuff etc. But I wouldn’t use it for anything that was commercially sensitive.

Skype would be able to charge quite a hefty fee to governments for this, er, feature.

Also, I wonder how this latest speculation squares with an earlier report that I logged claiming the German police were unable to crack Skype encryption. Perhaps the Germans weren’t willing to pay Skype the required fee for entry to the back door?

This morning’s Observer column — about Google Street View…

In a way the issue is not whether this Google innovation is permitted or not, but the general direction we’re headed and the role Google might play in our collective future. Last week I wrote about the legal ruling which compelled Google to hand over to Viacom its computer logs of every single viewing of a YouTube video, including those by UK residents. The privacy implications of that ruling have since been mitigated by agreement that the data can be ‘anonymised’ by Google before handover. But, again, the direction is towards a world in which everything we do is monitored and logged - mostly by one company.

Google’s mission, according to its corporate website, is ‘to organise the world’s information and make it universally accessible and useful’. What we perhaps haven’t fully realised is that these guys really mean it. Their ambition is at least as megalomaniacal as Bill Gates’s vision of a computer on every desk running Microsoft software. So it’s time we started thinking about what a world dominated by Google would be like. As it happens, some people have - and they’ve been publishing the results on YouTube. Have a look — and then pour yourself a stiff drink.