In a preliminary hearing before U.S. District Judge Denise Cote in Manhattan, an attorney for Apple reportedly reiterated the company's claim that it did nothing wrong.Continue »
Opposition from the Obama administration - which stopped short of a veto threat - could imperil the Cyber Intelligence Sharing and Protection Act, which is scheduled for a House of Representatives floor vote next week. CISPA is intended to improve computer security by allowing companies and government agencies to share sensitive information.Continue »
(CNET)The U.S. Justice Department's legal pursuit of Apple for alleged e-book price fixing stretches the boundaries of antitrust law and is likely to end in defeat.
That's what happened in 1982, when an embarrassed Justice Department admitted its antitrust lawsuit against IBM was "without merit" and abandoned the case. And in 2001, a federal appeals court nixed the Justice Department's ambitious attempt to rewrite antitrust law by carving Microsoft into two separate companies.Continue »
(CBS/CNET) The U.S. Department of Justice confirmed today that it has reached antitrust settlements for alleged e-book price fixing with three large publishers - but not with Apple Inc.
Attorney General Eric Holder said at a press conference this morning that the settlement will provide retailers like Amazon.com and Barnes and Noble the "freedom to reduce the prices of their e-book titles."Continue »
(CNET) The controversial - if not exactly common - practice of requiring job applicants to disclose their Facebook passwords briefly became ammunition for an unsuccessful Democratic effort to block an unrelated regulatory reform plan.
During the House of Representatives floor debate yesterday over a proposal (PDF) to reform the Federal Communications Commission, Rep. Ed Perlmutter, a Colorado Democrat, proposed that the bill be sent back to committee.Continue »
This morning's 120-page report instead asks Congress to enact a new law that "would provide consumers with access to information about them held by a data broker" such as Lexis Nexis, US Search, or Reed Elsevier subsidiary Choicepoint -- many of which have been the subject of FTC enforcement actions in the last few years.
But when it comes to a Do Not Track law targeting Web companies, which was proposed by legislation introduced last year, the FTC is more cautious, saying that "industry has made significant progress."Continue »
(CNET) - American citizens can be ordered to decrypt their PGP-scrambled hard drives for police to peruse for incriminating files, a federal judge in Colorado ruled today in what could become a precedent-setting case.
Judge Robert Blackburn ordered a Peyton, Colo., woman to decrypt the hard drive of a Toshiba laptop computer no later than February 21--or face the consequences including contempt of court.Continue »
The military's acronym for the process is DOMEX, which one Army team in Iraq cheekily sums up with this motto: "You check their pulse, we'll check their pockets."
The electronic gear hauled away by an assault team of Navy SEALs reportedly included five computers, 10 hard drives, and scores of removable media including USB sticks and DVDs. Some reports say the forensic analysis is taking place at the CIA's headquarters in Langley, Va., while others have placed it at a "secret location in Afghanistan." (See list of related CNET stories.)
While the U.S. government isn't exactly volunteering what's happening now, the Army has confirmed in the past that it provides "tactical DOMEX teams" to troops in Afghanistan. And a Defense Department directive (PDF) from January 2011 says the National Media Exploitation Center, or NMEC, will be the "central DoD clearinghouse for processing DoD-collected documents and media," a category that would include the bin Laden files.
Like the National Security Agency in the 1970s, the NMEC isn't a very visible organization. It doesn't have a public Web site. It's intentionally low-profile, and it prefers to stay that way.
The NMEC falls under the director of National Intelligence and is responsible for "the rapid collection, processing, exploitation, dissemination, and sharing of all acquired and seized media," including forensic analysis, translation, and dissemination.
After NMEC obtained the bin Laden files, which could have happened within hours of the raid, they would have been uploaded to its HARMONY database, which is intended to be the master repository for "documents and media captured or collected to support the global war on terrorism." West Point's Combating Terrorism Center has used al Qaeda documents--extracted from HARMONY and declassified--to analyze why the group failed in Iraq.
An initial forensic analysis of bin Laden's hard drives will likely be done with keyword searches in Arabic and English. "You can get thousands of hits," Mark McLaughlin, president of Santa Monica, Calif.-based Computer Forensics International, told CNET. "Those hits need to be looked at individually, and in context," he said, which can take a while.
U.S. officials are calling the data a potential treasure trove of information on al Qaeda's current and planned operations, perhaps the most important since 9/11. They're hoping it could yield hints about the whereabouts of Ayman al-Zawahiri, bin Laden's chief lieutenant.
Denis McDonough, the deputy national security advisor, has said the electronic haul is "probably going to be impressive," and White House counterterrorism advisor John Brennan told CBS' Early Show that "what we're trying to do now is to understand what he has been involved in over the past several years (and) exploit whatever information we were able to get at the compound." (CBS News is CNET's sister news organization.)
While government officials aren't exactly sharing details about their approach, McLaughlin believes that they'll be using Guidance Software's EnCase utility, arguably the market leader in forensics analysis. "They're making copies of all the evidence," he says. "Then they'll parcel out the work to the different examiners. You'll undelete everything you can. If there's any encryption you have to deal with, you'll handle it."
Then, he says, it's time to reconstruct what happened. "Were files created at the same time? Were they out there searching the Web at the same time? You can put these together and draw correlations."
Another forensics tool that might come in handy: Vound's Intella software, which helps sort through reams of e-mail. It's marketed to law enforcement as "searching email by keywords, or senders/recipients, easily viewing search results through cluster mapping, or quickly viewing email threads." (Most reports say that bin Laden's compound did not have Internet access, but the Washington Times reported he had a "dedicated fiber-optic cable used for point-to-point access to the Internet," citing two U.S. officials who read after-action reports on the raid.)
A job description posted by MPRI, a division of defense contractor L-3, provides a few hints about what tools NMEC uses.
The NMEC support job, which requires a Top Secret security clearance, calls for "complete training in EnCase Forensic Software up through the EnCase Advanced training course or equivalent." A bachelor's degree in computer engineering is preferred. So is proficiency in "creating databases in MS Access and SQL."
Captured Al Qaeda computers have yielded useful intelligence before. A 2007 Defense Department "summary of evidence" supporting the charges against Khalid Sheikh Mohammed reported that a hard drive seized during his capture contained information on the four airplanes hijacked on 9/11, including code names, airline company, flight number, target, pilot name and background information, and names of the hijackers.
Also on the seized computer gear, the summary says: three letters from bin Laden, spreadsheets outlining financial assistance to families of known al Qaeda members, the "operational procedures and training requirements" for an al Qaeda cell, and transcripts of chat sessions belonging to one of the hijackers.
Ramzi Yousef, the original World Trade Center bomber, saved plans to bomb American jumbo jets flying over the Pacific on encrypted files on his laptop computer. (The FBI was able to bypass the encryption--Yousef apparently didn't use a high-security passphrase.)
But if whoever used the computer took the proper precautions, encryption could pose an obstacle, forensics specialists say. Well-designed encryption is now built into operating systems, including Apple's FileVault and Microsoft's BitLocker. PGP announced whole disk encryption for Windows in 2005; it's also available for OS X.
To avoid having to perform brute-force attacks to guess the passphrase, the Secret Service has found that it's better to seize a computer that's still turned on with the encrypted volume mounted and the encryption key and passphrase still in memory. "Traditional forensics always said pull the plug," U.S. Secret Service agent Stuart Van Buren said in February. "That's changing. Because of encryption...we need to make sure we do not power the system down before we know what's actually on it."
A team of researchers including Princeton University computer scientists published a paper in February 2008 that describes how to bypass encryption products by gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys.
U.S. law enforcement, at least, is now doing precisely that. "Our first step is grabbing the volatile memory," Van Buren said. One forensics utility the Secret Service has used is Responder Pro, which allows the examination of volatile memory and is marketed as being able to unearth "chat sessions, registry keys, encryption keys, socket information and more."
Of course, not all useful information is digital. Yesterday's warning about train security from Homeland Security was triggered by files captured during the raid--not electronic ones: the source was "a set of handwritten notes," according to The Wall Street Journal.
The FBI said today that it's not calling for restrictions on encryption without backdoors for law enforcement.
FBI general counsel Valerie Caproni told a congressional committee that the bureau's push for expanded Internet wiretapping authority doesn't mean giving law enforcement a master key to encrypted communications, an apparent retreat from her position last fall.
"No one's suggesting that Congress should re-enter the encryption battles of the late 1990s," Caproni said. There's no need to "talk about encryption keys, escrowed keys, and the like--that's not what this is all about."
The FBI is expected to reveal Thursday that because of the rise of Web-based e-mail and social networks, it's "increasingly unable" to conduct certain types of surveillance that would be possible on cellular and traditional telephones.
FBI general counsel Valerie Caproni will outline what the bureau is calling the "Going Dark" problem, meaning that police can be thwarted when conducting court-authorized eavesdropping because Internet companies aren't required to build in backdoors in advance, or because technology doesn't permit it.
Any solution, according to a copy of Caproni's prepared comments obtained by CNET, should include a way for police armed with wiretap orders to conduct surveillance of "Web-based e-mail, social networking sites, and peer-to-peer communications technology."
The last example, which was floated last fall, is likely to be the most contentious. When an encrypted voice application like Phil Zimmermann's Zfone is used, the entire conversation is scrambled from end to end. It's like handing a letter directly to its recipient--bypassing workers at the neighborhood post office, who could be required to forward a copy to the FBI.
Forcing companies like Zfone and Skype, which also uses encryption for peer-to-peer calls, to build in backdoors for police access was rejected in the 1990s and would mark a dramatic departure from current practice. And anyone hoping to foil the FBI could download encrypted VoIP software from European firms like Lichtenstein-based Secfone AG, which sells it for Android phones.Continue »
- no previous page