Entries Tagged "laws"

Page 29 of 35

ATM Fraud and British Banks

An absolutely great story about phantom ATM withdrawals and British banking from the early 90s. (The story is from the early 90s; it has just become public now.) Read how a very brittle security system, coupled with banks using the legal system to avoid fixing the problem, resulted in lots of innocent people losing money to phantom withdrawals. Read how lucky everyone was that the catastrophic security problem was never discovered by criminals. It’s an amazing story.

See also Ross Anderson’s page on phantom withdrawals.

Oh, and Alistair Kelman assures me that he did not charge 1,750 pounds per hour, only 450 pounds per hour.

Posted on October 24, 2005 at 7:16 AMView Comments

U.S. Regulators Require Two-Factor Authentication for Banks

Two-factor authentication is coming to U.S. banks:

Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.

Bank Web sites are expected to adopt some form of “two-factor” authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.

Here’s more details.

This won’t help. It’ll change the tactics of the criminals, but won’t make them go away. I’ve written about that already (the short version is that two-factor authentication won’t mitigate identity theft, because it’s not an authentication problem—it’s a problem with fraudulent transactions), and also about what will solve the problem.

Posted on October 19, 2005 at 2:51 PMView Comments

UK Terrorism Law Used for Non-Terrorism Purposes

The U.K. has used terrorism laws to stifle free speech; now it’s using them to keep pedestrians off bicycle paths.

With her year-round tan, long blonde hair and designer clothes, Sally Cameron does not look like a threat to national security.

But the 34-year-old property developer has joined the ranks of Britain’s most unlikely terrorist suspects after being held for hours for trespassing on a cycle path.

And also to prevent people from taking pictures of motorways:

A Hampshire student was stopped and warned by police under new anti-terror laws—for taking pictures of the M3.

Matthew Curtis had been gathering images for the website of a design company where he works part-time when he was stopped, searched and cautioned.

The 21-year-old was told that he was in a “vulnerable area” as he snapped pictures of the M3 and was made to account for his actions before he was issued with a warning and told not to do it again.

Officers, who had quoted the Prevention of Terrorism Act, today apologised for causing concern but say they were just being vigilant.

I get that terrorism is the threat of the moment, and that all sorts of government actions are being justified with terrorism. But this is ridiculous.

Posted on October 19, 2005 at 12:04 PMView Comments

Domestic Spying in the U.S.

There are two bills in Congress that would grant the Pentagon greater rights to spy on Americans in the U.S.:

The Pentagon would be granted new powers to conduct undercover intelligence gathering inside the United States—and then withhold any information about it from the public—under a series of little noticed provisions now winding their way through Congress.

Citing in part the need for “greater latitude” in the war on terror, the Senate Intelligence Committee recently approved broad-ranging legislation that gives the Defense Department a long sought and potentially crucial waiver: it would permit its intelligence agents, such as those working for the Defense Intelligence Agency (DIA), to covertly approach and cultivate “U.S. persons” and even recruit them as informants—without disclosing they are doing so on behalf of the U.S. government.

[…]

At the same time, the Senate intelligence panel also included in the bill two other potentially controversial amendments—one that would allow the Pentagon and other U.S. intelligence agencies greater access to federal government databases on U.S. citizens, and another granting the DIA new exemptions from disclosing any “operational files” under the Freedom of Information Act (FOIA).

Posted on October 13, 2005 at 11:47 AMView Comments

Tax Breaks for Good Security

Congress is talking—it’s just talking, but at least it’s talking—about giving tax breaks to companies with good cybersecurity.

The devil is in the details, and this could be a meaningless handout, but the idea is sound. Rational companies are going to protect their assets only up to their value to that company. The problem is that many of the security risks to digital assets are not risks to the company who owns them. This is an externality. So if we all need a company to protect its digital assets to some higher level, then we need to pay for that extra protection. (At least we do in a capitalist society.) We can pay through regulation or liabilities, which translates to higher prices for whatever the company does. We can pay through directly funding that extra security, either by writing a check or reducing taxes. But we can’t expect a company to spend the extra money out of the goodness of its heart.

Posted on October 13, 2005 at 8:02 AMView Comments

Terrorism Laws Used to Stifle Political Speech

Walter Wolfgang, an 82-year-old political veteran, was forcefully removed from the UK Labour party conference for calling a speaker, Jack Straw, a liar. (Opinions on whether Jack Straw is or is not a liar are irrelevant here.) He was later denied access to the conference on basis of anti-terror laws. Keep in mind that as recently as the 1980s, Labour Party conferences were heated affairs compared with today’s media shows.

From The London Times:

A police spokeswoman said that Mr Wolfgang had not been arrested but detained because his security accreditation had been cancelled by Labour officials when he was ejected. She said: “The delegate asked the police officer what powers he was using. The police officer responded that he was using his powers under Section 44 of the Terrorism Act to confirm the delegate’s details.”

Also this:

More than 600 people were detained under the Terrorism Act during the Labour party conference, it was reported yesterday.

Anti-Iraq war protesters, anti-Blairite OAPs and conference delegates were all detained by police under legislation that was designed to combat violent fanatics and bombers – even though none of them was suspected of terrorist links. None of those detained under Section 44 stop-and-search rules in the 2000 Terrorism Act was arrested and no-one was charged under the terrorism laws.

Walter Wolfgang, an 82-year-old Jewish refugee from Nazi Germany, was thrown out of the conference hall by Labour heavies after heckling the Foreign Secretary, Jack Straw.

When he tried to get back in, he was detained under Section 44 and questioned by police. The party later apologised.

But the Home Office has refused to apologise for heavy-handed tactics used at this year’s conference.

A spokesman insisted: “Stop and search under Section 44 is an important tool in the on-going fight against terrorism.

“The powers help to deter terrorist activity by creating a hostile environment for terrorists.”

He added that the justification for authorising the use of the powers was “intelligence-led and based on an assessment of the threat against the UK.”

The shadow home secretary, David Davis, said: “Laws that are designed to fight terrorism should only be used against terrorism.”

Posted on October 10, 2005 at 8:13 AMView Comments

The Beginnings of a U.S. Government DNA Database

From the Washington Post:

Suspects arrested or detained by federal authorities could be forced to provide samples of their DNA that would be recorded in a central database under a provision of a Senate bill to expand government collection of personal data.

The controversial measure was approved by the Senate Judiciary Committee last week and is supported by the White House, but has not gone to the floor for a vote. It goes beyond current law, which allows federal authorities to collect and record samples of DNA only from those convicted of crimes. The data are stored in an FBI-maintained national registry that law enforcement officials use to aid investigations, by comparing DNA from criminals with evidence found at crime scenes.

[…]

The provision, co-sponsored by Kyl and Sen. John Cornyn (R-Tex.), does not require the government to automatically remove the DNA data of people who are never convicted. Instead, those arrested or detained would have to petition to have their information removed from the database after their cases were resolved.

Posted on September 27, 2005 at 11:31 AMView Comments

Judge Roberts, Privacy, and the Future

My second essay for Wired was published today. It’s about the future privacy rulings of the Supreme Court:

Recent advances in technology have already had profound privacy implications, and there’s every reason to believe that this trend will continue into the foreseeable future. Roberts is 50 years old. If confirmed, he could be chief justice for the next 30 years. That’s a lot of future.

Privacy questions will arise from government actions in the “War on Terror”; they will arise from the actions of corporations and individuals. They will include questions of surveillance, profiling and search and seizure. And the decisions of the Supreme Court on these questions will have a profound effect on society.

Posted on September 22, 2005 at 12:28 PMView Comments

1 27 28 29 30 31 35

Sidebar photo of Bruce Schneier by Joe MacInnis.