Category Archives: Privacy

Comcastic!

Having just replaced the credit card whose numbers Target gave up to hackers, and frozen our credit files to ward off identity theft since Buck Consultants posted my wife’s Social Security number on the web, imagine the joy I felt the other day upon learning that hackers got inside Comcast’s email servers and probably made off with my account info.

The truly cool part of this is how I had to find out about Comcast’s pwnership from various computer security blogs. Although it is crystal clear that Comcast suffered a serious databreach, the Internet service monopoly refused to acknowledge it to the computing press for several days, and has yet to notify me as a customer, instead opting for what I call Ostrich Syndrome.

In my case, giving some hacker access to my Comcast account is not horrible, because in all the years since Comcast bought its way into the Houston market and became “my” monopoly Internet provider, I have never used their “free” email account for anything. My name and correct home address are attached to the account, of which I am not thrilled, but that’s about it. But lots of Comcasters actually use those accounts, for things such as purchasing pay-per-view content, which means they have credit card information on file. And, as Violet Blue has noted, Comcast allows one to add six additional user logins to one’s account, potentially giving six hackers the ability to charge many hours of dirty cable porn or live boxing matches to one’s credit card which, of course, would suck.

So do what doctors recommend, and sign in to your Comcast account and change your password. This is what Comcast should have told you about six days ago, but their PR department has been too busy trying to cover its huge ass to think about the customers yet. I’m sure they’ll be right on it any month now.

For the curious, it turns out that the hacksters gained access to Comcast servers using a Zimbra mail system exploit that had been publicly reported in December, but Comcast’s IT department never bothered to patch their own servers.

That doesn’t surprise me at all and in fact is typical of cable company behavior. I know, because I went to work for Comcast predecessor Time Warner Cable 15 years ago to help them launch their first broadband Internet service. The head of their Internet division had never used email, so I had to show him how. I was hired to create content for their Internet division web site and, when I pointed out to them that their web servers needed to be set up and secured, they told me they assumed that was my job, even though I had never worked on server-side content or programming in my life. Eventually they hired someone whose main job was to keep the servers secure. That person had never seen a web server before taking the job. Their Internet service call center consisted of a roomful of people with canned answers written on little cards. They could not share a user’s computer screen and walk them through any sort of process, because Time Warner had not provided its own call center with Internet access. And so forth and so on.

That was the system in place when Comcast took over in Houston, and sources who still worked there when the switchover came told me that Comcast ran things with even fewer and less-experienced technical support than Time Warner had.

So remember, you’re on your own, peoples. Be careful out there.

Also posted in Business, Communications

Credit Card Cryogenics

After learning that Target fumbled away our Visa card numbers and Buck Consultants put my wife’s Social Security number on a live web page, I thought it was time to mount a defense against potential identity theft. But I didn’t know what to do.

So I contacted digital security expert Brian Krebs, who was kind enough to provide some excellent advice: Freeze your credit files.

I didn’t even know you could do that. Both Target and Buck offered us free monitoring of our credit files – the credit history stored in databases at Big Three credit bureaus Experion, Equifax and TransUnion. But Krebs pointed out that someone could pull your credit file and ding your credit score even while you’re being monitored. You’d find out about it more quickly, one would hope, but monitoring wouldn’t prevent it from happening.

Freezing your credit file does.

I works like this: Contact the credit bureaus via their “freeze centers” (here for Experian, here for Equifax and here for TransUnion). Follow the instructions (and be prepared to answer a few personal questions), pay a fee of about $10, and you’re frozen.

From then on, if some entity wants to pull your credit file, or check your history to see if you can afford utility services or a car loan, they will have to get your permission first. The credit bureaus will call you and ask if it’s OK to lift the credit freeze, and for whom it should be unfrozen. Then, after an agreed-upon period of time, the freeze is put back in place.

After going through this exercise, I learned of one other service. Experian told us it had removed our names from their “pre-approved credit offer mailing lists” that they apparently sell to businesses. I hate getting those offers in the mail, and so I was thrilled that Experian had put a stop to it (although I am not thrilled they were making money off of my credit-worthiness to begin with).

In my opinion, every person’s credit file should be frozen by default. But that’s not the way it works; the credit system is set up for the convenience of the lending community, not the American consumer.

Now more than ever, caveat emptor.

Also posted in Corporate, Self-reliance

Imbalance Of Power

Yes, I’m done making sausage for now, and back on this Constitution vs. The Surveillance State kick of mine. Feel free to ignore this if you don’t care too much about your civil rights.

The board of experts approved by Congress to oversee actions resulting from the Endless War on Terror, and the effects they have on the citizenry’s liberties, issued this report yesterday basically concluding the government’s domestic spying operations are out of control and need to stop:

The statute creating the Privacy and Civil Liberties Oversight Board (“PCLOB” or “Board”) directs the Board to analyze and review actions taken by the executive branch to protect the nation from terrorism, “ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties.” In pursuit of this mission, the PCLOB has conducted an in-depth analysis of the bulk telephone records program operated by the National Security Agency (“NSA”) under Section 215 of the USA PATRIOT Act (“Patriot Act”)…

Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description.

First, the telephone records acquired under this program have no connection to any specific FBI investigation at the time the government obtains them. Instead, they are collected in advance to be searched later for records that do have such a connection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation without redefining that word in a manner that is circular, unlimited in scope, and out of step with precedent from analogous legal contexts involving the production of records. Third, instead of compelling telephone companies to turn over records already in their possession, the program operates by placing those companies under a continuing obligation to furnish newly generated calling records on a daily basis. This is an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole, because it circumvents another provision that governs (and limits) the prospective collection of the same type of information. Fourth, the statute permits only the FBI to obtain items for use in its own investigations. It does not authorize the NSA to collect anything.

In addition, the Board concludes that the NSA’s program violates the Electronic Communications Privacy Act. That statute prohibits telephone companies from sharing customer records with the government except in response to specific enumerated circumstances — which do not include orders issued under Section 215…

The Section 215 bulk telephone records program lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value. As a result, the Board recommends that the government end the program.

Without the current Section 215 program, the government would still be able to seek telephone calling records directly from communications providers through other existing legal authorities. The Board does not recommend that the government impose data retention requirements on providers in order to facilitate any system of seeking records directly from private databases.

Once the Section 215 bulk collection program has ended, the government should purge the database of telephone records that have been collected and stored during the program’s operation, subject to limits on purging data that may arise under federal law or as a result of any pending litigation.

The Board also recommends against the enactment of legislation that would merely codify the existing program or any other program that collects bulk data on such a massive scale regarding individuals with no suspected ties to terrorism or criminal activity. Moreover, the Board’s constitutional analysis should provide a message of caution, and as a policy matter, given the significant privacy and civil liberties interests at stake, if Congress seeks to provide legal authority for any new program, it should seek the least intrusive alternative and should not legislate to the outer bounds of its authority.

Here’s the funny thing (and not at all in the ha-ha sense). President Obama knew when this report would be released. I believe he was briefed well in advance and knew precisely what the report would conclude. Yet he chose to hold a national press conference six days before the report came out – not to announce that he wholeheartedly agreed with the report’s conclusions and was ending the daily intrusion into all Americans’ privacy – but to announce that the daily mass spying on millions of innocent citizens will continue. But maybe someone besides the NSA will own the computers on which their spy database records reside.

One is left to wonder, why is this president so hell-bent on nurturing and growing Big Brother in the United States, even in the face of exhaustive evidence that this is illegal. And even though, as the board report notes, “The classified briefings and materials the Board has received have not demonstrated that the increased speed, breadth, and historical depth of the Section 215 program have produced any concrete results that were otherwise unattainable.”

And why, one also wonders, are so many of our so-called leaders – such as past presidents and the future anointed (i.e. Hillary Clinton) so silent as this country’s civil liberties continue to be shredded?

Update: This is ironic. It is not the Democrats, who used to see themselves as champions of civil liberties, who are calling for an end to the spying. It is the long-time defenders of the military-industrial complex – the Republicans.

From Time: “In the latest indication of a growing libertarian wing of the GOP, the Republican National Committee passed a resolution Friday calling for an investigation into the “gross infringement” of Americans’ rights by National Security Agency programs that were revealed by Edward Snowden.”

Also posted in Be Afraid, Communications, Government, Verbatim

Verbatim

“The oath of allegiance is not an oath of secrecy. That is an oath to the Constitution. That is the oath that I kept, that Keith Alexander and James Clapper did not.” – Edward Snowden

Also posted in Be Afraid, Communications, Government