From security-news-admin at lists.resist.ca  Mon Jan 13 20:25:02 2003
From: security-news-admin at lists.resist.ca (security-news-admin at lists.resist.ca)
Date: Mon, 13 Jan 2003 20:25:02 -0800
Subject: [security-news] Bulletin #11, January 13 2003
Message-ID: <20030114042502.GA13288@resist.ca>

***************************************************************
Security-news <security-news at resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

January 13, 2003

We know it has been awhile since the last issue of security-news, our 
apologies for that. With war hysteria ramping up, the forced 
registration of arab americans (& their subsequent arrests and potential 
deportations), and the incursion of the state security apparatus into 
every aspect of our lives... there couldn't be a more pressing time for 
informed and rational discussion on activist security needs. Some 
organizers in Vancouver, BC are putting on a conference in May that will 
touch on many of the themes addressed in issues of security-news and at 
security.tao.ca. We have included their conference call-out below. As 
always, we could use submissions to security-news as it makes our job a 
lot easier to get the information out there when it is sent out way. 
Submissions can be sent to secure at resist.ca as always.


**********************************
Security-news: Issue #11 - Contents
**********************************
* Security tip of the week: PGP 8.0 - RSA Keys	  
* Events: Activist Security Conference - Callout 
* News & Analysis: Peace Groups Monitored by RCMP Secret Police
* News & Analysis: New Tools for Domestic Spying, & Qualms (part 1 of 2)
* How to: Data security for Linux power users (part 2 of 2)

*****
Security Tip of the Week: PGP 8.0 - RSA Keys 	
*****

In case you missed this, PGP 8.0 is now realeased and there is a 
freeware version for mail and file encryption available at pgp.com 
(there is, however, no free version of PGP disk anymore for users of 
Windows XP or Macintosh OSX which is crummy). Our tip is to make sure 
when creating RSA keys in the new PGP 8.0 to select the "RSA Legacy Key" 
option if you want anyone with an earlier version of PGP to be able to 
use your RSA key. If you create a plain RSA key in the new version, 
people with older versions of PGP can't use them.

*****
Events: ACTIVIST SECURITY CONFERENCE, VANCOUVER BC, MAY 9-11
*****

The Resist! Collective in Vancouver, BC is putting out this draft 
conference call to gather interested parties and supporters together to 
plan an Activist Security Conference for May, 2003. 

What we would like you to do is read the preliminary ideas we have put 
together (with help from friends from other organizations), and let us 
know if you are interested in helping us organize this conference, 
speaking at it, providing training or anything else. We are also looking 
for progressive groups to endorse, or co-sponsor this event. 

We will be setting up an organizing mailing list this week, and having 
our first face-to-face meeting of local organizers to discuss local 
logistics. Please let us know if you are interested in organizing 
locally or just interested in helping to shape the conference and 
develop curricula via the email list. Individuals who wish to be on the 
mailing list must be vouched for by an organization or individual who is 
familiar to us in order to cut down on disruption attempts by outside 
parties. Please email secure at resist.ca if you wish to be added to the 
mailing list or have suggestions, ideas, or comments. 

The Resist! Collective is committed to organizing the local logistics of 
such a conference but we need YOU! to make the content of such an event. 
Please respond to this soon so we can start to organize with as many 
people involved as possible.

WHAT: Activist Security - A Conference (to be given a better name 
shortly)

WHEN: May 9-11th, 2003

WHERE: Vancouver, British Columbia

WHO: Security trainers (tech and non-tech), system administrators, legal 
collectives, copwatch and anti-police brutality groups, and activists 
interested in training and getting trained in these areas.
 
WHY: As far as we know, there has never been an activist conference 
focussing on security for our movements. In the past two years, our 
world has rapidly changed for the worse, and security issues have become 
more important to activist communities as the long arm of the state 
continues to grow. An activist security conference would provide an 
opportunity for progressive security trainers, and activists from across 
North America to meet and skill-share as well as discuss issues and 
ideas on these themes. 

POTENTIAL STRUCTURE: We see that there are three very strong areas that 
we would like to develop workshops, discussions, training and skill 
sharing around:

* TECHNOLOGY: Secure system-administration, Communications security, 
Electronics, Encryption, Echelon & Carnivore, Bugs and taps etc. 

* ACTIVIST TRAINING: User-end security. How to communicate 
securely, security culture, surveillance and counter-surveillance, 
securing our communities (copwatch etc), law-enforcement bodies and 
operations. 

* LEGAL: The Patriot Act (US) and Bill C-36 (Canada), how evolving laws 
are affecting activism, the world post-911 and our rights, the pros and 
cons of court challenges.

This is *not* an exhaustive list of topics, but simply a place to start 
the discussions of the conference from. Please help us by letting us 
know what workshop/skillshare you would be interested in doing and what 
resources you need to be able to do it. 

SOME LOGISTICAL ISSUES: It is unlikely we will be able to do much 
fundraising to put this conference together but we will try. If you know 
of any potential funding sources, please put us in touch. Generally we 
will try to do this on the cheap, asking for a registration fee to cover 
costs on location - and trying to billet people with local activists. We 
are currently looking into space possibilities and costs in Vancouver.

For further information, discussion, to be added to the mailing list or 
anything else, please contact: secure at resist.ca

Thanks! We want to get the ball rolling on this ASAP so please reply 
soon.

In solidarity and struggle, 
The Resist! Collective


*****
News & Analysis: PEACE GROUPS MONITORED BY RCMP SECRET POLICE
Posted to: http://vancouver.indymedia.org
Friday, January 10, 2003
*****

PEACE GROUPS MONITORED BY RCMP SECRET POLICE:
FIGHT BACK WITH THEIR SECRET INFORMATION

http://www.peace.ca/peacegroupsmonitored.htm

All across Canada, in cities and towns, the RCMP monitored peace groups 
they considered subversive to the proper order of society. Any protest 
was monitored as the Government feared all organized opposition. The 
RCMP would even break & enter premises in order to gather material for 
the inclusion in their files on protest groups. Many of the RCMP 
Security Service (SS) files were transferred to the National Archives of 
Canada (NAC). This means that secret RCMP files on protest groups ARE 
NOW AVAILABLE TO YOU! All you have to do is request the files from the 
National Archives, and you will be able to prove the wrong-doings and 
civil rights violations by the RCMP which went unchecked for decades, 
and continue today under CSIS.

Now, before you become all worried that this takes lots of time and 
money and knowledge, let us assure you that it does not. Requests can 
be, and often are, hand-written. Although forms for making requests are 
available from public libraries and government offices, they are not 
required. It costs $5.00 to apply for files on groups and activities. In 
the event that they are not forthcoming with the files, making a 
complaint to the Information Commissioners is free, and can be 
hand-written in one sentence. Such simple complaints are often all that 
is required to finally get files. It need only state that you are 
dissatisfied with the response of the NAC, and that you would like the 
Commissioner to investigate and get more material released. The 
Commissioners will do the rest.

In Ottawa, go to the NAC Reference Room and view the public RG146 
finding aids for the secret files. There are hundreds of pages of lists 
of groups and activities and protests which were observed and noted by 
the RCMP undercover agents and their moles and snitches. If you are not 
in Ottawa, you should ask the NAC to make a copy of the finding aid 
available to you in your city through the office of your local Member of 
Parliament.

These files can be accessed by anyone. An electronic version of the AIA 
request form is available at:
http://www.cio-dpi.gc.ca/ip/infosource/Info_6/Request-Frms_e.html
Simply make a request in writing, using the form or letter, by mail, and 
include $5.00 per file part, to:

Access to Information Coordinator
National Archives of Canada
395 Wellington Street, Ottawa, ON, K1A 0N3
tel. (613) 947-1532/954-4142 fax. (613) 992-9350

Simply state that you request access to an RCMP file under the Access 
Act (AIA) of Canada. Just describe in as much detail as possible the 
records you seek. It is best to have gone through the RCMP finding aid 
(RG146) at the NAC first; this way you will be able to quote the file 
reference. However, you could simply give the name and location of the 
protest group, and have the NAC look it up for you. Then add $5.00 and 
send it to the NAC.

The NAC then has 30 days under the AIA to respond, and they will not 
meet this deadline, so you must immediately, on day 31, write a letter 
of delay complaint to the Information Commissioner, stating that the NAC 
is in a deemed refusal (late) position. Make the complaint soon, as it 
will help force the release of information. Simply state your name, 
address and the fact that the NAC has not properly responded to your 
request. You must write to the Commissioner and say that your request 
was not done in the required time limit, and/or that the response did 
not include all the requested records, and/or that the response
was heavily and unjustly severed:

Information Commissioner of Canada
300-112 Kent Street, Ottawa, ON, K1A 1H3
tel. (613) 995-9976/995-2410 fax. (613) 947-7294
http://infoweb.magi.com/~accessca/oic.html

Eventually, and you can wait a year for an initial release, some 
documents will show up in your post-box. Remember to give the NAC a new 
address if you move. At least 50% of the material in the subject files 
will have been deleted by CSIS before it is released by the NAC. 
Immediately complain to the Commissioner (see above) about the 
unreasonable deletions, and that office will undertake an investigation 
which will hopefully result in the NAC releasing more documents. You do 
not have to justify the reason for the deletions, as this was not your 
fault. Just complain! Many researchers have had to make multiple 
requests and ask for multiple investigations by the Commissioner in 
order to finally access much of the files.

Last, if you are interested in current (1984-1999) secret police files 
about a group, you should consider writing to the RCMP and CSIS and 
requesting a file release under AIA. You will note that the RCMP still 
show up at all demonstrations, and were certainly active in monitoring 
peace and protest groups long after that function was to have been 
transferred to CSIS. Using the method described above, simply write or 
fax, and send $5.00 to:
Canadian Security Intelligence Service
Mr. Garnet Barlow, Access Coordinator
PO Box 9732, Ottawa, Postal Terminal
Ottawa, ON, K1G 4G4
tel. (613) 231-0107, fax. (613) 842-1271
toll free 1-877-995-9903

Royal Canadian Mounted Police
Access to Information Coordinator
Access to Information Department
1200 Vanier Parkway
Ottawa, ON, K1A 0R2
tel. (613) 993-5162, fax. (613) 993-5080

PEACE and PROTEST GROUPS MONITORED by the RCMP Notes: the first number 
(between 697 and 801) is the volume number, and should be used in the 
request. The number following the file name refers to the number of file 
parts for each title. If there is no number, then there is only one file 
part. The largest has some 50 file parts. If you want the file on End 
the Arms Race from Vancouver, then ask for: RG146, Volume 697, End the 
Arms Race Committee, Vancouver, 2 file parts. Send the NAC $10.00 for 
the two AIA file requests. 

For a full list of organizations and their RCMP file numbers - go to 
http://www.peace.ca/peacegroupsmonitored.htm

*****
News & Analysis: New Tools for Domestic Spying, and Qualms
By MICHAEL MOSS and FORD FESSENDEN
December 10, 2002
(Part 1 of 2 - next part in the next issue of security-news)
*****

When the Federal Bureau of Investigation grew concerned this spring that 
terrorists might attack using scuba gear, it set out to identify every 
person who had taken diving lessons in the previous three years.

Hundreds of dive shops and organizations gladly turned over their 
records, giving agents contact information for several million people.

"It certainly made sense to help them out," said Alison Matherly, 
marketing manager for the National Association of Underwater Instructors 
Worldwide. "We're all in this together."

But just as the effort was wrapping up in July, the F.B.I. ran into a 
two-man revolt. The owners of the Reef Seekers Dive Company in Beverly 
Hills, Calif., balked at turning over the records of their clients, who 
include Tom Cruise and Tommy Lee Jones - even when officials came back 
with a subpoena asking for "any and all documents and other records 
relating to all noncertified divers and referrals from July 1, 1999, 
through July 16, 2002."

Faced with defending the request before a judge, the prosecutor handling 
the matter notified Reef Seekers' lawyer that he was withdrawing the 
subpoena. The company's records stayed put.

"We're just a small business trying to make a living, and I do not 
relish the idea of standing up against the F.B.I.," said Ken Kurtis, one 
of the owners of Reef Seekers. "But I think somebody's got to do it."

In this case, the government took a tiny step back. But across the 
country, sometimes to the dismay of civil libertarians, law enforcement 
officials are maneuvering to seize the information-gathering weapons 
they say they desperately need to thwart terrorist attacks.


From security-news at lists.resist.ca  Sun Jan 26 22:30:10 2003
From: security-news at lists.resist.ca (security-news at lists.resist.ca)
Date: Sun, 26 Jan 2003 22:30:10 -0800
Subject: [security-news] Bulletin #12, January 27th, 2003
Message-ID: <20030127063010.GA25687@resist.ca>

***************************************************************
Security-news <security-news at resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

January 27th, 2003

A mish-mash of stuff this week.... We are need of people to write 
security how-to articles that would be of interest to the activist 
community - technical or non-technical - So if you have something you 
want to share, please send it to secure at resist.ca - Thanks!

**********************************
Security-news: Issue #12 - Contents
**********************************
* Security tip of the week: House Alarms vs. Motion-detecting Cameras
* News & Analysis: FBI Taps Campus Police in Anti-Terror Operations 
* News & Analysis: New Tools for Domestic Spying, & Qualms (part 2 of 2)
* How to: Identify and Deal with Keystroke Loggers, Trojans and 
Backdoors 

*****
Security Tip of the Week: House Alarms vs. Motion-detecting Cameras
*****

A house (or infoshop space) alarm, once set off (either by accident or 
surrepitious entry) - may give police the right to enter your space to 
investigate a suspected break-in. Rather than trying to prevent 
surreptitious entry with an alarm system, a better strategy is to detect 
entry by using a well-concealed motion detecting camera. The preferable 
set-up is one which automatically emails or otherwise transmits an image 
of the intruder to you (which foils tape-switching or camera-removal 
strategies).


*****
News & Analysis: FBI Taps Campus Police in Anti-Terror Operations 
Student, Faculty Groups Fear a Return of Spying Abuses Against 
Activists, Foreign Nationals
By Dan Eggen Washington Post Staff Writer 
Saturday, January 25, 2003
*****

Federal authorities have begun enlisting campus police officers in the 
domestic war on terror, renewing fears among some faculty and student 
groups of overzealous FBI spying at colleges and universities that led 
to scandals in decades past.

Since the Sept. 11, 2001, terrorist attacks, the FBI has strengthened or 
established working relationships with hundreds of campus police 
departments, in part to gain better access to insular communities of 
Middle Eastern students, government officials said.

On at least a dozen campuses, the FBI has included collegiate police 
officers as members of local Joint Terrorism Task Forces, the regional 
entities that oversee counterterrorism investigations nationwide.

Some officers have been given federal security clearance, which allows 
them access to classified information. Their supervisors often do not 
know which cases these officers are working on because details cannot be 
shared, officials said.

The FBI and many campus police officers view the arrangements as a 
logical, effective way to help monitor potential terrorist threats and 
keep better tabs on the more than 200,000 foreign nationals studying in 
the United States. Several of the Sept. 11 hijackers were enrolled as 
students at American flight schools, and one entered the country on a 
student visa but never showed up at the school.

"Campus law enforcement is starting to get a lot more recognition from 
the FBI and other federal agencies now, because they're realizing we do 
have police departments and we can play a vital role in stopping 
terrorism," said H. Scott Doner, police chief at Valdosta State 
University in Georgia and president of the International Association of 
Campus Law Enforcement Administrators. "Everybody's got to have their 
eyes and ears open to make sure something doesn't happen again."

But the effort has touched a nerve among some faculty and student 
groups, as well as Muslim activists, who fear that the government is 
inching toward the kind of controversial spying tactics it used in the 
1950s and 1960s. With few restrictions, the FBI at the time aggressively 
monitored, and often harassed, political groups, student activists and 
dissidents.

Faculty leaders and administrators argue that U.S. colleges and 
universities are unique places devoted to the exchange of ideas, and 
that even the hint of surveillance by government authorities taints that 
environment.

"This type of cooperation is perfectly valid if it's based on criminal 
activity, but the danger with the FBI is that it doesn't always limit 
itself to that," said Sarah Eltantawi, spokeswoman for the Muslim Public 
Affairs Council. "Given the FBI's history, there's a definite concern 
that they will go too far."

Closer ties between the FBI and campus police are the latest example of 
the government's determination to keep better tabs on foreign students 
and faculty in the United States. The efforts have met resistance at 
many colleges, which are accustomed to a fair amount of independence 
from government scrutiny and which often are home to activists 
suspicious of the FBI.

This month, the Immigration and Naturalization Service is launching a 
computerized tracking system for all foreign nationals studying in the 
United States, a program that was stalled for years, in part by 
university complaints. Some FBI field offices have also asked local 
universities and colleges for detailed lists of foreign students and 
faculty, prompting objections from academic groups and several U.S. 
senators.

"There is a concern on the part of universities to balance on this 
tightrope in the post-September 11 world," said A. John Bramley, provost 
at the University of Vermont. "On the one hand, no one wants to do 
anything that is not entirely supportive of national security. On the 
other hand, universities are open places that want to encourage dialogue 
and diversity."

Distrust of the FBI runs high among some faculty who remember the 
counterculture demonstrations of the 1960s. Under J. Edgar Hoover's 
15-year COINTELPRO program, the bureau engaged in broad and questionable 
tactics aimed at monitoring and disrupting student activist groups.

FBI agents infiltrated leftist antiwar and civil rights groups with 
informants, tapped into radio frequencies to disrupt protest plans, 
stole membership rolls and compiled dossiers on student political 
leaders. The FBI even produced bogus student newspapers, one 
conservative and one liberal, to spread inaccurate information and sow 
dissension among student groups. The COINTELPRO program was halted in 
1971.

The FBI has long had liaison relationships with police and security 
departments at some universities, particularly larger institutions with 
higher crime rates or heavy involvement in sensitive research areas, 
officials said. But the Sept. 11 attacks prompted the bureau to 
strengthen its links to local and state police departments, including 
those on college campuses.

Precise numbers are not available, but FBI estimates and interviews with 
campus police administrators indicate that at least a dozen departments 
have assigned officers to play significant roles in FBI anti-terrorism 
task forces.

The arrangements with the schools vary. At the University of Texas in 
Dallas, a campus police officer attends monthly task force meetings and 
is in regular communication with the FBI, but has not participated in 
active investigations, officials said. In Gainesville, Fla., a 
University of Florida officer is assigned to work full time alongside 
FBI agents and state police in terror investigations.

At the University of Toledo, police chief John A. Dauer said that one 
full-time and one part-time officer are assigned to the FBI terrorism 
task force based in Cleveland. Although he is not privy to the details 
of his officers' work with federal agents, Dauer said the arrangement 
gives him a better handle on possible terrorist threats on campus than 
he previously had.

"We have a large Arab population between here and Dearborn that they are 
concerned about, and a considerable international population on campus," 
Dauer said. "Having the detectives work with them helps us be more 
proactive in terms of information. Without that, we'd probably have very 
little information at all."

A similar arrangement has prompted controversy at the University of 
Massachusetts at Amherst, where an FBI agent and a campus police 
detective showed up at the office of an Iraqi-born economics professor 
in November for an interview. The campus detective, Barry Flanders, was 
assigned to the local FBI task force and was working on federal 
terrorism investigations at least two days a week.

FBI officials and campus police said they were able to quickly discount 
the anonymous tip that led to the interview, and professor M.J. Alhabeeb 
told local media outlets that the meeting was brief and polite.

But the case prompted a wave of protests by students and faculty, who 
argued that the arrangement gave the FBI the ability to intrude on the 
privacy rights of foreign nationals. The local American Civil Liberties 
Union has filed a Freedom of Information Act request demanding details 
about the university's cooperation with the FBI.

"What we know about the FBI in the past is that it has engaged in a 
whole set of activities against people because they didn't like the 
views they expressed or the associations they had formed," said Dan 
Clawson, a sociology professor at the University of Massachusetts who 
helped arrange a faculty protest meeting on the topic. "It appears that 
we are likely to go back to that time. . . . Universities should take a 
principled stand saying we oppose these activities because they 
interfere with the free exchange of information and ideas."

University of Massachusetts police chief Barbara O'Connor said the 
modern FBI operates under tighter restrictions than it did decades ago. 
Letting one of her officers work alongside the bureau is a sensible way 
to guard against terrorist threats and to keep the campus involved in 
federal probes, she said.

"I think we have a responsibility as a major university to contribute to 
the safety of this region, despite the political pressure that's been 
brought to bear," O'Connor said. "I understand people's concerns about 
civil liberties, but this is part of making sure people aren't harming 
citizens."

Sheldon E. Steinbach, general counsel for the American Council on 
Education, said criticism of the FBI's heightened activity on U.S. 
campuses is overblown.

"Much of the concern expressed at the moment is speculative and 
anticipatory," he said. "It's ascribing sinister motives to the FBI 
before anything remotely akin to that has been proven."


*****
News & Analysis: New Tools for Domestic Spying, and Qualms
By MICHAEL MOSS and FORD FESSENDEN
December 10, 2002
(Part 2 of 2)
*****

`It Smacks of Big Brother'

The Congressional inquiry's lingering criticism has added
impetus to a movement within government to equip terror
fighters with better computer technology. If humans missed
the clues, the reasoning goes, perhaps a computer will not.

Clearly, the F.B.I. is operating in the dark ages of
technology. For instance, when agents in San Diego want to
check out new leads, they walk across the street to the
Joint Terrorism Task Force offices, where suspect names
must be run through two dozen federal and local databases.

Using filters from the Navy's space warfare project,
Spawar, the agents are now dumping all that data into one
big computer so that with one mouse click they can find
everything from traffic fines to immigration law
violations. A test run is expected early next year. Similar
efforts to consolidate and share information are under way
in Baltimore; Seattle; St. Louis; Portland, Ore.; and
Norfolk, Va.

"It smacks of Big Brother, and I understand people's
concern," said William D. Gore, a special agent in charge
at the San Diego office. "But somehow I'd rather have the
F.B.I. have access to this data than some telemarketer who
is intent on ripping you off."

Civil libertarians worry that centralized data will be more
susceptible to theft. But they are scared even more by the
next step officials want to take: mining that data to
divine the next terrorist strike.

The Defense Department has embarked on a five-year effort
to create a superprogram called Total Information
Awareness, led by Adm. John M. Poindexter, who was national
security adviser in the Reagan administration. But as soon
as next year, the new Transportation Security
Administration hopes to begin using a more sophisticated
system of profiling airline passengers to identify
high-risk fliers. The system in place on Sept. 11, 2001,
flagged only a handful of unusual behaviors, like buying
one-way tickets with cash.

Like Admiral Poindexter, the transportation agency is
drawing from companies that help private industry better
market their products. Among them is the Acxiom Corporation
of Little Rock, Ark., whose tool, Personicx, sorts
consumers into 70 categories - like Group 16M, or "Aging
Upscale" - based on an array of financial data and
behavioral factors.

Experts on consumer profiling say law enforcement officials
face two big problems. Some commercial databases have high
error rates, and so little is known about terrorists that
it could be very difficult to distinguish them from other
people.

"The idea that data mining of some vast collection of
databases of consumer activity is going to deliver usable
alerts of terrorist activities is sheer credulity on a
massive scale," said Jason Catlett of the Junkbusters
Corporation, a privacy advocacy business. The data mining
companies, Mr. Catlett added, are "mostly selling good
old-fashioned snake oil."

Libraries and Scuba Schools

As it waits for the future, the F.B.I. is being pressed to
gather and share much more intelligence, and that has left
some potential informants uneasy and confused about their
legal rights and obligations.

Just how far the F.B.I. has gone is not clear. The Justice
Department told a House panel in June that it had used its
new antiterrorism powers in 40 instances to share terror
information from grand jury investigations with other
government authorities. It said it had twice handed over
terror leads from wiretaps.

But that was as far as Justice officials were willing to
go, declining to answer publicly most of the committee's
questions about terror-related inquiries. Civil
libertarians have sued under the Freedom of Information Act
to get the withheld information, including how often
prosecutors have used Section 215 of the 2001 antiterror
law to require bookstores or librarians to turn over patron
records.

The secrecy enshrouding the counterterrorism campaign runs
so deep that Section 215 makes it a crime for people merely
to divulge whether the F.B.I. has demanded their records,
deepening the mystery - and the uneasiness among groups
that could be required to turn over information they had
considered private.

"I've been on panel discussions since the Patriot Act, and
I don't think I've been to one without someone willing to
stand up and say, `Isn't the F.B.I. checking up on
everything we do?' " said John A. Danaher III, deputy
United States attorney in Connecticut.

Several weeks ago, the F.B.I. in Connecticut took the
unusual step of revealing information about an
investigation to dispute a newspaper report that it had
"bugged" the Hartford Public Library's computers.

Michael J. Wolf, the special agent in charge, said the
agency had taken only information from the hard drive of a
computer at the library that had been used to hack into a
California business. "The computer was never removed from
the library, nor was any software installed on this or any
other computer in the Hartford Public Library by the F.B.I.
to monitor computer use," Mr. Wolf said in a letter to The
Hartford Courant, which retracted its report.

Nevertheless, Connecticut librarians have been in an uproar
over the possibility that their computers with Internet
access would be monitored without their being able to say
anything. They have considered posting signs warning
patrons that the F.B.I. could be snooping on their
keystrokes.

"I want people to know under what legal provisions they are
living," said Louise Blalock, the chief librarian in
Hartford.

In Fairfield, the town librarian, Tom Geoffino, turned over
computer log-in sheets to the F.B.I. last January after
information emerged that some of the Sept. 11 hijackers had
visited the area, but he said he would demand a court order
before turning over anything else. Agents have not been
back asking for more, Mr. Geoffino said.

"We're not just librarians, we're Americans, and we want to
see the people who did this caught," he said. "But we also
have a role in protecting the institution and the attitudes
people have about it."

The F.B.I.'s interest in scuba divers began shortly before
Memorial Day, when United States officials received
information from Afghan war detainees that suggested an
interest in underwater attacks.

An F.B.I. spokesman said the agency would not confirm even
that it had sought any diver names, and would not say how
it might use any such information.

The owners of Reef Seekers say they had lots of reasons to
turn down the F.B.I. The name-gathering made little sense
to begin with, they say, because terrorists would need
training far beyond recreational scuba lessons. They also
worried that the new law would allow the F.B.I. to pass its
client records to other agencies.

When word of their revolt got around, said Bill Wright, one
of the owners, one man called Reef Seekers to applaud it,
saying, "My 15-year-old daughter has taken diving lessons,
and I don't want her records going to the F.B.I."

He was in a distinct minority, Mr. Wright said. Several
other callers said they hoped the shop would be the next
target of a terrorist bombing.

http://www.nytimes.com/2002/12/10/national/10PRIV.html?ex=1040539795&ei=1&en=f1d7ce390e76978a

*****
How to: Identify and Deal with Keystroke Loggers, Trojans and Backdoors 
(basic)
*****

Keystroke Loggers

Keystroke loggers come in both hardware and software forms and are used 
to capture and compile a record of everything you type and then make it 
available, sometimes over e-mail or a Web site, to the agency or 
individual snooping on you. Most keystroke loggers record the 
application name, the time and date the application was opened, and the 
keystrokes associated with that application. Keystroke loggers are 
becoming more popular with law enforcement and employers because they 
capture information literally as it is being typed--before any 
encryption can take place - which gives them the access they want to 
passphrases and other usually well-hidden information.

Hardware keystroke loggers are what they sound like - hardware devices 
that attach to your keyboard and record data. These devices generally 
look like a standard keyboard adapter, so they can be hard to spot 
unless you are specifically looking for them. In order to retrieve data 
from a hardware logger, the person who is doing the spying must regain 
physical access to that piece of equipment. Hardware loggers work by 
storing information in the actual device, and generally do not have the 
ability to broadcast or send such information out over a network. To 
take a look at two of the main products on the market (and to give you 
an idea of what to look for), check out Key Katcher and Key Ghost. 
KeyGhost also makes keyboards with the key logger built straight in, 
which makes it much more difficult to spot. Note that because these are 
hardware devices, KeyKatcher and KeyGhost will not be discovered by any 
of the anti-spyware, anti-virus or desktop security programs. You must 
visually scan the back of your computer where the keyboard is plugged in 
to detect it's presence.

Software keystroke loggers are likely more prevalent because they can be 
installed remotely (via a network, a piece of trojan software, or as 
part of a virus), and don't require physical access to obtain keystroke 
data (data is often emailed out from the machine periodically). Software 
loggers often have the ability to obtain much more data as well, as they 
are not limited by physical memory allocations in the same way. There 
are hundreds of software keystroke-loggers out there - the best known is 
Amecisco Invisible Keylogger Stealth. Other programs that perform these 
functions include Spector, KeyKey Monitor, 007 STARR, Boss Everywhere, 
and I-See-Ua. Check them out if you're interested in seeing how they 
work, and what type of data they provide once installed.

We know for a fact that the FBI is using both hardware and software 
loggers. In December, 2001 - there was a case in which the FBI put a 
hardware keylogger on the machine of a member of an organized crime 
family, without first obtaining a wiretap warrant. In that case the US 
Supreme Court ruled that the FBI did not need a warrant in order to 
record keystrokes on a target's machine. To read more about this case, 
click here. For a software example, check out information about Magic 
Lantern - developed as part of the FBI's Carnivore project - it is a 
trojan/key-logger specifically aimed at gathering encryption key 
information for transmission back to the FBI.

Detecting Keystroke Loggers

The only way to check for keystroke logging hardware is to familiarize 
yourself with what it looks like and visually scan your machine on a 
regular basis. Taking pictures of the inside and outside of your machine 
when you get it is always a good idea, so you can compare if anything 
seems to be out of place. For some specific ideas of what to look for, 
check out the SpyCop page on this subject.

In combatting software loggers, you can also take a virtual snapshot of 
the contents of your hard drive, as well as any alterations made by 
programs to other files. You must make a new snapshot each time you 
install new software or make system upgrades in order to keep it up to 
date. As well, you should store that "snapshot" file off your computer 
and in a private location so that it can't be altered by someone having 
physical or remote access to your machine. Products that take system 
snapshots include: Snapshot Spy Pro and ArkoSoft System Snapshot (for 
windows boxes). Fcheck is one of the more trusted programs out there for 
linux machines - we're hoping one of you out there can tell us whether 
or not Fcheck runs on OSX as well.

There are a few programs out there specifically designed to detect 
keystroke logging software. Two that have received good reviews are 
Anti-keylogger and SpyCop. Neither of these programs are free, but 
Anti-keylogger does have a demo version that allows you to scan your 
machine for logging programs. We haven't been able to fully test either 
of these softwares, since we aren't putting the money up to purchase 
them. We currently don't know of *any* program that checks for Magic 
Lantern (please email us if you know otherwise).

Trojans & Backdoors

Another software method an investigating agency may utilize is a trojan 
carrying a backdoor program. A trojan is a program that looks innocent 
but carries a dangerous payload, like the Trojan Horse of Greek 
mythology. It may be disguised as a game or some other kind of 
executable program, in the same way that viruses are often disguised. 
(Need we remind you not to open up .exe files or other attachments 
coming from folks you don't know?)

These trojans, once launched by the targeted user carry a backdoor 
program (or maybe just a few lines of code that create a security hole 
so a backdoor program to be installed later). A backdoor program allows 
the intruder to access your computer whenever it's on the Internet. It's 
a remote control, and usually a very thorough one with full access to 
every facility and file on your computer.

It's obviously important to avoid getting a backdoor program inside your 
computer. The best way is to use a competent virus protection program. 
Most of these will stop trojans and backdoors getting through, unless 
you are permanently connected to the Internet, in which case - you 
should probably be looking at a good hardware or software firewall. 
There's a free one that's easy to use called ZoneAlarm, available from 
ZDNet. It's also recommended for users of regular modems who want to 
improve their security.

If your machine behaves strangely and you think you've got a parasitic 
backdoor (it's a bit like somebody else having a remote keyboard for the 
same computer) manually unplug the phone/adsl line to break the 
connection and get yourself a top virus protection program. Don't 
reconnect that machine to the Internet (not even to collect email) until 
you're sure it's clean. 


***************************************************************
Security-news <security-news at resist.ca>
Good computer security is no substitute for good sense!                  
To sub or unsub - http://resist.ca/mailman/listinfo/security-news        
***************************************************************      




From security-news at lists.resist.ca  Fri Feb 28 09:30:06 2003
From: security-news at lists.resist.ca (security-news at lists.resist.ca)
Date: Fri, 28 Feb 2003 09:30:06 -0800
Subject: [security-news] Little Sister 2003 - info & registration
Message-ID: <20030228173006.GB2855@resist.ca>

************************************************************************
Security-news <security-news at resist.ca> 
A security bulletin for the inspired resistance movement 
Produced by the folks who bring you http://security.tao.ca
************************************************************************

February 28, 2003 - Announcement of upcoming security conference.

Little Sister 2003
Community Resistance, Security, Law and Technology 

Vancouver, British Columbia (Coast Salish Territory)
Martime Labour Centre
May 9-11, 2003 
--------------------------------------------------------------------------------

The Goal is Freedom:

We believe our greatest strength in defeating the security and legal 
maneuvers used against us as community organizers is by unifying and 
building common cause in our movements. This means building diverse 
coalitions who are willing to support each other in order to create safe 
spaces for oppposition to the policies and practices of governments and 
corporations. Ultimately, as organizers, our goal is to resist the 
injustices that our communities face, while retaining our physical and 
emotional freedom. 

Little Sister 2003 is the first conference of its kind being held in 
North America. The conference focus is specifically on community 
resistance and the security and legal needs of autonomous movements. 
Some of the topics we aim to cover through workshops and panel 
discussions include: 

* Training the Trainers 
* Computer Security for Non-Geeks 
* Understanding Law Enforcement "Intelligence" 
* Surveillance Measures & Countermeasures 
* Security for Organizations 
* Informers and Infiltrators 
* Security Culture 
* "At-risk" Communities - Special Organizing Considerations 
* Infiltration by Right-Wing Agendas 
* Communicating Securely 
* Trends in Law 
* The Legal System & You 
* Does the Law Ever Work For Us? 
* Political Climates and Repression 
* Action-Planning & Security 
* Security Technology 
* Secure Systems Administration 
* PGP - What is it? How do we use it? 
* When the Cops Come Knocking 

Workshop Proposals Needed: 

WE NEED PEOPLE to facilitate and lead these, and other workshops. If you 
are interested in presenting on any of these topics (or others), or 
speaking on a panel please submit a workshop/skillshare proposal no 
later than March 20th so we can start to formulate and publicize the 
conference agenda. There is a form for workshop submissions online at 
https://littlesister2003.org/workshop.php. 

Logistics: 

Local organizers are working to make this conference as open as 
possible. We are able to provide billeting for out of town guests, child 
care and a fully wheelchair accessible space for the conference itself 
(if you have special housing needs, we will do our best to accomodate 
those as well). 

Although there are no travel subsidies available, we do have bursaries 
for participating in the conference at a 100% subsidization rate for 
those unable to pay. 

Registration: 

Registration is now open for the conference. Online, the registration 
form can be found at https://littlesister2003.org/reg_form.php. If you 
wish to register via email or phone, please contact the Little Sister 
2003 Organizing Collective using the contact info provided below.

The Bottom Line..... 

As organizers everywhere know, changes in political climate and to 
statutes and legislation over the past several years have allowed for a 
lot more harassment, infiltration, and criminalization of community 
organizations and their members. A tremendous strength can be found in 
bringing together these experiences to examine how we might make 
security skills and techniques a part of our organizing tool-box. 


Contact the organizing collective at:
info at littlesister2003.org
phone: 604-682-3269 ext 7038.
https://littlesister2003.org (website under development)

************************************************************************
Security-news <security-news at resist.ca> 
A security bulletin for the inspired resistance movement 
To unsub from this list, please go to 
http://resist.ca/mailman/listinfo/security-news
************************************************************************

From security-news at lists.resist.ca  Mon Mar 24 22:30:07 2003
From: security-news at lists.resist.ca (security-news at lists.resist.ca)
Date: Mon, 24 Mar 2003 22:30:07 -0800
Subject: [security-news] Bulletin #13 - March 24th, 2003
Message-ID: <38E160A2-5E8B-11D7-8994-00039393408E@resist.ca>

***************************************************************
Security-news <security-news at lists.resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

March 24th, 2003

Just when you think things can't possibly get worse, they always seem 
to. The past week of war and the several weeks leading up to it have 
been truly terrible times for the global population awaiting yet 
another assault on the world by the United States. At the same time, 
the struggles against the war globally have been truly inspiring to 
participate in and to watch from afar. The thousands who have been 
arrested in the United States, the hundreds of thousands marching in 
the streets every day around the world - these are the moments we are 
fighting to keep in a world increasingly repressing its dissident 
voices. With resistance comes repression, and it is in this vein that 
we put out the 13th Security-news bulletin. We urge our brothers and 
sisters to stay strong and safe in these times of struggle.

**********************************
Security-news: Issue #13 - Contents
**********************************
* Upcoming Event: Little Sister 2003
* News & Analysis: These Are Not Your Father's Wiretaps
* News & Analysis: U.S. Steps Up Secret Surveillance
* How to: There's a War On - Do you know where your data is?

*****
Event: Little Sister 2003
*****

Little Sister 2003
Community Resistance, Security, Law and Technology
May 9-11
Vancouver, British Columbia (Coast Salish Territory)

All activist folks interested in security issues during this heightened 
time of global crackdown should seriously plan to attend this three day 
conference!

The Little Sister website is up and running at 
https://littlesister2003.org. There is information Conference 
registration and workshop submissions are handled at this site. PLEASE 
NOTE that the workshop sub and registration deadlines are fast 
approaching - so get your applications in to us asap!

We believe that our greatest strength in defeating the security and 
legal maneuvers used against us as community organizers is by unifying 
and building common cause in our movements. This means building diverse 
coalitions who are willing to support each other in order to create 
safe spaces for opposition to the policies and practices of governments 
and corporations. Ultimately, as organizers, our goal is to resist the 
injustices our communities face, while retaining our physical and 
emotional freedom. It is these themes on which the Little Sister 2003 
organizing committee is building the conference program.

Visit our website for more info or email us at info at littlesister2003.org

Little Sister 2003 Organizing Committee

*****
News & Analysis: These Are Not Your Father's Wiretaps
By Jane Black, Business Week
February 27, 2003
*****

In the old days, tapping a phone was as easy as one-two-three. All 
calls ran over Ma Bell's copper wires. To listen in, law-enforcement 
agents simply requested that the phone company isolate the suspect's 
wire and record any calls made or received. One phone company. One 
network. One flip of a switch.

That was eons ago by techno-standards, however. The new world of 
telecommunications has made it much harder for the FBI to thwart 
evildoers -- and for privacy advocates to ensure that the agency 
doesn't overstep its bounds. Today, dozens of new technologies need to 
be monitored, such as packet voice and cellular text messaging. And 
thousands of new service providers are now in business. "Every time the 
technology moves ahead, you have all these pitfalls -- all these 
potential points where we can creep away from the status quo to a far 
more intrusive type of surveillance," says Lee Tien, a senior attorney 
at San Francisco-based advocacy group the Electronic Frontier 
Foundation.

The job of sorting out the mess falls in large part to Les Szwajkowski, 
the director of the FBI's CALEA surveillance policy and planning unit. 
(CALEA is an acronym for Communications Assistance for Law Enforcement 
Act, which was passed in 1994 and granted the FBI the right to conduct 
surveillance on any new technologies that arise.) With his staff of 50 
engineers, lawyers, and surveillance experts, Szwajkowski's most 
pressing task is finding a way to tackle the challenge of packetized 
voice, better known as VOIP (for voice over Internet protocol), which 
is steadily gaining a foothold in the U.S. market. VOIP provider Vonage 
in Edison, N.J., alone has lured 15,000 customers since it launched in 
April, 2002.

"SHORT ONE PLAYER." Last month, law-enforcement officials and telecom 
providers such as Vonage gathered at a closed-door meeting in Chicago 
to plan for the digital future. The technology makes for some tough 
issues for policymakers. Unlike a traditional phone call, where a line 
is dedicated between two parties, VOIP slices each call into millions 
of tiny digital packets, each of which can take a discrete route over 
the Internet. That means surveillance equipment must either be 
installed permanently on a network or calls must be routed through FBI 
surveillance equipment before being delivered to the caller, which 
experts say can create a suspicious delay.

"Our tactical people are trying to plug every hole. But it's like 
playing the field short one player," says Szwajkowski. "A call that is 
not [able to be intercepted] is a major public-safety and security 
dilemma."

This isn't the first time the FBI has faced such a challenge. As early 
as the 1980s, new features such as call forwarding and conference 
calling created loopholes for crafty criminals. If the FBI tapped a 
suspect's office phone, that person could forward the call to a home 
line if he or she smelled a wiretap -- outfoxing the FBI. Conference 
calls also thwarted so-called pen register and trap-and-trace orders, 
which allow law-enforcement agencies to record all the calls made or 
received on a particular line.

WHO YA GONNA CALL? To trick the feds, one untapped person could call 
another and then conference in the suspected wrongdoer, without the 
call being registered by law enforcement. From 1992 to 1994, a total of 
183 federal, state, and local law-enforcement cases were impeded by 
advances in digital technology, according to congressional testimony by 
then-FBI Director Louis Freeh.

Szwajkowski's job is all the more complicated because of the explosion 
of new communications providers since the 1996 Telecommunications Act. 
Today, it's not just the phone company that completes calls. It could 
be an Internet service provider, a VOIP startup, or both. In rural 
areas, it's not uncommon for startups, such as Paul Bunyon Telecom in 
Bemidji, Minn., or CBeyond Communications in Atlanta, to serve just a 
few thousand customers apiece.

"The number of new players is staggering to us," Szwajkowski says. "It 
was hard enough before to balance technology and economics. Today we 
have to negotiate with a whole new set of entrants with a range of 
demands and circumstances."

HUNGRY CARNIVORE. Therein lies a danger, say privacy advocates. They 
worry that the FBI will use the rise of the packet technology and the 
expanding number of players as an excuse to expand its all-seeing, 
all-knowing surveillance power.

Here's why: VOIP travels across the Internet the same way that e-mail 
does. Address information (the number dialed or the e-mail address) is 
contained in the same packet as the content (what is said or written). 
The FBI's solution for e-mail is the notorious Carnivore technology, 
which sucks up all data that passes its way. The FBI claims that 
Carnivore filters traffic and delivers to investigators only packets 
that they're lawfully authorized to obtain. But because the details 
remain secret, the public must trust the FBI's characterization of the 
system and -- more significant -- that it's complying with legal 
requirements.

Carnivore has been highly controversial, and privacy advocates fear the 
FBI will develop a similar system for VOIP. "The very nature of packet 
technology means that whether it's an e-mail or a voice call, [the FBI] 
can get more and more information that allows them to be more and more 
privacy-invasive," says the EFF's Tien.

A NEW ERA. The sheer number of players could put privacy at an even 
greater disadvantage. In the old days, the FBI went head-to-head with 
the likes of AT&T (T ) or Verizon (VZ ), each of which has an army of 
lawyers to fight off any onerous requirements. In an emerging area such 
as VOIP, however, small companies are on the cutting edge, and they 
have no money to staff a huge legal department.

Szwajkowski plays down these fears. "I'm a citizen too. I don't want to 
be surveilled without law enforcement having built up a serious case in 
front of a judge," he says. "All we want is the ability to intercept, 
whatever technology they use to communicate."

Figuring out just how to do that will be tough -- even with the best of 
intentions. Compromises between law enforcement and carriers over the 
coming year will usher in a new era of government surveillance. To 
avoid another Carnivore, privacy advocates must stay alert.


*****
News & Analysis: U.S. Steps Up Secret Surveillance
FBI, Justice Dept. Increase Use of Wiretaps, Records Searches
By Dan Eggen and Robert O'Harrow Jr.
March 24, 2003; Page A01
*****
Article at:
http://www.washingtonpost.com/wp-dyn/articles/A16287-2003Mar23.html

Since the Sept. 11, 2001, attacks, the Justice Department and FBI have 
dramatically increased the use of two little-known powers that allow 
authorities to tap telephones, seize bank and telephone records and 
obtain other information in counterterrorism investigations with no 
immediate court oversight, according to officials and newly disclosed 
documents.

The FBI, for example, has issued scores of "national security letters" 
that require businesses to turn over electronic records about finances, 
telephone calls, e-mail and other personal information, according to 
officials and documents. The letters, a type of administrative 
subpoena, may be issued independently by FBI field offices and are not 
subject to judicial review unless a case comes to court, officials said.

Attorney General John D. Ashcroft has also personally signed more than 
170 "emergency foreign intelligence warrants," three times the number 
authorized in the preceding 23 years, according to recent congressional 
testimony.

Federal law allows the attorney general to issue unilaterally these 
classified warrants for wiretaps and physical searches of suspected 
terrorists and other national security threats under certain 
circumstances. They can be enforced for 72 hours before they are 
subject to review and approval by the ultra-secret Foreign Intelligence 
Surveillance Court.

Government officials describe both measures as crucial tools in the war 
on terrorism that allow authorities to act rapidly in the pursuit of 
potential threats without the delays that can result from seeking a 
judge's signature. Authorities also stress that the tactics are 
perfectly legal.

But some civil liberties and privacy advocates say they are troubled by 
the increasing use of the tactics, primarily because there is little or 
no oversight by courts or other outside parties. In both cases, the 
target of the investigation never has to be informed that the 
government has obtained his personal records or put him under 
surveillance.

"When this kind of power is used in the regular criminal justice 
system, there are some built-in checks and balances," said David Sobel, 
general counsel of the Electronic Privacy Information Center (EPIC), 
which is suing the Justice Department for information about its 
secretive anti-terrorism strategies. "The intelligence context provides 
no such protection. That's the main problem with these kinds of 
secretive procedures."

The use of national security letters has been accelerated in part 
because Congress made it easier to use and apply them. The USA Patriot 
Act, a package of sweeping anti-terrorism legislation passed after the 
Sept. 11 attacks, loosened the standard for targeting individuals by 
national security letters and allowed FBI field offices, rather than a 
senior official at headquarters, to issue them, officials said.

The records that can be obtained through the letters include telephone 
logs, e-mail logs, certain financial and bank records and credit 
reports, a Justice official said.

The Patriot Act also significantly increased the amount of intelligence 
information that can be shared with criminal prosecutors and federal 
grand juries, giving authorities new powers in the war on terrorism. 
National security letters can be used as part of criminal 
investigations and preliminary inquiries involving terrorism and 
espionage, according to officials and internal FBI guidelines on the 
letters.

According to documents given to EPIC and the American Civil Liberties 
Union as part of their lawsuit, the FBI has issued enough national 
security letters since October 2001 to fill more than five pages of 
logs. There is no way to determine exactly how many times the documents 
have been employed because the logs were almost entirely blacked out, 
according to a copy provided to The Washington Post by the ACLU.

The Justice Department and FBI refuse to provide summary data about how 
often the letters are used. Several lawmakers have proposed legislation 
that would require the department to provide that kind of data.

"In our view, the public is entitled to these statistics," said Jameel 
Jaffer, staff attorney for the ACLU's national legal department. "We 
have no idea how those are being used."

FBI spokesman John Iannarelli said "it's safe to say that anybody who 
is going to conduct a terrorism investigation is probably going to use 
them at some point. . . . It's a way to expedite information, and 
there's nothing that needs expediting more than a terrorism 
investigation."

But a November 2001 memorandum prepared by FBI attorneys warned that 
the letters "must be used judiciously" to avoid angering Congress, 
which will reconsider Patriot provisions in 2005. "The greater 
availability of NSLs does not mean they should be used in every case," 
the memo says.

Beryl A. Howell, former general counsel to Sen. Patrick Leahy (D-Vt.) 
and a specialist in surveillance law, described national security 
letters as "an unchecked, secret power that makes it invisible to 
public scrutiny and difficult even for congressional oversight." Howell 
now is a managing director and general counsel at Stroz Friedberg LLC, 
a computer forensic firm in the District.

Under the Foreign Intelligence Surveillance Act (FISA), the government 
has the power to obtain secret warrants for telephone wiretaps, 
electronic monitoring and physical searches in counterterrorism and 
espionage cases. The Justice Department has expanded its use of such 
warrants since a favorable FISA court ruling last year, which 
determined that the Patriot Act gave federal officials broad new 
authority to obtain them.

The warrants, cloaked in secrecy and largely ignored by the public for 
years, have become a central issue in the ongoing debate over missteps 
before the Sept. 11 attacks. The FBI has come under sharp criticism 
from lawmakers who say FBI officials misread the FISA statute in the 
case of Zacarias Moussaoui, the alleged terror conspirator who was in 
custody before the attacks. No warrant was sought in the Moussaoui 
case, and his computer and other belongings were not searched until 
after the attacks.

Even less well known are provisions that allow the attorney general to 
authorize these secret warrants on his own in emergency situations. The 
department then has 72 hours from the time a search or wiretap is 
launched to obtain approval from the FISA court, whose proceedings and 
findings are closed to the public.

Officials said that Ashcroft can use his emergency power when he 
believes there is no time to wait for the FISA court to approve a 
warrant. There are no additional restrictions on emergency warrants, 
other than the rules that apply to all FISA applications, officials 
said.

Ashcroft told lawmakers earlier this month that Justice made more than 
1,000 applications for warrants to the secret court in 2002, including 
more than 170 in the emergency category. In the previous 23 years, only 
47 emergency FISA warrants were issued.

FBI Director Robert S. Mueller III, in similar testimony to the Senate 
Judiciary Committee, said, "We can often establish electronic 
surveillance within hours of establishing probable cause that an 
individual is an appropriate FISA subject."

"We have made full and very productive use of the emergency FISA 
process," Mueller said.

Sobel and other civil liberties advocates say they are troubled by the 
aggressive use of emergency FISAs because it leaves the initial 
decision up to the attorney general and allows clandestine searches and 
surveillance for up to three days before any court review.

Staff researcher Madonna Lebling contributed to this report.

*****
How to: There's a War On - Do you know where your data is?
An Open Letter from Cindy Cohn
Electronic Frontier Foundation
*****

Hi all,

With the war declared, it's becoming quite clear that ISPs and other 
holders and passers of electrons throughout the US (and probably much 
of the world) are receiving various sorts of subpoenas, court orders 
and warrants to collect and hold information.  about people involved in 
the peace movement and other progressive organizing, along with anyone 
with an Arabic sounding name or ties.

If this concerns you, or the people you work with, a couple of thoughts:

1) Are you using encryption when you can?  Are the people who you work 
with?  Go to www.pgpi.org and download the program and find someone to 
show you how to use it. It's not that hard and there are plenty of 
folks on this list and elsewhere who can teach you.  If you use 
Outlook, I've just been told that there is opportunistic encryption 
built in if you know how to turn it on.  I'll send an EFF hat to the 
first person who sends me an explanation of how to do it that my 
grandfather could understand. I'll also make sure it gets posted 
online. If you know how to use PGP, target 3 colleagues who need it and 
teach them. Then use it with them so that they get well-practiced. And 
don't forget PGPDisk.  No one should cross a border without her hard 
drive encrypted.  We worked hard to free encryption from governmental 
censorship and control.  Please use it.

2) For those of you that administer websites, e-mail systems and 
similar technologies, what information do you have about your users?  
Do you need to have it?  Does your website gather IP addresses?  Does 
your e-mail system keep log files? Are you keeping them?  If so, why 
and for how long? Double checking the settings on your servers and 
systems.  The techies who write most of those programs set the default 
to save everything. Do you really need that?  Most good sysadmins are 
packrats by nature; but now is the time to fight that urge to keep 
every scrap of data "just in case" someone wants it later.  That 
someone could be John Ashcroft.

The US has NO data retention requirements. As long as you implement a 
system of eliminating records as you go and stick to it, there's no 
liability for you if the feds come to seize your server and there's 
nothing on it they can use.  Let's exercise this freedom NOT to gather 
information for the government while we still have it.

3) What footprints are you and your colleagues leaving when you travel 
around the Internet?  Think about using anonymizer.com or similar tool 
for your surfing.  It's easy.  Anonymizer.com offers a free account to 
EFF members, but whether you go through us or directly to them or 
through some other tool.

I'm proud of the work the peace movement has done so far and the good 
use it's made of new technologies to assist in organizing, planning, 
rallying and support. We've been watching the Ashcroftians closely, 
however, and it's clear that the war on terrorism and the war on Iraq 
are being used as excuses to spy on the public and to gather extensive 
dossiers about us. The peace movement is an obvious target for 
harassment using this information.  Let's not make their job any easier 
for them.

And if you hear from law enforcement about your online activities, 
please don't hesitate to contact us.

Feel free to forward this message to anyone who you think could benefit 
from it.

Take care,

Cindy

************************************************
Cindy A. Cohn                   Cindy at eff.org
Legal Director                    www.eff.org
Electronic Frontier Foundation
454 Shotwell Street
San Francisco, CA 94110
Tel:  (415)436-9333 x 108
Fax: (415) 436-9993

***************************************************************
Security-news <security-news at resist.ca>
Good computer security is no sub

From security-news at lists.resist.ca  Sun Apr 27 20:47:58 2003
From: security-news at lists.resist.ca (security-news at lists.resist.ca)
Date: Sun, 27 Apr 2003 20:47:58 -0700
Subject: [security-news] Little Sister Conference Information and Schedule
Message-ID: <33964C1A-792C-11D7-BB7F-00039393408E@resist.ca>

***************************************************************
Security-news <security-news at lists.resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

Little Sister 2003
May 9-11
Vancouver, BC

CONFERENCE INFO and SCHEDULE

In a country where the news is dominated by the latest hockey scores 
and the SARS outbreak - the Little Sister organizing crew is working to 
bring you something completely different for 3 days in May!

We don't have the conference schedule completely worked out yet, but 
here's a rough idea of what's going on. Workshops are not slotted in 
yet, but the planned workshops are listed below the schedule. There is 
still room for last minute workshops to be fit in, so if you have ideas 
for putting something together at the last minute, there will be room 
to put them forward.

The plenaries and most conference workshops will be taking place at the 
Britannia Community Centre which is located at Commercial Drive and 
Napier Streets. There will be some workshops taking place down the 
block at 101-1183 Odlum Drive.

We make no guarantees about providing food at the conference, but 
Commercial Drive is known for it's cheap places to eat. We will be 
providing more information on this depending on what type of food 
donations we receive from local businesses.

Child Care will be provided on site, please let us know in advance if 
you will need it by emailing info at littlesister2003.org.


SCHEDULE INFORMATION

Friday, May 9th (5:00 pm - 9:00 pm)

5:00-7:00 - Registration

7:00-9:00 - Opening Plenary
Communities in Resistance - Fighting the Security State

Confirmed Speakers:
Splitting the Sky
Evert Hoogers - Canadian Union of Postal Workers
Jill Chettier - Housing Action Committee
other speakers to be confirmed

Saturday, May 10th (10:00 am - 5:00 pm)

10:00-11:00 - Morning Plenary: Security Issues in the Global South
(Speakers from Argentina, Mexico and the Philippines)

11:15-12:30 - Workshop Block (1)

12:30-1:30 - Lunch

1:30-3:00 - Workshop Block (2)

3:15 - 4:45 - Workshop Block (4)

5:00-8:00 - Dinner Break

8:00-12:00 - PARTY! Heat Score 2003 - check yer bandannas at the door
Featuring:
Local DJs
and (some of) the MOLOTOV MOUTHS
Location: PLACEBO SPACE (101-1183 Odlum Drive)


Sunday, May 11th (10:00 am - 4:00 pm)

11:00-12:30 - Workshop Block (4)

12:30-1:30 - Lunch

1:30 - 3:00 - Workshop Block (5)

3:00-4:00 -- Closing Plenary


WORKSHOPS (to date)

Title: CUPW, National Security,and the Culture of Spying
Title: How anyone can easily collect passwords, log email, thieve HTML, 
over DSL and Cable connections.
Title: IIP, SILC, IRC:  Necessarily in that order
Title: Indymedia Publishing and Privacy Considerations
Title: Indigenous self determination and resistance
Title: Legal Defense in the Spirit of Resistance
Title: Cryptography in modern operating systems
Title: Basic Computer Security
Title: Security Culture and Oppression
Title: Minimizing Disinformation and Disruption in our Communities
Title: Your Rights Under the Law - What happens when you get arrested
Title: Surveillance and Countersurveillance

We will be posting the complete schedule at http://littlesister2003.org 
once it is available.
*****
Little Sister 2003
Community Resistance, Security, Law and Technology
May 9-11
Vancouver, BC (Coast Salish Territory)
Britannia Community Centre
https://littlesister2003.org



***************************************************************
Security-news <security-news at resist.ca>
Good computer security is no substitute for good sense!
To sub or unsub - http://resist.ca/mailman/listinfo/security-news
***************************************************************