Police Wants Backdoor To Web Users Private Data

Posted: February 4, 2010 in Nitegator
Tags: , , , , , , , , , , , , , ,

Eighty-nine percent of police surveyed, it says, want to be able to “exchange legal process requests and responses to legal process” through an encrypted, police-only “nationwide computer network.” The survey is part of a broader push from law enforcement agencies to alter the ground rules of online investigations. Cybercrime investigators are pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically. Traffic data is information about data that is being transmitted, e.g. IP addresses, phone numbers, to, from etc. Communications data is the actual body of the data package being sent. Example: If an email was sent from Person A to Person B, the information about Person A, IP address, email address, subject of the email, and the email of Person B would be the “traffic” data. But the content of the actual email, the message, would be the “content”. Because of the make-up of the Internet, it is sometimes difficult for law enforcement officers to discover the identity. The ISPs are required under RIPA to provide the ability to maintain interception capability. This means that the government, when required, can monitor any person’s Internet activity. A person might hide or “spoof” his/her Internet Protocol (IP) address, or might intentionally bounce his communications through many intermediate computers scattered throughout the world. That’s when subpoenas and court orders to each bounce point are used for tracking. Some ISP’s don’t keep records or don’t keep them long enough.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any “record” in their possession for 90 days “upon the request of a governmental entity.” Some companies already have police-only Web interfaces. Sprint Nextel operates what it calls the L-Site, also known as the “legal compliance secure Web portal.” Cox Communications makes its price list for complying with police requests public. The statuary instrument, Data Retention (EC Directive) Regulations SI 2007/2199, issued in the UK is based on the EU directive 2006/24/EC which states, under Article 5, what data must be retained. Eighty-nine percent of investigators agreed that a nationwide computer network should be established for the purpose of linking ISPs with law enforcement agencies. Authorized users would communicate through encrypted virtual private networks in order to maintain the security of the data.

To protect your data you should encrypt your data. There is (currently) no easy or entirely effective way to retrieve data within a well-encrypted (1024-bit key or greater) archive. This type of encryption is implemented by either the operating system or hard disk hardware itself. Most current major OS’s either include or offer as an enhancement, the ability to encrypt your entire drive. There are also third-party software packages like TrueCrypt that offer this ability. In order for an OS-level encryption scheme to work seamlessly, the encryption key must be readily available for use. Otherwise, the system would constantly ask you for your password for every file you wish modify, add, delete and move. Individual file encryption is another way to protect your information. Programs like GPG, PGP, TrueCrypt and a multitude of others offer solid encryption methods. Most of these programs will also allow you to create encrypted “drives” or self-executing archives that contain many files and can be used to fill USB drives or moved around quite easily. You can’t hide your email address nor can this be encrypted, it has to be sent in plain text (it’s the nature of the internet), but you can encrypt the content. Lock your screen ANYTIME you leave your desk and password-protect your screen saver. If you encrypted your drive like you should, then the investigator has no choice but to pull the plug on your system since they cannot do a live forensic duplication. Even after duplication, seized drive will still be encrypted and evidence would be lost restoring the memory. Change your IP address. Currently all the tools available to the public, e.g. Tor, only hide your IP address for web browsing not for email. Therefore your true IP address will still be recorded when you use your email. By hiding your IP address in web browsing it is harder to link your web browsing to your emailing. Always wipe the entire drive when giving a system or drive away. Formatting does not overwrite data on the drive; it simply erases any reference to the data. There are many people out there that will buy drives or old systems for the sole purpose of analyzing them for the previous owner’s personal data. The best method to wipe an entire drive is to attach that drive to an existing system and to wipe the entire drive from there. Set Your Browser To Automatically Clear Its Cache & Cookies on Close. This would prevent someone jumping on your computer only to see all the S&M sites in your history.

The Anti-Terrorism, Crime and Security Act provides guidelines for data retention, though it is currently voluntary. Laptops, mainframes, smartphones and tablet on the market contain gigabytes of information. Wireless communication has increased in popularity, and so have cybercrimes and data collecting. Most intercept communications need the permission of the Secretary of State (Home Secretary). The police, however, only require the permission of surveillance commissioner, under Section 36 of RIPA.

Click Links For More Postings:
Apple’s New ‘iPad’
Computer Contact Lenses
Andrew Joshua Wirth Tackled After Courtroom Outburst
Bank Robber Eats Evidence
NYPD Caught Beating Suspect
Oakland TN Mayor And Former Police Chief IndictedBill Gates Donates $90 Million To Memphis City SchoolsMemphis Red Light Cameras

Share

[tweetmeme source=”wemcal”]

Advertisements
Comments
  1. Scooter helm says:

    Reminds me of a bad habbid of mine. Strange that memories trigger because of a blog post haha. I am a bit sad now even though it aint because of the post itself :/

  2. Why take risks when it comes to home security monitoring of your house and your family? Does not require much dollars or effort to keep criminals from your home with the use of a wireless security system. And I am sure that you desire to rest in peace knowing you did everything possible to save things in life that are more costly with the use of a burglar alarm system. Let us analyze some safety imformation for the smart home and uses of a video security systems. A home security camera system can record all events throught the 24 hour period. Wireless alarm systems can be used in residents not pre wired for home surveillance systems. Wireless burglar alarms are a sure way to safe guard you family and belongings.

  3. Hello. Excellent job. I did not expect this on a Wednesday. This genuinely a good story. Thanks!

  4. Hey, I like your site. I was wondering if you would do a review post of my product at http://www.publicdomainpayday.com

  5. ubot studio says:

    I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.

  6. I’ve been pursuing your blog for 10 weeks now and I should tell I am starting to like your post. How do I subscribe to your web log?

  7. You made good quality points there. I did a Yahoo search on the topic and determined plenty of people will agree with your blog.

  8. Interesting. Thanks for that, but that is not the limit of my appreciation. I suffer from color blindness (deuteranopia in my case). I mostly use Konqueror browser (not sure if that changes anything), and a good many web sites are challenging to comprehend on account of a careless selection of colors used. On this web site, as the choice of colors is good, the site is quite clear and easy to comprehend. I am not certain if it was a planned and considerate act, or just good luck, but nevertheless, I thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s