The following item was posted by Jill R. Aitoro.

A discussion board recently posted an unclassified PowerPoint presentation from the Federal Bureau of Investigation, which provides an in-depth look at the criminal investigation into the selling of counterfeit Cisco networking equipment to federal agencies.

The presentation reports a spike in the total number of seizures of products that violate intellectual property rights from 8,022 in 2005, valued at more than $93 million, to 14,675 in 2006, valued at more than $155 million.

Counterfeit Cisco equipment – including routers, switches, and other hardware components -- finds its way into federal networks because of weaknesses in government procurement and problems with Cisco’s own sales practices, according to the presentation. In the case of the former, agencies purchase from uncertified suppliers using government credit cards or from subcontractors that are two or three levels separated from the manufacturer and allow “blind drop” or “drop ship” methods of fulfillment that limit the possibility of quality assurance checks within the contracting community by delivering the products directly to the agency from the supplier.

For Cisco’s part, reliance on distributors and resellers for the sale of products, combined with a lack of coordination between the company’s brand protection and sales teams perpetuates the problem, according to the presentation. Furthermore, it notes a lack of any vetting of companies selling equipment to government, beyond standard background checks, by either Cisco or the General Services Administration.

The presentation highlights a number of cases where counterfeit Cisco equipment managed to infiltrate federal agencies, including one that involved a top tier partner sourcing equipment from China, that eventually landed in a secure Navy facility.

More details are coming out on the suspension of International Business Machines Corp. from receiving new federal contract. Reuters reports that the contract in question involves the modernization of the Environmental Protection Agency's financial management system. In 2006, IBM bid $80 million on the contract, which EPA has yet to award.

Reuters reports: "'What we are saying is that the case stems from information provided by an EPA employee to IBM employees,' [IBM spokesman Fred] McNeese said. 'Prior to Friday, there was not a hint that there were any type of issues with this contract.'"

According to senior officials inside and outside the national security establishment, the Nation is at war in cyberspace.

This war, like many things in cyberspace, confounds traditional boundaries. It is occurring in part on U.S. soil, where many of the attacked public and private sector computers are located. While some attacks are coming from foreign powers, others are from terrorist groups, and still others come from organized crime. Often the identity and intent of the attackers is unclear.

As Samuel Adams said in 1768, “Even when there is a necessity of military power, within the land . . . a wise and prudent people will always have a watchful & jealous eye over it.” Indeed, it is longstanding policy in this country that the military not be used to enforce the law on U.S. soil, except in major emergencies. This division between national security and civilian law enforcement activities is maintained in electronic surveillance as well. It colors the current FISA extension debate.

Few observers believe these divisions work in cyberspace. Yet there is no clear vision of how to proceed while guarding the underlying principles. For that reason, this matter deserves a considered public conversation. While a national cyber security initiative is necessary and timely, the secrecy surrounding the Administration’s program does not serve the Nation's long term interest.

Former Defense Secretary Robert McNamara said, speaking of Vietnam, "We failed to draw Congress and the American people into a full and frank discussion and debate of the pros and cons of a large-scale military involvement . . . before we initiated the action." We still have the opportunity to avoid that mistake in cyberspace.

Concerns that the Total Information Awareness system (a network to sift through Americans' personal data) never truly was killed, was resurrected (again) by the Wall Street Journal in an article published March 10. "According to current and former intelligence officials, the spy agency [National Security Agency] now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records," according to the article. The Journal cites a Federal Bureau of Investigation program to track telecommunications data called the Digital Collection System, which has attracted the attention of Congress.

One of those speculating that this has been going on for some time has been National Journal's Shane Harris.

Recently, the Supreme Court ruled that the balloon catheter manufacturer Medtronic whose catheter burst and injured a patient was immune from liability because its product, along with its warning labels about the product's risks, had received premarket approval from the Food and Drug Administration (FDA). The Supreme Court said that state laws allowing lawsuits against so-called Class III medical devices were not permissible.

Class III medical devices are, according to the FDA, “the most stringent regulatory category for devices. Class III devices are those for which insufficient information exists to assure safety and effectiveness solely through general or special controls.

“Class III devices are usually those that support or sustain human life, are of substantial importance in preventing impairment of human health, or which present a potential, unreasonable risk of illness or injury.”

The Billboard Liberation Front, a group of so-called "culture jammers" who, among other acts, alter the wording of billboard advertisements to make a political or anti-corporate message, have hit again. The group has claimed credit for altering an AT&T billboard in San Francisco to protest AT&T's collaboration with the National Security Agency's warrantless wiretapping of Americans' phones and Internet usage.





















The billboard was a bit too late to influence the telecoms, who've announced this past week to continue the surveillance program.

Hat tip: boingboing

There are reports that the IRS as well as tax authorities in other countries including Canada, Germany, Australia, Italy, Sweden, Spain, the United Kingdom, and New Zealand have purchased stolen information detailing confidential bank accounts in Liechtenstein. Liechtenstein has very strict banking privacy laws, and it is seen by all the above countries as a safe haven for tax evaders. The country, which is a tiny principality next to Switzerland, is one of three countries (Andorra and Monaco being the other two) listed by the Organization for Economic Cooperation and Development as being "uncooperative tax havens."

How did the countries get this information? In one news report, it was said that, "Heinrich Kieber, a 42-year-old computer expert, offered the information for sale to several countries, including Germany, which paid about $6.3-million for it. (Mr. Kieber is said to be hiding in Australia under a new identity.)"

The San Francisco Chronicle posted a story late yesterday about a contract employee at the NASA Ames Research Center pleading guilty to storing child pornography on his government computer. The odd thing about this story, as the paper points out, is that it is the third time in a little more than two years that an Ames employee has been caught with child pornography on a government computer. The paper makes it a point to say that the latest infraction is "at least" the third time.

A lesson in how the law has yet to catch up to the Internet era is playing out in San Francisco. A federal judge there has ordered the domain registrar for a Web site that allows users to post leaked confidential information in the hopes of "discouraging 'unethical behavior' by corporations and governments, according to a New York Times article. The case involves a former employee for a Cayman Islands bank who provided the Web site (Wikileaks.org) with documents that violated a confidentiality agreement and banking laws. The documents show the bank allegedly involved in money laundering and tax evasion.

While the order has been portrayed as a test of First Amendment rights in the Internet Age (and for the Web site, called ), it's also an example of how unsuitable judicial authority is when it comes to the Internet. As the Times points out:

Judge White ordered [domain registrar] Dynadot to disable the Wikileaks.org address and “lock” it to prevent the organization from transferring the name to another registrar.

The feebleness of the action suggests that the bank, and the judge, did not understand how the domain system works, or how quickly Web communities will move to counter actions they see as hostile to free speech online.

The site itself could still be accessed at its Internet Protocol address (http://88.80.13.160/) — the unique number that specifies a Web site’s location on the Internet. Wikileaks also maintained “mirror sites,” or copies usually produced to ensure against failures and this kind of legal action. Some sites were registered in Belgium (http://wikileaks.be/), Germany (http://wikileaks.de) and the Christmas Islands (http://wikileaks.cx) through domain registrars other than Dynadot, and so were not affected by the injunction.

Fans of the site and its mission rushed to publicize those alternate addresses this week. They have also distributed copies of the bank information on their own sites and via peer-to-peer file sharing networks.

At a conference this month, a panel of technologists will work through the ethical and legal implications of whether a robot can be held responsible for war crimes. The discussion, titled "When Robots Commit War Crimes: Autonomous Weapons and Human Responsibility," is part of the Technology in Wartime conference at the Stanford Law School.

The io9 blog, edited by Annalee Newitz, today pointed out that this question isn’t some academic exercise for eggheads; robot weapons have already been involved in friendly fire incidents, including one in South Africa.

California has led the nation in passing laws to protect private data, and it continues to hold true to the role. This past Tuesday, a California law went into effect expanding the state's groundbreaking security breach notification law, the nation's first law requiring companies to notify customers if a cyberattack exposes personal financial information.

The law now applies to personal health records. Security breaches that expose unencrypted medical histories, information on mental or physical conditions, and medical treatments and diagnoses are covered under the law. The law also applies to the insurance industry. If unencrypted insurance policy or subscriber numbers, insurance applications, claims histories or appeals are exposed through a security breach, insurance companies or the medical facilities storing the data must notify the individuals whose records were possibly stolen or viewed.

The law becomes effective at an auspicious moment, notes the San Francisco Chronicle:

In July 2006, Republican Gov. Arnold Schwarzenegger issued an executive order to store medical records on computers, which probably will result in more data breaches, said Robert Herrell, a legislative assistant to Assemblyman Dave Jones, D-Sacramento, who wrote the bill.

In December, Sutter Lakeside Hospital in Lakeport (Lake County) notified 45,000 patients, doctors and employees after a contractor downloaded their records onto a hospital laptop, took it home and the machine was stolen."

The expanded law led editors of the SANS Institute's “newsbites” section to wonder when Congress will finally pass legislation that protects personal data for all Americans: "Other states will undoubtedly once again follow California's lead. A disturbing question, however, is why the U.S. government has not yet passed legislation with similar provisions."

In my last (modestly named) “What’s Brewin” column, I suggested a way to honor the troops this season: Anyone lucky enough to fly in one of those big, cushy first-class seats should think about giving it up to someone in uniform – especially troops wearing their desert fatigues and on home leave from Iraq or Afghanistan.

Several well-intentioned, but definitely Pecksniffian, folks wrote in to say any service member who accepted such a seat would be in violation of various government regulations, which for the most part consign federal employees to steerage class.

But, according to Eric Rishel, a senior Defense Department attorney, that’s not exactly the case. The Office of Government Ethics does bar federal employees from accepting gifts due to their position from “prohibited sources,” which means folks doing business with the government, Rishel said.

This means that a service member flying out to test a new plane, gadget or gizmo, should not accept a first-class seat from a contractor program manager whose company paid for that cushy seat (on the grounds that this might be an attempt to gain some influence with the service member).

But, if a service member is offered a seat from someone who does not fall into the dreaded “prohibited sources” category offers a big cushy seat, it can be accepted – with some additional caveats, Rishel said.

It probably would not be a good idea for a three star in uniform to accept the upgrade because it would provide the impression of some “fat cat deal going on,” Rishel said. He added that the Air Force has regulations that say no one in the Air Force should fly in first class in uniform, a hard rule to adhere to as a “practical matter” if the cushy seat is offered on the plane.

The bottom line is anyone who does not fall into the dread “prohibited source” category can give away their first-class seat to a service member this holiday season reasonably sure the E4 or E5 will not end up standing at attention at the Office of Government Ethics.

Reporters are sometimes called all kinds of names by folks in uniform, but Rishel assured me that we scribes are not labeled “prohibited sources,” so I look forward to giving up my big, cushy seat once again when I fly to Washington next week.

Merry Christmas

This news item certainly will heap more suspicion on the Bush administration’s tactics for fighting terrorism.

A law firm in Vermont, which represents a client in Afghanistan and a prisoner at Guantanamo Bay, is accusing the federal government of tapping its phones and hacking into a computer used by one of the firm's partners, according to an article posted by the Burlington Free Press. Three partners in the law firm Gensburg, Atwell & Broderick recently sent a letter to clients telling them the firm "can't guarantee their communications were confidential," according to the article. The firm said it had found its phone lines crossed and that a computer forensic examination of the computer used by Robert Gensburg "found an application that disabled all security software and would have given someone access to all information on the computer," according to the article.

Gensberg said there may be an innocent explanation for the problems -- such as he may have accidentally downloaded some malware from the Internet -- but "we are quite confident that it is the United States government that has been doing the phone tapping and computer hacking," the lawyers wrote in their Oct. 2 letter to clients.

According to the article, there's no comment from U.S. officials or Verizon, which operates the phone lines for the law firm and is one of the telecommunication firms named in the Bush administration’s wiretapping program after 9/11:

U.S. Attorney Thomas D. Anderson, the federal government's top law enforcement official in Vermont, said Thursday that he couldn't comment. Verizon has consistently refused to comment on whether it is involved with national security issues, spokeswoman Beth Fastiggi said Thursday.

The following item was posted by Government Executive Senior Correspondent Katherine McIntire Peters.

The country’s schizophrenic approach to immigration was on full display this week. On Tuesday, Homeland Security’s Citizenship and Immigration Services (USCIS) bureau rolled out an enhanced version of its E-Verify program, an electronic screening tool aimed at identifying illegal workers during the hiring process. Employers participate in the program voluntarily, at least in most states. The day before the rollout, the Justice Department filed suit against the state of Illinois for passing a law that essentially blocks employers from enrolling in the program.

The Illinois law puts Homeland Security in the impossible position of enforcing a federal law that has been invalidated by the state. As Emilio Gonzalez, director of USCIS, observed during a briefing with reporters, “You either want us to enforce the law or you don’t.” Presumably that depends on whom you ask.

What was once thought to be theoretically possible is no longer. The Justice Department has arrested a Seattle man charging him with using peer-to-peer software to snoop through personal computers to commit identity theft, according to an Associated Press article. Gregory Thomas Kopiloff used the peer-to-peer software LimeWire to steal personal financial information stored on individuals' computers. The Justice Department said it is the first case in which someone used peer-to-peer software to commit identity theft.

LimeWire allows users who have downloaded the software the ability to primarily share music but it can also be used to share any file on the computer. Many users are not aware of the risk that LimeWire and other peer-to-peer applications present. In a hearing this summer, Rep. Henry Waxman, D-Calif., grilled Lime Group CEO Mark Gorton about how the peer-to-peer software, which had been downloaded onto government computers, put sensitive government information at risk of theft. Here’s a related Tech Insider post on the subject.

According to the AP, Kopiloff used LimeWire to steal identities this way:

When other users might search on LimeWire for "Madonna," Kopiloff would search for "federal tax return," or for student financial aid forms or other financial information, [assistant U.S. attorney Kathryn] Warma said. And instead of getting access to a few hundred files containing "Like a Virgin" or "Papa Don't Preach," he would get a few hundred files containing tax returns.

He would vet his victims before opening accounts in their name, ensuring they earned at least $150,000 a year and had good credit, Warma said.

In what may prove to be prescient, Rep. Darrell Issa, R-Calif., during the summer congressional hearing on peer-to-peer software, warned Gorton about lawsuits if LimeWire is proved to be used to steal identities. According to a ZDNet article:

Rep. Darrell Issa, R-Calif., warned Gorton that LimeWire's practices may open the company up to serious legal liability.

“Would it surprise you if you have a string of lawsuits for inherent defect in your product if people like Charlie Mueller of Missouri finds out he's lost his IRS filings and feels he's been damaged?” Issa asked.

Gorton repeatedly defended his company's practices and said he wasn't aware of the extent to which national security information was being accessed through his network.

LimeWire strives to make its product easier to understand and is working on a new version even more tailored to the “neophyte” user, Gorton said. The software incorporates a number of warnings intended to stave off inadvertent file sharing, he added. For instance, pop-up messages appear when users attempt to share folders, such as the all-encompassing “My Documents” folder and the root directory, which are considered likely to contain sensitive information.

“A lot of the information that gets out there now is because people accidentally share directories that they wouldn't mean to share clearly," Gorton said. "Those warnings are not enough, at least in a handful of cases.”

This may be one of those cases.

Police departments nationwide continue to push their local jurisdictions to provide more surveillance cameras mounted throughout cities to capture images of crowds and traffic in hopes of solving crimes. The latest request comes from Alameda Co., Calif., where the county seat is Oakland. County police chiefs have asked the Alameda County Congestion Management Agency to begin recording the traffic from about two dozen cameras that stream images of traffic on San Pablo Ave., a major thoroughfare through the county, according to an article in The Oakland Tribune.

The police say if the traffic on the avenue had been recorded (the congestion agency does not store traffic video streams), they could have identified cars used in crimes and then worked from there to identify suspects. Police Chief Scott Kirkland in El Cerrito, Calif., in Alameda Co. says the footage could have helped the police department solve the 2005 killings of a gas station clerk, a customer of a hamburger joint, a teenager, a restaurateur in 2007, and a robbery victim last month.

Ever since cameras in London helped police there identify and arrest in June the suspected plotters of the foiled car bomb attacks, many public policy experts have argued for more cameras in U.S. cities. Here's a recent Tech Insider post on the subject.

But privacy advocates have raised concerns, similar to the objections raised in Alameda Co. Privacy advocates there say that if the county's cameras stored the footage, and if the cameras were upgraded so that license plates and other details of the cars and traffic could be viewed, the police may be tempted to use the information for other purposes that infringe on our right to privacy.

An interesting note about the Oakland Tribune article is that no one in the article made the argument against the privacy advocates' position by saying that drivers and pedestrians who have nothing to hide shouldn't worry about the cameras. I bring up again a recent post about a compelling paper (access to paper here) written on that very subject by George Washington University law professor Daniel J. Solove. The paper, "'I've Got Nothing to Hide' and Other Misunderstandings of Privacy," is worth a read and its arguments are too detailed to go into here. One quick quote, however: "The key misunderstanding is that the 'nothing to hide' argument views privacy in a particular way – as a form of secrecy, as the right to hide things. But there are many other types of harm involved beyond exposing one’s secrets to the government."

To find out what those might be, read the paper.

A Customs and Border Protection officer with the Department of Homeland Security was convicted yesterday for unauthorized use of a government computer, Newsday.com reports.

Kelly Bossinger was convicted "on a three-count indictment charging her with unauthorized use of a government computer, lying and conspiring to lie," according to the article.

In 2004, Bossinger had asked other offices to use government computers to find out why Bossinger's sister had been stopped and searched at the U.S.-Canadian border. Bossinger was concerned that her sister was under investigation. She was.

George Ou, a blogger at ZDNet, takes on Rep. Henry Waxman, D-Calif., chairman of the House Committee on Oversight and Government Reform, over Waxman's call for tighter regulation of peer-to-peer software. After ZDNet posted a story on a Government Reform Committee hearing on how peer-to-peer software threatens national security, Ou wrote that Waxman "hasn’t a clue what he’s talking about and this new round of political grandstanding is absurd." Committee members grilled Mark Gorton, the chairman of peer-to-peer Lime Wire who testified before the committee.

Ou argues that peer-to-peer makers like Gorton are not the problem. Rather, federal information technology shops should do a better job of policing federal employees' computers for peer-to-peer software and to remove it when it is found. "The onus is on the Government or any organization to lock down their infrastructure from the physical layer to the application layer to the people working for them," Ou writes. Good point. Transportation Department chief information officer Daniel Mintz told the committee that DOT, after a peer-to-peer software downloaded on a DOT laptop opened access to government documents, developed a policy that requires "written authorization for installation of P2P programs on government machines," according to the ZDNet article.

But Ou goes a few steps further, which pushes his argument over the edge. He argues that the problem isn't the technology, but the people who use the technology to commit crimes. "Sandy Berger stole secret documents from the National Archives by shoving the documents in to his socks so will Congressman Waxman propose a new law against socks? Will Congressman Waxman call the CEO of Fruit of the Loom to the hearings and grill him about the dangers of socks?"

This misses a finer point. Creators of peer-to-peer software such as Gorton know that their software can be misused to spread malware. It is questionable -- and the committee did raise the questions -- whether Gorton and other peer-to-peer programmers have ignored this fact to spread the use of their software and whether they have been responsible enough in informing users that, if not properly configured, peer-to-peer software can open up personal files. Think of a warning label like you see on a pack of cigarettes. It doesn't take a stretch of the imagination to come up with that possibility. It does take a stretch of the imagination for Fruit of the Loom to consider the possibility of someone using their socks to pilfer documents. Regulation to prevent such an event would be absurd. No one in their right mind would think of such a thing.

Not so for peer to peer. The makers of peer-to-peer software know the dangers that their products present. Just like drug manufacturers know the dangers of misusing the drugs they make. But we have regulations in place to require drug companies to inform the public of possible side effects and the dangers of drug interactions and overdosing. Is it too onerous to ask peer-to-peer manufacturers to act as responsibly? By requiring some action from peer-to-peer providers to better secure their products, together with more vigilance from federal security IT shops, peer to peer can become a safer app and continue to provide value to federal workers.

Spyware isn't just for criminals out to steal personal data. The FBI recently used spyware it calls CIPAV, for Computer and Internet Provider Address Verifier, to catch a 10th grader who was emailing bomb threats to his high school in Olympia, Wash., CNET reported this week. "School officials said seven bomb threats were received by e-mail between June 4th and June 13th, resulting in evacuations almost daily, restrictions on student movement and police patrols on campus," according to seattlepi.com. A judge sentenced the student to 90 days in juvenile detention. The FBI has been working on numerous computer programs to help it investigate computer-related crimes.

Ever since the public learned that surveillance cameras helped British authorities identify suspects behind last month's foiled car bomb attacks in London, politicians and security experts have called for similar systems in the United States. Sen. Joseph Lieberman, D-Conn., chairman of the Committee on Homeland Security and Governmental Affairs, has called for more electronic surveillance systems. New York City is adding to its 4,200 cameras scattered throughout the city. It plans to have by the end of the year more than 100 cameras watching traffic in Lower Manhattan to read license plates. Chicago and Los Angeles, as well as Boston and Baltimore, also have camera surveillance systems.

But the debate on whether the camera surveillance systems are something that we want as a society is revving up. "Under such constant surveillance, you will find yourself becoming painfully conscious of being observed, recorded and judged," wrote John Whitehead, founder of the Rutherford Institute, a civil liberties group. "Without realizing it, you will begin to censor your own actions—in regard to even the most innocuous of things." (The same point was made by George Washington University law prof David Solove.)

In an interview with National Public Radio today, Cortez Trotter, Chicago's former chief of emergency management, explained that the Chicago security officials tried to assuage privacy concerns by meeting with the American Civil Liberties Union and the business community about the city's camera surveillance system before it was built. Privacy was built into the system, he said, such as putting blinders on some cameras and limiting how much the camera can pan to keep it from peering into office buildings.

Despite the concerns, surveillance seemingly will only become more ubiquitous. Look at what's being planned for the next generation of surveillance.

Let us know what you think by clicking the comment link below.

We've all heard the argument before: "Why should you worry about the government looking into your personal records if you have nothing to hide?" Daniel J. Solove, an associate professor of law at The George Washington University Law School, analyzes that argument in a recently published paper titled "I've Got Nothing to Hide and Other Misunderstandings of Privacy."

Solove argues that "the question assumes faulty assumptions about privacy and its value." Those who make the "nothing to hide" argument fail to understand the chilling effect that surveillance has on public discourse, the fact that small bits of private data (which an individual may not object to being uncovered) when put together form a larger and more intimate profile (which an individual may object to), and the mistake of having one's profile mistakenly associated with a group that is labeled as threatening.

Here's an excerpt from the paper, which was published in the latest issue of the San Diego Law Review:

[T]he problem with the “nothing to hide” argument is that it focuses on just one or two particular kinds of privacy problems – the disclosure of personal information or surveillance – and not others. It assumes a particular view about what privacy entails, and it sets the terms for debate in a manner that is often unproductive.

It is important to distinguish here between two ways of justifying a program such as the NSA surveillance and data mining program. First is to not recognize a problem. This is how the “nothing to hide” argument works. It denies even the existence of a problem. The second manner of justifying such a program is to acknowledge the problems but contend that the benefits of the NSA program outweigh the privacy harms. The first justification influences the second, for the low value given to privacy is based upon a narrow view of the problem.

The key misunderstanding is that the “nothing to hide” argument views privacy in a particular way – as a form of secrecy, as the right to hide things. But there are many other types of harm involved beyond exposing one’s secrets to the government.

Here is something new for constitution lawyers to ponder: How would you apply constitutional law to the hacking technique known as "keystroke logging?"

According to an article by CNET.com's Declan McCullagh, a federal agent with the Drug Enforcement Administration convinced a federal judge to legally authorize the installation of keystroke logging software into the computer of a suspected ecstasy drug manufacturer. Key logging software is used to capture a computer user's keystrokes, and it is often used to spy on people's computer usage and to capture usernames and passwords. According to the article:

That was necessary, according to DEA Agent Greg Coffey, because the suspects were using PGP and the encrypted Web e-mail service Hushmail.com. Coffey asserted that the DEA needed "real-time and meaningful access" to "monitor the keystrokes" for PGP and Hushmail passphrases.

The aggressive surveillance techniques employed by the DEA were part of a case that resulted in a ruling on Friday by the 9th Circuit Court of Appeals, which primarily dealt with Internet surveillance through a wiretap conducted on a PacBell (now AT&T) business DSL line used by the defendants. More on that below.

The DEA's pursuit of alleged Ecstasy manufacturers Mark Forrester and Dennis Alba differs from the first known police use of key-logging software, which snared reputed mobster Nicodemo Scarfo in 1999. In the Scarfo case, the FBI said in an unclassified affidavit at the time, a key logger that also was planted in a black bag job was disabled when the Internet connection became active.

Since the DEA agent did not use the key logging software when the modem was in use, they were able to avoid the question of whether the technique is unconstitutional and permitted under wiretap laws.

The defendants in this case argued that key logging software is the same thing as a "general warrant" or a "writ of assistance" that would allow police to take "any record, including e-mail, simply because it was typed on a computer." The Fourth Amendment of the Constitution prohibits general warrants and requires warrants to identify the "things to be seized." Wiretap laws require that the interception of non-applicable information, such as conversations, be kept to a minimum.

A lawsuit filed in a District Court in Texas is a strong reminder of the responsibilities that come with blogging.

On June 19, Nashville-based Essent Healthcare, which operates the Paris Regional Medical Center in Texas, filed a suit against "The Paris site," a blogging site set up by an anonymous operator in 2005 to post insider comments about the hospital. The suit alleges that "on several occasions the blog posted 'false and misleading statements with malice,'" according to an article posted by iHealthBeat.org. "According to the lawsuit, the blogger falsely accused the hospital of criminal wrongdoing in operating and managing the hospital, including Medicare fraud."

A District Court judge recently ordered ISP SuddenLink Communications Inc. to reveal -- within 20 days of when the lawsuit was filed (that would be by July 9) -- the name of the operator and the nine bloggers who have posted to the site.

In an article on the suit, ComputerWorld quotes a First Amendment lawyer as speculating that the hospital does not have much of a case.

President Bush may have commuted the prison sentence of Lewis "Scooter" Libby Monday, but his name still shows up in the Federal Bureau of Prison's Web site as inmate number 28301-016. He is listed as "not in BOP custody" and his release date is "unknown."

A U.S. federal court ruled yesterday that law enforcement agents must obtain a warrant to seize private e-mails, much like warrants must be obtained to listen in on private telephone conversations, according to an Associated Press report.

From the article:

The ruling stems from a fraud investigation against Steven Warshak, owner and president of Berkeley Premium Nutraceuticals, an herbal supplement company known for its "Smiling Bob" ads.

Warshak, whose company markets supplements that include a "natural male enhancement" product called Enzyte, argued that his Fourth Amendment protections against unreasonable searches and seizures were violated when the government went after his e-mail records.

The appeals court said the lower court correctly reasoned that e-mails stored at a service provider "were roughly analogous to sealed letters, in which the sender maintains an expectation of privacy. This privacy interest requires that law enforcement officials obtain a warrant, based on a showing of probable cause."

National Public Radio's Morning Edition reported on the ruling, calling it a "very significant case."

Reporters typically try to get both sides of a story. So, when someone alleges or rules that an individual, say, violated a law, a reporter asks the accused for a response.

That's what we did when the Office of Special Counsel ruled that Lurita Doan, the head of the General Services Administration, violated the Hatch Act. Typically, a reporter will get one response. But Doan gave us, over a three-hour period, three slightly different statements.

Listed below are her statements sent via email. The bold portions are words that were either altered or removed in the succeeding response.

Government Executive received its first statement via email from Doan at 2:37 p.m., Wednesday:

I received the staff-drafted report, and I disagree with its preliminary findings. I have concerns with the leaps in logic and the many inaccuracies contained in it, such as an error as simple as citing a non-existent employee in my office. I have an opportunity, which I will take, to work with the Office of Special Counsel to correct the many inaccuracies before the final report is issued.

Doan then sent a second response via email at 5:07 p.m., Wednesday:

I received the staff-drafted report, and I disagree with its preliminary findings. I fundamentally disagree with the approach taken by investigators to include facts and information that were not included in the report. I have an opportunity, which I will take, to work with the Office of Special Counsel to correct the many inaccuracies before the final report is issued.

The final statement was received by Government Executive at 5:27 p.m., Wednesday:

I received the staff-drafted report, and I disagree with its preliminary findings. I fundamentally disagree with the approach taken by investigators, including the omission of important and relevant facts from the report. I have an opportunity, which I will take, to work with the Office of Special Counsel to correct the many inaccuracies before the final report is issued.

Earlier today Government Executive reported that the Office of Special Counsel concluded that General Services Administration Administrator Lurita Doan violated the Hatch Act. The 21-page report, obtained by Government Executive, is a sharply worded document that calls into questions much of Doan's recollection, or lack thereof, of the charge that she violated the law by hosting a meeting at GSA headquarters, where a special assistant to the president showed a PowerPoint presentation that analyzed the results of the 2006 midterm election. Doan allegedly asked how GSA could help the Republican candidates.

The report is full of details of Doan's testimony and questions of how it contradicts other witness testimony, most of which we could not fit in the news story. We provide some for you here:

-- Throughout the report, investigator Scott Bloch suggests that Doan did not give an accurate portrayal of the events that occurred at the January meeting. For example, according to the report, Doan told investigators that she did not pay attention to the PowerPoint slide presentation on the 2006 elections because:

she dislikes PowerPoint presentations; she was uninterested in the topic; she does not care about polls; and, she felt the presentation had nothing to do with her or what she does on a daily basis at GSA. Lastly, Administrator Doan testified that she was on her Blackberry ... reviewing emails ... and only periodically looked up and down.

In a footnote, investigators report that Doan contributed $226,000 to Republican candidates and Republican organizations and asked Doan why she contributed to candidates and organizations when "she does not care about polls or election results. Doan responded by testifying that the contributions had been 'taken out of context.'" She told the OSC that she does not believe that $225,000 is a substantial amount in light of her other contributions to nonpolitical organizations, such as giving more than $1 million to her alma mater Vassar College, more than a half a million dollars to the New Harman Center of Shakespeare Theatre and more than $50,000 to fund minority businesses.

"Although Ms. Doan again repeated that her donations to these Republican organizations have been taken out of context," according to the report, "she failed to explain why she donated any amount to these organizations whose purpose is to elect Republican candidates."

Also, an OSC review of her e-mail use during the meeting failed to corroborate that she was checking or sending email via her BlackBerry.

-- The report challenges Doan's claim that she cannot remember whether or not she made any remark along the lines of "how can we help our candidates," but the report provides a long list of events at the meeting she did recall:

Administrator Doan testified that as she was getting ready to leave for the January 26 meeting, she was interrupted by a phone call or her personal digital assistant. She testified that she told Meghan and Brittany, her two assistants, that she would be down to the meeting in a few minutes. She remembered that they took with them the cookies she had purchased previously for the meeting. Upon entering the meeting, she remembers being surprised that the video conferencing system and the refresh rate were working. Ms. Doan also testified that she remembered thinking that there were not that many people at the meeting. Administrator Doan also remembered that she sat near Mr. Jennings and was sitting near a "young perky looking" woman, whom she thought might be a new GSA employee. Administrator Doan remembers that Kevin Messner was sitting at the far end of the table. She also remembered that three or four people left during the presentation including her Associate Administrator for Congressional and Intergovernmental Affairs. Despite remembering all of these details concerning the meeting, Administrator Doan testified that she could not remember whether she made any comment about "how can we help our candidates.

Doan also told OSC that she did not give Scott Jennings, who presented the slide show, a tour of GSA's offices and did not know if Jennings went elsewhere in the building after the presentation. But Jennings and GSA White House Liaison J.B. Horton told OSC that after the meeting, Doan gave Jennings a tour of the immediate area around her office and talked about the artwork.

-- Investigators report that Doan tried to defend her contention that she could not remember the statement regarding helping candidates by questioning the memory of the witnesses who testified that she did ask the quesiton:

Administrator Doan's implication that the adverse testimony provided by her political appointees should be questioned because of the alleged variations is unconvincing. Administrator Doan is holding the adverse witnesses to a standard which she does not hold herself. First Ms. Doan does not recall or remember anything about Mr. Jennings' presentation or any of the comments that Mr. Jennings' made, yet she claims to remember the statements made by attendees after Mr. Jennings' presentation concluded. Second, with respect to the alleged statements she can remember, they were preface with a caveat that she could not recall verbatim what she said.

Recent articles cyberattacks on Estonia's government Web sites has posed some complex policy and legal questions for governments -- is a cyberattack equivalent to an armed attack? Slate's Anne Applebaum points out in her article posted today that Estonia is a member, albeit a new one, to NATO, which, according to the alliance treaty, considers "an armed attack on one of its members 'an attack against them all.'" What to do?

When does cyberwarfare, or information warfare as the Defense Department calls it, become an attack worthy of retaliation, cyberbased or armed?

If you have some thoughts, please click the comment link below and let us know.

The following item was posted by Editor at Large Bob Brewin

post A consequence of the Real ID Act to make driver licenses more secure – beyond its $23 billion estimated cost -- is the fact that it will increase by as much as 75 percent the already painful long waits at states’ departments of motor vehicles, the National Governors Association told the Homeland Security Department in comments it filed on the proposed Real ID rules and regulations.

Since I wished I had packed a lunch for my last excruciating visit to the New Mexico Department of Motor Vehicles (the wait took three hours), I imagine I also will have to pack a light snack too to tide me over through what may turn out to be nearly a five-and-a-half hour process if Real ID remains on the books.

The long wait times will increase because Real ID requires, among other things, that every applicant for a license have a photo taken. Currently, DMVs take photos for licenses only after an applicant is approved. But under Real ID, everyone must have a photo taken whether they are approved for a license or not.

The wait times also will increase because all of the nation’s 242 million licensed drivers will be required to bring multiple documents to prove they are who they say they are. DMV clerks will have to check two utility bills for each applicant, a birth certificate and a passport, if you have one. (The utility bill section may put me in a Real ID limbo. All the utility bills in my household are in the name of my wife, the responsible member of the family.)

Maybe when Rep. James Sensenbrenner, R-Wis., who attached the Real ID Act to a must-pass emergency war supplemental bill two years ago, goes to apply for his new Real ID driver’s license at the Wisconsin DMV, he will encounter just how slow the application process can become. -- Bob Brewin

If a hacker gains access to a company's database of customers' personal information, that company is required by many state laws to inform those customers that their personal information was exposed. Now federal agencies may be required to do the same, if a bill introduced today is eventually passed.

Rep. Tom Davis, R-Va., ranking member on the House Committee on Oversight and Government Reform, introduced The Federal Agency Data Breach Protection Act (HR 2124), which would amend the Federal Information Security Management Act of 2002 to require "the executive branch establish procedures to be followed in the event of a data breach," according to a press release from Davis' office. The bill also would:

-- clarify the authority that an agency head could delegate to the CIO;
-- require agencies to establish data breach notification procedures consistent with OMB policies, procedures and standards;
-- authorize agencies to establish polices and procedures for accounting for all federal personal property assigned to departing employees; and
-- define sensitive personal information.

The bill is identical to one Davis introduced last year (HR 6163), which was incorporated into The Veterans Identity and Credit Protection Act and passed in September. That law requires the Veterans Affairs Department to promptly notify vets of data breaches, to centralize IT management and to report VA's adherence to federal information security standards.

Not all government e-mails, electronic documents and notes stored on a computer should be considered a public record, the Arizona Supreme Court ruled yesterday.

According to an article published by the Arizona Daily Star:

[Arizona Chief Justice Ruth McGregor wrote in her opinion,] "Every note made on government-owned paper, located in a government office, written with a government-owned pen, or composed on a government-owned computer would presumably be a public record."

She said that logic would make a public record of a grocery list written by a government employee and a report card stored in the desk of a government worker.

"The public-records law was never intended to encompass such documents," McGregor said. "The purpose of the law is to open government activity to public scrutiny, not to disclose information about private citizens."

McGregor said a judge can withhold public records if the exposure would violate rights to privacy, confidentiality or "the best interests of the state."

The ruling was based on the trial of Arizona Pinal County Manager Stanley Griffis, who recently pleaded guilty to six felonies including theft, fraud and tax fraud. He is awaiting sentencing. Griffis was indicted for using money from the Sheriff's Department to purchase weapons for personal use. A court ordered Griffis to turn over all e-mails covering a two-month period.