Monday, January 26, 2009

Obama Sides With Bush In Spy Case

Slashdot picked up a story in Wired about the Obama administration siding with the Bush administration when it urged a federal judge to set aside a ruling in a closely watched case examining whether a U.S. president may bypass Congress and establish warrantless wiretapping programs designed to spy on American citizens.

With just hours left in office, President George W. Bush asked U.S. District Judge Vaughn Walker late Monday to stay enforcement of a Jan.5 ruling admitting key evidence into the case. On Thursday, the Obama administration said in its filing with the court
"The Government's position remains that this case should be stayed"
marking the first time it was clear that the new president was in agreement with the Bush administration's reasoning in this case.

The legal hubbub concerns Walker's decision to admit a classified document as evidence that allegedly shows that two American lawyers for a now-defunct Saudi charity were electronically eavesdropped on without warrants in 2004.

The Obama administration is in agreement with the previous administration in its legal defense of July legislation that immunizes the nation's telecommunications companies from lawsuits accusing them of complicity in Bush's eavesdropping program, according to testimony last week by incoming Attorney General Eric Holder.

A separate case requiring a decision on the constitutionality of the immunity legislation (which Obama voted for as a U.S. Senator from Illinois) brought by the Electronic Frontier Foundation is pending before Judge Walker.

See details in Wired.

Wednesday, January 21, 2009

Privacy Groups Want Strong Security Measures for Electronic Health Records

SANS Institute summarizes an article about US privacy rights and civil liberties advocacy groups writing legislators and asking them to ensure that any adoption of electronic health records include substantial security measures. Such letters from the American Civil Liberties Union, the National Association of Social Workers and Patient Privacy rights request that patients have control over how their medical records are used and that they be protected from organizations that share and sell medical information.
"We all want to innovate and improve health care, but without privacy our system will crash as any system with a persistent and chronic virus will," Patient Privacy Rights executive director Ashley Katz said at a Capitol Hill briefing.
Chairman of Senate Health, Education, Labor and Pensions, Edward Kennedy and ranking member Michael Enzi submitted a bill in the 110th Congress and have worked with Judiciary Chairman Patrick Leahy to beef up its privacy provisions. However, Senate Small Business ranking member Olympia Snowe does not believe the measure went far enough, and together with Rep. Edward Markey, D-Mass., and Rep. Lloyd Doggett, D-Texas, offered letters of support for the privacy groups' call to action.
"Without robust safeguards, the health IT systems we are planning for today could turn the dream of integrated, seamless electronic health networks into a nightmare for consumers," Markey said in a statement.

For complete article, see nextgov.

Tuesday, January 13, 2009

CWE/SANS TOP 25 Most Dangerous Programming Errors

Yesterday, the SysAdmin, Audit, Network, Security (SANS) Institute announced that in Washington D.C., experts from more than 30 U.S. and international cyber security organizations jointly released a list of the 25 most dangerous programming errors that bring about security bugs permitting cyber espionage and cyber crime. The project is a significant component of an overall national security initiative.

The impact of such errors is extensive, where just two errors led to more than 1.5 million web site security breaches in 2008. Those breaches then cascaded onto the computers of people who visited those websites.

The people and organizations that provided input to the project are among the most respected security experts, coming from an extensive range of leading organizations such as Symantec, Microsoft, DHS's National Cyber Security Division, and NSA's Information Assurance Division to the Japaneses IPA, to the University of California at Davis and Purdue University.

Remarkably, all the experts quickly came to agreement, despite some intense discussion.
"There appears to be broad agreement on the programming errors," says SANS Director, Mason Brown, "Now it is time to fix them. First we need to make sure every programmer knows how to write code that is free of the Top 25 errors, and then we need to make sure every programming team has processes in place to find, fix, or avoid these problems and has the tools needed to verify their code is as free of these errors as automated tools can verify."


See complete Announcement in SANS.

Thursday, January 08, 2009

State Secrets Defense Rejected in Wiretapping Case

Slashdot references a report in Ars Technica of a federal judge ruling that a lawsuit filed by an Islamic charity alleging illegal wiretapping by the National Security Agency may proceed.

The case, Al Haramain v. Bush, stands out in that unlike the Electronic Frontier's more widely publicized suits agains the NSA and cooperating telecoms, the plaintiffs here know that the directors of the charity were specifically subjected to warrantless surveillance, thanks to a government faux pas that put a classified memo in the hands of the charity's lawyers.

Judge Vaughn Walker, who has been handling a raft of suits concerning the NSA's super-secret Stellar Wind program decided that the charity could seek to show they'd been spied upon using public evidence.
"Without a doubt," he wrote, plaintiffs have alleged enough to plead 'aggrieved persons' status so as to proceed to the next step in proceedings."
The Justice Department repeatedly tried to try to block the suit by invoking national security concerns. At one point, Walker described the government's argument "without merit" and characterized another argument as "circular".

See complete report at Ars Technica.