Archive for the ‘Wired’ Category

c/o WIRED’s Ryan Singel

Federal law enforcement agencies have been tracking Americans in real-time using credit cards, loyalty cards and travel reservations without getting a court order, a new document released under a government sunshine request shows.

The document, obtained by security researcher Christopher Soghoian, explains how so-called “Hotwatch” orders allow for real-time tracking of individuals in a criminal investigation via credit card companies, rental car agencies, calling cards, and even grocery store loyalty programs. The revelation sheds a little more light on the Justice Department’s increasing power and willingness to surveil Americans with little to no judicial or Congressional oversight.

:::MORE HERE:::

RELATED NEWS:

Wired Magazine, Kim Zetter 

LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.

But the device, which had a read range of 2 to 3 feet, caught only five people carrying RFID cards before Feds attending the conference got wind of the project and were concerned they might have been scanned.::MORE HERE:::

c/o Wired Magazine’s THREAT LEVEL

You may not know it, but if you have a wireless router, a cordless phone, remote car-door opener, baby monitor or cellphone in your house, the FCC claims the right to enter your home without a warrant at any time of the day or night in order to inspect it.

That’s the upshot of the rules the agency has followed for years to monitor licensed television and radio stations, and to crack down on pirate radio broadcasters. And the commission maintains the same policy applies to any licensed or unlicensed radio-frequency device.

“Anything using RF energy — we have the right to inspect it to make sure it is not causing interference,” says FCC spokesman David Fiske. That includes devices like Wi-Fi routers that use unlicensed spectrum, Fiske says.

The FCC claims it derives its warrantless search power from the Communications Act of 1934, though the constitutionality of the claim has gone untested in the courts. That’s largely because the FCC had little to do with average citizens for most of the last 75 years, when home transmitters were largely reserved to ham-radio operators and CB-radio aficionados. But in 2009, nearly every household in the United States has multiple devices that use radio waves and fall under the FCC’s purview, making the commission’s claimed authority ripe for a court challenge.

“It is a major stretch beyond case law to assert that authority with respect to a private home, which is at the heart of the Fourth Amendment’s protection against unreasonable search and seizure,” says Electronic Frontier Foundation lawyer Lee Tien. “When it is a private home and when you are talking about an over-powered Wi-Fi antenna — the idea they could just go in is honestly quite bizarre.”

George Washington University professor Orin Kerr, a constitutional law expert, also questions the legalilty of the policy.

“The Supreme Court has said that the government can’t make warrantless entries into homes for administrative inspections,” Kerr said via e-mail, refering to a 1967 Supreme Court ruling that housing inspectors needed warrants to force their way into private residences. The FCC’s online FAQ doesn’t explain how the agency gets around that ruling, Kerr adds.

The rules came to attention this month when an FCC agent investigating a pirate radio station in Boulder, Colorado, left a copy of a 2005 FCC inspection policy on the door of a residence hosting the unlicensed 100-watt transmitter. “Whether you operate an amateur station or any other radio device, your authorization from the Commission comes with the obligation to allow inspection,” the statement says.

The notice spooked those running “Boulder Free Radio,” who thought it was just tough talk intended to scare them into shutting down, according to one of the station’s leaders, who spoke to Wired.com on condition of anonymity. “This is an intimidation thing,” he said. “Most people aren’t that dedicated to the cause. I’m not going to let them into my house.”

But refusing the FCC admittance can carry a harsh financial penalty. In a 2007 case, a Corpus Christi, Texas, man got a visit from the FCC’s direction-finders after rebroadcasting an AM radio station through a CB radio in his home. An FCC agent tracked the signal to his house and asked to see the equipment; Donald Winton refused to let him in, but did turn off the radio. Winton was later fined $7,000 for refusing entry to the officer. The fine was reduced to $225 after he proved he had little income.

Administrative search powers are not rare, at least as directed against businesses — fire-safety, food and workplace-safety regulators generally don’t need warrants to enter a business. And despite the broad power, the FCC agents aren’t cops, says Fiske. “The only right they have is to inspect the equipment,” Fiske says. “If they want to seize, they have to work with the U.S. Attorney’s office.”

But if inspectors should notice evidence of unrelated criminal behavior — say, a marijuana plant or stolen property — a Supreme Court decision suggests the search can be used against the resident. In the 1987 case New York v. Burger, two police officers performed a warrantless, administrative search of one Joseph Burger’s automobile junkyard. When he couldn’t produce the proper paperwork, the officers searched the grounds and found stolen vehicles, which they used to prosecute him. The Supreme Court held the search to be legal.

In the meantime, pirate radio stations are adapting to the FCC’s warrantless search power by dividing up a station’s operations. For instance, Boulder Free Radio consists of an online radio station operated by DJs from a remote studio. Miles away, a small computer streams the online station and feeds it to the transmitter. Once the FCC comes and leaves a notice on the door, the transmitter is moved to another location before the agent returns.