• United States



by CSO Contributor

Senate GOPs Pilfer Dems Confidential Computer Files; Easing of Internet Regulations Challenges Surveillance Efforts; Northwest Airlines Shared Passenger Data; Pentagon Online Voting Blasted

Jan 22, 20044 mins
CSO and CISOData and Information Security

Senate GOPs Pilfer Dems Confidential Computer Files

Republican staff members of the U.S. Senate Judiciary Committee infiltrated opposition computer files from the spring of 2002 until at least April 2003, monitoring secret strategy memos and periodically passing on copies to the media, Senate officials told The Boston Globe. GOP committee staff exploited a computer glitch that allowed them to access restricted Democratic communications without a password. Trolling through hundreds of memos, they were able to read talking points and accounts of private meetings discussing which judicial nominees Democrats would fight—and with what tactics. The Globe reports that with the help of forensic computer experts from General Dynamics and the U.S. Secret Service, the office of the Senate Sargeant-at-Arms is investigating, and has interviewed about 120 people to date and seized more than half a dozen computers—including four Judiciary servers, one server from the office of Senate majority leader Bill Frist of Tennessee, and several desktop hard drives. As the extent to which Democratic communications were monitored came into sharper focus, Republicans yesterday offered a new defense. They said that in the summer of 2002, their computer technician informed his Democratic counterpart of the glitch, but Democrats did nothing to fix the problem. Other staffers, however, denied that the Democrats were told anything about it before November 2003. Easing of Internet Regulations Challenges Surveillance EffortsNew York Times, the Federal Communications Commission’s efforts to reduce regulations over some Internet services have come under intense criticism from officials at law enforcement agencies who say that their ability to monitor terrorists and other criminal suspects electronically is threatened. Officials from the Justice Department, the FBI and the Drug Enforcement Administration have repeatedly complained about the commission’s decision in 2002 to classify high-speed Internet cable services under a looser regulatory regime than the phone system. Justice Department officials fear that the deregulatory order impedes its ability to enforce wiretapping orders. The clash between the commission and officials from the Justice Department and other law enforcement agencies pits two policies of the Bush administration against each other. On one side stand those who support deregulation of major industries and the nurturing of emerging technologies; on the other are those who favor more aggressive law enforcement after the Sept. 11 terrorist attacks.

According to a story in todays

Northwest Airlines Shared Passenger story yesterday. Although Northwest officials had stated publicly, in the wake of Septembers JetBlue Airways passenger data scandal, that Northwest would not hand over passenger records, the company acknowledged the 2001 transfer Sunday night. However, Northwest maintains it did not violate its own privacy policy. We were providing data to a government agency conducting research related to aviation security and we were confident the privacy of the passenger information would be maintained,” said Kurt Ebenhoch, a Northwest spokesman. EPIC seeks a federal investigation and possible fines against the company and also intends to file suit against NASA in a California federal court Thursday to compel further disclosure of government documents under the Freedom of Information Act. (To comment on this issue, go to Sound Off on sister site

The Electronic Privacy Information Center (EPIC) filed a formal complaint with the Department of Transportation on Tuesday, alleging that Northwest Airlines engaged in unfair trade practices when it mailed three months’ worth of passenger data on CD-ROMs to NASA researchers in 2002, according to a

Pentagon Online Voting BlastedThe Mercury News today. The Secure Electronic Registration and Voting Experiment, or SERVE, was developed by the Accenture consulting firm for the Department of Defense, which wanted an online system that could be used by U.S. military personnel and overseas civilians. It will debut during a handful of primary elections this year and is expected to be used by up to 100,000 voters during the general election, reports the Mercury News. During two intensive three-day sessions, a 10-member advisory group was given access to software developers, architectural documents and design information. The groups report states that SERVE shares the vulnerabilities associated with other electronic voting systems that are built on proprietary software and that do not provide voters with an independent way to verify their ballot was cast correctly. A particularly problematic vulnerability also exists, in which an attacker might direct voters to a phony voting site that appeared identical to the SERVE site. A voter could cast a ballot without realizing her vote had been diverted and either altered or erased.

The Pentagon’s new Internet-based voting system is vulnerable to tampering and should be shut down, computer scientists reviewing the program said yesterday, according to a story in