After a recent lapse in security allowed Umar Farouk Abdulmutallab to carry an explosive device aboard a U.S. bound aircraft, the Transportation Security Administration created and distributed a security directive which was leaked to 2 bloggers. Stephen Frischling and Chris Elliot, both travel bloggers received copies of the confidential TSA directive. Two days later, agents of the TSA appeared at the homes of both men with subpoenas demanding to know their sources. How far does the authority of DHS and the TSA extend? Is the TSA overstepping their authority by sending agents to serve subpoenas and collect evidence and testimony? Perhaps I’m confused, but this seems like the specific territory of the FBI.
When U.S. President George W. Bush created the Department of Homeland Security on Nov. 25, 2002, the goal was to improve communication and response time by bringing a host of government entities under one umbrella. DHS integrates elements of government such as the Coast Guard and Border Patrol, but does not include agencies such as the FBI, CIA or NSA. (though DHS does coordinate communication between these agencies in matters relating to terrorist threats)
The TSA is understandably concerned about leaks from within their ranks, but I think they need to look at the larger situation. A bad decision was made in releasing the directive at all. It’s obvious to even the casual reader that very little thought went into it’s creation. The directive was a knee-jerk reaction to a situation caused by a lapse in intelligence. In typical TSA fashion, the directive did very little to address the root of the problem and focused primarily on instilling fear and confusion in the minds of travelers. DHS and the TSA would be better off putting their collective effort into fixing the problem that led to the intelligence failure.
Apple’s Steve Jobs wrote an open letter almost 2 years ago where he advocated the death of DRM. As he put it, (albeit in a much longer form) the 4 major music companies (Universal, Sony BMG, Warner and EMI) own 70 percent of the worlds music, yet only require the 10 percent sold online to be locked with DRM. (compared with the other 90 percent sold on CDs) Jobs’s open letter was taken by many to be a huge show of support for fair use rights. While his letter did make a lot of good points, and did eventually lead to removal of DRM from the entire iTunes catalog, it was more about good business than fair use. Apple spent a lot of money developing their FairPlay DRM system, and even more protecting it from attacks that would seek to undo it’s encryption scheme. During that time the music industry was distributing DRM-free music on CDs, so why should Apple have to shell out all this money to keep FairPlay afloat? Apple is touting the advent of DRM-free music for its entire catalog in the form of iTunes plus, only there’s one thing they’re not telling you. While the songs aren’t encrypted and can be moved to any device you choose, they can still be traced back to their original owner. This is because Apple watermarks each file with the name and e-mail address of the purchaser. For most of us, this doesn’t seem like a big deal. If you don’t share your music, why should you be worried? Well, suppose a thief steals your iPod, copies the tracks and uploads them to a peer to peer network. Are you liable? Some people are understandably concerned about this possibility. If you’re one of those concerned individuals, there are a couple of ways to scrub the personally identifiable information from your files. One way may be the Hymn/JHymn project software. Hynm has been around for a while and works to liberate the decrypted music from iTunes and convert it to a DRM-free file with no loss in sound quality. It has historically preserved the personal information, but even in 2005 one of the maintainers admitted this feature might change if Apple were to use the information against its customers. Another way is to resave the files without re-encoding them with software such as Amoeba’s Fission audio editing software. As explained on MacWorld, Fission is only accidentally capable of removing the identifiers because of it’s rigid adherence to standards. I can’t imagine the RIAA will be able to resist prosecuting people whose iTunes files are discovered on P2P sites. While it’s unclear whether or not this will hold up in court, why risk it. Personally, it shouldn’t be a huge deal. I’ve only purchased a small handful of albums and tracks from iTunes and I don’t share my music. (besides which, if somebody tries to steal my ipod they’d better be able to run like the wind…) However, if the RIAA starts actively pursuing iTunes customers, I might just have to reconsider my options.
I just heard about this on the evening news tonight. Basically the state legislature overrode the Governor’s veto passing a law that requires the police to collect DNA samples from people arrested on a felony charge. It seems like the focus is on getting the information to the lab quickly to run the results for possible matches on other crimes. The one big problem I see with this is that if you’re wrongly arrested, your DNA is in the system. While the government is supposed to purge the DNA records of the falsely accused there’s no guarantee that they actually will. There’s also another problem in that the larger these databases get, the higher the chance of a match between 2 unrelated profiles. I mentioned this before in another post linked to an article in the LA Times.