Blogs

PRIVACY: Should the FBI Get Records about Your Internet Activity Without a Subpoena?

08.01.10

A recent report that the White House wants the FBI to have access to an individual’s Internet activity may help with investigation of terrorism or intelligence, but what about our expectation of privacy? Notwithstanding all of Mark Zuckerberg’s recent comments about privacy, last winter Zuckerberg he told a live audience that if he were to ‘create Facebook again today, user information would by default be public.’ Also Google CEO Eric Schmidt admitted in a CNBC interview that under the US Patriot Act that Google would turn over user information (which Google maintains for 18 months) without question. So maybe we have less privacy than we may think, but in the name of national security alone does it make sense for the White House/FBI to not even both getting a federal judge to issue a subpoena?

COMPANY PRIVACY: Social Engineer Defcon Contest

At the annual Defcon meetings (July 30-August 1) in Las Vegas there was a 3 day contest to see which Social Engineer could get the most company data from 30 companies. The FBI is not too happy, but after consulting lawyers from the Electronic Frontier Foundation the following contest rules were created:

Each Social Engineer is sent via email a dossier with the name and URL of their target company chosen from the pool of submitted names.

Pre-Defcon you are allowed to gather any type of information you can glean from the WWW, their websites, Google searches and by using other passive information gathering techniques. You are prohibited from calling, emailing or contacting the company in any way before the Defcon event. We will be monitoring this and points will be deducted for “cheating”.

The goal is to gather points for the information obtained and plan a realistic and appropriate attack vector. The point system will be revealed during the Defcon event. All information should be stored in a professional looking report. 1 week prior to Defcon you will submit your dossiers for review to the judging panel.

Stay tuned to see how successful the Social Engineers were in getting information from these 30 companies. How easy will it be to get information? We all know the answer, pretty easy!
 

The publications contained in this site do not constitute legal advice. Legal advice can only be given with knowledge of the client's specific facts. By putting these publications on our website we do not intend to create a lawyer-client relationship with the user. Materials may not reflect the most current legal developments, verdicts or settlements. This information should in no way be taken as an indication of future results.

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.

Operators

AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.

back to top