FBI use of spyware

A report that the FBI used spyware to gain evidence on Josh Glazebrook, who allegedly made bomb threats, has drawn quite a bit of interest. The aim of the search was legitimate, and apparently proper legal procedures were followed, but people are wondering -- just how did they do it? The FBI isn't saying, naturally. Analysts believe the spyware was delivered by email, though this isn't certain, and some are wondering whether anti-spyware software manufacturers are cooperating with the government by intentionally overlooking certain kinds of software infiltration.

(Update (19-Jun-2007): It's now being reported that the spyware was delivered by way of Glazebrook's MySpace account. He reportedly impersonated fellow students to deliver the threats. Believe me, I have no objection to his being tossed in a juvenile detention facility; I'm just wondering what it all implies.)

But even if that's the case, there's still a puzzle. The mere absence of deterrent software doesn't make it easy to deliver surreptitious software to a computer, particularly if the user is knowledgeable and cautious. Kevin Poulsen wonders if "the FBI used a software vulnerability, either a published one that Glazebrook hadn't patched against, or one that only the FBI knows."

Microsoft has declined to say whether it has received a court order to let government spyware go undetected. To me, this raises the possibility that Microsoft may have intentionally allowed a vulnerability in its operating system, not just in its protection software, to remain open for use by federal investigators.

Given how many large businesses have acquiesced to secret governmental demands to help with information gathering, the possibility can't be dismissed. At the same time, we have no positive evidence yet that this has happened. We can only wonder and worry.

Seeing Yellow

The website Seeing Yellow provides a focus for efforts to contact printer manufacturers and convince them to stop selling printers that put personally identifiable information on your output. According to the site:

Most color laser printers made and sold today intentionally add invisible information to make it easier to determine where (and when) a particular document was printed. This seems to have been done as part of a secret deal between the United States Secret Service and the individual manufacturers. Some of the manufacturers have mentioned the existence of the tracking information in their documentation, and others haven't. None of them have explained exactly how it works or what information is conveyed. No law requires printer companies to help track printer users this way, and no law prevents them from stopping this practice or giving customers a solution to avoid being tracked.

The site provides manufacturers' telephone numbers to call, and encourages people to call when they have bought an offending printer. The information is based on the EFF page listing printers which do or don't print tracking dots.

Massachusetts' fascistized medicine

Massachusetts, under Mitt Romney, adopted an alternative to socialized medicine -- fascistized medicine -- and it went into effect this year. If you live in the state, with a few exceptions, you are required to purchase health insurance, even if you'd rather deal with your doctor directly. Don't blame just the Republicans, though; Gov. Patrick also loves this attack on personal choice.

The insurance companies are gleefully pointing out in subway ads that you have to deal with them. They no longer need to persuade potential customers that insurance is worth it.

The Massachusetts Department of Revenue is the enforcer of this law, saving the Commonwealth the trouble of taking people to court. If you don't get insurance, you simply lose your personal exemption on your income tax. Convenient. Efficient. Tyrannical.