I guess I do not find it surprising that they want controls, but it is a but curious how they are trying to get them put into place:

The Guardian has learned that police and security agencies have been lobbying ministers and senior officials, expressing fears about the potential for voice-over-internet-protocol technologies to hide a caller’s identity. Their aim? To get VoIP providers to monitor calls and find ways to identify who is calling whom – and even record them.

Though enforcement agencies say their main concern is VoIP’s inability to deliver a 999 service, sources counter that this is a smokescreen to cover police efforts to monitor calls and identify individuals – an agenda that becomes more credible in the light of submissions made by police to the communications regulator, Ofcom.

[…]

“At present, law enforcement agencies have great difficulty in tracing the origin of VoIP calls,” wrote [Detective Superintendent] Macleod. “This poses significant threats to our democratic society”

[…]

According to experts at BT’s Martlesham Heath research labs, the only real solution would be a complete overhaul of the routers that make up the internet backbone, an exercise they estimate will cost £1bn.

“The network was never designed with identity in mind. When it was set up it was for the free and easy exchange of data.”

The Guardian does a fine job explaining how portable devices and VoIP are becoming so common so fast that the government regulators are having a hard time keeping up. The quote by Macleod is very telling of the kind of one-sided position the police might attempt to force, unfortunately. In other words, are we meant to believe that surveillance does not also pose a threat to democratic society?

YNet reports that the phone company is trying to find a way to block the messages:

Dozens of Israeli customers of the Orange cellular service provider received unexpected SMS messages on their phones Wednesday evening, with the English message:

“Now Now Now…Go out from your home Hizballah willing shelling of the area, Israel Government Cheating you And refuse recognition Defeat.â€?

[…]

Rani Rahav, a spokesperson for Orange, responded that the text messages were coming from a small service provider “somewhere out there in the Pacific Ocean. We are working right now to block the provider from transmitting further messages to Orange customers.�

Who pays for those SMS threats? We always hear about the Internet being a concern in modern information warfare, but cellular phones clearly play a more significant role since they are so mobile and resilient. Blocking an entire provider sounds like the system does not have granularity, which may turn into a sticky problem for Orange if the attackers can spread the origin of their messages. Denial of service also blocks helpful messages.

I haven’t seen this in the press yet, perhaps because breaches are so common in the news that people have become desensitized, but Kansas State University just announced it had a fair amount of computer equipment stolen via social engineering:

About $25,000 of computers and equipment was stolen the evening of Wednesday, July 19, from the K-State ID Center in the K-State Student Union. Police are searching for two white males in their early 20s, according to a July 20 news release from K-State’s Media Relations. Anyone with information about the crime is asked to call Detective Donald Stubbings, K-State Police Department, 785-532-6412.

The two subjects, described as wearing blue jumpsuits with “Fox Business Systems” logos, gained access to the ID Center by showing the on-duty Union manager what may have been a forged document and saying they were hired to do repairs on the center’s computers. Several computers, monitors, cameras, and printers were later found missing from the center.

No personal data was lost because it’s stored on a secured server, said Craig Johnson, manager of the ID Center. “Although we have a very secure database, we added enhancements Thursday and Friday to ensure a higher level of security, including a firewall and IP lockouts on the specific workstations stolen,” he said.

I’m not sure why the ID Center announced to the world that they are using IP blocks for the stolen computers. I think the reporter should have stopped with “the center took extra precautions after the theft”. The less info about the exact counter-measures in the immediate aftermath the more chance you have of catching the perpetrators.

On the other hand it’s great to hear a University say they had several control measures in place to prevent (and detect?) loss of identities, especially since the attack appears to have been well planned and very specific to their ID Center. Incidentally, a Kansas breach notification law (SB 196) went into effect July 1st, 2006, a little more than two weeks before the breach.

I wonder how they arrive at the “very secure” description of the database, and of the safety of the IDs on the stolen computers. Is that an independent assessment? Does it conform to a standard? After all, we have to wonder if the stolen equipment was also considered “very secure”? Over thirty states now have breach disclosure laws so I expect the clarification of “reasonable” security precautions is likely to become an interesting issue.

Oh, and good luck to the police with that descripton of two white males in their twenties wearing jumpsuits on a college campus in Kansas. Hopefully someone will have more detail. Otherwise they might as well put a search out for wheat, no?