A post tonight on indymedia is certainly a shocking story. Here’s their perspective (click on the link to their site to hear the actual recording of the torture):

When Lester exercised his constitutional right not to sign a consent to search his house, [Tennessee law enforcement officials] spent the next two hours torturing him. They beat him with bats and guns, held loaded guns to his head, threatened to shoot him, dunked his head in the toilet, burned him with lighters, attached his testicles to a battery charger, threatened to cut off his fingers, and threatened to “go get” his wife and take his child away from him. Then they arrested him for “evading arrest”.

A search for “Lester Siler” brings up local news stories like Knoxville’s WVLT, that verify the gravity of the situation:

The Silers were at the center of a controversy when five Campbell County lawmen allegedly beat and tortured Lester Siler, attempting to force him to sign a confession. An audio recording made by Jenny Siler became a key piece of evidence in a criminal case against the four deputies. Those five officers later all plead guilty to violating Siler’s civil rights

And here is the Knoxville WATE report :

Attorney Farley says the deputies came to Siler’s home on White Oak Road to serve a warrant for a violation of probation. Farley says they asked Siler to sign a consent form to search his home.

“When Mr. Siler wouldn’t sign the form, the officers began to torture and beat Mr. Siler in an attempt to make him sign this form. The beating lasted for almost two hours with the officers striking and hitting Mr. Siler several times about his face and body,” Farley said.

The Knoxville News Sentinel sheds some more light on whether this was an isolated incident:

It was Jenny Siler who secretly stashed a tape recorder in the kitchen when the five lawmen showed up at her house on July 8 to arrest her husband on a violation of probation warrant.

Before she was ordered to leave with her 8-year-old son, she turned on the recorder. Anderson has said there had been “other visits” by Campbell County deputies that prompted Jenny Siler to turn on the recorder. Anderson did not elaborate, other than to say that the Silers already had complained about mistreatment before the July attack.

“They were told they needed proof,” Anderson said. “You have to go to the same people that are involved to report it. You don’t expect them to believe you.”

[…]

[narcotics chief David] Webber has admitted in his plea agreement that he was the ringleader of the torture and beating of Siler. Unlike the other four former lawmen, Webber’s plea agreement contains an immunity clause and suggests Webber has admitted to the FBI and federal prosecutors other misdeeds.

Campbell County District Attorney General Paul Phillips has said he asked the Tennessee Bureau of Investigation to probe Webber’s removal of $4,000 from the Sheriff’s Department drug fund last year. Webber has failed to provide any documentation to show what he did with the money, which is supposed to be used only for drug investigations.

Not good news, for sure, and not much outside of Knoxville. I wonder how long before the irony of this police brutality reaches the national or even international consciouness and America’s national security is further weakened?

Hearts and minds, folks, hearts and minds…

Strange how this fight turned out, considering the position of the EU authorities:

The European Parliament argued that the US did not guarantee adequate levels of data protection and that handing over the data violated passengers’ privacy.

It asked the European Court of Justice to annul the deal.

However, the court did not consider the privacy argument in its ruling, and confined itself to examing the legal basis of the data transfer.

It said the EU Data Protection Directive, on which the Council of the European Union and the European Commission based their actions did not apply to data collected for security purposes.

Really? Does that mean if you are an official entity collecting EU citizen data for “security purposes” you can handle it as you wish, without need to prove reasonable controls are in place? This seems highly counterintuitive. Must be something missing in the report that details of the ruling would clarify.

It really makes you wonder when E&Y, as an audit firm, continues to experience large identity breaches. I’m not just talking about their apparent lack of controls to prevent the breach (e.g. don’t leave laptops unattended in the open), or need to disclose (e.g. encryption), I’m talking about the fact that they probably used to lose data all the time but never reported it before the breach disclosure laws came into effect. The Register provides the gory details:

Ernst & Young’s laptop loss unit continues to be one of the company’s more productive divisions. We learn this week that the accounting firm lost a system containing data on 243,000 Hotels.com customers. Hotels.com joins the likes of Sun Microsystems, IBM, Cisco, BP and Nokia, which have all had their employees’ data exposed by Ernst & Young, as revealed here in a series of exclusive stories.

Ouch.

Apparently someone thinks it is a good idea to require you to have your cellphone with you in order to start your car. When that is found to be easily broken (i.e. with a replay or DoS attack) I can only guess what else will be used as a key. Perhaps a special stuffed animal that will rest on the dashboard? Or maybe one of those cap tassles from graduation ceremonies? Might as well put the stuff to use.

Anyhow, I just thought I should mention that multiples of the same form of authentication do not necessarily reduce vulnerabilities. For example, “something you have” plus “something else you have” plus “something else you have” still just adds up to one-factor authentication — something you have.

Telematics Journal describes the system in question:

A new car security system that identifies car owners through the Bluetooth element of their mobile phones is set to revolutionize the fight against car thieves. Auto-txt immediately identifies a car as stolen if the car is started with the keys but the mobile phone is not present. This unique feature allows a Bluetooth enabled device, such as a phone or PDA, to authenticate the vehicle owner, providing an enhanced level of security.

I can barely get my bluetooth headset to reliably connect to my phone, so I can’t imagine what happens when I need to start my car and bluetooth connections are spotty, or the battery dies. And when will manufacturers stop hard-coding four-digit PIN authentication as 0000? Bluetooth security has been so poorly implemented, I have a hard time understanding why anyone would want to lower their auto security to the dismal level of cell-phones.

The other part of the system seems to be some sort of sales spiel by Ford’s luxury division to provide assurance to prospective owners:

Auto-txt is the first stolen vehicle protection and tracking system to be awarded Thatcham’s Category 5 accreditation, the new insurance industry standard that is supported by the police. […] Auto-txt has been selected by Jaguar Cars and Land Rover to supply car tracking and security systems for all their vehicles from 2006. The systems, called Jaguar Watch and Land Rover Watch, will be available in the UK and across Europe. It is the first time the prestige car manufacturers will be offering a stolen vehicle tracking system in their own name.

Might be interesting to look into the formula for the Thatcham accreditation claim. In other words, is the plan for sales to go up x% due to an Auto-txt marketing blurb, or do they really believe that auto recovery (in a useable state) will be more effective?