Featured ContentNote: We're able to pay for good user-contributed content
News 
According to documents obtained by CNET, the DEA is upset because the encryption used by Apple's iMessage foils their ability to snoop on those communications. Even with a warrant (increasingly seen as optional these days by law enforcement and intelligence agencies) and the fact that carriers let the NSA snoop on everything in real time, "it is impossible to intercept iMessages between two Apple devices." Well not entirely impossible; the memo notes that sometimes interception is possible, but it would require the government to conduct man in the middle attacks using spoofed cell towers, something the feds just got busted for using for years without properly informing Judges. Encryption isn't particularly hard, but as an ACLU analyst in the CNET piece points out, most companies and providers don't put any effort into it: Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union, said yesterday that "Apple's service is not designed to be government-proof." "It's much much more difficult to intercept than a telephone call or a text message" that federal agents are used to, Soghoian says. "The government would need to perform an active man-in-the-middle attack... The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users. It's disgraceful." The government has been pushing for years to have wiretap and privacy laws like CALEA changed to provide them with easier access to encrypted services like Gmail. 49 comments
The ACLU recently uncovered heavy government use of devices known as "stingrays," which allow law enforcement to trick a user's cell phone to connect to a spoofed device instead of a tower for the purposes of data collection. As Wired explores, the Department of Justice is under fire for using these devices without informing Judges about either the devices, or the fact they could collect data from uninvolved third parties.  story continues..29 comments
While carriers already now give real-time access to all network data, the FBI says that real-time wiretapping of Gmail is their top priority in 2013. Speaking last week at the American Bar Association, FBI general counsel Andrew Weissmann argued once again that the agency wants to revamp the Communications Assistance for Law Enforcement Act to allow for real-time surveillance of e-mail, cloud storage services, and social networking websites. 53 comments
Everyone in the mobile ecosystem, from app developers to your carrier, is now collecting every shred of mobile location data that isn't nailed down and are busily selling that data to whoever wants to buy it, from civil engineers to marketing agencies. Consumer privacy protections here are virtually nonexistent, and the companies making billions off of your daily life have been busy arguing that there are no need for new protections because the data they collect is anonymized. However, a new study by MIT and the Catholic University of Louvain studied fifteen months' worth of "anonymized" collected data from 1.5 million people, and found that people's routines are unique and predictable enough that ferreting out their identity is incredibly easy using just for location logs: In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. If that location data is poorly secured, combining it with other databases creates unique and new privacy violation possibilities the researchers say we haven't really even fully started to fathom yet. The scientists tell the BBC they're not advocating that we stop collecting this data, though they do suggest we need to stop pretending it's truly anonymous, and consider additional privacy protections. 16 comments
Back in June of 2010, you might recall that a security hole in AT&T's website allowed two individuals to gain access to the e-mail addresses of 114,000 owners of 3G Apple iPads, including "dozens of CEOs, military officials, and top politicians." A group calling itself Goatse Security at the time claimed responsibility for the hack, which in addition to e-mail addresses resulted the group obtaining user ICC-IDs -- used to identify their specific iPad on the AT&T network. One of those involved in the "hack" today found themselves sentenced to 41 months in prison, to be followed by three years of supervised release and $73,000 in restitution to be paid to AT&T. 41 comments
We've covered for several years the growing use (or in a significant number of proven cases, the abuse) of National Security Letters. NSLs allow the government to obtain records from ISPs (or banks and other companies), then involve a gag order against the ISP with no judicial review. 22 comments
Porn copyright troll Prenda Law has apparently run afoul of one very tough Judge. We've previously noted how Prenda has been trying to scare broadband users into settling with the company en masse after they've been tracked downloading copyrighted porn films. 12 comments
As earlier leaks had suggested, Google today confirmed that the company will pay a $7 million fine to settle a consolidated lawsuit brought against the company for their collection of data from unsecured hotspots. In 2010, Google was busted using their Google Street View cars to collect Wi-Fi data from areas they passed through. The company claimed that the effort was a rogue action of one employee running a test project, and the data collected was largely useless ( confirmed by subsequent studies) given the collection vehicles flipped channels roughly five times each second. 15 comments
Back in April of 2010, Google was busted using their Google Street View cars to collect Wi-Fi data from areas they passed through. Google initially stated they only collected publicly available SSID and MAC Address data -- then later acknowledged that they were collecting snippets of actual transmitted data -- though Google insisted they did so accidentally, and only from unsecured hotspots. 17 comments
Iran, like Pakistan, in 2011 decided to make use of VPNs illegal, claiming the move was necessary for "security reasons" and to "stop militants" (easier spying is of course just coincidence). Reuters notes that the Iranian government have lately been clamping down harder on VPNs, hunting down and shuttering "illegal" VPNs. The country allows only official, surveillance-ready VPNs to operate. The clamp down comes as Iran prepares for its presidential election in June. Iran also filters or bans Facebook, Twitter, and YouTube significantly. 42 comments
CISPA, a bill that would significantly erode consumer privacy and expand Internet activity surveillance under the guise of "cybersecurity," (see the EFF's excellent primer) recently rose from the dead. Phone companies are of course in support of CISPA, given it gives them a blank check to violate consumer privacy laws. 10 comments
The Baltimore Sun (via Ars Technica) notes that Verizon contacted police after they noticed a Baltimore Deacon was quite happily storing his significant child pornography collection in the cloud. The Deacon apparently thought it was a great idea to store this content in his Verizon Online Backup and Sharing account; Verizon noticed the content and contacted the Center for Missing and Exploited Children, who in turn contacted law enforcement. 67-year-old William Steven Albaugh was released on $75,000 bond while the investigation continues. Aside from the obvious discussion on disgusting child porn, priests, and stupidity -- the incident raises some obvious questions about just how extensively Verizon monitors cloud content. 93 comments
With carriers now happily (and retroactively legally) dumping all voice and Internet data in real time in the NSA's lap, the agency needed more computing power to dig through the noise. The NSA's new $2 billion supercomputer warehouse in Bluffdale, Utah, exposed by Wired last year, is the answer to that problem -- housing 25,000 square feet of traffic analysis computing power. Forbes (hat tip to Techdirt) rather unsurprisingly found that the government doesn't like visitors with cameras at their under-construction super spy-warehouse, and the story is worth an amusing read. The supercomputer center is slated to come online in September. 57 comments
story continues..52 comments
For years the music and film industries have been pushing to have broadband users disconnected from the Internet as the final penalty after repeated warnings for copyright violations. Those efforts have run into repeated problems not only thanks to heavy resistance from ISPs unwilling to lose paying customers but in the courts, where the lifetime or year-long loss of broadband is seen as excessive punishment. story continues..52 comments
According to Google's latest transparency report, more than two-thirds of the requests submitted to the company for private user information aren't backed by warrants. According to the study, various parts of the United States government made over 8,400 requests for nearly 15,000 accounts -- significantly more than any other government. 49 comments
Security analyst Gaurang Pandya this week proclaimed that Nokia has been hijacking Internet traffic of Nokia phone users, technically providing the company with access to all user Internet browsing activity. According to the researcher, Nokia is effectively conducting a "man in the middle attack" on its users, intercepting and temporarily decrypting HTTPS connections, giving Nokia access to all manner of protected communications. 61 comments
Back in 2008 Congress passed the Foreign Intelligence Surveillance Act (FISA), which not only retroactively gave the government a pass for years of illegal spying on its own citizens, but gave companies like AT&T a get out of jail free card for helping them. For AT&T in particular that help was immense, from allowing real time wiretaps of all traffic without warrants, to advising the government on the best and easiest way to ignore privacy laws. 49 comments
As we noted last month, the Senate Judiciary Committee had been working on an update to the Electronic Communications Privacy Act of 1986 that would have strengthened consumer e-mail privacy protections, requiring that the government obtain a warrant before snooping user e-mail or remotely stored data (like cloud storage). It was a surprising direction for a government that has relentless pushed to eliminate all citizen privacy protections, so not too surprisingly the Amendment has been killed without explanation: Last month, the Senate Judiciary Committee approved an amendment attached to the Video Privacy Protection Act Amendments Act (which deals with publishing users’ Netflix information on Facebook pages) that would have required federal law enforcement to obtain a warrant before monitoring email or other data stored remotely (i.e., the cloud). The Senate was set to approve the video privacy bill along with the email amendment, which would have applied to a different law, the 1986 Electronic Communications Privacy Act. But then senators decided for reasons unknown to drop the amendment. Current law allows the government to sift through emails and other cloud data without a warrant provided the data has been stored for 180 days or more. However, with wiretaps installed at most large carriers providing the government user communications in real time, it's believed that those laws are generally laughed at by intelligence services. 36 comments
A new study by the Federal Trade Commission notes that the majority of mobile apps aimed at children secretly collect information from children including device IDs, phone numbers, locations, and other private data without their parents' knowledge or consent. According to the report, apps offered for children in the Google Play and Apple App stores continue to fail horribly when it comes to informing parents or children about data collection, despite a survey last year saying the exact same thing. 14 comments
·more stories, story search, most popular ..
Recent news contributorsKarl Bode  , Van , newview
| 
