Forgot your password?
typodupeerror
Privacy

Top NSA Official Raised Alarm About Metadata Program In 2009 100

Posted by Soulskill
from the should-have-listened dept.
An anonymous reader sends this report from the Associated Press: "Dissenters within the National Security Agency, led by a senior agency executive, warned in 2009 that the program to secretly collect American phone records wasn't providing enough intelligence to justify the backlash it would cause if revealed, current and former intelligence officials say.

The NSA took the concerns seriously, and many senior officials shared them. But after an internal debate that has not been previously reported, NSA leaders, White House officials and key lawmakers opted to continue the collection and storage of American calling records, a domestic surveillance program without parallel in the agency's recent history.
United States

Greenwald Advises Market-Based Solution To Mass Surveillance 143

Posted by samzenpus
from the you-get-what-you-demand dept.
Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Privacy

Amnesty International Releases Tool To Combat Government Spyware 94

Posted by timothy
from the doing-the-right-thing dept.
New submitter Gordon_Shure_DOT_com writes Human rights charity Amnesty International has released Detekt, a tool that finds and removes known government spyware programs. Describing the free software as the first of its kind, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. While acknowledging that the only sure way to prevent government surveillance of huge dragnets of individuals is legislation, Marek Marczynski of Amnesty nevertheless called the tool (downloadable here) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to popular malware or virus removal suites, though systems must be disconnected from the Internet prior to it scanning.
Communications

WhatsApp To Offer End-to-End Encryption 92

Posted by timothy
from the trend-worth-extending dept.
L-One-L-One (173461) writes In a surprise move, nine months after being bought by Facebook, WhatsApp has begun rolling out end-to-end encryption for its users. With true end-to-end encryption data becomes unaccessible to admins of WhatsApp or law enforcement authorities. This new feature first proposed on Android only has been developed in cooperation with Open Whisper Systems, based on TextSecure. With hundreds of million users, WhatsApp becomes by far the largest secure messaging application. FBI Director James Comey might not be pleased. Do you have a current favorite for encrypted online chat?
Republicans

Republicans Block Latest Attempt At Curbing NSA Power 424

Posted by Soulskill
from the and-everybody-will-have-forgotten-about-it-in-two-years dept.
Robotron23 writes: The latest attempt at NSA reform has been prevented from passage in the Senate by a margin of 58 to 42. Introduced as a means to stop the NSA collecting bulk phone and e-mail records on a daily basis, the USA Freedom Act has been considered a practical route to curtailment of perceived overreach by security services, 18 months since Edward Snowden went public. Opponents to the bill said it was needless, as Wall Street Journal raised the possibility of terrorists such as ISIS running amok on U.S. soil. Supporting the bill meanwhile were the technology giants Google and Microsoft. Prior to this vote, the bill had already been stripped of privacy protections in aid of gaining White House support. A provision to extend the controversial USA Patriot Act to 2017 was also appended by the House of Representatives.
Privacy

NYT: Privacy Concerns For ClassDojo, Other Tracking Apps For Schoolchildren 66

Posted by Soulskill
from the won't-somebody-other-than-advertisers-think-of-the-children dept.
theodp writes: The NY Times' Natasha Singer files a report on popular and controversial behavior tracking app ClassDojo, which teachers use to keep a running tally of each student's score, award virtual badges for obedience, and to communicate with parents about their child's progress. "I like it because you get rewarded for your good behavior — like a dog does when it gets a treat," was one third grader's testimonial. Some parents, teachers and privacy law scholars say ClassDojo (investors) — along with other unproven technologies that record sensitive information about students — is being adopted without sufficiently considering the ramifications for data privacy and fairness. "ClassDojo," writes Singer, "does not seek explicit parental consent for teachers to log detailed information about a child's conduct. Although the app's terms of service state that teachers who sign up guarantee that their schools have authorized them to do so, many teachers can download ClassDojo, and other free apps, without vetting by school supervisors. Neither the New York City nor Los Angeles school districts, for example, keep track of teachers independently using apps."

A high school teacher interviewed for the article confessed to having not read ClassDojo's policies on handling student data, saying: "I'm one of those people who, when the terms of service are 18 pages, I just click agree." And, if all this doesn't make you parents just a tad nervous, check out this response to the "Has anyone ran a data analysis on their CD data?" question posed to the Class Dojo Community: "I needed to analyze data in regards to a student being placed on ADHD medicine to see whether or not he made any improvements. I have also used it to determine any behavioral changes depending on if a student was with mom/dad for a custody review. I use dojo consistently, so I LOVE getting to use the data to evaluate and share with parents, or even administrators."
Privacy

Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services 106

Posted by samzenpus
from the price-of-privacy dept.
apexcp writes The web's biggest anonymity network is considering a crowdfunding campaign to overhaul its hidden services. From the article: "In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed. With enough funding, Tor could have developers focusing their work entirely on hidden services, a change in developer priorities that many Tor users have been hoping for in recent years."
Networking

Can the US Actually Cultivate Local Competition in Broadband? 135

Posted by timothy
from the but-what-we-really-want-is-more-rules dept.
New submitter riskkeyesq writes with a link to a blog post from Dane Jasper, CEO of Sonic.net, about what Jasper sees as the deepest problem in the U.S. broadband market and the Internet in general: "There are a number of threats to the Internet as a system for innovation, commerce and education today. They include net neutrality, the price of Internet access in America, performance, rural availability and privacy. But none of these are the root issue, they're just symptoms. The root cause of all of these symptoms is a disease: a lack of competition for consumer Internet access." Soft landings for former legislators, lobbyists disguised as regulators, hundreds of thousands of miles of fiber sitting unused, the sham that is the internet provider free market is keeping the US in a telecommunications third-world. What, exactly, can American citizens do about it? One upshot, in Jasper's opinion (hardly disinterested, is his role at CEO at an ISP that draws praise from the EFF for its privacy policies) is this: "Today’s FCC should return to the roots of the Telecom Act, and reinforce the unbundling requirements, assuring that they are again technology neutral. This will create an investment ladder to facilities for competitive carriers, opening access to build out and serve areas that are beyond our reach today."
Google

For Some Would-Be Google Glass Buyers and Devs, Delays May Mean Giving Up 154

Posted by timothy
from the you're-going-to-like-the-clip-on-tie-version dept.
ErnieKey writes with a Reuters story that says Google's Glass, not yet out for general purchase, has been wearing on the patience of both developers and would-be customers: "After an initial burst of enthusiasm, signs that consumers are giving up on Glass have been building.' Is it true that Google Goggles are simply not attractive to wear? Or perhaps it's the invasion of privacy that is deterring people from wearing them. Regardless, Google needs to change something quickly before they lose all their potential customers. From the article: Of 16 Glass app makers contacted, nine said that they had stopped work on their projects or abandoned them, mostly because of the lack of customers or limitations of the device. Three more have switched to developing for business, leaving behind consumer projects. Plenty of larger developers remain with Glass. The nearly 100 apps on the official website include Facebook and OpenTable, although one major player recently defected: Twitter. "If there was 200 million Google Glasses sold, it would be a different perspective. There's no market at this point," said Tom Frencel, the chief executive of Little Guy Games, which put development of a Glass game on hold this year and is looking at other platforms, including the Facebook-owned virtual-reality goggles Oculus Rift. Several key Google employees instrumental to developing Glass have left the company in the last six months, including lead developer Babak Parviz, electrical engineering chief Adrian Wong, and Ossama Alami, director of developer relations.
AT&T

AT&T Stops Using 'Super Cookies' To Track Cellphone Data 60

Posted by timothy
from the turns-out-people-hate-that dept.
jriding (1076733) writes AT&T Mobility, the nation's second-largest cellular provider, says it's no longer attaching hidden Internet tracking codes to data transmitted from its users' smartphones. The practice made it nearly impossible to shield its subscribers' identities online. Would be nice to hear something similar from Verizon.
Communications

81% of Tor Users Can Be De-anonymized By Analysing Router Information 136

Posted by timothy
from the keep-him-on-the-line dept.
An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'
Privacy

Carmakers Promise Not To Abuse Drivers' Privacy 98

Posted by timothy
from the how-far-can-you-throw-this-vehicle? dept.
schwit1 provides this excerpt from an Associated Press report: "Nineteen automakers accounting for most of the passenger cars and trucks sold in the U.S. have signed onto a set of principles they say will protect motorists' privacy in an era when computerized cars pass along more information about their drivers than many motorists realize. The principles were delivered in a letter Wednesday to the Federal Trade Commission, which has the authority to force corporations to live up to their promises to consumers. Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission. The principles also commit automakers to 'implement reasonable measures' to protect personal information from unauthorized access." Also at the Detroit News. Adds schwit1: "It's a meaningless gesture without being codified into law. A greedy car manufacturer or NSL trumps any 'set of principles'." The letter itself (PDF) isn't riveting, but it's more readable than some such documents, and all the promises it makes are a good reminder of just how much data modern cars can collect, and all the ways that it can be passed on.
United States

Senate May Vote On NSA Reform As Soon As Next Week 127

Posted by samzenpus
from the stop-looking-at-me dept.
apexcp writes Senate Majority Leader (for now) Harry Reid announced he will be taking the USA FREEDOM Act to a floor vote in the Senate as early as next week. While the bill, if passed, would be the first significant legislative reform of the NSA since 9/11, many of the act's initial supporters have since disavowed it, claiming that changes to its language mean it won't do enough to curb the abuses of the American surveillance state
EU

European Parliament Considers Sharing Passenger Information By Default 58

Posted by samzenpus
from the open-book dept.
An anonymous reader writes The EU Passenger Name Record (PNR) proposal which was defeated in April of last year has returned to consideration in the European Parliament today. The law would require that airlines provide extensive personal details of anyone flying into or out of Europe. The information would include name, address, phone numbers, credit card information and travel itinerary. Director of Europol Rob Wainwright says that PNR is within the bounds of "reasonable measures" in the struggle against terrorism, and that possible threats against Europe have increased in the more than 12 months since the law was last rejected. Dutch MEP Sophie In't Veld is arguing that the Data Protection Directive should be put into place before any such systematized disclosure be ratified. "They want unlimited powers," she said. "they don't want to be bound by rules or data protection authorities and that's the reality."
United States

Hacker Builds a Dark Net Version of the FBI Tip Form 41

Posted by samzenpus
from the here's-a-tip dept.
Daniel_Stuckey writes A London-based programmer has set up a new hidden service for anyone using Tor to submit anonymous tips to the FBI. With the new .onion hidden service link, which accesses the FBI's tips page through a reverse proxy, Mustafa Al-Bassam told me in an IRC chat that he's engineered a "proof-of-concept," demonstrating how the bureau might go about setting up a more secure system for receiving crime tips.
Encryption

ISPs Removing Their Customers' Email Encryption 245

Posted by Soulskill
from the aggressively-anticonsumer dept.
Presto Vivace points out this troubling new report from the Electronic Frontier Foundation: Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the U.S. and Thailand intercepting their customers' data to strip a security flag — called STARTTLS — from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
Privacy

Police Body Cam Privacy Exploitation 301

Posted by Soulskill
from the always-that-one-bad-apple dept.
blindbat writes: A new YouTube account is pushing local police agencies to reconsider their use of body-mounted cameras. Poulsbo Police have been wearing body cameras for about a year, and the department says the results have been good. But last month reality hit, in the form of a new YouTube user website, set up by someone under the name, "Police Video Requests." The profile says it posts dash and body cam videos received after public records requests to Washington state police departments. "They're just using it to post on the internet," said Chief Townsend, "and I suspect it's for commercial purposes." In September, "Police Video Requests" anonymously asked Poulsbo PD for every second of body cam video it has ever recorded. The department figures it will take three years to fill that request. And Chief Townsend believes it is a huge privacy concern, as officers often see people on their worst days. "People with mental illness, people in domestic violence situations; do we really want to have to put that video out on YouTube for people? I think that's pushing it a little bit," he said.
Communications

How To End Online Harassment 827

Posted by Soulskill
from the can't-we-all-just-get-along dept.
Presto Vivace sends this excerpt from an article at the Kernel, titled 'With Gamergate, it's not enough to ignore the trolls.' Gendered bigotry against women is widely considered to be "in bounds" by Internet commenters (whether they openly acknowledge it or not), and subsequently a demographic that comprises half of the total human population has to worry about receiving rape threats, death threats, and the harassment of angry mobs simply for expressing their opinions. This needs to stop, and while it's impossible to prevent all forms of harassment from occurring online, we can start by creating a culture that shames individuals who cross the bounds of decency.

We can start by stating the obvious: It is never appropriate to use slurs, metaphors, graphic negative imagery, or any other kind of language that plays on someone's gender, race/ethnicity, sexual orientation, or religion. Not only is such language inappropriate regardless of one's passion on a given subject, but any valid arguments that existed independently of such rhetoric should have been initially presented without it. Once a poster crosses this line, they should lose all credibility.

Similarly, it is never acceptable to dox, harass, post nude pictures, or in any other way violate someone's privacy due to disagreement with their opinions. While most people would probably agree with this in theory, far too many are willing to access and distribute this humiliating (and often illegal) content. Instead of simply viewing stories of doxing, slut-shaming, and other forms of online intimidation as an unfortunate by-product of the digital age, we should boycott all sites that publish these materials.
Social Networks

German Spy Agency Seeks Millions To Monitor Social Networks 59

Posted by Soulskill
from the you-took-the-wrong-lesson-from-this dept.
itwbennett writes: Germany's foreign intelligence agency reportedly wants to spend €300 million (about $375 million) in the next five years on technology that would let it spy in real time on social networks outside of Germany, and decrypt and monitor encrypted Internet traffic. The agency, which already spent €6.22 million in preparation for this online surveillance push, also wants to use the money to set up an early warning system for cyber attacks, the report said (Google translation of German original). A prototype is expected to be launched next June with the aim of monitoring publicly available data on Twitter and blogs.
Firefox

Mozilla Updates Firefox With Forget Button, DuckDuckGo Search, and Ads 308

Posted by Soulskill
from the onward-and-upward dept.
Krystalo writes: In addition to the debut of the Firefox Developer Edition, Mozilla today announced new features for its main Firefox browser. The company is launching a new Forget button in Firefox to help keep your browsing history private, adding DuckDuckGo as a search option, and rolling out its directory tiles advertising experiment.

We are experiencing system trouble -- do not adjust your terminal.

Working...