Forgot your password?
typodupeerror

Follow Slashdot stories on Twitter

Privacy

Apple's "Warrant Canary" Has Died 96

Posted by samzenpus
from the get-out-of-the-mine dept.
HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
Encryption

Next Android To Enable Local Encryption By Default Too, Says Google 85

Posted by timothy
from the keep-it-to-yourself-bub dept.
An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.
Networking

Once Vehicles Are Connected To the Internet of Things, Who Guards Your Privacy? 111

Posted by timothy
from the I-hope-it's-rob-ford dept.
Lucas123 (935744) writes Carmakers already remotely collect data from their vehicles, unbeknownst to most drivers, but once connected via in-car routers or mobile devices to the Internet, and to roadway infrastructure and other vehicles around them, that information would be accessible by the government or other undesired entities. Location data, which is routinely collected by GPS providers and makers of telematics systems, is among the most sensitive pieces of information that can be collected, according to Nate Cardozo, an attorney with the Electronic Frontier Foundation. "Not having knowledge that a third party is collecting that data on us and with whom they are sharing that data with is extremely troubling," Cardozo said. in-vehicle diagnostics data could also be used by government agencies to track driver behavior. Nightmare scenarios could include traffic violations being issued without law enforcement officers on the scene or federal agencies having the ability to track your every move in a car. That there could be useful data in all that personally identifiable bits made me think of Peter Wayner's "Translucent Databases."
Encryption

Apple Will No Longer Unlock Most iPhones, iPads For Police 422

Posted by timothy
from the just-what-they-want-you-to-think-part-827398 dept.
SternisheFan writes with this selection from a story at the Washington Post: Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data. The move, announced with the publication of a new privacy policy tied to the release of Apple's latest mobile operating system, iOS 8, amounts to an engineering solution to a legal dilemma: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company – or anyone else but the device's owner – to gain access to the vast troves of user data typically stored on smartphones or tablet computers. The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails, recordings or other documents. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS8, it said in a new guide for law enforcement. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its Web site. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Government

NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations 103

Posted by Soulskill
from the i-don't-think-the-mr-magoo-routine-is-going-to-work dept.
Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.
Privacy

FBI Completes New Face Recognition System 129

Posted by Soulskill
from the they-know-what-you-did-last-summer dept.
Advocatus Diaboli writes: According to a report from Gizmodo, "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications." Techdirt points out that an assessment of how this system affects privacy was supposed to have preceded the actual rollout. Unfortunately, that assessment is nowhere to be found.

Two recent news items are related. First, at a music festival in Boston last year, face recognition software was tested on festival-goers. Boston police denied involvement, but were seen using the software, and much of the data was carelessly made available online. Second, both Ford and GM are working on bringing face recognition software to cars. It's intended for safety and security — it can act as authentication and to make sure the driver is paying attention to the road.
Cloud

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked 190

Posted by timothy
from the our-cooperation-was-strictly-reluctant dept.
Apple CEO Tim Cook insists that Apple doesn't read -- in fact, says Cook, cannot read -- user's emails, and that the company's iCloud service wasn't hacked. ZDNet presents highlights from Cook's lengthy, two-part interview with Charlie Rose. One selection of particular interest: Apple previously said that even it can't access iMessage and FaceTime communications, stating that such messages and calls are not held in an "identifiable form." [Cook] claimed if the government "laid a subpoena," then Apple "can't provide it." He said, bluntly: "We don't have a key... the door is closed." He reiterated previous comments, whereby Apple has said it is not in the business of collecting people's data. He said: "When we design a new service, we try not to collect data. We're not reading your email." Cook went on to talk about PRISM in more detail, following the lead from every other technology company implicated by those now-infamous PowerPoint slides.
Australia

Quickflix Wants Netflix To Drop Australian VPN Users 172

Posted by timothy
from the all-we-want-is-a-captive-audience dept.
ashshy writes 200,000 Australian residents reportedly use Netflix today, tunneling their video traffic to the US, UK, and other Netflix markets via VPN connections. A proper Netflix Down Under service isn't expected to launch until 2015. Last week, Aussie video streaming company Quickflix told Netflix to stop this practice, so Australian viewers can return to Quickflix and other local alternatives. But Quickflix CEO Stephen Langsford didn't explain how Netflix could restrict Australian VPN users, beyond the IP geolocating and credit card billing address checks it already runs. Today, ZDNet's Josh Taylor ripped into the absurdity of Quickflix's demands. From the article: "If Netflix cuts those people off, they're going to know that it was at the behest of Foxtel and Quickflix, and would likely boycott those services instead of flocking to them. If nothing else, it would encourage those who have tried to do the right thing by subscribing and paying for content on Netflix to return to copyright infringement."
Australia

NSW Police Named as FinFisher Spyware Users 73

Posted by samzenpus
from the oh-watching-the-places-you'll-go dept.
Bismillah writes Wikileaks' latest release of documents shows that the Australian New South Wales police force has spent millions on licenses for the FinFisher set of law enforcement spy- and malware tools — and still has active licenses. What it uses FinFisher, which has been deployed against dissidents by oppressive regimes, for is yet to be revealed. NSW Police spokesperson John Thompson said it would not be appropriate to comment "given this technology relates to operational capability".
Businesses

Comcast Allegedly Asking Customers to Stop Using Tor 417

Posted by samzenpus
from the no-tor-for-you dept.
An anonymous reader writes Comcast agents have reportedly contacted customers who use Tor and said their service can get terminated if they don't stop using Tor. According to Deep.Dot.Web, one of those calls included a Comcast customer service agent who allegedly called Tor an “illegal service.” The Comcast agent told the customer that such activity is against usage policies. The Comcast agent then allegedly told the customer: "Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal. We have the right to terminate, fine, or suspend your account at anytime due to you violating the rules. Do you have any other questions? Thank you for contacting Comcast, have a great day." Update: 09/15 18:38 GMT by S : Comcast has responded, saying they have no policy against Tor and don't care if people use it.
Government

New Details About NSA's Exhaustive Search of Edward Snowden's Emails 199

Posted by samzenpus
from the taking-a-good-look dept.
An anonymous reader points out this Vice story with new information about the NSA's search of Edward Snowden's emails. Last year, the National Security Agency (NSA) reviewed all of Edward Snowden's available emails in addition to interviewing NSA employees and contractors in order to determine if he had ever raised concerns internally about the agency's vast surveillance programs. According to court documents the government filed in federal court September 12, NSA officials were unable to find any evidence Snowden ever had.

In a sworn declaration, David Sherman, the NSA's associate director for policy and records, said the agency launched a "comprehensive" investigation after journalists began to write about top-secret NSA spy programs upon obtaining documents Snowden leaked to them. The investigation included searches of any records where emails Snowden sent raising concerns about NSA programs "would be expected to be found within the agency." Sherman, who has worked for the NSA since 1985, is a "original classification authority," which means he can classify documents as "top-secret" and process, review, and redact records the agency releases in response to Freedom of Information Act (FOIA) requests.

In his declaration, Sherman detailed steps he said agency officials took to track down any emails Snowden wrote that contained evidence he'd raised concerns inside the agency. Sherman said the NSA searched sent, received, deleted emails from Snowden's account and emails "obtained by restoring back-up tapes." He noted that NSA officials reviewed written reports and notes from interviews with "NSA affiliates" with whom the agency spoke during its investigation.
United States

Treasure Map: NSA, GCHQ Work On Real-Time "Google Earth" Internet Observation 262

Posted by samzenpus
from the lets-see-what-you're-doing dept.
wabrandsma) writes with the latest accusations about NSA spying activity in Germany. According to top-secret documents from the NSA and the British agency GCHQ, the intelligence agencies are seeking to map the entire Internet.
Furthermore, every single end device that is connected to the Internet somewhere in the world — every smartphone, tablet and computer — is to be made visible. Such a map doesn't just reveal one treasure. There are millions of them. The breathtaking mission is described in a Treasure Map presentation from the documents of the former intelligence service employee Edward Snowden which SPIEGEL has seen. It instructs analysts to "map the entire Internet — Any device, anywhere, all the time." Treasure Map allows for the creation of an "interactive map of the global Internet" in "near real-time," the document notes. Employees of the so-called "FiveEyes" intelligence agencies from Great Britain, Canada, Australia and New Zealand, which cooperate closely with the American agency NSA, can install and use the program on their own computers. One can imagine it as a kind of Google Earth for global data traffic, a bird's eye view of the planet's digital arteries.
United Kingdom

School Installs Biometric Fingerprint System For Cafeteria 230

Posted by samzenpus
from the paying-with-one-finger dept.
An anonymous reader writes with news about a school in England that has introduced a cashless cafeteria system that is raising some privacy concerns among some. Stourbridge students will soon be able to pay for their lunch without searching their pockets for change. Redhill School has spent £20,000 updating its dining facilities and introducing a cashless catering system. The system will allow parents to deposit funds into students catering accounts, to be debited by the pupil's biometric fingerprint scan at the point of sale. Headteacher Stephen Dunster said: "The benefits are that pupils are less likely to lose cash, parents know their children are using their dinner money to buy nutritious food and there will also be a system to alert staff if students are purchasing food that they may be allergic to."
Government

NSA Metadata Collection Gets 90-Day Extension 73

Posted by Soulskill
from the you-can-trust-us-for-90-more-days dept.
schwit1 sends word that the Foreign Intelligence Surveillance Court has authorized a 90-day extension to the NSA's ability to collect bulk metadata about U.S. citizens' phone calls. In April, the House of Representatives passed a bill to limit the NSA's collection of metadata, but the Senate has been working on their version of the bill since then without yet voting on it. Because of this, and the alleged importance of continuing intelligence operations, the government sought a 90-day reauthorization of the current program. The court agreed. Senator Patrick Leahy said this clearly demonstrates the need to get this legislation passed. "We cannot wait any longer, and we cannot defer action on this important issue until the next Congress. This announcement underscores, once again, that it is time for Congress to enact meaningful reforms to protect individual privacy.
Privacy

Justice Sotomayor Warns Against Tech-Enabled "Orwellian" World 163

Posted by Soulskill
from the trading-privacy-for-convenience dept.
An anonymous reader writes: U.S. Supreme Court Justice Sonia Sotomayor spoke on Thursday to faculty and students at the University of Oklahoma City about the privacy perils brought on by modern technology. She warned that the march of technological progress comes with a need to enact privacy protections if we want to avoid living in an "Orwellian world" of constant surveillance. She said, "There are drones flying over the air randomly that are recording everything that's happening on what we consider our private property. That type of technology has to stimulate us to think about what is it that we cherish in privacy and how far we want to protect it and from whom. Because people think that it should be protected just against government intrusion, but I don't like the fact that someone I don't know can pick up, if they're a private citizen, one of these drones and fly it over my property."
AI

The Challenges and Threats of Automated Lip Reading 119

Posted by Soulskill
from the surgical-masks-become-high-fashion-in-2018 dept.
An anonymous reader writes: Speech recognition has gotten pretty good over the past several years. it's reliable enough to be ubiquitous in our mobile devices. But now we have an interesting, related dilemma: should we develop algorithms that can lip read? It's a more challenging problem, to be sure. Sounds can be translated directly into words, but deriving meaning out of the movement of a person's face is much more complex. "During speech, the mouth forms between 10 and 14 different shapes, known as visemes. By contrast, speech contains around 50 individual sounds known as phonemes. So a single viseme can represent several different phonemes. And therein lies the problem. A sequence of visemes cannot usually be associated with a unique word or sequence of words. Instead, a sequence of visemes can have several different solutions." Beyond the computational aspect, we also need to decide, as a society, if this is a technology that should exist. The privacy implications extend beyond that of simple voice recognition.
Crime

Turning the Tables On "Phone Tech Support" Scammers 208

Posted by timothy
from the mouthwatering-shadenfreude dept.
mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.
United States

U.S. Threatened Massive Fine To Force Yahoo To Release Data 223

Posted by timothy
from the your-government-at-work dept.
Advocatus Diaboli writes The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user data that the company believed was unconstitutional, according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the NSA's controversial PRISM program. The documents, roughly 1,500 pages worth, outline a secret and ultimately unsuccessful legal battle by Yahoo to resist the government's demands. The company's loss required Yahoo to become one of the first to begin providing information to PRISM, a program that gave the National Security Agency extensive access to records of online communications by users of Yahoo and other U.S.-based technology firms.
Iphone

Mining iPhones and iCloud For Data With Forensic Tools 85

Posted by Soulskill
from the security-through-panic-and-news-articles dept.
SternisheFan points out an article that walks us through the process of using forensic tools to grab data from iPhones and iCloud using forensic tools thought to have been employed in the recent celebrity photo leak. There are a number of ways to break into these devices and services depending on what kind of weakness an attacker has found. For example, if the attacked has possession of a target's iPhone, a simple command-line toolkit from Elcomsoft uses a jailbreak to bypass the iPhone's security. A different tool can extract iCloud data with access to a computer that has a local backup of a phone's data, or access to a computer that simply has stored credentials.

The discusses also details a method for spoofing device identification to convince iCloud to restore data to a device mimicking the target's phone. The author concludes, "Apple could go a long way toward protecting customer privacy just by adding a second credential to encrypt stored iCloud data. An encryption password could be used to decrypt the backup when downloaded to iTunes or to the device, or it could be used to decrypt the data as it is read by iCloud to stream down to the device."
Twitter

Laid Off From Job, Man Builds Tweeting Toilet 114

Posted by samzenpus
from the because-I-can dept.
dcblogs writes With parts from an electric motor, a few household items, an open-source hardware board running Linux, and some coding, Thomas Ruecker, built a connected toilet that Tweets with each flush. The first reaction to the Twitter feed at @iotoilets may be a chuckle. But the idea behind this and what it illustrates is serious. It tracks water usage, offers a warning about the future of privacy in the Internet of Things, and may say something about the modern job hunt. Ruecker built his device on a recent long weekend after he was laid off as an open source evangelist at a technology firm undergoing "rightsizing," as he put it.

"No problem is so formidable that you can't walk away from it." -- C. Schulz

Working...