Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Privacy

Baltimore Police Used Stingrays For Phone Tracking Over 25,000 Times 34

Posted by Soulskill
from the i-don't-remember-that-episode-of-The-Wire dept.
An anonymous reader writes The Baltimore Police Department is starting to come clean about its use of cell-phone signal interceptors — commonly known as Stingrays — and the numbers are alarming. According to recent court testimony reported by The Baltimore Sun, the city's police have used Stingray devices with a court order more than 25,000 times. It's a massive number, representing an average of nearly nine uses a day for eight years (the BPD acquired the technology in 2007), and it doesn't include any emergency uses of the device, which would have proceeded without a court order.
Privacy

The Upsides of a Surveillance Society 249

Posted by timothy
from the you-mean-it's-not-all-upside? dept.
theodp writes Citing the comeuppance of ESPN reporter Britt McHenry, who was suspended from her job after her filmed ad-hominem attack on a person McHenry deemed to be beneath her in terms of appearance, education, wealth, class, status went viral, The Atlantic's Megan Garber writes that one silver lining of the omnipresence of cameras it that the possibility of exposure can also encourage us to be a little kinder to each other. "Terrible behavior," Garber writes, "whether cruel or violent or something in between, has a greater possibility than it ever has before of being exposed. Just as Uber tracks ratings for both its drivers and its users, and just as Yelp can be a source of shaming for businesses and customers alike, technology at large has afforded a reciprocity between people who, in a previous era, would have occupied different places on the spectrum of power. Which can, again, be a bad thing — but which can also, in McHenry's case, be an extremely beneficial one. It's good that her behavior has been exposed. It's good that her story going viral might discourage similar behavior from other people. It's good that she has publicly promised 'to learn from this mistake.'"
Businesses

Twitter Moves Non-US Accounts To Ireland, and Away From the NSA 146

Posted by timothy
from the be-right-over-here-guys dept.
Mark Wilson writes Twitter has updated its privacy policy, creating a two-lane service that treats U.S. and non-U.S. users differently. If you live in the U.S., your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope. What's the significance of this? Twitter Inc is governed by U.S. law; it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-U.S. operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.
Sony

Wikileaks Publishes Hacked Sony Emails, Documents 142

Posted by samzenpus
from the take-a-look dept.
itwbennett writes Wikileaks has published a searchable database of thousands of emails and documents from Sony Pictures Entertainment that were leaked in late 2014 after the studio was attacked by hackers. Some of the 173,132 emails and 30,287 documents contain highly personal information about Sony employees including home addresses, personal phone numbers and social security numbers, a fact which is likely to raise new concerns about the use of stolen information online.
Security

Why "Designed For Security" Is a Dubious Designation 58

Posted by samzenpus
from the protect-ya-neck dept.
itwbennett writes The list of products designed to be security enhanced that turned out to be anything but seems to get longer by the day. In just the latest instance, reported by Wired last week, the crowd-funded privacy-enhancing home router Anonabox had to be recalled after an independent researcher discovered serious security flaws in the product. But security experts caution that the real problem may be bigger than vulnerabilities hidden in application code: "Designed for security products don't just have to be good. They have to be beyond reproach," explains John Dickson, a Principal at the Denim Group. "All it takes is one guy with a grudge to undo you."
Television

In New Zealand, a Legal Battle Looms Over Streaming TV 106

Posted by timothy
from the why-consider-this-pen-your-honor dept.
SpacemanukBEJY.53u writes After a threat from a law firm, two New Zealand ISPs have withdrawn services that let their customers navigate to content sites outside the country that world normally be geo-blocked. Using VPNs or other services to access content restricted by region isn't specifically outlawed in either New Zealand or in neighboring Australia, but it appears the entertainment industry is prepared to go to court to try and argue that such services can violate copyright law. Intellectual property experts said the situation in New Zealand, if it goes to court, could result in the first test case over the legality of skirting regional restrictions.
Businesses

Kludgey Electronic Health Records Are Becoming Fodder For Malpractice Suits 184

Posted by timothy
from the so-it-says-here-you-were-born-in-1709 dept.
Lucas123 writes The inherent issues that come with highly complex and kludgey electronic medical records — and for the healthcare professionals required to use them — hasn't been lost on lawyers, who see the potential for millions of dollars in judgments for plaintiffs suing for medical negligence or malpractice. Work flows that require a dozen or more mouse clicks to input even basic patient information has prompted healthcare workers to seek short cuts, such as cutting and pasting from previous visits, a practice that can also include the duplication of old vital sign data, or other critical information, such as a patient's age. While the malpractice suits have to date focused on care providers, they'll soon target EMR vendors, according to Keith Klein, a medical doctor and professor of medicine at UCLA. Klein has been called as an expert witness for more than 350 state or federal medical malpractice cases and he's seen a marked rise in plaintiff attorney's using EMRs as evidence that healthcare workers fell short of their responsibility for proper care. In one such case, a judge awarded more than $7.5 million when a patient suffered permanent kidney damage, and even though physicians hadn't neglected the patient, the complexity of the EMR was responsible for them missing uric kidney stone. The EMR was ore than 3,000 pages in length and included massive amounts of duplicated information, something that's not uncommon.
Government

Bolivia Demands Assange Apologize For Deliberately False Leaks To the US 160

Posted by timothy
from the well-it's-not-swatting-if-it's-the-usaf dept.
Rei writes In 2013, during Edward Snowden's brief and chaotic search for asylum that ultimately landed him in Russia, the US faced criticism for handing information to various European nations that Bolivian president Evo Morales was smuggling him out of Russia, leading to the grounding of his flight. In a new twist, in the documentary Terminal F about this time period, Wikileaks founder Julian Assange admitted that he was the one who deliberately leaked the fake information to the US government. Bolivia has been none too pleased with this news and is now demanding that Assange apologize for putting their president's life at risk.
Microsoft

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw 171

Posted by samzenpus
from the protect-ya-neck dept.
Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.
Crime

Watch DARPA Artificial Intelligence Search For Crime On the "Dark Web" 35

Posted by samzenpus
from the seek-it-out dept.
An anonymous reader shares this bit of news from DARPA. "Of late, DARPA has shown a growing interest in open sourcing its technology, even if its most terrifying creations, like army robot wildcats designed to reach speeds of 50Mph, are understandably kept private. In a week’s time, the wider world will be able to tinker with components of the military research body’s in-development search tool for the dark web. The Memex technology, named after an mechanical mnemonic dreamt up just as the Second World War was coming to a close, has already been put to use by a number of law enforcement agencies, who are looking to counter crime taking place on networks like Tor, where Hidden Services are protected by the privacy-enhancing, encrypted hosting, often for good, often for bad. In its first year, the focus at Memex has been on tracking human trafficking, but the project's scope stretches considerably wider."
Security

French Intelligence Bill: 5 Web Hosting Providers Threaten To Leave the Country 105

Posted by samzenpus
from the we're-out-of-here dept.
albert555 (3986073) writes Five popular French web hosting providers, including Gandi and OVH, said on Thursday that the new French intelligence bill might push them to leave the country (French) in order not to lose their customers. The five companies are protesting against the "real-time capture of data connection" and their analysis by the intelligence services using "+black boxes+ with blurred lines". The web hosting providers believe that this project "will not reach its goal and will potentially put every French citizen under surveillance, that will result in the destruction of a major segment of the economy of our country," by pushing their customers to turn to other less intrusive territories. If the bill is passed as it is, "we have to move our infrastructure, our investments and our employees where our customers want to work with us". The companies have provided a listing of dozen cities where they "will suppress jobs instead of creating new ones."; "These are thousands of jobs (...) that startups and large companies will also create elsewhere," they add. The press release was addressed to the French Prime Minister, Manuel Valls, and was co-signed by Gandu, OVH, IDS, Ikoula and Lomaco.
Encryption

U.S. Gov't Grapples With Clash Between Privacy, Security 134

Posted by Soulskill
from the politicians-who-don't-know-which-way-the-wind-is-blowing dept.
schwit1 writes: WaPo: "For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee U.S. government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?"

NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:

"The odds of passing a new law appear slim, given a divided Congress and the increased attention to privacy in the aftermath of leaks by former NSA contractor Edward Snowden. There are bills pending to ban government back doors into communications devices. So far, there is no legislation proposed by the government or lawmakers to require Internet and tech firms to make their services and devices wiretap-ready."
Communications

Microsoft: Feds Are 'Rewriting' the Law To Obtain Emails Overseas 100

Posted by Soulskill
from the get-out-of-my-inbox dept.
An anonymous reader writes: The Electronic Communications Privacy Act was written in 1986. It's incredibly outdated, yet it still governs many internet-related rights for U.S. citizens. Microsoft has now challenged Congress to update the legislation for how online communications work in 2015. The company is currently embroiled in a legal battle with the government over a court order to release emails stored in a foreign country to U.S. authorities. In a new legal brief (PDF), Microsoft says, "For an argument that purports to rest on the 'explicit text of the statute,' the Government rewrites an awful lot of it. Congress never intended to reach, nor even anticipated, private communications stored in a foreign country when it enacted [the ECPA]." In an accompanying blog post, Microsoft general counsel Brad Smith wrote, "Until U.S. law is rewritten, we believe that the court in our case should honor well-established precedents that limit the government's reach from extending beyond U.S. borders. ... To the contrary, it is clear Congress's intent was to ensure that your digital information is afforded the same legal protections as your physical documents and correspondence, a principle we at Microsoft believe should be preserved."
Google

Has Google Indexed Your Backup Drive? 121

Posted by samzenpus
from the it's-out-there dept.
itwbennett writes Depending on how you've configured the device, your backup drive may have been indexed by Google, making some seriously personal information freely available online to anyone who knows what they're looking for. Using a few simple Google searches, CSO's Steve Ragan discovered thousands of personal records and documents online, including sales receipts with credit card information and tax documents with social security numbers. In all cases, the files were exposed because someone used a misconfigured device acting as a personal cloud, or FTP (File Transfer Protocol) was enabled on their router.
United States

US Started Keeping Secret Records of International Telephone Calls In 1992 81

Posted by samzenpus
from the original-list dept.
schwit1 writes Starting in 1992, the Justice Department amassed logs of virtually all telephone calls from the USA to as many as 116 countries. The now-discontinued operation, carried out by the DEA's intelligence arm, was the government's first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans' privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago. More than a dozen current and former law enforcement and intelligence officials described the details of the Justice Department operation to USA TODAY. Most did so on the condition of anonymity because they were not authorized to publicly discuss the intelligence program, part of which remains classified. The operation had 'been approved at the highest levels of Federal law enforcement authority,' including then-Attorney General Janet Reno and her deputy, Eric Holder.
Businesses

Phone App That Watches Your Driving Habits Leads To Privacy Concerns 73

Posted by samzenpus
from the buying-your-privacy dept.
Toshito writes Desjardins Insurance has launched a smartphone app that tracks driver behaviour in return for the promise of substantial savings on car insurance. Two years ago, Desjardins began offering a telematic device that plugs into a vehicle's diagnostic port, to track acceleration, hard braking and the time of day you were driving, for instance. Now, there's no plug-in device required. With Desjardins's new Ajusto app, all you need is your smartphone. But this comes with great concerns over privacy, and problems have been reported where the device was logging data when the user was riding a bus instead of driving his own car.
Crime

AT&T Call Centers Sold Mobile Customer Information To Criminals 92

Posted by samzenpus
from the was-that-wrong? dept.
itwbennett writes Employees at three call centers in Mexico, Colombia and the Philippines sold hundreds of thousands of AT&T customer records, including names and Social Security numbers, to criminals who attempted to use the customer information to unlock stolen mobile phones, the U.S. Federal Communications Commission said. AT&T has agreed to pay a $25 million civil penalty, which is the largest related to a data breach and customer privacy in the FCC's history.
Government

Greenwald Criticizes Universities' Funding-Driven Collaboration With NSA 49

Posted by samzenpus
from the no-sir-I-don't-like-it dept.
An anonymous reader writes Speaking at "Secrecy Week" at the University of Utah, one of the two journalists who helped disseminate Edward Snowden's revelations about the scope of National Security Agency surveillance has criticized universities which open up their campuses to government agencies in exchange for funding. Ex-Guardian journalist and lawyer Glenn Greenwald, one of Snowden's first contacts after his flight from the NSA, commented: "Even if you think that you're the kind of person who does not have things to hide, just living in a world where you think you're being watched and recorded it changes your behavior from being a free individual. I would submit, and I don't think that it's in dispute, that we are far closer to the tyrannical model than we are the free model."
Security

Anonabox Recalls Hundreds of Insecure 'Privacy' Routers 50

Posted by Soulskill
from the less-anona-and-more-box dept.
Sparrowvsrevolution writes: It turns out all those critics of the controversial Tor router project Anonabox might have been on to something. Late last month, Anonabox began contacting the first round of customers who bought its tiny, $100 privacy gadget to warn them of serious security flaws in the device, and to offer to ship them a more secure replacement free of charge. While the miniature routers do direct all of a user's Internet traffic over Tor as promised, the company says that its first batch lacked basic password protection, with no way to keep out unwanted users in Wi-Fi range. And worse yet, the faulty Anonaboxes use the hardcoded root password 'admin,' which allows any of those Wi-Fi intruders to completely hijack the device, snooping on or recording all of a user's traffic.

Anonabox's parent company, Sochutel, says that only 350 of the devices lacked that password protection, and that it's fixed the gaping security oversights in newer version of the router.

The initial security criticisms of Anonabox helped to convince Kickstarter to freeze the proejct's $600,000 crowdfunding campaign in October. But Anonabox relaunched on Indiegogo and was later acquired by the tech firm Sochutel. Sochutel claims that the security flaws in the routers developed prior to its acquisition of Anonabox were out of its control, and that it's now hiring outside auditors to check its products' security.
Canada

Privacy Commissioner of Canada Rules Bell's Targeted Ad Program Violates the Law 39

Posted by Soulskill
from the blames-the-maple-leafs'-management dept.
An anonymous reader writes: The Privacy Commissioner of Canada has released the long-awaited decision on Bell's targeted ads program. The Commissioner's press release soft-pedals the outcome — "Bell advertising program raises privacy concerns" — but the decision is clear: Bell's so-called relevant ads program violates Canadian privacy law. As Michael Geist explains, the key issue in the case focused on whether Bell should be permitted to use an opt-out consent mechanism in which its millions of customers are all included in targeted advertising unless they take pro-active steps to opt-out, or if an opt-in consent model is more appropriate. The Commissioner ruled that opt-in consent is needed, but Bell is refusing to comply with the ruling.