Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Privacy

Boo! The House Majority PAC Is Watching You 37

Posted by timothy
from the public-records-are-public dept.
An anonymous reader writes I received some interesting mail this week from the House Majority PAC. First, a "voter report card" postcard telling me my voting record was "excellent" (I'm a good citizen!), but also letting me know that they "plan to update this report card after the election to see whether you voted". OK, so one of the Democratic Party's super PACs want me to vote, but it seems to be something of an attempt at intimidation. Today, I received a letter in which they really put the pressure on. Here are some excerpts: "Who you vote for is secret. But whether or not you vote is public record. Our organization monitors turnout in your neighborhood, and we are disappointed that many of your neighbors do not always exercise their right to vote." So why contact me instead of them? Voting is a civic duty, but it isn't illegal to abstain. That's my neighbors' business, not mine. It's one way of expressing dissatisfaction, isn't it? And if there are no candidates you wish to vote for, then why should you vote for someone you don't want? But Big Brother PAC has other ideas: "We will be reviewing the Camden County [NJ] official voting records after the upcoming election to determine whether you joined your neighbors who voted in 2014. If you do not vote this year, we will be interested to hear why not." The letter is signed "Joe Fox Election day Coordinator". So what happens if I don't vote? Well, at least I got a scare this Halloween. Are PACs using similar tactics in other states?
Privacy

Virginia Court: LEOs Can Force You To Provide Fingerprint To Unlock Your Phone 127

Posted by Soulskill
from the now-where-am-i-going-to-store-my-incriminating-evidence dept.
schwit1 writes with news of a Circuit Court decision from Virginia where a judge has ruled that a criminal defendant cannot use Fifth Amendment protections to safeguard a phone that is locked using his or her fingerprint. According to Judge Steven C. Fucci, while a criminal defendant can't be compelled to hand over a passcode to police officers for the purpose of unlocking a cellular device, law enforcement officials can compel a defendant to give up a fingerprint. The Fifth Amendment states that "no person shall be compelled in any criminal case to be a witness against himself," which protects memorized information like passwords and passcodes, but it does not extend to fingerprints in the eyes of the law, as speculated by Wired last year. Frucci said that "giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A passcode, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci's written opinion."
Security

Smart Meters and New IoT Devices Cause Serious Concern 133

Posted by Soulskill
from the your-smart-tinfoil-hat-won't-even-save-you dept.
dkatana writes: The ongoing deployment of internet-of-things devices is already creating serious issues and discussions about the privacy of users, IoT security, and the potential threat of cyber criminals taking control of sensors and smart devices connected to the Internet.

Security and privacy concerns associated with smart meters are why they are currently "optional" in several countries. That's the case in the Netherlands after consumer organizations and privacy watchdog groups campaigned vigorously to stop the mandatory smart meter deployment. A report from researchers at Tilburg University claimed that "smart meters have the capacity to reveal quite privacy-sensitive information, thus affecting not only informational privacy but also privacy of the home and of family life."
This now applies to televisions as well — an article in Salon discusses the author's new "smart" TV, which came with a 46-page privacy policy. Quoting: "It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect 'when you have viewed particular content or a particular email message.' It records 'the apps you use, the websites you visit, and how you interact with content.' It ignores 'do-not-track' requests as a considered matter of policy. It also has a built-in camera — with facial recognition."
Facebook

Facebook Sets Up Shop On Tor 113

Posted by Soulskill
from the mixing-privacy-with-antiprivacy dept.
itwbennett writes: Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook's onion address. This was done both for internal technical reasons and as a way for users to verify Facebook's ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time.
Government

Swedish Regulator Orders Last "Hold-Out" ISP To Retain Customer Data 37

Posted by samzenpus
from the keeping-it-going dept.
An anonymous reader writes Despite the death of the EU Data Retention Directive in April, and despite the country having taken six years to even begin to obey the ruling, the Swedish government, via its telecoms regulator, has forced ISPs to continue retaining customer data for law enforcement purposes. Now the last ISP retrenching on the issue has been told that it must comply with the edict or face a fine of five million krona ($680,000).

While providers all over Europe have rejoiced in not being obliged any longer to provide infrastructure to retain six months of data per customer, Sweden and the United Kingdom alone have insisted on retaining the ruling — particularly surprising in the case of Sweden, since it took six years to begin adhering to the Data Retention Directive after it was made law in 2006. Britain's Data Retention and Investigatory Powers bill, rushed through in July, actually widens the scope of the original EU order.
Privacy

Charity Promotes Covert Surveillance App For Suicide Prevention 73

Posted by samzenpus
from the keeping-an-eye-on-things dept.
VoiceOfDoom writes Major UK charity The Samaritans have launched an app titled "Samaritans Radar", in an attempt to help Twitter users identify when their friends are in crisis and in need of support. Unfortunately the privacy implications appear not to have been thought through — installing the app allows it to monitor the Twitter feeds of all of your followers, searching for particular phrases or words which might indicate they are in distress. The app then sends you an email suggesting you contact your follower to offer your help. Opportunities for misuse by online harassers are at the forefront of the concerns that have been raised, in addition; there is strong evidence to suggest that this use of personal information is illegal, being in contravention of UK Data Protection law.
Google

Signed-In Maps Mean More Location Data For Google 38

Posted by timothy
from the this-time-tomorrow dept.
mikejuk writes The announcement on the Google Geo Developers blog has the catchy title No map is an island. It points out that while there are now around 2 million active sites that have Google Maps embedded, they store data independently, The new feature, called attributed save, aims to overcome this problem by creating an integrated experience between the apps you use that have map content and Google Maps, and all it requires is that users sign in. So if you use a map in a specific app you will be able to see locations you entered in other apps.This all sounds great and it makes sense to allow users to take all of the locations that have previously been stored in app silos and put them all together into one big map data pool. The only down side is that the pool is owned by Google and some users might not like the idea of letting Google have access to so much personal geo information. It seems you can have convenience or you can have privacy. It might just be that many users prefer their maps to be islands.
Apple

Tim Cook: "I'm Proud To Be Gay" 735

Posted by timothy
from the cue-up-the-poorly-socialized-legions dept.
An anonymous reader writes Apple CEO Tim Cook has publicly come out as gay. While he never hid his sexuality from friends, family, and close co-workers, Cook decided it was time to make it publicly known in the hopes that the information will help others who don't feel comfortable to do so. He said, "I don't consider myself an activist, but I realize how much I've benefited from the sacrifice of others. So if hearing that the CEO of Apple is gay can help someone struggling to come to terms with who he or she is, or bring comfort to anyone who feels alone, or inspire people to insist on their equality, then it's worth the trade-off with my own privacy."

Cook added that while the U.S. has made progress in recent years toward marriage equality, there is still work to be done. "[T]here are laws on the books in a majority of states that allow employers to fire people based solely on their sexual orientation. There are many places where landlords can evict tenants for being gay, or where we can be barred from visiting sick partners and sharing in their legacies. Countless people, particularly kids, face fear and abuse every day because of their sexual orientation."
Privacy

Hacking Team Manuals: Sobering Reminder That Privacy is Elusive 36

Posted by timothy
from the legitimacy-generally-is-too dept.
Advocatus Diaboli writes with a selection from The Intercept describing instructions for commercial spyware sold by Italian security firm Hacking Team. The manuals describe Hacking Team's software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team's manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. (Here are the manuals themselves.)
Australia

Australian Gov't Tries To Force Telcos To Store User Metadata For 2 Years 56

Posted by timothy
from the authority-problem dept.
AlbanX writes The Australian Government has introduced a bill that would require telecommunications carriers and service providers to retain the non-content data of Australian citizens for two years so it can be accessed — without a warrant — by local law enforcement agencies. Despite tabling the draft legislation into parliament, the bill doesn't actually specify the types of data the Government wants retained. The proposal has received a huge amount of criticism from the telco industry, other members of parliament and privacy groups. (The Sydney Morning Herald has some audio of discussion about the law.)
United Kingdom

Secret Policy Allows GCHQ Bulk Access To NSA Data 93

Posted by samzenpus
from the have-some-data dept.
hazeii writes Though legal proceedings following the Snowden revelations, Liberty UK have succeeded in forcing GCHQ to reveal secret internal policies allowing Britain's intelligence services to receive unlimited bulk intelligence from the NSA and other foreign agencies and to keep this data on a massive searchable databases, all without a warrant. Apparently, British intelligence agencies can "trawl through foreign intelligence material without meaningful restrictions", and can keep copies of both content and metadata for up to two years. There is also mention of data obtained "through US corporate partnerships". According to Liberty, this raises serious doubts about oversight of the UK Intelligence and Security Committee and their reassurances that in every case where GCHQ sought information from the US, a warrant for interception signed by a minister was in place.

Eric King, Deputy Director of Privacy international, said: "We now know that data from any call, internet search, or website you visited over the past two years could be stored in GCHQ's database and analyzed at will, all without a warrant to collect it in the first place. It is outrageous that the Government thinks mass surveillance, justified by secret 'arrangements' that allow for vast and unrestrained receipt and analysis of foreign intelligence material is lawful. This is completely unacceptable, and makes clear how little transparency and accountability exists within the British intelligence community."
Verizon

Verizon Launches Tech News Site That Bans Stories On US Spying 140

Posted by Soulskill
from the pay-no-attention-to-the-man-behind-the-mirror dept.
blottsie writes: The most-valuable, second-richest telecommunications company in the world is bankrolling a technology news site called SugarString.com. The publication, which is now hiring its first full-time editors and reporters, is meant to rival major tech websites like Wired and the Verge while bringing in a potentially giant mainstream audience to beat those competitors at their own game.

There's just one catch: In exchange for the major corporate backing, tech reporters at SugarString are expressly forbidden from writing about American spying or net neutrality around the world, two of the biggest issues in tech and politics today.
The Internet

Open Consultation Begins On Italy's Internet Bill of Rights 95

Posted by Soulskill
from the do-it-right-so-we-can-steal-it dept.
Anita Hunt (lissnup) writes: Hot on the heels of Brazil's recent initiative in this area, Italy has produced a draft [PDF] Declaration of Internet Rights, and on Monday opened the bill for consultation on the Civici [Italian] platform, a first in Europe. "[A]s it is now, it consists of a preamble and 14 articles that span several pages. Topics range from the 'fundamental right to Internet access' and Net Neutrality to the notion of 'informational self-determination.' The bill also includes provisions on the right to anonymity and tackles the highly debated idea of granting online citizens a 'right to be forgotten.' Measures are taken against algorithmic discriminations and the opacity of the terms of service devised by 'digital platform operators' who are 'required to behave honestly and fairly' and, most of all, give 'clear and simple information on how the platform operates.'"
Privacy

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security 139

Posted by Soulskill
from the what-could-possibly-go-wrong dept.
An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."
Privacy

US Post Office Increases Secret Tracking of Mail 111

Posted by Soulskill
from the enjoy-all-those-circulars dept.
HughPickens.com writes: Ron Nixon reports in the NY Times that the United States Postal Service says it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations, in many cases without adequately describing the reason or having proper written authorization. In addition to raising privacy concerns, the audit questioned the efficiency and accuracy of the Postal Service in handling the requests. The surveillance program, officially called mail covers, is more than a century old, but is still considered a powerful investigative tool. The Postal Service said that from 2001 through 2012, local, state and federal law enforcement agencies made more than 100,000 requests to monitor the mail of Americans. That would amount to an average of some 8,000 requests a year — far fewer than the nearly 50,000 requests in 2013 that the Postal Service reported in the audit (PDF).

In Arizona in 2011, Mary Rose Wilcox, a Maricopa County supervisor, discovered that her mail was being monitored by the county's sheriff, Joe Arpaio. Wilcox had been a frequent critic of Arpaio, objecting to what she considered the targeting of Hispanics in his immigration sweeps. Wilcox sued the county, was awarded nearly $1 million in a settlement in 2011 and received the money this June when the Ninth Circuit Court of Appeals upheld the ruling. Andrew Thomas, the former county attorney, was disbarred for his role in investigations into the business dealings of Ms. Wilcox and other officials and for other unprofessional conduct. "I don't blame the Postal Service," says Wilcox, "but you shouldn't be able to just use these mail covers to go on a fishing expedition. There needs to be more control."
Businesses

Can Ello Legally Promise To Remain Ad-Free? 153

Posted by timothy
from the anyone-can-promise-anything dept.
Bennett Haselton writes: Social networking company Ello has converted itself to a Public Benefit Corporation, bound by a charter saying that they will not now, nor in the future, make money by running advertisements or selling user data. Ello had followed these policies from the outset, but skeptics worried that venture capitalist investors might pressure Ello to change those policies, so this binding commitment was meant to assuage those fears. But is the commitment really legally binding and enforceable down the road? Read on for the rest.
Government

Identity As the Great Enabler 58

Posted by Soulskill
from the imagine-if-you-will dept.
New submitter steve_torquay writes: Last week, President Obama signed a new Executive Order calling for "all agencies making personal data accessible to citizens through digital applications" to "require the use of multiple factors of authentication and an effective identity proofing process." This does not necessarily imply that the government will issue online credentials to all U.S. residents.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is working towards a distributed identity ecosystem that facilitates authentication and authorization without compromising privacy. NSTIC points out that this is a great opportunity to leverage the technology to enable a wide array of new citizen-facing digital services while reducing costs and hassles for individuals and government agencies alike.
Cellphones

CHP Officers Steal, Forward Nude Pictures From Arrestee Smartphones 275

Posted by Soulskill
from the your-tax-dollars-at-work dept.
sabri writes: Following the initial suspension of a California Highway Patrol officer earlier this week, news has come out that the CHP has an entire ring of officers who steal and subsequently share nude pictures. The nudes are stolen from women who are arrested or stopped. Officer Sean Harrington of Martinez reportedly confessed to stealing explicit photos from the suspect's phone, and said he forwarded those images to at least two other CHP officers. Where is the ACLU when you need them the most?
Verizon

Verizon Injects Unique IDs Into HTTP Traffic 206

Posted by Soulskill
from the doing-the-wrong-thing-badly dept.
An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.
Security

Researcher Finds Tor Exit Node Adding Malware To Downloads 126

Posted by Soulskill
from the at-least-it's-anonymous-malware dept.
Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack.

What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code. In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators. "SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted," he said via email.

White dwarf seeks red giant for binary relationship.

Working...