Group items tagged

The UK government is secretly planning to force technology companies to build backdoors into their products, to enable intelligence agencies to read people’s private messages. A draft document leaked by the Open Rights Group details extreme new surveillance proposals, which would enable government agencies to spy on one in 10,000 citizens – around 6,500 people – at any one time.  The document, which follows the controversial Investigatory Powers Act, reveals government plans to force mobile operators and internet service providers to provide real-time communications of customers to the government “in an intelligible form”, and within one working day.

This would effectively ban encryption, an important security measure used by a wide range of companies, including WhatsApp and major banks, to keep people’s private data private and to protect them from hackers and cyber criminals. 

The White House on Wednesday made public for the first time the rules by which the government decides to disclose or keep secret software flaws that can be turned into cyberweapons — whether by U.S. agencies hacking for foreign intelligence, money-hungry criminals or foreign spies seeking to penetrate American computers. The move to publish an un­classified charter responds to years of criticism that the process was unnecessarily opaque, fueling suspicion that it cloaked a stockpile of software flaws that the National Security Agency was hoarding to go after foreign targets but that put Americans’ cyber­security at risk.

The rules are part of the “Vulnerabilities Equities Process,” which the Obama administration revamped in 2014 as a multi­agency forum to debate whether and when to inform companies such as Microsoft and Juniper that the government has discovered or bought a software flaw that, if weaponized, could affect the security of their product. The Trump administration has mostly not altered the rules under which the government reaches a decision but is disclosing its process. Under the VEP, an “equities review board” of at least a dozen national security and civilian agencies will meet monthly — or more often, if a need arises — to discuss newly discovered vulnerabilities. Besides the NSA, the CIA and the FBI, the list includes the Treasury, Commerce and State departments, and the Office of Management and Budget. The priority is on disclosure, the policy states, to protect core Internet systems, the U.S. economy and critical infrastructure, unless there is “a demonstrable, overriding interest” in using the flaw for intelligence or law enforcement purposes. The government has long said that it discloses the vast majority — more than 90 percent — of the vulnerabilities it discovers or buys in products from defense contractors or other sellers. In recent years, that has amounted to more than 100 a year, according to people familiar with the process. But because the process was classified, the National Security Council, which runs the discussion, was never able to reveal any numbers. Now, Joyce said, the number of flaws disclosed and the number retained will be made public in an annual report. A classified version will be sent to Congress, he said.

For years, Comcast has been promising that it won't violate the principles of net neutrality, regardless of whether the government imposes any net neutrality rules. That meant that Comcast wouldn't block or throttle lawful Internet traffic and that it wouldn't create fast lanes in order to collect tolls from Web companies that want priority access over the Comcast network. This was one of the ways in which Comcast argued that the Federal Communications Commission should not reclassify broadband providers as common carriers, a designation that forces ISPs to treat customers fairly in other ways. The Title II common carrier classification that makes net neutrality rules enforceable isn't necessary because ISPs won't violate net neutrality principles anyway, Comcast and other ISPs have claimed. But with Republican Ajit Pai now in charge at the Federal Communications Commission, Comcast's stance has changed. While the company still says it won't block or throttle Internet content, it has dropped its promise about not instituting paid prioritization.

Instead, Comcast now vaguely says that it won't "discriminate against lawful content" or impose "anti-competitive paid prioritization." The change in wording suggests that Comcast may offer paid fast lanes to websites or other online services, such as video streaming providers, after Pai's FCC eliminates the net neutrality rules next month.

Today we are releasing the implementation guide for EFF’s Do Not Track (DNT) policy. For years users have been able to set a Do Not Track signal in their browser, but there has been little guidance for websites as to how to honor that request. EFF’s DNT policy sets out a meaningful response for servers to follow, and this guide provides details about how to apply it in practice. At its core, DNT protects user privacy by excluding the use of unique identifiers for cross-site tracking, and by limiting the retention period of log data to ten days. This short retention period gives sites the time they need for debugging and security purposes, and to generate aggregate statistical data. From this baseline, the policy then allows exceptions when the user's interactions with the site—e.g., to post comments, make a purchase, or click on an ad—necessitates collecting more information. The site is then free to retain any data necessary to complete the transaction. We believe this approach balances users’ privacy expectations with the ability of websites to deliver the functionality users want. Websites often integrate third-party content and rely on third-party services (like content delivery networks or analytics), and this creates the potential for user data to be leaked despite the best intentions of the site operator. The guide identifies potential pitfalls and catalogs providers of compliant services. It is common, for example, to embed media from platforms like You Tube, Sound Cloud, and Twitter, all of which track users whenever their widgets are loaded. Fortunately, Embedly, which offers control over the appearance of embeds, also supports DNT via its API, displaying a poster instead and loading the widget only if the user clicks on it knowingly.

Knowledge makes the difference between willing tracking and non-consensual tracking. Users should be able to choose whether they want to give up their privacy in exchange for using a site or a  particular feature. This means sites need to be transparent about their practices. A great example of this is our biggest adopter, Medium, which does not track DNT users who browse the site and gives clear information about tracking to users when they choose to log in. This is their previous log-in panel, the DNT language is currently being added to their new interface.

n a major victory for privacy rights at the border, a federal court in Boston ruled today that suspicionless searches of travelers’ electronic devices by federal agents at airports and other U.S. ports of entry are unconstitutional. The ruling came in a lawsuit, Alasaad v. McAleenan, filed by the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and ACLU of Massachusetts, on behalf of 11 travelers whose smartphones and laptops were searched without individualized suspicion at U.S. ports of entry.“This ruling significantly advances Fourth Amendment protections for millions of international travelers who enter the United States every year,” said Esha Bhandari, staff attorney with the ACLU’s Speech, Privacy, and Technology Project. “By putting an end to the government’s ability to conduct suspicionless fishing expeditions, the court reaffirms that the border is not a lawless place and that we don’t lose our privacy rights when we travel.”

The district court order puts an end to Customs and Border Control (CBP) and Immigration and Customs Enforcement (ICE) asserted authority to search and seize travelers’ devices for purposes far afield from the enforcement of immigration and customs laws. Border officers must now demonstrate individualized suspicion of illegal contraband before they can search a traveler’s device. The number of electronic device searches at U.S. ports of entry has increased significantly. Last year, CBP conducted more than 33,000 searches, almost four times the number from just three years prior. International travelers returning to the United States have reported numerous cases of abusive searches in recent months. While searching through the phone of Zainab Merchant, a plaintiff in the Alasaad case, a border agent knowingly rifled through privileged attorney-client communications. An immigration officer at Boston Logan Airport reportedly searched an incoming Harvard freshman’s cell phone and laptop, reprimanded the student for friends’ social media postings expressing views critical of the U.S. government, and denied the student entry into the country following the search.For the order:https://www.eff.org/document/alasaad-v-nielsen-summary-judgment-order For more on this case:https://www.eff.org/cases/alasaad-v-duke

Israel is aiming to build an international coalition to force the world’s leading social media giants to prevent their platforms from being abused to peddle incitement to terrorism. The move, which was unveiled by Public Security Minister Gilad Erdan at Sunday’s cabinet meeting, aims at requiring Facebook, Twitter, Youtube, and other social networks to take greater responsibility for such content.

While some experts consider the idea unworkable — arguing that the terms of service of such platforms protect them from any legal threat, and that the preventative measures Erdan wants to see introduced are not possible technologically, others say a coalition pushing for change could be effective, and certainly stands more of a chance than an effort led by Israel alone.

Google cuts Huawei off Android; so Huawei may migrate to Aurora. Call it mobile Eurasia integration; the evolving Russia-China strategic partnership may be on the verge of spawning its own operating system – and that is not a metaphor. Aurora is a mobile operating system currently developed by Russian Open Mobile Platform, based in Moscow. It is based on the Sailfish operating system, designed by Finnish technology company Jolla, which featured a batch of Russians in the development team. Quite a few top coders at Google and Apple also come from the former USSR – exponents of a brilliant scientific academy tradition.

No Google? Who cares? Tencent, Xiaomi, Vivo and Oppo are already testing the HongMeng operating system, as part of a batch of one million devices already distributed. HongMeng’s launch is still a closely guarded secret by Huawei, but according to CEO Richard Yu, it could happen even before the end of 2019 for the Chinese market, running on smartphones, computers, TVs and cars. HongMeng is rumored to be 60% faster than Android.

Aurora could be regarded as part of Huawei’s fast-evolving Plan B. Huawei is now turbo-charging the development and implementation of its own operating system, HongMeng, a process that started no less than seven years ago. Most of the work on an operating system is writing drivers and APIs (application programming interfaces). Huawei would be able to integrate their code to the Russian system in no time.

Two Facebook users are seeking damages on behalf of hundreds of thousands of Canadians whose personal data may have been improperly used for political purposes. The proposed class-action lawsuit filed by Calgary residents Saul Benary and Karma Holoboff asks the Federal Court to order the social-media giant to bolster its security practices to better protect sensitive information and comply with federal privacy law. It also seeks $1,000 for each of the approximately 622,000 Canadians whose information was shared with others through a digital app.

hina’s ByteDance has agreed to divest the U.S. operations of TikTok completely in a bid to save a deal with the White House, after President Donald Trump said on Friday he had decided to ban the popular short-video app, two people familiar with the matter said on Saturday. ByteDance was previously seeking to keep a minority stake in the U.S. business of TikTok, which the White House had rejected. Under the new proposed deal, ByteDance would exit completely and Microsoft Corp would take over TikTok in the United States, the sources said. Some ByteDance investors that are based in the United States may be given the opportunity to take minority stakes in the business, the sources added. The White House did not respond to a request for comment on whether Trump would accept ByteDance’s concession. ByteDance in Beijing did not respond to a request for comment. Under ByteDance’s new proposal, Microsoft will be in charge of protecting all U.S. user data, the sources said. The plan allows for another U.S. company other than Microsoft to take over TikTok in the United States, the sources added.

Bytedance has apparently gotten the "tap on the shoulder" from the CCP bigwigs who apparently aren't super thrilled about the optics of a mighty Chinese conglomerate kowtowing to the Trump Administration. Earlier today, it appeared that President Trump's late-night threat about banning TikTok had motivated ByteDance and Microsoft to speed up their talks. But as the New York afternoon wore on, a Dow Jones headline proclaimed that Microsoft and ByteDance had decided to abruptly stop negotiations.

Three states and the District of Columbia allege that the tech giant misled consumers by continuing to track those who had changed their privacy settings to prevent data collection.

Google is also fighting an antitrust lawsuit led by Texas in which states have accused the company of obtaining and abusing a monopoly over the systems that allow publishers to auction off ad space to marketers. On Friday, Google asked a federal court to dismiss the lawsuit.The lawsuits add to a mounting offensive by regulators to curtail the power and business practices of Silicon Valley giants like Google, Facebook, Amazon and Apple. State and federal regulators have filed dozens of antitrust, consumer protection, privacy and trade lawsuits in an attempt to curb the business models or break up the companies. A Senate committee last week advanced potentially landmark antitrust legislation that tries to weaken the dominance of the internet giants.

wo leading US lawmakers have reached a bipartisan deal that could, for the first time, grant all Americans a basic right to digital privacy and create a national law regulating how companies can collect, share and use Americans’ online data. If it succeeds, the proposal could establish the US equivalent of the European Union’s landmark privacy law known as the General Data Protection Regulation (GDPR), and rein in what privacy advocates say is a lawless and unregulated space where Americans’ personal data can too easily be shared and sold to the highest bidder. The proposed agreement would create an unprecedented, single federal standard governing digital privacy in the United States and reflects a significant breakthrough after years of stalled negotiations between Republicans and Democrats. But it could also override some of the toughest state-based privacy laws in the nation, such as in California.