Group items matching

in title, tags, annotations or url

The American Civil Liberties Union (ACLU) has filed a motion to reveal the secret court opinions with “novel or significant interpretations” of surveillance law, in a renewed push for government transparency. The motion, filed Wednesday by the ACLU and Yale Law School’s Media Freedom and Information Access Clinic, asks the Foreign Intelligence Surveillance Act (FISA) Court, which rules on intelligence gathering activities in secret, to release 23 classified decisions it made between 9/11 and the passage of the USA Freedom Act in June 2015. As ACLU National Security Project staff attorney Patrick Toomey explains, the opinions are part of a “much larger collection of hidden rulings on all sorts of government surveillance activities that affect the privacy rights of Americans.” Among them is the court order that the government used to direct Yahoo to secretly scanits users’ emails for “a specific set of characters.” Toomey writes: These court rulings are essential for the public to understand how federal laws are being construed and implemented. They also show how constitutional protections for personal privacy and expressive activities are being enforced by the courts. In other words, access to these opinions is necessary for the public to properly oversee their government.

Although the USA Freedom Act requires the release of novel FISA court opinions on surveillance law, the government maintains that the rule does not apply retroactively—thereby protecting the panel from publishing many of its post-9/11 opinions, which helped create an “unprecedented buildup” of secret surveillance laws. Even after National Security Agency (NSA) whistleblower Edward Snowden revealed the scope of mass surveillance in 2013, sparking widespread outcry, dozens of rulings on spying operations remain hidden from the public eye, which stymies efforts to keep the government accountable, civil liberties advocates say. “These rulings are necessary to inform the public about the scope of the government’s surveillance powers today,” the ACLU’s motion states.

Toomey writes that the rulings helped influence a number of novel spying activities, including: The government’s use of malware, which it calls “Network Investigative Techniques” The government’s efforts to compel technology companies to weaken or circumvent their own encryption protocols The government’s efforts to compel technology companies to disclose their source code so that it can identify vulnerabilities The government’s use of “cybersignatures” to search through internet communications for evidence of computer intrusions The government’s use of stingray cell-phone tracking devices under the Foreign Intelligence Surveillance Act (FISA) The government’s warrantless surveillance of Americans under FISA Section 702—a controversial authority scheduled to expire in December 2017 The bulk collection of financial records by the CIA and FBI under Section 215 of the Patriot Act Without these rulings being made public, “it simply isn’t possible to understand the government’s claimed authority to conduct surveillance,” Toomey writes. As he told The Intercept on Wednesday, “The people of this country can’t hold the government accountable for its surveillance activities unless they know what our laws allow. These secret court opinions define the limits of the government’s spying powers. Their disclosure is essential for meaningful public oversight in our democracy.”

he National Security Agency’s ability to spy on vast quantities of Internet traffic passing through the United States has relied on its extraordinary, decades-long partnership with a single company: the telecom giant AT&T. While it has been long known that American telecommunications companies worked closely with the spy agency, newly disclosed NSA documents show that the relationship with AT&T has been considered unique and especially productive. One document described it as “highly collaborative,” while another lauded the company’s “extreme willingness to help.”

AT&T’s cooperation has involved a broad range of classified activities, according to the documents, which date from 2003 to 2013. AT&T has given the NSA access, through several methods covered under different legal rules, to billions of emails as they have flowed across its domestic networks. It provided technical assistance in carrying out a secret court order permitting the wiretapping of all Internet communications at the United Nations headquarters, a customer of AT&T. The NSA’s top-secret budget in 2013 for the AT&T partnership was more than twice that of the next-largest such program, according to the documents. The company installed surveillance equipment in at least 17 of its Internet hubs on American soil, far more than its similarly sized competitor, Verizon. And its engineers were the first to try out new surveillance technologies invented by the eavesdropping agency. One document reminds NSA officials to be polite when visiting AT&T facilities, noting: “This is a partnership, not a contractual relationship.” The documents, provided by the former agency contractor Edward Snowden, were jointly reviewed by The New York Times and ProPublica.

It is not clear if the programs still operate in the same way today. Since the Snowden revelations set off a global debate over surveillance two years ago, some Silicon Valley technology companies have expressed anger at what they characterize as NSA intrusions and have rolled out new encryption to thwart them. The telecommunications companies have been quieter, though Verizon unsuccessfully challenged a court order for bulk phone records in 2014. At the same time, the government has been fighting in court to keep the identities of its telecom partners hidden. In a recent case, a group of AT&T customers claimed that the NSA’s tapping of the Internet violated the Fourth Amendment protection against unreasonable searches. This year, a federal judge dismissed key portions of the lawsuit after the Obama administration argued that public discussion of its telecom surveillance efforts would reveal state secrets, damaging national security.

Facebook has been ordered by a Belgian court to stop tracking non-Facebook users when they visit the Facebook site. Facebook has been given 48 hours to stop the tracking or face possible fines of up to 250,000 Euro a day.

Facebook has said that it will appeal the ruling, claiming that since their european headquarters are situated in Ireland, they should only be bound by the Irish Data Protection Regulator. Facebook’s chief of security Alex Stamos has posted an explanation about why non-Facebook users are tracked when they visit the site. The tracking issue centres around the creation of a “cookie” called “datr” whenever anyone visits a Facebook page. This cookie contains an identification number that identifies the same browser returning each time to different Facebook pages. Once created, the cookie will last 2 years unless the user explicitly deletes it. The cookie is created for all visitors to Facebook, irrespective of whether they are a Facebook user or even whether they are logged into Facebook at the time. According to Stamos, the measure is needed to: Prevent the creation of fake and spammy accounts Reduce the risk of someone’s account being taken over by someone else Protect people’s content from being stolen Stopping denial of service attacks against Facebook

The principle behind this is that if you can identify requests that arrive at the site for whatever reason, abnormal patterns may unmask people creating fake accounts, hijacking a real account or just issuing so many requests that it overwhelms the site. Stamos’ defence of tracking users is that they have been using it for the past 5 years and nobody had complained until now, that it was common practice and that there was little harm because the data was not collected for any purpose other than security. The dilemma raised by Facebook’s actions is a common one in the conflicting spheres of maintaining privacy and maintaining security. It is obvious that if you can identify all visitors to a site, then it is possible to determine more information about what they are doing than if they were anonymous. The problem with this from a moral perspective is that everyone is being tagged, irrespective of whether their intent was going to be malicious or not. It is essentially compromising the privacy of the vast majority for the sake of a much smaller likelihood of bad behaviour.

A US District Judge in San Jose, California says she was "disturbed" over Google's data collection practices, after learning that the company still collects and uses data from users in its Chrome browser's so-called 'incognito' mode - and has demanded an explanation "about what exactly Google does," according to Bloomberg.

In a class-action lawsuit that describes the company's private browsing claims as a "ruse" - and "seeks $5,000 in damages for each of the millions of people whose privacy has been compromised since June of 2016," US District Judge Lucy Koh said she finds it "unusual" that the company would make the "extra effort" to gather user data if it doesn't actually use the information for targeted advertising or to build user profiles.Koh has a long history with the Alphabet Inc. subsidiary, previously forcing the Mountain View, California-based company to disclose its scanning of emails for the purposes of targeted advertising and profile building.In this case, Google is accused of relying on pieces of its code within websites that use its analytics and advertising services to scrape users’ supposedly private browsing history and send copies of it to Google’s servers. Google makes it seem like private browsing mode gives users more control of their data, Amanda Bonn, a lawyer representing users, told Koh. In reality, “Google is saying there’s basically very little you can do to prevent us from collecting your data, and that’s what you should assume we’re doing,” Bonn said.Andrew Schapiro, a lawyer for Google, argued the company’s privacy policy “expressly discloses” its practices. “The data collection at issue is disclosed,” he said.Another lawyer for Google, Stephen Broome, said website owners who contract with the company to use its analytics or other services are well aware of the data collection described in the suit. -Bloomberg

Koh isn't buying it - arguing that the company is effectively tricking users under the impression that their information is not being transmitted to the company."I want a declaration from Google on what information they’re collecting on users to the court’s website, and what that’s used for," Koh demanded.The case is Brown v. Google, 20-cv-03664, U.S. District Court, Northern District of California (San Jose), via Bloomberg.

Facebook and Google are among multiple Big Tech companies seeking to have Texas’ new law banning political censorship on social media axed by the Supreme Court. According to The Washington Post, advocacy groups NetChoice and the Computer & Communications Industry Association (CCIA) filed an emergency application with the U.S. Supreme Court on Friday on behalf of Facebook, Google and other Big Tech companies, with the intention of striking down the new Texas law that prohibits censorship based on political ideology on social media. In a statement about the emergency filing, NetChoice counsel Chris Marchese argues that the Texas law, which went into effect last Wednesday, “strips private online businesses of their speech rights, forbids them from making constitutionally protected editorial decisions, and forces them to publish and promote objectionable content.”

“Left standing, [the Texas law] will turn the First Amendment on its head — to violate free speech, the government need only claim to be ‘protecting’ it,” Marchese added. Under the law, Texas residents and the state’s attorney general would be permitted to sue social media companies based in the United States if they believe their social media accounts were censored based on their political views. While the law was initially blocked by a federal district judge after it was signed last September by Texas Gov. Greg Abbot, the injunction was ultimately lifted by an appeals court last Wednesday. Big Tech companies have been consistently charged with weaponizing their “Terms of Service” agreements with users in an effort to ban or censor those expressing traditionally conservative or right-wing views on their extremely large and influential platforms.

EFF filed a brief in federal court arguing that a lower court’s ruling jeopardizes the online platforms that make the Internet a robust platform for users’ free speech. The brief, filed in the U.S. Court of Appeals for the Ninth Circuit, argues that 47 U.S.C. § 230, enacted as part of the Communications Decency Act (known simply as “Section 230”) broadly protects online platforms, including review websites, when they aggregate or otherwise edit users’ posts. Generally, Section 230 provides legal immunity for online intermediaries that host or republish speech by protecting them against a range of laws that might otherwise be used to hold them legally responsible for what others say and do. Section 230’s immunity directly led to the development of the platforms everyone uses today, allowing people to upload videos to their favorite platforms such as YouTube, as well as leave reviews on Amazon or Yelp. It also incentivizes the creation of new platforms that can host users’ content, leading to more innovation that enables the robust free speech found online. The lower court’s decision in Consumer Cellular v. ConsumerAffairs.com, however, threatens to undermine the broad protections of Section 230, EFF’s brief argues.

In the case, Consumer Cellular alleged, among other things, that ConsumerAffairs.com should be held liable for aggregating negative reviews about its business into a star rating. It also alleged that ConsumerAffairs.com edited or otherwise deleted certain reviews of Consumer Cellular in bad faith. Courts and the text of Section 230, however, plainly allow platforms to edit or aggregate user-generated content into summaries or star ratings without incurring legal liability, EFF’s brief argues. It goes on: “And any function protected by Section 230 remains so regardless of the publisher’s intent.” By allowing Consumer Cellular’s claims against ConsumerAffairs.com to proceed, the lower court seriously undercut Section 230’s legal immunity for online platforms. If the decision is allowed to stand, EFF’s brief argues, then platforms may take steps to further censor or otherwise restrict user content out of fear of being held liable. That outcome, EFF warns, could seriously diminish the Internet’s ability to serve as a diverse forum for free speech. The Internet it is constructed of and depends upon intermediaries. The many varied online intermediary platforms, including Twitter, Reddit, YouTube, and Instagram, all give a single person, with minimal resources, almost anywhere in the world the ability to communicate with the rest of the world. Without intermediaries, that speaker would need technical skill and money that most people lack to disseminate their message. If our legal system fails to robustly protect intermediaries, it fails to protect free speech online.

Meta could shut down Facebook and Instagram throughout Europe if regulators are unable to hammer out a permanent data transfer deal, the company warned in a recent SEC filing. The claim from Mark Zuckerberg’s company came as officials in the European Union and US attempt to craft a new trans-Atlantic data transfer agreement. The EU’s Court of Justice struck down a previous agreement, dubbed Privacy Shield, in 2020, due to concerns it could not ensure data security for Europeans once it is sent to the US. Without a transnational deal in place, Meta could face legal and regulatory obstacles when it transfers user data, which plays a key role in its lucrative advertising business that comprises the bulk of the company’s annual revenue. “If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs (standard contractual clauses) or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe,” Meta officials said in the filing.

Experts and sources with knowledge of the situation say the most controversial Internet bill of the year, the Cyber Information Sharing and Protection Act (CISPA), is already dead in the water. That's good news for the millions worldwide who have formally registered their opposition to the bill. Designed to help the U.S. fight online attacks, CISPA would make it easier for corporations that are hacked to pass what they know to government agencies—including, critics say, swaths of your private information that would otherwise be protected by law. But though CISPA resoundingly passed the House of Representatives April 18, "it is extremely unlikely for the Senate" to vote on the bill," the ACLU's Michelle Richardson told the Daily Dot.

A Senate committee aide, who requested to not be named, told the Daily Dot that "there is no possible plan to bring up CISPA," in the Senate. The aide cited the fact that the Senate tried to pass its own cybersecurity bill, the Cybersecurity Act of 2012 (CSA). While unsuccessful, it underscored a desire for legislation that took more explicit efforts to protect individuals' Internet privacy. "There are just too many problems with it," the aide said of CISPA. This is backed up by U.S. News and World Report, which has reported that a staffer on the Senate's Committee on Commerce, Science and Transportation explicitly claims CISPA is no longer a possibility, and senators are "drafting separate bills" to include some CISPA provisions.

Now that the House of Representatives has floated a superficial net neutrality bill, it's the Senate's turn. Louisiana Senator John Kennedy has introduced a companion version of the Open Internet Preservation Act that effectively replicates the House measure put forward by Tennessee Representative Marsha Blackburn. As before, it supports net neutrality only on a basic level -- and there are provisions that would make it difficult to combat other abuses. The legislation would technically forbid internet providers from blocking and throttling content, but it wouldn't bar paid prioritization. Theoretically, ISPs could create de facto "slow lanes" for competing services by offering mediocre speeds unless they pay for faster connections. The bill would also curb the FCC's ability to deal with other violations, and would prevent states from passing their own net neutrality laws. In short, the bill is much more about limiting regulation than protecting open access and competition.Kennedy's bill isn't expected to go far in the Senate, just as Blackburn's hasn't done much in the House. However, his proposal comes mere days after senators put forward a Congressional Review Act that would undo the FCC's decision to kill net neutrality. Kennedy had claimed he was considering support for the CRA, but his proposal contradicts that -- why push a heavily watered-down bill if you were willing to revert to the stronger legislation? It's not a completely surprising move and is largely symbolic, but it's disappointing for those who hoped there would be truly bipartisan support for a return to net neutrality.

A former Google engineer has released nearly 1,000 pages of documents that he says prove that the company, at least in some of its products, secretly boosts or demotes content based on what it deems to be true or false, while publicly claiming to be a neutral platform. The software engineer, Zach Vorhies, first provided the documents to Project Veritas, a right-leaning investigative journalism nonprofit, as well as the Justice Department’s antitrust division, which has been investigating Google for potentially anti-competitive behavior.

When he returned to work, however, Google sent him a letter demanding, among other things, that he turn over his employee badge and work laptop, which he did, and “cease and desist” from disclosing “any non-public Google files.” Afraid for his safety, he posted on Twitter that if something would happen to him, all the documents he took would be released to the public.Google then did a “wellness check” on him, he said. The San Francisco police received a call that Vorhies may be mentally ill. A group of officers waited for him outside his house and put him in handcuffs. “This is a large way in which they intimidate their employees that go rogue on the company,” he said.Vorhies then decided that it would be safer for him to go public.

One of the goals of the effort was a “clean & regularly sanitized news corpus,” it reads.

Amazon will pay almost $62 million to settle allegations by the U.S. Federal Trade Commission that it avoided handing over the full pay and tips it promised to delivery drivers, according to the agency.The company is giving back the amount it kept, according to a complaint released earlier this year by the agency, after it told Amazon Flex drivers and customers in 2015 it would pay $18 to $25 hourly plus tips. Instead, beginning the following year, it used tips to supplement lower base pay rates, and tried to hide the changes, according to the FTC."For a period of over two and a half years, without consumers' permission, Amazon secretly used nearly a third of customer tips to subsidize its own pay to drivers," the FTC had found.Under the 20-year settlement, Amazon will also need consent from drivers to change their pay scheme. All commissioners voted unanimously to approve the settlement.

Leftists and other progressives have lost their cool on the completion of Elon Musk's takeover of Twitter. Advertisement - story continues below "It's like the gates of hell opened on this site tonight," claimed tech columnist Taylor Lorenz on social media. Fox News reported Musk, the noted billionaire of SpaceX and Tesla fame, immediately fired several top executives, including CEO Parag Agrawal, CFO Ned Segal and Vijaya Gadde, the chief of legal policy, trust and safety.

Musk accused them of misleading him – and other investors – over the number of fake accounts on the platform, Fox reported a source confirmed.

In the plethora of copyright lawsuits against artificial intelligence developers, a pair of complaints filed on Wednesday against OpenAI and related defendants stands out.Unlike most of the authors, artists and news organizations that have sued AI developers, The Intercept Media, opens new tab and Raw Story Media, opens new tab are not alleging straightforward copyright infringement claims. The media companies are instead asserting only that OpenAI and its co-defendants violated the Digital Millennium Copyright Act, or DMCA, deliberately undermining their copyrights by stripping identifying information out of articles used to train the AI system behind the popular chatbot ChatGPT.As my Reuters colleague Blake Brittain reported on Wednesday, the 1998 federal DMCA statute prohibits the removal of information that can help copyright holders detect infringement, including article titles, author names and copyright dates.

The head of the FBI on Wednesday defended putting a piece of tape over his personal laptop's webcam, claiming the security step was a common sense one that most should take.  “There’s some sensible things you should be doing, and that’s one of them,” Director James Comey said during a conference at the Center for Strategic and International Studies.ADVERTISEMENT“You go into any government office and we all have the little camera things that sit on top of the screen,” he added. “They all have a little lid that closes down on them.“You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.”Comey was pilloried online earlier this year, after he revealed that he puts a piece of tape over his laptop camera to keep away prying eyes. The precaution is a common one among security advocates, given the relative ease of hacking laptop cameras.  

But many found it ironic for Comey, who this year launched a high profile battle against Apple to gain access to data locked inside of the iPhone used by one of the San Bernardino, Calif., terrorists. Many viewed that fight as a referendum on digital privacy.Comey was “much mocked for that,” he acknowledged on Wednesday.But he still uses the tape on his laptop.“I hope people lock their cars,” he said. “Lock your doors at night… if you have an alarm system, you should use it.”“It’s not crazy that the FBI director cares about personal security as well,” the FBI director added. “So I think people ought to take responsibility for their own safety and security.”

In a Chicago court, several Facebook users filed a class-action lawsuit against the social media giant for allegedly violating its users’ privacy rights to acquire the largest privately held stash of biometric face-recognition data in the world. The court documents reveal claims that “Facebook began violating the Illinois Biometric Information Privacy Act (IBIPA) of 2008 in 2010, in a purported attempt to make the process of tagging friends easier.”

This was accomplished through the “tag suggestions” feature provided by Facebook which “scans all pictures uploaded by users and identifies any Facebook friends they may want to tag.” The Facebook users maintain that this feature is a “form of data mining [that] violates user’s privacy”. One plaintiff said this is a “brazen disregard for its users’ privacy rights,” through which Facebook has “secretly amassed the world’s largest privately held database of consumer biometrics data.” Because “Facebook actively conceals” their protocol using “faceprint databases” to identify Facebook users in photos, and “doesn’t disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them.”

This would be a violation of the IBIPA which states it is “unlawful to collect biometric data without written notice to the subject stating the purpose and length of the data collection, and without obtaining the subject’s written release.” Because all users are automatically part of the “faceprint’ facial recognition program, this is an illegal act in the state of Illinois, according to the complaint. Jay Edelson, attorney for the plaintiffs, asserts the opt-out ability to prevent other Facebook users from tagging them in photos is “insufficient”.

Meta Platforms Inc (META.O) reached a $37.5 million settlement of a lawsuit accusing the parent of Facebook of violating users' privacy by tracking their movements through their smartphones without permission.A preliminary settlement of the proposed class action was filed on Monday in San Francisco federal court, and requires a judge's approval.It resolved claims that Facebook violated California law and its own privacy policy by gathering data from users who turned off Location Services on their mobile devices.Register now for FREE unlimited access to Reuters.comRegisterAdvertisement · Scroll to continueThe users said that while they did not want to share their locations with Facebook, the company nevertheless inferred where they were from their IP (internet protocol) addresses, and used that information to send them targeted advertising.Monday's settlement covers people in the United States who used Facebook after Jan. 30, 2015.Meta denied wrongdoing in agreeing to settle. It did not immediately respond on Tuesday to requests for comment.Advertisement · Scroll to continueIn June 2018, Facebook and Chief Executive Mark Zuckerberg told the U.S. Congress that the Menlo Park, California-based company uses location data "to help advertisers reach people in particular areas."As an example, it said users who dined at particular restaurants might receive posts from friends who also ate there, or ads from businesses that wanted to provide services nearby.The lawsuit began in November 2018. Lawyers for the plaintiffs may seek up to 30% of Monday's settlement for legal fees, settlement papers show.Advertisement · Scroll to continueThe cases is Lundy et al v Facebook Inc, U.S. District Court, Northern District of California, No. 18-06793.

On Monday, a hacking group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide. The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency. The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.” That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.