Group items matching

in title, tags, annotations or url

NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress

Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”

At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.

The Berkeley City Council is poised to vote March 13 on the Surveillance Technology Use and Community Safety Ordinance, which will significantly protect people's right to privacy and safeguard the civil liberties of Berkeley residents in this age of surveillance and Big Data. The ordinance is based on an ACLU model that was first enacted by Santa Clara County in 2016. The Los Angeles Times has editorialized that the ACLU's model ordinance approach "is so pragmatic that cities, counties, and law enforcement agencies throughout California would be foolish not to embrace it." Berkeley's Peace and Justice and Police Review commissions agreed and unanimously approved a draft that will be presented to the council on Tuesday. The ordinance requires public notice and public debate prior to seeking funding, acquiring equipment, or otherwise moving forward with surveillance technology proposals. In neighboring Oakland, we saw the negative outcome that can occur from lack of such a discussion, when the city's administration pursued funding for, and began building, the citywide surveillance network known as the Domain Awareness Center ("DAC") without community input. Ultimately, the community rejected the project, and the fallout led to the establishment of a Privacy Advisory Commission and subsequent consideration of a similar surveillance ordinance to ensure proper vetting occurs up front, not after the fact. ✖ Play VideoPauseUnmuteCurrent Time 0:00/Duration Time 0:00Loaded: 0%Progress: 0%Stream TypeLIVERemaining Time -0:00 Playback Rate1ChaptersChaptersdescriptions off, selectedDescriptionssubtitles off, selectedSubtitlescaptions settings, opens captions settings dialogcaptions off, selectedCaptionsAudio TrackFullscreenThis is a modal window.Caption Settings DialogBeginning of dialog window. Escape will cancel and close the window.

A bill that would bring a local version of net neutrality to Oregon is headed for the Governor's desk.House Bill 4155 would prevent public bodies such as state and local governments and school districts, from contracting with broadband providers that engage in "paid prioritization."An example of paid prioritization would be a provider supplying faster internet speeds to an entity like Amazon's streaming service, provided Amazon pays an extra fee.The bill passed easily in both the House and Senate, despite opposition from several Republicans.

The Oregon Cable Telecommunications Association opposed the bill, as did Comcast and Century Link, two local broadband providers.

1. Executive Summary Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”).  On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers.  We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.  NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management. The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.  We are calling this exploit chain Trident.  Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.   We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.

The Trident Exploit Chain: CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution CVE-2016-4655: An application may be able to disclose kernel memory CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges Once we confirmed the presence of what appeared to be iOS zero-days, Citizen Lab and Lookout quickly initiated a responsible disclosure process by notifying Apple and sharing our findings. Apple responded promptly, and notified us that they would be addressing the vulnerabilities. We are releasing this report to coincide with the availability of the iOS 9.3.5 patch, which blocks the Trident exploit chain by closing the vulnerabilities that NSO Group appears to have exploited and sold to remotely compromise iPhones. Recent Citizen Lab research has shown that many state-sponsored spyware campaigns against civil society groups and human rights defenders use “just enough” technical sophistication, coupled with carefully planned deception. This case demonstrates that not all threats follow this pattern.  The iPhone has a well-deserved reputation for security.  As the iPhone platform is tightly controlled by Apple, technically sophisticated exploits are often required to enable the remote installation and operation of iPhone monitoring tools. These exploits are rare and expensive. Firms that specialize in acquiring zero-days often pay handsomely for iPhone exploits.  One such firm, Zerodium, acquired an exploit chain similar to the Trident for one million dollars in November 2015. The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting. Remarkably, this case marks the third commercial “lawful intercept” spyware suite employed in attempts to compromise Mansoor.  In 2011, he was targeted with FinFisher’s FinSpy spyware, and in 2012 he was targeted with Hacking Team’s Remote Control System.  Both Hacking Team and FinFisher have been the object of several years of revelations highlighting the misuse of spyware to compromise civil society groups, journalists, and human rights workers.

Military planners should not anticipate that the United States will ever dominate cyberspace, the Joint Chiefs of Staff said in a new doctrinal publication. The kind of supremacy that might be achievable in other domains is not a realistic option in cyber operations. “Permanent global cyberspace superiority is not possible due to the complexity of cyberspace,” the DoD publication said. In fact, “Even local superiority may be impractical due to the way IT [information technology] is implemented; the fact US and other national governments do not directly control large, privately owned portions of cyberspace; the broad array of state and non-state actors; the low cost of entry; and the rapid and unpredictable proliferation of technology.” Nevertheless, the military has to make do under all circumstances. “Commanders should be prepared to conduct operations under degraded conditions in cyberspace.” This sober assessment appeared in a new edition of Joint Publication 3-12, Cyberspace Operations, dated June 8, 2018. (The 100-page document updates and replaces a 70-page version from 2013.) The updated DoD doctrine presents a cyber concept of operations, describes the organization of cyber forces, outlines areas of responsibility, and defines limits on military action in cyberspace, including legal limits.

The new cyber doctrine reiterates the importance and the difficulty of properly attributing cyber attacks against the US to their source. “The ability to hide the sponsor and/or the threat behind a particular malicious effect in cyberspace makes it difficult to determine how, when, and where to respond,” the document said. “The design of the Internet lends itself to anonymity and, combined with applications intended to hide the identity of users, attribution will continue to be a challenge for the foreseeable future.”

Perhaps it goes without saying that 5G promises to be highly profitable for wireless and tech companies. Some industry analysts have predicted that 5G could generate up to $12.3 trillion in goods and services by 2035, and add 22 million jobs in the U.S. alone. This helps explain why the carriers are so eager for us to share their vision for a better tomorrow — a world in which bandwidth, speed, and growth are virtues in and of themselves. Those “key performance indicators” are then sold to the consumer in the form of efficiency, inclusion, reliability, and convenience. And while these 5G speculations suggest a world of possibility and profit, they elide lots of potential risks and alternative futures. They also, unsurprisingly, fail to ask about the wisdom of entrusting the telecom industry (which has a long history of unscrupulous, monopolistic business practices) and the tech industry (newly under fire for similar reasons) to build what is purportedly the critical infrastructure for a planned global transformation.

While there is considerable telecom hubris regarding the 5G rollout and increasing speculation that the next generation of wireless is not yet ready for Prime Time, the industry continues to make promises to Rural America that it has no intention of fulfilling. Decades-long promises to deliver digital Utopia to rural America by T-Mobile, Verizon and AT&T have never materialized.  

In 2017, the USDA reported that 29% of American farms had no internet access. The FCC says that 14 million rural Americans and 1.2 million Americans living on tribal lands do not have 4G LTE on their phones, and that 30 million rural residents do not have broadband service compared to 2% of urban residents.  It’s beginning to sound like a Third World country. Despite an FCC $4.5 billion annual subsidy to carriers to provide broadband service in rural areas, the FCC reports that ‘over 24 million Americans do not have access to high-speed internet service, the bulk of them in rural area”while a  Microsoft Study found that  “162 million people across the US do not have internet service at broadband speeds.” At the same time, only three cable companies have access to 70% of the market in a sweetheart deal to hike rates as they avoid competition and the FCC looks the other way.  The FCC believes that it would cost $40 billion to bring broadband access to 98% of the country with expansion in rural America even more expensive.  While the FCC has pledged a $2 billion, ten year plan to identify rural wireless locations, only 4 million rural American businesses and homes will be targeted, a mere drop in the bucket. Which brings us to rural mapping: Since the advent of the digital age, there have been no accurate maps identifying where broadband service is available in rural America and where it is not available.  The FCC has a long history of promulgating unreliable and unverified carrier-provided numbers as the Commission has repeatedly ‘bungled efforts to produce accurate broadband maps” that would have facilitated rural coverage. During the Senate Commerce Committee hearing on April 10th regarding broadband mapping, critical testimony questioned whether the FCC and/or the telecom industry have either the commitment or the proficiency to provide 5G to rural America.  Members of the Committee shared concerns that 5G might put rural America further behind the curve so as to never catch up with the rest of the country

Hong said Apple dropped to fourth place in global smartphone sales, shipping 35.3 million iPhones in 2Q19 compared to the 36.2 million units shipped by Oppo, 58.7 million units by Huawei, and 75.1 million units by Samsung. "Apple continues to face challenges in terms of unit shipments -- a trend that is unlikely to be fixed soon," Hong said. While Apple has been marketing overpriced iPhones, Samsung, Huawei, and Oppo have been quickly building market share, taking some of it away from Apple, by offering reasonably priced smartphones.

The Wall Street Journal reports Huawei Manages to Make Smartphones Without American Chips. American tech companies are getting the go-ahead to resume business with Chinese smartphone giant Huawei Technologies Co., but it may be too late: It is now building smartphones without U.S. chips. Huawei’s latest phone, which it unveiled in September—the Mate 30 with a curved display and wide-angle cameras that competes with Apple Inc.’s iPhone 11—contained no U.S. parts, according to an analysis by UBS and Fomalhaut Techno Solutions, a Japanese technology lab that took the device apart to inspect its insides. In May, the Trump administration banned U.S. shipments to Huawei as trade tensions with Beijing escalated. That move stopped companies like Qualcomm Inc. and Intel Corp. from exporting chips to the company, though some shipments of parts resumed over the summer after companies determined they weren’t affected by the ban. Meanwhile, Huawei has made significant strides in shedding its dependence on parts from U.S. companies. (At issue are chips from U.S.-based companies, not those necessarily made in America; many U.S. chip companies make their semiconductors abroad.) Huawei long relied on suppliers like Qorvo Inc., the North Carolina maker of chips that are used to connect smartphones with cell towers, and Skyworks Solutions Inc., a Woburn, Mass.-based company that makes similar chips. It also used parts from Broadcom Inc., the San Jose-based maker of Bluetooth and Wi-Fi chips, and Cirrus Logic Inc., an Austin, Texas-based company that makes chips for producing sound.

India is the world’s largest democracy and is home to 13.5 percent of the world’s internet users. So the Indian Supreme Court’s August ruling that privacy is a fundamental, constitutional right for all of the country’s 1.32 billion citizens was momentous. But now, close to three months later, it’s still unclear exactly how the decision will be implemented. Will it change everything for internet users? Or will the status quo remain? The most immediate consequence of the ruling is that tech companies such as Facebook, Twitter, Google, and Alibaba will be required to rein in their collection, utilization, and sharing of Indian user data. But the changes could go well beyond technology. If implemented properly, the decision could affect national politics, business, free speech, and society. It could encourage the country to continue to make large strides toward increased corporate and governmental transparency, stronger consumer confidence, and the establishment and growth of the Indian “individual” as opposed to the Indian collective identity. But that’s a pretty big if. Advertisement The privacy debate in India was in many ways sparked by a controversy that has shaken up the landscape of national politics for several months. It began in 2016 as a debate around a social security program that requires participating citizens to obtain biometric, or Aadhaar, cards. Each card has a unique 12-digit number and records an individual’s fingerprints and irises in order to confirm his or her identity. The program was devised to increase the ease with which citizens could receive social benefits and avoid instances of fraud. Over time, Aadhaar cards have become mandatory for integral tasks such as opening bank accounts, buying and selling property, and filing tax returns, much to the chagrin of citizens who are uncomfortable about handing over their personal data. Before the ruling, India had weak privacy protections in place, enabling unchecked data collection on citizens by private companies and the government. Over the past year, a number of large-scale data leaks and breaches that have impacted major Indian corporations, as well as the Aadhaar program itself, have prompted users to start asking questions about the security and uses of their personal data.

n order to bolster the ruling the government will also be introducing a set of data protection laws that are to be developed by a committee led by retired Supreme Court judge B.N. Srikrishna. The committee will study the data protection landscape, develop a draft Data Protection Bill, and identify how, and whether, the Aadhaar Act should be amended based on the privacy ruling.

Should the data protection laws be implemented in an enforceable manner, the ruling will significantly impact the business landscape in India. Since the election of Prime Minister Narendra Modi in May 2014, the government has made fostering and expanding the technology and startup sector a top priority. The startup scene has grown, giving rise to several promising e-commerce companies, but in 2014, only 12 percent of India’s internet users were online consumers. If the new data protection laws are truly impactful, companies will have to accept responsibility for collecting, utilizing, and protecting user data safely and fairly. Users would also have a stronger form of redress when their newly recognized rights are violated, which could transform how they engage with technology. This has the potential to not only increase consumer confidence but revitalize the Indian business sector, as it makes it more amenable and friendly to outside investors, users, and collaborators.

Six4Three recently published a playbook for the FTC to get to the bottom of Facebook’s secretive deals selling user data without privacy controls. In light of The New York Times article reporting multiple criminal investigations into Facebook surrounding these secretive deals, we’re publishing the playbook for criminal investigators.Perhaps the most important recognition at the outset is that the secretive deals that have been reported, whether those with a handful of device manufacturers or with 150 large technology companies, are just the tip of the iceberg. Those secretive deals handing over user data in exchange for gobs of cash were merely part and parcel of a much broader illegal scheme that begins with Facebook’s transition to mobile in 2012 and continues to this very day. We believe this illegal scheme amounts to a clear RICO violation. The United Kingdom Parliament agrees. Here’s how criminal investigators can overcome Facebook’s incredibly effective concealment campaign and bring a viable RICO case.Facebook’s pattern of racketeering activity is a play in three acts from at least 2012 to present. The first act is all about the desperation resulting from the collapse of Facebook’s desktop advertising business right around its IPO and the various securities violations that resulted. The second act is about covering up those securities violations by illegally building its mobile advertising business via extortion and wire fraud in order to close the gap in Facebook’s revenue projections before the world took notice, which likely resulted in additional securities violations. The third act is about covering up the extortion and wire fraud by lying to government officials investigating Facebook while continuing to effectuate the scheme. We are still in the third act.For almost a decade now Facebook has been covering up one illegal act with another in order to hide how it managed to ramp up its mobile advertising business faster than any other business in the history of capitalism. The abuses of Facebook’s data, from Russian interference in the 2016 election to Cambridge Analytica and Brexit, all stem in substantial part from the decisions Facebook knowingly, willfully and maliciously made to facilitate this criminal conspiracy. Put simply, Facebook’s transition to mobile destabilized the world.

The BMJ asked Facebook co-founder Mark Zuckerberg to remove a warning that discourages Facebook users from sharing an article about flaws in Pfizer’s COVID vaccine trial, saying the platform’s “incompetent” fact checkers are unfaily labeling stories as false. In an open letter Friday, The BMJ editors explained how some readers are unable to post its Nov. 2 article on Facebook. Other readers have received pop-up warnings that if they choose to share “false information,” their posts may rank lower in Facebook’s news feed.

“We find the ‘fact check’ performed by Lead Stories to be inaccurate, incompetent and irresponsible,” wrote The BMJ editors Fiona Godlee and Kamran Abbasi. “It fails to provide any assertions of fact that The BMJ article got wrong.” The BMJ article last month documented a host of poor practices that may have hurt data integrity and patient safety in the Phase 3 trial for Pfizer’s COVID vaccine. A whistleblower had supplied The BMJ with internal company documents, photos, audio recordings and e-mails from a contract research company overseeing some trial sites. The U.S. Food and Drug Administration declined to inspect the affected sites despite receiving a direct complaint in 2020, The BMJ said. Pfizer’s vaccine, called Comirnaty, received approval in August 2021. “There is also a wider concern that we wish to raise,” The BMJ wrote in its letter to Zuckerberg. “We are aware that The BMJ is not the only high quality information provider to have been affected by the incompetence of Meta’s fact checking regime.”

Facebook isn’t Lead Stories’ only client. The company also works for Google, ByteDance (TikTok’s owner) and the Poynter Institute for Media Studies. The fact checker’s stated mission is to “hunt for trending stories, images, videos and posts that contain false information in order to fact check them as quickly as possible.” The BMJ urged Zuckerberg to act swiftly, “specifically to correct the error relating to The BMJ’s article and to review the processes that led to the error; and generally to reconsider your investment in and approach to fact checking overall.”

Meta Platforms Inc (META.O) reached a $37.5 million settlement of a lawsuit accusing the parent of Facebook of violating users' privacy by tracking their movements through their smartphones without permission.A preliminary settlement of the proposed class action was filed on Monday in San Francisco federal court, and requires a judge's approval.It resolved claims that Facebook violated California law and its own privacy policy by gathering data from users who turned off Location Services on their mobile devices.Register now for FREE unlimited access to Reuters.comRegisterAdvertisement · Scroll to continueThe users said that while they did not want to share their locations with Facebook, the company nevertheless inferred where they were from their IP (internet protocol) addresses, and used that information to send them targeted advertising.Monday's settlement covers people in the United States who used Facebook after Jan. 30, 2015.Meta denied wrongdoing in agreeing to settle. It did not immediately respond on Tuesday to requests for comment.Advertisement · Scroll to continueIn June 2018, Facebook and Chief Executive Mark Zuckerberg told the U.S. Congress that the Menlo Park, California-based company uses location data "to help advertisers reach people in particular areas."As an example, it said users who dined at particular restaurants might receive posts from friends who also ate there, or ads from businesses that wanted to provide services nearby.The lawsuit began in November 2018. Lawyers for the plaintiffs may seek up to 30% of Monday's settlement for legal fees, settlement papers show.Advertisement · Scroll to continueThe cases is Lundy et al v Facebook Inc, U.S. District Court, Northern District of California, No. 18-06793.

There’s a setting on your phone and web browser that Google is desperate to keep you from discovering. How desperate? In 2021 alone, Google paid Apple, Samsung and others $26.3 billion to keep it buried.

That’s more money each year than McDonald’s makes selling burgers.This setting affects who gets to track your location and watch what you look up online. It affects the usefulness of the information you see and how much of your screen is taken up by ads.

I’m talking about your search engine — what pops up the answers when you type into the search bar. Google pays the makers of phones, laptops and browsers to be your default and to stop them from even presenting you other options during setup. It’s billions for a favor.