Skip to main content

Home/ Open Web/ Group items tagged enforcement

Rss Feed Group items tagged

Paul Merrell

Apple's New Challenge: Learning How the U.S. Cracked Its iPhone - The New York Times - 0 views

  • Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw.But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked.The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.
  •  
    It would make a very interesting Freedom of Information Act case if Apple sued under that Act to force disclosure of the security hole iPhone product defect the FBI exploited. I know of no interpretation of the law enforcement FOIA exemption that would justify FBI disclosure of the information. It might be alleged that the information is the trade secret of the company that disclosed the defect and exploit to the the FBI, but there's a very strong argument that the fact that the information was shared with the FBI waived the trade secrecy claim. And the notion that government is entitled to collect product security defects and exploit them without informing the exploited product's company of the specific defect is extremely weak.  Were I Tim Cook, I would have already told my lawyers to get cracking on filing the FOIA request with the FBI to get the legal ball rolling. 
Paul Merrell

Nearly Everyone In The U.S. And Canada Just Had Their Private Cell Phone Location Data ... - 0 views

  • A company by the name of LocationSmart isn't having a particularly good month. The company recently received all the wrong kind of attention when it was caught up in a privacy scandal involving the nation's wireless carriers and our biggest prison phone monopoly. Like countless other companies and governments, LocationSmart buys your wireless location data from cell carriers. It then sells access to that data via a portal that can provide real-time access to a user's location via a tailored graphical interface using just the target's phone number.
  • Theoretically, this functionality is sold under the pretense that the tool can be used to track things like drug offenders who have skipped out of rehab. And ideally, all the companies involved were supposed to ensure that data lookup requests were accompanied by something vaguely resembling official documentation. But a recent deep dive by the New York Times noted how the system was open to routine abuse by law enforcement, after a Missouri Sherrif used the system to routinely spy on Judges and fellow law enforcement officers without much legitimate justification (or pesky warrants): "The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show. Between 2014 and 2017, the sheriff, Cory Hutcheson, used the service at least 11 times, prosecutors said. His alleged targets included a judge and members of the State Highway Patrol. Mr. Hutcheson, who was dismissed last year in an unrelated matter, has pleaded not guilty in the surveillance cases." It was yet another example of the way nonexistent to lax consumer privacy laws in the States (especially for wireless carriers) routinely come back to bite us. But then things got worse.
  • Driven by curiousity in the wake of the Times report, a PhD student at Carnegie Mellon University by the name of Robert Xiao discovered that the "try before you buy" system used by LocationSmart to advertise the cell location tracking system contained a bug, A bug so bad that it exposed the data of roughly 200 million wireless subscribers across the United States and Canada (read: nearly everybody). As we see all too often, the researcher highlighted how the security standards in place to safeguard this data were virtually nonexistent: "Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call. "The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here."
  • ...1 more annotation...
  • Meanwhile, none of the four major wireless carriers have been willing to confirm any business relationship with LocationSmart, but all claim to be investigating the problem after the week of bad press. That this actually results in substantive changes to the nation's cavalier treatment of private user data is a wager few would be likely to make.
Paul Merrell

HART: Homeland Security's Massive New Database Will Include Face Recognition, DNA, and ... - 0 views

  • The U.S. Department of Homeland Security (DHS) is quietly building what will likely become the largest database of biometric and biographic data on citizens and foreigners in the United States. The agency’s new Homeland Advanced Recognition Technology (HART) database will include multiple forms of biometrics—from face recognition to DNA, data from questionable sources, and highly personal data on innocent people. It will be shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments. And yet, we still know very little about it.The records DHS plans to include in HART will chill and deter people from exercising their First Amendment protected rights to speak, assemble, and associate. Data like face recognition makes it possible to identify and track people in real time, including at lawful political protests and other gatherings. Other data DHS is planning to collect—including information about people’s “relationship patterns” and from officer “encounters” with the public—can be used to identify political affiliations, religious activities, and familial and friendly relationships. These data points are also frequently colored by conjecture and bias.
  • DHS currently collects a lot of data. Its legacy IDENT fingerprint database contains information on 220-million unique individuals and processes 350,000 fingerprint transactions every day. This is an exponential increase from 20 years ago when IDENT only contained information on 1.8-million people. Between IDENT and other DHS-managed databases, the agency manages over 10-billion biographic records and adds 10-15 million more each week.
  • DHS’s new HART database will allow the agency to vastly expand the types of records it can collect and store. HART will support at least seven types of biometric identifiers, including face and voice data, DNA, scars and tattoos, and a blanket category for “other modalities.” It will also include biographic information, like name, date of birth, physical descriptors, country of origin, and government ID numbers. And it will include data we know to by highly subjective, including information collected from officer “encounters” with the public and information about people’s “relationship patterns.”
  • ...1 more annotation...
  • DHS’s face recognition roll-out is especially concerning. The agency uses mobile biometric devices that can identify faces and capture face data in the field, allowing its ICE (immigration) and CBP (customs) officers to scan everyone with whom they come into contact, whether or not those people are suspected of any criminal activity or an immigration violation. DHS is also partnering with airlines and other third parties to collect face images from travelers entering and leaving the U.S. When combined with data from other government agencies, these troubling collection practices will allow DHS to build a database large enough to identify and track all people in public places, without their knowledge—not just in places the agency oversees, like airports, but anywhere there are cameras.Police abuse of facial recognition technology is not a theoretical issue: it’s happening today. Law enforcement has already used face recognition on public streets and at political protests. During the protests surrounding the death of Freddie Gray in 2015, Baltimore Police ran social media photos against a face recognition database to identify protesters and arrest them. Recent Amazon promotional videos encourage police agencies to acquire that company’s face “Rekognition” capabilities and use them with body cameras and smart cameras to track people throughout cities. At least two U.S. cities are already using Rekognition.DHS compounds face recognition’s threat to anonymity and free speech by planning to include “records related to the analysis of relationship patterns among individuals.” We don’t know where DHS or its external partners will be getting these “relationship pattern” records, but they could come from social media profiles and posts, which the government plans to track by collecting social media user names from all foreign travelers entering the country.
Paul Merrell

U.S., allies urge Facebook for backdoor to encryption as they fight child abuse - Reuters - 0 views

  • The United States, the United Kingdom and Australia have called on Facebook Inc to not go ahead with end-to-end encryption across its messaging services unless law enforcement officials have backdoor access, saying encryption hindered the fight against child abuse and terrorism.
  • The United States and United Kingdom also signed a special data agreement that would fast track requests from law enforcement to technology companies for information about the communications of terrorists and child predators. Law enforcement could get information in weeks or even days instead of the current wait of six months to two years. The latest tug-of-war between governments and tech companies over user data could also impact Apple Inc, Alphabet Inc’s Google and Microsoft Corp, as well as smaller encrypted chat apps like Signal.
Paul Merrell

Comcast asks the FCC to prohibit states from enforcing net neutrality | Ars Technica - 0 views

  • Comcast met with Federal Communications Commission Chairman Ajit Pai's staff this week in an attempt to prevent states from issuing net neutrality rules. As the FCC prepares to gut its net neutrality rules, broadband providers are worried that states might enact their own laws to prevent ISPs from blocking, throttling, or discriminating against online content.
  • Comcast Senior VP Frank Buono and a Comcast attorney met with Pai Chief of Staff Matthew Berry and Senior Counsel Nicholas Degani on Monday, the company said in an ex parte filing that describes the meeting. Comcast urged Pai's staff to reverse the FCC's classification of broadband as a Title II common carrier service, a move that would eliminate the legal authority the FCC uses to enforce net neutrality rules. Pai has said he intends to do just that, so Comcast will likely get its wish on that point. But Comcast also wants the FCC to go further by making a declaration that states cannot impose their own regulations on broadband. The filing said: We also emphasized that the Commission's order in this proceeding should include a clear, affirmative ruling that expressly confirms the primacy of federal law with respect to BIAS [Broadband Internet Access Service] as an interstate information service, and that preempts state and local efforts to regulate BIAS either directly or indirectly.
Paul Merrell

EU Officials Propose Internet Cops On Patrol, No Anonymity & No Obscure Languages (Beca... - 0 views

  • Back in February we wrote about the ominously-named "Clean IT" project in Europe, designed to combat the use of the Internet by terrorists. At that time, we suspected that this would produce some seriously bad ideas, but a leaked document obtained by EDRI shows that these are actually much worse than feared (pdf), amounting to a system of continuous surveillance, extrajudicial removal of content and some new proposals that can only be described as deranged.
  • And where there are laws, it must be OK for law enforcement agencies (LEAs) to ignore them and have content taken down on demand: It must be legal for LEAs to make Internet companies aware of terrorist content on their infrastructure ('flagging') that should be removed, without following the more labour intensive and formal procedures for 'notice and take action'
  • Social media companies must allow only real pictures of users Presumably you're not allowed to smile, either. Talking of social media, the Clean IT plans include the introduction of friendly "virtual police officers", constantly spying on, er, watching over Europeans online: Virtual police officers must be used to show law enforcement is present, is watchful, in order to prevent terrorist use of the Internet and make regular users feel more secure. The idea is that "virtual police officers" will be keeping an eye on you -- for your own safety, you understand. Other ways in which users will be protected from themselves is through the use of filters:
  • ...2 more annotations...
  • Among the even more interesting proposals in the leaked document seems to be the idea that the authorities can order encryption to be turned off, presumably to allow eavesdropping: In some cases notice and take action procedures must lead to security certificates of sites to be downgraded.
  • The use of platforms in languages abuse specialists or abuse systems do not master should be unacceptable and preferably technically impossible. Incredible though it might sound, that seems to suggest that less common foreign languages would be banned from the European Internet entirely in case anybody discusses naughty stuff without the authorities being able to spy on them (haven't they heard of Google Translate?) You could hardly hope for a better symbol of the paranoid and xenophobic thinking that lies behind this crazy scheme.
Gary Edwards

Leahy scuttles his warrantless e-mail surveillance bill | Politics and Law - CNET News - 0 views

  •  
    Many thanks to FreedomWorks and the Center for Democracy and Technology for the fine work they did in opposing this tyranny of our government trying to take over the Internet. excerpt: "Sen. Patrick Leahy has abandoned his controversial proposal that would grant government agencies more surveillance power -- including warrantless access to Americans' e-mail accounts -- than they possess under current law. The Vermont Democrat said today on Twitter that he would "not support such an exception" for warrantless access. The remarks came a few hours after a CNET article was published this morning that disclosed the existence of the measure. A vote on the proposal in the Senate Judiciary committee, which Leahy chairs, is scheduled for next Thursday. The amendments were due to be glued onto a substitute (PDF) to H.R. 2471, which the House of Representatives already has approved. Leahy's about-face comes in response to a deluge of criticism today, including the American Civil Liberties Union saying that warrants should be required, and the conservative group FreedomWorks launching a petition to Congress -- with more than 2,300 messages sent so far -- titled: "Tell Congress: Stay Out of My Email!" A spokesman for the senator did not respond to questions today from CNET asking for clarification of what Leahy would support next week. (We'll update this article if we receive a response.) A Democratic aide to the Judiciary committee did, however, tell CNET this afternoon that Leahy does not support broad exceptions for warrantless searches of e-mail content. A note from Leahy's Twitter account added: "Technology has created vacuum in privacy protection. Sen. Leahy believes that needs to be fixed, and #ECPA needs privacy updates." That's a reference to the 1986 Electronic Communications Privacy Act, which currently does not require that police always obtain a warrant for the contents of e-mail and other communications. This revised position will come as a relief to privacy
Paul Merrell

M of A - Assad Says The "Boy In The Ambulance" Is Fake - This Proves It - 0 views

  • Re: Major net hack - its not necessarily off topic. .gov is herding web sites into it's own little DNS animal farms so it can properly protect the public from that dangerous 'information' stuff in time of emergency. CloudFlare is the biggest abattoir... er, animal farm. CloudFlare is kind of like a protection racket. If you pay their outrageous fees, you will be 'protected' from DDoS attacks. Since CloudFlare is the preferred covert .gov tool of censorship and content control (when things go south), they are trying to drive as many sites as possible into their digital panopticons. Who the hell is Cloudflare? ISUCKER: BIG BROTHER INTERNET CULTURE On top of that, CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further… And that makes CloudFlare a whole different story: People who sign up for the service are allowing CloudFlare to monitor, observe and scrutinize all of their site’s traffic, which makes it much easier for intel or law enforcement agencies to collect info on websites and without having to hack or request the logs from each hosting company separately. But there’s more. Because CloudFlare doesn’t just passively monitor internet traffic but works like a dynamic firewall to selectively block traffic from sources it deems to be “hostile,” website operators are giving it a whole lotta power over who gets to see their content. The whole point of CloudFlare is to restrict access to websites from specific locations/IP addresses on the fly, without notifying or bothering the website owner with the details. It’s all boils down to a question of trust, as in: do you trust a shady company with known intel/law enforcement connections to make that decision?
  • And here is an added bonus for the paranoid: Because CloudFlare partially caches websites and delivers them to web surfers via its own servers, the company also has the power to serve up redacted versions of the content to specific users. CloudFlare is perfect: it can implement censorship on the fly, without anyone getting wise to it! Right now CloudFlare says it monitors nearly 1/5 of all Internet visits. [<-- this] An astounding claim for a company most people haven’t even heard of. And techie bloggers seem very excited about getting as much Internet traffic routed through them as possible! See? Plausable deniability. A couple of degrees of separation. Yet when the Borg Queen wants to start WWIII next year, she can order the DHS Stazi to order outfits like CloudFlare to do the proper 'shaping' of internet traffic to filter out unwanted information. How far is any expose of propaganda like Dusty Boy going to happen if nobody can get to sites like MoA? You'll be able to get to all kinds of tweets and NGO sites crying about Dusty Boy 2.0, but you won't see a tweet or a web site calling them out on their lies. Will you even know they interviewed Assad? Will you know the activist 'photographer' is a paid NGO shill or that he's pals with al Zenki? Nope, not if .gov can help it.
Paul Merrell

What to Do About Lawless Government Hacking and the Weakening of Digital Security | Ele... - 0 views

  • In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone’s security
  • The problem became especially clear this year during the San Bernardino case, involving the FBI’s demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones. Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI’s mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.  That’s why we’re working on a positive agenda to confront governmental threats to digital security. Put more directly, we’re calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.  
  • Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it’s time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions. This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.   
  •  
    It's not often that I disagree with EFF's positions, but on this one I do. The government should be prohibited from exploiting computer vulnerabilities and should be required to immediately report all vulnerabilities discovered to the relevant developers of hardware or software. It's been one long slippery slope since the Supreme Court first approved wiretapping in Olmstead v. United States, 277 US 438 (1928), https://goo.gl/NJevsr (.) Left undecided to this day is whether we have a right to whisper privately, a right that is undeniable. All communications intercept cases since Olmstead fly directly in the face of that right.
Gary Edwards

Feds use keylogger to thwart PGP, Hushmail | News Blogs - CNET News - 0 views

  •  
    The more i learn about the Governments illegal and un-Constitutional surveillance activities, the worse it gets.  As i read this article i couldn't help but wonder why the Government would want to disclose the warrantless activities as evidence in court?  Clearly the Government wants to have their violations of carefully enumerated Constitutional protections of individual rights validated by the nations courts.  Scary stuff. excerpt: A recent court case provides a rare glimpse into how some federal agents deal with encryption: by breaking into a suspect's home or office, implanting keystroke-logging software, and spying on what happens from afar. An agent with the Drug Enforcement Administration persuaded a federal judge to authorize him to sneak into an Escondido, Calif., office believed to be a front for manufacturing the drug MDMA, or Ecstasy. The DEA received permission to copy the hard drives' contents and inject a keystroke logger into the computers. That was necessary, according to DEA Agent Greg Coffey, because the suspects were using PGP and the encrypted Web e-mail service Hushmail.com. Coffey asserted that the DEA needed "real-time and meaningful access" to "monitor the keystrokes" for PGP and Hushmail passphrases. The aggressive surveillance techniques employed by the DEA were part of a case that resulted in a ruling on Friday (PDF) by the 9th Circuit Court of Appeals, which primarily dealt with Internet surveillance through a wiretap conducted on a PacBell (now AT&T) business DSL line used by the defendants.
Gary Edwards

Matt On Stuff: Hadoop For The Rest Of Us - 0 views

  •  
    Excellent Hadoop/Hive explanation.  Hat tip to Matt Asay for the link.  I eft a comment on Matt's blog questioning the consequences of the Oracle vs. Google Android lawsuit, and the possible enforcement of the Java API copyright claim against Hadoop/Hive.  Based on this explanation of Hadoop/Hive, i'm wondering if Oracle is making a move to claim the entire era of Big Data Cloud Computing?  To understand why, it's first necessary to read Matt the Hadoople's explanation.   kill shot excerpt: "You've built your Hadoop job, and have successfully processed the data. You've generated some structured output, and that resides on HDFS. Naturally you want to run some reports, so you load your data into a MySQL or an Oracle database. Problem is, the data is large. In fact it's so large that when you try to run a query against the table you've just created, your database begins to cry. If you listen to its sobs, you'll probably hear "I was built to process Megabytes, maybe Gigabytes of data. Not Terabytes. Not Perabytes. That's not my job. I was built in the 80's and 90's, back when floppy drives were used. Just leave me alone". "This is where Hive comes to the rescue. Hive lets you run an SQL statement against structured data stored on HDFS. When you issue an SQL query, it parses it, and translates it into a Java Map/Reduce job, which is then executed on your data. Although Hive does some optimizations, in general it just goes record by record against all your data. This means that it's relatively slow - a typical Hive query takes 5 or 10 minutes to complete, depending on how much data you have. However, that's what makes it effective. Unlike a relational database, you don't waste time on query optimization, adding indexes, etc. Instead, what keeps the processing time down is the fact that the query is run on all machines in your Hadoop cluster, and the scalability is taken care of for you." "Hive is extremely useful in data-warehousing kind of scenarios. You would
Gary Edwards

WhiteHat Aviator - The most secure browser online - 1 views

  •  
    "FREQUENTLY ASKED QUESTIONS What is WhiteHat Aviator? WhiteHat Aviator; is the most secure , most private Web browser available anywhere. By default, it provides an easy way to bank, shop, and use social networks while stopping viruses from infecting computers, preventing accounts from being hacked, and blocking advertisers from invisibly spying on every click. Why do I need a secure Web browser? According to CA Technologies, 84 percent of hacker attacks in 2009 took advantage of vulnerabilities in Web browsers. Similarly, Symantec found that four of the top five vulnerabilities being exploited were client-side vulnerabilities that were frequently targeted by Web-based attacks. The fact is, that when you visit any website you run the risk of having your surfing history, passwords, real name, workplace, home address, phone number, email, gender, political affiliation, sexual preferences, income bracket, education level, and medical history stolen - and your computer infected with viruses. Sadly, this happens on millions of websites every day. Before you have any chance at protecting yourself, other browsers force you to follow complicated how-to guides, modify settings that only serve advertising empires and install obscure third-party software. What makes WhiteHat Aviator so secure? WhiteHat Aviator; is built on Chromium, the same open-source foundation used by Google Chrome. Chromium has several unique, powerful security features. One is a "sandbox" that prevents websites from stealing files off your computer or infecting it with viruses. As good as Chromium is, we went much further to create the safest online experience possible. WhiteHat Aviator comes ready-to-go with hardened security and privacy settings, giving hackers less to work with. And our browser downloads to you - without any hidden user-tracking functionality. Our default search engine is DuckDuckGo - not Google, which logs your activity. For good measure, Aviator integrates Disconnect
Paul Merrell

U.S. knocks plans for European communication network | Reuters - 0 views

  • The United States on Friday criticized proposals to build a European communication network to avoid emails and other data passing through the United States, warning that such rules could breach international trade laws. In its annual review of telecommunications trade barriers, the office of the U.S. Trade Representative said impediments to cross-border data flows were a serious and growing concern.It was closely watching new laws in Turkey that led to the blocking of websites and restrictions on personal data, as well as calls in Europe for a local communications network following revelations last year about U.S. digital eavesdropping and surveillance."Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a 'Schengen cloud' by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them," the USTR said in the report.
  • Germany and France have been discussing ways to build a European network to keep data secure after the U.S. spying scandal. Even German Chancellor Angela Merkel's cell phone was reportedly monitored by American spies.The USTR said proposals by Germany's state-backed Deutsche Telekom to bypass the United States were "draconian" and likely aimed at giving European companies an advantage over their U.S. counterparts.Deutsche Telekom has suggested laws to stop data traveling within continental Europe being routed via Asia or the United States and scrapping the Safe Harbor agreement that allows U.S. companies with European-level privacy standards access to European data. (www.telekom.com/dataprotection)"Any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services," the USTR said. "Accordingly, USTR will be carefully monitoring the development of any such proposals."
  • U.S. tech companies, the leaders in an e-commerce marketplace estimated to be worth up to $8 trillion a year, have urged the White House to undertake reforms to calm privacy concerns and fend off digital protectionism.
  •  
    High comedy from the office of the U.S. Trade Representative. The USTR's press release is here along with a link to its report. http://www.ustr.gov/about-us/press-office/press-releases/2014/March/USTR-Targets-Telecommunications-Trade-Barriers The USTR is upset because the E.U. is aiming to build a digital communications network that does not route internal digital traffic outside the E.U., to limit the NSA's ability to surveil Europeans' communications. Part of the plan is to build an E.U.-centric cloud that is not susceptible to U.S. court orders. This plan does not, of course, sit well with U.S.-based cloud service providers.  Where the comedy comes in is that the USTR is making threats to go to the World Trade organization to block the E.U. move under the authority of the General Agreement on Trade in Services (GATS). But that treaty provides, in article XIV, that:  "Subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by any Member of measures: ... (c)      necessary to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:   ... (ii)     the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts[.]" http://www.wto.org/english/docs_e/legal_e/26-gats_01_e.htm#articleXIV   The E.U., in its Treaty on Human Rights, has very strong privacy protections for digital communications. The USTR undoubtedly knows all this, and that the WTO Appellate Panel's judges are of the European mold, sticklers for protection of human rights and most likely do not appreciate being subjects o
Paul Merrell

EFF to Court: U.S. Warrants Don't Apply to Overseas Emails | Electronic Frontier Founda... - 0 views

  • The Electronic Frontier Foundation (EFF) has urged a federal court to block a U.S. search warrant ordering Microsoft to turn over a customer's emails held in an overseas server, arguing that the case has dangerous privacy implications for Internet users everywhere. The case started in December of last year, when a magistrate judge in New York signed a search warrant seeking records and emails from a Microsoft account in connection with a criminal investigation. However, Microsoft determined that the emails the government sought were on a Microsoft server in Dublin, Ireland. Because a U.S. judge has no authority to issue warrants to search and seize property or data abroad, Microsoft refused to turn over the emails and asked the magistrate to quash the warrant. But the magistrate denied Microsoft's request, ruling there was no foreign search because the data would be reviewed by law enforcement agents in the U.S.
  • Microsoft appealed the decision. In an amicus brief in support of Microsoft, EFF argues the magistrate's rationale ignores the fact that copying the emails is a "seizure" that takes place in Ireland. "The Fourth Amendment protects from unreasonable search and seizure. You can't ignore the 'seizure' part just because the property is digital and not physical," said EFF Staff Attorney Hanni Fakhoury. "Ignoring this basic point has dangerous implications – it could open the door to unfounded law enforcement access to and collection of data stored around the world."
  • For the full brief in this case:https://www.eff.org/document/eff-amicus-brief-support-microsoft
Paul Merrell

Marriott fined $600,000 for jamming guest hotspots - SlashGear - 0 views

  • Marriott will cough up $600,000 in penalties after being caught blocking mobile hotspots so that guests would have to pay for its own WiFi services, the FCC has confirmed today. The fine comes after staff at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee were found to be jamming individual hotspots and then charging people up to $1,000 per device to get online. Marriott has been operating the center since 2012, and is believed to have been running its interruption scheme since then. The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed. An investigation by the FCC's Enforcement Bureau revealed that was, in fact, the case. A WiFi monitoring system installed at the Gaylord Opryland would target access points with de-authentication packets, disconnecting users so that their browsing was interrupted.
  • The FCC deemed Marriott's behaviors as contravening Section 333 of the Communications Act, which states that "no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government." In addition to the $600,000 civil penalty, Marriott will have to cease blocking guests, hand over details of any access point containment features to the FCC across its entire portfolio of owned or managed properties, and finally file compliance and usage reports each quarter for the next three years.
  • Update: Marriott has issued the following statement on the FCC ruling: "Marriott has a strong interest in ensuring that when our guests use our Wi-Fi service, they will be protected from rogue wireless hotspots that can cause degraded service, insidious cyber-attacks and identity theft. Like many other institutions and companies in a wide variety of industries, including hospitals and universities, the Gaylord Opryland protected its Wi-Fi network by using FCC-authorized equipment provided by well-known, reputable manufacturers. We believe that the Gaylord Opryland's actions were lawful. We will continue to encourage the FCC to pursue a rulemaking in order to eliminate the ongoing confusion resulting from today's action and to assess the merits of its underlying policy."
Paul Merrell

PATRIOT Act spying programs on death watch - Seung Min Kim and Kate Tummarello - POLITICO - 0 views

  • With only days left to act and Rand Paul threatening a filibuster, Senate Republicans remain deeply divided over the future of the PATRIOT Act and have no clear path to keep key government spying authorities from expiring at the end of the month. Crucial parts of the PATRIOT Act, including a provision authorizing the government’s controversial bulk collection of American phone records, first revealed by Edward Snowden, are due to lapse May 31. That means Congress has barely a week to figure out a fix before before lawmakers leave town for Memorial Day recess at the end of the next week. Story Continued Below The prospects of a deal look grim: Senate Majority Leader Mitch McConnell on Thursday night proposed just a two-month extension of expiring PATRIOT Act provisions to give the two sides more time to negotiate, but even that was immediately dismissed by critics of the program.
  •  
    A must-read. The major danger is that the the Senate could pass the USA Freedom Act, which has already been passed by the House. Passage of that Act, despite its name, would be bad news for civil liberties.  Now is the time to let your Congress critters know that you want them to fight to the Patriot Act provisions expire on May 31, without any replacement legislation.  Keep in mind that Section 502 does not apply just to telephone metadata. It authorizes the FBI to gather without notice to their victims "any tangible thing", specifically including as examples "library circulation records, library patron lists, book sales records, book customer lists, firearms sales records, tax return records, educational records, or medical records containing information that would identify a person." The breadth of the section is illustrated by telephone metadata not even being mentioned in the section.  NSA going after your medical records souand far fetched? Former NSA technical director William Binney says they're already doing it: "Binney alludes to even more extreme intelligence practices that are not yet public knowledge, including the collection of Americans' medical data, the collection and use of client-attorney conversations, and law enforcement agencies' "direct access," without oversight, to NSA databases." https://consortiumnews.com/2015/03/05/seeing-the-stasi-through-nsa-eyes/ So please, contact your Congress critters right now and tell them to sunset the Patriot Act NOW. This will be decided in the next few days so the sooner you contact them the better. 
Paul Merrell

EXCLUSIVE: Edward Snowden Explains Why Apple Should Continue To Fight the Government on... - 0 views

  • As the Obama administration campaign to stop the commercialization of strong encryption heats up, National Security Agency whistleblower Edward Snowden is firing back on behalf of the companies like Apple and Google that are finding themselves under attack. “Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted,” Snowden wrote in an email through his lawyer. Snowden was asked by The Intercept to respond to the contentious suggestion — made Thursday on a blog that frequently promotes the interests of the national security establishment — that companies like Apple and Google might in certain cases be found legally liable for providing material aid to a terrorist organization because they provide encryption services to their users.
  • In his email, Snowden explained how law enforcement officials who are demanding that U.S. companies build some sort of window into unbreakable end-to-end encryption — he calls that an “insecurity mandate” — haven’t thought things through. “The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can,” Snowden wrote. “No matter how good the reason, if the U.S. sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?”
  • Weakened encryption would only drive people away from the American technology industry, Snowden wrote. “Putting the most important driver of our economy in a position where they have to deal with the devil or lose access to international markets is public policy that makes us less competitive and less safe.”
  • ...1 more annotation...
  • FBI Director James Comey and others have repeatedly stated that law enforcement is “going dark” when it comes to the ability to track bad actors’ communications because of end-to-end encrypted messages, which can only be deciphered by the sender and the receiver. They have never provided evidence for that, however, and have put forth no technologically realistic alternative. Meanwhile, Apple and Google are currently rolling out user-friendly end-to-end encryption for their customers, many of whom have demanded greater privacy protections — especially following Snowden’s disclosures.
Paul Merrell

The UN Releases Plan to Push for Worldwide Internet Censorship | Global Research - Cent... - 0 views

  • The United Nations has disgraced itself immeasurably over the past month or so. In case you missed the following stories, I suggest catching up now: The UN’s “Sustainable Development Agenda” is Basically a Giant Corporatist Fraud Not a Joke – Saudi Arabia Chosen to Head UN Human Rights Panel Fresh off the scene from those two epic embarrassments, the UN now wants to tell governments of the world how to censor the internet. I wish I was kidding. From the Washington Post: On Thursday, the organization’s Broadband Commission for Digital Development released a damning “world-wide wake-up call” on what it calls “cyber VAWG,” or violence against women and girls. The report concludes that online harassment is “a problem of pandemic proportion” — which, nbd, we’ve all heard before. But the United Nations then goes on to propose radical, proactive policy changes for both governments and social networks, effectively projecting a whole new vision for how the Internet could work. Under U.S. law — the law that, not coincidentally, governs most of the world’s largest online platforms — intermediaries such as Twitter and Facebook generally can’t be held responsible for what people do on them. But the United Nations proposes both that social networks proactively police every profile and post, and that government agencies only “license” those who agree to do so.
  • People are being harassed online, and the solution is to censor everything and license speech? Remarkable. How that would actually work, we don’t know; the report is light on concrete, actionable policy. But it repeatedly suggests both that social networks need to opt-in to stronger anti-harassment regimes and that governments need to enforce them proactively. At one point toward the end of the paper, the U.N. panel concludes that“political and governmental bodies need to use their licensing prerogative” to better protect human and women’s rights, only granting licenses to “those Telecoms and search engines” that “supervise content and its dissemination.” So we’re supposed to be lectured about human rights from an organization that named Saudi Arabia head of its human rights panel? Got it. Regardless of whether you think those are worthwhile ends, the implications are huge: It’s an attempt to transform the Web from a libertarian free-for-all to some kind of enforced social commons. This U.N. report gets us no closer, alas: all but its most modest proposals are unfeasible. We can educate people about gender violence or teach “digital citizenship” in schools, but persuading social networks to police everything their users post is next to impossible. And even if it weren’t, there are serious implications for innovation and speech: According to the Electronic Frontier Foundation, CDA 230 — the law that exempts online intermediaries from this kind of policing — is basically what allowed modern social networks (and blogs, and comments, and forums, etc.) to come into being. If we’re lucky, perhaps the Saudi religious police chief (yes, they have one) who went on a rampage against Twitter a couple of years ago, will be available to head up the project. What a joke.
Paul Merrell

The Past Clouds the Future of Europe's New Antitrust Enforcer - Vox - 0 views

  • Joaquin Almunia left his job as the E.U.’s economics and monetary affairs commissioner this month to become antitrust chief.
  • Christine Varney, the head of the antitrust division at the United States Justice Department, warned European regulators in a speech on Monday to restrict imposing obligations to the European Union on American companies that are doing business globally.Regulators in Europe are under pressure from governments, media companies and technology developers to blunt the market power that Google has amassed by running the world’s most popular Internet search tools.
  • Mr. Almunia also will need to resolve whether to give greater freedom to online merchants like eBay and Amazon which, like Google, are based in the United States. Some specialty goods and luxury goods brands, in particular LVMH of France, have lobbied hard to require that merchants have traditional shops as a precondition for selling goods over the Internet.
Paul Merrell

Oracle to gain quick OK for Sun purchase (Dealscape - Pipeline) - 0 views

  •  
    The Justice Department's antitrust division is preparing to give a quick thumbs up to Oracle Corp.'s proposed $7.4 billion purchase of Sun Microsystems Inc., according to a lawyer briefed on the case. Swift approval surprises the many antitrust experts who predicted a long, scathing review. A difficult investigation was expected for two key reasons. First, Assistant Attorney General Christine Varney, who has a special area of expertise in high technology matters, rode into office promising vigorous antitrust enforcement. Second, skepticism lingers among DOJ staff about Oracle's business practices. Oracle CEO Larry Ellison thwarted the DOJ in 2004 when he defeated an attempt by the agency to block his purchase of rival PeopleSoft Inc.
‹ Previous 21 - 40 of 114 Next › Last »
Showing 20 items per page