An anonymous reader writes "Apple has never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers," the company said Sunday in a bilingual statement on its China website. Users have to make the choice to enable the iPhones to calculate their locations, while "Apple does not track users' locations — Apple has never done so and has no plans to ever do so," the company said. The statement was in response to allegations by China's top state broadcaster that iOS7 software and its "Frequent Location" service posed a security risk. The data can be accessed easily, although labelled as "encrypted," and may lead to the disclosure of "state secrets," CCTV said.
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
AHuxley (892839) writes "The Desk reports on a FOIA request covering "... all e-mails sent by Edward Snowden" and the NSA's refusal to release all documents. "The National Security Agency has acknowledged it retains a record of e-mail communications from former contractor turned whistleblower Edward Snowden, but says those records are exempt from public disclosure under the federal Freedom of Information Act. In a letter responding to a June 27 FOIA request from The Desk, the NSA’s chief FOIA officer Pamela Phillips wrote that while the agency has retained records related to Snowden’s employment as a contractor, they are being withheld from public examination because, among other things, releasing the records 'could interfere with law enforcement proceedings, could cause an unwarranted invasion of personal privacy, could reveal the identities of confidential sources or would reveal law enforcement techniques and procedures.' Other records are being withheld because those documents were 'also found to be currently and properly classifiedand remains classified TOP SECRET, SECRET and CONFIDENTIAL.' The letter marks the first time the NSA has publicly acknowledged retaining communication and employment records related to Snowden’s time as a contractor."
stephendavion sends a report at The Guardian about remarks from whistleblower William Binney, who left the NSA after its move toward overreaching surveillance following the September 11th attacks. Binney says, "At least 80% of all audio calls, not just metadata, are recorded and stored in the U.S. The NSA lies about what it stores." He added, "The ultimate goal of the NSA is total population control, but I’m a little optimistic with some recent Supreme Court decisions, such as law enforcement mostly now needing a warrant before searching a smartphone." One of Binney's biggest concerns about government-led surveillance is its lack of oversight: "The FISA court has only the government’s point of view. There are no other views for the judges to consider. There have been at least 15-20 trillion constitutional violations for U.S. domestic audiences and you can double that globally."
beaker_72 (1845996) writes The Guardian reports that the UK government has unveiled plans to introduce emergency surveillance laws into the UK parliament at the beginning of next week. These are aimed at reinforcing the powers of security services in the UK to force service providers to retain records of their customers phone calls and emails. The laws, which have been introduced after the European Court of Justice (ECJ) ruled that existing laws invaded individual privacy, will receive cross-party support and so will not be subjected to scrutiny or challenged in Parliament before entering the statute books. But as Tom Watson (Labour backbench MP and one of few dissenting voices) has pointed out, the ECJ ruling was six weeks ago, so why has the government waited until now to railroad something through. Unless of course they don't want it scrutinised too closely.
stephendavion sends news that Christopher Wilson, a 22-year-old computer science student, has been sent to jail for six months for refusing to hand over his computer encryption passwords. Wilson has been accused of "phoning in a fake warning of an impending cyber attack against Northumbria Police that was convincing enough for the force to temporarily suspend its site as a precaution once a small attack started." He's also accused of trolling on Facebook. Wilson only came to the attention of police in October 2012 after he allegedly emailed warnings about an online threat against one of the staff at Newcastle University. ... The threatening emails came from computer servers linked to Wilson. Police obtained a warrant on this basis and raided his home in Washington, where they seized various items of computer equipment. ... Investigators wanted to examine his encrypted computer but the passwords supplied by Wilson turned out to be incorrect. None of the 50 passwords he provided worked. Frustration with his lack of co-operation prompted police to obtained a order from a judge compelling him to turn over the correct passphrase last year. A judge ordered him to turn over these passwords on the grounds of national security but Wilson still failed to comply, earning him six months behind bars.
Advocatus Diaboli (1627651) writes The National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans — including a political candidate and several civil rights activists, academics, and lawyers — under secretive procedures intended to target terrorists and foreign spies. From the article: "The individuals appear on an NSA spreadsheet in the Snowden archives called 'FISA recap.' Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also 'are or may be' engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens. ... The five Americans whose email accounts were monitored by the NSA and FBI have all led highly public, outwardly exemplary lives. All five vehemently deny any involvement in terrorism or espionage, and none advocates violent jihad or is known to have been implicated in any crime, despite years of intense scrutiny by the government and the press. Some have even climbed the ranks of the U.S. national security and foreign policy establishments."
An anonymous reader writes: The used smartphone market is thriving, with many people selling their old devices on eBay or craigslist when it's time to upgrade. Unfortunately, it seems most people are really bad at wiping their phone of personal data before passing it on to a stranger. Antivirus company Avast bought 20 used Android phones off eBay, and used some basic data recovery software to reconstruct deleted files. From just those 20 phones, they pulled over 40,000 photographs, including 1,500 family pictures of children and over a thousand more.. personal pictures. They also recovered hundreds of emails and text messages, over a thousand Google searches, a completed loan application, and identity information for four of the previous owners. Only one of the phones had security software installed on it, but that phone turned out to provide the most information of all: "Hackers at Avast were able to identify the previous owner, access his Facebook page, plot his previous whereabouts through GPS coordinates, and find the names and numbers of more than a dozen of his closest contacts. What's more, the company discovered a lot about this guy's penchant for kink and a completed copy of a Sexual Harassment course — hopefully a preventative measure."
New submitter jbmartin6 writes: The Panopticon may be coming, but perhaps not how we think. Instead of a massive government surveillance program, we might end up subjected to ubiquitous monitoring to save on our insurance premiums. The "internet of things (you can't get away from)" makes this more and more possible. Here a company saved money on its health insurance premiums by distributing Fitbits and an online service to enable reporting fitness gains back to the insurance company. We've already seen the stories on using black boxes to monitor drivers. There is even an insurance company named Panoptic! Heck, why not a premium hike for owners of this or that "aggressiveness gene"? What if in the future we got a quick "+50 cents" tweet for every scoop of ice cream? I suppose the natural stopping point might be the balance between an individual's willingness to be monitored and the desire to reduce insurance premiums.
schwit1 (797399) writes "Over 20 years after being smuggled out of Russia, a trove of KGB documents are being opened up to the public for the first time. The leaked documents include thousands of files and represent what the FBI is said to view as "the most complete and extensive intelligence ever received from any source." The documents include KGB information on secret Russian weapons caches, Russian spies, and KGB information on the activities of Pope John Paul II. Known as the Mitrokhin Archive, the files are all available as of today at Churchill College's Archives Centre."
Presto Vivace (882157) links to a critical look in Time Magazine at the creepy side of connected household technology. An excerpt: A modern surveillance state isn't so much being forced on us, as it is sold to us device by device, with the idea that it is for our benefit. ... ... Nest sucks up data on how warm your home is. As Mocana CEO James Isaacs explained to me in early May, a detailed footprint of your comings and goings can be inferred from this information. Nest just bought Dropcam, a company that markets itself as a security tool allowing you to put cameras in your home and view them remotely, but brings with it a raft of disquieting implications about surveillance. Automatic wants you to monitor how far you drive and do things for you like talk to your your house when you're on your way home from work and turn on lights when you pull into your garage. Tied into the new SmartThings platform, a Jawbone UP band becomes a tool for remotely monitoring someone else's activity. The SmartThings hubs and sensors themselves put any switch or door in play. Companies like AT&T want to build a digital home that monitors your security and energy use. ... ... Withings Smart Body Analyzer monitors your weight and pulse. Teddy the Guardian is a soft toy for children that spies on their vital signs. Parrot Flower Power looks at the moisture in your home under the guise of helping you grow plants. The Beam Brush checks up on your teeth-brushing technique. Presto Vivaci adds, "Enough to make the Stasi blush. What I cannot understand is how politicians fail to understand what a future Kenneth Starr is going to do with data like this."
AHuxley (892839) writes The Sydney Morning Herald is reporting that Australian federal and state police are using a no warrant cell phone tower metadata access technique called a "tower dump". A "tower dump" provides the identity, activity and location of all cell phones that connect a cellphone tower(s) over time (an hour or two). The metadata from thousands of phones and numbers connected are then sorted. Australian law-enforcement agencies made 330,000 requests for metadata in 2012-13. AHuxley links to some U.S. views on the same kind of massive data grab: The Wall Street Journal says they caputure innocent users' data; the Chicago Police Department is being sued for information on its purchases of equipment associated with this kind of slurping; and the EFF asks whether warrant protection for users' data will be extended by voice-comm companies as it has been for ISPs. I wonder what people would think of an occasional "postal zone dump" employing the same kind of dragnet but for communications on paper.
itwbennett (1594911) writes "The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday. The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the SSNs and other sensitive information and were available under the state's public records law." Ten copies were requested under the public records law.
mpicpp writes with a story about researchers who have developed a way to steal passwords using video-capturing devices.Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google's face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn't even need to be able to read the screen — meaning glare is not an antidote. The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode. They tested the algorithm on passwords entered on an Apple iPad, Google's Nexus 7 tablet, and an iPhone 5.
An anonymous reader writes in with the latest news about NSA spying from documents leaked by Edward Snowden. Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else. Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or "minimized," more than 65,000 such references to protect Americans' privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S. residents."
TechWeek Europe reports that on Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource." According to the article, the "measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months." The writer points out that this would mean many web sites would be legally unavailable altogether to Russian users.
Bismillah writes: The Preferred Network Offload feature in Android extends battery life, but it also leaks location data, according to the Electronic Frontier Foundation. What's more, the same flaw is found in Apple OS X and Windows 7. "This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you've been, including homes ('Tom’s Wi-Fi'), workplaces ('Company XYZ office net'), churches and political offices ('County Party HQ'), small businesses ('Toulouse Lautrec's house of ill-repute'), and travel destinations ('Tehran Airport wifi'). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi."
An anonymous reader writes in with this article from the BBC about Google's recent removal of a news story from search results. "Google's decision to remove a BBC article from some of its search results was "not a good judgement", a European Commission spokesman has said. A link to an article by Robert Peston was taken down under the European court's "right to be forgotten" ruling. But Ryan Heath, spokesman for the European Commission's vice-president, said he could not see a "reasonable public interest" for the action. He said the ruling should not allow people to "Photoshop their lives". The BBC understands that Google is sifting through more than 250,000 web links people wanted removed."
mask.of.sanity writes Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with, but experts weren't sure if the technology could be used to locate individuals.
realized (2472730) writes "In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That's more than twice as many cases as in 2012, when police said that they'd been stymied by crypto in four cases—and that was the first year they'd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero."
New submitter marxmarv writes If you search the web for communications security information, or read online tech publications like Linux Journal or BoingBoing, you might be a terrorist. The German publication Das Erste disclosed a crumb of alleged XKeyScore configuration, with the vague suggestion of more source code to come, showing that Tor directory servers and their users, and as usual the interested and their neighbor's dogs due to overcapture, were flagged for closer monitoring. Linux Journal, whose domain is part of a listed selector, has a few choice words on their coveted award. Would it be irresponsible not to speculate further?