Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
The Courts

Stingray Case Lawyers: "Everyone Knows Cell Phones Generate Location Data" (techdirt.com) 171

An anonymous reader writes with news that the Maryland Attorney General is arguing that anyone who has ever used a smartphone knows it's tracking them, so no warrant is needed for stingrays. Techdirt says: "Up in Baltimore, where law enforcement Stingray device use hit critical mass faster and more furiously than anywhere else in the country (to date...) with the exposure of 4,300 deployments in seven years, the government is still arguing there's no reason to bring search warrants into this. The state's Attorney General apparently would like the Baltimore PD's use of pen register orders to remain standard operating procedure. According to a brief filed in a criminal case relying on the warrantless deployment of an IMSI catcher (in this case a Hailstorm), the state believes there's no reason for police to seek a warrant because everyone "knows" cell phones generate data when they're turned on or in use.

The brief reads in part: 'The whereabouts of a cellular telephone are not "withdrawn from public view" until it is turned off, or its SIM card removed. Anyone who has ever used a smartphone is aware that the phone broadcasts its position on the map, leading to, for example, search results and advertising tailored for the user's location, or to a "ride-sharing" car appearing at one's address. And certainly anyone who has ever used any sort of cellular telephone knows that it must be in contact with an outside cell tower to function.'"
Iphone

Apple Court Testimony Reveals Why It Refuses To Unlock iPhones For Police (dailydot.com) 231

blottsie writes: Newly unsealed court transcripts from the U.S. District Court for the Eastern District of New York show that Apple now refuses to unlock iPhones for law enforcement, saying "In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform." “Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now,” Apple lawyer Marc Zwillinger said at the hearing. “A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”
United Kingdom

Big Brother Is Coming To UK Universities (theguardian.com) 75

An anonymous reader writes: An upcoming report by the Higher Education Commission, a UK group of MPs, business and academic professionals, will paint a picture of a higher education system that, thanks to the increasing use of data, may undergo radical change, sometimes with painful ethical considerations. Among their visions: an Amazon-style recommendation service on courses and work experience based on individuals' backgrounds, and similar profiles. Or a system in which students at risk of failure can be identified from their first day so that they receive instant feedback and performance measuring. It is envisioned that the system will include knowing whether they are in lectures, at the gym or in the bar, and in an effort to boost their results, students may also want to share data on their fitness, sleeping patterns, and their academic and semi-academic interactions online.
Facebook

Facebook's Android App Gains Privacy-Enhancing Tor Support (facebook.com) 43

Mark Wilson writes: Back towards the end of 2014, Facebook unveiled a new .onion address that allowed Tor users to visit the social network securely. Following on from this, the company is now giving Android users the ability to browse the site using Tor and the Facebook app. Security, privacy and anonymity may be words readily associated with Tor, but few people would use them in the same sentence as Facebook. The social network says that there is increased demand for secure connections to Facebook from Tor-enabled browsers, hence spreading to the largest mobile platform. The news will make some mobile users happy, but there are currently no plans to migrate the feature from Android to iOS.
Privacy

Nvidia Blames Apple For Bug That Exposes Browsing In Chrome's Incognito (venturebeat.com) 165

An anonymous reader points out this story at VentureBeat about a bug in Chrome's incognito mode that might be a cause for concern for some Apple users. From the story: "If you use Google Chrome's incognito mode to hide what you browse (ahem, porn), this might pique your interest. University of Toronto engineering student Evan Andersen discovered a bug that affects Nvidia graphics cards, exposing content that you thought would be for your eyes only. And because this only happens on Macs, Nvidia is pointing the finger at Apple."
Privacy

IRS: Identity Theft Protection a Tax Deductible Benefit - Even Without a Breach (wordpress.com) 51

chicksdaddy writes: The U.S. Internal Revenue Service has announced that it will treat identity theft protection as a non-taxable, non-reportable benefit that companies can offer — even when the company in question hasn't experienced a data breach, and regardless of whether it is offered by an employer to employees, or by other businesses (such as online retailers) to its customers, the blog E for ERISA reports. In short: companies can now deduct the cost of offering identity theft protection as a benefit for employees or extending it to customers, even if their data hasn't been exposed to hackers.

The announcement comes only four months after an earlier announcement by the IRS that it would treat identity theft protection offered to employees or customers in the wake of a data breach as a non-taxable event. Comments to the IRS following the earlier decision suggested that many businesses view a data breach as "inevitable" rather than as a remote risk.

The truth of that statement was made clear to the IRS itself, which had to provide identity theft protection earlier this year in response to a hack of its online database of past-filed returns and other filed documents which ultimately affected over 300,000 taxpayers. The new IRS guidance could be a boon to providers of identity protection services such as Experian and Lifelock, though maybe not as much as one would expect. Data from Experian suggests that consumer adoption rates for identity theft protection services is low. Fewer than 10% of those potentially affected by a breach opt for free identity protection services when they are offered. For very large breaches that number is even lower — in the single digit percentages.

Government

New Jersey Rejects Request For Dolphin Necropsy Results, Cites "Medical Privacy" (muckrock.com) 228

v3rgEz writes: When a dolphin died in New Jersey's South River last year, Carly Sitrin wanted to know what killed it. So she filed a public record request to the NJ Department of Agriculture in order to get the necropsy results. The DOA finally responded last week with the weird decision to deny the release of the record on grounds of medical privacy. The response reads in part: "We are in receipt of your request for information (#W101407) under the auspices of the State’s Open Public Records Act (O.P.R.A.). Specifically, you requested any and all reports associated with the necropsy of the dolphin that strayed into the South River on August 5, 2015 in Middlesex County, New Jersey. This request is denied as it would release information deemed confidential under O.P.R.A., specifically information related to a medical diagnosis or evaluation. (E.O. 26, McGreevey)"
Privacy

Uber To Pay $20,000 In Settlement On Privacy Issues (csoonline.com) 17

itwbennett writes: Uber has agreed to pay a penalty of $20,000 in a settlement with New York Attorney General Eric T. Schneiderman for delaying telling drivers about the data breach of their personal information in 2014. The company has also agreed to tighten employee access to geo-location data of passengers, following reports that the company's executives had an aerial 'God View' of such data, the office of the attorney general said in a statement Wednesday.
Facebook

Facebook, Google, Microsoft, Twitter and Yahoo Balk At UK's Investigatory Powers (betanews.com) 55

Mark Wilson writes: The Investigatory Powers Bill may only be in draft form at the moment, but the UK government has already received criticism for its plans. Today, scores of pieces of written evidence, both for and against the proposals, have been published, including input from the Reform Government Surveillance (RGS) coalition. Five key members of the coalition are Facebook, Google, Microsoft, Twitter and Yahoo. In their written evidence, the quintet of tech companies express their concerns about the draft bill, seek clarification from the UK government, and issue warnings about the implications of such a bill. The evidence (document IPB0116) says that any surveillance undertaken by the government need to be 'targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent'. The coalition notes that many other countries are watching to see what the UK does.
Privacy

Judge Tosses Class Action Over Michaels Data Breach Citing Lack of Damages (digitalguardian.com) 138

chicksdaddy writes: Data breaches have become so common that they've taken on a kind of formality. One of the phrases that often accompany such incidents goes something like this: "[Company X] has no evidence that any of the stolen information has been used inappropriately." Or you might read that "there is no evidence of fraud linked to the stolen data." Such assurances are generally interpreted as wishful thinking. But when courts are asked to weigh in on the question of damages resulting from cyber incidents in civil suits, the question of what harm resulted from the incident is very different – and very real. To put it simply: if nobody can prove harm resulting from a cyber incident, a company can't be held liable for those damages.

That fact was underscored again late last month, when a federal judge in U.S. District Court for the Eastern District of New York dismissed a class action suit against arts and crafts giant Michaels Stores that was filed in the wake of that company's widely-reported data breach. As part of her ruling, the judge, Joanna Seybert, cited a legal precedent set by the recent Supreme Court ruling in "Clapper v. Amnesty International," concluding that the plaintiffs hadn't proven that any harm resulted from the Michaels breach. "Simply put, Whalen has not asserted any injuries that are 'certainly impending' or based on a 'substantial risk that the harm will occur,'" Seybert wrote in her decision, referring to Mary Jane Whalen, the Michaels customer in whose name the class action suit was filed. "Thus, Whalen's claims are DISMISSED WITHOUT PREJUDICE for lack of subject matter jurisdiction," Seybert concluded.

This isn't to say that Whalen or other Michaels stores customers were not the target of fraudsters. In fact, Whalen's attorneys presented evidence that her stolen credit card (or a clone of it) was presented for payment fraudulently in Ecuador: at a local gym and at a venue that sold concert tickets. But regulations in the U.S. exempt consumers from paying the cost of credit card fraud, and Whalen wasn't asked to pay any unreimbursed charges as a result of the fraudulent use, the court noted. Whalen's other attempts to establish "costs" associated with the breach were also disregarded. They included the cost of credit monitoring services and the cost (in time and effort) to obtain replacement cards, the intrinsic value of her credit card information and the risk of future fraud tied to the theft of her credit card data.

Encryption

Encrypted Blackphone Patches Serious Modem Flaw (threatpost.com) 27

msm1267 writes: Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the device's modem and perform any number of actions. Researchers at SentinelOne discovered an open socket on the Blackphone that an attacker could abuse to intercept calls, set call forwarding, read SMS messages, mute the phone and more. Blackphone is marketed toward privacy-conscious users; it includes encrypted messaging apps such as SilentText and Silent Phone, and it runs on a customized, secure version of Android, called PrivatOS.
Microsoft

Microsoft Monitoring How Long You Use Windows 10 (betanews.com) 314

Mark Wilson writes: The various privacy concerns surrounding Windows 10 have received a lot of coverage in the media, but it seems that there are ever more secrets coming to light. The Threshold 2 Update did nothing to curtail privacy invasion, and the latest Windows 10 installation figures show that Microsoft is also monitoring how long people are using the operating system. This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals' usage times. Intrigued, we contacted Microsoft to find out what on earth is going on.
Encryption

Dutch Government Backs Strong Encryption, Condemns Backdoors 128

blottsie writes: The Netherlands government issued a strong statement on Monday against weakening encryption for the purposes of law enforcement and intelligence agencies. The move comes as governments in the United Kingdom and China act to legally require companies to give them access to wide swaths of encrypted Internet traffic. U.S. lawmakers are also considering introducing similar legislation.
Privacy

Feds: Your Employer Can't Stop You From Recording Conversations At Work (huffingtonpost.com) 139

schwit1 writes with news about a ruling by the National Labor Relations Board about your right to record conversations at work. The Huffington Post reports: "If you're looking to catch your boss breaking labor law, that smartphone in your pocket might be your best friend, thanks to a new ruling from federal officials. On Thursday, the National Labor Relations Board ruled that upscale grocer Whole Foods cannot forbid employees from recording conversations or taking photographs at work without a supervisor's permission. (Local laws, however, could still come into play in certain situations, as several states require the consent of two parties in order for a conversation to be recorded legally.) At the center of the case were stipulations in Whole Foods' 'General Information Guide,' an employee manual laying out worker do's and don'ts. The guide prohibited workers from taking photos or recording conversations inside a store 'unless prior approval is received' from a manager or executive, or 'unless all parties to the conversation give their consent.'"
United States

Database of 191 Million US Voters Exposed On Internet (reuters.com) 77

An anonymous reader writes: Researcher Chris Vickery has discovered an incorrectly configured database that exposes the details of 191 million U.S. voters. Reuters reports: "While voter data is typically considered public information, it would be time-consuming and expensive to gather a database of all American voters. A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes. 'The alarming part is that the information is so concentrated,' said Vickery."

Slashdot Top Deals

"It says he made us all to be just like him. So if we're dumb, then god is dumb, and maybe even a little ugly on the side." -- Frank Zappa

Working...