wiedzmin writes: US House of Representatives voted 301-118 today, in favor of extending the FISA Amendments Act until December 31st, 2017, effectively reauthorizing the broad electronic eavesdropping powers that largely legalized the George W. Bush administration’s warrantless wiretapping program.
wiedzmin writes: Twitter filed a surprisingly feisty motion (.pdf) this week in New York City Criminal Court to quash a court order demanding that it hands over information and tweets of one of its account holders to law enforcement. The company stepped in with the motion after the account holders effort to quash the order, claiming 4th Amendment protections was rejected, by the judge claiming that online content stored on a third-party server was not physical and therefore did not have the same privacy protections. To add insult to injury, the judge claimed that account holder had no standing to fight the order because agreeing to the Twitter's terms of service, “demonstrated a lack of proprietary interests in his [own] Tweets”. Twitter fired back at the New York court, rebuking many points made by the judge, pointing out his mistakes in selective quoting of their Terms of Service and lashing out at prosecutors for wasting everyone's time by requesting the court to grant access to public Tweets, which could have been easily printed out from the site. The American Civil Liberties Union applauded Twitter’s move.
wiedzmin writes: The House approved Cyber Intelligence Sharing and Protection Act with a 248 to 168 vote today. CISPA allows internet service providers to share Internet "threat" information with government agencies, including DHS and NSA, without having to protect any personally identifying data of its customers, without a court order. It effectively immunizes ISPs from privacy lawsuits for disclosing customer information, grants them anti-trust protection on colluding on cybersecurity issues and allows them to bypass privacy laws when sharing data with each other.
wiedzmin writes: PayPal announced that they are following Google's suit in changing of both its privacy and user agreement policies, adding tweaks to its customer identification program and the way they collect and store its customers’ personal information. The changes will take effect on April 1st and will include the use of session cookies, persistent cookies, flash cookies and pixel tags for user tracking. Additionally, PayPal will reserve the right to limit, suspend or outright cancel any account if date of birth, taxpayer identification number, driver’s license or “other identifying documents” are not provided upon request, for "account verification" purposes. Other ridiculous provisions include their right to demand IRS form 1099-K from customers who receive more that 200 payments a year, and employ all tracking mechanisms on their mobile applications across all platforms.
wiedzmin writes: TSA agents in Dallas singled out female passengers to undergo screening in a body scanner, according to complaints filed by several women who said they felt the screeners intentionally targeted them to view their bodies. Allegedly, women with "cute bodies" were directed through the body scanners up to three times over by female agents, who appeared to be acting on a request from male agents viewing the scans in a separate room. Apparently this was done because the scans were "blurry", possibly due to autofocus problems with agents' smartphone cameras.
wiedzmin writes: It’s not clear how federal investigators gained access to the conversations of founder Kim DotCom and other top managers, but they have now allegedly obtained Skype logs and email conversations between DotCom and his top lieutenants for the past 5 years. Since the criminal investigation didn’t begin until a few months ago, this puts under question Skype's message retention policy which states that “IM history messages will be stored for a maximum of 30 days”. The records are said to be obtained via warrant, but if they were not provided by Skype or obtained from confiscated computers, it raises all sorts of illegal wiretapping questions. Lets hope someone gets a copy of that warrant under the FOIA.
wiedzmin writes: Federal prosecutors want a judge to overrule the Fifth Amendment’s protection against forced self-incrimination by ordering a Colorado woman to provide the password to decrypt her laptop, which the government seized with a search warrant. The case is being closely watched by digital rights groups, as the issue has never been squarely weighed in on by federal courts, despite a similar case involving child pornography making it to the Supreme Court back in 2006.
wiedzmin writes: A California appeals court is striking down a voter-approved measure requiring every adult arrested on a felony charge to submit a DNA sample. Court questioned the extent to which technology can be permitted to diminish the privacy guaranteed by the Fourth Amendment. More than 1.6 million samples have been taken following the law’s 2009 implementation. Only about a half of those arrested in California are convicted.
wiedzmin writes: Police do not need a search warrant to knock on a suspected drug dealer’s door and then kick it down when a suspicious bustling noise is heard from the other side, the Kentucky Supreme Court ruled.
wiedzmin writes: 1and1 customer service has confirmed that due to a current issue with their private domain registration system, any user who has registered a 'private' domain since at least beginning of September, ended-up with a 'public' registration, exposing their name, address, phone number and email information on the web. Until the issue is resolved, users are unable to change the status on their 'public' domain names, leaving all of their personal information publicly available on every whois service. While 1and1 technical support is aware of the issue, there is currently no ETA for resolution to be provided.
wiedzmin writes: Passware, a Mountain View corporation that focuses on providing commercial "password recovery tools" says it has come up with a way to access files on drives secured with Microsoft Windows BitLocker encryption. The vendor claims its Kit Forensic software is now capable of retrieving BitLocker encryption keys and getting "full access" to the contents of encrypted disks. Person wishing to use the software in order to defeat BitLocker encryption and gain access to drive contents, will need physical access to the target system, according to the company spokesperson, Nataly Koukoushkina. While company claims to cater primarily to forensic investigators and law enforcement agencies, there is nothing preventing the toolkit from being used for malicious purposes.
wiedzmin writes: Secure microchips in credit cards, passports and a number of other devices (often referred to as "smart cards") may not be as secure as once thought, after a professor and his student in the Tel Aviv University discovered a way to extract information from the chips. They have discovered that the chip's power supply reading fluctuates based on the type of information stored on the chip. Turns out that these minute fluctuations can be measured with an oscilloscope and the resulting data could be analyzed to unlock the otherwise secure information.
wiedzmin writes: "This month, officials from the Unique Identification Authority of India (UIDAI), armed with fingerprinting machines, iris scanners and cameras hooked to laptops, will fan out across the towns and villages of southern Andhra Pradesh state in the first phase of the project whose aim is to give every Indian a lifelong Unique ID (UID) number for "anytime, anywhere" biometric authentication. While enrolling with the UIDAI may be voluntary, other agencies and service providers might require a UID number in order to transact business. Usha Ramanathan, a prominent legal expert who is attached to the Center for the Study of Developing Societies in the national capital, said that, taken to its logical limit, the UID project will make it impossible, in a couple of years, for an ordinary citizen to undertake a simple task such as traveling within the country without a UID number." Next step, tying that UID number and biometric information to to their RIM BlackBerry PIN number.
wiedzmin writes: Public broadcaster ARD's show 'Plusminus' teamed up with a known hacker organization "Chaos Computer Club" (CCC) to find out how secure the controversial new radio-frequency (RFID) chips were. The report shows how they used the basic new home scanners that will go along with the cards (for use with home computers to process the personal data for official government business) to demonstrate that scammers would have few problems extracting personal information. This includes two fingerprint scans and a new six-digit PIN number meant to be used as a digital signature for official government business and beyond.