|
Amazon in court battle to refuse police access to the always on microphone in the home via its Echo device
|
|
|
| 29th December 2016
|
|
| See article from
theguardian.co |
Amazon has refused to hand over recordings from an Echo smart speaker to US police investigating a murder in Arkansas. Police issued a warrant to Amazon to turn over recordings and other information associated with the device. Amazon twice
declined to provide the police with the information they requested from the device, although it did provide account information and purchase history. Although the Echo is known for having always-on microphones to enable its voice-controlled
features, the vast majority of the recordings it makes are not saved for longer than the few seconds it takes to determine if a pre-set wake word (usually Alexa ) has been said. Only if that wake word has been heard does the device's full
complement of microphones come on and begin transmitting audio to Amazon. However the police pursuit of the data suggests there is more of interest up for grabs than Amazon is admitting. Amazon's reluctance to part with user information
fits a familiar pattern. Tech companies often see law enforcement requests for data as invasive and damaging to an industry. It is clearly an issue for sales of a home microphone system if it is easy for the authorities to grab recordings. Other
devices have also been good data sources for police investigations. Wristwatch-style Fitbit activity trackers have cropped up in a few cases eg for checking alibis against sleep patterns or activity. A smart water meter has also been used in
a murder case as evidence of a blood clean up operation, |
|
|
|
|
|
27th December 2016
|
|
|
US authorities introduce policy to ask visitors to reveal their social media accounts See article from
theguardian.com |
|
Signal encrypted messaging app acts to counter blocking by internet censors in Egypt and UAE
|
|
|
|
22nd December 2016
|
|
| See article from whispersystems.org |
Signal, an encrypted messaging apt for mobile devices had its service blocked in Egypt and UAE. Now Signal have responded by making a new release available to those territories that should make the censors thinks twice before reaching for the block
option. The new Signal release uses a technique known as domain fronting. Many popular services and CDNs, such as Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly, and Akamai can be used to access Signal in ways that look
indistinguishable from other uncensored traffic. The idea is that to block the target traffic, the censor would also have to block those entire services. With enough large scale services acting as domain fronts, disabling Signal starts to look like
disabling the internet. When users in the two countries send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.
Update: Cuba and Oman 1st January 2017 See article from engadget.com Signal , the
messaging app that prides itself on circumventing government censorship, has a few new places where its flagship feature works. Last week it was Egypt, and now users in Cuba and Oman can send messages without fear of them being intercepted and altered by
lawmakers. |
|
Your online purchases, maybe sex toys or holidays to Pattaya, will now be reported to US state governments
|
|
|
|
16th December 2016
|
|
| See article from theregister.co.uk |
Online retailers in America will soon be required by law to disclose to state governments what purchases their customers have made. The law seems to have been made up in US courts during a long-running legal case based around the jurisdiction of sales
tax. An appeals court decision now requires out-of-state retailers to report to the Colorado state government the details of all purchases, including what that purchase was and who bought it. The US Supreme Court has refused to hear the case so
the appeal court decision stands. Colorado is not the only state pushing the requirement. Vermont will also make the same requirement three months after Colorado starts imposing the law. And other states including Alabama, South Dakota, Tennessee
and Wyoming have approved similar rules. The exec director of the American Catalog Mailers Association (ACMA), Hamilton Davison, is extremely concerned He said: Consumers, particularly those who buy from
catalogs and e-commerce merchants, put considerable trust in the businesses from which they make the most personal of purchases, he noted. This decision undermines this trust by requiring remote sellers to report to state tax collectors on the buying
habits of their customers, including health care products, apparel or other sensitive items.
|
|
Facebook scuppers insurance company plan to snoop on peoples Facebook posts
|
|
|
| 3rd November 2016
|
|
| See article from theregister.co.uk
|
Facebook has thwarted a dastardly plot by Admiral insurance company to try and get its hands on people's social media postings to assess their insurance risk. Admiral were planning to offer the possibility of discounts on car insurance for those silly
enough to sign over their social media data. Arch personal data guzzlers Facebook have refused to play ball, and has announced it would not allow the app to access people's posts, citing privacy concerns. A Facebook spokesman said:
Protecting the privacy of the people on Facebook is of utmost importance to us. We have clear guidelines that prevent information being obtained from Facebook from being used to make decisions about eligibility.
We have made sure anyone using this app is protected by our guidelines and that no Facebook user data is used to assess their eligibility. Facebook accounts will only be used for login and verification purposes. Our understanding is
that Admiral will then ask users who sign up to answer questions which will be used to assess their eligibility. |
|
ATandT has been snooping on its customers and selling the data to the police without bothering with warrants or even restricting it to serious crime investigations
|
|
|
| 27th October
2016
|
|
| Thanks to Sergio See article from boingboing.net (CC)
|
AT&T developed a product for spying on all its customers and made millions selling it to warrantless cops AT&T's secret Hemisphere product is a database of calls and call-records on all its customers, tracking their location,
movements, and interactions -- this data was then sold in secret to American police forces for investigating crimes big and small (even Medicare fraud), on the condition that they never reveal the program's existence. The gag order that came with
the data likely incentivized police officers to lie about their investigations at trial -- something we saw happen repeatedly in the case of Stingrays, whose use was also bound by secrecy demands from their manufacturers. Because the data was sold by
AT&T and not compelled by government, all of the Hemisphere surveillance was undertaken without a warrant or judicial review (indeed, it's likely judges were never told the true story of where the data being entered into evidence by the police really
came from -- again, something that routinely happened before the existence of Stingray surveillance was revealed). The millions given to AT&T for its customers' data came from the federal government under the granting program that also allowed
city and town police forces to buy military equipment for civilian policing needs. Cities paid up to a million dollars a year for access to AT&T's customer records. A statement of work from 2014 shows how hush-hush AT&T wants to keep
Hemisphere: The Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence.
But those
charged with a crime are entitled to know the evidence against them come trial. Adam Schwartz, staff attorney for activist group Electronic Frontier Foundation, said that means AT&T may leave investigators no choice but to construct a false
investigative narrative to hide how they use Hemisphere if they plan to prosecute anyone. EFF is suing the US government to reveal DoJ records on the use of Hemisphere data. |
|
|
|
|
| 23rd October 2016
|
|
|
The Intercept investigates a US move to ask for people's social media addresses on visa waiver forms See
article from theintercept.com |
|
Open Rights Group identifies serious flaws in the Digital Economy Bill currently being debated in Parliament
|
|
|
| 14th September 2016
|
|
| See article from
openrightsgroup.org |
The Open Rights Group has been keeping a careful eye on the Digital Economy Bill currently being debated in Parliament. Age verification for online pornography Compulsory age verification poses
serious privacy concerns that are not addressed within the Bill. Commercial pornographic websites may collect the exact
identity details of their users, creating clear commercial opportunities for themselves. Data collection creates inherent risks of data breaches and the lack of safeguards within the Bill creates opportunities for 'Ashley Madison'
style data leaks revealing personal sexual preferences; since privacy protections are entirely absent from the Bill. Amateur and smaller commercial websites will be unduly burdened by the Bill. Imposing the cost of age
verification on them will make their existence as free and commercial entities untenable. This may also adversely affect sexual minorities by denying them the means to freely express their sexuality. While the Bill lacks proposals
for blocking websites that do not comply for good reasons, it is proposed that payment providers will also be responsible for enforcement: hardly a bullet-proof solution. Meanwhile, online pornography will still be available to those under 18, without
age verification, elsewhere on the Internet. It is concerning that these age verification solutions have arisen from the government's collaboration with pornographic producers who would themselves be able to raise additional
revenue from the data collection itself. The Bill needs to reflect a clear separation of commercial interests and child protection objectives. The role of the age verification regulator needs to be defined in more detail on the
face of the Bill. Such a regulatory body may lack expertise in aspects of age verification. Thus, without clearly defined duties (such as the protection and maintenance of privacy) there is a significant risk that they will adopt superficial solutions to
address complex issues. Child protection should also be addressed from alternative perspectives. Children and young adults should receive effective education and guidance, whilst carers should be encouraged to provide protections
suitable to a specific child. Such an approach is more likely to succeed without imposing significant costs, restrictions or risks on a large number of adults. |
|
Open Rights Group identifies serious flaws in the Digital Economy Bill currently being debated in Parliament
|
|
|
|
14th September 2016
|
|
| See article from
openrightsgroup.org |
The Open Rights Group has been keeping a careful eye on the Digital Economy Bill currently being debated in Parliament. Data sharing We have been involved in the process of open policy making on data
sharing and we have summarised the concerns in a consultation response . The Bill would allow
for bulk sharing of civil registration data at a request of a Department. The database will include the entire population and easily poses a risk of being misused. There is lack of corresponding safeguards that would reflect the size of the database. The
sharing of these common identifiers across government has the whiff of ID Cards by stealth. For these reasons, bulk powers should be removed or at least have strict restrictions posed on their use. Safeguards for data sharing
should be brought on to the face of the Bill instead of being buried in Codes of Practice. Currently the Bill is lacking transparency and for this reason it should reinstate Parliamentary approval for permanent data flows and include sunset clauses.
The proposals to share the data on people's debts across government departments show limited benefits. The provisions in the Bill are not capable of cancelling or prioritising the debt. More changes to how data is handled would be
necessary to ensure that benefits are delivered. |
|
|
|
|
| 7th September 2016
|
|
|
The Verified Internet Puts Sex Workers at Risk. By 'Lux Alptraum' See article from motherboard.vice.com |
|
Lest Facebook use your phone log to suggest them as friends to your partner
|
|
|
|
27th August 2016
|
|
| See article from trustedreviews.com
|
The UK's data protection agency has announced it is looking into Facebook's plans to use WhatsApp phone numbers and customer data to generate leads and for personalised advertisng on Facebook. Privacy fears were raised earlier this week when a change
in WhatsApp privacy policy revealed it users' phone numbers would be passed to the parent company to inform ads and for providing friend suggestions. Mirroring the concerns of many Brits, the Information Commissioner's Office (ICO) has said it
will monitor how WhatsApp data is shared with the Facebook. Information Commissioner Elizabeth Denham said in a statement : We've been informed of the changes. Organisations do not need to get prior approval from the
ICO to change their approaches, but they do need to stay within data protection laws. We are looking into this.
Denham said ICO planned to pull back the curtain and ensure both Facebook and WhatsApp were providing users with
the requisite transparency. Plenty of users have objected to the plans, with many choosing to opt out and not to share the details with Facebook. |
|
|
|
|
| 11th August 2016
|
|
|
The privacy issue at the Olympics no one is talking about See article from dailydot.com |
|
France tells Microsoft to sort out its Windows 10 data grab of users private data
|
|
|
| 21st July
2016
|
|
| See article from betanews.com |
Nagware makers Microsoft have come under fire from France's National Data Protection Commission (CNIL) over Windows 10 collecting too much data about users. CNIL has ordered Microsoft to comply with the French Data Protection Act within three months.
The company has been ordered to stop collecting excessive data and tracking browsing by users without their consent . In addition to this, the chair of CNIL has notified Microsoft that it needs to take satisfactory measures to ensure the
security and confidentiality of user data . The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft's part. The CNIL particularly notes
Windows 10's telemetry 'service' which gathers information about the apps users have installed and how long each is used for. The complaint is that these data are not necessary for the operation of the service . The company is also
criticized for its lack of sufficient security -- such as the four-digit PIN used to protect payment information which does not have a limit on the number of guesses that can be made. The CNIL's list of complaints does not end there. It also took
exception to the activation of an advertising ID for tailored advertising without user consent, the lack of cookie blocking options, and the fact that data is being transferred out of Europe to the US. |
|
I don't know about you, but my profiles contains stuff that I'd rather the authorities didn't see.
|
|
|
| 28th June 2016
|
|
| See
article from federalregister.gov
|
The US authorities are set to add questions to immigration arrivals forms asking for IDs used on social media such as Facebook and Twitter. Reports suggest that it is supposedly voluntary to provide such information, but it wouldn't be difficult to drop
a few hints, that those not providing such info may not be granted entry, to make it more or less mandatory. A Notice by the U.S. Customs and Border Protection (CBP) on 06/23/2016 detailed the new question: CBP
Forms I-94 (Arrival/Departure Record) and I-94W (Nonimmigrant Visa Waiver Arrival/Departure Record) are used to document a traveler's admission into the United States. These forms are filled out by aliens and are used to collect information on
citizenship, residency, passport, and contact information. The data elements collected on these forms enable the Department of Homeland Security (DHS) to perform its mission related to the screening of alien visitors for potential risks to national
security and the determination of admissibility to the United States. Proposed Changes DHS proposes to add the following question to ESTA and to Form I-94W: Please enter information associated with your online presence -- Provider/Platform -- Social media identifier.
It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative
process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.
|
|
|
|
|
| 18th
June 2016
|
|
|
Tesco Mobile customers should think twice before viewing ads for a £3 a month discount See
article from openrightsgroup.org |
|
|
|
|
| 23rd May 2016
|
|
|
Research shows that news websites are more aggressive trackers than porn sites See article from
motherboard.vice.com |
|
It could be a creepy council employee wanting to snoop on you
|
|
|
| 13th May 2016
|
|
| See
article from dailymail.co.uk |
East Lothian Council has adopted the policy of using fake Facebook profiles enabling council employees to spy on law-abiding resident. A new policy has enabled investigating officers at East Lothian Council to use false Facebook identities to
befriend targets and? scour social media pages not protected by privacy settings. The nine-page surveillance through social media policy agreed by officials has been branded beyond creepy by critics who have questioned whether
it infringes privacy rights. Human rights lawyers and civil liberties groups have blasted the move, describing it as a sign that powers normally only used by police were spreading into other areas. Daniel Nesbitt, research director of Big
Brother Watch, said the council needs to say why these tactics are necessary, why they think they are proportionate and what safeguards will be in place. He added: For years now councils have been criticised for
using heavy-handed snooping tactics, and a nine-page document simply isn't good enough.
Jason Rose, who stood for the Greens in the East Lothian constituency in last year's Westminster elections said the? policy was beyond creepy
: I cannot believe our councillors have agreed this policy. It speaks volumes that a council which is so poor at communicating with the public and does not make its meetings available to view online agrees a covert
surveillance policy in such a secretive way.
|
|
|
|
|
|
11th May 2016
|
|
|
And rather sidesteps privacy concerns See article from bbc.com |
|
|
|
|
| 24th April 2016
|
|
|
Facebook is inevitably planning to join the list of companies providing payment services. But do you really want the likes of Facebook to know what you spend your money on? See
article from independent.co.uk |
|
|
|
|
| 13th March 2016
|
|
|
VPN Provider's No-Logging Claims Tested in FBI Case See article from torrentfreak.com |
|
|
|
|
| 7th March 2016
|
|
|
Numerous reports of the likes of Facebook snooping on people by turning on their microphones without permission See article from bbc.com |
|
German court fines facebook 100,000 euro over failure to implement a court order about privacy terms and conditions
|
|
|
|
2nd March 2016
|
|
| See article from
bidnessetc.com |
Facebook has been fined 100,000 euros in Germany after failing to follow orders regarding clearer privacy terms and conditions for users. The regional court of Berlin ruled that the company did not sufficiently alter the working of an intellectual
property clause in its terms and conditions, despite being told to do so following a complaint filing by the Federation of German Consumer Organizations. The entity's head, Klaus Mueller, said that Facebook keeps attempting to evade customer laws in
Germany as well as in the entire continent. In March 2012, a German court originally ruled that the company's terms and conditions were vague on the extent to which it could go with users' data and intellectual property, implying Facebook could
license its users' photos and videos to third parties for business reasons. However, the authorities' primary issue was Facebook's compliance with the US government to provide data for its mass surveillance programs. After Edward Snowden's revelations on
the US government's spying programs and how the tech industry complies, the issue has gained more gravity. While Facebook complied with the ruling four years ago, the Berlin court now concludes that it merely changed the wording of the clause in
question without changing the message that it conveyed. Meanwhile, the company defended itself saying that it had complied with the original ruling and was issued the fine because it couldn't implement the changes quickly enough. |
|
EFF checks out your browser and add-ons for protection against tracking
|
|
|
| 22nd
January 2016
|
|
| See article from
eff.org See panopticlick.eff.org |
The Electronic Frontier Foundation (EFF) has launched version 2.0 of its tracking and fingerprinting detection tool, Panopticlick . This version brings new tests to our
existing tool, such as canvas and touch-capability fingerprinting, updating its ability to uniquely identify browsers with current techniques. In addition, it adds a brand new suite of tests that detect how well your browser and extensions are
protecting you from:
- tracking by ads;
- from tracking by invisible beacons; and also
- whether they encourage compliance with the Do Not Track policy , which EFF and a
coalition of
allies launched earlier this year.
We've also redesigned the site look and feel, including friendlier layout on mobile devices. If your browser lacks protections, Panopticlick 2.0 will recommend installing tools that are available on your platform, such as
Privacy Badger , Disconnect or AdBlock
, in order to get better protections as you navigate the Web. |
|
|