PRISM Lessons On Privacy, Cloud and US IT Compa... The US government has betrayed the internet. We need to take it back | Bruce Schneier Government and industry have betrayed the internet, and us. By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do. One, we should expose. We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems.
Health and fitnessapps - harvesting data' 12 min ago | ChinaTechNews.com Alibaba Throws Money At Internet Privacy Hu Xiaoming, Alibaba's vice president for small- and micro-financial group and chief risk officer, announced in Beijing that the company will invest CNY40 million to establish a security fund. Trending on the Topix Network 12 min ago | ComputerWorld Dropbox angling for larger corporate share Dropbox on Tuesday unveiled a new version of its data storage and sharing service for business claimed to provide IT administrators with more control by separating work and personal files. 3 hrs ago | ComputerWorld Data breaches nail more U.S. More U.S. 3 hrs ago | MediaPost Users Trust Online Retailers With Data Privacy, Less Confidence With Advertisers, Marketers Online auctions, banking, social networks, and competitions are taking the brunt of the burden when it comes to data protection. 3 hrs ago | JD Supra Balancing the data privacy debate: The benefits of big (and little) data 7 hrs ago | ComputerWorld 7 hrs ago | Mashable
Why Mozilla Was Right: GCHQ & NSA Track Cookies Subscribe to this blog About Author Glyn Moody's look at all levels of the enterprise open source stack. The blog will look at the organisations that are embracing open source, old and new alike (start-ups welcome), and the communities of users and developers that have formed around them (or not, as the case may be). Contact Author Email Glyn Twitter Profile Linked-in Profile During 2013, I've written a few articles about Mozilla's attempt to give users greater control over the cookies placed on their systems, and how the European arm of the Interactive Advertising Bureau (IAB) tried to paint this as Mozilla "undermining the openness", or "hijacking" the Internet because it dared to stand up for us in this way. The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance. And it gets even worse:
Size doesn’t matter – at least, not quite as much as smartphone privacy Privacy when using potentially data-leaking mobile phone apps is concern Numero Uno for 22% of smartphone users, according to a new study. Privacy, it seems, trumps screen size, camera resolution, or whether a given handset weighs enough to bend your wrist in half. The report - the TRUSTe 2013 Consumer Data Privacy Study, Mobile Edition - surveyed 700 US smartphone users from 12-19 June, 2013. Privacy concern weighs in second only to battery life, which ranks as the primary concern for 46% of users. Smaller slices of the surveyed are primarily concerned with brand or screen size, each of which is the primary concern for 9%. Nearly 8 out of 10 smartphone users in the US steer clear of downloading apps they don't trust. Let us now spend some time nagging the 20% who don't. Dear Twenty-Percenter: If you're not quite sure what a dodgy mobile app looks like, Sophos' Paul Ducklin draws a pretty picture of one subset here, that being Android scareware.
The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data. The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.” GCHQ slide.
Feds Stalked Airline Passenger Lists to Catch Manning's Friend, Documents Show | Threat Level Federal agents entered the name of a friend of Chelsea Manning into a government watchlist database and waited months for him to leave the country for vacation just so they could nab him when he returned to seize his digital devices, according to documents released this week in a lawsuit. Even though authorities had already questioned David Maurice House after the arrest of former Army intelligence analyst Chelsea Manning (formerly Bradley Manning) in May 2010, House was placed on the watchlist so that authorities could seize his digital media when he returned to the country, under a law that allows warrantless border searches. The documents indicate House was wanted for questioning in relation to the leak of classified material, even though he had already been questioned. Border agents were ordered to conduct a full secondary screening of him and his bags (.pdf) and to “secure digital media” and “ID all companions” with him. House had met Army Pvt. In November 2010 two agents from U.S.
Why we should still be worried about what Google said regarding Gmail privacy Last week a furore erupted over a statement Google made about privacy - it was widely, and incorrectly, interpreted as having said that Gmail users could have no legitimate expectation of privacy. Google was then widely re-interpreted, correctly, as not having said that. So what happened, what did it say, and now that the mistake has been corrected is everything rosy in the garden? On 12 August, Consumer Watchdog issued a press release warning Gmail users who care about privacy to ditch the service. It issued its advice in response to a recently issued legal brief from Google that, in Consumer Watchdog's eyes, showed the search giant admitting that it doesn't care about people's privacy. At the root of their concern was some text taken from a motion to dismiss issued by Google in June in response to a class action lawsuit. The text taken from the motion to dismiss reads as follows (my emphasis): The words of Consumer Watchdog’s Privacy Project director, John M. Well no, I don't think it is.
NSA analysts knowingly broke surveillance rules The National Security Agency acknowledged Friday that some of its analysts knowingly violated the agency’s rules, after the incidents were included in an inspector general report. "Over the past decade, very rare instances of willful violations of NSA’s authorities have been found, but none under FISA or the Patriot Act,” the NSA said in a statement. “NSA takes very seriously allegations of misconduct, and cooperates fully with any investigations – responding as appropriate. “NSA has zero tolerance for willful violations of the agency’s authorities,” the statement said. Bloomberg News reported earlier that a new report by the agency’s inspector general found several cases over the past decade where people deliberately violated internal rules when it came to conducting surveillance. It’s the latest in a stream of black eyes for the agency. Medine said that the NSA, which oversees most surveillance programs, has not updated its guidelines since 1993.
Keen On… The NSA: Can We Trust Silicon Valley With Our Secrets? Best-selling author James Bamford is one of the world’s leading authorities on the NSA. At Disrupt SF 2013, he spoke on a great panel about online security, and afterwards I had the good fortune to interview him. So can we trust Silicon Valley with our secrets, I asked Bamford. Given the NSA’s seemingly infinite appetite to watch and read everything we do online, can we trust the big technology companies to stand up to the snoops? His response wasn’t particularly reassuring. And what about Edward Snowden, I asked Bamford.
Even in the 1960s, the NSA was sweeping up phone call records 'like a giant vacuum' Face it: the NSA knows plenty about you, and our growing reliance on technology is only making the agency's controversial surveillance efforts easier. But the National Security Agency has been around for a long time, predating the internet and your email inbox by decades. Even when the agency wasn't collecting cell phone records or purposefully looking at your Gmail inbox, its mission was largely the same. The Washington Post recently took a look at the agency's ways of old, and much like today, the NSA's aggressive approach to monitoring international communications often raised eyebrows. During the 1960s, every call placed between the US and Cuba was monitored by NSA staffers.
The NSA, Germany, and journalism Look at the home pages of two major German news sites today, August 20. The Süddeutsche Zeitung talks about the government forcing the Guardian to destroy computers holding leaked NSA data in “a scene out of a spy novel.” Spiegel Online talks about the UK as “the land of black helicopters.” Now compare them with leading American and British news sites, pictured below. Therein lie two tales, one about Germany and privacy, one about journalism and news judgment; they are linked and mysterious. First, Germany. In the NSA story, we are seeing both traits but, of course, we are mostly seeing the political side in open anger about American and British government attacks on their privacy. But that’s not so much so in the two countries where the story originates, the US and UK (present company of the Guardian excepted, of course). So I don’t understand why editors at the august publications pictured below are not giving the story the prominence the Germans are. Why?