Welcome to 1984
Britain Has Passed the 'Most Extreme Surveillance Law Ever Passed in a Democracy' (zdnet.com) 171
Posted by msmash on Thursday November 17, 2016 @11:05AM from the stranger-things dept.
Zack Whittaker, reporting for ZDNet: The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous." The new law, dubbed the "snoopers' charter," was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. Civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online." It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch. Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group.
======================================
iPhones Secretly Send Call History To Apple, Security Firm Says (theintercept.com) 84
Posted by msmash on Thursday November 17, 2016 @10:20AM from the revelations dept.
Russian digital forensics Elcomsoft says iPhones send near real-time logs to Apple servers even when iCloud backup is switched off. The firm adds that these logs are stored for up to four months. From a report on the Intercept:"You only need to have iCloud itself enabled" for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft. The logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft said Apple retains the data in a user's iCloud account for up to four months, providing a boon to law enforcement who may not be able to obtain the data either from the user's carrier, who may retain the data for only a short period, or from the user's device, if it's encrypted with an unbreakable passcode. "Absolutely this is an advantage [for law enforcement]," Robert Osgood, a former FBI supervisory agent who now directs a graduate program in computer forensics at George Mason University, said of Apple's call-history uploads. "Four months is a long time [to retain call logs]. It's generally 30 or 60 days for telecom providers, because they don't want to keep more [records] than they absolutely have to. So if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not."
===============================
The FBI Got Its Hands on Data That Twitter Wouldn't Give the CIA (theverge.com) 76
Posted by msmash on Tuesday November 15, 2016 @01:40PM from the stranger-things dept.
The FBI is using a tool called Dataminr to track criminals and terrorist groups on Twitter, according to documents spotted by The Verge. In a contract document, the agency says Dataminr's Advanced Alerting Tool allows it " to search the complete Twitter firehose, in near real-time, using customizable filters." However, the practice seems to violate Twitter's developer agreement, which prohibits the use of its data feed for surveillance or spying purposes. From the report:"Twitter is used extensively by terrorist organizations and other criminals to communicate, recruit, and raise funds for illegal activity," the FBI wrote in a contracting document. "With increased use of Twitter by subjects of FBI investigations, it is critical to obtain a service which will allow the FBI to identify relevant information from Twitter in a timely fashion." [...] Earlier this year, Twitter revoked API access to a tool called Geofeedia, citing the same clause in the Developer agreement, after a reports showed the tool had been used by police to target protestors in Baltimore. Facebook was also a Geofeedia customer, and used it to catch an intruder in Mark Zuckerberg's office. This isn't the first time Dataminr has run up against Twitter's anti-surveillance clause. In May, Twitter revoked CIA access to Dataminr, a move that was taken as part of a larger ban on US intelligence agencies using the product.
========================================
Secret Backdoor in Some US Phones Sent Data To China (nytimes.com) 111
Posted by msmash on Tuesday November 15, 2016 @11:00AM from the china-and-backdoors dept.
Security contractors have warned that many Android smartphones ship with preinstalled software that has a backdoor that sends all your text messages to China every 72 hours. (Editor's note: the link could be paywalled; here's the press release.) The New York Times reported Tuesday that "the American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence." From the report: International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature. Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. "Even if you wanted to, you wouldn't have known about it," he said. |
