Wickr founder details FBI request for backdoor

In December, it was reported that security firm RSA -- according to documents leaked by Edward Snowden -- was paid millions by the NSA to put a back door into its encryption products. A couple days later, the company denied having a secret contract with the government agency, and said that it never knowingly put a back door in its offerings. That didn't stop some companies from gravitating away from RSA, however, and one such company was Wickr. The company's founder, Nico Sell, announced this change at an RSA Security Conference, during which she made it clear her company would not have a back door and that users' security was important. Immediately after, an FBI agent approached her with a request -- to add a backdoor on behalf of the agency.

Wickr is a self-destructing message service akin to Snapchat, and it's company tagline is "Leave No Trace". The company touts the use of military-grade encryption for all video, picture, audio, and text messages, with secure file-shredding features for users and the ability to control who, where, and for how long one's own messages are available. Security, obviously, is the company's biggest point of focus.

According to Sell, immediately after exiting the stage at the conference where she detailed the service's security elements, an FBI agent casually approached her with a request that her company introduce a backdoor into the service that would give the FBI access to users' messages. The approach was said to be casual, something Sell states is apparently how such approaches are commonly done. "Always casual, testing, because most people would say yes."

Reportedly, Sell's response was an ear-full for the agent on the Constitution, a bit about George Washington, and followed up with a request for details on his part. Said Sell, "I asked if he had official paperwork for me, if this was an official request, who his boss was. He backed down very quickly." Sell has suggested the NSA revert to a surveillance model that involved the targeting of individuals rather than the mass surveillance of communications. "I'm not against helping law enforcement, but the most important thing to me is protecting my friends and family the best way I know how. There are plenty of ways to track people without trampling human rights."




SOURCE: PC Magazine

[Continue reading...]

NSA project working towards encryption-breaking quantum computer, reveals Snowden doc

According to documents leaked by Edward Snowden, the NSA dreams of a quantum computer that can break nearly every type of encryption -- one it is working towards (in part, at least) via a program called Penetrating Hard Targets, a $79.7 million project. The NSA isn't the only entity working on making a quantum computer reality, and such technologies would have widespread benefits beyond the cryptographically-oriented industry and various spy games.

Whether the NSA has advanced beyond similar efforts underway at the civilian level is unknown, but the Washington Post is reporting such efforts on the government's part are no farther ahead in terms of progress. A large amount of the work is reportedly taking place via classified contracts with a College Park laboratory, but not much is known beyond that.

If such a technology is developed, all forms of public key encryption could be broken. The documents seem to state the NSA is performing a lot of its research in Faraday cages, something said to be necessary to keep the "delicate" experiments up and running. No immediate breakthroughs seem likely, however, and MIT associate professor Scott Aaronson took that a step further, saying: "It seems improbable that the NSA could be that far ahead of the open world without anybody knowing it."

Experts who spoke to the Washington Post expressed doubt that any such computer could be developed in the next five years, but that isn't stopping the NSA from trying. The security agency, according to the document, is concerned that quantum computing could have future implications on both the ability to spy on the communications of foreign entities, but also to protect its own communications from other agencies beyond the US.






SOURCE: Washington Post

[Continue reading...]

'Facebook' hit with lawsuit for reportedly breaching messages privacy

In a complaint filed late last month, two Facebook users filed a lawsuit against the social network, claiming it scans the contents of private messages and performs activities branching off this that ultimately violate various California laws and the Electronics Communications Privacy Act. Facebook has denied the claims, saying they are "without merit."

According to the lawsuit, Facebook scans through the content contained within its users' private messages, the purpose of which is to use the culled data for advertisement purposes -- the information is reportedly shared with both marketers and advertisers. Specifically, it is said that messages created using a link to a third-party website causes Facebook to scan not only the message's content, but also follow the link and ultimately create a "profile" of the user's Internet activity.

The lawsuit's plaintiffs are hoping to gain a class-action lawsuit that encompasses all Facebook users that have been on either the receiving or the sending end of a private message on the social network within the last two years -- the stipulation being that they contained a Web link. Up to $10,000 in damages for each user is being sought, as well as requiring Facebook to halt the activity.

As mentioned, Facebook has called the allegations baseless, but further statement from the social network isn't available. If the class-action lawsuit goes through, this would be the latest in a long line of privacy concerns raised regarding Facebook. Back in August 2013, the company began laying out a variety of rule and policy changes that were taking place, among them being a particular emphasis on its Data Use Policy. The rewrite aimed to, among other things, "highlight how we use the information we receive to show you ads that we hope you find relevant and interesting."







SOURCE: Bloomberg

[Continue reading...]

Snapchat scraped: 4.6m usernames and numbers reportedly grabbed

The Snapchat exploit revealed last week has seemingly exposed the usernames and cellphone numbers of a claimed 4.6 million users of the self-destructing messaging service, according to a site that supposedly snatched the information from the company's database using the hack. Dubbed SnapchatDB!, the site offers up a download of what's described as "a vast majority" of Snapchat users, purportedly to highlight the lax security liberties companies take with our personal information.

Snapchat, so the site's hosts argue, was negligent in patching the exploit, "until they knew it was too late." According to Gibson Security, the research firm which publicized the API loophole at the root of the hack, Snapchat was aware of the issue as early as August 2013, but failed to address it until recently.

Still, that's perhaps little consolation for those whose personal details are now in the wild. The database download has been masked, though only the last two digits of each phone number have been hidden, though the site admins do say that those wanting the full, uncensored database should ask and, "under certain circumstances", it may be released.

Meanwhile Gibson Security, although saying that it was unaware of the database scrape and associated site being set up using its exploit, argues that it was only "a matter of time" before it happened. More concerning, the Australian researchers suggest that the exploit can still be utilized with just a few minor modifications made to it.

Snapchat's security has been called into question several times over the service's lifespan, in part because the ephemeral nature of photos shared using the app is an obvious lure for methods to preserve them. Tools to save images without the sender knowing that they have been captured have popped up on several occasions, though Snapchat has moved to block each loophole along the way.

Nonetheless the apparently cavalier approach to account security this time around may give some Snapchat users pause for thought, especially given that, as SnapchatDB! points out, many will use the same username for multiple services.



Source : Hacker News

[Continue reading...]

Laptop searches by U.S. border agents ruled legal

For most people, one's laptop is a like a trusted friend, packed full of data that one would not give out part and parcel to just anyone, particularly not strangers. Random laptop searches at United States borders have been taking place for years, and have been the subject of much outcry, particularly due to the complete lack of suspicion needed to perform the search. Civil rights attorneys filed a lawsuit against this activity, citing reasons of being unconstitutional, but a New York judge has dismissed their complaint, giving border agents the go-ahead.

Travelers, when entering the United States, are vulnerable to potential laptop searches by border agents. These searches aren't guaranteed to take place, but if you're one of the unfortunate travelers who gets tagged, you have no say in having your digital data picked through. There have been instances where laptops have been confiscated, such as the case regarding Pascal Abidor, a French-American citizen who, upon entering the U.S. border territory, had his laptop confiscated by the border personnel.

It is being argued that allowing border agents to search laptops -- which includes the machines of news photographers and those of similar professions -- will give access to both sensitive and confidential information. The judge had a different view of this however, saying that, in the case of Abidor, who was abroad researching Shiite history, he "cannot be so naive to expect that when he crosses into Syrian or Lebanese border that the contents of his computer will be immune from searches and seizure at the whim of those who work for Bashar al-Assad or Hassan Nasrallah."

Thus was part of U.S. District Judge Edward Korman's final decision, dismissing the lawsuit and ruling that reasonable suspicion is not needed to perform a laptop search. The plantiffs, it was ruled, did not show any injury resulting from the searches, and legal precedents were used to conclude that US border crossings allowed for government searches -- reasonable suspicion aside -- in the name of national security.

Said ACLU lawyer Catherine Crump: "Unfortunately, these searches are part of a broader pattern of aggressive government surveillance that collects information on too many innocent people, under lax standards, and without adequate oversight." The organization is debating about appealing the judge's decision, though whether it will is yet to be determined.





SOURCE: Associated Press

[Continue reading...]

Hulu will face privacy suit in court

Hulu has been fighting to get a case thrown out that as to do with it allegedly sharing the viewing habits of its users illegally. The plaintiffs in the case claim that Hulu illegally shared viewing habits of its users with Facebook and comScore. Hulu had gone before a US Magistrate Judge named Laurel Beeler in an attempt to get the suit dismissed.

The judge didn’t agree with Hulu's assertion on the case and has said that the case will move forward. Hulu maintained that viewers would need to show actual injury by the sharing of the information to recover any damages. Hulu says that the viewers needed to prove damage even if the qualified as "aggrieved" persons under a 1988 law protecting the privacy of video renters.

The law is called the Video Privacy Protection Act or VPPA and was adopted after a newspaper ran an article in 1987 about movies rented by Supreme Court nominee Robert Bork. The judge decided against Hulu stating that the stature requires only injury in the form of wrongful disclosure.

The suit is a class action on behalf of all Hulu users across the country. The case is seeking damages of at least $2500 per violation plus punitive and other damages. The suit claims that the information shared by Hulu allows Facebook to link viewing habits with personal identifying information.





SOURCE: Reuters

[Continue reading...]

AVG PrivacyFix for Android app stops 'WiFi' location tracking with new feature

AVG is a company that has been 'making free and paid antivirus software for a number of years. The company also makes smartphone apps that are designed' to make mobile users more secure. AVG has announced a new update is available for its Android application called AVG PrivacyFix for Android.

PrivacyFix for Android is designed to allow users to adjust smartphone 'settings giving the ability to block WiFi access when they are 'mobile with their smartphone. With this setting when users are roaming their smartphone won’t try and connect to unknown WiFi networks, when the user returns home, or to another' location with a trusted network, WiFi connectivity works without' any interference from the user.

By blocking access to unknown and 'untrusted WiFi networks, the app prevents the smartphone from sharing' its MAC address. Blocking the MAC address foils any tracking systems that retailers might have in place that don’t require the user' to use in store WiFi.

The app is also designed to do other' things like inform you when you are going to share Facebook data with' apps that don’t provide privacy assurances. The app will also warn' you when the Facebook profiles' of friends or loved ones might be exposed. The app also has a complete privacy' dashboard available from multiple devices.




SOURCE: PrivacyFix

[Continue reading...]

Google, Microsoft, Apple & more demand government surveillance reform

Google, Apple, Microsoft, Facebook, and other big names in tech have joined forces to protest government surveillance worldwide, calling for “Global Government Surveillance Reform” to better balance keeping citizens safe while also preserving their privacy. The group, which also includes AOL, LinkedIn, Twitter, and Yahoo, sets out five principles for transparency, oversight, accountability, and respect, penning a collective letter to President Obama and the US Congress in which they allege the balance of power has tipped too far away from the people and too much toward the stat

According to the eight firms, while they recognize that governments have a responsibility to protect citizens, they nonetheless believe that it’s time to rework the current laws which no longer address the digital age. Instead, they must be “rule-bound, narrowly tailored, transparent, and subject to oversight” in order to permit privacy and free expression.

The five guiding principles the companies set out echo and expand on those concepts. For instance, governments must be constrained in what user-information they collect, it’s argued, with “sensible limitations” on how much disclosure they can force out of service providers. Google and others have been vocal in recent demands for permission to reveal how many national security requests they receive each year.

Bulk data collection – potentially including the sort of huge location tracking the NSA is believed to be undertaking – is also name-checked, as is the need for a “clear legal framework” in which the right to protest disclosure is supported. Such laws should be set up in such a way that “the courts are accountable to an informed citizenry” it’s suggested.

Meanwhile, there’s also a request that governments be more open-minded about where data is stored – not requiring it to be within a country’s borders, for instance – and for countries to work together on better, more transparent sharing of information between each other.

Whether the pleading for reform will fall on deaf ears remains to be seen, but it’s clear that none of the key tech industry players is keen to go quietly along with increasing surveillance and government intrusion. Google has accelerated plans to encrypt all Drive data as a result, while Microsoft is similarly strengthening its security. The Obama government is yet to comment on the open letter.




SOURCE: slashgear

[Continue reading...]