Tag: privacy

Microsoft does not have to share foreign email but Google does

POSTMANPATA US judge has decided that while Microsoft does not have to share email stored on its foreign servers with police and spies, Google will still have to.

A US judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States.

US Magistrate Judge Thomas Rueter ruled that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.

The judge said this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.

“Though the retrieval of the electronic data by Google from its multiple data centres abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter wrote.

Google said that the magistrate had departed from precedent, and it will appeal the decision.

The ruling came less than seven months after the 2nd US Circuit Court of Appeals in New York said Microsoft Vole could not be forced to turn over emails stored on a server in Dublin, Ireland that U.S. investigators sought in a narcotics case.

The case was watched closely by the EU which was spoiling for a reason to shut the US out of the European cloud business.


German telco wants “debate” on privacy

thorsten-dirks-fuehrtTelefonica Deutschland’s O2Dn.DE chief executive called for a debate about data privacy in Germany.

Well, when Thorsten Dirks says “debate” what he wants is a good way to monetise customer data and since German law will not let him, he wants to debate it.

Data privacy is a sensitive issue in Germany due to memories of Communist East Germany’s Stasi secret police and the Nazi era Gestapo.

Dirks said that while people are right to scrutinize any attempt to make money off their data, they are handing over data voluntarily to companies such as Google and Facebook.

He said this double standard among consumers was unfair, particularly as Telefonica Deutschland is sitting on a trove of data that Dirks said could be used for general purposes.

Dirks said he could use anonymised data on its 44 million mobile subscribers’ movements for crowd and traffic control as well as “many other areas that we cannot think of now “, Dirks said.

Telefonica Deutschland has created a start-up company called Telefonica Germany NEXT, which will bundle activities in big data and be a vehicle for new initiatives.

Dirks said Telefonica wants to be a platform for all devices connected to the internet, that processes all sorts of data coming from sensors in cars, electronic devices and household apparel.

Telefonica’s flirtation with big data comes as telecoms operators are looking for ways to expand their business beyond their infrastructure to avoid becoming so-called “dumb pipes”.

Telecoms executives in Europe have repeatedly complained that tech companies are stealing away their business while using the data and telecoms infrastructure in which they invested billions of euros.


Human Rights groups furious about new US warrant law

police-stateThe Electronic Frontier Foundation and the Tor Project are rallying human rights groups to fight against law changes that would allow coppers and spooks vast new surveillance authorities and undermine anonymity online.

Currently Rule 41 only authorises federal magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate is located. The new Rule 41 would for the first time authorize magistrates to issue warrants when “technological means,” like Tor or virtual private networks (VPNs), are obscuring the location of a computer. The rule would authorise warrants to remotely access, search, seize, or copy data on computers, wherever in the world they are located.

The EFF and more than 40 partner organisations are holding a day of action for a new campaign—noglobalwarrants.org—to warn citizens about the dangers of Rule 41 and push U.S. lawmakers to oppose it.

The process for updating these rules was intended to deal exclusively with procedural issues. But this year a US judicial committee approved changes in the rule that will expand judicial authority to grant warrants for government hacking.

The organizations are collecting petition signatures at noglobalwarrants.org and website operators can go there to download widgets that express their opposition to Rule 41.

In May, Senator Ron Wyden (D-Ore.) filed a bill to block Rule 41, writing at the time: “When the public realises what is at stake, I think there is going to be a massive outcry: Americans will look at Congress and say, ‘What were you thinking?’”

Blighty brings in a new spying law

 snooperWhile people are a bit distracted about Europe, David “bacon sandwich” Cameron brought in a new spying law which will make it possible for the rich elite to keep the great unwashed from revolting.

The new surveillance law gives security agencies extensive monitoring capabilities in the digital age. Lawmakers voted 444-69 in favour of the Investigatory Powers Bill, which interior minister Theresa May said would help “keep us safe in an uncertain world”.

The bill will now go to the House of Lords upper house of parliament where it is expected to be rubber stamped. After all the Lords don’t want the riff-raff revolting, they are already revolting enough.

Several lawmakers, including the opposition Scottish National Party, voted against the bill, saying that the protections for privacy were not strong enough.

May insisted that the bill had been scrutinised using her extra best and strongest scrute.  A new privacy clause would require agencies to consider less intrusive means to achieve the same ends and special protections for lawmakers, lawyers and journalists.

“It provides far greater transparency, overhauled safeguards and adds protections for privacy and introduces a new and world-leading oversight regime,” May claimed.

EU agrees at last minute over US data

theroyale092European and US negotiators have agreed a data pact at the last minute that should prevent European Union regulators from restricting data transfers by companies such as Google and Amazon.

The move follows the fact that the US has been spying on EU data and thinks that data sent across the pond or to US companies with servers in the EU should hand over data to its courts.

The European courts said the United States had to sling its hook and told the Commission to abandon the Safe Harbour framework that allowed the Americans to play fast and footloose with data.

The announcement of the pact, which still requires political approval, coincides with two days of talks in Brussels, where European data protection authorities were poised to restrict data transfers unless a deal was clinched.

The European Commission said that the new Privacy Shield would place stronger obligations on U.S. companies to protect Europeans’ personal data and ensure stronger monitoring and enforcement by U.S. agencies.

“We have for the first time received detailed written assurances from the United States on the safeguards and limitations applicable to US surveillance program,” Commission Vice-President Andrus Ansip told a news conference.

“On the commercial side, we have obtained strong oversight by the US Department of Commerce and the Federal Trade Commission of companies’ compliance with their obligations to protect EU personal data.”

The United States will create an ombudsman within the State Department to deal with complaints and enquiries forwarded by EU data protection agencies. There will also be an alternative dispute resolution mechanism to resolve grievances and a joint annual review of the accord.

European data protection authorities will also work with the U.S. Federal Trade Commission to police the system.

The accord received a thumbs up from lobbying groups The Information Technology Industry Council, BSA The Software Alliance and DigitalEurope, as well Paris-based International Chamber of Commerce and BusinessEurope.

Blanket spying illegal in EU

European Court of Human RightsThe European Court of Human Rights (ECHR) has ruled that mass surveillance is illegal which might miff the UK’s plans to spy on everyone.

The court ruled that the Hungarian government had violated article 8 of the European Convention on Human Rights (the right to privacy) because it failed to have sufficiently precise, effective and comprehensive measures that would limit surveillance to only people suspected of crimes.

The Hungarians had a law where a minister of the government could approve a police request to search people’s houses, mail, phones and laptops if they are seeking to protect national security.

That process did not require judicial review or approval or provide the circumstances under which the surveillance can be ordered. A minister can order the surveillance for 90 days and extend it by another 90 days and there is no obligation to delete any of the information gathered during that time once the surveillance is ended.

Two activists, Máté Szabó and Beatrix Vissy, sued the Hungarian government over the law in 2014 claiming it infringed their human rights, and the ECHR’s Fourth Section heard the case.
In ruling that the law was a breach of human rights, the court made a few other statements which suggests that mass surveillance would be illegal.

The court ruled that the Hungarian law did not provide sufficient guarantees against abuse, it also did not like the way the government attempted to widen its snooping powers.

The Hungarian government should be required to interpret the law in a narrow fashion and “verify whether sufficient reasons for intercepting a specific individual’s communications exist in each case.”
Basically it is saying that each case must be dealt with in an individual way which is impossible if the law is used to carry out mass surveillance.

The ruling is binding on all European countries including the UK. David Cameron’s party is trying to push through controversial legislation to allow similar mass surveillance under the control of a minister.

Of course the decision cannot stop the UK government, for example, from passing legislation that allows for mass surveillance. It just means that it will be taken to the European Court of Human Rights and lose.

Cameron is not a big fan of the court and has moaned in the past that it was unfair that it had told him off for trying to extradite convicted terrorist Abu Qatada to Jordan was a violation of human rights, as he would be unlikely to get a fair trial.

The UK and Jordan agreed to a treaty that meant information extracted from him under torture could not be used in a trial. When he was deported to Jordan and put on trial, he was found not guilty and released from jail in September 2014.

Facebook appeals Belgian privacy ruling

FacebookSocial notworking site Facebook is to appeal a court ruling ordering it to stop tracking the online activities of non-Facebook users in Belgium who visit Facebook pages, or face a $269,000 daily fine.

Belgium’s data protection regulator took the outfit to court in June, accusing it of trampling on EU privacy law by tracking people without a Facebook account without their consent.

The case focused on the ‘datr’ cookie, which Facebook places on people’s browsers when they visit a Facebook.com site or click a Facebook ‘Like’ button on other websites, allowing it to track the online activities of that browser.

“We’ve used the ‘datr’ cookie for more than five years to keep Facebook secure for 1.5 billion people around the world. We will appeal this decision and are working to minimise any disruption to people’s access to Facebook in Belgium,” a spokesman said.

The Brussels court ordered Facebook to stop tracking non-Facebook users in Belgium within 48 hours or pay a daily fine of $269,000 to the Belgian privacy regulator.

Margot Neyskens, spokeswoman for Bart Tommelein, Belgian secretary of state for the protection of privacy said that Facebook can ot follow people on the internet who are not members of Facebook.

This is logical because they cannot have permission to follow them, she said.

Facebook says the cookie only identifies browsers, not people and helps it to distinguish legitimate visits from those by attackers.

The company has also argued that since it has its European headquarters in Ireland it should be regulated solely by the Irish Data Protection Commissioner.

The Belgian privacy regulator thought that argument was pants as the fact the Brussels court had ruled meant it had jurisdiction over the company.

Most millennials are cynics about online security

woody-allen-nihilistNearly all millennials in the US and UK are cynical when it comes to online security and do not expect online services can adequately protect their data, a new survey has revealed.

However the survey, by security firm Intercede, claims that millennials, or those reaching adulthood in the year 2000, have terrible security habits, and probably because they think it is all pointless.

Less than five percent believe that current safeguards will protect their data from exposure and 70 percent of respondents agree that the risk to their online privacy will increase as society becomes more digitally connected. Half of them thing that data breaches will undermine trust in businesses.

The survey follows a bad summer of data breaches.

However, some of them have only themselves to blame. The survey showed that millennials don’t do much to make life hard for the hackers.

More than 45 percent of the respondents are unlikely to ever change their passwords unless it is required.

Businesses have gained an additional incentive to improve data security or face federal regulatory action. On August 24, a US appeals court upheld the right of the Federal Trade Commission to sue companies that lose consumer information in a security breach.

The defendant in the case, hospitality company Wyndham Worldwide, had failed to adopt reasonable security practices, according to the FTC complaint.

Facebook fires intern for Harry Potter app

3435070330_1ba48d35feSocial notworking site Facebook was furious after a Harvard intern wrote an app which exposed a privacy flaw in its operation.

Aran Khanna’s app – called Marauder’s Map in tribute to the Harry Potter books – showed that users of Facebook Messenger could pinpoint the exact locations of people they were talking to.

Khanna created the app to show the consequences of unintentionally sharing data and thought he was doing a public service. More than 85,000 people downloaded it.

Days later, Facebook asked Khanna to disable it and a week after it released a Messenger app update addressing the flaw.

Facebook spokesman Matt Steinfeld said the company had been working on a Messenger update months before it became aware of Khanna’s app.

Two hours before he was supposed to leave to start his internship, Khanna received a call from a Facebook employee telling him that the company was rescinding the offer because he had violated the Facebook user agreement when he scraped the site for data.

Khanna wrote about the experience in a case study published Tuesday for the Harvard Journal of Technology Science. He spent the summer interning at a Silicon Valley startup and said the back-and-forth with Facebook ended up being a learning experience as well.

Windows 10 keeps talking to Microsoft

GossipEven when it is told not to, Windows 10 compulsively chats to Redmond sparking privacy concerns.

If you switch off Cortana and searching the Web from the Start menu, opening Start and typing will send a request to www.bing.com to request a file called threshold.appcache which appears to contain some Cortana information, even when Cortana is disabled.

Some of the traffic looks harmless but the question is why  it happens.

Windows 10 downloads new tile info from MSN’s network from time to time, using unencrypted HTTP to do so. While again the requests contain no identifying information, it’s not clear why they’re occurring at all.

The OS periodically sends data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 transmits information to the server even when OneDrive is disabled and log-ins are using a local account that isn’t connected to a Microsoft Account.

It appears to be referencing telemetry settings but there is no reason for this it happens when telemtry is disabled.

Microsoft insists that none of this data hurts privacy. It is becoming increasingly difficult for Vole to provide services that do not hack somone off.

We’ve argued recently that operating systems will continue to make privacy-functionality trade-offs. Dervices such as Cortana (Siri, Google Now), cloud syncing of files, passwords, and settings, and many other modern operating system features are all valuable.

However you should be able to create a secure bare bones machine that does not phone Redmond if you want.