Tag: privacy

EU’s Plan To Mass Surveil Private Chats Has Leaked

The latest version of the proposed European Parliament (EP) and EU Council regulation to adopt new rules related to combating child sexual abuse has been made available online.

Despite its declared goal, the proposal, which first saw the light of day in May 2022 and is referred to by opponents as “chat control” is in fact a highly divisive draft of legislation that aims to accomplish the stated objective through mass surveillance of citizens’ private communications.

Now, the French site contexte.com has the full text of the newest version of the proposal – yet another controversial undertaking of the current, 6-month Belgian EU presidency. Judging by the leaked document, the key and most contentious components of “chat control” have not been changed.

German EP member (MEP) Patrick Breyer and long-time vocal critic of the proposal said on his blog that the text would be discussed by a law enforcement working party at the Council on Wednesday, with the target date for adoption being sometime in June.

That will happen once any political differences have been smoothed over at the EU’s Committee of Permanent Representatives (“COREPER”).

Commenting on the development, Breyer remarked that the Council’s legal service has also confirmed that the new version “does not change the nature of detection orders.”

“Limiting bulk chat searches to ‘high-risk services’ is meaningless because every communication service is misused also for sharing illegal images and therefore has an imminently high risk of abuse,” the MEP noted of the latest proposal, adding:

“Informing law enforcement only of repeat hits is also meaningless, as falsely flagged beach pictures or consensual sexting rarely involve just a single photo.”

He went on to explain that the upcoming regulation is set up in a way that will result in the end of the privacy of people’s digital communications, since the subject of content searches will be “millions” of chats and photos, including those belonging to persons who have no links to child sexual abuse.

And because the technology proposed to carry out the mass surveillance is unreliable, there are also risks of this content getting leaked.

Keep reading

Facebook let Netflix see user DMs to help them tailor content as part of a close collaboration between the two tech giants, new court documents claims

Facebook‘s parent company Meta allegedly allowed Netflix to peer at its user DMs ‘for nearly a decade’ to help the streaming giant better tailor content for its own users, an explosive lawsuit has alleged. 

Court documents unsealed on March 23 that were filed last April as part of a major anti-trust lawsuit against Meta appear to have exposed the intricate relationship between two of Silicon Valley’s biggest players. 

The class-action lawsuit, filed by two US citizens, Maximilian Klein and Sarah Grabert, alleged Netflix and Facebook ‘enjoyed a special relationship’, with the social media platform giving the streaming site ‘bespoke access’ to user data. 

The two Silicon Valley players also agreed to ‘custom partnerships and integrations that helped supercharge Facebook’s ad targeting and ranking models’ from at least 2011, thanks to the personal relationship between Netflix’s co-founder Reed Hastings and Facebook’s founder Mark Zuckerberg

Lawyers alleged that ‘within a month’ of Hastings joining Facebook’s board of directors, the two companies signed an ‘Inbox API’ (Application Programming Interface) agreement that ‘allowed Netflix programmatic access to Facebook’s user’s private message inboxes.’

Keep reading

Kentucky Approves Gun Owner Privacy Protection

In a significant victory for Second Amendment advocates and the right to privacy, Kentucky has taken a bold step forward with the passage of House Bill 357, also known as the Second Amendment Privacy Act. This pioneering legislation, which received robust support from the National Shooting Sports Foundation (NSSF) marks a crucial milestone in protecting the privacy and financial details of firearm and ammunition purchasers in the Bluegrass State.

Crafted with the dedication and foresight of Kentucky state Representatives Derek Lewis and Michael Meredith, along with state Senator Jason Howell, the Second Amendment Privacy Act ensures that the financial transactions of law-abiding citizens buying firearms and ammunition are shielded from undue scrutiny and politicization. By prohibiting financial institutions from using a specific firearm code to track these purchases, the law stands as a bulwark against discrimination and unwarranted surveillance.

Keep reading

Is IRS using AI to infringe upon our financial privacy?

The House Judiciary Committee has opened an inquiry to whether the IRS is using artificial intelligence to invade Americans’ financial privacy after an agency employee was captured in an undercover tape suggesting there was a widespread surveillance operation underway that might not be constitutional.

Committee Chairman Jim Jordan, R-Ohio, and Rep. Harriet Hageman, R-Wyo., sent a letter last week to Treasury Secretary Janet Yellen demanding documents, and answers as to how the agency is currently employing artificial intelligence to comb through bank records to look for possible tax cheats.

The inquiry comes after the same panel has been exploring why the FBI was obtaining Americans’ bank records, including those of Jan. 6 suspects, without using search warrants or subpoenas.

Hageman told Just the News that lawmakers are increasingly concerned that federal law-enforcement agencies are no longer abiding by constitutional protections, including prohibitions against search and seizure without a warrant. 

The congressional inquiry was prompted by a September 2023 announcement that the IRS is using AI to “help IRS compliance teams better detect tax cheating, identify emerging compliance threats and improve case selection tools.”

The Treasury Department has since acknowledged it has “implemented an enhanced process using AI to mitigate check fraud in near real-time by strengthening and expediting processes to recover potentially fraudulent payments from financial institutions’ since late 2022.”

Jordan’s and Hageman’s letter said lawmakers have evidence and reason to believe that the IRS and Department of Justice (DOJ) are actively monitoring millions of Americans’ private transactions, bank accounts, and related financial information—without any legal process—using the AI-powered system.

“This kind of pervasive financial surveillance, carried out in coordination with federal law enforcement, into Americans’ private financial records raises serious doubts about the IRS’s—and the federal government’s—respect for Americans’ fundamental civil liberties,” the letter said.

You can read the letter here: 2024-03-20 JDJ HH to IRS re AI surveillance.pdf

Keep reading

Hackers can unlock over 3 million hotel doors in seconds

When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Keep reading

Feds Can Film Your Front Porch for 68 Days Without a Warrant, Says Court

Law enforcement in Kansas recorded the front of a man’s home for 68 days straight, 15 hours a day, and obtained evidence to prove him guilty on 16 charges. The officers did not have a search warrant, using a camera on a pole positioned across the street to capture Bruce Hay’s home. A federal court ruled on Tuesday that it was fine for law enforcement to do so, in what’s potentially a major reduction in privacy law.

“Mr. Hay had no reasonable expectation of privacy in a view of the front of his house,” said the U.S. Tenth Circuit Court of Appeals in its decision on U.S. vs Hay. “As video cameras proliferate throughout society, regrettably, the reasonable expectation of privacy from filming is diminished.”

Hay, an Army veteran, was found guilty of lying about his disability status to collect benefits from the Department of Veteran Affairs (VA). However, the concerning part of this case stems from how VA officers collected evidence against Hay. The veteran appealed his case, arguing that the months-long surveillance of his home crossed a line. However, the federal court ruled that law enforcement can videotape the outside of your home, partially because of how prominent video cameras have become in society.

The federal court’s decision says that video cameras have become “ubiquitous,” and have therefore diminished our expectations of privacy. Police officers wear body cameras now, cellphones have cameras, and many doorbells record your porch. The court isn’t wrong that cameras are everywhere.

Keep reading

How to Figure Out What Your Car Knows About You (and Opt Out of Sharing When You Can)

Cars collect a lot of our personal data, and car companies disclose a lot of that data to third parties. It’s often unclear what’s being collected, and what’s being shared and with whom. A recent New York Times article highlighted how data is shared by G.M. with insurance companies, sometimes without clear knowledge from the driver. If you’re curious about what your car knows about you, you might be able to find out. In some cases, you may even be able to opt out of some of that sharing of data.

Why Your Car Collects and Shares Data

A car (and its app, if you installed one on your phone) can collect all sorts of data in the background with and without you realizing it. This in turn may be shared for a wide variety of purposes, including advertising and risk-assessment for insurance companies. The list of data collected is long and dependent on the car’s make, model, and trim.  But if you look through any car maker’s privacy policy, you’ll see some trends:

  • Diagnostics data, sometimes referred to as “vehicle health data,” may be used internally for quality assurance, research, recall tracking, service issues, and similar unsurprising car-related purposes. This type of data may also be shared with dealers or repair companies for service.
  • Location information may be collected for emergency services, mapping, and to catalog other environmental information about where a car is operated. Some cars may give you access to the vehicle’s location in the app.
  • Some usage data may be shared or used internally for advertising. Your daily driving or car maintenance habits, alongside location data, is a valuable asset to the targeted advertising ecosystem. 
  • All of this data could be shared with law enforcement.
  • Information about your driving habits, sometimes referred to as “Driving data” or “Driver behavior information,” may be shared with insurance companies and used to alter your premiums.  This can range from odometer readings to braking and acceleration statistics and even data about what time of day you drive.. 

Surprise insurance sharing is the thrust of The New York Times article, and certainly not the only problem with car data. We’ve written previously about how insurance companies offer discounts for customers who opt into a usage-based insurance program. Every state except California currently allows the use of telematics data for insurance rating, but privacy protections for this data vary widely across states.

When you sign up directly through an insurer, these opt-in insurance programs have a pretty clear tradeoff and sign up processes, and they’ll likely send you a physical device that you plug into your car’s OBD port that then collects and transmits data back to the insurer.

Keep reading

Your car is secretly spying on you and driving your insurance rates through the roof: report

Drivers of cars manufactured by General Motors, Honda and other popular brands say that their insurance rates went up after the companies sent data about their driving behavior to issuers without their knowledge.

Kenn Dahl, 65, is a Seattle-area businessman who told The New York Times that his car insurance costs soared by 21% in 2022 after GM’s OnStar Smart Driver computerized system installed in his Chevy Bolt collected information about the particulars of his driving habits.

Dahl said that his insurance agent told him the price increase was based on data collected by LexisNexis, which compiled a report tracking each and every time he and his wife drove their Chevy Bolt over a six-month period.

According to Dahl, the 258-page report contained information about the start and end times of his trips, distance driven and other data detailing possible instances of speeding, hard braking and sharp accelerations.

The report contained information about one particular trip in June which lasted 18 minutes and spanned 7.33 miles

During that same trip, the LexisNexis report recorded two instances of rapid acceleration and two incidents of hard braking.

Keep reading

Study Estimates Nearly 96% of Private Property Is Open to Warrantless Searches

Police can traipse onto the vast majority of private property in the country without a warrant thanks to a century-old Supreme Court decision, according to a new study by the Institute for Justice, a libertarian-leaning public-interest law firm.

In a study published in the spring 2024 issue of Regulation, a publication of the Cato Institute, Institute for Justice attorney Josh Windham and research analyst David Warren estimate that at least 96 percent of all private land in the country is excluded from Fourth Amendment’s warrant requirement under the “open-fields doctrine,” which allows police to forego warrants when they searched fields, woods, vacant lots, and other property not near a dwelling.

That adds up to nearly 1.2 billion acres open to government trespass, and the Institute for Justice says that’s a conservative estimate. The organization also says the study is the first attempt to quantify how much private property is affected by the Supreme Court’s 1924 ruling in Hester v. U.S., which created the doctrine.

“Now we have hard data showing that the Supreme Court’s century-old error blew a massive hole in Americans’ property and privacy rights,” Windham said in a press release. “Now we know what the open fields doctrine really means: Government officials can treat almost all private land in this country like public property.”

Windham added that “courts and lawmakers across the country will have to face the consequences of keeping this doctrine on the books.” 

Keep reading

Hackers can read private AI assistant chats even though they’re encrypted

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Keep reading