Tag: privacy

Senate Passes Kids’ “Safety” Bills Despite Privacy, Digital ID, and Censorship Concerns

Two bills combined – the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) – have passed in the US Senate in a 91-3 vote, and will now be considered by the House.

Criticism of the bills focuses mainly on the likelihood that, if and when they become law, they will help expand online digital ID verification, as well as around issues like censorship (removal and blocking of content).

The effort to make KOSA and COPA 2.0 happen was spearheaded by a parent group that was pushing lawmakers and tech companies’ executives to move in this direction, and their main demand was to enact new rules that would prevent cyberbullying and other harms.

And now the main sponsors, senators Richard Blumenthal, a Democrat, and Republican Marsha Blackburn are trying to dispel these concerns, suggesting these are not “speech bills” and do not (directly) impose age verification.

Further defending the bills, they say that the legislation does not mandate that internet platforms start collecting even more user data, and reject the notion it is invasive of people’s privacy.

But the problem is that although technically true, this interpretation of the bills’ impact is ultimately incorrect, as some of their provisions do encourage censorship, facilitate the introduction of digital ID for age verification, and leave the door open for mass collection of online users’ data – under specific circumstances – and end ending anonymity online.

Keep reading

FBI Director Wray Uses Trump Assassination Attempt To Criticize Private Messaging

FBI Director Christopher Wray has used a congressional hearing organized after the assassination attempt on Donald Trump to launch another attack against encryption and use that as justification for the state of the investigation.

Appearing before the House Judiciary Committee this week, Wray was supposed to speak about the FBI’s investigation into this extremely serious incident, as well as about what the committee said is “the ongoing politicization” of the agency under his and Attorney-General Merrick Garland’s direction.

But Wray turned it into blaming encrypted apps and services for the pace of the investigation. Quite extraordinarily for a person who is supposed to be highly knowledgeable about security, the FBI chief came across as oblivious to how essential encryption is for people’s online security – from their bank transactions to their communications.

Instead, he complained that it is difficult to break into accounts on encrypted platforms, that is, to break encryption – a situation that the FBI head said has “unfortunately become very commonplace.”

He went on to claim that law enforcement at all levels, federal, state, and local finds it “a real challenge.”

Reports say that the FBI had “early success” in breaking into the phone of the shooter, Thomas Matthew Crooks, using tools provided by Cellebrite. This is an Israeli company that oddly advertises its wares as “accelerating justice.”

Wray did not reveal which platforms host the accounts belonging to Crooks that the FBI says it has trouble accessing but noted that “legal process returns” are awaited to accomplish that goal.

Keep reading

The DEA Claims To Be Able To Search Your Bag Without Your Consent. But Can They?

Can federal law enforcement demand an impromptu spot-check of your bag after you pass through airport security?

Recent footage released by the Institute for Justice (I.J.) shows an officer from the Drug Enforcement Administration (DEA) attempting to do precisely that. In the video, which was recorded earlier this year, a DEA agent repeatedly attempts to search the bag of a man identified as David C., who had already passed through a Transportation Security Administration (TSA) checkpoint and was attempting to board his flight. At one point, the agent implies that he could search David’s backpack without his consent.

“I don’t consent to search, sir,” David tells the officer. “You don’t have to consent,” the officer responds, adding moments later, “I don’t care [about] your consent stuff.”

The video shows the officer offering David the choice between boarding the plane for his flight and staying with his bag. “Set your bag down and then you can walk on the plane,” the agent says. “You can do that, but you can’t take the bag.”

“Am I being detained right now?” David asks. “Not you, but your bag,” the officer replies.

David had good reason to be disquieted by the prospect of his bag being searched, even notwithstanding the fact that it contained no contraband. According to a 2016 USA Today report, the DEA annually seizes hundreds of millions of dollars from thousands of airport travelers through a controversial process called civil asset forfeiture. Civil forfeiture allows federal agents to take large quantities of cash from individuals—sometimes for years—without ever charging them with a crime.

David’s situation is, in a way, familiar to many Americans. He was in Cincinnati for a business trip, but got sick and had to rebook his flight back to New York at the last minute. On the day of his flight, he passed through TSA and entered the airport terminal as normal, but was thereafter approached by the agent, who asked him for his ID and for permission to search his bag.

When David initially declined, the agent pulled out his badge.

The officer told David that he was suspected of illicit activity because he had booked his flight shortly before it took off. “When you buy a last-minute ticket, we get alerts,” the officer explains to David. “We come out, and we talk to those people, which I’ve tried to do to you, but you wouldn’t allow me to do it.” 

David was initially skeptical that the agent had the authority to search through his bag without consent, but the officer told him, “We wouldn’t do this—and be doing this across the country—if it wasn’t legal.”

Keep reading

UN Cybercrime Draft Convention Dangerously Expands State Surveillance Powers Without Robust Privacy, Data Protection Safeguards

As we near the final negotiating session for the proposed UN Cybercrime Treaty, countries are running out of time to make much-needed improvements to the text. From July 29 to August 9, delegates in New York aim to finalize a convention that could drastically reshape global surveillance laws. The current draft favors extensive surveillance, establishes weak privacy safeguards, and defers most protections against surveillance to national laws—creating a dangerous avenue that could be exploited by countries with varying levels of human rights protections.

The risk is clear: without robust privacy and human rights safeguards in the actual treaty text, we will see increased government overreach, unchecked surveillance, and unauthorized access to sensitive data—leaving individuals vulnerable to violations, abuses, and transnational repression. And not just in one country.  Weaker safeguards in some nations can lead to widespread abuses and privacy erosion because countries are obligated to share the “fruits” of surveillance with each other. This will worsen disparities in human rights protections and create a race to the bottom, turning global cooperation into a tool for authoritarian regimes to investigate crimes that aren’t even crimes in the first place.

Countries that believe in the rule of law must stand up and either defeat the convention or dramatically limit its scope, adhering to non-negotiable red lines as outlined by over 100 NGOs. In an uncommon alliance, civil society and industry agreed earlier this year in a joint letter urging governments to withhold support for the treaty in its current form due to its critical flaws.

Keep reading

Google Plans New Content-Scanning Censorship Tech

Earlier in the year, Google filed an application to patent new methods, systems, and media for what the giant calls “identifying videos containing objectionable content” that are uploaded to a social site or video service.

For example, YouTube – though the filing doesn’t explicitly name this platform.

The patent application, which has just been published this month, is somewhat different from other automated “methods and systems” Google and other giants, notably Microsoft, already have to power their censorship apparatus; with this one, the focus is more on how AI can be added to the mix.

More and more often, various countries are introducing censorship laws where the speed at which content is removed or accounts blocked is a major requirement made of social media companies. Google could have this in mind when the patent’s purpose is said to be to improve on detecting objectionable content quickly, “for potential removal.”

No surprise here, but what should be the key question – namely, what is considered as “objectionable content” – is less of a definition and more a list that can be further expanded, variously interpreted, etc., and the list includes such items as violence, pornography, objectionable language, animal abuse, and then the cherry on top – “and/or any other type of objectionable content.”

The filing details how Google’s new system works, and we equally unsurprisingly learn that AI here means machine learning (ML) and neural networks. This technology is supposed to mimic the human brain but comes down to a series of equations, differentiated from ordinary algorithms by “learning” about what an image (or a video in this case) is, pixel by pixel.

Keep reading

EU Agencies Propose Encryption Backdoors and Cryptocurrency Surveillance

The EU is attacking encryption again, this time in a report put together by several agencies, including EU law enforcement Europol, and the European Council’s Counter-Terrorism Coordinator.

This EU’s site says that this “first report on encryption” – by what the bloc calls its Innovation Hub for Internal Security, is looking for ways to “uphold citizens’ privacy while enabling criminal investigation and prosecution.”

“The main challenge is to design solutions that would allow at the same time a lawful and targeted access to communications and that guarantees that a high level of cybersecurity, data protection and privacy,” says the report.

The objective answer to the supposed conundrum of how to achieve both goals is always the same: you can’t.

Yet the EU, various governments, and international organizations continue to push to undermine online encryption and keep framing their initiatives the same way – as both their supposed care for privacy (and importantly, security), and making law enforcement’s job much easier (saying that the goal is to “enable” that, suggests there’s no other way to investigate, which is not true.)

And, how on Earth the EU intends to “safeguard fundamental rights” (of citizens) while at the same time proposing what it does in this document, is anybody’s guess. But EU bureaucrats are “safe” from being asked these questions – at least not by legacy, corporate media.

The report’s proposals include a number of ways to break encryption, mention encryption backdoors (the sneaky euphemism is, “lawful access” to communications and data), as well as password cracking and cryptocurrency and other forms of surveillance.

The not-so-subtle abuse of language and tone continues while discrediting encryption, as services like Meta’s Messenger, Apple Private Relay, and Rich Communication Systems (RCS) protocol are dubbed, “warrant-proof encryption technologies.”

Keep reading

Europol Seeks to Break Mobile Roaming Encryption

EU’s law enforcement agency Europol is another major entity that is setting its sights on breaking encryption.

This time, it’s about home routing and mobile encryption, and the justification is a well-known one: encryption supposedly stands in the way of the ability of law enforcement to investigate.

The overall rationale is that police and other agencies face serious challenges in doing their job (an argument repeatedly proven as false) and that destroying the internet’s currently best available security feature for all users – encryption – is the way to solve the problem.

Europol’s recent paper treats home routing not as a useful security feature, but, as “a serious challenge for lawful interception.” Home routing works by encrypting data from a phone through the home network while roaming.

We obtained a copy of the paper for you here.

Keep reading

Federal Judge, ICE Agents Linked to Compromised Spyware Use

Sometimes the government spies on you. And sometimes they hire a poorly secured Eastern European firm to do it for them.

Last week, hacktivists published the customer support database for Brainstack, a Ukrainian company that runs a phone tracking service called mSpy. (It was the third mSpy security breach in a decade.) The database includes messages from Immigrations and Customs Enforcement (ICE) agents, active-duty troops, and a U.S. circuit court judge interested in using mSpy to conduct surveillance.

Employees at the U.S. State Department, the Nebraska National Guard, and two federal auditing offices reached out to mSpy about using the service in official investigations. Many more low-level officials and service members seemed to be using mSpy to monitor people in their private lives, but signed up through their government emails. In some cases, it was unclear whether government employees were using mSpy for official or personal business. 

Even if the private spying was for a legitimate purpose—such as parents monitoring their children’s internet usage—it was probably not the best idea to sign up for foreign spyware with known security issues from a government email account.

Judge Kevin Newsom, the circuit judge of the United States Court of Appeals for the 11th Circuit, used his government email address to log into an mSpy customer service chat in February 2019. “You can’t reliably monitor Snapchat, which is the only reason I got it,” he complained. He sent mSpy a follow-up email asking for a refund, signed with his official title as a judge.

“Judge Newsom’s use was entirely in his personal capacity to address a family matter,” says Kate Adams, director of workplace relations at the 11th Circuit.

MSpy has previously suffered serious security problems over the past decade. In May 2015, hackers stole data on mSpy’s targets and offered it for sale on the dark web. When cybersecurity journalist Brian Krebs broke the story, mSpy tried to claim the data was fake, then eventually admitted to the breach. In September 2018, mSpy accidentally left that same type of data on a public-facing server, then removed it when Krebs noticed.

In early June 2024, the Swiss hacktivist maia arson crimew, who had previously leaked the FBI’s No Fly List, claimed that an “anonymous source” had sent her 150 gigabytes of data from mSpy’s customer service branch. “From all the past stalkerware leaks, usually what leaks is victim data,” crimew tells Reason via encrypted voice chat. But this leak was about mSpy’s clients—essentially turning the surveillance back against the surveilers.

Last week, the leaked client data was published on DDoSecrets, a website widely considered to be WikiLeaks’ successor. (DDoSecrets is also famous for hosting BlueLeaks, a massive 2020 leak of police files.) The mSpy media team did not respond to an email asking for comment on the leak.

Keep reading

NewsGuard Co-Founder Advocates Banning Anonymous Social Media Posts, Enabling Lawsuits Against Tech Firms for “False” Content

NewsGuard co-founder and co-CEO Steve Brill has published a book, “The Death of Truth” – but he’s not taking any responsibility. On the contrary.

Namely, Brill’s “apolitical (misinformation) rating system for news sites” as NewsGuard is promoted to customers, is often blasted – and currently investigated by Congress for possible First Amendment violations – as yet another tool to suppress online speech.

But corporate media sing his praises, presenting him as a “media maven.”

A censorship maven more like it, critics would say. And while getting his book promoted, Brill managed to add his name to the steadily growing list of governments, NGOs, and associated figures who are attacking online anonymity.

Keep reading

5 Devices You Can’t Hide From the Government ‘Alphabet Agencies’

I’m going to alert you to what many are considering to be on of the worst doomsday scenarios for free American patriots. One that apparently not many are prepping for, or even seem to care about.

By now everybody knows that the government ‘alphabet agencies’ including mainly the NSA have been methodically collecting data on us. Everything we do, say, buy and search on the internet will be on permanent data base file by next year. All phone calls now are computer monitored, automatically recorded and stored with certain flag/trigger words (in all languages).

As technology improves, every single phone call will be entirely recorded at meta-data bases in government computer cloud storage, when ‘They’ finish the huge NSA super spy center in Utah. Which means they will be available anytime authorities want to look them up and personally listen for any information reference to any future investigation. Super computer algorithms will pin point search extrapolations of ANY relationship to the target point.

You can rest uneasily, but assured, that in the very near future when a cop stops you and scans your driver license into his computer, he will know anything even remotely ’suspicious’ or ’questionable’ about ALL the recent activities and behavior in your life he chooses to focus upon!

This is the ‘privacy apocalypse’ coming upon us. And you need to know these five devices that you can run to protect your privacy, but you can’t hide from.

Keep reading