Tag: privacy

Report: Federal Government Asked Big Banks to Surveil Purchases of VPNs and Gift Cards, Transfers to Crowdsourcing Sites

In January, the House Judiciary Committee sounded the alarm about the federal government asking banks to surveil transactions related to certain keywords, such as “MAGA” and “Trump,” as part of investigations into January 6, 2021 at the Capitol. But new documents obtained by the House Judiciary Select Subcommittee on the Weaponization of the Federal Government have revealed that the surveillance that was initially identified by the House Judiciary Committee in January was much broader than these early reports suggested.

The House Judiciary Committee’s initial letter about this financial surveillance revealed that the Financial Crimes Enforcement Network (FinCEN) sent several financial institutions lists of terms that it deemed to be indicators of potential violent extremism and suggested that banks use these search terms to flag suspect transactions. These lists included terms such as MAGA and Trump and also recommended searching for more generic terms, such as terms related to purchases of transportation and terms related to purchases of books (including religious texts) and other media that FinCEN deemed to be “extremist.”

These new documents, which were shared in a report titled “Financial Surveillance in the United States: How Federal Law Enforcement Commandeered Financial Institutions to Spy on Americans,” show that the list of terms FinCEN asked banks and financial institutions to flag was much wider.

In one document, FinCEN brands lawful activities, such as “frequent ATM withdrawals and wire transfers with no apparent economic or business purpose” and “purchases that appear excessive or unusual for hobbyist or other legitimate use,” as potential indicators of violent extremism.

Keep reading

Proposition E Would Make It Easier for Police To Surveil San Francisco

On March 5, San Franciscans will have the opportunity to vote on a ballot measure that would decide whether or not to make them into guinea pigs for surveillance experiments by the San Francisco Police Department (SFPD).

Proposition E purports to streamline the SFPD, with sections on community engagement, recordkeeping, and the department’s vehicle pursuit and use of force policies. But its portion on department use of surveillance technology is troubling.

Under an existing ordinance passed in 2019, the SFPD may only use “surveillance technologies”—like surveillance cameras, automatic license plate readers, or cell site simulators—that have been approved by the San Francisco Board of Supervisors, the city and county legislative body. The process requires that the SFPD, like any other city or county agency, submit a policy to the board for approval before using any new technology. The 2019 ordinance also banned the use of facial recognition technology.

But Prop E adds a clause stipulating that the SFPD “may acquire and/or use a Surveillance Technology so long as it submits a Surveillance Technology Policy to the Board of Supervisors for approval by ordinance within one year of the use or acquisition, and may continue to use that Surveillance Technology after the end of that year unless the Board adopts an ordinance that disapproves the Policy.”

In other words, the SFPD could roll out an unapproved method of surveillance, and it would have free rein to operate within the city for up to a year before ever having to ask city officials for permission. And until the city passes a statute that specifically forbids it—that is, forbidding a technology that is by that point already in use—then the SFPD can keep using it indefinitely.

“Let’s say the SFPD decides they want to buy a bunch of data on people’s geolocation from data brokers—they could do that,” says Saira Hussain, a staff attorney at the Electronic Frontier Foundation (EFF). “They could use drones that are flying at all times above the city. They could use the robot dogs that were piloted at the border. These are all surveillance technologies that the police doesn’t necessarily have right now, and they could acquire it and use it, effectively without any sort of accountability, under this proposition.”

If those scenarios sound implausible, it’s worth noting that they’ve already happened: As Hussain notes, the Department of Homeland Security recently tested robot dogs to help patrol the U.S./Mexico border. And in 2012, the Los Angeles County Sheriff’s Department enlisted civilian aircraft to fly over Compton and surveil the entire area.

Not to mention, federal agencies already routinely purchase people’s cell phone geolocation information and internet metadata without a warrant.

Keep reading

California Democrats Introduce Bill That Would Force Homeowners and Renters to Disclose Number of Firearms to Insurance Companies, Government

For years, California Democrats have been hostile to gun owners. California Democrats frequently attempt to erode Second Amendment rights in the state.

A bill in the Democrat-controlled California State Assembly that was introduced on February 16th, would force homeowners and renters to disclose information about firearms they own. Assembly member Mike Gipson, and State Senator Catherine Blakespear are the two leading California Democrat lawmakers pushing this legislation.

Section 2086 will be an addition to the Insurance Code pertaining to AB-3067.

The questions include information as to the number of firearms in the home, the method of storage, and how many firearms are stored in vehicles on the property. The questions include whether or not the firearms are in locked containers or not.

Keep reading

Google Update Reveals AI Will Read All Your Private Messages

There’s understandable excitement that Google is bringing Bard to Messages. A readymade ChatGPT-like UI for a readymade user base of hundreds of millions. “It’s an AI assistant,” says Bard, “that can improve your messaging experience… from facilitating communication to enhancing creativity and providing information… it will be your personal AI assistant within your messaging app.”

But Bard will also analyze the private content of messages “to understand the context of your conversations, your tone, and your interests.” It will analyze the sentiment of your messages, “to tailor its responses to your mood and vibe.” And it will “analyze your message history with different contacts to understand your relationship dynamics… to personalize responses based on who you’re talking to.”

And so here comes the next privacy battlefield for smartphone owners still coming to terms with app permissions, privacy labels and tracking transparency, and with all those voice AI assistant eavesdropping scandals still fresh in the memory. Google’s challenge will be convincing users that this doesn’t open the door to the same kind of privacy nightmares we’ve seen before, where user content and AI platforms meet.

There will be another, less contentious privacy issue with your Messages requests to Bard. These will be sent to the cloud for processing, used for training and maybe seen by humans—albeit anonymized. This data will be stored for 18-months, and will persist for a few days even if you disable the AI, albeit manual deletion is available.

Keep reading

NSA secretly buying Americans’ data without a warrant

The National Security Agency has secretly been buying Americans’ internet records and using them for spying purposes without obtaining a warrant, a senior senator revealed Thursday.

Sen. Ron Wyden, Oregon Democrat, said the practice had been a “legal gray area,” with data brokers quietly obtaining and reselling the internet “metadata” without the users’ consent. He said the NSA has been trying to keep the whole thing under wraps.

In a letter to Director of National Intelligence Avril Haines, the senator said the government needs a “wake-up call,” and he called for new rules limiting purchases only to data that Americans have consented to be sold.

He also asked for Ms. Haines to take an inventory of what the government already has and toss out any information that doesn’t meet the standard of consent.

“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal,” he said.

He released a letter from Army General Paul M. Nakasone, director of the NSA, detailing and justifying the agency’s actions.

Gen. Nakasone said it acquires what it calls “commercially available information” but said the acquisitions are limited. They don’t include location data from phones “known to be used in the United States,” and they don’t buy or use location data from automobiles in the U.S.

They do buy “non-content” data “where one side of the communication is a U.S. Internet Protocol address and the other is located abroad.”

The general said that information was critical for “the U.S. Defense Industrial Base.”

“NSA understands and greatly values the congressional and public trust it has been granted to carry out its critical foreign intelligence and cybersecurity missions on behalf of the American people,” Gen. Nakasone wrote.

In a separate letter, Under Secretary of Defense Ronald S. Moultrie defended the legality.

“I am not aware of any requirement in U.S. law or judicial opinion … that DoD obtain a court order in order to acquire, access or use information, such as CAI, that is equally available for purchase to foreign adversaries, U.S. companies and private persons as it is to the U.S. government,” he wrote.

Mr. Wyden, though, says the legal landscape may have just changed.

Keep reading

Reddit must share IP addresses of piracy-discussing users, film studios say

For the third time in less than a year, film studios with copyright infringement complaints against a cable Internet provider are trying to force Reddit to share information about users who have discussed piracy on the site.

In 2023, film companies lost two attempts to have Reddit unmask its users. In the first instance, US Magistrate Judge Laurel Beeler ruled in the US District Court for the Northern District of California that the First Amendment right to anonymous speech meant Reddit didn’t have to disclose the names, email addresses, and other account registration information for nine Reddit users. Film companies, including Bodyguard Productions and Millennium Media, had subpoenaed Reddit in relation to a copyright infringement lawsuit against Astound Broadband-owned RCN about subscribers allegedly pirating 34 movie titles, including Hellboy (2019), Rambo V: Last Blood, and Tesla.

In the second instance, the same companies sued Astound Broadband-owned ISP Grande, again for alleged copyright infringement occurring over the ISP’s network. The studios subpoenaed Reddit for user account information, including “IP address registration and logs from 1/1/2016 to present, name, email address, and other account registration information” for six Reddit users, per a July 2023 court filing.

In August, a federal court again quashed that subpoena, citing First Amendment rights. In her ruling, Beeler noted that while the First Amendment right to anonymous speech is not absolute, the film producers had already received the names of 118 Grande subscribers. She also said the film producers had failed to prove that “the identifying information is directly or materially relevant or unavailable from another source.”

Keep reading

CBDCs are steeped in human rights abuses and are a new way to track citizens

Many people regularly use multiple forms of digital money.  We make digital payments using credit, debit, and prepaid cards, as well as mobile payment apps like PayPal.

It’s not just payments that have gone digital. Nearly every financial institution offers services – from savings accounts to mortgages – via mobile applications.

So, money is already widely available in digital form. The current system works so well that few people ever take the time to worry about whether the digital money they are using is a liability of, for example, Visa or a liability of their bank.

So why are governments considering implementing CBDCs?

Unlike the current system of digital money, with CBDCs, digital money would be a liability of the central bank. In other words, governments have the direct responsibility to hold, transfer or otherwise remit those funds to the ostensible owner. This feature creates a direct link between citizens and the central bank. And it is this feature that opens the door to so many human rights concerns when it comes to the adoption of CBDCs.

These concerns cover issues of financial privacy, freedom, stability and cybersecurity.  The Human Rights Foundation’s (“HRF’s”) CBDC Tracker website notes the following as the concerns regarding CBDCs:

  • Sweeping financial surveillance. Around the world, governments routinely pressure banks and other financial institutions to supply customer information. From Canada to Russia, this practice has become all too common. The difference between what is experienced today and what would be experienced with a CBDC, however, is that the financial records would be on government databases by default. In other words, a CBDC could spell doom for what little protection remains because it would give governments complete visibility into every financial transaction.
  • Restricting financial activity.
  • Freezing funds.
  • Seizing funds.
  • Imposing negative interest rates.  Proposals for CBDCs often tout negative interest rates as a benefit because it would offer policymakers “greater control” over the economy. For citizens, however, a negative interest rate amounts to a fine or tax for saving money.
  • Disrupting financial stability.
  • Disrupting cryptocurrency.  Globally, governments have demonstrated that they want a CBDC specifically to hold on to their monopoly over national currencies. For instance, China banned cryptocurrencies just as its CBDC was launched; India announced its plans for a CBDC while simultaneously calling for a ban on cryptocurrency; and Nigeria prohibited banks from cryptocurrency transactions just as it launched its CBDC.
  • Putting the economy at risk of cyberattacks.
  • Creating a new tool for corruption.

For additional information on concerns regarding the risks of CBDCs, HRF recommends the Cato Institute’s webpage titled ‘The Risks of CBDCs: Why Central Bank Digital Currencies Shouldn’t Be Adopted’ and report titled ‘Central Bank Digital Currency: Assessing the Risks and Dispelling the Myths’.

Keep reading

LAPD Plans To Include Private Cameras In 10K-Strong Surveillance Network

The Los Angeles Police Department (LAPD) intends to develop a new surveillance center that will give police centralized access to live security feeds from cameras in public and private spaces, pending budget approval from Mayor Karen Bass. The department hopes to be able to access 10,000 cameras through the city through the program, which has been dubbed LAPD Live.

Real-time surveillance center to utilize life feeds from home security cameras

The real-time crime command center would give police access to security cameras in and on city buildings, stores, police body cams and the department’s helicopters. It would integrate other software such as the Compstat intelligence tool onto one single screen. Homeowners could also register their own security cameras with the department to share footage from their property and be notified if a crime is committed nearby.

LAPD argues the program will reduce time and money spent on investigating crimes, gathering evidence, and talking to witnesses while “eliminat[ing] the need for officer visits to private residents” which in turn “preserves individual privacy.” It would also help mitigate the effect of a recent decline in sworn officers.

The LAPD previously tried to do something similar with Neighbors, an app that shares Ring camera footage and alerts with public safety officials. Those who agreed to Neighbors’ terms of service shared their information with police that would normally require a warrant, even when a crime hasn’t occurred. Some may have unknowingly shared their data with police.

Ring also made the LAPD a brand ambassador through a program, giving out free cameras in exchange for sign-ups. The program ended in 2019, and shortly after the Electronic Frontier Foundation reported that the LAPD had sent requests to Ring users to obtain footage of Black Lives Matter protests.

Around the same time frame, at least 50 other local police throughout the U.S. also partnered with Ring, subsidizing doorbell purchases that would in turn expand surveillance capabilities for police while allowing them to circumvent traditional approval processes. Ring also filed a patent to add facial recognition to the devices but never announced plans to add the feature after public criticism.

Keep reading

Hackers Exploit Third-Party Cookies to Access Google Accounts Without Passwords

Security experts at CloudSEK have reportedly identified a new form of malware that exploits third-party cookies, allowing unauthorized access to Google accounts without the need for passwords.

The Independent reports the alarming security breach, first announced on a Telegram channel by a hacker in October 2023, exploits vulnerabilities in third-party cookies. Specifically, it targets Google authentication cookies, which are normally used to streamline user access without repeated logins.

Hackers have devised a method to extract these cookies, allowing them to bypass password-based security and even two-factor authentication mechanisms to access user accounts.

This exploit is a major risk for all Google accounts as it allows for ongoing access to Google services, even after a user’s password has been changed. An analysis by the cybersecurity firm CloudSEK indicates that several hacking groups are actively experimenting with this technique.

Keep reading

The Digital ID Rollout Is Becoming a Hacker’s Dream

Governments and corporations around the world are showing great enthusiasm in either already implementing, or planning to implement some form of digital IDs.

As it turns out ironically, these efforts are presented to citizens as not only making their lives easier through convenience, but also making sure their personal data contained within these digital IDs is safer in a world teeming with malicious actors.

Opponents have been warning about serious privacy implications, but also argue against the claim that data security actually gets improved.

It would appear they are right – at least according to a report by a cybersecurity firm issued after the hacker attacks happening around the Christmas holiday, something that’s now been dubbed “Leaksmas.”

Not only governments, but hackers as well love digital IDs and huge amounts of personal information all neatly gathered in one place, and, judging by what’s been happening recently, in many instances, sitting there pretty much easily available to them.

And hackers have expressed this love by making digital ID data their primary focus, the firm, Resecurity, said in its report. Resecurity claims that this is a clear fact, and that it was able to discern it by analyzing data dumps once they started appearing on the dark web after the Christmas-time “digital smash-and-grabs.”

In numbers, a staggering 50 million records containing personally identifiable information have surfaced on the dark web. The reason so many stolen datasets have made it to the black digital market all at once appear to be “technicalities” related to the time window during which most of it will be “sellable”.

Keep reading