Tag: privacy

Government Watchdog Calls Out Dangers in Section 702 Surveillance

Ten years after Edward Snowden sparked a debate over domestic (and international) spying by the U.S. government and its allies, arguments continue and so does the snooping. This year, one key component of the surveillance state—Section 702 of the Foreign Intelligence Surveillance Act—is up for congressional reauthorization. Now, the executive branch’s own civil liberties watchdog says that, while Section 702 plays an important role, it’s also dangerous to our freedom and needs reform.

To hear America’s professional spooks, Section 702 is made up of equal servings of mom, apple pie, and a trench coat.

“In 2008, Congress enacted Section 702 of the Foreign Intelligence Surveillance Act (FISA), a critical intelligence collection authority that enables the Intelligence Community (IC) to collect, analyze, and appropriately share foreign intelligence information about national security threats,” insists the Office of the Director of National Intelligence. “Section 702 only permits the targeting of non-United States persons who are reasonably believed to be located outside the United States. United States persons and anyone in the United States may not be targeted under Section 702.”

The Privacy and Civil Liberties Oversight Board (PCLOB), established in 2007 in an effort to limit the excesses of the burgeoning post-9/11domestic intelligence apparatus, sees things a little differently.

Keep reading

Texas Anti-Abortion Crusader Demands Abortion Patient Information In Court

THE NOTORIOUS FAR-RIGHT attorney who helped craft Texas’s bounty-hunter abortion ban, Senate Bill 8, is now attempting to force abortion funds to hand over reams of information on every abortion the organizations have supported since 2021. This includes the city and state where each patient lived, the names of the abortion providers, and the identities of nearly every person who helped the patients access abortion care.

Earlier this month, Jonathan Mitchell — himself not a Texan but based in Washington state — served requests to nine Texas abortion funds and one Texas doctor. The brazen attempt to acquire sensitive information about abortion patients and the funds that assist them is a disturbing turn in the ongoing legal battle over Texas’s six-week abortion ban.

In August of last year, a coalition of abortion funds and doctors filed a class action lawsuit against Texas Attorney General Ken Paxton and other state officials. The suit, Fund Texas Choice v. Paxton, aims to challenge Senate Bill 8, or S.B. 8, and its devious method of civil enforcement to evade federal court scrutiny. In response, Mitchell, on behalf of the Texas government, is using the legal discovery process to harass those defending reproductive freedoms.

Keep reading

NEW GROUP ATTACKING IPHONE ENCRYPTION BACKED BY U.S. POLITICAL DARK-MONEY NETWORK

THE HEAT INITIATIVE, a nonprofit child safety advocacy group, was formed earlier this year to campaign against some of the strong privacy protections Apple provides customers. The group says these protections help enable child exploitation, objecting to the fact that pedophiles can encrypt their personal data just like everyone else.

When Apple launched its new iPhone this September, the Heat Initiative seized on the occasion, taking out a full-page New York Times ad, using digital billboard trucks, and even hiring a plane to fly over Apple headquarters with a banner message. The message on the banner appeared simple: “Dear Apple, Detect Child Sexual Abuse in iCloud” — Apple’s cloud storage system, which today employs a range of powerful encryption technologies aimed at preventing hackers, spies, and Tim Cook from knowing anything about your private files.

Something the Heat Initiative has not placed on giant airborne banners is who’s behind it: a controversial billionaire philanthropy network whose influence and tactics have drawn unfavorable comparisons to the right-wing Koch network. Though it does not publicize this fact, the Heat Initiative is a project of the Hopewell Fund, an organization that helps privately and often secretly direct the largesse — and political will — of billionaires. Hopewell is part of a giant, tightly connected web of largely anonymous, Democratic Party-aligned dark-money groups, in an ironic turn, campaigning to undermine the privacy of ordinary people.

Keep reading

The State against Anonymity

In the last century, states have had great control over channels of media. In most of the West, lobbying groups and cartels working with “liberal” and “democratic” governments regulated who could broadcast while governments, with their endless pools of money and political force, competed alongside private, or foreign, establishments. South Africa banned television entirely, and then after legalizing it in the ’70s, the industry was still controlled by the state.

All media in the Soviet Union was centralized and controlled by the state immediately after the October Revolution—the Bolshevik leaders understood the importance of media control. Every state in the last century has had some grip over the country’s media, propagating favorable narratives and restricting the unfavorable to maintain control over the population.

Traditional media centralization by the state was then rendered obsolete with the popularization of the Internet. As the Internet and its related technology developed, decentralization became more pronounced and widespread. When anyone can start a podcast on a plethora of websites with anyone else in the world who has the technology, or when miniature documentaries and video essays can be produced and uploaded by anyone to anywhere that accepts the format, the state-operated or state-supported media that dominated the last century becomes effectively out of date. The new competition was too dynamic, adaptive, decentralized, and evasive for the old system to outcompete, outproduce, or outright ban.

Traditional media wasn’t the only thing affected by the Internet. Chat boards, forums, and other means of direct communication undermined multiple key legitimizers of the state, specifically academics and journalists. Barring local rules and guidelines, anyone was free to question and discuss any aspect of academia, usually under the freedom afforded by anonymity.

Keep reading

Department of Defense Signs Contract With Social Media Monitoring Company

Fresh revelations regarding a $2.5 million contractual agreement between the Defense Information Systems Agency (DISA) at Fort George G. Meade and social media scrutinizer Dataminr have emerged. These claims, unveiled by a US government notice, imply a new era of digital monitoring rests on the horizon, increasingly unsettling in its reinforcement of sweeping surveillance, and potentially having implications on free speech and privacy protection.

Fort Meade, also known as the steering wheel of the US Government’s paramount signals intelligence organization, the National Security Agency, has seemingly struck a discreet deal to expand its espionage services.

DISA, commodiously located at Fort Meade, is now purported to have voluminous exposure to public posts from assorted social media platforms, including X, formerly Twitter.

Dataminr is a company specializing in AI-driven real-time information discovery and is known for detecting, classifying, and determining the significance of public information in real time. It’s plausible that government entities, including the Department of Defense, may leverage services like Dataminr to monitor social media and other public data sources to maintain situational awareness and respond to emerging events or threats more rapidly.

When privacy buffs and free speech advocates look at governmental use of tools like Dataminr, it’s met with a hefty dose of suspicion, and rightfully so. The potential implications for personal freedom, civil rights, and the pillars of democracy are considerable. There’s this looming worry about the government, potentially with too loose a leash, exploiting these tools to spy on lawful activities and on people living their everyday lives with no criminal intentions.

Keep reading

The UK passes massive online safety bill

The UK’s Online Safety Bill is ready to become law. The bill, which aims to make the UK “the safest place in the world to be online,” passed through the Houses of Parliament on Tuesday and imposes strict requirements on large social platforms to remove illegal content. It will be enforced by UK telecom regulatory agency Ofcom.

Additionally, the Online Safety Bill mandates new age-checking measures to prevent underage children from seeing harmful content. It also pushes large social media platforms to become more transparent about the dangers they pose to children, while also giving parents and kids the ability to report issues online. Potential penalties are also harsh: up to 10 percent of a company’s global annual revenue. The bill has been reworked several times in a multiyear journey through Parliament.

But not only does online age verification raise serious privacy concerns — the bill could also put encrypted messaging services, like WhatsApp, at risk. Under the terms of the bill, encrypted messaging apps would be obligated to check users’ messages for child sexual abuse material.

Depending on how the rule is enforced, this could essentially break apps’ end-to-end encryption promise, which prevents third parties — including the app itself — from viewing users’ messages. In March, WhatsApp refused to comply with the bill and threatened to leave the UK rather than change its encryption policies. It joined Signal and other encrypted messaging services in protesting the bill, leading UK regulators to attempt to assuage their concerns by promising to only require “technically feasible” measures.

Keep reading

Federal Reserve: desire for cash-like anonymity for digital assets based on ignorance

The Federal Reserve published a paper that explores various privacy strategies in digital asset ecosystems. A key point is that cash like anonymity is very unlikely in digital systems. Confidentiality from certain parties is the best to hope for.

It asserts the desire for cash-like anonymity is based on a misunderstanding of how digital systems work. Even with encryption, activity logs and audit trails leak small pieces of information. Of course, current versions of most public blockchains reveal an enormous amount of data which is easy to link to an identity by tracing wallets back to exchange onramps.

Although it may be true that anonymity is almost impossible to achieve in the digital realm, people desire it. While comparing digital systems to cash at a practical level, the paper doesn’t acknowledge the broad recognition that digital money will accelerate the crowding out of cash.

Keep reading

U.K. Government Finally Admits It Can’t Scan for Child Porn Without Violating Everybody’s Privacy

The U.K. government finally acknowledges that a component of the Online Safety Bill that would force tech companies to scan data and messages for child porn images can’t be implemented without violating the privacy rights of all internet users and undermining the data encryption tools that keep our information safe.

And so the government is backing down—for now—on what’s been called the “spy clause.” Using the justification of fighting the spread of child sexual abuse material (CSAM), part of the Online Safety Bill would have required online platforms to create “backdoors” that the British government could use to scan messages between social media users. The law also would’ve allowed the government to punish platforms or sites that implement end-to-end encryption and prevent the government from accessing messages and data.

While British officials have insisted that this intrusive surveillance power would be used only to track down CSAM, tech and privacy experts have warned repeatedly that there’s no way to implement a surveillance system that could be used only for this particular purpose. Encryption backdoors allow criminals and oppressive governments to snoop on people for dangerous and predatory purposes. Firms like Signal and WhatsApp threatened to pull their services from the U.K. entirely if this bill component moved forward.

Keep reading

Hackers Can Silently Grab Your IP Through Skype — Microsoft Is In No Rush to Fix It

Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.

Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people. At minimum, an IP address can show what area of a city someone is in. An IP address can be even more revealing in a less densely populated area, because there are fewer people who could be associated with it.

“I think just about anybody could be harmed by this,” Cooper Quintin, a security researcher and senior public interest technologist at activist organization the Electronic Frontier Foundation (EFF), said when I explained the issue to him. Quintin said the major concern was “finding people’s location for physical escalations, and finding people’s IP address for digital escalations.”

To verify that the vulnerability has the impact that Yossi described, I asked him to test it out on me. To start, Yossi sent me a link via Skype text chat to google.com. The link was to the real Google site, and not an imposter.

I then opened Skype on an iPad and viewed the chat message. I didn’t even click the link. But very soon after, Yossi pasted my IP address into the chat. It was correct.

Keep reading

The IRS Misplaced Millions of Taxpayer Records. Again.

Do you know where your tax records are? It’s a serious question in the case of millions of Americans whose records the IRS carelessly misplaced. That’s the big reveal in a recent inspector general’s report telling us that the federal mugging agency continues to be mindbogglingly incompetent at safeguarding the sensitive financial information it forcibly extracts from us all.

“The IRS was unable to locate any of the FY 2010 microfilm cartridges that should have been sent from the Fresno Tax Processing Center to the Kansas City Tax Processing Center,” the U.S. Treasury Inspector General for Tax Administration revealed in an August 8 report on the tax agency’s data-handling practices. “As a result of the lack of adequate inventory controls, the IRS cannot account for thousands of microfilm cartridges containing millions of sensitive business and individual tax account records.”

That’s bad—remarkably bad given the bait the information in those records represents for criminals inclined “to commit tax refund fraud identity theft,” as the report goes on to warn. You could omit the “tax refund” part since the details we’re required to submit to the IRS could enable scammers to rob us blind in a host of ways that don’t matter to the government but are extremely serious to anybody on the receiving end.

As you might expect of a government agency, the incompetence doesn’t stop there.

Keep reading