Article 43

 

Privacy And Rights

Sunday, July 07, 2013

For Sale - Your Cell Phone Records

attnsa.jpg

AT&T has announced that it will begin SELLING customers smart phone data to the highest bidder, putting the telecommunications giant in line with Verizon, Facebook and other competitors that quietly use a consumer’s history for marketing purposes.

RT news
July 6, 2013

The company claims its new privacy policy, to be updated within “the next few weeks,” exists to deliver “mor erelevant advertising” to users based on which apps they use and their location, which is provided by GPS-tracking. Apparently recognizing the natural privacy concerns a customer might have, AT&T assured the public that all data would be aggregated and made anonymous to prevent individual identification.

A letter to customers, for instance, described how someone identified as a movie fan will be sent personalized ads for a nearby cinema.

“People who live in a particular geographic area might appear to be very interested in movies, thanks to collective information that shows wireless devices from that area are often located in the vicinity of movie theaters,” the letter states. “We might create a ‘movie’ characteristic for that area, and deliver movie ads to the people who live there.”

A June 28 blog post from AT&Ts chief privacy officer Bob Quinn said the new policy will focus on “Providing You Service and Improving Our Network and Services,” but the online reaction has been overwhelmingly negative, with many customers looking for a way to avoid the new conditions.

“You require that we allow you to store a persistent cookieof your choosing in our web browsers to ”OPT-OUT” one person wrote. “No mention of how other HTTP clients, such as email clients, can opt out. If you really did care about your customers, you would provide a way for us to opt out all traffic to/from our connection and mobile devices in one easy setting.:

One problem for any customer hoping for a new service is the lack of options, smartphone or otherwise. Facebook, Google, Twitter and Verizon each store consumer data for purposes that have not yet been made clear. And because of the profit potential that exists when a customer blindly trusts a company with their data, small Internet start-ups, including AirSage and many others, have developed a way to streamline information into dollars.

The nefarious aspect of AT&Ts announcement is underscored by the recent headlines around the National Security Agency, which has spent years has compelling wireless corporations to hand over data collected on millions of Americans. Unfortunately for the privacy of those concerned, AT&Ts new policy may only be a sign of things to come.

“Instead of merely offering customers a trusted conduit for communication, carriers are coming to see subscribers as sources of data that can be mined for profit, a practice more common among providers of free online services like Google and Facebook,” the Wall Street Journal wrote about the matter in May.

SOURCE

Posted by Elvis on 07/07/13 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Sunday, June 30, 2013

Kiss HIPPA Goodbye

hippa.jpg

Obamacare Will Collect and Share Americans’ Data Without the Consent of the Individual

By J.D. Tuccille
Reason
June 25, 2013

If you were starting to fret that the National Security Agency was the only government body that cared enough to stalk you, fret not! It turns out that the concerned folks slapping together Obamacare exchanges plan to hoover up your personal information in something called a Data Services Hub in order to determine your privileges and exemptions under the new government health care regime. Even better, officials intend to SHARE YOUR DATA with federal and state agencies, private contractors and consultants, explicitly without asking for your leave to do so.

John Merline of Investors Business Daily REPORTS:

The Health and Human Services Department earlier this year exposed just how vast the government’s data collection efforts will be on millions of Americans as a result of ObamaCare.

Sen. Max Baucus, D-Mont., asked HHS to provide “a complete list of agencies that will interact with the Federal Data Services Hub.” The Hub is a central feature of ObamaCare, since it will be used by the new insurance exchanges to determine eligibility for benefits, exemptions from the federal mandate, and how much to grant in federal insurance subsidies.

In response, the HHS said the ObamaCare data hub will “interact” with seven other federal agencies: Social Security Administration, the IRS, the Department of Homeland Security, the Veterans Administration, Office of Personnel Management, the Department of Defense and believe it or not ח the Peace Corps. Plus the Hub will plug into state Medicaid databases.

And what sort of data will be “routed through” the Hub? Social Security numbers, income, family size, citizenship and immigration status, incarceration status, and enrollment status in other health plans, according to the HHS.

The Center for Consumer Information & Insurance Oversight at the Centers for Medicare & Medicaid Services PROVIDES SOME REASSURANCES for those concerned by such concentration of personal information.

For all marketplaces, CMS is also building a tool called the Data Services Hub to help with verifying applicant information used to determine eligibility for enrollment in qualified health plans and insurance affordability programs.  The hub will provide one connection to the common federal data sources (including but not limited to SSA, IRS, DHS) needed to verify consumer application information for income, citizenship, immigration status, access to minimum essential coverage, etc.  CMS has completed the technical design, and reference architecture for this work, is establishing a cross-agency security framework as well as the protocols for connectivity, and has begun testing the hub.  The hub will not store consumer information, but will securely transmit data between state and federal systems to verify consumer application information. Protecting the privacy of individuals remains the highest priority of CMS.

No stored consumer information? Privacy is the “highest priority”? Well, that’s all right, then. Except ... Damn it. Government agencies often say one thing publicly, and quite aother privately. Merline points out that the Centers for Medicare & Medicaid Services portrayed the Data Services Hub in a somewhat different light in an obscure regulatory notice FILED ON FEBRUARY 6, 2013:

In accordance with the requirements of the Privacy Act of 1974, CMS is establishing a new system of records titled, ``Health Insurance Exchanges (HIX) Program,’’ to support the CMS Health Insurance Exchanges Program established under provisions of the Affordable Care Act (PPACA) ... The system of records will contain personally identifiable information (PII) about certain individuals who apply or on whose behalf an application is filed for eligibility determinations for enrollment in a qualified health plan (QHP) through an Exchange, and for insurance affordability programs.

So, the database “will contain personally identifiable information” after all. And just how “highest priority” is the privacy of the stored data?

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM
A. Entities Who May Receive Disclosures Under Routine Use

These routine uses specify circumstances, in addition to those provided by statute in the Privacy Act of 1974, under which CMS may release information from the HIX without the consent of the individual to whom such information pertains. ...

Among the listed “entities who may receive disclosures under routine use” without your consent are federal agencies, state agencies, agency contractors, consultants, CMS grantees and non-profit entities operating exchanges for states.

Those are just the entities authorized to have access to your information, As we know, employees of government agencies from local police departments to the Internal Revenue Service have a history of MISUSING DATABASES FOR FUN AND PROFIT.

SOURCE

Posted by Elvis on 06/30/13 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Saturday, June 22, 2013

Looking For A Reason Not to Buy An Xbox?

xbox.jpg

New Xbox by NSA partner Microsoft will watch you 24/7

Daily Caller
June 7, 2013

Possible privacy violations by Microsoft’s upcoming Xbox One have come under new scrutiny since it was revealed Thursday that the tech giant was a crucial partner in an expansive Internet surveillance program conducted by the National Security Agency and involving Silicon Valley’s biggest players.
7, 2013

One of the consoles key features is the full integration of the Kinect, a motion sensing camera that allows users to play games, scroll through menus, and generally operate the Xbox just using hand gestures. Microsoft has touted the camera as the hallmark of a new era of interactivity in gaming.

What Microsoft has not promoted, however, is the fact that you WILL NOT BE ABLE TO POWER ON THE CONSOLE without first enabling the Kinect, designed to detect both heartbeats and eye movement. and positioning yourself in front of it.

Disturbingly, a RECENTLY PUBLISHED Microsoft patent reveals the Kinect has the capability to determine exactly when users are viewing ads broadcast by the Xbox through its eye movement tracking. Consistent ad viewers would be granted rewards, according to the patent.

Perhaps the feature most worrysome to privacy advocates is the REQUIREMENT THAT THE XBOX CONNECT TO THE INTERNET at least once every 24 hours. Many critics have asserted that Microsoft will follow the lead of other Silicon Valley companies and use their console to gather data about its users, particularly through the Kinect, and collect it through the online connection users can’t avoid.

Microsoft has promised that customers will be able to pause the cameras function, but have put off questions on the precise specifics of their privacy policies.

SOURCE

Posted by Elvis on 06/22/13 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Sunday, June 16, 2013

Kiss The Fourth Amendment Good Bye - Part 8

attnsa.jpg

NSA admits listening to U.S. phone calls without warrants
National Security Agency discloses in secret Capitol Hill briefing that thousands of analysts can listen to domestic phone calls. That authorization appears to extend to e-mail and text messages too.

By Declan McCullagh
CNET
June 15, 2013

The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.

Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.”

If the NSA wants “to listen to the phone,” an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. “I was rather startled,” said Nadler, an attorney and congressman who serves on the House Judiciary committee.

Not only does this disclosure shed more light on how the NSA’s FORMIDABLE EAVESDROPPING APPARATUS works domestically, it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls.

Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler’s disclosure indicates the NSA analysts could also access the CONTENTS OF INTERNET COMMUNICATIONS without going before a court and seeking approval.

The disclosure appears to confirm some of the allegations made by Edward Snowden, a former NSA infrastructure analyst who LEAKED CLASSIFIED DOCUMENTS to the Guardian. Snowden said in a video interview that, while not all NSA analysts had this ability, he could from Hawaii “wiretap anyone from you or your accountant to a federal judge to even the president.”

There are serious “constitutional problems” with this approach, said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated warrantless wiretapping cases. “It epitomizes the problem of secret laws.”

Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls—in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established “listening posts” that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, “whether they originate within the country or overseas.” That includes not just metadata, but also the contents of the communications.

William Binney, a former NSA technical director who helped to modernize the agency’s worldwide eavesdropping network, told the Daily Caller this week that the NSA records the phone calls of 500,000 to 1 million people who are on its so-called target list, and perhaps even more. “They look through these phone numbers and they target those and that’s what they record,” Binney said.

Brewster Kahle, a computer engineer who founded the Internet Archive, has vast experience storing large amounts of data. He created a spreadsheet this week estimating that the cost to store all domestic phone calls a year in cloud storage for data-mining purposes would be about $27 million per year, not counting the cost of extra security for a top-secret program and security clearances for the people involved.

NSA’s annual budget is classified but is estimated to be around $10 billion.

Documents that came to light in an EFF lawsuit provide some insight into how the spy agency vacuums up data from telecommunications companies. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he witnessed domestic voice and Internet traffic being surreptitiously “diverted” through a “splitter cabinet” to secure room 641A in one of the company’s San Francisco facilities. The room was accessible only to NSA-cleared technicians.

AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to a law that Congress enacted in 2008 and renewed in 2012. It’s a series of amendments to the Foreign Intelligence Surveillance Act, also known as the FISA Amendments Act.

That law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.

A requirement of the 2008 law is that the NSA “may not intentionally target any person known at the time of acquisition to be located in the United States.” A possible interpretation of that language, some legal experts said, is that the agency may vacuum up everything it can domestically—on the theory that indiscriminate data acquisition was not intended to “target” a specific American citizen.

Rep. Nadler’s disclosure that NSA analysts can listen to calls without court orders came during a House Judiciary hearing on Thursday that included FBI director Robert Mueller as a witness.

Mueller initially sought to downplay concerns about NSA surveillance by claiming that, to listen to a phone call, the government would need to seek “a special, a particularized order from the FISA court directed at that particular phone of that particular individual.”

Is information about that procedure “classified in any way?” Nadler asked.

“I don’t think so,” Mueller replied.

“Then I can say the following,” Nadler said. “We heard precisely the opposite at the briefing the other day. We heard precisely that you could get the specific information from that telephone simply based on an analyst deciding that...In other words, what you just said is incorrect. So there’s a conflict.”

Sen. Dianne Feinstein (D-Calif.), the head of the Senate Intelligence committee, separately acknowledged this week that the agency’s analysts have the ability to access the “content of a call.”

Director of National Intelligence Michael McConnell indicated during a House Intelligence hearing in 2007 that the NSA’s surveillance process involves “billions” of bulk communications being intercepted, analyzed, and incorporated into a database.

They can be accessed by an analyst who’s part of the NSA’s “workforce of thousands of people” who are “trained” annually in minimization procedures, he said. (McConnell, who had previously worked as the director of the NSA, is now vice chairman at Booz Allen Hamilton, Snowden’s former employer.)

If it were “a U.S. person inside the United States, now that would stimulate the system to get a warrant,” McConnell told the committee. “And that is how the process would work. Now, if you have foreign intelligence data, you publish it [inside the federal government]. Because it has foreign intelligence value.”

McConnell said during a separate congressional appearance around the same time that he believed the president had the constitutional authority, no matter what the law actually says, to order domestic spying without warrants.

Former FBI counterterrorism agent Tim Clemente told CNN last month that, in national security investigations, the bureau can access records of a previously made telephone call. “All of that stuff is being captured as we speak whether we know it or like it or not,” he said. Clemente added in an appearance the next day that, thanks to the “intelligence community”—an apparent reference to the NSA—“there’s a way to look at digital communications in the past.”

NSA Director Keith Alexander said this week that his agency’s analysts abide by the law: “They do this lawfully. They take compliance oversight, protecting civil liberties and privacy and the security of this nation to their heart every day.”

But that’s not always the case. A New York Times article in 2009 revealed the NSA engaged in significant and systemic “overcollection” of Americans’ domestic communications that alarmed intelligence officials. The Justice Department said in a statement at the time that it “took comprehensive steps to correct the situation and bring the program into compliance” with the law.

Jameel Jaffer, director of the ACLU’s Center for Democracy, says he was surprised to see the 2008 FISA Amendments Act be used to vacuum up information on American citizens. “Everyone who voted for the statute thought it was about international communications,” he said.

The NSA yesterday declined to comment to CNET. A representative said Nadler was not immediately available. (This is unrelated to last week’s disclosure that the NSA is currently collecting records of the metadata of all domestic Verizon calls, but not the actual contents of the conversations.)

SOURCE

Posted by Elvis on 06/16/13 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Saturday, June 08, 2013

Still Looking For Reasons To Keep Away From Windows? Part 20

badvista2.gif

How NSA access was built into Windows

By Duncan Campbell
Heise Security
April 4, 1999

A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, LOTUS, had built an NSA “help information” trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software “driver” used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.

ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.

Dr Nicko van Someren reported at last year’s Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.

A second key

Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft’s developers had failed to remove or “strip” the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called “KEY”. The other was called “NSAKEY”.

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to “Advances in Cryptology, Crypto’99” conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the “NSA” key was built into their software. But they refused to talk about what the key did, or why it had been put there without users’ knowledge.

A third key?!

But according to two witnesses attending the conference, even Microsoft’s top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was “stunned” to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the “entropy” of programming code.

Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.

Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone’s and everyone’s Windows computer to intelligence gathering techniques deployed by NSA’s burgeoning corps of “information warriors”.

According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system “is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system”. The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.

“For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying”, he added. “The US government is currently making it as difficult as possible for “strong” crypto to be used outside of the US. That they have also installed a cryptographic back-door in the world’s most abundant operating system should send a strong message to foreign IT managers”.

“How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a ‘back door’ for NSA - making it orders of magnitude easier for the US government to access your computer?” he asked.

Can the loophole be turned round against the snoopers?

Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. “It looks more fishy”, he said.

Fernandez believes that NSA’s built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration “how to do it” program that replaces the NSA key can be FOUND on Cryptonym’s WEBSITE.

According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs THAT HANDLES ENCRYPTED INSTRUCTION SETS. These would make the type of discoveries made this month impossible. “Had the next-generation CPU’s with encrypted instruction sets already been deployed, we would have never found out about NSAKEY.”

SOURCE

Posted by Elvis on 06/08/13 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 3 of 68 pages « First  <  1 2 3 4 5 >  Last »

Statistics

Total page hits 8242089
Page rendered in 1.3342 seconds
41 queries executed
Debug mode is off
Total Entries: 3105
Total Comments: 337
Most Recent Entry: 04/23/2018 10:03 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 12
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

It is not our purpose to become each other; it is to recognize each other, to learn to see the other and honor him for what he is. - Hermann Hesse

Search


Advanced Search

Sections

Calendar

April 2018
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Must Read

Most recent entries

RSS Feeds

Today's News

External Links

Elvis Picks

BLS Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights