Article 43

 

Broadband Privacy

Sunday, July 07, 2013

For Sale - Your Cell Phone Records

attnsa.jpg

AT&T has announced that it will begin SELLING customers smart phone data to the highest bidder, putting the telecommunications giant in line with Verizon, Facebook and other competitors that quietly use a consumer’s history for marketing purposes.

RT news
July 6, 2013

The company claims its new privacy policy, to be updated within “the next few weeks,” exists to deliver “mor erelevant advertising” to users based on which apps they use and their location, which is provided by GPS-tracking. Apparently recognizing the natural privacy concerns a customer might have, AT&T assured the public that all data would be aggregated and made anonymous to prevent individual identification.

A letter to customers, for instance, described how someone identified as a movie fan will be sent personalized ads for a nearby cinema.

“People who live in a particular geographic area might appear to be very interested in movies, thanks to collective information that shows wireless devices from that area are often located in the vicinity of movie theaters,” the letter states. “We might create a ‘movie’ characteristic for that area, and deliver movie ads to the people who live there.”

A June 28 blog post from AT&Ts chief privacy officer Bob Quinn said the new policy will focus on “Providing You Service and Improving Our Network and Services,” but the online reaction has been overwhelmingly negative, with many customers looking for a way to avoid the new conditions.

“You require that we allow you to store a persistent cookieof your choosing in our web browsers to ”OPT-OUT” one person wrote. “No mention of how other HTTP clients, such as email clients, can opt out. If you really did care about your customers, you would provide a way for us to opt out all traffic to/from our connection and mobile devices in one easy setting.:

One problem for any customer hoping for a new service is the lack of options, smartphone or otherwise. Facebook, Google, Twitter and Verizon each store consumer data for purposes that have not yet been made clear. And because of the profit potential that exists when a customer blindly trusts a company with their data, small Internet start-ups, including AirSage and many others, have developed a way to streamline information into dollars.

The nefarious aspect of AT&Ts announcement is underscored by the recent headlines around the National Security Agency, which has spent years has compelling wireless corporations to hand over data collected on millions of Americans. Unfortunately for the privacy of those concerned, AT&Ts new policy may only be a sign of things to come.

“Instead of merely offering customers a trusted conduit for communication, carriers are coming to see subscribers as sources of data that can be mined for profit, a practice more common among providers of free online services like Google and Facebook,” the Wall Street Journal wrote about the matter in May.

SOURCE

Posted by Elvis on 07/07/13 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Thursday, June 06, 2013

Warrentless Wiretapping - Verizon

spying.jpg

By Glenn Greenwald
The Guardian
June 5, 2013

NSA collecting phone records of millions of Verizon customers daily
Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret COURT order issued in April.

The order, a copy of which has been obtained by the Guardian, REQUIRES VERIZON on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The documentshows for the first time that under the Obama administration the communication records of millions of US citizens are being collected INDISCRIMINATELY and IN BULK - regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (FISA) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government’s domestic spying powers.

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a MASSIVE SCALE under President Obama.

The unlimited nature of the records being handed over to the NSA is extremely unusual. FISA court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.

The court order expressly bars Verizon from disclosing to the public either the existence of the FBI’s request for its customers’ records, or the court order itself.

“We decline comment,” said Ed McFadden, a Washington-based Verizon spokesman.

The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of “all call detail records or ‘telephony metadata’ created by Verizon for communications between the United States and abroad” or “wholly within the United States, including local telephone calls”.

The order directs Verizon to “continue production on an ongoing daily basis thereafter for the duration of this order”. It specifies that the records to be produced include “session identifying information”, such as “originating and terminating number”, the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and “comprehensive communication routing information”.

The information is classed as “metadata”, or transactional information, rather than communications, and so does not require individual warrants to access. The documentalso specifies that such “metadata” is NOT LIMITED to the aforementioned items. A 2005 court ruling judged that cell site location data - the nearest cell tower a phone was connected to - was also transactional data, and so could potentially fall under the scope of the order.

While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.

It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked documentwhether the three-month order was a one-off, or the latest in a series of similar orders.

The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration’s surveillance activities.

For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on “secret legal interpretations” to claim surveillance powers so broad that the American public would be “stunned” to learn of the kind of domestic spying being conducted.

Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized.

Julian Sanchez, a surveillance expert with the Cato Institute, explained: “We’ve certainly seen the government increasingly strain the bounds of ‘relevance’ to collect large numbers of records at once ֗ everyone at one or two degrees of separation from a target but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion.” The April order requested by the FBI and NSA does precisely that.

The law on which the order explicitly relies is the so-called “business records” provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration’s extreme interpretation of the law to engage in excessive domestic surveillance.

In a letter to attorney general Eric Holder last year, they argued that “there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows.”

“We believe,” they wrote, “that most Americans would be stunned to learn the details of how these secret court opinions have interpreted” the “business records” provision of the Patriot Act.

Privacy advocates have long warned that allowing the government to collect and store unlimited “metadata” is a highly invasive form of surveillance of citizens’ communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.

Such metadata is what the US government has long attempted to obtain in order to discover an individual’s network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and EMAIL records. A furore erupted in 2006 when USA Today reported that the NSA had “been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth” and was “using the data to analyze calling patterns in an effort to detect terrorist activity.” Until now, there has been no indication that the Obama administration implemented a similar program.

These recent events reflect how profoundly the NSA’s mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency’s focus on domestic activities.

In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.

At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: “The NSA’s capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter.”

Additional reporting by Ewen MacAskill and Spencer Ackerman

SOURCE

Posted by Elvis on 06/06/13 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Sunday, March 24, 2013

Bitcoin Privacy

spying.jpg

Bitcoin Privacy Extension to Have Backdoor for Government Snooping?

By Eric Blair
Activist Post
March 24, 2013

Bankers are desperate to force governments into regulating decentralized virtual currencies like Bitcoin. With good reason.

As currency wars rage with a rush to devaluation while banker bureaucrats openly ROB DEPOSITORS IN CYPRUS and as FINANCIAL PRIVACY DISAPPEARS, Bitcoin has become a SAFE HAVEN CURRENCY to a growing number of people. Bankers and governments can’t control it or tax it, but now they’re attempting to do fix that.

Andrew Leonard of Salon WRITES:

The more popular Bitcoin gets, whether as a symbol of resistance or a perceived safe haven in financially troubled times, the more government attention it will inevitably draw, and the more inexorably it will be sucked into existing regulatory structures. Incomes denominated in Bitcoins will be taxed. Efforts at money laundering will be cracked down upon. Its the price of success. Resistance is futile.

Last week, the Financial Crimes Enforcement Network (FinCEN) revealed their INITIAL GUIDELINES TO REGULATE VIRTUAL CURRENCIES. Although it said that users of virtual currencies are not subject to FinCEN regulations, exchanges for that currency are:

A user of virtual currency is not an MSB under FinCEN’s regulations and therefore is not subject to MSB registration, reporting, and recordkeeping regulations. However, an administrator or exchanger is an MSB under FinCEN’s regulations, specifically, a money transmitter, unless a limitation to or exemption from the definition applies to the person. An administrator or exchanger is not a provider or seller of prepaid access, or a dealer in foreign exchange, under FinCEN’s regulations.

Additionally, the CIA’s venture capital firm IN-Q-TEL has taken a great interest in Bitcoin and has called some of its DEVELOPERS TO GIVE A PRESENTATION about Bitcoin this June, which is troublesome for the prospect of freedom and privacy.

But resistance is not futile as Andrew Leonard would like his readers to believe. Other developers are working on Bitcoin extensions to add further privacy for users. Bitcoin transactions are already fairly anonymous even though they can be viewed on a public open-source record.

Privacy lacks for Bitcoin users, not in the transaction, but in where the coins are stored. Specific encrypted coins can be traced through a transaction to a certain wallet whose owner is may or may not be anonymous. Even if the wallet is anonymous, everyone knows where their specific coins have been which could potentially expose the wallet owner’s activity and identity.

A new Bitcoin privacy extension, Zerocoin, is seeking to solve this privacy concern. Zerocoin, being developed by Johns Hopkins University, will basically pool Bitcoins in escrow and scramble them between buyers and sellers to hide the origin and destination of specific coins.

New Scientist REPORTS:

Called Zerocoin, it’s a cryptographic add-on to Bitcoin that allows for transactions which cannot be linked together. The key is that it does this without introducing any new centralised elements into the network or using laundering, whereby coins are spent through intermediaries to hide the root purchaser’s wallet address.

Zerocoin works by allowing Bitcoin users to leave their coins floating on the network for someone else to redeem, on the condition that they can redeem the same amount of Bitcoin, similarly left floating on the network, at an arbitrary time in the future.

Jon Matonis of the American Banker INTERVIEWED Johns Hopkins research professor Matthew Green, who said:

“Zerocoin creates an ‘escrow pool’ of bitcoins, which users can contribute to and then later redeem from,” Green explained. Users receive different coins than they put in (though the same amount) and there is no entity that can trace your transactions or steal your money. “Unlike previous e-cash schemes, this whole process requires no trusted party. As long as all the nodes in the network support the Zerocoin protocol, the system works in a fully distributed fashion,” added Green.

Green is due to present his paper Zerocoin: Anonymous Distributed E-Cash from Bitcoin at the IEEE SYMPOSIUM ON SECURITY AND PRIVACY this May.

It sounds like an amazing innovation for a CURRENCY THAT IS FAR SUPERIOR IN MANY WAYS to establishment currencies and banking. However, Green adds one disturbing statement with huge implications for the legitimacy of Zerocoin.

Green told the New Scientist, “Zerocoin would give you this incredible privacy guarantee, then we could add on some features which let the police, for instance, to be able to track money laundering. A back door.”

Apparently Green has received a lot of grief for attempting to provide an anonymous privacy protocol that would allow back-door snooping, and he has since backed off his previous statement even if it still appears in his paper.

“The back door isn’t part of Zerocoin. There’s absolutely no need for it, and building one in would take significant additional effort. In fact, we only mentioned it as a brief note in the conclusion of our paper, mostly to motivate future research work,” Green told the American Banker.

So Green included the idea of a backdoor to “motivate future research work”?  In other words, he seems to be seeking public funding to continue creating this backdoor. Obviously, the “authorities” would be the only ones interested in this pursuit which answers the question about who he is trying to motivate. The bigger question is who funded this work?

In an attempt to put the issue to rest, Green claimed that a backdoor was impossible, anyway; “If someone did try to build a back door for any reason, the open source Zerocoin would quickly become Zero-adoption.”

In any respect, creating a random escrow pool for Bitcoin transactions is a brilliant concept and an innovation that can be used alongside other open-source programs like COIN CONTROL which allows users to choose what wallet they want individual transactions to go to.

Yet as Bitcoin developers are hard at work finding ways to make it even more anonymous, will they be successful in preventing backdoors for government access, thwarting FinCEN regulations, and involvement by the CIA?

SOURCE

Posted by Elvis on 03/24/13 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Amazon And The CIA

amazon-honor.jpg

Our Privacy.... It’s Disappeared into the “Clouds”

By Perrie Halpern
The News Talkers
March 20, 2013

Quiz: What does the CIA and Amazon have in common?

A. Too much power

B. Invasion into our privacy

C. A big investment in the computer business

D. All of the above

The old saying goes that every cloud has a silver lining. Of course in real life, we know that some clouds are dark an ominous. In our tech world, some clouds can’t even be seen. Usually, it’s the things that we can’t see that should be feared the most.

Today in New York City, the CIA’s technology officer, Ira “Gus” Hunt outlined the agency’s new concept for the CIA’s view of information gathering.

“The value of any piece of information is only known when you can CONNECT IT WITH SOMETHING ELSE that arrives at a future point in time,” Hunt said. “Since you can’t connect dots you don’t have, it drives us into a mode of, we fundamentally try to collect everything and hang onto it forever.”

Everything is a lot and everything is a very long time. There must be a plan! And so there is! But unlike any spy novel, there is no secret agency involved. No spooks, spooks, no MI6. Instead, the CIA has enlisted the help of an unlikely ally, AMAZON. In it’s quest for “big data”.. which is so big that the CIA has a dedicated job recruitment site page on its website pitching big data jobs to prospective employees.

These comments come two days after Federal Computer Week reported, that the CIA is joining with Amazon in a 10 year, $600 million cloud service with storage and analysis capabilities on a massive scale. In a slide during Hunt’s presentation, his pronouncement was made, “It is nearly within our grasp to compute on all human generated information.” He continued:

“You’re already a walking sensor platform,” he said, nothing that mobiles, smartphones and iPads come with cameras, accelerometers, light detectors and geolocation capabilities.

“You are aware of the fact that somebody can know where you are at all times, because you carry a mobile device, even if that mobile device is turned off,” he said. “You know this, I hope? Yes? Well, you should.”

As for privacy and law, all Hunt had to say was, “Technology in this world is moving faster than government or law can keep up,” he said. “It’s moving faster I would argue than you can keep up: You should be asking the question of what are your rights and who owns your data.

Yes, ominous clouds are forming. Clouds that store your personal information....that you will be actually helping grow with each and every purchase of a KINDLE Fire, and maybe IPHONE or a Nexus 7.

BTW, the answer to the question is D. 

SOURCE

Posted by Elvis on 03/24/13 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Sunday, March 17, 2013

Sad State Of Firewalls

electric-grid.jpg

Security appliances are riddled with serious vulnerabilities, researcher says
Companies should not assume that security products are implicitly secure, the researcher said

By Lucian Constantin
IDG News Service
March 14, 2013

The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, according to a security researcher who analyzed products from multiple vendors.

Most security appliances are POORLY MAINTAINED Linux systems with insecure Web applications installed on them, according to Ben Williams, a penetration tester at NCC Group, who presented his findings Thursday at the Black Hat Europe 2013 security conference in Amsterdam. His talk was entitled, “Ironic Exploitation of Security Products.”

Williams investigated products from some of the leading security vendors, including Symantec, Sophos, Trend Micro, Cisco, Barracuda, McAfee and Citrix. Some were analyzed as part of penetration tests, some as part of product evaluations for customers, and others in his spare time.

More than 80 percent of the tested products had serious vulnerabilities that were relatively easy to find, at least for an experienced researcher, Williams said. Many of these vulnerabilities were in the Web-based user interfaces of the products, he said.

The interfaces of almost all tested security appliances had no protection against BRUTE-FORCE password cracking and had cross-site SCRIPTING FLAWS that allowed session hijacking. Most of them also exposed information about the product model and version to unauthenticated users, which would have made it easier for attackers to discover appliances that are known to be vulnerable.

Another common type of vulnerability found in such interfaces was cross-site request forgery. Such flaws allow attackers to access administration functions by tricking authenticated administrators into visiting malicious websites. Many interfaces also had vulnerabilities that allowed command injection and privilege escalation.

Flaws that Williams found less frequently included direct-authentication bypasses, out-of-band cross-site scripting, on-site request forgery, denial of service and SSH misconfiguration. There were a lot of other, more obscure issues as well, he said.

During his presentation, Williams presented several examples of flaws he found last year in appliances from Sophos, Symantec and Trend Micro that could be used to gain full control over the products. A WHITE PAPER with more details about his findings and recommendations for vendors and users was published on the NCC Group WEBSITE.

Often at trade shows, vendors claim that their products run on “hardened” Linux, according to Williams. “I disagree,” he said.

Most tested appliances were actually poorly maintained Linux systems with outdated kernel versions, old and unnecessary packages installed, and other poor configurations, Williams said. Their file systems were not “hardened” either, as there was no integrity checking, no SELinux or AppArmour kernel security features, and it was rare to find non-writeable or non-executable file systems.

A BIG PROBLEM is that companies often believe that because these appliances are security products created by security vendors, they are inherently secure, which is definitely a mistake, Williams said.

For example, an attacker who gains root access on an email security appliance can do more than the actual administrator can, he said. The administrator works through the interface and can only read emails flagged as spam, but with a root shell an attacker can capture all the email traffic passing through the appliance, he said. Once compromised, security appliances can also serve as a base for network scans and attacks against other vulnerable systems on the network.

The way in which appliances can be attacked depends on how they are deployed inside the network. In more than 50 percent of the tested products, the Web interface ran on the external network interface, Williams said.

However, even if the interface is not directly accessible from the Internet, many of the identified flaws allow for REFLECTIVE ATTACKS, where the attacker tricks the administrator or a user on the local network to visit a malicious page or to click on a specifically crafted link that launches an attack against the appliance through their browser.

In the case of some email gateways, the attacker can craft and send an email with exploit code for a cross-site scripting vulnerability in the subject line. If the email is blocked as spam and the administrator inspects it in the appliance interface, the code will execute automatically.

The fact that such vulnerabilities exist in security products is ironic, Williams said. However, the situation with non-security products is probably worse, he said.

It’s unlikely that such vulnerabilities will be exploited in mass attacks, but they could be used in targeted attacks against specific companies that use the vulnerable products, for example by state-sponsored attackers with industrial espionage goals, the researcher said.

“There have been some voices that said Chinese networking vendor HUAWEI might be installing HIDDEN BACKDOORS in its PRODUCTS at the request of the Chinese government,” Williams said. “However, with vulnerabilities like these already existing in most products, a government probably WOULDN’T EVEN NEED TO add more,” he said.

In order to protect themselves, companies should not expose the Web interfaces or the SSH service running on these products to the Internet, the researcher said. Access to the interface should also be restricted to the internal network because of the reflective nature of some of the attacks.

Administrators should use one browser for general browsing and a different one for managing the appliances via the Web interface, he said. They should use a browser such as Firefox with the NoScriptsecurity extension installed, he said.

Williams said he reported the vulnerabilities he discovered to the affected vendors. Their responses varied, but in general the big vendors did the best job of handling the reports, fixing the flaws and sharing the information with their customers, he said.

SOURCE

Posted by Elvis on 03/17/13 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 3 of 25 pages « First  <  1 2 3 4 5 >  Last »

Statistics

Total page hits 8602085
Page rendered in 1.6227 seconds
41 queries executed
Debug mode is off
Total Entries: 3117
Total Comments: 337
Most Recent Entry: 08/14/2018 03:34 pm
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 9
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

If you want to grow your own dope, plant a politician. - Anonymous

Search


Advanced Search

Sections

Calendar

August 2018
S M T W T F S
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Must Read

Most recent entries

RSS Feeds

Today's News

External Links

Elvis Picks

BLS Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights