The Easy Days Are Over – By William Saletan NOV. 14 2015 8:06 PM


After Paris, this period of relative peace and easy libertarianism is coming to an end.

497113864-couple-embrace-near-the-cosa-nostra-restaurant-on.jpg.CROP.promo-xlarge2

If you’re an 18-year-old American, you were 3 or 4 when al-Qaida hit the United States on Sept. 11, 2001. You haven’t seen a major terrorist strike in your country since then. Maybe you heard about the attacks in Madrid in 2004, London in 2005, or Mumbai in 2008. But aside from the occasional lone-wolf incident—Fort Hood, Texas, in 2009, or the Boston Marathon bombing of 2013—you’ve been lucky.

You’ve grown up in an era of peace at home: no world wars, no cold war, and little fear of being blown up or gunned down by militants. It’s an era of libertarianism: We’re less afraid of bad guys coming to kill us, so we don’t see why Uncle Sam should track our phone calls. It’s also an era of isolationism, because our troops have fought two wars overseas, in Afghanistan and Iraq, and they haven’t turned out well. We’re sick of those wars, and we feel pretty safe at home. So we don’t want to go fight again.

The libertarianism and isolationism of our time crosses party lines. It affects President Obama, who came into office promising to bring our troops home. But it also affects Republicans. Sen. Lindsey Graham, the Republican presidential candidate who has campaigned on a platform of sending troops to fight ISIS, couldn’t even garner enough support in the polls to get into his party’s undercard debate last week. And if you study surveys on national security and domestic surveillance, you’ll find that Republicans are, by some measures, more hostile to surveillance than Democrats are.

Article continues:

Facebook says governments demanding more and more user data – – Reuters in San Francisco and Bangalore Wednesday 11 November 2015 23.01 EST


US authorities made the most requests for users’ information, while India and Turkey had the most takedowns for content that violated local laws

Facebook said US law enforcement agencies made the most requests for information about users.

Facebook said US law enforcement agencies made the most requests for information about users. — Photograph: Alamy

Facebook has said government requests for data and demands for content to be taken down surged in the first half of 2015, which the social network has seen continually increase since it began publicly releasing such data two years ago.

Government requests for account data globally jumped 18% in the first half of 2015 to 41,214 accounts, up from 35,051 requests in the second half of 2014, Facebook said in a blogpost.

The amount of content restricted for violating local law more than doubled compared with the same period in the second half of 2014 to 20,568 pieces of content, it said.

Most government requests related to criminal cases, such as robberies or kidnappings, Facebook said. The government often requested basic subscriber information, IP addresses or account content, including people’s posts online.

The bulk of government requests came from US law enforcement agencies. US agencies requested data from 26,579 accounts – comprising more than 60% of requests globally – up from 21,731 accounts in the second half of 2014.

France, Germany and Britain also made up a large percentage of the requests and had far more content restricted in 2015. Some of the content taken down in Germany, for example, may relate to Holocaust denial, Facebook said.

India and Turkey were responsible for most of the content taken down for violating local laws. India had 15,155 pieces of content restricted – nearly triple the amount in the second half of 2014 – while Turkey had 4,496 items, up from 3,624.

The technology industry has pushed for greater transparency on government data requests, seeking to shake off concerns about their involvement in vast, surreptitious surveillance programs revealed by the former spy agency contractor Edward Snowden.

“Facebook does not provide any government with ‘back doors’ or direct access to people’s data,” Facebook wrote.

Facebook, Microsoft, Yahoo and Google began in 2014 publishing details about the number of government requests for data they receive.

http://www.theguardian.com/world/2015/nov/12/facebook-says-governments-seek-more-and-more-user-data-and-takedowns

Security News This Week: 9 Out of 10 Websites Leak Your Data to Third Parties – YAEL GRAUER. : 11.07.15. . 7:00 AM


This week, hackers won a million dollar bounty for discovering a long-sought iOS zero-day. Federal lawmakers introduced the Stingray Privacy Act, a new bill that would require state and local lawmakers to get a warrant before using the invasive surveillance devices. The world got its first look at the full text of the Trans-Pacific Partnership trade pact. We found out the UK’s TalkTalk telecom hack may not be as bad as it looked. Android users can finally use Open Whisper Systems’ RedPhone app and TextSecure messaging app in one app, called Signal. And Crackas With Attitude, the teens who hacked CIA Director John Brennan, are back with a new hack.

But that’s not all. Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there!

Turns Out 90 Percent of the Internet’s Top Sites Leak Your Data to Third Parties

It’s no secret that websites typically send user data to third parties (typically without their knowledge or consent), but now new peer-reviewed research published by University of Pennsylvania privacy researcher and doctoral student Tim Libert shows that the scale of this is enormous—nine out of ten sites are leaking user data to an average of nine external domains. That means that a single site you visit will send your data to nine outside websites. Tim Libert cites Google as the worst culprit, but gives Twitter props for respecting browsers’ Do Not Track setting. He also points out that the NSA has leveraged commercial tracking tools in order to monitor users. For added privacy, using Tor is your best bet, Libert told Motherboard, so long as you don’t log into any accounts (Gmail, Facebook, etc.) while you’re on it.

The Pentagon Outsourced Its Coding to Russia (What Could Go Wrong?)

A four-year federal investigation revealed this week that the Pentagon has outsourced work writing software for sensitive US military communication systems to Russian programmers. Contractor John C. Kingsley discovered the Russian-contracted software had built-in holes that left the Pentagon’s communication system vulnerable to viruses. The two firms involved, Massachusetts-based NetCracker Technology Corporation and Virginia-based Computer Sciences Corporation (which had subcontracted the work), agreed to pay fines of $11.4 million and $1.35 million, respectively. Outsourcing work on classified systems to anyone who’s not a US citizen with approved security clearance violates federal regulations, as well as the company’s contract.

Article continues:

http://www.wired.com/2015/11/security-news-this-week-9-out-of-10-websites-leak-your-data-to-third-parties/

Security News This Week: Cops Accidentally Leaked Footage From License Plate Readers – YAEL GRAUER. : 10.31.15 7:00 AM


Getty Images

It’s been a busy week. The Senate voted 74-21 to pass CISA, the problematic surveillance bill that has privacy advocates and civil liberties groups up in arms. In better news, the EU Parliament voted to net neutrality rules filled with loopholesthat aren’t exactly neutral. The Library of Congress approved copyright law exemptions that would allow people to modify software on their cars—but the exemptions only last three years after they begin to take effect, which won’t be for another year. And Tor launched the beta version of Tor Messenger, which looks like the easiest-to-use encrypted, anonymous instant messaging app.

But that’s not all. Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there!

Cops Were Accidentally Leaking License Plate Surveillance Data Online

The fact that local governments collect data on every driver’s travel history is pretty disconcerting. That idea that this data is sometimes widely available to anyone with a web browser is even scarier. Earlier this year, EFF learned that information from more than 100 auto license plate reader cameras was available online, and sometimes the camera’s live video stream (and plate captures) could be viewed in real time. The digital rights group was able to trace five cameras to their sources, and found multiple issues such as poor or default passwords, or no passwords at all. Luckily, when notified by EFF, the agencies secured the systems, but tracking the sources of all cameras wasn’t possible. Other than securing surveillance technology before using it (what a concept!) it would behoove law enforcement agencies to limit their data storage to days, not years—and only for vehicles suspected to have been involved with a crime, the EFF concluded.

Article continues:

http://www.wired.com/2015/10/security-news-this-week-cops-accidentally-leaked-footage-from-license-plate-readers/

Everything you always wanted to know about Tor (Browser) but were afraid to ask


Why Anonymity Matters

Screen Shot 2015-10-30 at Oct 30, 2015 1.45


Overview

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor’s users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members’ online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company’s patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.

Article continues:

https://www.torproject.org/index.html.en

Tor Just Launched the Easiest App Yet for Anonymous, Encrypted IM – ANDY GREENBERG 10.29.15. 5:30 PM


GETTY IMAGES

The anonymity network Tor has long been the paranoid standard for privacy online, and the Tor Browser that runs on it remains the best way to use the web while revealing the least identifying data. Now the non-profit Tor Project has officially released another piece of software that could bring that same level of privacy to instant messaging: a seamless and simple app that both encrypts the content of IMs and also makes it very difficult for an eavesdropper to identify the person sending them.

On Thursday the Tor Project launched its first beta version of Tor Messenger, its long-in-the-works, open source instant messenger client. The app, perhaps more than any other desktop instant messaging program, is designed for both simplicity and privacy by default: It integrates the “Off-the-Record” (OTR) protocol to encrypt messages and routes them over Tor just as seamlessly as the Tor Browser does for web data. It’s also compatible with the same XMPP or “Jabber” chat protocol used by millions of Facebook and Google accounts, as well as desktop clients like Adium for Mac and Pidgin for Windows. The result is that anyone can download the software and in seconds start sending messages to their pre-existing contacts that are not only strongly encrypted, but tunneled through Tor’s maze of volunteer computers around the world to hide the sender’s IP address.

After some auditing, Tor Messenger is set to become a powerful and popular tool for instant, idiot-proof, and surveillance-resistant communication.

“With Tor Messenger, your chat is encrypted and anonymous…so it is hidden from snoops, whether they are the government of a foreign country or a company trying to sell you boots,” Tor public policy director Kate Krauss wrote to WIRED in a Tor Messenger conversation. She emphasized that despite those features, the program’s use of a pre-existing chat protocol means users won’t need to rebuild their network of contacts. “You can use your Jabber address and your old contacts–you aren’t reinventing the wheel–but wow, much safer.”

Article continues:

http://www.wired.com/2015/10/tor-just-launched-the-easiest-app-yet-for-anonymous-encrypted-im/

The Senate just passed a bill that could help the NSA spy on you – Updated by Timothy B. Lee on October 27, 2015, 6:00 p.m. ET


With a string of high-profile hacks affecting everyone from Sony Picturesto the insurance company Anthem, there’s broad agreement that more needs to be done to secure the internet. On Tuesday, the Senate passed legislation that supporters say will boost internet security by encouraging companies to share information about online threats with one another and with the government. The vote was 74 to 21.

The legislation, the Cybersecurity Information Sharing Act (CISA), is backed by Sen. Richard Burr (R-NC), chair of the Senate Intelligence Committee, and the committee’s top Democrat, Sen. Dianne Feinstein (D-CA). The House of Representatives has already passed companion legislation, and the bill has support from the Obama administration. The only remaining steps are for the House and Senate to reconcile the differences between their bills — and for President Obama to sign the compromise.

But there’s something strange about this supposed cybersecurity legislation. It doesn’t have much support among security experts in the private sector. And two leading technology industry trade groups — representing giants like Google, Apple, and Microsoft that are targeted by hackers more than anyone else on the internet — oppose it.

Indeed, support for the legislation seems to have come mostly from US intelligence agencies, which would gain access to even more information about Americans’ online activities. It’s not clear how much CISA would expand government surveillance of Americans’ online activities, but critics say the broad information-sharing language in the legislation creates a privacy menace that far outweighs any benefits from increased online security.

Article continues:

http://www.vox.com/2015/10/21/9587190/cisa-senate-privacy-nsa

Encrypted Smartphones Challenge Investigators By Cat Zakrzewski Oct. 12, 2015 7:36 p.m. ET


Law-enforcement officials are running up against a new hurdle in their investigations: the encrypted smartphone.

Some smartphones, such as the Nexus 6, are encrypted by default.

Some smartphones, such as the Nexus 6, are encrypted by default. Photo: JEWEL SAMAD/AFP/Getty Images

Officials say they have been unable to unlock the phones of two homicide victims in recent months, hindering their ability to learn whom those victims contacted in their final hours. Even more common, say prosecutors from New York, Boston and elsewhere, are locked phones owned by suspects, who refuse to turn over passcodes.

Manhattan District Attorney Cyrus Vancesays his office had 101 iPhones that it couldn’t access as of the end of August, the latest data available.

The disclosures are the latest twist in a continuing dispute between law-enforcement officials and Apple Inc. and Google Inc., after the two tech companies released software last year that encrypted more data on new smartphones. The clash highlights the challenge of balancing the privacy of phone users with law enforcement’s ability to solve crimes.

“Law enforcement is already feeling the effects of these changes,” Hillar Moore, the district attorney in Baton Rouge, La., wrote to the Senate Judiciary Committee in July. Mr. Moore is investigating a homicide where the victim’s phone is locked. He is one of 16 prosecutors to send letters to the committee calling for back doors into encrypted devices for law enforcement.

The comments are significant because, until now, the debate over encrypted smartphones has been carried by federal officials. But local police and prosecutors handle the overwhelming share of crimes in the U.S., and district attorneys say encryption gives bad guys an edge.

‘In the past this would have been easy for us. We would have an avenue for this information, we’d get a subpoena, obtain a record, further our investigation.’

—Evanston Police Commander Joseph Dugan

Encrypted phones belonging to victims further complicate the issue, because some families want investigators to have access to the phones.

“Even if people are not terribly sympathetic to law-enforcement arguments, this situation might cause them to think differently,” said Paul Ohm, a Georgetown University Law Center professor and former prosecutor.

 

Article continues:

http://www.wsj.com/articles/encrypted-smartphones-challenge-investigators-1444692995

California Now Has the Nation’s Best Digital Privacy Law – KIM ZETTER 10.08.15. 9:58 PM


California continued its long-standing tradition for forward-thinking privacy laws today when Governor Jerry Brown signed a sweeping law protecting digital privacy rights.

The landmark Electronic Communications Privacy Act bars any state law enforcement agency or other investigative entity from compelling a business to turn over any metadata or digital communications—including emails, texts, documents stored in the cloud—without a warrant. It also requires a warrant to track the location of electronic devices like mobile phones, or to search them.

The legislation, which easily passed the Legislature last month, is the most comprehensive in the country, says the ACLU.

“This is a landmark win for digital privacy and all Californians,” Nicole Ozer, technology and civil liberties policy director at the ACLU of California, said in a statment. “We hope this is a model for the rest of the nation in protecting our digital privacy rights.”

Five other states have warrant protection for content, and nine others have warrant protection for GPS location tracking. But California is the first to enact a comprehensive law protecting location data, content, metadata and device searches, Ozer told WIRED.

“This is really a comprehensive update for the modern digital age,” she said.

State senators Mark Leno (D-San Francisco) and Joel Anderson (R-Alpine) wrote the legislation earlier this year to give digital data the same kinds of protection that non-digital communications have.

“For what logical reason should a handwritten letter stored in a desk drawer enjoy more protection from warrantless government surveillance than an email sent to a colleague or a text message to a loved one?” Leno said earlier this year. “This is nonsensical and violates the right to liberty and privacy that every Californian expects under the constitution.”

The bill enjoyed widespread support among civil libertarians like the American Civil Liberties Union and the Electronic Frontier Foundation as well as tech companies like Apple, Google, Facebook, Dropbox, LinkedIn, and Twitter, which have headquarters in California. It also had huge bipartisan support among state lawmakers.

“For too long, California’s digital privacy laws have been stuck in the Dark Ages, leaving our personal emails, text messages, photos and smartphones increasingly vulnerable to warrantless searches,” Leno said in a statement today. “That ends today with the Governor’s signature of CalECPA, a carefully crafted law that protects personal information of all Californians. The bill also ensures that law enforcement officials have the tools they need to continue to fight crime in the digital age.”

The law applies only to California law enforcement entities; law enforcement agencies in other states would be compelled by the laws in their jurisdictions, which is why Ozer and others say it’s important to get similar comprehensive laws passed elsewhere.

The law places California not only at the forefront of protecting digital privacy among states, it outpaces even the federal government, where such efforts have stalled.

 

Article continues:

http://www.wired.com/2015/10/california-now-nations-best-digital-privacy-law/