Businesses

Good: Companies Care About Data Privacy Bad: No Idea How To Protect It 75

Posted by samzenpus
from the we've-tried-everything-that-doesn't-cost-us-money dept.
Esther Schindler writes: Research performed by Dimensional Research demonstrated something most of us know: Just about every business cares about data privacy, and intends to do something to protect sensitive information. But when you cross-tabulate the results to look more closely at what organizations are actually doing to ensure that private data stays private, the results are sadly predictable: While smaller companies care about data privacy just as much as big ones do, they're ill-equipped to respond. What's different is not the perceived urgency of data privacy and other privacy/security matters. It's what companies are prepared (and funded) to do about it. For instance: "When it comes to training employees on data privacy, 82% of the largest organizations do tell the people who work for them the right way to handle personally identifiable data and other sensitive information. Similarly, 71% of the businesses with 1,000-5,000 employees offer such training. However, even though smaller companies are equally concerned about the subject, that concern does not trickle down to the employees quite so effectively. Half of the midsize businesses offer no such training; just 39% of organizations with under 100 employees regularly train employees on data privacy."
Communications

New Privacy Concerns About US Program That Can Track Snail Mail 64

Posted by timothy
from the ask-not-what-your-country-can-do-to-you dept.
Lashdots writes: A lawyers' group has called for greater oversight of a government program that gives state and federal law enforcement officials access to metadata from private communications for criminal investigations and national security purposes. But it's not digital: this warrantless surveillance is conducted on regular mail. "The mail cover has been in use, in some form, since the 1800s," Chief Postal Inspector Guy J. Cottrell told Congress in November. The program targets a range of criminal activity including fraud, pornography, and terrorism, but, he said, "today, the most common use of this tool is related to investigations to rid the mail of illegal drugs and illegal drug proceeds." Recent revelations that the U.S. Postal Service photographs the front and back of all mail sent through the U.S., ostensibly for sorting purposes, has, Fast Company reports, brought new scrutiny—and new legal responses—to this obscure program.
United States

Except For Millennials, Most Americans Dislike Snowden 675

Posted by samzenpus
from the no-sir-I-don't-like-him dept.
HughPickens.com writes: Newsmax reports that according to KRC Research, about 64 percent of Americans familiar with Snowden hold a negative opinion of him. However 56 percent of Americans between the ages of 18 and 34 have a positive opinion of Snowden which contrasts sharply with older age cohorts. Among those aged 35-44, some 34 percent have positive attitudes toward him. For the 45-54 age cohort, the figure is 28 percent, and it drops to 26 percent among Americans over age 55, U.S. News reported. Americans overall say by plurality that Snowden has done "more to hurt" U.S. national security (43 percent) than help it (20 percent). A similar breakdown was seen with views on whether Snowden helped or hurt efforts to combat terrorism, though the numbers flip on whether his actions will lead to greater privacy protections. "The broad support for Edward Snowden among Millennials around the world should be a message to democratic countries that change is coming," says Anthony D. Romero, executive director of the American Civil Liberties Union. "They are a generation of digital natives who don't want government agencies tracking them online or collecting data about their phone calls." Opinions of millennials are particularly significant in light of January 2015 findings by the U.S. Census Bureau that they are projected to surpass the baby-boom generation as the United States' largest living generation this year.
United States

McConnell Introduces Bill To Extend NSA Surveillance 201

Posted by samzenpus
from the lets-see-what-you're-doing dept.
jriding sends word that the majority leader of the U.S. Senate has introduced a bill that would extend the surveillance provisions of the Patriot Act until 2020: Senate Majority Leader Mitch McConnell introduced a bill Tuesday night to extend through 2020 a controversial surveillance authority under the Patriot Act. The move comes as a bipartisan group of lawmakers in both chambers is preparing legislation to scale back the government's spying powers under Section 215 of the Patriot Act. It puts McConnell (R-Ky.) and Senate Intelligence Committee Chairman Richard Burr (R-N.C.), the bill’s co-sponsor, squarely on the side of advocates of the National Security Agency’s continued ability to collect millions of Americans’ phone records each day in the hunt for clues of terrorist activity.
Advertising

German Court Rules Adblock Plus Is Legal 278

Posted by Soulskill
from the non-crazy-software-judgments dept.
An anonymous reader writes: Following a four-month trial, a German court in Hamburg has ruled that the practice of blocking advertising is perfectly legitimate. Germany-based Eyeo, the company that owns Adblock Plus, has won a case against German publishers Zeit Online and Handelsblatt. These companies operate Zeit.de, Handelsblatt.com, and Wiwo.de. Their lawsuit, filed on December 3, charged that Adblock Plus should not be allowed to block ads on their websites. While the decision is undoubtedly a big win for users today, it could also set a precedent for future lawsuits against Adblock Plus and any other tool that offers similar functions. The German court has essentially declared that users are legally allowed to control what happens on their screens and on their computers while they browse the Web.
Privacy

UK Police Chief: Some Tech Companies Are 'Friendly To Terrorists' 228

Posted by Soulskill
from the arguments-that-are-getting-old dept.
An anonymous reader points out comments from Mark Rowley, the UK's national police lead for counter-terrorism, who thinks tech companies aren't doing enough to prevent terrorists from using their services. He said, "[The acceleration of technology] can be set up in a way which is friendly to terrorists and helps them ... and creates challenges for law enforcement and intelligence agencies. Or it can be set up in a way which doesn't do that." Rowley wouldn't name which companies in particular he's talking about, but he added, "Snowden has created an environment where some technology companies are less comfortable working with law reinforcement and intelligence agencies and the bad guys are better informed. We all love the benefit of the internet and all the rest of it, but we need their support in making sure that they're doing everything possible to stop their technology being exploited by terrorists. I'm saying that needs to be front and center of their thinking and for some it is and some it isn't."
Privacy

Baltimore Police Used Stingrays For Phone Tracking Over 25,000 Times 81

Posted by Soulskill
from the i-don't-remember-that-episode-of-The-Wire dept.
An anonymous reader writes The Baltimore Police Department is starting to come clean about its use of cell-phone signal interceptors — commonly known as Stingrays — and the numbers are alarming. According to recent court testimony reported by The Baltimore Sun, the city's police have used Stingray devices with a court order more than 25,000 times. It's a massive number, representing an average of nearly nine uses a day for eight years (the BPD acquired the technology in 2007), and it doesn't include any emergency uses of the device, which would have proceeded without a court order.
Privacy

The Upsides of a Surveillance Society 254

Posted by timothy
from the you-mean-it's-not-all-upside? dept.
theodp writes Citing the comeuppance of ESPN reporter Britt McHenry, who was suspended from her job after her filmed ad-hominem attack on a person McHenry deemed to be beneath her in terms of appearance, education, wealth, class, status went viral, The Atlantic's Megan Garber writes that one silver lining of the omnipresence of cameras it that the possibility of exposure can also encourage us to be a little kinder to each other. "Terrible behavior," Garber writes, "whether cruel or violent or something in between, has a greater possibility than it ever has before of being exposed. Just as Uber tracks ratings for both its drivers and its users, and just as Yelp can be a source of shaming for businesses and customers alike, technology at large has afforded a reciprocity between people who, in a previous era, would have occupied different places on the spectrum of power. Which can, again, be a bad thing — but which can also, in McHenry's case, be an extremely beneficial one. It's good that her behavior has been exposed. It's good that her story going viral might discourage similar behavior from other people. It's good that she has publicly promised 'to learn from this mistake.'"
Businesses

Twitter Moves Non-US Accounts To Ireland, and Away From the NSA 153

Posted by timothy
from the be-right-over-here-guys dept.
Mark Wilson writes Twitter has updated its privacy policy, creating a two-lane service that treats U.S. and non-U.S. users differently. If you live in the U.S., your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope. What's the significance of this? Twitter Inc is governed by U.S. law; it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-U.S. operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.
Sony

Wikileaks Publishes Hacked Sony Emails, Documents 143

Posted by samzenpus
from the take-a-look dept.
itwbennett writes Wikileaks has published a searchable database of thousands of emails and documents from Sony Pictures Entertainment that were leaked in late 2014 after the studio was attacked by hackers. Some of the 173,132 emails and 30,287 documents contain highly personal information about Sony employees including home addresses, personal phone numbers and social security numbers, a fact which is likely to raise new concerns about the use of stolen information online.
Security

Why "Designed For Security" Is a Dubious Designation 58

Posted by samzenpus
from the protect-ya-neck dept.
itwbennett writes The list of products designed to be security enhanced that turned out to be anything but seems to get longer by the day. In just the latest instance, reported by Wired last week, the crowd-funded privacy-enhancing home router Anonabox had to be recalled after an independent researcher discovered serious security flaws in the product. But security experts caution that the real problem may be bigger than vulnerabilities hidden in application code: "Designed for security products don't just have to be good. They have to be beyond reproach," explains John Dickson, a Principal at the Denim Group. "All it takes is one guy with a grudge to undo you."
Television

In New Zealand, a Legal Battle Looms Over Streaming TV 106

Posted by timothy
from the why-consider-this-pen-your-honor dept.
SpacemanukBEJY.53u writes After a threat from a law firm, two New Zealand ISPs have withdrawn services that let their customers navigate to content sites outside the country that world normally be geo-blocked. Using VPNs or other services to access content restricted by region isn't specifically outlawed in either New Zealand or in neighboring Australia, but it appears the entertainment industry is prepared to go to court to try and argue that such services can violate copyright law. Intellectual property experts said the situation in New Zealand, if it goes to court, could result in the first test case over the legality of skirting regional restrictions.
Businesses

Kludgey Electronic Health Records Are Becoming Fodder For Malpractice Suits 184

Posted by timothy
from the so-it-says-here-you-were-born-in-1709 dept.
Lucas123 writes The inherent issues that come with highly complex and kludgey electronic medical records — and for the healthcare professionals required to use them — hasn't been lost on lawyers, who see the potential for millions of dollars in judgments for plaintiffs suing for medical negligence or malpractice. Work flows that require a dozen or more mouse clicks to input even basic patient information has prompted healthcare workers to seek short cuts, such as cutting and pasting from previous visits, a practice that can also include the duplication of old vital sign data, or other critical information, such as a patient's age. While the malpractice suits have to date focused on care providers, they'll soon target EMR vendors, according to Keith Klein, a medical doctor and professor of medicine at UCLA. Klein has been called as an expert witness for more than 350 state or federal medical malpractice cases and he's seen a marked rise in plaintiff attorney's using EMRs as evidence that healthcare workers fell short of their responsibility for proper care. In one such case, a judge awarded more than $7.5 million when a patient suffered permanent kidney damage, and even though physicians hadn't neglected the patient, the complexity of the EMR was responsible for them missing uric kidney stone. The EMR was ore than 3,000 pages in length and included massive amounts of duplicated information, something that's not uncommon.
Government

Bolivia Demands Assange Apologize For Deliberately False Leaks To the US 161

Posted by timothy
from the well-it's-not-swatting-if-it's-the-usaf dept.
Rei writes In 2013, during Edward Snowden's brief and chaotic search for asylum that ultimately landed him in Russia, the US faced criticism for handing information to various European nations that Bolivian president Evo Morales was smuggling him out of Russia, leading to the grounding of his flight. In a new twist, in the documentary Terminal F about this time period, Wikileaks founder Julian Assange admitted that he was the one who deliberately leaked the fake information to the US government. Bolivia has been none too pleased with this news and is now demanding that Assange apologize for putting their president's life at risk.
Microsoft

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw 171

Posted by samzenpus
from the protect-ya-neck dept.
Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.
Crime

Watch DARPA Artificial Intelligence Search For Crime On the "Dark Web" 35

Posted by samzenpus
from the seek-it-out dept.
An anonymous reader shares this bit of news from DARPA. "Of late, DARPA has shown a growing interest in open sourcing its technology, even if its most terrifying creations, like army robot wildcats designed to reach speeds of 50Mph, are understandably kept private. In a week’s time, the wider world will be able to tinker with components of the military research body’s in-development search tool for the dark web. The Memex technology, named after an mechanical mnemonic dreamt up just as the Second World War was coming to a close, has already been put to use by a number of law enforcement agencies, who are looking to counter crime taking place on networks like Tor, where Hidden Services are protected by the privacy-enhancing, encrypted hosting, often for good, often for bad. In its first year, the focus at Memex has been on tracking human trafficking, but the project's scope stretches considerably wider."
Security

French Intelligence Bill: 5 Web Hosting Providers Threaten To Leave the Country 105

Posted by samzenpus
from the we're-out-of-here dept.
albert555 (3986073) writes Five popular French web hosting providers, including Gandi and OVH, said on Thursday that the new French intelligence bill might push them to leave the country (French) in order not to lose their customers. The five companies are protesting against the "real-time capture of data connection" and their analysis by the intelligence services using "+black boxes+ with blurred lines". The web hosting providers believe that this project "will not reach its goal and will potentially put every French citizen under surveillance, that will result in the destruction of a major segment of the economy of our country," by pushing their customers to turn to other less intrusive territories. If the bill is passed as it is, "we have to move our infrastructure, our investments and our employees where our customers want to work with us". The companies have provided a listing of dozen cities where they "will suppress jobs instead of creating new ones."; "These are thousands of jobs (...) that startups and large companies will also create elsewhere," they add. The press release was addressed to the French Prime Minister, Manuel Valls, and was co-signed by Gandu, OVH, IDS, Ikoula and Lomaco.
Encryption

U.S. Gov't Grapples With Clash Between Privacy, Security 134

Posted by Soulskill
from the politicians-who-don't-know-which-way-the-wind-is-blowing dept.
schwit1 writes: WaPo: "For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee U.S. government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?"

NSA director Adm. Michael S. Rogers wants to require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it. But progress is nonexistent:

"The odds of passing a new law appear slim, given a divided Congress and the increased attention to privacy in the aftermath of leaks by former NSA contractor Edward Snowden. There are bills pending to ban government back doors into communications devices. So far, there is no legislation proposed by the government or lawmakers to require Internet and tech firms to make their services and devices wiretap-ready."
Communications

Microsoft: Feds Are 'Rewriting' the Law To Obtain Emails Overseas 100

Posted by Soulskill
from the get-out-of-my-inbox dept.
An anonymous reader writes: The Electronic Communications Privacy Act was written in 1986. It's incredibly outdated, yet it still governs many internet-related rights for U.S. citizens. Microsoft has now challenged Congress to update the legislation for how online communications work in 2015. The company is currently embroiled in a legal battle with the government over a court order to release emails stored in a foreign country to U.S. authorities. In a new legal brief (PDF), Microsoft says, "For an argument that purports to rest on the 'explicit text of the statute,' the Government rewrites an awful lot of it. Congress never intended to reach, nor even anticipated, private communications stored in a foreign country when it enacted [the ECPA]." In an accompanying blog post, Microsoft general counsel Brad Smith wrote, "Until U.S. law is rewritten, we believe that the court in our case should honor well-established precedents that limit the government's reach from extending beyond U.S. borders. ... To the contrary, it is clear Congress's intent was to ensure that your digital information is afforded the same legal protections as your physical documents and correspondence, a principle we at Microsoft believe should be preserved."
Google

Has Google Indexed Your Backup Drive? 121

Posted by samzenpus
from the it's-out-there dept.
itwbennett writes Depending on how you've configured the device, your backup drive may have been indexed by Google, making some seriously personal information freely available online to anyone who knows what they're looking for. Using a few simple Google searches, CSO's Steve Ragan discovered thousands of personal records and documents online, including sales receipts with credit card information and tax documents with social security numbers. In all cases, the files were exposed because someone used a misconfigured device acting as a personal cloud, or FTP (File Transfer Protocol) was enabled on their router.