The Kazakhstan government is trying to spy on citizens with a government-issued root certificate for websites. Apple, Google, and Mozilla are blocking it in their browsers.
The root certificate in question, labeled as “trusted certificate” or “national security certificate,” if installed, allows ISPs to intercept, monitor, and decrypt users’ encrypted HTTPS and TLS connections, helping the government spy on its 18 million people and censor content.
Once installed, the certificate allowed the Kazakh government to decrypt and read anything a user visiting popular sites—Facebook, Twitter, and Google, among others—types or posts, including intercepting their account information and passwords.
The Big Tech gang is complete. Amazon, Apple, Facebook, Google, and now Microsoft were caught listening to user audio queries.
As part of a secret agreement, Amazon requires that police “encourage adoption” of its Ring doorbell surveillance cameras.
Dozens of police departments around the country have partnered with Ring, but until now, the exact terms of these partnerships have remained unknown. A signed memorandum of understanding between Ring and the police department of Lakeland, Florida, and emails obtained via a public records request, show that Ring is using local police as a de facto advertising firm. Police are contractually required to “Engage the Lakeland community with outreach efforts on the platform to encourage adoption of the platform/app.”
Politico reports that the Trump administration is in talks about banning encryption, or at least certain forms of it that law enforcement can’t crack.
The encryption challenge, which the government calls “going dark,” was the focus of a National Security Council meeting Wednesday morning that included the No. 2 officials from several key agencies, according to three people familiar with the matter…Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it…
Great. I can’t wait for Russia and China to intercept all of our insecure communications.
Jack Morse writes how we should cover up our phone’s selfie camera, but doesn’t spend much time telling us why. 90% of the article is about webcams on laptops. The only phone-related thing mentioned is the iOS FaceTime bug. Ultimately the choice to cover up the selfie camera is a personal one, but I wouldn’t worry too much about it.
This writer has used the Post-it Note technique for a few years, and it works wonders. While every now and then I get some weird looks from strangers or friends when they see that I cover my selfie camera, just like with laptop webcam covers it’s likely they’ll all be doing the same before too long.
Bluetooth beacons are small devices that some stores hide throughout the building. Apps on your phone can pick up the signals they emit and send information back.
In order to track you or trigger an action like a coupon or message to your phone, companies need you to install an app on your phone that will recognize the beacon in the store. Retailers (like Target and Walmart) that use Bluetooth beacons typically build tracking into their own apps. But retailers want to make sure most of their customers can be tracked — not just the ones that download their own particular app.
I bet iOS 13’s new Bluetooth controls will affect this.
Bryan Chaffin and Andrew Orr join host Kelly Guimont for a discussion of surveillance and courts, and John Kheit’s take on Mac Pro punditry.
We often read about surveillance from the perspective of us, the users, or technology companies. Here is a judge’s view on it.
Congress is way behind in determining how far the police can go in using technology to invade people’s privacy, and many of the legal disputes arising from this collision have not reached the Supreme Court. For the public, as a practical matter, the rules of the road are being decided by prosecutors. Your privacy is not their highest priority.
I think that’s ultimately the heart of the matter: We have a technologically-inept government.
Google has a database called Sensorvault. It contains location data of users and shares it with law enforcement—if they have a warrant, of course. Apple honors lawful requests as well. But Jennifer Valentino-DeVries wonders whether the database is too broad.
Google would not provide details on Sensorvault, but Aaron Edens, an intelligence analyst with the sheriff’s office in San Mateo County, Calif., who has examined data from hundreds of phones, said most Android devices and some iPhones he had seen had this data available from Google…
“It shows the whole pattern of life,” said Mark Bruley, the deputy police chief in Brooklyn Park, Minn., where investigators have been using the technique since this fall. “That’s the game changer for law enforcement.”
The 2001 Patriot Act is up for renewal, and 39 privacy and civil rights groups are asking Congress to make changes to it.
A new law out of Congress could put an end to NSA phone surveillance. It’s called the Ending Mass Collection of Americans’ Phone Records Act.
A startling investigation by NBC 7 journalists reveals how the U.S. government tracks journalists through use of a database.
Documents obtained by NBC 7 Investigates show the U.S. government created a secret database of activists, journalists, and social media influencers tied to the migrant caravan and in some cases, placed alerts on their passports.
In fact, their own government had listed their names in a secret database of targets, where agents collected information on them. Some had alerts placed on their passports, keeping at least two photojournalists and an attorney from entering Mexico to work.
This is why private services like end-to-end encrypted messaging apps are so important. It’s bad enough if a foreign government is surveilling you. We don’t need our own government to do the same.
The NSA spying program that analyzed the calls and texts of American citizens has allegedly been shut down.
Christopher Augustine, an N.S.A. spokesman, told The New York Times in January that agency officials were “carefully evaluating all aspects” of the Freedom Act program, and were discussing its future. Mr. Augustine made clear that the White House would make the final call about whether to ask Congress to extend the Freedom Act.
I hope this is actually true. Now we need the GCHQ to not spy on us either.
Yesterday Cloudflare released its transparency report for the second half of 2018. It revealed it’s expanding its use of warrant canaries.
American companies like Thermo Fisher have helped Chinese DNA collection so the authoritarian country can track Uighurs.
The Nest Secure smart home hub has had a secret microphone this whole time. But poor Google just plain forgot to tell us.
On Tuesday, a Google spokesperson told Business Insider the company had made an “error.” “The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part,” the spokesperson said.
Silly Google, tricks are for kids. Also, get a HomePod.
The federal government shares its terrorist watch list with over 1,400 private companies, including hospitals and universities. The government has insisted for years it doesn’t share it with private companies, only to have lied this whole time. Why would it be a big deal? It’s relatively easy for innocent people to end up on the list.
The government’s admission comes in a class-action lawsuit filed in federal court in Alexandria by Muslims who say they regularly experience difficulties in travel, financial transactions and interactions with law enforcement because they have been wrongly added to the list. The Associated Press is the first to report on the disclosure after reviewing the case documents.
Remember that story about the iPhone hacking tool called Karma? Lawfare published a good piece detailing the consequences of U.S. spies working for a foreign intelligence agency.
Along the way, the Americans came to appreciate that their efforts at times did indeed include surveillance of political opponents of UAE authorities, and further that the UAE service at times targeted Americans despite assurances that this would not occur (or at least that the operations Project Raven in particular conducted or supported would not be directed at Americans).
That’s probably the biggest point of the story. Americans spying on Americans on behalf of another country.
Yesterday a U.S. judge ruled that a secret government effort to compel Facebook to decrypt Messenger voice conversations won’t be revealed.
Groups including the American Civil Liberties Union argued that the public’s right to know the state of the law on encryption outweighed any reason the U.S. Justice Department might have for protecting a criminal probe or law-enforcement method.
One word: PRISM.
The GCHQ wants Apple to secretly add the agency to iMessage chats and FaceTime calls, effectively creating a backdoor into encryption.