Secretary of State Hillary Clinton’s announcement of a new U.S. policy on global Internet Freedom included a bold new statement about the responsibilities of American technology companies:
“…We are urging U.S. media companies to take a proactive role in challenging foreign governments’ demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what’s right, not simply what’s a quick profit.”
We couldn’t agree more. While Clinton focuses on media companies — meaning Internet media companies like Google, Yahoo! and Microsoft — there are plenty of other companies deserving scrutiny. Specfically, many U.S. (and multinational) technology companies may be knowingly selling Chinese authorities the surveillance equipment used to commit or facilitate human rights abuses. We think it’s high time to pay attention to them as well.
Full Article (EFF - eff.org)
Easily the most-viewed post at krebsonsecurity.com so far has been the entry on a cleverly disguised ATM skimmer found attached to a Citibank ATM in California in late December. Last week, I had a chance to chat with Rick Doten, chief scientist at Lockheed Martin’s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks, and pictured below are some of the more interesting images he uses in his presentations.
Full Article (Krebs on Security - krebsonsecurity.com)
As the practice of high-frequency trading continues to become more widespread, concerns are growing that erroneous trades carried out by “algos gone wild”—a sort of digitally amplified version of the “fat finger” phenomenon—could cause a market crash at Internet speed, a meltdown that no one could stop. Two recent market glitches could provide a preview of what’s to come.
Full Article (Ars Technica - arstechnica.com)
“Buying You: The Government’s Use of Fourth-Parties to Launder Data about ‘The People’,” a paper by Columbia Law School’s Joshua L. Simmons in the Columbia Business Law Review, describes the way that US government agencies circumvent the fourth amendment and privacy statutes by outsourcing their surveillance to private credit reporting bureaux and other mega-databases. He argues that the law should ban the use of this improperly gathered information, binding paid government informants to the same rules that the government must follow.
Full Article (Boing Boing - boingboing.net)
Following the report earlier this week that the FBI regularly broke the ECPA law, in obtaining information from telcos without going through the proper process (and, in some cases using just a post it note!), some interesting details from the full report have come to light. The two key ones? First, “the Obama administration issued a secret rule almost two weeks ago saying it was legal for the FBI to have skirted federal privacy protections.” And, second, the original idea to use these bogus “exigent letters” didn’t come from the FBI, but from an AT&T employee. We noted in the original report that no one seemed to be placing any blame on the telcos for allowing this, and why they’re clearly abusing the law, in giving out such info without the proper rules being followed, seems like a big question:
Full Article (Techdirt - techdirt.com)
Earlier today, The Rumpus published a very revealing interview with someone claiming to be a Facebook employee. The interview covers a variety of subjects, including privacy restrictions at the world’s largest social network and some of the technological hurdles the site has to deal with. The biggest revelations? That Facebook collects more data about your habits than you may realize, and that there was once a ‘master password’ that would grant employees access to anyone’s Facebook profile — a password that some employees abused.
An Icelandic firm that offers private DNA testing to customers has filed for bankruptcy in the U.S., raising privacy concerns about the fate of customer DNA samples and records, according to the Times of London.
Google has angered the Android enthusiast community by sending a cease and desist notice to a third-party developer who is building a popular custom version of the open source platform. Google doesn’t want its proprietary bits included in cooked ROMs.
New update available! Click here to download now! From virus signature updates that identify competing products as a trojan, to operating system updates that break core functionality, there has been no shortage of quality control failures in updates released by vendors. Many of these updates are delivered to the user’s computer via automatic update mechanisms. That means these problematic updates are delivered to millions of computers quietly and efficiently, typically without user interaction. It’s always welcome to see security bugs fixed or better rules released in the products we use. But when the price of that fix is at best an annoyance and at worst a complete system failure, we’re not so sure it’s worth it. At the very least, users should be aware of the various types of failures and the frequency with which they occur. While mistakes happen to everyone, we’ll leave it as an exercise to the reader to notice any trends from repeat offenders.
A new lawsuit from the EFF seeks to shed light on the mysterious “Other Intelligence Activities” that the NSA was engaged in after 9/11, and that the DoJ eventually found to be illegal. Based Ars’ reporting of the government’s datamining efforts, we suggest that it probably looks a lot like social network crawling.
Customers were left puzzled as to why Amazon would reach out and delete e-books from their Kindle readers, and the situation was made ironic given that the books were Orwell’s 1984 and Animal Farm. Ars reports why this happened, and how the future will be different.
We told you last week that browser maker Opera was generating quite some buzz by being secretive about their plans to ‘reinvent the web’. Well, the company this morning unveiled what it was referring to: technology that essentially turns every computer running the Opera browser into a full-fledged Web server. Behold Opera Unite.
A link between massive volcanic activity and a mass marine extinction event is unearthed in southwestern China. The ensuing shift in the ratios of carbon isotopes suggest a major disruption to the planet’s carbon cycle.
Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation, recently made that statement to this reporter. A few years ago, it might have sounded far-fetched. But if you’re one of the growing number of people who are using more and more products in Google’s ever-expanding stable (at last count, I was using a dozen), you might wonder if Bankston isn’t onto something.
A government audit (PDF) has pinpointed more than 3,800 vulnerabilities — 763 of which are high-risk — in the Federal Aviation Administration’s Web-based air traffic control system applications, including some that could potentially put air travel at risk.
