1.3M Cellphone Snooping Requests Yearly? It’s Time for Privacy and Transparency Laws

Photo: jbtaylor/Flickr

The nation’s mobile carriers weren’t kidding in April when they told California lawmakers that they were working “day and night” responding to police inquiries for subscriber information, such as locational data of where the phone was when it made and received calls.

That, they said, made them just too busy to have to report publicly how often they get such requests, and the politically powerful carriers ultimately defeated California legislation requiring them to do so.

But now it’s time for that requirement — as well as increased protection for Americans’ private data — to be made the law of the land.

On Monday, Rep. Edward Markey (D-Massachusetts), as part of a congressional probe, divulged statistics about the number of requests made to cellphone providers, for the first time ever revealing that the carriers assisted law enforcement an eye-popping 1.3 million times last year alone in dishing out subscriber information like text messages, location data and calling records.

There is no oversight at all of these tower dumps

And there was more disturbing information. AT&T revealed it charges a mere $75 for a “tower dump,” which tells police what mobile phones pinged a tower in a given time period, though we have no idea how often this happens or whether police store or share that data.

The nine responding companies to Markey — which reported about a 15 percent annual increase in government demands for subscriber information, did not disclose how many of these so-called tower dumps they performed. The dumps provide to law enforcement any cell phone number that has pinged a tower in a given time frame.

“There is no oversight at all of these tower dumps,” said Christopher Soghoian, a privacy expert. “We don’t know how many tower dumps, or what the government does with the data.”

The big four companies — AT&T, Sprint, T-Mobile, Verizon — and the five others need to report how often they perform these, as thousands of innocent people, including those exercising their rights to protest, can be swept up by such an order, and there’s no warrant required to get them.

Continue Reading “1.3M Cellphone Snooping Requests Yearly? It’s Time for Privacy and Transparency Laws” »

Pages: 1 2 3 View All

Tags: , ,
Back to top

Megaupload’s Kim Dotcom Offers to Surrender to the FBI, at a Price

Photo: Kim Dotcom

Kim Dotcom and his Megaupload associates are seeking to break the legal impasse between him and the FBI, by offering to fly to the United States without an extradition hearing in New Zealand.

In return, Dotcom demands a fair trial guarantee and return of money to support their families and to pay legal fees which are thought to be in the millions of dollars after several months of court battles.

Dotcom and seven top employees of MegaUpload are charged by U.S. authorities with operating a criminal conspiracy to violate copyright laws that netted over $500 million in ads and subscription fees. The feds seized MegaUpload’s domains and servers, as well as Dotcom’s bank accounts and fancy cars in January.

The ever-provocative Dotcom tweeted Wednesday: “Hey DOJ, we will go to the US. No need for extradition. We want bail, funds unfrozen for lawyers & living expenses.”

The German filesharing tycoon and his co-accused have a legal team comprising 25 lawyers in four countries working on their individual cases as well as that of Megaupload the company. According to Megaupload’s U.S. lead lawyer, Ira Rothken, none of the legal team has been paid yet.

But Rothken would not confirm or deny if a deal was in the making, telling Wired, “We will not comment one way or another on the involving private discussions between counsel or whether such discussions even occurred.”

On Tuesday, Dotcom was told that the extradition hearing for him and Finn Batato, Bram van der Kolk and Mathias Ortmann had been postponed until March 2013. It was originally scheduled to take place on August 7 this year.

Speaking to the New Zealand Herald, Dotcom says he hasn’t been able to pay any of his legal costs.

“They just want to hang me out to dry and wait until there is no support left,” Dotcom is quoted as saying.

Due to the twists and turns in the Megaupload case that include the New Zealand police illegally executing searches and seizures with invalid warrants, the legal process has become convoluted and is expected to take a long time to resolve.

Judge David Harvey who ordered the FBI to produce the evidence it holds on Dotcom and associates wrote in a court minute Tuesday the New Zealand Crown lawyers are likely to go to the Court of Appeal if the High Court upholds his ruling. Harvey adds that the appeal could go all the way to the New Zealand Supreme Court.

Having made the offer, however, Dotcom says the FBI will never agree to the deal as it can’t win the case against him and Megaupload and knows this already.

Back to top

Gone in 3 Minutes: Keyless BMWs a Boon to Hacker Thieves

You’ve recently spent $64,000 on your flash new BMW with keyless entry. But when you wake up one morning, you discover, in a different kind of flash, that it’s gone, stolen by hacker thieves who used the car’s keyless feature to pinch your luxury ride.

This is the reality for a growing number of BMW owners in the United Kingdom who have recently become victim to a spate of thefts, thanks to a couple of security vulnerabilities in the car’s systems. One BMW owner posted a surveillance video of the thieves taking off in the night with his car (see the video above).

The owner, who posted the video at 1addicts.com, suspects the thieves broke the glass to access the BMW’s on-board diagnostics port (OBD) in the footwell of the car, then used a special device to obtain the car’s unique key fob digital ID and reprogram a blank key fob to start the car. It took less than 3 minutes to accomplish the feat. (That said, despite their sophistication, the thieves were, comically, unable to thwart the surveillance cameras, though they tried.)

Below is a video showing how a key fob can be programmed to start a BMW.

Jalopnik reports that BMW thieves are likely exploiting a gap in the car’s internal ultrasonic sensor system to avoid tripping its alarm when they access the car.

But there’s another security flaw in play. The OBD system doesn’t require a password to access it and program a key fob. According to Jalopnik, this is a requirement in Europe so that non-franchised mechanics and garages can read the car’s digital diagnostic data.

BMW told Jalopnik that the problem is industrywide and not unique to its cars.

“We are aware of recent claims that criminal gangs are targeting premium vehicles from a variety of manufacturers,” the company said in a statement. “This is an area under investigation. We have a constant dialogue with police forces to understand any patterns which may emerge. This data is used to enhance our defence systems accordingly. Currently BMW Group products meet or exceed all global legislative criteria concerning vehicle security.”

Back to top

FTC’s $22M Privacy Settlement With Google Is Just Puppet Waving

Photo: Max Lib/Flickr

Google has reportedly agreed to pay a record $22.5 million fine to the Federal Trade Commission to settle charges that it violated a privacy consent decree it signed with the agency, the Wall Street Journal reported Monday.

Google, which signed a 20-year privacy agreement with the FTC following the ill-fated Google Buzz, was investigated for using a sneaky, but well-known, tactic to bypass the strong default cookie settings on Apple’s Safari browser. Google defended the practice, saying it was simply trying to put a +1 button on Google Ads that could be used by signed-in Google users.

The proposed fine – one of the largest ever levied by the FTC – won’t hurt Google’s bottom line – at least not in the short term – but it’s a major PR loss for the search giant, which is battling with regulators in the States and in Europe over its privacy practices and accusations that it abuses its near-monopoly on search.

As privacy violations go, the Safari cookie workaround was rather minor, but little missteps by Google give authorities a way to publicly punish the company and try to force the company to be much more deliberate about privacy. Facebook is under a similar 20-year decree after the FTC accused the company of a litany of more major privacy violations, including bait-and-switch promises about what information was private, making misleading promises about app security and not deleting user photos when a user closed a Facebook account.

That said, the consent decree Google signed did not prevent the company from making a radical change to its privacy practices and policies in March that laid the groundwork for Google to create the web’s most comprehensive – and potentially scary – online profiles of users. Google followed all the best practices – notifying users prominently – even annoyingly – for months about the change.

Despite those notices, it’s doubtful that users had any idea how momentous the changes actually were, though Google claims it was just simplifying things for users by letting Google combine the data it harvests from your use of its search engine, YouTube, Gmail and visits to websites that have Google-powered ads or +1 buttons. (So far, Google Analytics data remains outside the profile, but you won’t find that in the privacy policy, just in a little-noticed blog post by the Analytics team.)

But we live in a country with an absence of any real privacy legislation that requires large companies, both online and offline, to abide by Fair Information Practices. Those require companies to tell you when and why they collect data, use the data only for the original purpose, allow you to opt-out, and let you see and correct the data collected about you. That’s how an Irish Facebook user was able to force the social networking giant to divulge all the info the company had stored about him.

In absence of such rules, there’s nothing the FTC can do to stop the real privacy invasions like Google’s new privacy policy. Instead, the FTC can only watch warily and hope that the giants of the web make some misstep somewhere, however minor, and use that to publicly shame and tarnish the company.

So good on the FTC for smacking Google’s hands for reaching into the Safari cookie jar.

But until there’s a real privacy framework that governs not just Google and Facebook but also your credit card company and creepy data brokers, privacy actions by U.S. regulators amount to not much more than Occupy protestors wielding eye-catching over-sized puppets outside a greedy investment firm as a way to reform a rapacious financial system.

Which isn’t to say such tactics are useless — even Bloomberg’s news stories now routinely refer to the 1%, but it’s a circuitous tactic used by the largely powerless to try to reform the powerful.

Your privacy deserves better.

Back to top

Atari Teenage Riot Goes for the Lulz With Anonymous

Photo courtesy of Atari Teenage Riot

In mid-February, Alec Empire of the iconic digital hardcore band Atari Teenage Riot got a call from Sony. The company was creating a commercial for their new handheld game console, the Sony Vita, and they wanted to use the song Black Flags from ATR’s most recent album Is This Hyperreal? for the score.

It was a call so wrong, so profoundly ill-advised, that it could only end in epic internet lulz.

To begin with, Alec Empire has a history with Sony — he’d sued them for copyright infringement after another song was included in a Sony ad without permission, and he settled, still feeling ripped off. Part of his dissatisfaction was hearing his music in a commercial at all.

“It was this kind of situation… when you feel your whole work has been compromised. We are really and only about the political message,” said Empire in an IRC chat with Wired. “So when something like this happens it is damaging to our credibility and can’t really be repaired with paying some money.”

But there was more: the song Sony wanted, Black Flags, was originally written about Bradley Manning and WikiLeaks. But the video was dedicated to Anonymous, who were mentioned in the song as well — the very collective that had mercilessly and repeatedly targeted in Sony in 2011.

Now Sony was back in Empire’s life — and asking this time. Empire knew at once what he wanted to do.

“I was actually on the phone and had to slow down my pulse and breathe… so the excitement wouldn’t be audible in my voice.”

Empire knew a participant in Anonymous, and got in touch with them about his idea. “Alec comes to me asking where to donate to support anons,” said the anon, picking up the story. “I remembered right around the time of the Paypal 14, and other raids on anon members, there were a team of lawyers devoted to defending anonymous members… I know a couple of the lawyers, so I asked them where the donate page was, (and) I handed the link to Alec.”

The moment the ad money came in, Empire sent all of it to Freeanons.org — a legal defense and support network for people arrested for participation in the collective. He announced it on his blog immediately, declaring “I did it only for my own amusement!” — the lulz hard at work.

Many in the community of Anonymous who had already contributed material for the Black Flags video cheered this announcement, and Empire and some anons started a dialogue. Sometimes Empire would interview anons, and sometimes they would interview him.

Wired sat down for a chat with both a cross section of participants in the Anonymous collective, and the digital hardcore rockstar. The wide ranging talk touched on internet freedom, the music industry, the future of Anonymous, Sony, Germany, and even living on the edge of self-destruction, as an artist or a hacker. While this transcript here has been edited for length, topicality, and clarity, the casual style of IRC, which often omits conventions of written language in favor of conversational speed, has been preserved.

Continue Reading “Atari Teenage Riot Goes for the Lulz With Anonymous” »

Pages: 1 2 3 4 View All

Back to top
« OLDER POSTS