[Quote]:

EU Justice Commissioner Viviane Reding will imminently table a draft bill that will – if passed in Parliament – require internet firms to be upfront about the user data they hold.

The proposal has already been slammed by many businesses in the UK, where opposition to the draft regulation has been particularly fierce.

Reding’s "right to be forgotten" on the internet plan forms part of a huge legislative overhaul of Europe’s 1995 data protection law, which the commissioner has labelled as outdated.

EU observers, businesses and politicos agree with her that the current legislation is in desperate need of a rewrite, but Reding’s draft proposal has drawn fire from many.

[Quote]:

Datatilsynet, The Norwegian Data Inspectorate has effectively outlawed many corporate uses of Google Apps within Norway on privacy grounds.

Reports are only just emerging (in Norwegian) that a “Notice of Decision” dated 16th January (pdf, Norwegian) states that Norwegian companies that make use of Google “cloud” services, (known locally nettskyløsning – essentially Google Apps) with its standard terms “violate the law”.

It is unclear at this stage whether the opinion will be challenged in the courts.

The Norwegian authorities cite the US Patriot Act, which gives “U.S. authorities the ability to monitor terrorist suspects without charge or trial” amongst the reasons why a US-lead data protection initiative known as US-EU Safe Harbor was insufficient in itself to guarantee compliance with strict Norwegian data protection laws.

[Quote]:

Mike Cardwell claims that T-Mobile UK are silently disrupting VPNs and secure connections to mail-servers, using packet-injection techniques more often found in the Great Firewall of China. He documents his findings in detail, and has found someone on the T-Mobile customer forums who claims that a senior technician there stated that it was a deliberate policy decision at T-Mobile to keep mail from being sent through any servers apart from their own.

The consequence of this is that you must communicate over T-Mobile’s 3G network in a way that allows them to snoop on you and read your email. And since 3G security has been compromised for years, it also means anyone within range of your cell tower can also snoop on you. Mike borrowed techniques from those who fight the Great Firewall of China to build a system that lets him tunnel securely and keep his sensitive data secret, but unless you run your own servers, you’re screwed if you’re a T-Mobile customer.

[Quote]:

I had gone to court to listen to our legal team argue a case to protect the First Amendment rights of our client, Twitter user @p0isAn0n, aka Guido Fawkes. That user, who wishes to remain anonymous throughout the proceedings, was the target of a Suffolk County Assistant District Attorney’s administrative subpoena to Twitter, dated December 14, 2011. As we wrote last week, the subpoena asked Twitter to hand over @p0isAn0n’s subscriber information, including our client’s IP address, which can be used to help track down someone’s physical residence.

[..]

The known knowns: the scrum of lawyers, defense and prosecution, addressed the judge. I saw the judge speak to the lawyers. Then I saw our attorneys return to their bench, closer to where I was sitting, out of earshot of the sidebar. But the ADA stayed with the judge. He spoke to her, with his back to the courtroom, for about ten minutes. Our attorneys didn’t get to hear what he said to her, didn’t have a chance to respond to whatever the government was saying about our client, about the case. It was frankly shocking.

After those ten minutes of secret government-judge conversation, our attorneys were invited back to the sidebar, whereupon the scrum of lawyers spoke with the judge for another ten or fifteen minutes. Then they dispersed. The judge uttered not one word to the open court. And that was it.

Stunned, I followed a group of reporters outside and listened as Attorney Krupp attempted to answer their questions. It was then I realized that the judge had impounded all the court records related to the case, and mandated complete secrecy governing the proceedings. The public wasn’t even to know whether our motion to quash had been approved or denied.

The press scrum was Kafkaesque to say the least.

‘Can you tell us what the judge decided?’

‘No.’

‘Did the judge grant your motion to quash the subpoena?’

‘I can’t say.’

[Quote]:

The Federal Bureau of Investigation stating all materials it holds regarding Carrier IQ are exempt from disclosure since it is used for law enforcement proceedings.

Feel safer yet?

[Quote]:

Attention holiday shoppers: your cell phone may be tracked this year.

Starting on Black Friday and running through New Year’s Day, two U.S. malls — Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. — will track guests’ movements by monitoring the signals from their cell phones.

While the data that’s collected is anonymous, it can follow shoppers’ paths from store to store.

The goal is for stores to answer questions like: How many Nordstrom shoppers also stop at Starbucks? How long do most customers linger in Victoria’s Secret? Are there unpopular spots in the mall that aren’t being visited?

[..]

Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones.

Consumers can opt out by not consuming…

Of course, they claim to do this to “improve the shopping experience” which is marketing speak for “shove more ads in your face”

and take a look at the picture with that article: “An anonymous mobile phone survey” sounds, to the average consumer, like maybe you’d be given a number you could call and fill out a survey or answer some questions about your experience in the mall, right? This is disingenuous to say the least.

[Quote]:

Recent news stories (based on research by Stanford student Feross Aboukhadijeh) state that an Adobe bug made it possible for remote sites to turn on a viewer’s camera and microphone. That sounds bad enough, but that’s not the really disturbing part. Consider this text from the Register article:

Adobe said on Thursday it was planning to fix the vulnerability, which stems from flaws in the Flash Player Settings Manager. The panel, which is used to designate which sites may access feeds from an enduser’s camera and mic, is delivered in the SWF format used by Flash.

…

Because the settings manager is hosted on Adobe servers, engineers were able to close the hole without updating enduser software, company spokeswoman Wiebke Lips said.

That’s right — code on a remote computer somewhere decides whether or not random web sites can spy on you. If someone changes that code, accidentally or deliberately, your own computer has just been turned into a bug, without any need for them to attack your machine.

From a technical perspective, it’s simply wrong for a design to outsource a critical access control decision to a third party. My computer should decide what sites can turn on my camera and microphone, not one of Adobe’s servers.

The policy side is even worse. What if the FBI wanted to bug you? Could they get a court order compelling Adobe to make an access control decision that would turn on your microphone?

[Quote]:

You may have heard about the Cellebrite cell phone extraction device (UFED) in the news lately. It gives law enforcement officials the ability to access all the information on your cell phone within a few short minutes. When it became known that Michigan State Police had been using the tool to access cell phones during traffic stops, it raised concern with the ACLU. Now, everyone is wondering if cops will be using devices like this elsewhere. Will this new law enforcement tool be abused, or will it be used responsibly in the pursuit of justice?

Call us paranoid, but we obtained a law-enforcement-grade software extraction tool for the iPhone to see exactly what data is up for grabs. You’d be surprised to see just how much data today’s smartphones can store — and police can access.

The weird thing is, it can also insert data. See: http://www.cellebrite.com/images/stories/ufed%202/UFED_PA_user_guide.pdf Staring under “Create a new call”

What court would ever accept anything by this software as evidence?

I guess I’ll have to start carrying around a second phone so I can hand over innocent data…

[Quote]:

Facebook on Monday defended its practice of gathering data from “Like” buttons even after users have logged out, saying that the collection is part of a system to prevent improper logins and that the information is quickly deleted.

[..]

“The onus is on us is to take all the data and scrub it,” said Arturo Bejar, a Facebook director of engineering. “What really matters is what we say as a company and back it up.”

Short version: “trust us!”

[Quote]:

According to facebook’s privacy policy, messages on facebook can not be deleted anymore. If you click on ‘delete’ the messages will only be invisible to you. US law enforcement agencies can access this information at there own liking, without judicial review.

[Quote]:

I canceled the OnStar subscription on my new GMC vehicle today after receiving an email from the company about their new terms and conditions. While most people, I imagine, would hit the delete button when receiving something as exciting as new terms and conditions, being the nerd sort, I decided to have a personal drooling session and read it instead. I’m glad I did. OnStar’s latest T&C has some very unsettling updates to it, which include the ability to sell your personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling.

[Quote]:

"If you’re not doing anything wrong, you have nothing to worry about."

Many Americans have said this, or heard it, when discussing the expanded surveillance capabilities the government has claimed since 9/11.

[..]

The question should be, “If you’re not doing anything wrong, why is the government snooping on you?”

[Quote]:

Ever since Google launched its new Google+ social network, we and others have pointed out that the search giant clearly has more in mind than just providing a nice place for people to share photos of their pets. For one thing, Google needs to tap into the “social signals” that people provide through networks such as Facebook so it can improve its search results. There’s a larger motive, too: As Chairman and former Chief Executive Officer Eric Schmidt admitted during an interview in Edinburgh over the weekend, Google is taking a hard line on the real-name issue because it sees Google+ as an “identity service” or platform on which it can build other products.

[Quote]:

The Vancouver Canucks Fan Zone along Georgia St. for Game 7 of the 2011 Stanley Cup Final was captured at 5:46 pm on June 15, 2011. It is made up of 216 photos (12 across by 18 down) stitched together, taken over a 15-minute span, and is not supposed to represent a single moment in time. The final hi-res file is 69,394 X 30,420 pixels or 2,110 megapixels. Special thanks to Bonita Howard and CBC Real Estate.

Zoom in – there’s enough detail to do face recognition on everybody. The site has a facebook-based tagging system – lots of people are already identified.

So, next time you’re going to riot, make sure you do major plastic surgery afterwards…

[Quote]:

Enlarge pictureGoogle has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws.Gordon Frazer, Microsoft UK’s managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world.At the center of this problem is the USA PATRIOT ACT, which states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries if requested.Not only that, but they can be forced to keep quiet about it in order to avoid exposing active investigations and alert those targeted by the probes.

[Quote]:

LinkedIn has become the latest social networking site to decide that new features can be added and switched on by default, and users don’t have to be notified.

The feature allows LinkedIn to use profile information like names and photos in third-party advertising, and seems to have been first noticed by blogger Steve Woodruff here.

The feature – hidden away in the Orwellian-named “Manage Social Advertising” option – has to be switched off through a user’s account settings. Permission for this is tucked away in a new condition in LinkedIn’s Terms of Use, which makes it an opt-out feature.

[Quote]:

Those freaked out by facial recognition technology have fresh fodder: a study from Carnegie Mellon University in which researchers were able to predict people’s social security numbers after taking a photo of them with a cheap webcam.

[Quote]:

At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act.

It was honestly music to my ears. After a year of researching the Patriot Act’s breadth and ability to access data held within protected EU boundaries, Microsoft finally and openly admitted it.

[Quote]:

Americans must decide if, in the name of homeland security, they are willing to allow TSA operatives to storm public places in their communities with no warning, pat them down, and search their bags. And they better decide quickly.

[Quote]:

Andrew Goldstein has been a Bank of America customer for more than four decades. He’s grown up with the bank, trusted it, relied on it to be there for him through thick and thin.

So it was with more than a little shock that Goldstein, 60, learned the other day that a BofA employee apparently leaked confidential information about his and hundreds of other customers’ accounts to scammers, resulting in more than $10 million in losses.

[..]

He immediately went to his local BofA branch and tried to straighten things out.

“While I was at the bank,” he told me, “the scammers called again and did another telephone transfer — while I was sitting there! We actually saw the amount in my account go down on the computer screen.”

[Quote]:

Owners of Android smartphones are being warned to avoid public WiFi networks after researchers found a security flaw that could affect the vast majority of devices based on Google’s software.

A trio of researchers at Ulm University in Germany found that it was “quite easy” for hackers to intercept data from Google’s photo-sharing, calendar and contacts applications, as well as potentially other Google services such as Gmail, using a flaw that affects 99 per cent of all Android devices.

KPN is under fire in the Netherlands for using deep packet inspection to figure out who’s using WhatsApp.

At some point in the near future somebody is going to build a handset that uses Tor for everything network related…

[Quote]:

On page 32:

There you have it. The government doesn’t want you to know whether your internet or phone company is cooperating with its dragnet surveillance program because you might get upset and file lawsuits asserting your constitutional rights.

[Quote]:

The Electronic Frontier Foundation joined civil liberties and privacy groups in criticizing a proposal from the San Francisco Entertainment Commission that would require all venues with an occupancy of over 100 people to record the faces of all patrons and employees and scan their ID’s for storage in a database which they must hand over to law enforcement on request.

[Quote]:

The Crown Prosecution Service confirmed today that it would not be prosecuting anyone in BT’s secret trials of Phorm’s web monitoring system.

“We have decided not to consent to a request from an individual to begin a prosecution of BT Group Plc and Phorm Inc in relation to alleged unlawful interception of internet browsing data,” said the CPS in a statement on its website.

[..]

“BT received further and conflicting legal advice that led to it halting the covert trials. As there was no evidence to suggest either company acted in bad faith, it could be reasonably argued that any offending was the result of an honest mistake or genuine misunderstanding of the law,” it added.

So ignorance of a law is no defence, but a general misunderstanding of the law is.

Does this mean a defence of ‘I stopped being a serial killer just as soon as someone explained that I had genuinely misunderstood the law.’ is now acceptable in court?

[Quote]:

Not a word of complaint about the 70/30 revenue split. Their complaint is solely about access to customer information, which they profit by selling. And remember: it’s not Apple that controls that information with App Store subscriptions: it’s us, the users. What the FT is arguing here is that they don’t want their subscribers to have any control over their customer privacy.

[Quote]:

Creepy is a software package for Linux or Windows – with a Mac OS X port in the works – that aims to gather public information on a targeted individual via social networking services in order to pinpoint their location. It’s remarkably efficient at its job, even in its current early form, and certainly lives up to its name when you see it in use for the first time.

You can enter a Twitter or Flickr username into the software’s interface, or use the in-built search utility to find users of interest. When you hit the ‘Geolocate Target’ button, Creepy goes off and uses the services’ APIs to download every photo or tweet they’ve ever published, analysing each for that critical piece of information: the user’s location at the time

[Quote]:

Most people’s understanding of what can actually be done with the data provided by our mobile phones is theoretical; there were few real-world examples. That is why Malte Spitz from the German Green party decided to publish his own data collected from August 2009 to February 2010. However, to even access the information, he had to file a suit against telecommunications giant Deutsche Telekom.

The data, which ZEIT ONLINE has made available for download and acts as the basis for our accompanying interactive map, were contained in a massive Excel document. Each of the 35.831 rows of the spreadsheet represents an instance when Spitz’s mobile phone transferred information over a half-year period. Seen individually, the pieces of data are mostly inconsequential and harmless. But taken together, they provide what investigators call a profile – a clear picture of a person’s habits and preferences, and indeed, of his or her life.

[Quote]:

The Homeland Security Department paid contractors millions of dollars to develop and study surveillance systems that could covertly track pedestrians and check under people’s clothing with airport-style body scanners as they enter train stations, bus depots or major events, newly released documents show.

Two contracts the department signed in 2005 and 2006 were part of its effort to acquire technology to find suicide bombers in a crowd of moving people, according to documents given to the Electronic Privacy Information Center (EPIC), a privacy-rights group that is suing Homeland Security.

The department dropped the projects in a “very early” phase after testing showed flaws, Homeland Security spokesman Bobby Whithorne says.

[Quote]:

The whole thing was over in a matter of minutes and was a completely professional experience.

Or it was, until a male TSA agent walked behind us and hollered: "Hey, I thought she was mine! I was gonna do her!"