Techmeology writes "In response to declining utility of CALEA mandated wiretapping backdoors due to more widespread use of cryptography, the FBI is considering a revamped version that would mandate wiretapping facilities in end users' computers and software. Critics have argued that this would be bad for security (PDF), as such systems must be more complex and thus harder to secure. CALEA has also enabled criminals to wiretap conversations by hacking the infrastructure used by the authorities. I wonder how this could ever be implemented in FOSS."

Today eight members of the U.S. Congress have sent a letter to Google's Larry Page, asking him to address a number of privacy concerns about Google Glass. In the letter (PDF), they brought up the company's notorious Street View data collection incident, and asked how the company was planning to avoid a similar privacy breach with Glass. They also ask how Google is going to build Glass to protect the privacy of non-users who may not want their every public move to be recorded. Further, they ask about the security of recordings once they are made: "Will Google Glass have the capacity to store any data on the device itself? If so, will Google Glass implement some sort of user authentication system to safeguard stored data? If not, why not?" Google has until July 14th to respond.

hypnosec writes "Mozilla is not going ahead with its plans to block third-party cookies by default in the Beta version of its upcoming Firefox 22. Mozilla needs more time to analyze the outcome of blocking these cookies. The non-profit organization released Firefox Aurora on April 5 with a patch by Jonathan Mayer built into it which would only allow cookies from those websites which the user has visited. The patch would block the ones from sites which hadn't been visited yet. The reason for Mozilla's change in plans is that they're currently looking into 'false positives.' If a user visits one part of a group of site, cookies from that part will be allowed, but cookies from related sites in the group may be blocked, and they're worried it will create a poor user experience. On the other side of the coin, there are 'false negatives.' Just because a user may have visited a particular site doesn't mean she is comfortable with the idea of being tracked."

jfruh writes "Larry Page revealed that he'd been suffering from a vocal cord ailment that impaired his ability to speak for more than a year. The positive feedback he got from opening up about it inspired him to tell attendees at Google I/O that we should all be less uptight about keeping our medical records private. As far as Page is concerned, pretty much the only legitimate reason for worry on this score is fear of being denied health insurance. 'Maybe we should change the rules around insurance so that they have to insure people,' he said."

First time accepted submitter Stratus311 writes "An article from The Verge shows a video leaked from Microsoft that parodies Google's Chrome ad. From the article: 'Microsoft and Google have been locked in a war of words over a YouTube Windows Phone app, but in the midst of the arguments a new Scroogled ad has emerged. Designed to be an internal-only video, a copy has somehow managed to find its way onto the web right in the middle of Google's I/O developer conference.'" "Somehow" leaked.

itwbennett writes "Contrary to recent reports, data broker Acxiom is not planning to give consumers access to all the information they've collected on us. That would be too great a challenge for the giant company, says spokesperson Alexandra Levy. Privacy blogger Dan Tynan recently spoke with Jennifer Barrett Glasgow, Chief Privacy Officer at Acxiom (she claims to be the very first CPO) about how the company collects information and what they do with it. This should give you some small measure of comfort: 'We don't know that you bought a blue shirt from Lands End. We just know the kinds of products you are interested in. We're trying to get a reasonably complete picture of your household and what the individuals who live there like to do,' says Glasgow."

Today The New Yorker unveiled a project called Strongbox, which aims to let sources share tips and leaks with the news organization in a secure manner. It makes use of the TOR network and encrypts file uploads with PGP. Once the files are uploaded, they're transferred via thumb-drive to a laptop that isn't connected to the internet, which is erased every time it is powered on and booted with a live CD. The publication won't record any details about your visit, so even a government request to look at their records will fail to find any useful information. "There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards." Strongbox is actually just The New Yorker's version of a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before his death. DeadDrop is free software.

redletterdave writes "The FAA predicts 30,000 drones will patrol the US skies by 2020, but New Jersey drivers could see these unmanned aerial vehicles hovering above the New Jersey Turnpike and Garden State Parkway much sooner than that. New Jersey lawmakers from both Republican and Democratic parties have introduced a number of bills to tackle the drones issue before the federal government starts issuing the first domestic drone permits in September 2015."

itwbennett writes "We've all had a chuckle over Google's autocomplete results for various search queries. But one German businessman had a less funny experience when he searched for his name on Google.de: The autocomplete suggested search terms where his name was tied with 'Scientology' and 'fraud' (in German, of course). This was back in 2010. In 2012, a German court ruled that the autocomplete terms did not infringe the plaintiff's privacy. Now, a year later, the Federal Court of Justice in Karlsruhe has overturned that ruling and ordered that Google remove offensive search suggestions when notified."

An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

An anonymous reader sent in this excerpt from Moxie Marlinspike's weblog: "Last week I was contacted by an agent of Mobily, one of two telecoms operating in Saudi Arabia, about a surveillance project that they're working on in that country. Having published two reasonably popular MITM tools, it's not uncommon for me to get emails requesting that I help people with their interception projects. I typically don't respond, but this one (an email titled 'Solution for monitoring encrypted data on telecom') caught my eye. ... The requirements are the ability to both monitor and block mobile data communication, and apparently they already have blocking setup. ... When they eventually asked me for a price quote, and I indicated that I wasn't interested in the job for privacy reasons, they responded with this: ' I know that already and I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that's why I took this and I seek your help. If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities.'"

Picass0 writes with distressing news from the AP wire, about the AP: "The Justice Department secretly obtained two months of telephone records of reporters and editors for The Associated Press in what the news cooperative's top executive called a 'massive and unprecedented intrusion' into how news organizations gather the news." They obtained call records from a number of desk phones, and the personal phones of many news editors. The DOJ has not commented, but it may be related to the possibility that the CIA director leaked information on a foiled terror plot in Yemen last year.

Sockatume writes "The Sunday Times has revealed that analytics firm Ipsos MORI and 4G network EE attempted to sell detailed information on 27m subscribers' activities to various parties including the UK's police forces. The data encompasses the gender, postcode and age of subscribers, the sites they visit and times they are visited, and the places and times of calls and text messages. Ipsos MORI were reportedly 'bragging that the data can be used to track people and their location in real time to within 100 meters' in negotiations. Ipsos MORI has rushed to contradict this in an effort to save face, stating that the users are anonymized and data is aggregated into groups of 50 or more, while location is only precise to 700m. Despite their prior enthusiasm, the police have indicated that they will no longer go ahead with the deal. It is not clear whether the other sales will go ahead."

New submitter ukemike points out an article at CNET reporting on a how there's a "waiting list" for Apple to decypt iPhones seized by various law enforcement agencies. This suggests two important issues: first, that Apple is apparently both capable of and willing to help with these requests, and second, that there are too many of them for the company to process as they come in. From the article: "Court documents show that federal agents were so stymied by the encrypted iPhone 4S of a Kentucky man accused of distributing crack cocaine that they turned to Apple for decryption help last year. An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms and Explosives, 'contacted Apple to obtain assistance in unlocking the device,' U.S. District Judge Karen Caldwell wrote in a recent opinion. But, she wrote, the ATF was 'placed on a waiting list by the company.' A search warrant affidavit prepared by ATF agent Rob Maynard says that, for nearly three months last summer, he "attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock' an iPhone 4S. But after each police agency responded by saying they 'did not have the forensic capability,' Maynard resorted to asking Cupertino. Because the waiting list had grown so long, there would be at least a 7-week delay, Maynard says he was told by Joann Chang, a legal specialist in Apple's litigation group. It's unclear how long the process took, but it appears to have been at least four months."

theodp writes "Big Bloomberg is watching you. CNN reports that was the unsettling realization Goldman Sachs execs came to a few weeks ago when a Bloomberg reporter inadvertently revealed that reporters from the news and financial data provider had surveillance capabilities over users of Bloomberg terminals. 'Limited customer relationship data has long been available to our journalists,' acknowledged a Bloomberg spokesman. 'In light of [Goldman's] concern as well as a general heightened sensitivity to data access, we decided to disable journalist access to this customer relationship information for all clients.' Business Insider is now reporting on allegations that Bloomberg reporters used terminals to spy on JPMorgan during the 'London Whale' disaster; Bloomberg bragged about its leadership on this story."

Mobile photo-sharing app SnapChat has one claim to fame, compared to other ways people might share photos from their cellphones: the photos, once viewed, disappear from view, after a pre-set length of time. However, it turns out they don't disappear as thoroughly as users might like. New submitter nefus writes with this excerpt from Forbes: "Richard Hickman of Decipher Forensics found that it's possible to pull Snapchat photos from Android phones simply by downloading data from the phone using forensics software and removing a '.NoMedia' file extension that was keeping the photos from being viewed on the device. He published his findings online and local TV station KSL has a video showing how it's done."

netbuzz writes "The city of Boston, which employs 20,000 people, has become the latest large organization to switch from Microsoft Exchange to Google Apps. The city estimates that the move will save it $280,000 a year. Microsoft's reaction? 'We believe the citizens of Boston deserve cloud productivity tools that protect their security and privacy. Google's investments in these areas are inadequate, and they lack the proper protections most organizations require.' More and more customers aren't buying that FUD." Hopefully they'll be more satisfied than Los Angeles was (PDF).

Doug Otto writes "Buried deep in the bowels of a bi-partisan immigration reform bill is a 'photo tool.' The goal is to create a photo database consisting of every citizen. Wired calls it 'a massive federal database administered by the Department of Homeland Security and containing names, ages, Social Security numbers and photographs of everyone in the country with a driver’s license or other state-issued photo ID.' Of course the database would be used only for good, and never evil. 'This piece of the Border Security, Economic Opportunity, and Immigration Modernization Act is aimed at curbing employment of undocumented immigrants. But privacy advocates fear the inevitable mission creep, ending with the proof of self being required at polling places, to rent a house, buy a gun, open a bank account, acquire credit, board a plane or even attend a sporting event or log on the internet.'"

In an overdue but welcome move, President Obama today issued an executive order mandating "open and machine-readable data" for government-published information. Also, kodiaktau writes "In a move to make data more readily available, the United States of America has announced the Project Open Data and has chosen GitHub to host the content." Ars has a great article on the announced policy, but as you might expect, it comes with caveats, exceptions, sub-goals and committees; don't expect too much change per day, or assume you have a right to open data, exactly, in the eyes of the government, but — "subject to appropriations" — it sounds good on paper. (I'd like the next step to be requiring that all file formats used by the government be open source.)

Wired has published a book review of sorts of a freely downloadable book called Untangling the Web: A Guide to Internet Research. If that title came from O'Reilly, Apress, or other big name in tech-publishing, it might be perfectly nice but less interesting. Instead, it was prepared as an internal guide for the NSA, and came to public attention through a FOIA request by MuckRock. (See this video interview with MuckRock's Michael Morisy at this year's SXSW.) The version that's been released is several years old. From Wired's report: "Although the author's name is redacted in the version released by the NSA, Muckrock's FOIA indicates it was written by Robyn Winder and Charlie Speight. A note the NSA added to the book before releasing it under FOIA says that the opinions expressed in it are the authors', and not the agency's. ... Lest you think that none of this is new, that Johnny Long has been talking about this for years at hacker conferences and in his book Google Hacking, you’d be right. In fact, the authors of the NSA book give a shoutout to Johnny, but with the caveat that Johnny’s tips are designed for cracking — breaking into websites and servers. 'That is not something I encourage or advocate,' the author writes." (Hat tip to ThinkGeek's Jacob Rose.)