• Supposedly encrypted national identifying numbers easily decrypted

    Studies raise questions about the use of national identifying numbers by showing that Resident Registration Numbers (RRN) used in South Korea can be decrypted to reveal a host of personal information. A team of researchers in two experiments was able to decrypt more than 23,000 RRNs using both computation and logical reasoning. The findings suggest that, while such identifiers are encrypted to protect privacy, they remain vulnerable to attack and must be designed to avoid such weaknesses.

  • Smart watches allow hackers to harvest users’ data

    They are the latest rage in jewelry and gadgetry, but like all computer devices, smart watches are vulnerable to hackers. Using a homegrown app on a Samsung Gear Live smart watch, researchers were able to guess what a user was typing through data “leaks” produced by the motion sensors on smart watches. The project, called Motion Leaks through Smartwatch Sensors, or MoLe, has privacy implications, as an app that is camouflaged as a pedometer, for example, could gather data from emails, search queries and other confidential documents.

  • Bill requiring Internet companies to report “terrorist activity” opposed by digital rights groups

    A coalition of digital rights groups and trade associations last week released a joint letter opposing a proposal in the Senate to require U.S. tech firms to police the speech of their users and to report any signs of apparent “terrorist activity” to law enforcement. The letter says that this sweeping mandate covers an undefined category of activities and communications and would likely lead to significant over-reporting by communication service providers. The letter urged senators to remove the “terrorist activity” reporting requirements from the Intelligence Authorization Act (S. 1705).

  • Windows 10 is not really free: you are paying for it with your privacy

    Windows 10, it seems, is proving a hit with both the public and the technology press after its release last week. After two days, it had been installed on sixty-seven million PCs. For those concerned about privacy, it is the very fact that the upgrade is free that has them concerned that Microsoft has adopted a new, “freemium” model for making money from its operating system. Microsoft is employing a unique “advertising ID” that is assigned to a user when Windows 10 is installed. This is used to target personalized ads at the user. There are steps users can take to mitigate the worst of the privacy issues with Windows 10, and these are highly recommended. Microsoft should have allowed users to pay a regular fee for the product in exchange for a guarantee of the levels of privacy its users deserve.

  • Shoring up Tor

    With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and Web sites hosting content that’s been deemed subversive have used it to hide the locations of their servers. Researchers have now demonstrated a vulnerability in Tor’s design, mounting successful attacks against popular anonymity network — and show how to prevent them.

  • NSA to destroy millions of American call records collected under controversial program

    The director of national intelligence said on Monday that the NSA would no longer examine call records collected by the NSA in its controversial bulk collection program before the June reauthorization of the Patriot Act which prohibits such collection. Bulk records are typically kept for five years, but the director said that although the records in the NSA database were collected lawfully, they would not be examined, and would soon be destroyed.

  • Journalists’ computer security tools lacking in a post-Snowden world

    Edward Snowden’s leak of classified documents to journalists around the world about massive government surveillance programs and threats to personal privacy ultimately resulted in a Pulitzer Prize for public service. Though Snowden had no intention of hiding his identity, the disclosures also raised new questions about how effectively news organizations can protect anonymous sources and sensitive information in an era of constant data collection and tracking. Researchers found a number of security weaknesses in journalists’ and news organizations’ technological tools and ad-hoc workarounds.

  • In first case of its kind, UK high court rules surveillance law unconstitutional

    Controversial surveillance legislation hustled through parliament last summer has been ruled unlawful by the U.K. High Court, which argued that the vague terms and descriptions of powers in the Data Retention and Investigatory Powers Act 2014 (DRIPA) renders the act incompatible with human rights under European law. DRIPA, one in a series of laws supporting controversial surveillance powers passed by successive U.K. governments, establishes the principle by which anti-terrorism measures and national security priorities take precedence over human rights considerations. However, the judgment rules that the EU Charter of Fundamental Rights must take precedence, and in doing so requires the U.K. government to undo its own act of parliament — a significant precedent by a British court.

  • Questions raised about Kaspersky’s close ties to the Russian government

    Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.

  • New U.K. surveillance review calls for a fresh start in the law for interception of communications

    After a year of investigation and consultation, the U.K. Independent Surveillance Review has delivered its conclusions to Prime Minister David Cameron. The authors presented their report, A Democratic License to Operate, yesterday (14 July 2015). The Review shows how a democracy can combine the high level of security the public has a right to expect, and also ensure the respect for privacy and freedom of speech that are the foundations of a democracy. The panel unanimously calls on government, civil society, and industry to accept its recommendations and work together to put them into practice.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Privacy by design: Protecting privacy in the digital world

    It is a fact of modern life — with every click, every tweet, every Facebook Like, we hand over information about ourselves to organizations which are desperate to know all of our secrets, in the hope that those secrets can be used to sell us something. What power can individuals have over their data when their every move online is being tracked? Researchers are building new systems that shift the power back to individual users, and could make personal data faster to access and at much lower cost.

  • Administration rejects criticism of NSA’s surveillance of foreign hackers

    Just two years after the Edward Snowden leaks exposed the NSA’s domestic surveillance program, another report released last Friday from the Snowden files shares information about the NSA’s efforts to track foreign hackers. As with the NSA’s controversial foreign surveillance program which kept metadata records of suspected foreign terrorists’ conversations with Americans, the NSA’s hacker program may incidentally gather Americans’ private information from the files of foreign hackers.

  • Computer searches at border subject to case-by-case reasonableness: Court

    A Washington, D.C. District Court has upheld a ruling that U.S. intelligence and border security agents must have “reasonable suspicion” to seize and search any computer or storage media at the border – especially if the computer and storage media belong to an individual about to leave the country. A South Korean businessman, suspected of buying missile parts for China, was stopped at LAX on his way back to Korea. He was allowed to leave, but his laptop and storage media were seized by agents. Judge Amy Berman Jackson stressed that in border searches, the government has a more compelling interest in searching things that are being brought into the country than things that are about to leave the country. Kim’s lawyers asked the judge to suppress any incriminating evidence found on Kim’s laptop during a warrantless search conducted by the case agents, and she granted to lawyers’ motion. DHS says it will appeal her decision.

  • USMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.