• Hackers can guess your phone PIN using its sensor data

    Instruments in smart phones such as the accelerometer, gyroscope and proximity sensors represent a potential security vulnerability, according to researchers. Using a combination of information gathered from six different sensors found in smart phones and state-of-the-art machine learning and deep learning algorithms, the researchers succeeded in unlocking Android smart phones with a 99.5 per cent accuracy within only three tries, when tackling a phone that had one of the 50 most common PIN numbers

  • Court recognizes first amendment right to anonymity even after speakers lose lawsuits

    Anonymous online speakers may be able to keep their identities secret even after they lose lawsuits brought against them, a federal appellate court ruled last week. The decision by the U.S. Court of Appeals for the Sixth Circuit in Signature Management Team, LLC v. John Doe is a victory for online speakers because it recognized that the First Amendment’s protections for anonymous speech do not end once a party suing the anonymous speaker prevails. The ruling, however, is not all good news for anonymous speech. The test announced by the court sets unmasking as the default rule post-judgment, placing the burden on the anonymous party to argue against unmasking.

  • EFF wants information about government tattoo recognition technology

    The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice, the Department of Commerce, and the Department of Homeland Security the other day, demanding records about the agencies’ work on the federal Tattoo Recognition Technology program. EFF says that this secretive program involves a coalition of government, academia, and private industry working to develop a series of algorithms that would rapidly detect tattoos, identify people via their tattoos, and match people with others who have similar body art—as well as flagging tattoos believed to be connected to religious and ethnic symbols.

  • An armed robber’s Supreme Court case could affect all Americans’ digital privacy for decades to come

    A man named Timothy Carpenter planned and participated in several armed robberies at Radio Shack and T-Mobile stores in Michigan and Ohio between 2010 and 2012. He was caught, convicted and sentenced to 116 years in federal prison. His appeal, which was heard by the U.S. Supreme Court on 29 November, will shape the life of every American for years to come – no matter which way it’s decided. The FBI found Timothy Carpenter because one of his accomplices told them about him. I believe the FBI could have obtained a search warrant to track Carpenter, if agents had applied for one. Instead, federal agents got cellphone location data not just for Carpenter, but for fifteen other people, most of whom were not charged with any crime. One of them could be you, and you’d likely never know it. The more people rely on external devices whose basic functions record and transmit important data about their lives, the more critical it becomes for everyone to have real protection for their private data stored on and communicated by these devices.

  • Email writer’s identity can be revealed by analyzing small sequences of words

    Researchers examined thousands of emails to show it is possible to identify someone by analyzing small sequences of words and prove them as the author. The research aims to address the challenges experts face when analyzing language evidence in court proceedings or in reports.

  • Too much browser functionality creates unnecessary security, privacy risks

    Modern website browsers provide an incredibly broad range of features, with more and more capabilities being added every day. New research has identified numerous browser functionalities rarely used or needed by websites, but which pose substantial security and privacy risks to web surfers. Blocking website access to unnecessary browser functionality would help reduce these risks.

  • For $1000, anyone can purchase mobile advertising to track your location, app use

    Privacy concerns have long swirled around how much information online advertising networks collect about people’s browsing, buying and social media habits — typically to sell you something. But could someone use mobile advertising to learn where you go for coffee? Could a burglar establish a sham company and send ads to your phone to learn when you leave the house? Could a suspicious employer see whether you’re using shopping apps on work time? The answer is yes, at least in theory.

  • FISA Section 702 reform bill a good Start, but improvements still needed: Critics

    Last Wednesday, the draft of the House Judiciary Committee’s bill to reauthorize and reform Section 702 of the Foreign Intelligence Surveillance Act (FISA) was made public. Section 702 permits the government to collect the content of communications of targets who are non-Americans located abroad, including communications they may have with Americans. Critics urge Congress to pass significant and meaningful reforms to Section 702 which address the serious constitutional concerns it raises, or allow that surveillance authority to expire.

  • The security of fitness trackers could – and should – be improved

    The security of wearable fitness trackers could be improved to better protect users’ personal data, a new study suggests. Vulnerabilities in the devices – which track heart rate, steps taken and calories burned – could threaten the privacy and security of the data they record, scientists say.

  • Big data amplify existing police surveillance practices: Study

    The big data landscape is changing quickly, and researchers wonder whether our political and social systems and regulations can keep up. With access to more personal data than ever before, police have the power to solve crimes more quickly, but in practice, the influx of information tends to amplify existing practices.

  • California’s police can't keep license plate data secret: Court

    The Electronic Frontier Foundation (EFF) and the ACLU won a decision by the California Supreme Court that the license plate data of millions of law-abiding drivers, collected indiscriminately by police across the state, are not “investigative records” that law enforcement can keep secret. California’s highest court ruled that the collection of license plate data isn’t targeted at any particular crime, so the records couldn’t be considered part of a police investigation.

  • On internet privacy, be very afraid

    In the internet era, consumers seem increasingly resigned to giving up fundamental aspects of their privacy for convenience in using their phones and computers, and have grudgingly accepted that being monitored by corporations and even governments is just a fact of modern life. In fact, internet users in the United States have fewer privacy protections than those in other countries. In April, Congress voted to allow internet service providers to collect and sell their customers’ browsing data. Cybersecurity expert Bruce Schneier talked about government and corporate surveillance, and about what concerned users can do to protect their privacy. “Surveillance is the business model of the internet,” he says.

  • Google’s assault on privacy: a reminder

    On its best day, with every ounce of technology the U.S. government could muster, it could not know a fraction as much about any of us as Google does now” (Shelly Palmer, technology analyst).

  • EFF to court: Border agents need warrants to search contents of digital devices

    Searches of mobile phones, laptops, and other digital devices by federal agents at international airports and U.S. land borders are highly intrusive forays into travelers’ private information that require a warrant, the Electronic Frontier Foundation (EFF) said in a court filing Monday.

  • CDT files complaint with the FTC against Hotspot Shield VPN

    For many Americans looking to protect their online privacy, virtual private networks, or VPNs, are a good option. The Center for Democracy & Technology (CDT) says, however, that a popular free VPN, Hotspot Shield, promises to protect its users’ privacy but has undisclosed data sharing and traffic redirection practices that violate that promise. Plixer said that the claims by CDT ignore the internet market realities.