• NSA program captures, replays phone calls

    The NSA’s MYSTIC program, created in 2009, deploys a “retrospective retrieval” (RETRO) tool which allows agents to rewind and playback all phone conversations that have taken place in the past thirty days in an unnamed foreign country, according to Edward Snowden-leaked documents. The MYSTIC program differs from other NSA surveillance programs revealed by Snowden because it captures the content of phone conversations, not just calls’ metadata.

  • Facebook making snooping more difficult

    Facebook has joined its Silicon Valley competitors to improve cybersecurity following a recent report suggesting that the NSA may have posed as Facebook to infect targeted computers. Joe Sullivan, Facebook’s chief security officer, said Facebook was working to “make sure the system is robust enough that everyone should be coming in the front door with legal process and not getting information any other way.” He added that no one could pose as Facebook servers any more since the company made “https,” a secure method of accessing Web pages, standard last year.

  • MetaPhone: The sensitivity of telephone metadata

    Is telephone metadata sensitive? This is, at base, a factual dispute. Is it easy to draw sensitive inferences from phone metadata? How often do people conduct sensitive matters by phone, in a manner reflected by metadata? New research finds that phone metadata is unambiguously sensitive, even in a small population and over a short time window. The researchers were able to infer medical conditions, firearm ownership, and more, using solely phone metadata.

  • Software spots malicious behavior by apps

    Last year at the end of July the Russian software company Doctor Web detected several malicious apps in the app store Google Play. Downloaded on a smartphone, the malware installed — without the permission of the user — additional programs which sent expensive text messages to premium services. German computer scientists have now developed software which can discover such malicious apps already in the app store. The software detects pieces of code where the app accesses sensitive data and where data is sent from the mobile device.

  • Biometric security for mobile devices becoming mainstream

    Biometric security such as fingerprint, face, and voice recognition is set to hit the mainstream as global technology companies market the systems as convenient and easy to use. The latest biometric technologies are not without their security issues, but they are marketed as more convenient than traditional methods rather than more secure, and encourage adoption by people who currently do not have any security on their phone at all.

  • Collecting digital user data without compromising privacy

    The statistical evaluation of digital user data is of vital importance for analyzing trends. It can also undermine users’ privacy. Computer scientists have now developed a novel cryptographic method that makes it possible to collect data and protect the privacy of the user at the same time.

  • DHS drops plans for national license-plate database

    DHS has recalled its solicitation for bids by private companies to help the department create a national license-plate database which would allow unlimited access to information obtained from commercial and law enforcement license plate readers (LPRs). DHS wanted to use the database to track fugitive undocumented immigrants and others sought by law enforcement, but the database, which could have contained more than one billion records, raised privacy concerns and questions about the safeguards which would be used to protect innocent citizens.

  • Facebook-WhatsApp deal raises security concerns

    Facebook’s acquisition of WhatsApp made headlines for its sheer size — $4 billion in cash and $15 in Facebook stock, for a total of about $19 billion – but security experts are worried about the security aspects of the deal. Even security specialists advising WhatApp’s customers not to panic about the deal, use language which is not exactly reassuring. Serge Malenkovich of Kaspersky Labs says: “There are no new [emphasis in original] reasons to worry about messaging privacy. Honestly speaking, WhatsApp was never meant to be a true confidential messaging tool; there were even multiple breaches in the past, including some attacks, which make eavesdropping possible.”

  • QR codes threaten Internet security

    Internet security experts have raised concerns about the growing use of Quick Response codes, also known as QR codes. Because the codes can only be read by a machine, such as a smart phone, it is difficult for people to determine what they are about to download. The codes, which are often used in marketing campaigns, could also be used to subscribe people to unwanted services, such as premium SMS.

  • Anonymous messaging apps grow in popularity

    The recent surge in anonymous and ephemeral messaging apps like Backchat, Whipsper, Snapchat, Secret, and Ask.fm is a response to a growing demand for social media networks which allow users to interact without revealing their identify for fear of retribution or long-term stains on their personal records.

  • Identifying, thwarting insider threats before they do damage

    Researchers argue that one way to identify and predict potential insider threats even before these individuals begin to do damage like stealing and leaking sensitive information, is by using Big Data to monitor changes in behavior patterns. Researchers at PARC, for example, found that individuals who exhibit sudden decrease in participation in group activity, whether in a game like World of Warcraft or corporate e-mail communications, are likely to withdraw from the organization. A withdrawal represents dissatisfaction with the organization, a common trait of individuals who are likely to engage in insider security breaches.

  • Portland’s Christmas Bomber challenges NSA-gathered evidence used to convict him

    Mohamed Mohamud, a Somali immigrant and former Oregon State University student, was convicted last year of attempting to detonate a bomb in 2010 near Portland’s Christmas holiday tree-lighting ceremony at Pioneer Courthouse Square. His lawyers are questioning the legality of evidence used against him. Attorneys for Mohamud are claiming that the evidence used was obtained without a warrant and should have been barred by the court.

  • Florida mulling banning school collection of students’ biometric information

    Some school districts in Florida, including Polk County and Pinellas County, are using scanners to collect fingerprints and hands, eyes, and voice characteristics from students. Pinellas County school district allows students to use palm scans instead of cash to pay for meals in the cafeteria. The collection of students’ biometric information has alarmed many parents who are concerned that students’ identity or personal records may be stolen or sold to private companies. Florida state legislators are debating a proposal which would stop school districts from collecting biometric information from students.

  • Arizona lawmaker pushes measure to limit NSA operations in the state

    Arizona State Senator Kelli Ward, a tea party Republican representing the Lake Havasu area, is pushing a bill in the State Senate which would impose limits on the ability of the NSA to operate in Arizona. In December Ward became the first legislator in the nation to declare she would introduce legislation to limit NSA activities in the state, and so far legislators in twelve other states have introduced similar bills. Arizona SB 1156 would. Among other things, prohibit local and state law enforcement officials from cooperating with the NSA and would prevent state or local prosecutors from using NSA-collected information which had not been obtained with a warrant. The bill would also withhold funds from state universities and colleges supporting the NSA with research or recruitment. Legal scholars say the courts would in all likelihood strike down Ward’s measure because Arizona, in essence, is trying to regulate the federal government.

  • A first: Constitutionality of NSA warrantless surveillance challenged by terrorism suspect

    Jamshid Muhtorov, a refugee from Uzbekistan now facing terrorism charges in Colorado, is the first criminal defendant who, as part of his lawyers’ defense strategy, is challenging the constitutionality of the NSA’s warrantless surveillance program. Muhtorov filed a motion Wednesday in federal court in Denver to suppress any evidence obtained through the agency’s surveillance program on grounds that it was unlawful. In July 2013 the Justice Department reversed an earlier policy, and now informs defendants whether the case against them, in whole or in part, is based on information obtained through warrantless surveillance. To date, six months after the review process at Justice was launched, Muhtorov and Mohamed Mohamud, a Portland, Oregon teenager who had been convicted after an FBI sting operation of attempting to detonate a bomb at a Christmas tree lighting ceremony, are the only defendants to receive such a disclosure.