Loss of Privacy

Keeping you informed on recent losses to privacy and civil rights worldwide.

Browsing Posts in Security

From Help Net Security:

After having disclosed the extent of the employees’ information stolen in the recent hack to the California Attorney General’s Office, Sony Pictures Entertainment (SPE) has sent out an email to the affected workers, outlining the scope of the potential damage the “brazen cyber attack” might bring to them personally.

“Although SPE is in the process of investigating the scope of the cyber attack, SPE believes that the following types of personally identifiable information that you provided to SPE may have been obtained by unauthorized individuals: (i) name, (ii) address, (iii) Social Security Number, driver’s license number, passport number, and/or other government identifier, (iv) bank account information, (v) credit card information for corporate travel and expense, (vi) username and passwords, (vii) compensation and (viii) other employment related information,” the letter described.

Download (PDF, 149KB)

flattr this!

Verizon’s new encryption standard comes with law enforcement access to secure phone conversations.

Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization’s secure phone system.

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so. Seth Polansky, Cellcrypt’s vice president for North America, disputes the idea that building technology to allow wiretapping is a security risk. “It’s only creating a weakness for government agencies,” he says. “Just because a government access option exists, it doesn’t mean other companies can access it.”

If you have created a weakness for government agencies, you have created a weakness for everyone to exploit.

flattr this!

The MPs on the Science and Technology select committee called for the Government to draw up new guidelines for websites and apps explaining clearly how they use personal data, warning that laws will be needed if companies fail to comply.

The committee highlighted terms for Facebook Messenger’s mobile app, used by more than 200,000 million people a month, that means it can gain direct access to a mobile or tablet, including to take pictures or make videos, at any time without explicit confirmation from the owner.

The MP said that they should simplify the conditions of using their services, which are designed for US courts, because they are so impenetrable that “no reasonable person” can be expected to understand them.

Android users can try tinfoil as a workaround. It’s available at Google play.

More at The Telegraph.

flattr this!

From BlackHat:

Every day, millions of people go through airport security. While it is an inconvenience that could take a while, most are willing to follow the necessary procedures if it can guarantee their safety. Modern airport security checkpoints use sophisticated technology to help the security screeners identify potential threats and suspicious baggage.

Have you ever wondered how these devices work? Have you ever wondered why an airport security checkpoint was set up in a particular configuration? Join us as we present the details on how a variety of airport security systems actually work, and reveal their weaknesses. We’ll present what we have learned about modern airport security procedures, dive deep into the devices used to detect threats, and we’ll present some the bugs we discovered along the way.

If you’d like the pdf slides from the presentation, they are embedded below.

Download (PDF, 7.56MB)

Video.

flattr this!

Chicago_Transit_Authority_Logo.svg

Chicago police have announced they plan to stop rush hour public transit riders before they pass through turnstiles and screen their bags for explosives. There is no threat. The police see this as a proactive approach to terrorism that doesn’t exist.

There is “no known terrorist threat” that prompted the new procedure slated to begin the week of Nov. 3, Nancy Lipman, Chicago police commander for public transportation, said Friday at a news conference announcing the initiative.

So, there is no threat, yet the city of Chicago is going to toss out civil liberties just because they can.

Chicago police spokesman Marty Maloney says the security measure is a “proactive, protective measure.”

Proactive and protective of whom? There is no threat.

“We know that surface transportation has been targeted in other places in the past [Madrid, New York, London, Russia] and want to take whatever precautions possible,” Maloney told RedEye.

So, surface transportation has been targeted in one other American city, but three others in Europe are being tossed in to add a fear factor and justification for the city of Chicago.

Amtrak and the New York City and Washington transit stations employ a similar screening measure, Lipman said.

This is akin to, “if all your other friends are doing it, you might as well do it, too.”

Chicago police say they will randomly select one rail station each day to set up the screening table outside the rail turnstiles during rush hour. Lipman said most of the stations will be downtown but other stops will be included as well.

Soon after the tables are put up, thousands of people will find out about it via the Internet and newly created apps and most people will avoid this stop.

A team of four to five officers will man the table, which will have two explosives testing machines.

Police will approach riders, whom they have randomly selected by picking a random number that morning, Lipman said.

For example, if police pick the number 10, they will ask the 10th person who enters the station, then the 20th and so on, Lipman said.

Police say they will swab the outside of the bags but will not open them during the test.

They won’t open them, for now. As soon as everyone complies with this “randomness” the test will require searches of bags.

Riders who pass the test are free to enter the turnstiles. Officers will ask to inspect the bags of riders who fail the test. Police say the machines are testing the presence of explosives, not drugs.

Again, for now. This has been done before.

The whole process should take “less than a minute,” Lipman said during the Friday press conference at the Clinton stop on the Green and Pink lines. “We expect it to have no impact on a customer’s commute time.”

Riders who refuse to have their bag swabbed won’t be allowed to get on the train—in fact they’ll be ordered to leave the station. But they can head to another station to board the train, police said.

Because this is being done during rush hour, it will probably be just as easy to leave the train station and return a few moments later and the police won’t notice simply because there’s too many people.

Or, if police suspect the rider is involved in “further suspicious activity, and if we determine that probable cause exists to stop him/her for questioning, we might do so,” Maloney said.

“Further suspicious activity” is conveniently not described and intentionally vague. All for your safety of course. This won’t be abused.

Riders who say no to the swabbing but try to enter that station’s turnstiles face arrest, police say.

And your free movement within the United States is restricted in the name of a non-existent threat to your safety.

The screenings at stations will occur “several times a week,” police said.

Good luck, Chicago. Please fight against this ridiculousness.

flattr this!