wiretap
Latest
Bipartisan bill would expand US data collection transparency requirements
Email, text, GPS and cloud data would be subject to the same rules as wiretaps.
Facebook reportedly avoided DOJ wiretap of Messenger calls
As part of a case involving members of the MS-13 gang, the US Department of Justice has been pushing to get access to Facebook Messenger voice calls. It even attempted to hold Facebook in contempt of court last month when the company pushed back on a wiretap order. Now, Reuters reports that a US District Court judge ruled in favor of the social media giant, according to sources familiar with the matter, but because the proceedings are sealed, the reason why isn't yet clear.
USA Today: California wrongly wiretapped 52,000 people
USA Today is claiming to have uncovered evidence that prosecutors in the state of California violated federal law by improperly authorizing the use of wiretaps. The paper believes that drug investigators used 738 questionable taps to intercept calls and text messages made by "more than 52,000 people." If all of this is true, then the news will raise plenty of questions brought between mid-2013 and early 2015.
The DEA's eavesdropping has tripled over the past decade
A federal agency eavesdropping is nothing new -- even if sometimes they do it with controversy. But, aside from the NSA, there's one in particular that has been quite active in the past few years: the Drug Enforcement Administration. According to records obtained by USA Today, thanks to the Freedom of Information Act, the DEA more than tripled its use of wiretaps (and other electronic tools used for snooping) over the last decade. As of last September, it had recorded 11,681 intercepts, compared to 3,394 made 10 years earlier. That's not the most interesting part about the report, however.
Google denied dismissal of wiretapping claims in Street View data snooping suit
Google's already vowed to pony up $7 million and destroy passwords, emails and other data collected from unsecured WiFi networks through its Street View cars, but the damage won't stop there. The US Court of Appeals for the Ninth Circuit has denied the company's attempt to dismiss wiretapping claims in a class action suit over the debacle. Page and Co. argued their actions could pass under a wiretap exemption since data transmitted over WiFi is an electronic communication that's easily accessible to the public. However, the panel of judges didn't buy the search giant's argument. "Wi-Fi transmissions are not 'readily accessible' to the 'general public' because most of the general public lacks the expertise to intercept and decode payload data transmitted over a Wi-Fi network," Judge Jay Bybee explained. Secondly, the court ruled that the data transmitted over WiFi can't be classified as mostly audio, so it falls "outside of the definition of a 'radio communication.'" "We are disappointed in the Ninth Circuit's decision and are considering our next steps," a Google spokesperson told Bloomberg. Now that Mountain View isn't getting off this hook, expect it to dish out more compensation soon.
FBI turning to private sector to hack phones, exploit unknown security holes
Thanks to the NSA PRISM revelations we've all lost our innocence about government cyber-spying, but how far down that rabbit-hole has law-enforcement gone? Revelations from the Def Con hacking conference in Las Vegas show that such tactics are old hat for another US anti-crime department: the FBI. For instance, one ex-official said that the bureau's analysts (shown above) can routinely turn on the microphones in laptops and Android devices to record conversations without a person's knowledge. On top of such in-house expertise, a private sector cottage industry has sprung up around cyber surveillance, marketing programs that can also hack handheld devices and PCs. One company even markets "zero day" bugging software that exploits unknown security holes -- meaning crime lords can't just patch their browsers to avoid detection. [Image credit: Wikimedia Commons]
PRISM whistleblower Edward Snowden reveals himself, reasons for leaking surveillance program (updated)
Only days after the initial leaks and explanations by the US government about the National Security Agency's data surveillance program PRISM, Edward Snowden has revealed himself as the whistleblower. He's employed by defense contractor Booz Allen Hamilton and also worked at the NSA as a "technical assistant" for the CIA. In speaking to The Guardian, he explained his reasons for disclosing the intelligence program: he wanted to "to inform the public as to that which is done in their name and that which is done against them," hoping that they'll use the information to debate the issue. While the NSA's data-mining tool is reportedly known as Boundless Informant, Snowden has been keeping himself bound to a hotel in Hong Kong during this whole drama. Major internet companies have insisted that the government doesn't receive direct access to their servers and President Obama has stated that "nobody is listening to your phone calls, but the issue remains far from black and white. Snowden claims a "massive surveillance machine" is in the making under the radar -- at this point he's now waiting to see what happens next, assured he's made the the decision that feels right to him. Catch the full interview at the source link. Update: In case there was any doubt that Snowden has ever been employed by Booz Allen Hamilton, the company just released the following statement: Booz Allen can confirm that Edward Snowden, 29, has been an employee of our firm for less than 3 months, assigned to a team in Hawaii. News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter.
France investigates Skype after it doesn't register as a telecom provider (update: Skype response)
You can't completely pigeonhole Skype when it serves both as a partial substitute for traditional phone service and an instant messaging service with voice and video on top. Unfortunately, French telecom regulator ARCEP doesn't trade in ambiguities. It's launching an investigation into Skype after the Microsoft-owned division reportedly ignored requests to register itself as a telecom provider in the country. The authority is concerned that Skype is offering phone service without following local laws, including requirements to offer emergency calls and avenues for legal wiretaps. We've reached out to Skype for its side of the story, although there's no certainty that ARCEP will have to take action, regardless -- Skype has long disclaimed that it's not a full phone replacement and won't work for true emergencies. If France asks for compliance, however, Skype may have to either solve a seemingly unsolvable problem or face withdrawing at least some of its services. We wouldn't count on always having VoIP in Versailles. Update: A Skype spokesperson answered back, and the company's view is clear: it doesn't believe that its service fits the definition of a communication provider under French law and thus doesn't have to be registered. Skype adds that it's been talking with ARCEP and plans to keep that up in a "constructive" fashion, although there clearly hasn't been much progress on that front. Read the full response after the break. [Image credit: Alexandre Vialle, Flickr]
Indian official claims BlackBerry eavesdropping standoff is 'heading towards a resolution'
Oh, bureaucracies, the fun in dealing with them is that you're told exactly what they want you to know -- or at least, believe. That's the name of the game in India, where -- as you're surely aware -- the government has been at odds with RIM for years over its insistence that the Waterloo firm provide the means to monitor encrypted emails and BBM messages. In a revelation that may relate to those BlackBerry servers in Mumbai, R. Chandrasekhar of India's Department of Information Technology has asserted, "The issue is heading towards a resolution." While it's difficult to know whether monitoring is already in place, Chandrasekhar added that, "Law enforcement agencies will get what they need." Another unknown is whether RIM played a role in these developments. For its part, the company claims, "RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries." So, if everything is now clear as mud for you, just remember: that's how those in charge like it.
Federal appeals court says warrantless wiretapping is legal
A federal appeals court has ruled today that the US government can tap into Americans' communications without worrying over frivolous things like "being sued" by its people. In what most sane civilians will probably see as a depressing loss of protection, a three-judge panel of the 9th US Circuit Court of Appeals ruled that citizens can sue the United States for damages stemming from the use of information collected via wiretap, but not for the collection of information itself. In typical pass-the-buck fashion, Wired reports that Judge Michael Daly Hawkins and Judge Harry Pregerson added the following: "Although such a structure may seem anomalous and even unfair, the policy judgment is one for Congress, not the courts." Alrighty. For those unaware, the back and forth surrounding this issue extends back to Congress' authorization of the Bush spy program in 2008, and more specifically, a pair of US lawyers and the now-defunct al-Haramain Islamic Foundation -- a group that was granted over $2.5 million combined in legal fees after proving that they were spied on sans warrants. The full report can be found in the PDF below.
Carriers face big surge in cellphone surveillance requests, raise a few alarm bells
Color us unsurprised that US law enforcers would push hard for surveillance access. Congressman Ed Markey has published a new report on requests to cellular carriers that shows a recent rush of demand for information, including last year. The rates vary sharply, but T-Mobile has seen a yearly hike of 12 to 16 percent, while Verizon has seen its own grown 15 percent -- and Sprint took nearly twice as many surveillance requests as AT&T or Verizon in 2011, despite its smaller size. Markey's concern is that police and other investigators are casting too wide a net and sweeping up innocent customers through widescale requests, potentially violating their privacy in the process. Whether or not cell tower dumps and other broad fishing attempts are problems, carriers have been quick to point out that they have huge teams in place to deal with police requests and cling steadfastly to requiring a warrant when the law demands it. Needless to say, there are a few groups that strongly disagree with that last claim.
FBI reportedly pressing for backdoor access to Facebook, Google
Investigators at the FBI supposedly aren't happy that social networks like Facebook or Google+ don't have the same kind of facility for wiretaps that phones have had for decades. If claimed industry contacts for CNET are right, senior staff at the bureau have floated a proposed amendment to the 1994-era Communications Assistance for Law Enforcement Act (CALEA) that would require that communication-based websites with large user bases include a backdoor for federal agents to snoop on suspects. It would still include the same requirement for a court order as for phone calls, even if US carriers currently enjoy immunity for cooperating with any warrantless wiretapping. As might be expected, technology firms and civil liberties advocates like the Electronic Frontier Foundation object to deepening CALEA's reach any further, and Apple is thought to be preemptively lobbying against another definition of the law that might require a government back channel for audiovisual chat services like FaceTime or Skype. The FBI didn't explicitly confirm the proposal when asked, but it did say it was worried it might be "going dark" and couldn't enforce wiretaps. [Image credit: David Drexler, Flickr]
Carrier IQ issues lengthy report on data collection practices, sticks to its guns
After having already tried to explain itself with metaphor, Carrier IQ is now taking its floundering PR campaign back to basics, with an ostensibly thorough primer on its practices and a slightly less convoluted defense of its privacy standards. This morning, the controversial analytics firm released a lengthy, 19-page document that attempts to explain "what Carrier IQ does and does not do." In the report, titled "Understanding Carrier IQ Technology," the company explains the benefit it offers to its clientele of network operators, many of whom rely upon Carrier IQ's diagnostic data to make sure their infrastructure is up to snuff. It also provides a breakdown of how it collects data, as well as a defense against Trevor Eckhart's findings, though, as you'll see, these arguments likely won't put this saga to bed anytime soon. Read more, after the break.
Supercurio brings Carrier IQ detection to the people, pitchfork optional
While the Carrier IQ saga continues to unfold, our eForensics ally, François Simond (supercurio) has cooked up an app for any Android device users wanting to check if the analytics company has its fingers in his or her privacy pie. Not only is the unfinished app available for download now, but the open source code is also up for anyone looking to improve on the developmental release. Wannabe Carrier IQ investigators can hit up both at the source links below.
Carrier IQ: What it is, what it isn't, and what you need to know
Carrier IQ has recently found itself swimming in controversy. The analytics company and its eponymous software have come under fire from security researchers, privacy advocates and legal critics not only for the data it gathers, but also for its lack of transparency regarding the use of said information. Carrier IQ claims its software is installed on over 140 million devices with partners including Sprint, HTC and allegedly, Apple and Samsung. Nokia, RIM and Verizon Wireless have been alleged as partners, too, although each company denies such claims. Ostensibly, the software's meant to improve the customer experience, though in nearly every case, Carrier IQ users are unaware of the software's existence, as it runs hidden in the background and doesn't require authorized consent to function. From a permissions standpoint -- with respect to Android -- the software is capable of logging user keystrokes, recording telephone calls, storing text messages, tracking location and more. It is often difficult or impossible to disable. How Carrier IQ uses your behavior data remains unclear, and its lack of transparency brings us to where we are today. Like you, we want to know more. We'll certainly continue to pursue this story, but until further developments are uncovered, here's what you need to know.
Texas judge says warrantless cellphone tracking violates Fourth Amendment, saga continues
Rev up the bureaucratic turbines, because a judge in Texas has determined that warrantless cellphone tracking is indeed unconstitutional. In a brief decision issued earlier this month, US District Judge Lynn N. Hughes of the Southern District of Texas argued that seizing cellphone records without a search warrant constitutes a violation of the Fourth Amendment. "The records would show the date, time, called number, and location of the telephone when the call was made," Judge Hughes wrote in the ruling, linked below. "These data are constitutionally protected from this intrusion." The decision comes in response to an earlier ruling issued last year by Magistrate Judge Stephen Smith, also of the Southern District of Texas. In that case, Judge Smith argued against unwarranted wiretapping on similarly constitutional grounds, pointing out that with today's tracking technology, every aspect of a suspect's life could be "imperceptibly captured, compiled, and retrieved from a digital dossier somewhere in a computer cloud." The federal government appealed Judge Smith's ruling on the grounds that the Fourth Amendment would not apply to cellphone tracking, because "a customer has no privacy interest in business records held by a cell phone provider, as they are not the customer's private papers." Judge Hughes' decision, however, effectively overrules this appeal. "When the government requests records from cellular services, data disclosing the location of the telephone at the time of particular calls may be acquired only by a warrant issued on probable cause," Judge Hughes wrote. "The standard under [today's law] is below that required by the Constitution." The law in question, of course, is the Stored Communications Act -- a law bundled under the Electronic Communications Privacy Act of 1986, which allows investigators to obtain electronic records without a warrant. This month's decision implicitly calls for this law to be reconsidered or revised, though it's certainly not the only ruling to challenge it, and it likely won't be the last, either.
U.S. officials push for broader internet wiretapping regulations
The NSA may have its ominously named Perfect Citizen program to guard against potential cyber attacks, but it looks like the U.S. government still isn't quite satisfied with its surveillance capabilities in the age of the internet. As the New York Times reports, federal officials are now pushing for some expanding wiretapping regulations that would require any communications service -- including everything from encrypted BlackBerry messages to Skype to social networking sites -- to be "technically capable of complying if served with a wiretap order." That, officials say, is necessary because their current wiretapping abilities are effectively "going dark" as communications move increasingly online. While complete details are obviously a bit light, the officials do apparently have a few ideas about how such a radical change might be possible, including a regulation that foreign-based companies that do business in the US be required to install a domestic office capable of performing intercepts, and a flat out requirement that "developers of software that enables peer-to-peer communication must redesign their service to allow interception." Of course, the specifics could still change, but the Obama administration is apparently intent on getting a bill of some sort submitted to Congress next year. [Image courtesy PBS]
Video: UK Home Secretary delays 1984 by a few years
The UK Home Secretary (whatever that is) has put the kibosh on plans for a giant government database that would track all of the country's emails, phone calls and internet activity. But not so fast, civil libertarians! According to the Telegraph, the onus will merely shift to the private sector -- with telecoms and Internet providers being required to retain the data, at a cost of around £2 billion (over $2.9 billion US). According to the plan, every Internet user will be given a unique ID code that the government can use to access the data in the event of a threat -- whether terrorist, criminal, or extraterrestrial. It just goes to show you how lucky Britons are to have a government that cares so much about their well being. Video after the break.
UK planning to monitor and record every phone call, web page, and email sent by citizens
We're not sure if these plans will ever make it to reality, but the Telegraph is reporting that Britain's Home Office is working on database designed to store the details of every phone call, email, and web page accessed by British citizens in the previous year. The idea is to have various telecom providers hand over their records, which will all go into the database and then be accessible by police upon receipt of a court order. Of course, there's no reason why police couldn't simply ask the ISPs for the appropriate data when they get that court order, since records are already required to be kept for a year, but sometimes it's important for a government to build a massive scary database of personal information with endless potential for abuse by embittered low-level bureaucrats, you know? The plan is still in draft stages, so hopefully it dies on the table -- and if not, well, the NSA welcomes you with open arms, British expats.[Via National Terror Alert]
Department of Homeland Security piggybacks on T-Mobile's SunCom buy
Here's an interesting little fact: because T-Mobile is foreign-owned (by Germany's Deutsche Telekom), several government agencies get all up in its business every time it makes an acquisition. Yes, of course, government agencies get their grubby paws in every acquisition here be it foreign or domestic, but the foreigners have it considerably worse. When DT completed the VoiceStream acquisition back in 2001 to form T-Mobile USA, the FBI and Department of Justice took their sweet time to make sure they'd have agreements in place that allowed them to monitor communications 24 hours a day at their leisure and discretion, and actually held up the FCC's approval until they had a signed deal with the company. Since then, the Department of Homeland Security has been thrust into prominence and wants in on the same luxuries its counterparts at the DOJ and FBI enjoy -- so yeah, you guessed it, they held up the SunCom deal until DT let them in on the action, too. Rumor has it T-Mobile wasn't too happy about the Department's demands, but when the rubber met the road, they chose wireless footprint over principles. Really, with the G Men already on board, what difference does it make? [Warning: PDF link][Via BetaNews, thanks oakie]
