snooping
Latest
Former Apple exec claims the company spied on his text messages
A former Apple executive is claiming the company spied on his text messages before suing him. In February, Gerard Williams III, who spent almost 10 years working on mobile device chips at Apple, left the company. The same month, he joined NuVia Inc -- a company founded to develop processors for data centers -- with several other Apple developers. In August, Apple sued Williams for breach of contract. Now, Williams is disputing the lawsuit and claims Apple illegally snooped on his texts and phone records.
Russia stops at nothing to silence Telegram
The protracted fight between the Russian government and encrypted messaging app Telegram is coming to an end. Last week, the country's court granted a request for the app to be banned, enabling officials to begin work on booting it out of the country. Then, yesterday Roskomnadzor, Russia's equivalent of the FCC, began telling mobile networks that they had to block access to Telegram.
The NSA is reportedly scouring Angry Birds and other apps for user data
According to newly leaked information from Edward Snowden, the NSA can access data from Angry Birds and other apps to learn everything from your gender to your location. The Guardian, ProPublica and The New York Times reported on the extensive leaks; get ready for a ton of new details below. Depending on how much information a user shares (and how much the app developer allows for), the NSA and the GCHQ in the UK can collect details such as smartphone identification codes, current location, age, gender and marital status. In the case of Angry Birds, ad platforms give the agencies access to much more data than the game alone provides. It's not clear just what personal information can be collected through the app, but considering the game has been downloaded more than 1.7 billion times, this is relevant news for anyone who enjoys apps on a smartphone. The leaked documents don't only raise flags about the safety of mobile apps; one report also shows that by simply updating your Android software, you've generated hundreds of lines of data about your phone's history. Moreover, the leaks detail the NSA's efforts to hack individual handsets, with methods boasting cheerful names like "Nosey Smurf." Of course, all these revelations raise the question: Has extensive information-collecting been helpful in fighting terrorism? According to The New York Times, a 2009 analysis of US and UK cellphone data turned up millions of "callers of interest." In other words, describing the vast amounts of data collected as "unwieldy" would be a gross understatement. Update: Rovio released a statement explaining that it doesn't provide any end-user data to the US government or agencies from any other country.
This is the Modem World: E-Snooping on Our Loved Ones is Bad. Or is it?
Each week Joshua Fruhlinger contributes This is the Modem World, a column dedicated to exploring the culture of consumer technology. I recently had the displeasure of consoling a friend about her rocky history with a boyfriend who appeared to be looking outside their relationship for companionship. She said that the man was talking to other women, flirting and even setting up dates to meet up in the future during business trips. As I told her that no one deserves to be cheated on - You deserve better! - I soon learned that the manner in which she learned that her man was seeking strangers was a curious - and potentially dangerous - sign of our times.
Google confirms it still has a 'small portion' of Street View WiFi data, apologizes
It has seemed like Google was close to putting its Street View snooping controversy behind it a few times now, but one thing or another keeps bringing it back to the forefront. Today, it's an admission from Google that it hasn't deleted all of the so-called payload data in question after all. That revelation comes in a letter from Google Global Privacy Counsel Peter Fleisher to Steve Eckersley, head of enforcement at the UK's Information Commissioner's Office (or ICO), in which Fleisher says that Google is still in possession of a "small portion of payload data collected by our Street View vehicles in the UK." Fleisher adds that Google "apologizes for this error," and says that the data was discovered after an extensive review of its Street View data that it has been conducting in recent months. For its part, the ICO has acknowledged that it received the letter, and notes that the data was supposed to have been deleted in December of 2010, adding that "the fact that some of this information still exists appears to breach the undertaking to the ICO signed by Google in November 2010." You can find both statements in full at the ICO link below.
Google Street View's WiFi snooping triggers renewed scrutiny in the UK
You remember that little Street View privacy problem that Google had back in 2010? Authorities in the UK sure do and Mountain View's gonna have some serious splainin' to do if the Information Commissioner's Office has anything to say about it. Big G initially denied that its cars were used to willfully snatch up personal info from open WiFi networks, but a recent investigation by the FCC, coupled with earlier accusations, has prompted renewed scrutiny. The report from the US even suggests that "investigators in France, Canada and The Netherlands found that Google intercepted complete email messages, instant message conversations, video, audio, medical and legal information," which could lead to a big headache for the company. We really don't want to imagine the possible consequences of a nationwide Street View ban.
Justice Department clears Google of WiFi wiretapping violations
Two years ago, Google drove its way into a fair amount of hot water when it accidentally (as was claimed) scooped up private data over WiFi while collecting Street View and location data. Now, the Justice Department has cleared the prolific mapsters of the wiretapping violations. The DOJ made its decision not to push for prosecution based on reports from employees and investigating key documents reports Wired. The Wiretap Act (which is the relevant one here) was argued to only pertain to "traditional radio services," by US District Judge James Ware, but neither the DOJ or FCC said they could find any evidence that Google accessed the date it snared. In an extra move of openness, the search giant has also released the entire FCC report on the Street View investigation (redacted to protect identities) which can be found in the more coverage link. So, next time you see the famous camera-topped wagons roll around, you can leave your tin hat in the closet.
UK planning second snooping bill, proxy servers to sell out shortly
The UK Government revealed on April Fools' Day that it's planning to offer law enforcement agencies unprecedented access to private communications. British Cellphone operators and ISPs will be required to harvest packet data -- containing the parties to all calls, emails and social media communication, as well as the time and duration of each message. The proposals will be officially unveiled on May 9th, as part of the Queen's Speech, despite a similar bill being opposed by the current administration whilst it was in opposition. It has already drawn bitter criticism from backbench members of the Government, civil liberties advocates and privacy experts, who believe the move is fundamentally flawed. It's currently timetabled to be added to the statute books by 2013, unless, you know, common sense gets in the way.
Wireless snooping WASP drone knows you want extra jalapeños, no sliced tomato
This fearsome contraption is the handiwork of a couple of amateur DEFCON-types who reckoned that any self-respecting spy plane ought to be able to impersonate cellphone towers. And that's exactly what the Wireless Aerial Surveillance Platform does -- it tricks AT&T and T-Mobile handsets into connecting to it, then re-routes the incoming calls via VOIP so they don't drop, while simultaneously recording all conversations to 32GB of onboard storage. It can also handle a bit of WiFi snooping on the side, thanks to a Linux-based hacking toolkit and a 340 million word dictionary for guessing passwords. What's more, the WASP apparently achieves all of this without breaking a single FCC regulation. So, er, that's fine then. Oh yeah, and we don't want any of that stuffed crust nonsense, you hear?
UAE plans enterprise-class messaging ban for individuals and small companies?
Seems the United Arab Emirates wasn't satisfied with the spying agreements that RIM put in place -- now, the government's Telecommunications Regulatory Authority will reportedly restrict BlackBerry Enterprise Server (BES) services to companies with more than twenty BlackBerry accounts each. Interestingly, the TRA itself denies that any services will be halted to individuals or small firms, even as RIM itself claims that such a ban will indeed take effect, though RIM also claims that it "would be an industrywide policy applying equally to all enterprise solution providers," happily suggesting that competitors would also be affected. The ban is apparently scheduled for May 1st, so there won't be long to wait -- at the very least, we'll see who's telling the truth two weeks from today.
India wants to spy on Nokia users, BlackBerry fans no longer feel special
Poor Nokia, between having to abandon its Symbian baby and hawk anachronistic wares at a Microsoft event, it's had a pretty rough go of it recently. Now India's Ministry of Home Affairs wants to block the launch of the company's new push email service until a monitoring system can be put in place. According to The Economic Times, the Department of Telecommunications is being asked to hold back the service until the intelligence community has a way to spy on messages being sent. RIM recently fought a similar battle with the Indian government, as well as those in Saudi Arabia and the United Arab Emirates. Looks like the two companies share more in common than just their slip from the top of the smartphone heap.
California Supreme Court says warrantless searches of suspects' text messages are legal
Planning on getting arrested in California any time soon? You'd better make sure your text archives are free from any incriminating information as the state's Supreme Court has now ruled it legal for police to check your missives folder without the need for a warrant. The justification for this privacy intrusion is that a phone search is "incidental" to a lawful arrest and its contents, much like the contents of your pockets or bags, fall within the realm of reasonable search. Two of the judges in the case did dissent, with one noting that "never before has it been possible to carry so much personal or business information in one's pocket or purse," which she argues should afford your iPhone, Droid or BB a higher level of privacy protection than, say, the packet of gummy bears you have in the other pocket. What do you think?
Wall Street Journal says apps may violate privacy, fingers MySpace and Pandora
You might have heard how careless some third-party apps can be with your personal data, but it may not yet have hit home -- offenders can include must-have programs like MySpace and Pandora, too. The Wall Street Journal tested 101 popular apps for iPhone and Android and discovered that over half transmitted unique device identifiers (UDID) to a flock of advertisers without so much as a prompt, and that some (including Pandora) even transmitted a user's age, gender and location to better target their marks. Now, before you boycott your favorite music apps, you might want to hear the other side of the story, which is that all this data is typically processed in batches and anonymized so that advertisers can't necessarily separate you from the crowd. However, the worry is that there may be little stopping nefarious individuals from creating a database that links your UDID to all this other data you send out. It's a juicy proposition for targeted advertising, sure, but also potentially real-world crime, so we doubt this will be the last we hear of UDID privacy scares.
FTC accepts Google's privacy apology, lets Street View off the hook
When Google admitted its Street View cars had collected sensitive data after all, it sparked a new formal inquiry in the UK, but the very same apology was just what the Federal Trade Commission needed to drop an investigation in the USA. The FTC's Bureau of Consumer Protection wrote Google a formal letter today noting "concerns about the internal policies and procedures that gave rise to this data collection," but satisfaction that the company's agreed to change all that and appoint a director of privacy. "Because of these commitments, we are ending our inquiry into this matter at this time," the document reads. Does that mean we can stop using this picture of Ross' old apartment in our posts? Only time will tell.
Google's wardriving days are over, says Canadian privacy commissioner
When Google's Street View cars glide through your neighborhood next, you can leave the WPA2 encryption off -- Canada says that the company has "discontinued" the practice of snooping on unsecured WiFi networks with its mapping vehicles, and "has no plans to resume it." That's one of several findings in a report by Canada's privacy commissioner today, which also claims that the controversial data collection feature was the work of a single Google engineer, and that Google intends to use smartphones to pinpoint WiFi networks from now on. Naturally, the latter caused the commissioner concern that Android phones might capture the same data as the cars. Perhaps you'd best keep those shields up after all.
UAE says BlackBerry is now compliant with regulations, free to rock on
The latest thrilling installment in BlackBerry's Middle East saga has turned out not to be so thrilling after all. Having set an October 11 deadline for RIM to comply with its "telecommunications regulatory framework," the United Arab Emirates is today reporting that the BlackBerry maker has managed to make the necessary changes with plenty of time to spare. Consequently, there'll be no state-ordained curtailing of email, web, or BBM services within the UAE, which mirrors similar agreements that BlackBerry has managed to finagle with India and Saudi Arabia. Of course, the grand purpose of the UAE's ultimatum was for RIM to allow the state access to encrypted messaging communications, and while the current announcement is pointedly missing details on what's been done to appease the Abu Dhabi decision makers, we can't imagine them giving up the fight without RIM making some type of concession. And the shady, undisclosed concessions happen to be our least favorite kind.
Hacker claims third-party iPhone apps can freely transmit UDID, pose serious threat to privacy
When Apple addressed a congressional inquiry on privacy in July, the company claimed that it couldn't actually track a particular iPhone in real time, as its transactions were anonymous and thoroughly randomized. Bucknell University network admin Eric Smith, however, theorizes that third-party application developers and advertisers may not have the same qualms, and could be linking your device to your name (and even your location) whenever they transmit data. Smith, a two-time DefCon wardriving champ, studied 57 top applications in the iTunes App Store to see what they sent out, and discovered that some fired off the iPhone's UDID and personal details in plaintext (where they can ostensibly be intercepted), including those for Amazon, Chase Bank, Target and Sam's Club, though a few were secured with SSL. Though UDIDs are routinely used by apps to store personal data and combat piracy, what Smith fears is that a database could be set up linking these UDIDs to GPS coordinates or GeoIP, giving nefarious individuals or organizations knowledge of where you are. It's a scary idea, but before you direct hate Apple's way, it's important to note that Cupertino's not necessarily the one to blame. iOS is arguably the best at requiring users to opt-in to apps that perform GPS tracking; transmitting the UDID and account information together publicly is strictly against the rules; and we'd like to think that if users provide their personal information to an application developer in the first place, they'd understand what they're doing. Of course, not all users monitor those things closely, and plaintext transmission of personal details is obviously a big no-no. Smith's piece opens and closes on the idea that Apple's UDID is like the unique identifier of Intel's Pentium III processor, which generated privacy concerns around the turn of the century, and we wonder if ths story might play out the same way -- following government inquiries, Intel offered a software utility that let individuals manually disable their chip's unique ID, and removed it from future CPUs.
Saudi Arabia pleased by RIM's concession, says BlackBerry messaging can stay for now
The forty-eight hour deadline came and went, but Saudi Arabia didn't pull the plug -- citing a "positive development" in RIM's efforts to appease Saudi regulators, the country has allowed BlackBerry messaging services to continue for the time being. Saudi Arabia's Communications and Information Technology Commission (CITC) didn't specify what the aforementioned "development" was, but thanks to well-placed anonymous sources we can hazard a guess: "CITC will now be able to monitor communications via messaging services," one Saudi telecom official told the Wall Street Journal, and Reuters reports that RIM will hand over BlackBerry decryption codes to the country. That's all for now, but expect this issue to bubble back to the surface again in the United Arab Emirates come October.
Google's South Korean offices raided by police as part of Street View investigation
Google may be trying to make nice and play ball with all the thoroughly outraged governments affected by its unintentional WiFi snooping with Street View cars, but that apparently hasn't been good enough for South Korea. Earlier this morning, Google's Seoul HQ was subjected to a raid and search operation by the cyber crime unit of the Korean National Police Agency, due to suspicions that it may have collected and stored data from WiFi networks without authorization. So it's the same old complaint the rest of the world's been dealing with, only the zeal of the methodology seems to have been turned up to 11. It'll be interesting to see if this raid uncovers anything more salacious than what we already know; we'll keep you posted if it does. [Thanks, D. Kim]
RIM averts Saudi Arabia's BlackBerry messaging ban, negotiates surrender (update: 48-hour ultimatum)
It took two long years for India to (allegedly) tap BlackBerry traffic, but Saudi Arabia may not have to wait nearly as long; the Wall Street Journal reports that RIM has all but agreed to set up a local server in the country. While we've no details yet on what the deal entails, an unnamed Saudi telecom official said negotiations are already in the final stages. Sorry, RIM, but it looks like Saudi Arabia called your bluff. We imagine the company will deny any potential for government snooping in short order... and both Indonesia and the United Arab Emirates will start planning their own attempts to wrest away control. We'll let you know where this house of cards falls. Update: Saudi Arabia has reportedly given its three national cellular carriers 48 hours to try out proposed solutions that "meet the regulatory demands" of the country, else the BlackBerry messaging ban will take effect as originally planned.
