wiretapping
Latest
Supercurio brings Carrier IQ detection to the people, pitchfork optional
While the Carrier IQ saga continues to unfold, our eForensics ally, François Simond (supercurio) has cooked up an app for any Android device users wanting to check if the analytics company has its fingers in his or her privacy pie. Not only is the unfinished app available for download now, but the open source code is also up for anyone looking to improve on the developmental release. Wannabe Carrier IQ investigators can hit up both at the source links below.
Carrier IQ: What it is, what it isn't, and what you need to know
Carrier IQ has recently found itself swimming in controversy. The analytics company and its eponymous software have come under fire from security researchers, privacy advocates and legal critics not only for the data it gathers, but also for its lack of transparency regarding the use of said information. Carrier IQ claims its software is installed on over 140 million devices with partners including Sprint, HTC and allegedly, Apple and Samsung. Nokia, RIM and Verizon Wireless have been alleged as partners, too, although each company denies such claims. Ostensibly, the software's meant to improve the customer experience, though in nearly every case, Carrier IQ users are unaware of the software's existence, as it runs hidden in the background and doesn't require authorized consent to function. From a permissions standpoint -- with respect to Android -- the software is capable of logging user keystrokes, recording telephone calls, storing text messages, tracking location and more. It is often difficult or impossible to disable. How Carrier IQ uses your behavior data remains unclear, and its lack of transparency brings us to where we are today. Like you, we want to know more. We'll certainly continue to pursue this story, but until further developments are uncovered, here's what you need to know.
Wiretapping Act could spell 'finito' for Italian Wikipedia
This week, lawmakers in Italy are debating a controversial new bill that could have disastrous implications for Wikipedia. Yesterday, the encyclopedia posted a lengthy letter on its Italian portal, informing visitors that the site may be shuttered within the country if parliament passes the proposed DDL Intercettazioni, or "Wiretapping Law." If ratified, the legislation would require all online publishers to amend any content considered objectionable or defamatory within 48 hours of receiving a complaint. Offenders would face a fine of €12,000 (about $16,000), and any requested corrections would not be subject to review. Of course, this presents obvious problems for the crowdsourced (and crowd-edited) Wikipedia, which characterized the law as "an unacceptable restriction of [its] freedom and independence." The site took particular umbrage at the bill's apparent disregard for third-party review, pointing out that the "opinion of the person allegedly injured is all that is required" to force a re-write, "regardless of the truthfulness of the information deemed as offensive, and its sources." At the moment, the portal is still up, but masked by Wikipedia's letter. If the Wiretapping Law progresses further, however, the organization says it will have no choice but to delete its Italian platform altogether. [Image courtesy of Toutlecine]
IRS employee uses Outlook rules to intercept boss's e-mails, convicted of wiretapping
Here's an interesting question for you: if you set up a rule in Microsoft Outlook to forward messages from one account to another, and you do it without the knowledge of the owner of the account you're forwarding from, are you intercepting or merely copying mail? It may seem like a moot point, but for David Szymuszkiewicz, a former IRS worker, it's an important distinction. David was afraid of being fired after his license was suspended for drunk driving (he needed to drive to the homes of delinquent taxpayers), so he secretly set up this rule on his boss's machine to see what the world was saying about him. The rule was discovered and, wouldn't you know it, he was in trouble. The only question now: whether to charge him under the Wiretap Act for intercepting messages or the Stored Communications Act for merely copying of them. So, what was your answer to the question above? You might be tempted to say he was simply making a copy, and indeed that was Szymuszkiewicz's argument, but any Exchange admin will tell you that Outlook rules are executed on the server, not at the client, meaning those e-mails were indeed being intercepted. Szymuszkiewicz was convicted of wiretapping but seems to have avoided a harsh sentence, with 18 months probation being handed down. A light punishment for wiretapping, but a heavy one for diddling menus in Outlook.
U.S. officials push for broader internet wiretapping regulations
The NSA may have its ominously named Perfect Citizen program to guard against potential cyber attacks, but it looks like the U.S. government still isn't quite satisfied with its surveillance capabilities in the age of the internet. As the New York Times reports, federal officials are now pushing for some expanding wiretapping regulations that would require any communications service -- including everything from encrypted BlackBerry messages to Skype to social networking sites -- to be "technically capable of complying if served with a wiretap order." That, officials say, is necessary because their current wiretapping abilities are effectively "going dark" as communications move increasingly online. While complete details are obviously a bit light, the officials do apparently have a few ideas about how such a radical change might be possible, including a regulation that foreign-based companies that do business in the US be required to install a domestic office capable of performing intercepts, and a flat out requirement that "developers of software that enables peer-to-peer communication must redesign their service to allow interception." Of course, the specifics could still change, but the Obama administration is apparently intent on getting a bill of some sort submitted to Congress next year. [Image courtesy PBS]
New privacy laws needed that entail GPS technology, hot-headed rogue cops
An expert testifying at a hearing of the House Subcommittee on the Constitution, Civil Rights and Civil Liberties said on Thursday that the government needs to update the Electronic Communications Privacy Act of 1986. Among the criticisms was the fact that it doesn't adequately address location-aware technologies. "With regard to this type of location data, ECPA's statutory framework is profoundly unsatisfying," said Marc Zwillinger of Zwillinger and Genetski, a Washington DC law firm that specializes in cybercrime. "[I]t fails to provide clear guidance for situations in which the government seeks to track an individual's precise movements, leaving the answer to the general application of Fourth Amendment principles and significant variation across jurisdictions." In other words, the wording of the law is extremely nebulous, a situation that can lead to confusion (and civil right violations). And if it weren't enough that courts and law enforcement are applying decades-old law to cutting edge technology, "the current law is overly secretive because warrants for wiretaps and other communications intercepts are often sealed for years after they are issued," writes Gautham Nagesh in The Hill. He cites U.S. Magistrate Stephen Smith of the Southern District of Texas as charging that "the brunt of that secrecy is borne by people who are never charged with a crime but have the misfortune to contact someone whose communications are being monitored." Well, we're glad that someone in Washington seems to think that the ECPA needs overhauled -- but we'll remain skeptical until we see something concrete. Regardless, we doubt that a simple change in law will keep McNulty from doing whatever he has to do to make his case. He's real police.
Video: UK Home Secretary delays 1984 by a few years
The UK Home Secretary (whatever that is) has put the kibosh on plans for a giant government database that would track all of the country's emails, phone calls and internet activity. But not so fast, civil libertarians! According to the Telegraph, the onus will merely shift to the private sector -- with telecoms and Internet providers being required to retain the data, at a cost of around £2 billion (over $2.9 billion US). According to the plan, every Internet user will be given a unique ID code that the government can use to access the data in the event of a threat -- whether terrorist, criminal, or extraterrestrial. It just goes to show you how lucky Britons are to have a government that cares so much about their well being. Video after the break.
UK planning to monitor and record every phone call, web page, and email sent by citizens
We're not sure if these plans will ever make it to reality, but the Telegraph is reporting that Britain's Home Office is working on database designed to store the details of every phone call, email, and web page accessed by British citizens in the previous year. The idea is to have various telecom providers hand over their records, which will all go into the database and then be accessible by police upon receipt of a court order. Of course, there's no reason why police couldn't simply ask the ISPs for the appropriate data when they get that court order, since records are already required to be kept for a year, but sometimes it's important for a government to build a massive scary database of personal information with endless potential for abuse by embittered low-level bureaucrats, you know? The plan is still in draft stages, so hopefully it dies on the table -- and if not, well, the NSA welcomes you with open arms, British expats.[Via National Terror Alert]
Korean carriers to offer anti-eavesdropping service
Just as Japan announces that it'll pretty much have an eye on every single cellphone user in the nation, Korea is going against the grain somewhat by offering up an anti-eavesdropping service on users' handsets. SK Telecom, KTF, and LG Telecom will all be offering private long code service, a digital encryption system to keep voice snoopers at bay, and will dub the service "Voice Private." Marketed primarily towards people of utmost importance, such as politicians, public officials, journalists (ahem), and CEOs, the luxury will purportedly operate on any mobile phone and will cost between W1,500 ($1.60) and W2,000 ($2.13). Interestingly, it wasn't noted if these fees were a monthly charge (less likely) or a per-call exaction (more likely), but regardless, the service should go live just as soon as the Ministry of Information and Communication approves it.
