An anonymous reader writes "The FBI has released images of what they say are two suspects with backpacks and ball caps. 'Somebody out there knows these individuals as friends, neighbors, co-workers or family members of the suspects,' Special Agent Rick DesLauriers, the head of the FBI's Boston office said. 'And though it may be difficult, the nation is counting on those with information to come forward and provide it to us.'"
NewYorkCountryLawyer writes "Once again YouTube has defeated Viacom and other members of the content cartel; once again the Court has held that the Digital Millennium Copyright Act actually does mean what it says. YouTube had won the case earlier, at the district court level, but the US Court of Appeals for the Second Circuit, although ruling in YouTube's favor on all of the general principles at stake, felt that there were several factual issues involving some of the videos and remanded to the lower court for a cleanup of those loose ends. Now, the lower court — Judge Louis L. Stanton to be exact — has resolved all of the remaining issues in YouTube's favor, in a 24-page opinion. Among other things Judge Stanton concluded that YouTube had not had knowledge or awareness of any specific infringement, been 'willfully blind' to any specific infringement, induced its users to commit copyright infringement, interacted with its users to a point where it might be said to have participated in their infringements, or manually selected or delivered videos to its syndication partners. Nevertheless, 5 will get you 10 that the content maximalists will appeal once again."
An anonymous reader links to an article at Ars explaining the dropping inventory of bridges available to users of the Tor project's encrypted messaging system. They're looking for more bridges, but that doesn't necessarily mean buying new hardware per se. From the article: "After campaigning successfully last year to get more volunteers to run obfuscated Tor bridges to support users in Iran trying to evade state monitoring, the network has lost most of those bridges, according to a message to the Tor relays mailing list by Tor volunteer George Kadiankakis. 'Most of those bridges are down, and fresh ones are needed more than ever,' [Tor volunteer George] Kadiankakis wrote in an e-mail, 'since obfuscated bridges are the only way for people to access Tor in some areas of the world (like China, Iran, and Syria).' For those who want to donate bridges to the Tor network, the easiest route is to use Tor Cloud, an Amazon Web Service Elastic Compute Cloud image created by the Tor Project that allows people to leverage Amazon's free usage tier to deploy a bridge."
An anonymous reader writes with a story at the Daily Dot: "Despite the protests of Internet privacy advocates, the controversial Cyber Intelligence Sharing and Protection Act (CISPA) passed the House of Representatives Thursday. The vote was 288-127. ... CISPA saw a handful of minor amendments soon before passage. A representative for the EFF told the Daily Dot that while they were still analyzing the specifics, none of the actual changes to the bill addressed their core criticisms. ... But also as was the case the year before, on Tuesday the Obama administration issued a promise to veto the bill if it reaches the president’s desk without significant changes." Techdirt has a short report on the vote, too — and probably more cutting commentary soon to follow.
sholto writes "An aggressive expansion strategy by LinkedIn has backfired spectacularly amid accusations of identity fraud. Users complained the social network sent unrequested invites from their accounts to contacts and complete strangers, often with embarrassing results. One man claimed LinkedIn sent an invite from his account to an ex-girlfriend he broke up with 12 years ago who had moved state, changed her surname and her email address. ... 'This ex-girlfriend's Linked in profile has exactly ONE contact, ME. My wife keeps getting messages asking 'would you like to link to (her)? You have 1 contact in common!,' wrote Michael Caputo, a literary agent from Massachussetts."
gale the simple writes "Mike Rodgers made a minor splash Tuesday when he decided to liken CISPA opponents to 14-year-old basement dwellers. The EFF, naturally, picked up on this generalization and asked everyone to let the representative know that it is not just the 14-year-olds that care about privacy."
An anonymous reader writes "Amid rumors of an impending arrest in the Boston Marathon bombing, Xconomy has a rundown of local companies working on technologies relevant to the investigation and aftermath. The approaches include Web analytics to identify communication patterns, image and video analysis of the crime scene, surveillance camera hardware and software, and smart prosthetic devices for amputees. A big challenge the authorities face is the sheer volume and different proprietary formats of video from security cameras, mobile devices, and media groups. Ultimately this will be a case study in whether an individual bent on destruction can remain anonymous in an era of digital surveillance, social media, and crowdsourcing."
GovTechGuy writes "The House Energy and Commerce Committee passed legislation on Wednesday once again affirming the current management structure of the Web. In doing so, the lawmakers made one thing clear: the only government that should have its hands on the underpinnings of the Internet is the U.S. ' It affirms the importance of an Internet free from censorship and government control and codifies the existing management structure of the Internet. ... Notably, however, lawmakers dropped from the legislation the phrase “free from government control,” which had threatened to derail the April 11 markup by the Subcommittee on Communications and Technology. ... [Democrats argued] it could undermine the U.S. government’s ability to enforce existing — or future — laws online.'"
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
New submitter zayyd writes "The CBC reports that publicly-elected Gerry Rogers, member of the Provincial Government for Newfoundland and Labrador, 'has been removed from the house of assembly for refusing to apologize for comments made by other users on a Facebook group of which she had been added to as a member.' Rogers was unwillingly added to a Facebook Group which included comments of death threats aimed at Premier Kathy Dunderdale from other users. From the article: 'Dunderdale said her government understands how Facebook groups work, and she said it is up to every MHA to monitor the comments posted on Facebook groups to which they belong.' Facebook's policies for Groups are somewhat clear, even if they don't actually answer the question of 'Can I prevent people from adding me to a new group?'"
Pikoro writes with news that Foxconn's parent company has entered into an agreement to pay Microsoft royalties for every Android device they manufacture, joining a rather long list of companies licensing patents for Android/Linux from Microsoft. From the BBC: "Microsoft has secured a patent deal with the world's biggest consumer electronics manufacturer to receive fees for devices powered by Google's Android and Chrome operating systems. Hon Hai — the parent company of Foxconn — said the deal would help prevent its clients being caught up in an ongoing intellectual property dispute. Microsoft says that Google's code makes use of innovations it owns. Google alleges its rival's claims are based on 'bogus patents.' 'The patents at issue cover a range of functionality embodied in Android devices that are essential to the user experience, including: natural ways of interacting with devices by tabbing through various screens to find the information they need; surfing the web more quickly, and interacting with documents and e-books.'"
An anonymous reader sent in word that the Obama administration is threatening to veto CISPA in its current form because "The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information (PDF) when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately. The Administration is committed to working with all stakeholders to find a workable solution to this challenge." Ars has a few more details, the EFF urges U.S. citizens to oppose the bill, and one of the sponsors tweeted that those opposed to the bill are basement dwelling fourteen-year-olds. Note that the Administration still wants there to be some kind of comprehensive data sharing law in the name of cybersecurity, so this may very well rear its head again in the coming months.
dcblogs writes "The U.S. Senate comprehensive immigration bill, due Tuesday, will allow the H-1B cap to rise from 65,000 to as high as 180,000. The bill, overall, contains some interesting provisions. It will require the U.S. Labor Dept. to create a website of H-1B job openings that employers must post to. The jobs must be posted least 30 calendar days before hiring an H-1B applicant to fill that position. The bill also raises wages for H-1B workers to make them more competitive, although the amount wasn't specified. One provision that will affect India, in particular, limits H-1B visa use to 50% of a firm's U.S. workforce. The provision may prompt India firms to buy U.S. companies to expand their U.S. presence."
ndogg writes "Mozilla is considering pulling TeliaSonera from its list of root certificate SSL providers. They have asked for comments on this on their mailing list. They're concerned about the use of the certificates by those governments for spying on its citizens, particularly in Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan — where TeliaSonera operates subsidiaries or is heavily invested. Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic. This alleged activity would contradict Mozilla's policy against 'knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates.'"
An anonymous reader writes "Gottfrid Svartholm Warg, a.k.a. 'anakata,' co-founder of The Pirate Bay, has been indicted by a Swedish court on charges of computer hacking and fraud. The prosecuting attorney said, 'A large amount of data from companies and agencies was taken during the hack, including a large amount of personal data, such as personal identity numbers of people with protected identities.' According to Ars, 'The first count of hacking involves allegedly unlawfully using another person's username and password to search Infotorg, a well-known massive privately held commercial database of "private individuals, companies, properties and vehicles." The second count, as previously reported, involves an alleged hack dating back to 2010 of Logica, a Swedish IT firm that contracts with the Swedish tax authority. In March 2012, Logica was hit by an online attack that resulted in around 9,000 Swedes (Google Translate) having their personal identity numbers and names released to the public. ... The third count of hacking, allegedly taking place between July and August 2012, accuses Svartholm Warg of unauthorized access of major Nordic region bank Nordea's computers. The fraud charges accuse Svartholm Warg of allegedly transferring and attempting to transfer money from Nordea to other unauthorized bank accounts.'"
An anonymous reader writes "A trader who last year made an unauthorized purchase of nearly US$1 billion worth of Apple stock has pled guilty to wire fraud, securities fraud and conspiracy. On October 25, 2012 — the same day Apple posted its Q3 2012 earnings — David Miller of Rochdale Securities made a number of unauthorized purchases of Apple shares which ultimately led to the demise of the financial services firm he worked for. The aim of Miller's action was to make a lot of money very quickly by purchasing large quantities of Apple shares and selling them in a post-earnings surge."
An anonymous reader writes with this excerpt from Motherboard about the immediate aftermath of yesterday's bomb attack in Boston, which attempts to explain the (unsurprisingly) poor accessibility of the cellular network after the blasts: "Gut instinct suggests that the network must've been overloaded with people trying to find loved ones. At first, the Associated Press said it was a concerted effort to prevent any remote detonators from being used, citing a law enforcement official. After some disputed that report, the AP reversed its report, citing officials from Verizon and Sprint who said they'd never had a request to shut down the network, and who blamed slowdowns on heavy load. (Motherboard's Derek Mead was able to send text messages to both his sister and her boyfriend, who were very near the finish line, shortly after the bombing, which suggests that networks were never totally shut down. Still, shutting down cell phone networks to prevent remote detonation wouldn't be without precedent: It is a common tactic in Pakistan, where bombings happen with regularity.)"
An anonymous reader writes "Monday, the Supreme Court will hear a case on the validity of breast cancer gene patents. The court has a chance to end human gene patents after three decades. From the article: 'Since the 1980s, patent lawyers have been claiming pieces of humanity's genetic code. The United States Patent and Trademark Office has granted thousands of gene patents. The Federal Circuit, the court that hears all patent appeals, has consistently ruled such patents are legal. But the judicial winds have been shifting. The Supreme Court has never ruled on the legality of gene patents. And recently, the Supreme Court has grown increasingly skeptical of the Federal Circuit's patent-friendly jurisprudence. Meanwhile, a growing number of researchers, health care providers, and public interest groups have raised concerns about the harms of gene patents. The American Civil Liberties Union estimates that more than 40 percent of genes are now patented. Those patents have created "patent thickets" that make it difficult for scientists to do genetic research and commercialize their results. Monopolies on genetic testing have raised prices and reduced patient options.'"
badger.foo writes "When you publicly assert that somebody sent spam, you need to ensure that your data is accurate. Your process needs to be simple and verifiable, and to compensate for any errors, you want your process to be transparent to the public with clear points of contact and line of responsibility. Here are some pointers from the operator of the bsdly.net greytrap-based blacklist."
An anonymous reader writes "Facebook on Friday released its Android launcher called Home. The company also updated its Facebook app, adding in new permissions to allow it to collect data about the apps you are running. Facebook has set up Home to interface with the main Facebook app on Android to do all the work. In fact, the main Facebook app features all the required permissions letting the Home app meekly state: 'THIS APPLICATION REQUIRES NO SPECIAL PERMISSIONS TO RUN.' As such, it’s the Facebook app that’s doing all the information collecting. It’s unclear, however, if it will do so even if Facebook Home is not installed. Facebook may simply be declaring all the permissions the Home launcher requires, meaning the app only starts collecting data if Home asks it to."
chamilto0516 writes "Twenty-five miles due south of Salt Lake City, a massive construction project is nearing completion. The heavily secured site belongs to the National Security Agency. The NSA says the Utah Data Center is a facility for the intelligence community that will have a major focus on cyber security. Some published reports suggest it could hold 5 zettabytes of data. Asked if the Utah Data Center would hold the data of American citizens, Alexander [director of the NSA] said, 'No...we don't hold data on U.S. citizens,' adding that the NSA staff 'take protecting your civil liberties and privacy as the most important thing that they do, and securing this nation.' But critics, including former NSA employees, say the data center is front and center in the debate over liberty, security and privacy." According to University of Utah computing professor Matthew Might, one thing is clear about the Utah Data Center, it means good paying jobs. "The federal government is giving money to the U.'s programming department to develop jobs to fill the NSA building," he says.
An anonymous reader writes "Australia's premiere government research organization, the CSIRO, has been rocked by allegations of corruption including: dishonesty with 60 top-class scientists bullied or fired, fraud against drug giant Novartis, and illegally using intellectual property, faking documents and unreliable testimony to judicial officers. CSIRO boss Megan Clark has refused to discipline the staff responsible and the federal police don't want to get involved. Victims are unimpressed and former CSIRO scientists are calling for an inquiry."
houghi writes "The defense lawyers of Guantanamo prisoners have been ordered to stop using government computers for sensitive information due to security and confidentiality concerns. One News from New Zealand says 'In another case, system administrators were searching files at prosecutors' request and were able to access more than 500,000 defense files, including confidential attorney-client communications.' Due to all this, hearings were postponed."
garymortimer writes "SHEPHERD-MIL, a UAV which looks like a native bird with the same flight performance, will be featured at HOMSEC 2013. This UAV is characterized by the glide-ratio and noiseless motor that make it invisible, silent and unobtrusive in sensitive missions. SHEPHERD-MIL is equipped with cameras and geolocation software. The system is especially suitable for border surveillance missions, firefighting, and anti-drug trafficking operations amongst others."
An anonymous reader writes "Google Chairman Eric Schmidt is urging lawmakers to regulate the use of unmanned aircraft by civilians — and quickly. He posed this hypothetical situation to The Guardian: 'You're having a dispute with your neighbor. How would you feel if your neighbor went over and bought a commercial observation drone that they can launch from their backyard. It just flies over your house all day. How would you feel about it?' Schmidt went on to bring up military and terrorist concerns. 'I'm not going to pass judgment on whether armies should exist, but I would prefer to not spread and democratize the ability to fight war to every single human being. It's got to be regulated... It's one thing for governments, who have some legitimacy in what they're doing, but have other people doing it... it's not going to happen.'"
hypnosec writes "The UK Government will be examining whether free to download apps are putting unfair pressure on kids to pay up for additional content within the game through in-app purchases. Office of Fair Trading (OFT), UK, will be carrying out the investigation of games that include 'commercially aggressive' in-app purchases after a number of cases have been reported whereby parents have incurred huge bills after their kids have spent huge amounts on in-app purchases."
An anonymous reader writes "Two hundred hackers from around the world gathered at a Miami Beach hotel Thursday and Friday for the Infiltrate Security conference, which focuses on systems hacking from the 'offensive' perspective (with slides). In a keynote address, Stephen Watt, who served two years in prison for writing the software used by his friend Alberto Gonzalez to steal millions of credit card numbers from TJX, Hannaford and other retailers, acknowledges he was a 'black hat' but denies that he was directly involved in TJX or any other specific job. Watt says his TCP sniffer logged critical data from a specified range of ports, which was then encrypted and uploaded to a remote server. Brad 'RenderMan' Haines gave a presentation on vulnerabilities of the Air Traffic Control system, including the FAA's 'NextGen' system which apparently carries forward the same weakness of unencrypted, unauthenticated location data passed between airplanes and control towers. Regarding the recent potential exploits publicized by Spanish researcher Hugo Teso, Haines says he pointed out similar to the FAA and its Canadian counterpart a year ago, but received only perfunctory response."
Last summer we followed the odd case of lawyer Charles Carreon, as he went after Matthew Inman, creator of The Oatmeal webcomic, with legal threats. Carreon had been hired by FunnyJunk, a website Inman accused of stealing his comics. Carreon demanded $20,000 in compensation for Inman's "false accusations." Inman declined, and then used the publicity to solicit over $200,000 in donations, which he gave to charity after sending Carreon photographs. Carreon dropped the suit against Inman, but the saga continued. A satirical website was set up about Carreon, which caused him to invoke the legal system again. The article documents the absurdities, which included further legal action and a song. Now, however, Carreon is reaping what he has sown; a judge has ordered him to pay over $46,000 for his role in the legal circus.
Nerval's Lobster writes "Death is Nature's way of telling you it's time to get off the Internet. But when you finally shuffle off this mortal coil, you leave something behind: all your email and other digital assets. That's a huge problem not only for the deceased — once you're on the wrong side of the Great Beyond, there's no way to delete those incriminating messages — but also any relatives who might want to access your (former) life. And it's a problem Google's seeking to solve with the new Inactive Account Manager. (In an April 11 blog posting, Google product manager Andreas Tuerk suggested that Inactive Account Manager wasn't a 'great name' for the product, but maybe the company shouldn't be so hard on itself: it's a way better name than, say, Google Death Dashboard.) Inactive Account Manager will delete your Google-related data (Gmail, etc.) after a set amount of time, or else send that data to 'trusted contacts' you set up before your untimely demise. Which raises an interesting, semi-Google-related question: What do you want to have happen to your data after you die? Give it to loved ones, or have an automated system nuke it all? Should more companies that host email and data offer plans like Inactive Account Manager?"
redletterdave writes "TechNet, the trade association representing and led by dozens of prominent technology companies including Google, Apple and Facebook, has formally come out in support of CISPA, sending a letter to the U.S. House of Representatives. The letter said: 'We commend the committee for providing liability protections to companies participating in voluntary information-sharing and applaud the committee's efforts to work with a wide range of stakeholders to address issues such as strengthening privacy protections. As the legislative process unfolds, we look forward to continuing the dialogue with you and your colleagues on further privacy protections, including discussions on the role of a civilian interface for information sharing.'" The White House won't support the bill in its current form, but they plan to work with legislators on a compromise. The current text of the bill is available online.
anderzole writes "The FDA recently gave clearance to Vital Art and Science Inc. (VAS) to market software which enables people with degenerative eye conditions such as macular degeneration and diabetic retinopathy to monitor their vision at home with their iPhone. The software, which is called myVisionTrack, isn't a replacement for regular visits to the doctor, but rather allows patients to keep tabs on their vision in between visits with eye care professionals. VAS notes that retinal diseases affect approximately 40 million individuals worldwide and 13 million in the United States. While treatments have been developed to deal with degenerative eye conditions, early diagnosis is of paramount importance — which is why the software is so important."
Peter Eckersley writes "At the EFF we were recently contacted by the organisers of the Melbourne Free University (MFU), an Australian community education group, whose website had been unreachable from a number of Australian ISPs since the 4th of April. It turns out that the IP address of MFU's virtual host has been black-holed by several Australian networks; there is suggestive but not conclusive evidence that this is a result of some sort of government request or order. It is possible that MFU and 1200 other sites that use that IP address are the victims of a block that was put in place for some other reason. Further technical analysis and commentary is in our blog post."
jfruh writes "Faced with an Apple vs. Motorola lawsuit that involves 180 claims and counterclaims across 12 patents, a judge in Florida has thrown up his hands and accused both companies of acting in bad faith. Claiming the parties' were engaged in 'obstreperous and cantankerous conduct', he said that the lawsuit was part of 'a business strategy that appears to have no end.'"
An anonymous reader writes "Mark Zuckerberg, along with other notables such as Google's Eric Schmidt, Yahoo's Marissa Mayer and Reid Hoffman, co-founder of Linkedin, has launched a new immigration reform lobbying group called FWD.us. In an editorial in the Washington Post, Zuckerberg claims that immigrants are the key to a future knowledge-based economy in a United States which currently has 'a strange immigration policy for a nation of immigrants.' As expected, they are calling for more of the controversial H-1B visas which reached their maximum limit in less than a week this year, but those aren't the only things they're looking to change."
itwbennett writes "Privacy blogger Dan Tynan opted out of data aggregator RapLeaf back in 2010 — and wrote about it. At the time, opting out seemed to work well enough. But fast forward a couple of years and ... they're baaaack. While testing a privacy service called Safe Shepherd, Tynan discovered that 'not only [is he] not opted out of RapLeaf's database, they've also gathered far more information about [him] than they had before.' And it's a pretty good bet some of the data came from Facebook apps, which is a practice that the company was slapped for in 2010 and claimed to no longer do."
Nerval's Lobster writes "T-Platforms, which manufactured the fastest supercomputer in Russia (and twenty-sixth fastest in the world), has been placed on the IT equivalent of the no-fly list. In March, the U.S. Department of Commerce's Bureau of Industry and Security added T-Platforms' businesses in Germany, Russia and Taiwan to the 'Entity List,' which includes those believed to be acting contrary to the national security or foreign policy interests of the United States. U.S. IT companies are essentially banned from doing business with T-Platforms, especially with regards to HPC hardware such as microprocessors, which could be used for what the government views as illegal purposes. The rule, discovered by HPCWire, was published in March. According to the rule, Commerce's End-User Review Committee (ERC) believes that T-Platforms may be assisting the Russian government and military conduct nuclear research — which, given historical tensions between the two countries, apparently falls outside the bounds of permitted use. An email address that T-Platforms listed for its German office bounced, and Slashdot was unable to reach executives at its Russian headquarters for comment."
retroworks writes "I ignored the warning posted here on Slashdot on March 23. Surely someone was setting up some April Fools day hoax. But the Governor has now signed the bill. Whose cold dead hands will they pry the computer mice out of?" Note: while this might not change your opinion of the Florida law or other things it might lead to, it is aimed specifically at the kind of "Internet cafe" where the "Internet" part is essentially just a portal to online gambling, rather than at conventional Internet cafes.
the simurgh writes in with the latest in the court-martial of Bradley Manning. "A military judge cleared the way Wednesday for a member of the team that raided Osama bin Laden's compound to testify at the trial of Pfc. Bradley Manning charged in the WikiLeaks massive classified document leak. Col. Denise Lind ruled for the prosecution during a court-martial pretrial hearing. Prosecutors say the witness, presumably a Navy SEAL, collected digital evidence showing that the al-Qaida leader requested and received from an associate some of the documents Manning has acknowledged leaking. Defense attorneys had argued that proof of receipt wasn't relevant to whether Manning aided the enemy, the most serious charge he faces, punishable by life imprisonment. 'The government must prove beyond a reasonable doubt that the intelligence is given to and received by the enemy,' Lind said. The judge disagreed."
The Pirate Bay switched to two Greenland-based domains Tuesday morning but it looks like the party is already over. The company responsible for .GL TLD registrations said they would not allow the domains to be put to illegal use. “Tele-Post has today decided to block access to two domains operated by file-sharing network The Pirate Bay,” the company said. According to TorrentFreak: "Queries to the .GL domain registry now confirm that both the domains in question have been officially suspended."
kodiaktau writes "The ACLU has issued a FOIA request to determine whether the IRS gets warrants before reading taxpayers' email. The request is based on the antiquated Electronic Communication Protection Act — federal agencies can and do request and read email that is over 180 days old. The IRS response can be found at the ACLU's website. The IRS asserts that it can and will continue to make warrantless requests to ISPs to track down tax evasion. Quoting: 'The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 "Search Warrant Handbook" from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that "the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications." Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the "4th Amendment Does Not Protect Emails Stored on Server" and there is "No Privacy Expectation" in those emails.'"
An anonymous reader writes "In response to a Freedom of Information Act request about Google's 2007 complaint against Windows Vista search interference, the Department of Justice has after six years released 114 partially redacted pages and 60 full pages of material. Yet these 'responsive documents' consist of public news articles and email boilerplate. All the substantive information has been blacked out."
New submitter Chewbacon writes "If you can't hack it, smash and grab it. Video streaming service Vudu has emailed customers informing them of the theft of hard drives containing customer information. CNET reports the information on the stolen drives included: names, e-mail addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers. Vudu's Chief Technology Officer Prasanna Ganesan said while no complete credit card numbers were stored on the hard drives and expressed confidence in password encryption, he felt the need to be proactive with the password reset and encouraged users to be proactive as well should the encrypted passwords become compromised. Vudu fails to mention, perhaps in a downplaying move, the last 4 digits of a credit card and much of the other information stolen is often enough to access an account through virtually any company's phone support."
netbuzz writes "The police in Washington state arrested a suspected drug dealer, rummaged through the text messages on his phone, responded to one message while pretending to be the suspect, arranged a meeting, and then arrested the recipient of the text — all without a warrant. The state argues – and an appeals court majority agreed – that both suspects had neither a legal expectation of privacy nor Fourth Amendment protection because both considerations evaporate the moment that any text message arrives on any phone. The Electronic Frontier Foundation is urging the state's Supreme Court to overturn that decision and recognize that 'text messages are the 21st Century phone call.'"
hypnosec writes with news that a group of Russian hackers has compromised the security of Ubisoft's digital distribution platform, uPlay, finding a way for users of the service to download any of its games for free. What makes this particularly notable is that the hackers found a copy of Far Cry 3: Blood Dragon, an unreleased spin-off of Far Cry 3 that hasn't even been officially announced (except as part of an April Fool's joke). The hackers posted a half-hour of gameplay footage to YouTube, and Ubisoft took uPlay down to fix the security vulnerability. They say no user information was compromised.
conspirator23 writes "A 64-year-old retired English teacher is being sued by a copyright troll for illegal BitTorrent downloading of a motion picture. Perhaps it's not all that shocking in the current era. That is, until we learn that rather than protecting something like Game of Thrones, the plaintiff is accusing Emily Orlando of Estacada, Oregon of downloading Maximum Conviction, a direct-to-video action flick released earlier this year starring Steven Segal and ex-WWE wrestler Steve Austin. Voltage Pictures is demanding $7500 from Emily and 370 other defendants. If all the defendants were to pay the demands, Voltage would gross over $2.75 million, minus legal fees. Who needs Kickstarter?" As you might expect, Mrs. Orlando had never heard of BitTorrent before receiving the legal threat, and she lives in an area with dynamic IP assignments. This is the same company who has been going after file-sharers by the thousands since 2010.
tsamsoniw writes "Mozilla today unveiled Persona Beta 2, the newest edition of the organization's open authentication system. The release includes Identity Bridging, which lets user sign in to Persona-supported sites using their existing webmail accounts, starting with Yahoo. Mozilla used the release as an opportunity to bash social sign-in offerings from Facebook and Twitter, which 'conflate the act of signing into a website with sharing access to your social network, and often granting the site permission to publish on your behalf,' said Lloyd Hilaiel, technical lead for Mozilla Persona. He added that they are built in such a way that social providers have full visibility into a user's browsing behavior."
An anonymous reader writes "As the age of autonomous cars and drone surveillance draws nearer, it's reasonable to expect government to increasingly automate enforcement of traffic laws. We already deal with red light cameras, speed limit cameras, and special lane cameras. But they aren't widespread, and there are a host of problems with them. Now, Ars reports on a group of academics who are attempting to solve the problem of converting simple laws to machine-readable code. They found that when the human filter was removed from the system, results became unreasonable very quickly. For example, if you aren't shy about going 5 mph over the limit, you'll likely break the law dozens of times during an hour of city driving. On the freeway, you might break it continuously for an hour. But it's highly unlikely you'd get more than one ticket for either transgression. Not so with computers (PDF): 'An automated system, however, could maintain a continuous flow of samples based on driving behavior and thus issue tickets accordingly. This level of resolution is not possible in manual law enforcement. In our experiment, the programmers were faced with the choice of how to treat many continuous samples all showing speeding behavior. Should each instance of speeding (e.g. a single sample) be treated as a separate offense, or should all consecutive speeding samples be treated as a single offense? Should the duration of time exceeding the speed limit be considered in the severity of the offense?' One of the academics said, 'When you're talking about automated enforcement, all of the enforcement has to be put in before implementation of the law—you have to be able to predict different circumstances.'"
concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting: "Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."
GTRacer writes "In response to Aereo's recent win allowing per-user over-the-air antenna feeds to remote devices, Fox COO Chase Carey said, 'We need to be able to be fairly compensated for our content. This is not an ideal path we look to pursue [...],' that path being a switch to a subscription model. Spanish-language stalwart Univison may join Fox, per CEO Haim Saban. Aereo replied, in part, 'When broadcasters asked Congress for a free license to digitally broadcast on the public's airwaves, they did so with the promise that they would broadcast in the public interest and convenience, and that they would remain free-to-air. Having a television antenna is every American's right.' A switch to a pay-TV subscription model would stymie Aereo but could hurt affiliate stations."