×
Privacy

Former NSA Director: 'We Kill People Based On Metadata' 155

Posted by Soulskill from the kill-metadata-based-on-people-instead dept.
An anonymous reader writes "An article by David Cole at the NY Review of Books lays out why we should care as much about the collection of metadata as we do about the collection of the data itself. At a recent debate, General Michael Hayden, who formerly led both the NSA and the CIA, told Cole, 'we kill people based on metadata.' The statement is stark and descriptive: metadata isn't just part of the investigation. Sometimes it's the entire investigation. Cole talks about the USA Freedom Act, legislation that would limit the NSA's data collection powers if it passes. The bill contains several good steps in securing the privacy of citizens and restoring due process. But Cole says it 'only skims the surface.' He writes, 'It does not address, for example, the NSA's guerilla-like tactics of inserting vulnerabilities into computer software and drivers, to be exploited later to surreptitiously intercept private communications. It also focuses exclusively on reining in the NSA's direct spying on Americans. ... In the Internet era, it is increasingly common that everyone's communications cross national boundaries. That makes all of us vulnerable, for when the government collects data in bulk from people it believes are foreign nationals, it is almost certain to sweep up lots of communications in which Americans are involved.' He concludes, '[T]he biggest mistake any of us could make would be to conclude that this bill solves the problem.'"
Television

Eavesdropping With a Smart TV 93

Posted by Soulskill from the i'll-stick-with-a-dumb-tv,-thanks dept.
An anonymous reader writes "A article on The Register titled talks about a demo that was given in London last month by NCC Group where they turned a modern TV into an audio bug. 'The devices contain microphones and cameras that can be utilized by applications — Skype and similar apps being good examples. The TV has a fairly large amount of storage, so would be able to hold more than 30 seconds of audio – we only captured short snippets for demonstrations purposes. A more sophisticated attack could store more audio locally and only upload it at certain times, or could even stream it directly to a server, bypassing the need to use any of the device’s storage.' Given the Snowden revelations and what we've seen previously about older tech being deprecated, how can we protect ourselves with the modern devices (other than not connecting them to the Internet)?"
Google

German Pranksters Spoof Google Nest At Tech Conference 45

Posted by Soulskill from the not-enough-skydiving-for-a-real-google-demo dept.
phmadore writes: "Some clever German pranksters managed to put one over on a sect of the intelligentsia just the other day. In this 30-minute presentation (video) at the re:publica 2014 tech conference, activists going under the pseudonyms of Paul von Ribbeck and Gloria Spindle presented four new (and moderately credible) Google products making up the 'Google Nest': Google Trust, Google Hug, Google Bee, and Google Bye. 'We can't really guarantee that we protect your information, but we can do our very best to protect you,' says Spindle about eight minutes in. Google is reportedly rather upset about the whole affair. The conference organizers were in on the joke — the audience were clued in afterward and asked to participate in order to fool the media. For me, the discussion-worthy items here are: data insurance and the value of data."
Government

DOJ Requests More Power To Hack Remote Computers 76

Posted by Soulskill from the you-can-trust-us dept.
An anonymous reader writes "The U.S. Department of Justice says it needs greater authority to hack remote computers in the course of an investigation. The agency reasons that criminal operations involving computers are become more complicated, and argues that its own capabilities need to scale up to match them. An ACLU attorney said, 'By expanding federal law enforcement's power to secretly exploit "zero-day"' vulnerabilities in software and Internet platforms, the proposal threatens to weaken Internet security for all of us.' This is particularly relevant in the wake of Heartbleed — it's been unclear whether the U.S. government knew about it before everyone else did. This request suggests that the DOJ, at least, did not abuse it — but it sure looks like they would've wanted to. You can read their request starting on page 499 of this committee meeting schedule."
Privacy

Physician Operates On Server, Costs His Hospital $4.8 Million 143

Posted by timothy from the s'posed-to-bury-your-mistakes dept.
Hugh Pickens DOT Com (2995471) writes "Jaikumar Vijayan reports at Computerworld that a physician at Columbia University Medical Center (CU) attempted to "deactivate" a personally owned computer from a hospital network segment that contained sensitive patient health information, creating an inadvertent data leak that is going to cost the hospital $4.8 million to settle with the U.S. Department of Health and Human Services (HHS). The error left patient status, vital signs, laboratory results, medication information, and other sensitive data on about 6,800 individuals accessible to all via the Web. The breach was discovered after the hospital received a complaint from an individual who discovered personal health information about his deceased partner on the Web. An investigation by the HHS Office for Civil Rights (OCR) found that neither Columbia University nor New York Presbyterian Hospital, who operated the network jointly, had implemented adequate security protections, or undertook a risk analysis or audit to identify the location of sensitive patient health information on the joint network. "For more than three years, we have been cooperating with HHS by voluntarily providing information about the incident in question," say the hospitals. "We also have continually strengthened our safeguards to enhance our information systems and processes, and will continue to do so under the terms of the agreement with HHS." HHS has also extracted settlements from several other healthcare entities over the past two years as it beefs up the effort to crack down on HIPAA violations. In April, it reached a $2 million settlement with with Concentra Health Services and QCA Health Plan. Both organizations reported losing laptops containing unencrypted patient data."

Slashdot Top Deals