Privacy

After Progressive Insurance's Snapshot Hacked, Manufacturer Has Been, Too 3 3

An anonymous reader writes: Progressive Insurance sells a tracking device called Snapshot that is advertised as a "little device [that] turns your safe driving into savings." However Snapshot itself has been hacked, and Xirgo Technologies, which makes Snapshot, is currently hacked due to out-of-date software on their website — and has been that way since at least May 5th of 2015. Given that Chrysler just did a recall of 1.4 million cars, people should really think twice before blindly trusting the safety of their cars to any random company, especially if that company can't even keep their WordPress up-to-date or remove hacked code from their site.
Communications

An Interview With Hacking Team's CEO 80 80

Alastair Stevenson writes: I talked to the leader of the world's most hated surveillance company about its path to recovery and morals, following a massive attack on its systems. CEO David Vincenzetti, as you might expect, thinks that his company "deserves the protection of law and order," and disclaims (also as you'd expect) responsibility for what its clients do with the privacy-unraveling software it provides: Law enforcement must have a way to do what it has always done, that is to track criminals and prevent or prosecute crime. With the development of global terrorism and especially the ‘lone wolf’ terrorist, this requirement is even more important. Hacking Team has helped fight crime by providing a surveillance tool to law enforcement. The company believes this is a small step toward a more secure world for all who wish to used the Internet and digital tools lawfully.
Privacy

Researchers: Mobile Users Will Trade Data For Fun and Profit 21 21

itwbennett writes: Even as mobile users become more security and privacy conscious, researchers and other mobile data collectors still to collect user data in order to build products and services. The question: How to get users to give up that data? Researchers at the New Jersey Institute of Technology tested two incentives: gamification and micropayments. The test involved building a campus Wi-Fi coverage map using user data collected from student participants who either played a first-person shooter game or who were paid to complete certain tasks (e.g., taking photos). The game turned out to be a quick and efficient way to build the Wi-Fi coverage map. But data from the micropayments group was found to be "sometimes unreliable, and individuals were trying to trick the system into thinking they had accomplished tasks."
The Internet

Secret Service Agents Stake Out the Ugliest Corners of the Internet 169 169

HughPickens.com writes: Josephine Wolff reports at The Atlantic that Secret Service Internet Threat Desk is a group of agents tasked with identifying and assessing online threats to the president and his family. The first part of this mission — finding threats — is in many ways made easier by the Internet: all you have to do is search! Pulling up every tweet which uses the words "Obama" and "assassinate" takes mere seconds, and the Secret Service has tried to make it easier for people to draw threats to its attention by setting up its own Twitter handle, @secretservice, for users to report threatening messages to. The difficulty is trying to figure out which ones should be taken seriously.

The Secret Service categorizes all threats, online and offline alike, into one of three categories. Class 3 threats are considered the most serious, and require agents to interview the individual who issued the threat and any acquaintances to determine whether that person really has the capability to carry out the threat. Class 2 threats are considered to be serious but issued by people incapable of actually follow up on their intentions, either because they are in jail or located at a great distance from the president. And Class 1 threats are those that may seem serious at first, but are determined not to be. The overall number of threats directed at the first family that require investigation has stayed relatively steady at about 10 per day — except for the period when Obama was first elected, when the Secret Service had to follow up on roughly 50 threats per day. "That includes threats on Twitter," says Ronald Kessler, author of In the President's Secret Service. "It makes no difference to [the Secret Service] how a threat is communicated. They can't take that chance of assuming that because it's on Twitter it's less serious."
Government

Don't Bring Your Drone To New Zealand 270 270

NewtonsLaw writes: Personal drones are changing the way some people experience vacations. Instead of toting along a camcorder or a 35mm DSLR, people are starting pack a GoPro and, increasingly, a drone on which to mount it. This is fine if you're going to a drone-friendly country, but be warned that your drone will get you into big trouble in Thailand (where all use of drones by the public is banned outright) and now in New Zealand, where strict new laws regarding the operation of drones (and even tiny toys like the 20g Cheerson CX10) come into effect on August 1.

Under these new rules, nobody can operate a drone or model aircraft without getting the prior consent of the owner over which property it is intended to fly — and (this is the kicker) also the permission of the occupiers of that property. So you can effectively forget about flying down at the local park, at scenic locations or just about any public place. Even if you could manage to get the prior permission of the land-owner, because we're talking "public place," you'd also have to get the permission of anyone and everyone who was also in the area where you intended to fly.

Other countries have produced far more sane regulations — such as limiting drone and RC model operators to flying no closer than 30m from people or buildings — but New Zealand's CAA have gone right over the top and imposed what amounts to a virtual death-sentence on a hobby that has provided endless, safe fun for people of all ages for more than 50 years. Of course if you are prepared to pay a $600 fee to become "Certified" by CAA then the restrictions on where you can fly are lifted and you don't need those permissions.
Communications

Criminal Inquiry Sought Over Hillary Clinton's Personal Email Server 425 425

cold fjord writes: The Wall Street Journal is reporting that Inspectors General from the State Department and intelligence agencies have asked the Justice Department to open a criminal investigation into Hillary Clinton's use of a personal email server while she was U.S. Secretary of State. At issue is the possible mishandling of sensitive government information. Dozens of the emails provided by Hillary Clinton have been retroactively classified as part of the review of her emails as they are screened for public release. So far 3,000 of 55,000 emails have been released. The inspectors general found hundreds of potentially classified emails. "The Justice Department has not decided if it will open an investigation, senior officials said. ... The inspectors general also criticized the State Department for its handling of sensitive information, particularly its reliance on retired senior Foreign Service officers to decide if information should be classified, and for not consulting with the intelligence agencies about its determinations."
Government

France To Reduce Reliance On Nuclear Power 467 467

AmiMoJo writes: French lawmakers have approved a bill to reduce the country's reliance on nuclear power from 75% to 50% by 2025. The policy was one of President Francois Hollande's campaign pledges. The legislation also includes a target of reducing the country's greenhouse gas emissions by 40 percent by 2030, compared to the level in 1990. The new law aims to eventually halve France's energy consumption by 2050 from the 2012 level. The ambitious goal came in the lead-up to the COP 21 climate change conference in Paris later this year. France will chair the meeting.
The Courts

Uber Faces $410 Million Canadian Class Action Suit 244 244

farrellj writes: A class action suit has been filed by the Taxi and Limo drivers and owners in the Province of Ontario in Canada against Uber, demanding CAN$400 million in compensatory damages, $10 million in punitive damages. They claim Uber is violating the Ontario Highway Traffic Act that covers taxis and limos, and has caused them to lose money. They also seek an injunction against Uber operating in Ontario. "This protectionist suit is without merit," Uber said in a statement. "As we saw from a recent court ruling in Ontario, Uber is operating legally and is a business model distinct from traditional taxi services."
United States

"Breaking Bad" At the National Institute of Standards and Technology 98 98

sciencehabit writes: Police are investigating whether an explosion inside a Maryland federal laboratory was the result of an effort to make drugs. Authorities who responded to the explosion at the National Institute of Standards and Technology found pseudoephedrine, Epsom salt and other materials associated with the manufacture of meth. Federal and local law enforcement agencies are investigating the cause of the explosion and if a security guard injured in the blast might have been involved. Sciencemag reports: "Representative Lamar Smith (R–TX), chairman at the House Science, Space, and Technology Committee, got involved today, expressing grave concern over the incident in a letter to Secretary of Commerce Penny Pritzker. NIST is part of the Commerce Department. 'I am troubled by the allegations that such dangerous and illicit activity went undetected at a federal research facility. It is essential that we determine exactly where the breakdown in protocol occurred and whether similar activities could be ongoing at other federal facilities,' wrote Smith in an accompanying press release. He has requested a briefing with NIST no later than 29 July."
Privacy

US Court: 'Pocket-Dialed' Calls Are Not Private 179 179

itwbennett writes: In a case of a pocket-dialed call, a conscientious secretary, and sensitive personnel issues, a federal appeals court in Ohio has ruled pocket-dialers shouldn't have any expectation of privacy. 'Under the plain-view doctrine, if a homeowner neglects to cover a window with drapes, he would lose his reasonable expectation of privacy with respect to a viewer looking into the window from outside of his property,' the court said. The same applies to pocket-dialed calls, according to the court. If a person doesn't take reasonable steps to keep their call private, their communications are not protected by the Wiretap Act.
Censorship

Universal Pictures Wants To Remove Localhost and IMDB Pages From Google Results 188 188

Artem Tashkinov writes: We've all known for a very long time that DCMA takedown requests are often dubious and even more often outright wrong but in a new turn of events a Universal Pictures contractor which does web censorship has requested a takedown of an IMDB page and the 127.0.0.1 address. I myself has seen numerous times that pages which barely include the title of an infringing work of art get removed from search engines.
Facebook

New York Judge Rules Against Facebook In Search Warrant Case 157 157

itwbennett writes: Last year, Facebook appealed a court decision requiring it to hand over data, including photos and private messages, relating to 381 user accounts. (Google, Microsoft, and Twitter, among other companies backed Facebook in the dispute). On Tuesday, Judge Dianne Renwick of the New York State Supreme Court ruled against Facebook, saying that Facebook has no legal standing to challenge the constitutionality of search warrants served on its users.
Privacy

FCC CIO: Consumers Need Privacy Controls In the Internet of Everything Era 46 46

Lemeowski writes: Who is responsible for ensuring security and privacy in the age of the Internet of Things? As the number of Internet-connected devices explodes — Gartner estimates that 25 billion devices and objects will be connected to the Internet by 2020 — security and privacy issues are poised to affect everyone from families with connected refrigerators to grandparents with healthcare wearables. In this interview, U.S. Federal Communications Commission CIO David Bray says control should be put in the hands of individual consumers. Speaking in a personal capacity, Bray shares his learnings from a recent educational trip to Taiwan and Australia he took as part of an Eisenhower Fellowship: "A common idea Bray discussed with leaders during his Eisenhower Fellowship was that the interface for selecting privacy preferences should move away from individual Internet platforms and be put into the hands of individual consumers." Bray says it could be done through an open source agent that uses APIs to broker their privacy preferences on different platforms.
Crime

Ex-Lottery Worker Convicted of Programming System To Win $14M 217 217

An anonymous reader sends news that Eddie Tipton, a man who worked for the Multi-State Lottery Association, has been convicted of rigging a computerized lottery game so he could win the $14 million jackpot. Tipton wrote a computer program that would ensure certain numbers were picked in the lottery game, and ran it on lottery system machines. He then deleted it and bought a ticket from a convenience store. Lottery employees are forbidden to play, so he tried to get acquaintances to cash the winning ticket for him. Unfortunately for him, Iowa law requires the original ticket buyer's name to be divulged before any money can be paid out.
Advertising

FTC Accuses LifeLock of False Advertising Again 54 54

An anonymous reader writes: You may remember LifeLock — it's the identity protection company whose CEO published his social security number and dared people to steal his identity. Predictably, 13 different people succeeded. LifeLock was later sued for deceptive marketing practices, and eventually settled with the U.S. Federal Trade Commission to the tune of $12 million. Part of that settlement, of course, required that they refrain from misrepresenting their services in the future. Now, the FTC is taking action against them again, saying they failed to live up to that promise. The FTC claims (PDF) LifeLock falsely advertised that it "protected consumers' sensitive data with the same high-level safeguards as financial institutions" and also failed build systems to protect the data they held.