Nerdfest writes "Bruce Schneier writes in The Atlantic: 'Bluntly: The government has commandeered the Internet. Most of the largest Internet companies provide information to the NSA, betraying their users. Some, as we've learned, fight and lose. Others cooperate, either out of patriotism or because they believe it's easier that way. I have one message to the executives of those companies: fight.'"

judgecorp writes "In a swift response to a media storm, the City of London has closed down a trial of recycling bins which track the phones of pedestrians. Renew provides recycling bins funded by digital advertising, and has been told to stop a trial where bins tracked phones. Although the CEO of Renew claims there was no intention to breach privacy, his own marketing material says otherwise."

First time accepted submitter kdataman writes "The EFF has helped launch a new site to help the potential victims of patent trolling. It is called TrollingEffects.org and is designed to parallel the way ChillingEffects.org helps those getting DMCA letters. The idea is to educate the targets and help them work together for a more cost-effective defense."

Trailrunner7 writes with this snippet from ThreatPost:: "Silent Circle's decision to shut down its Silent Mail email service may have come quickly yesterday, and the timing of the announcement admittedly was prompted by Lavabit's decision to suspend operations hours before. But the seeds for this decision may have been sown long before Edward Snowden, who reportedly used Lavabit as a secure email provider, was a household name and NSA warrants for customer data were known costs of doing business. ... 'When we saw the Lavabit announcement, the thing we were worrying about had happened, and it had happened to somebody else. It was very difficult to not think I'm next,' Callas said. 'I had been discussing with Phil [founder and PGP developer Phil Zimmerman] over dinner the night before, should we be doing this and what the timing should be. I was looking at it from point that I want to be a responsible service provider and not leave users in a lurch. [The Lavabit announcement] told me I have to start moving on it now.'"

SmartAboutThings writes "It seems that Microsoft is relying even more on the opportunities provided by the cloud technology. The Redmond behemoth is preparing to come up with a cloud operating system that is specially meant for government purposes. Government agencies already use two of Microsoft's basic cloud products: Windows Azure and Windows Server. But now it seems that Microsoft is working on a modified version of its somewhat new Cloud OS that could bear the name 'Fairfax.' Compared to Windows Azure, the 'Fairfax' cloud operating system would provide enhanced security, relying on physical servers on site at government locations. Given that CEO Steve Ballmer is striving to make Microsoft much more than a powerful software giant, such a project makes sense, especially because it would help in their lobby activities."

schwit1 asks "How can I automatically have my wi-fi turn off when I leave the house unless I specifically turn it back on?" and provides this excerpt from Wired to illustrate why that would be useful: "Hundreds of thousands of pedestrians walking past 12 locations unknowingly had the unique MAC address of their smartphones recorded by Renew London. Data including the "movement, type, direction, and speed of unique devices" was recorded from smartphones that had their Wi-Fi on. First reported by Quartz, the data gathering appears to be a Minority Report-esque proof-of-concept project, demonstrating the possibility for targeted personal advertising. 'It provides an unparalleled insight into the past behavior of unique devices — entry/exit points, dwell times, places of work, places of interest, and affinity to other devices — and should provide a compelling reach data base for predictive analytics (likely places to eat, drink, personal habits etc.),' reads a blog post on the company's site. In tests running between 21-24 May and 2-9 June, over 4 million events were captured, with over 530,000 unique devices captured. Further testing is taking place at sites including Liverpool Street Station." (The name sounds a bit like a government project, but Renew London is actually an advertising / marketing firm.)

An anonymous reader writes "What is the best/newest hardware without trusted computing (TC) / Trusted Platform Module(TPM)? I am currently running ancient 32-bit hardware and thinking about an upgrade to something x64 with USB3, SATA3 and >1 core on the CPU ... but don't want TC/TPM. I have no need to run anything like Blu Ray movie disks or Microsoft Windows that requires TC/TPM or the UEFI boot process. Is anybody else still trying to avoid TC/TPM? What have your experiences been? Any pointers?" Worth reading on this front, too: Richard Stallman on so-called Trusted Computing,.

An anonymous reader writes "The GovernmentAttic website has just published a dossier of reports produced by the Defense Intelligence Agency describing biological weapons development in nations throughout the world. The 16 reports were released by the Department of Defense in response to declassification request submitted five years ago. Although the sensitive bits were removed, the remaining portions of the reports demonstrate the prevalence of research, development and deployment of bio weapons worldwide, despite an international treaty prohibiting such activity. The same website has also published a Thesaurus of Biological Warfare terminology (PDF) and a listing of pre-1946 reports on biological and chemical warfare (PDF) from the Army."

Lavabit may no longer be an option, but recent events have driven interest in email and other ways to communicate without exposing quite so much, quite so fast, to organizations like the NSA (and DEA, and other agencies). Kim Dotcom as usual enjoys filling the spotlight, when it comes to shuttling bits around in ways that don't please the U.S. government, and Dotcom's privacy-oriented Mega has disclosed plans to serve as an email provider with an emphasis on encryption. ZDNet features an interview with Mega's CEO Vikram Kumar about the complications of keeping email relatively secure; it's not so much the encryption itself, as keeping bits encrypted while still providing the kind of features that users have come to expect from modern webmail providers like Gmail: "'The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,' Kumar said. 'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard. That’s why even Silent Circle didn’t go there.'"

The move on the part of three large German ISPs to provide more secure email, marketed as "Email made in Germany" (Deutsche Telekom's part specifically was mentioned here yesterday), has drawn sharp criticism from security experts, according to a report at Ars. Among those experts are members of the Chaos Computing Club, and GPGMail lead Lukas Pitschl, who responded to the move from Deutsche Telekom, GMX, and Web.de to encrypt all email in transmission with SMTP TLS : "'If you really want to protect your e-mails from prying eyes, use OpenPGP or S/MIME on your own desktop and don't let a third-party provider have your data,' he told Ars. 'No one of the "E-Mail made in Germany" initiative would say if they encrypt the data on their servers so they don't have access to it, which they probably don't and thus the government could force them to let them access it.'"

An anonymous reader writes with a story out of New Zealand: "Gina Kensington was sacked by Air New Zealand earlier this year following a dispute over sick leave she took to care for her sister. She said she did not misuse sick leave, and went to the Employment Relations Authority (ERA) seeking reinstatement. Air New Zealand responded by demanding to see her Facebook and bank details. Kensington refused, saying it did not have that information when it dismissed her and that 'it is well accepted in New Zealand there are general and legal privacy expectations about people's personal and financial information.'" At least in the U.S., Facebook isn't keen on employers getting access to employees' Facebook account details.

slash-sa writes with a link to an opinion piece from Cory Doctorow that begins: "The European Parliament is currently involved in a wrangle over the new General Data Protection Regulation. At stake are the future rules for online privacy, data mining, big data, governmental spying (by proxy), to name a few. Hundreds of amendments and proposals are on the table, including some that speak of relaxing the rules on sharing data that has been "anonymised" (had identifying information removed) or "pseudonymised" (had identifiers replaced with pseudonyms). This is, however, a very difficult business, with researchers showing how relatively simple techniques can be used to re-identify the data in large anonymised data sets, by picking out the elements of each record that make them unique."

The U.S. International Trade Commission has ruled that certain models of Samsung phone violate Apple patents, and are likely to be blocked from import to the U.S. From the article: "The patents in question are U.S. Patent No. 7,479,949, which relates to a touch screen and user interface and U.S. Patent No. 7,912,501 which deals with detecting when a headset is connected. The ITC said Samsung didn’t infringe on the other two patents. In a statement on the matter, the ITC said the decision is final and the investigation has been closed. ... As was the case with the previous ruling that saw Apple devices banned, the ban on Samsung devices won’t go into effect until 60 days but can be blocked by a favorable ruling following a presidential review. That seems unlikely as such a block has only been issued once since 1987 – last’s week’s ruling in favor of Apple."

First time accepted submitter jlnance writes "I don't particularly like the NSA looking over my shoulder. As the scope of its various data gathering programs comes to light, it is apparent to me that the only way to avoid being watched is to use servers based in countries which are unlikely to respond to US requests for information. I realize I am trading surveillance by the NSA for surveillance by the KGB or equivalent, but I'm less troubled by that. I searched briefly for services similar to ymail or gmail which are not hosted in the US. I didn't come up with much. Surely they exist? What are your experiences with this?"

hypnosec writes "The Pirate Bay, on its 10th anniversary, has released 'Pirate Browser,' which it claims would allow people to access The Pirate Bay and other such blocked sites. The 'Pirate Browser' is a fully functional browser that currently works with Windows. ... According to the Pirate Browser website, the browser is basically a bundled package consisting of the Tor client and Firefox Portable browser. The package also includes some tools meant for evading censorship in countries like UK, Finland, Denmark, and Iran among others."

An anonymous reader writes "Website blocking has become a hot topic in the UK in recent weeks. Opponents of both voluntary and court-ordered blockades have warned about the potential collateral damage these blocking systems may cause, and they have now been proven right. As it turns out blocked sites can easily exploit the system and add new IP-addresses to Sky's blocklist. As a result TorrentFreak has been rendered inaccessible to the ISP's four million customers."

First time accepted submitter extraqwert writes "An organization wants me to send them my personal data by email. I certainly do trust them. However, I would like to politely ask them to send me their public key for encryption. The secretary probably does not know what it is. But they do have a pretty good IT department, so they can figure out. My question is, what is the proper wording for such a request? What is the right terminology to use? Should I say ``please send me your RSA key''? ``Public key''? ``PGP key''? Is there a standard and reasonable wording for such a request? (On my end, I am using GNU PGP: http://www.gnupg.org/ ) Any suggestions on how to be polite in this case?"

An anonymous reader writes "The Pirate Bay, arguably the most resilient file sharing website, was first founded on August 9, 2003, although it didn't launch until September 15, 2003. Nevertheless, the group considers the former date to be its start, so today The Pirate Bay is 10 years old. From their blog: 'We really didn't think we'd make it this far. Not because of cops, mafiaa or corrupt politicians. But because we thought that we'd eventually be to old for this shit. But hey, running this ship makes us feel young.'"

kdryer39 writes "Germany's leading telecom provider announced on Friday that it will only use German servers to handle any email traffic over its systems, citing privacy concerns arising from the recent PRISM leak and its 'public outrage over U.S. spy programs accessing citizens' private messages.' In a related move, DT has also announced that they will be providing email services over SSL to further secure their customers' communications. Sandro Gaycken, a professor of cyber security at Berlin's Free University, said 'This will make a big difference...Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so.'"

Today President Obama held a press conference to address the situation surrounding the NSA's surveillance activities. (Here is the full transcript.) He announced four actions the administration is undertaking to restore the public's confidence in the intelligence community. Obama plans to work with Congress to reform the Foreign Intelligence Surveillance Court to give greater weight to civil liberties, and to revisit section 215 of the PATRIOT Act, which is the section that allowed bulk collection of phone records. (Of course, "will work with Congress" is a vague term, and Congress isn't known for getting things done lately. Thus, it remains to be seen if anything substantive happens.) Obama is ordering the Dept. of Justice to make public their legal rationale for data collection, and there will be a new NSA official dedicated to transparency efforts. There will also be a new website for citizens to learn about transparency in intelligence agencies. Lastly, a group of outside experts will be convened to review the government's surveillance capabilities. Their job will include figuring out how to maintain the public's trust and prevent abuse, and to consider how the intelligence community's actions will affect foreign policy. In addition to these initiatives, President Obama made his position very clear about several different aspects of this controversy. While acknowledging that "we have significant capabilities," he said, "America is not interested in spying on ordinary people." He added that the people who have raised concerns about privacy and government overreach in a lawful manner are "patriots." This is in stark contrast to his view of leakers like Edward Snowden: "I don't think Mr. Snowden was a patriot." (For his part, Snowden says the recent shut down of encrypted email services is 'inspiring.') When asked about how his opinion of the surveillance programs have changed, he said his perception of them has not evolved since the story broke worldwide. "What you're not seeing is people actually abusing these programs." Obama also endorsed finding technological solutions that will protect privacy regardless of what government agencies want to do.