Nerval's Lobster writes "Google is still the tech company that spends most lavishly to make its influence known in Washington, D.C., according to a report analyzing the lobbying activity of technology firms. Using data from disclosure forms filed with the Clerk of the House of Representatives, the oversight group Consumer Watchdog added up the efforts of tech-company representatives to get in front of lawmakers and state their employers' case. Facebook's spending on lobbying rose 47 percent between 2012 and 2013, from $980,000 during the third quarter of 2012 to 1.4 million during 2013. Microsoft also boosted its spending by 20 percent, from $1.9 million in 2012 to $2.2 million during the third quarter of this year. Google cut its spending on lobbyists, but still spent $3.4 million during the third quarter – three times what Facebook spent during the same quarter. Apple's lobbying efforts shot up 111 percent between the third quarter of 2012 and 2013, but still amounted to only $970,000 this year. Cisco Systems spent $890,000; IBM spent $1.18 million; Intel spent $980,000 and Oracle spent $1.36 million. Though telecommunications firms are in a separate category, Google still outspent Verizon (down 2 percent, to $3.04 million) and Verizon Wireless (up 19 percent, to $1.2 million). It was trumped by AT&T (up 23 percent, to $4.3 million)."

cold fjord writes "According to a report in the Miami Herald, 'Chancellor Angela Merkel has called President Barack Obama after receiving information that U.S. intelligence may have targeted her mobile phone. Merkel spokesman Steffen Seibert said Merkel made clear in Wednesday's call that "she views such practices, if the indications are confirmed ... as completely unacceptable" and called for U.S. authorities to clarify the extent of surveillance in Germany.' Der Spiegel has some information on Germany's own "PRISM" project. White House spokesman Jay Carney said President Obama 'assured the chancellor that the United States is not monitoring and will not monitor' her communications. He didn't mention anything about past communications. This news follows allegations of U.S. surveillance of the Presidents of Mexico, and France. Yesterday the LA Times noted, 'French authorities are shocked — shocked — to learn that the American government is spying on French citizens. The Foreign Ministry summoned the U.S. ambassador to the Quai D'Orsay to inform him that what's going on is "unacceptable," and President Francois Hollande claimed to have issued a stern rebuke to President Obama in a phone conversation.' Up until now, Merkel had been reluctant to say anything bad about the U.S. over the NSA leaks."

Lucas123 writes "Two of the contractors involved in developing online health insurance exchanges under the Affordable Care Act, which have been plagued by technical problems since launching this month, have had serious data security issues in the past. Quality Software Services developed the software for the Affordable Care Act's data services hub and oversaw development of tools to connect the hub to the databases of other federal agencies. Last June, an audit report by the Health and Human Services Inspector General found QSS failed to adhere to federal security standards (PDF) in delivering IT testing services for the Centers for Medicare & Medicaid Services. Additionally, services firm Serco suffered a major security breach in 2012. Serco won a five-year $1.3 billion contract to process and verify paper applications for health insurance via the online exchanges. Serco's breach exposed sensitive data of more than 123,000 members of the Thrift Savings Plan, a $313 billion retirement plan run by the U.S. Federal Retirement Thrift Investment Board. The exposed data included full names, addresses, Social Security Numbers, financial account information, and bank routing information."

Hugh Pickens DOT Com writes "BBC reports that Jofi Joseph, a senior National Security Council staffer who was a key member of the White House team negotiating on Iran's nuclear weapons program, has been fired ... after a months-long probe into a barrage of tweets that included caustic criticisms of former Secretary of State Hillary Clinton and top NSC officials, especially Ben Rhodes – whom he accused of dodging questions about Benghazi. Joseph, who posted under the now defunct Twitter name @NatSecWonk, gave a lacerating commentary on anything from policy to personal appearance. 'Was Huma Abedin wearing beer goggles the night she met Anthony Weiner,' he tweeted, referring to the scandal-hit former New York mayoral candidate and his wife, a former aide of Hillary Clinton. He tweeted that Mrs Clinton 'had few policy goals and no wins' in the Middle East. He said Chelsea Clinton was 'assuming all of her parents' vices,' and targeted figures such as Republican commentator Liz Cheney and Mitt Romney's wife Ann for their looks and weight. Many in the foreign policy community reacted with shock to the revelation that Joseph was the mystery tweeter because Joseph was well known among policy wonks and his wife, Carolyn Leddy, is a well-respected professional staffer on the Republican side of the Senate Foreign Relations Committee. 'What started out as an intended parody account of DC culture developed over time into a series of inappropriate and mean-spirited comments,' said Joseph in an apology. 'I bear complete responsibility for this affair and I sincerely apologize to everyone I insulted.'"

schwit1 tips this news from Wired: "An appellate court has finally supplied an answer to an open question left dangling by the Supreme Court in 2012: Do law enforcement agencies need a probable-cause warrant to affix a GPS tracker to a target's vehicle? The justices said the government's statement 'wags the dog rather vigorously,' noting that the primary reason for a search cannot be to generate evidence for law enforcement purposes. They also noted that 'Generally speaking, a warrantless search is not rendered reasonable merely because probable cause existed that would have justified the issuance of a warrant.' The justices also rejected the government's argument that obtaining a warrant would impede the ability of law enforcement to investigate crimes."

Slashdot contributor Bennett Haselton writes "A recent webinar for newsletter publishers suggested that if you want your emails not to be blocked as 'spam,' you paradoxically have to engage in some practices that contribute to the erosion of users' privacy, including some tactics similar to what many spammers are doing. The consequences aren't disastrous, but besides being a loss for privacy, it's another piece of evidence that free-market forces do not necessarily lead to spam filters that are optimal for end users." Read on for the rest of Bennett's thoughts.

Kyle Jacoby writes "The NSA was right when it postulated that the mere knowledge of the existence of their program could weaken its ability to function. Virtual Private Networks (VPNs), which serve to mask the source and destination of data by routing it through a third-party server, have been a popular method for maintaining internet anonymity for the paranoid and prudent. However, the all-but-silent fall of secure email server Lavabit, and VPN provider CryptoSeal, have shown us just how pervasive the government's eye on our communications is. These companies chose to fold rather than to divulge customer data entrusted to them, which raises the million-dollar question: how many have chosen to remain open and silently hand over the keys to your data? Google has decided to put the private back in VPN by supporting uProxy, a project developed at the University of Washington with help from Brave New Software. Still using a VPN schema, their aim is to keep the VPN amongst friends (literally). Of course, you'll need a friend who is willing to let you route your net through their tubes. Their simple integration into Firefox and Chrome will lower the barrier, creating a decentralized VPN architecture that would make sweeping pen register orders more difficult, and would also make blocking VPNs a rather difficult task for countries like China, who block citizens' access to numerous websites. On a related note, when will the public finally demand that communications which pass encrypted through a third party still retain an reasonable expectation of privacy (rendering them pen register order-resistant)?"

beerdragoon writes "One of Canada's biggest mobile and TV providers will soon begin collecting detailed information on usage patterns of its subscribers. Starting November 16th, Bell plans on using this information to provide targeted ads for subscribers. According to Bell this policy will allow customers 'to receive Internet advertising that's relevant to them rather than the random online advertising they're receiving now.' Customers have until the 16th to opt out of the targeted ads, but there doesn't appear to be a way to opt out of the data collection. Apparently this is not illegal, but it is certainly considered unethical by many."

schwit1 writes "Oregon is moving ahead with a controversial plan to tax motorists based on the number of miles they drive as opposed to the amount of fuel they consume, raising myriad concerns about cost and privacy. The problem for lawmakers is that the existing per-gallon gas tax has hit a point of diminishing returns, as Americans drive less and vehicles become more fuel efficient. Economists and civil libertarians are concerned about the Oregon pilot project in large part because some mileage meters can track and record residents' every vehicular move. Rick Geddes, a Cornell University professor, said the basic device is okay because it is simply attached to a vehicle's computer, which cannot track locations. However, Geddes said privacy concerns could resurface should governments expand the program and use SmartPhone or apps to track movements and reward motorists who avoid congested roads and drive during off-peak hours. Mark Perry, a University of Michigan scholar, says the GPS or 'black box' system is 'particularly untenable.'" Per-car tracking and taxation has been a long time coming in Oregon, and it's not the only state where such an idea's been floated.

An anonymous reader writes "As described on the DigitalBond blog, a security researcher was subjected to a court ordered search in which a lack of pre-notification was premised on his self description as a 'hacker.' From the court order, 'The tipping point for the Court comes from evidence that the defendants – in their own words – are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act.'"

cartechboy writes "Texas is known for having the nation's most draconian anti-Tesla rules, based on intense and cash-rich lobbying and political donations by Texas car dealers. What's amazing is what would-be Tesla owners still have to do to get their hands on--and maintain--a Tesla Model S. How do you buy a car the laws try to stop you from owning? By jumping through wacky hoops, it turns out. Tesla store staff, for example, can't tell visitors how much a Model S costs. They can't give test drives, and they can't discuss financing options. Tesla service centers are banned from showing the company logo — or advertising that they do Tesla warranty work or service at all. So how have 1,000 Model S cars been sold? That would be sheer persistence."

Bob the Super Hamste writes "The New York Times is reporting that the TSA is now doing background investigations on passengers before they arrive at the airport. The publicly stated reason for this is that it is to streamline the security procedures at airports allowing more passengers to receive less scrutiny while at the air port but this new authority allows the TSA additional information about each traveler. The prescreening that is being performed for domestic travel now uses a simiar standard to that of foreign individuals who where entering the US. The new measures go beyond what is used in the Secure Flight program and while light on details mentions that the passengers passport number will be used. The article does however point out the data sources that are available to the TSA to conduct these pre-screening with such as tax identification number, past travel itineraries, property records, physical characteristics, and law enforcement or intelligence information. Also mentioned is that individuals who do not have a passport will not be subjected to the rules and from my reading will not be eligible for lesser screening at that airport. The stated goal of this program is to have 25% of all airline passengers in the US receive lighter screening at the airport so that they don't have to take their shoes off, remove jackets, or remove laptops from bags. Additionally passengers who are in higher risk categories can receive additional screenings. Also mentioned is that all passengers are currently prescreened and that airlines are required to share your passport data with the TSA if they have it." One thing I've noticed as a passenger is that the most dangerous-feeling aspect of flying right now seems to be the winding security line itself.

An anonymous reader writes with this excerpt: "David Cameron has attacked Facebook as irresponsible for lifting a ban on videos of beheadings being posted on its site. The prime minister said the social network must explain its decision to allow images showing decapitations to worried parents. Facebook has said users should be free to view such videos and then condemn the content. Cameron wrote on Twitter: 'It's irresponsible of Facebook to post beheading videos, especially without a warning. They must explain their actions to worried parents.' Facebook introduced a temporary ban on such videos in May but has since decided to remove the block on the grounds that the site is used to share information about world events, such as acts of terrorism and human rights abuses."

Trailrunner7 writes "A security researcher discovered a simple vulnerability in Verizon Wireless's Web-based customer portal that enabled anyone who knows a subscriber's phone number to download that user's SMS message history, including the numbers of the people he communicated with. The vulnerability, which has been resolved now, resulted from a failure of the Verizon Web app to check that a number entered into the app actually belonged to the user who was entering it. After entering the number, a user could then download a spreadsheet file of the SMS activity on a target account. Cody Collier, the researcher who discovered the vulnerability, said he decided right away to report it to Verizon because he is a Verizon customer and didn't want others to have access to his account information. 'I am a Verizon Wireless customer myself, so upon finding this, I immediately looked for a way to contact Verizon. I wouldn't want my account information to exposed in such way,' Collier said via email."

sl4shd0rk writes "CryptoSeal Privacy, a VPN provider, has closed down its consumer VPN service. The company says it has zeroed its crypto keys, adding, 'Essentially, the service was created and operated under a certain understanding of current U.S. law, and that understanding may not currently be valid. As we are a US company and comply fully with U.S. law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product.' The announcement ends with a warning: 'For anyone operating a VPN, mail, or other communications provider in the U.S., we believe it would be prudent to evaluate whether a pen register order could be used to compel you to divulge SSL keys protecting message contents, and if so, to take appropriate action.' Sounds like another victim of FISA-endorsed NSA activity."

realized writes "Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info who then offered all of the information online for a price. The website would advertise having '99% to 100% of all USA' in their database on websites frequented by carders. Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud."

itwbennett writes "It's no secret that the healthcare.gov website has been plagued by problems since its launch 3 weeks ago. On Sunday, the Department of Health and Human Services said that it's now bringing in the big guns: 'Our team is bringing in some of the best and brightest from both inside and outside government to scrub in with the [HHS] team and help improve HealthCare.gov,' the blog post reads. 'We're also putting in place tools and processes to aggressively monitor and identify parts of HealthCare.gov where individuals are encountering errors or having difficulty using the site, so we can prioritize and fix them.' Other emergency measures being taken as part of what HHS calls a 'tech surge' include defining new test processes to prevent new problems and regularly patching bugs during off-peak hours. Still unclear is how long it will take to fix the site. As recently reported on Slashdot, that could be anywhere from 2 weeks to 2 months."

rtoz writes "The US National Security Agency (NSA) has been intercepting French telephone calls 'on a massive scale,' according to a report published in Le Monde. According to Le Monde, the NSA recorded millions of telephone calls placed by French citizens over a 30-day period last year, including some placed by people with no connections to terrorist organizations. France called in the U.S. ambassador to protest the alleged large-scale spying on French citizens by NSA."

New submitter stewartrob70 writes with an explanation of the inadvertent (or at least unwarranted) blocking of innocuous sites that UK ISPs Virgin and Sky are engaged in, as reported by PC Pro. The ISPs' filtering systems "appear to be blocking innocent third-party sites with apparently little or no human oversight." stewartrob70 excerpts from a blog posting with an explanation of why: "In order to understand why this specific issue happened, you need to be familiar with a quirk in how DNS is commonly used in third-party load-balanced site deployments. Many third-party load balanced systems, for example those using Amazon's AWS infrastructure, are enabled by pointing CNAME records at names controlled by those third-party systems. For example www.example.com may be pointed at loadbalancer.example.net. However, 'example.com' usually cannot be directly given a CNAME record (CNAME records cannot be mixed with the other record types needed such as those pointing to nameservers and mailservers). A common approach is to point "example.com" to a server that merely redirects all requests to 'www.example.com.' From forum posts we can see that it's this redirection system, in this specific case an A record used for 'http-redirection-a.dnsmadeeasy.com,' that has been blocked by the ISPs — probably a court-order-blocked site is also using the service — making numerous sites unavailable for any request made without the ''www' prefix."

reifman writes "Perhaps the reason the NSA's surveillance programs are so unpopular with Americans is that we haven't seen any of the potential consumer benefits that spying and big data can provide. Here are ten ideas for the productization and monetization of the NSA's spying infrastructure to inspire Americans to consider the bright side of the dark arts." In case anyone doesn't notice, these suggestions (at least most of them) are presented tongue-in-cheek; a truly secure email system, though, is another story.