Fresh Technology Insights

Category: Surveillance (Page 1 of 3)

UK government’s MI5 spies want “exceptional access” to your encrypted communications

Dan Sabbagh, The Guardian »

MI5’s director general has called on technology companies to find a way to allow spy agencies “exceptional access” to encrypted messages, amid fears they cannot otherwise access such communications.

Sir Andrew Parker is understood to be particularly concerned about Facebook, which announced plans to introduce powerful end-to-end encryption last March across all the social media firm’s services.

In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.

EU Commission recommends staff use the Signal messaging app

The EU and other world governments have suffered high profile data breaches, often because they were using insecure commercial apps, or apps that were handling data in ways that were not obvious or stated.

Signal is a true end-to-end messaging app that has been verified by security experts around the world. Journalist and activists dealing in sensitive areas where their lives are often at stake, depend on Signal.

Laurens Cerulus, Pro Publica »

The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.

The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.”

[…]

Privacy experts consider that Signal’s security is superior to other apps’. “We can’t read your messages or see your calls,” its website reads, “and no one else can either.”

The Signal App is available free on several platforms (iOS, Android, etc) through the official web site.

Now that UK is no longer part of the EU, Google plans to move UK user data and accounts out of EU and into the US where data protection is weaker

Another consequence of Brexit.

Joseph Menn, Reuters »

The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement.

The change was described to Reuters by three people familiar with its plans. Google intends to require its British users to acknowledge new terms of service including the new jurisdiction.

Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world’s most aggressive data protection rules, the General Data Protection Regulation.

More » The Register

New bill would establish a US Data Protection Agency

It might startle you to learn how little privacy protection is available to Americans.

Issie Lapowsky, Protocol »

The so-called Data Protection Act of 2020 would create the country’s first data protection agency to oversee how privacy laws in America are enforced and guide Congress on the development of those laws. The agency would be empowered to impose penalties on companies that violate people’s privacy, taken them to court, field consumer complaints, and launch investigations.

[…]

The agency would enforce current privacy laws and any future laws Congress passes and have rule-making authority to determine how those laws are carried out. Specifically, the agency would be able to conduct impact assessments on companies deploying “high-risk practices” with regard to data. That includes companies using data to profile people on a large scale. The bill also gives the agency the power to regulate consumer scoring in sensitive areas like housing, employment and education.

The agency would have subpoena power and the ability to take companies to court over violations of federal privacy law. It would also closely monitor large companies — both in terms of revenue and in terms of the amount of data they collect — and ask for reports from these companies, to ensure they’re complying with the law. Meanwhile, the agency would be tasked with guiding Congress on emerging technologies and representing the United States in international deals regarding privacy.

Former Conservative leader Sir Iain Duncan Smith is asking the British government to rethink its decision to allow Huawei to play a role in the UK’s 5G network

There appear to be legitimate national security concerns about allowing Chinese firm Huawei to bid on and install 5G mobile networking equipment. Boris Johnson’s government announced they will allow the firm to install it’s equipment, however, they have not addressed those concerns or stated why they will allow this added risk, when there are other highly reputable alternatives.

The decision appears to be a political one, and not one based on facts. To be clear, Huawei should not be banned based on what is being asked for by the Trump Administration. National security should be top priority.

BBC »

In a letter, the group – which includes four ex-cabinet ministers – said there were alternatives to the Chinese firm.

They want “high-risk” vendors to be ruled out now, or phased out over time.

Foreign Secretary Dominic Raab said the decision followed a “rigorous” review by security experts and that Huawei’s involvement would be restricted.

More » The Independent

US Homeland Security Dept has purchased access to at least one database to track the locations of millions of mobile phones and is using the info in immigration and border controls and possibly other secret government surveillance programs

If the headline surprises you, you haven’t been paying attention. This has been going on for years. Ask Snowden.

What I’d like to know is how much tracking is DHS doing outside it’s borders?

US Department of Homeland Security (DHS) acknowledges tracking millions of smartphone users within the USA, despite a Supreme Court order limiting it’s authority to do so. DHS will not state how the data is being used.

Byron Tau and Michelle Hackman, Wall Street Journal »

The Trump administration has bought access to a commercial database that maps the movements of millions of cellphones in America and is using it for immigration and border enforcement, according to people familiar with the matter and documents reviewed by The Wall Street Journal.

The location data is drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user has granted permission to log the phone’s location.

More » Apple Insider

Gaia-X » Europe’s plan to avoid an over-reliance on US-based cloud providers Google, Amazon, and others

The EU is putting together a consortium to build a new, non-US, based cloud platform. It’s called Gaia-X.

Will Bedingfield, Wired »

The project is a collaboration between the European Commission, Germany, France, and according to an email from a spokesperson for Germany’s Federal Ministry for Economic Affairs and Energy “some 100 companies and organisations”. (Firms confirmed include SAP SE, Deutsche Telekom AG, Deutsche Bank AG, Siemens and Bosch.) The first proofs of concept for the European cloud are set to be ready towards the end of this year.

The driving motivation behind the project is “data sovereignty”, or, more accurately “data governance” – an ambition to bring the flow and storage and data under greater European control. “Data sovereignty is the key to GAIA-X,” says Harald Summa, the CEO of DE-CIX Group AG, a group involved in the project. “Especially given that our society is relying more and more heavily on digital services, it is in the interest of a state or a region to enable a certain level of independence from external service providers.”

The project is a direct response to the dominance of American and Chinese service providers. The European Commission has already locked horns with Google, fining the company €4.34 billion for antitrust violations back in 2018. The US Cloud Act requires American firms to provide law enforcement with customers’ personal data on request, even when the servers containing the information are abroad.

Continue reading

Amazon’s Ring doorbell sends customer’s personal data to Facebook and Google

BBC »

The Electronic Frontier Foundation found the Ring app was “packed” with third-party tracking, sending out customers’ personally identifiable information.

Five companies were receiving a range of information, including names, IP addresses and mobile networks, it said.

Ring said it limited the amount of data it shared.

The company told Gizmodo: “Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimise the customer experience and evaluate the effectiveness of our marketing.”

But the EFF said Ring was failing to protect users’ privacy, noting only one of the trackers it had found was mentioned in the company’s privacy policy.

Avast’s ‘Free’ antivirus compiles your browsing history and sells them to the highest bidder

Avast is yet another company that demonstrates ‘free’ really means you are the product.

Ryan Whitwam, ExtremeTech »

That’s the case with the free antivirus products from Avast, which harvest browsing history for sale to major corporations. Despite claims that its data is fully anonymized, an investigation by our sister site PCMag and Motherboard shows how easy it is to unmask individual users.

Avast, which offers antivirus products under its own brand as well as AVG, has traditionally gotten high marks for its malware blocking prowess. When setting up the company’s free AV suite, users are asked to opt into data collection. Many do so after being assured all the data is anonymized and aggregated to protect their identities. However, Avast is collecting much more granular data than anyone expected, and that puts your privacy at risk.

Avast markets user data through its Jumpshot subsidiary, which has relationships with firms like Google, Pepsi, Microsoft, and Home Depot. PCMag and Motherboard managed to gain access to internal documents and a sample of data from Jumpshot, and they found Avast is tracking user clicks down to the second. Here’s an example of Jumpshot’s data format.

Read the whole article on ExtremeTech »

« Older posts

© 2020 Tech Letter

Theme by Anders NorenUp ↑