Windows 10 users are unable to stop the new operating system from spying on them, and even Microsoft is unable to prevent it from collecting some types of data. Microsoft has continued to insist that Windows 10 users enjoy full privacy and can always choose to turn of the data collection options in settings. But, for the first time, the Redmond-based software giant has admitted that the process of collecting core background data in Windows 10 cannot be stopped. Continue reading
Anyone who’s suffered the indignity of scrubbing, scanning, and restoring their files after a brush with malware knows that computer viruses suck. But whatever you’ve encountered, it’s likely not as bad as Thunderstrike. It’s the worst kind of malware there is. Continue reading
Members of the House Intelligence Committee accepted amendments to the controversial Cyber Intelligence Sharing and Protection Act Wednesday, voting to include the new provisions by an 18-2 margin after a closed door meeting.
Members of the House Intelligence Committee accepted amendments to the controversial Cyber Intelligence Sharing and Protection Act Wednesday, voting to include the new provisions by an 18-2 margin after a closed door meeting. It puts the bill back on the table for consideration after failing last year.
The proposed CISPA legislation has been criticized by the American Civil Liberties Union, Electronic Frontier Foundation, and major Internet companies including Reddit andCraigslist, who say the bill all but eliminates privacy online. Facebook withdrew its support for the bill in March, joining 30,000 other websites in their opposition.
CISPA critics have decried the language in the bill, which grants private companies and the federal government unprecedented power to share an individual’s personal information for purported national security reasons. The House Intelligence Committee has repeatedly warned of the risk presented by potential cyber-attacks, threats that some experts say are unfounded.
CISPA is expected to be reintroduced to Congress as soon as next week after failing to gain enough momentum to summon a vote last year. US President Barack Obama has stated in the past that he would veto CISPA because of security concerns.
Evidently attempting to address those misgivings, the House Intelligence Committee’s closed-door session was expected to introduce amendments that would give privacy advocates and civil liberties officers more oversight on how personal information isshared and used.
Including language to deny companies legal immunity if they use cyber-threat disclosures to hack other companies and dropping language that allows the government to use cyber-threat information for national-security purposes were also reportedly on the docket, according to the Christian Science Monitor.
“We have seen the language of these amendments – and what we’ve been hearing is that they still don’t tackle the core concerns including tailoring so that information that’sshared by private industry can’t be used for purposes other than cyber-security,” said Mark Jaycox, an analyst for the Electronic Frontier Foundation.
Before the secret meeting Rep. Adam Schiff (D-California) said he planned to propose an amendment that would require companies to at least attempt to remove personally identifiable information from data before sharing it with the federal government.
“I think the other amendments are definitely a step in the right direction, but we still need the private sector to take efforts on its own to remove personally identifiable information,” Schiff told The Hill. “I still believe that the House, Senate and White House can come to a common agreement on these outstanding issues. It just shouldn’t be that difficult.”
“I think we can maintain the proper balance of protecting the country from cyber-attacks and also ensuring the privacy rights of the American people are respected.”
(Washington Post) Federal investigators looking into disclosures of classified information about a cyberoperation that targeted Iran’s nuclear program have increased pressure on current and former senior government officials suspected of involvement, according to people familiar with the investigation.
The inquiry, which was started by Attorney General Eric H. Holder Jr. last June, is examining leaks about a computer virus developed jointly by the United States and Israel that damaged nuclear centrifuges at Iran’s primary uranium enrichment plant. The U.S. code name for the operation was Olympic Games, but the wider world knew the mysterious computer worm as Stuxnet.
The FBI and prosecutors have interviewed several current and former senior government officials in connection with the disclosures, sometimes confronting them with evidence of contact with journalists, according to people familiar with the probe. Investigators, they said, have conducted extensive analysis of the e-mail accounts and phone records of current and former government officials in a search for links to journalists.
The people familiar with the investigation would speak only on the condition of anonymity because of the sensitivity of the matter. The Justice Department declined to comment.
The Obama administration has prosecuted six officials for disclosing classified information, more than all previous administrations combined. But the Stuxnet investigation is arguably the highest-profile probe yet, and it could implicate senior-level officials. Knowledge of the virus was likely to have been highly compartmentalized and limited to a small set of Americans and Israelis.
The proliferation of e-mail and the advent of sophisticated software capable of sifting through huge volumes of it have significantly improved the ability of the FBI to find evidence. A trail of e-mail has eased the FBI’s search for a number of suspects recently, including John Kiriakou, the former CIA officer who was sentenced Friday to 30 months in prison for disclosing to a journalist the identity of a CIA officer who had spent 20 years under cover.
Late last year, retired Gen. David H. Petraeus resigned as CIA director after the FBI discovered e-mails in one of his private accounts showing that he had an extramarital affair with his biographer.
Holder appointed Rod J. Rosenstein, the U.S. attorney for Maryland, to lead the Stuxnet inquiry after a New York Times article about President Obama ordering cyberattacks against Iran using a computer virus developed in conjunction with Israel. Other publications, including The Washington Post, followed with similar reports about Stuxnet and a related virus called Flame.
At the same time, Holder named Ronald C. Machen Jr., the U.S. attorney for the District of Columbia, to head a criminal investigation into leaks concerning thedisruption of a bomb plot by al-Qaeda in the Arabian Peninsula. Holder’s action followed complaints from members of Congress, including the heads of the intelligence
Machen is examining a leak to the Associated Press that a double agent inside al-Qaeda’s affiliate in Yemen allowed the United States and Saudi Arabia to disrupt the plot to bomb an airliner using explosives and a detonation system that could evade airport security checks.
“People are feeling less open to talking to reporters given this uptick,” said a person with knowledge of Machen’s inquiry. “There is a definite chilling effect in government due to these investigations.”
The Justice Department declined to provide statistics on how many leak investigations were launched during Obama’s first term. Between 2005 and 2009, according to an April 2010 Justice Department letter that was sent to a Senate committee, intelligence agencies notified the department 183 times about leaks. The FBI opened 26 investigations and identified 14 suspects.
Lisa Monaco, the head of the Justice Department’s National Security Division who was named Friday as the president’s new counterterrorism adviser, told the Senate in 2011 that there has been “a stepped-up effort, and indeed a priority placed on the prosecution of leak matters.” Monaco said that leaks “do tremendous damage” and that unauthorized disclosures should be “prosecuted and pursued, either by criminal means or the use of administrative sanctions.”
Former prosecutors said these investigations typically begin by compiling a list of people with access to the classified information. When government officials attend classified briefings or examine classified documents in secure facilities, they must sign a log, and these records can provide an initial road map for investigators.
Former prosecutors said investigators run sophisticated software to identify names, key words and phrases embedded in e-mails and other communications, including text messages, which could lead them to suspects.
The FBI also looks at officials’ phone records — who called whom, when, for how long. Once they have evidence of contact between officials and a particular journalist, investigators can seek a warrant to examine private e-mail accounts and phone records, including text messages, former prosecutors said.
Prosecutors and the FBI can examine government e-mail accounts and government-issued devices, including cellphones, without a warrant. They can also look at private e-mail accounts without a warrant if those accounts were accessed on government computers.
The investigation of Kiriakou grew out of an inquiry by the Justice Department into how high-value detainees at Guantanamo Bay came to have photographs of some intelligence officials in their cells. E-mails eventually led the FBI to exchanges between Kiriakou and a journalist that revealed the name of a covert officer. That name was passed to an investigator working for the American Civil Liberties Union and finally made its way into a classified filing by the ACLU.
In the case of Petraeus, the FBI started with five threatening, anonymous e-mails sent to a Florida woman. After several weeks of following the trail, the bureau found itself confronting explicit exchanges between Petraeus and his mistress. They also found what have been described as flirtatious e-mails between Gen. John Allen and the Florida woman. Petraeus was not charged with a crime, and Allen was cleared of wrongdoing last week.
Google said it had received 21,389 applications from government officers and the courts over the last six months of 2012. That is 17 percent up on the same period the previous year, and 71 percent more than 2009’s corresponding months.
Authorities in the US delivered nearly 8,438 of the requests, representing nearly 40 percent of the worldwide total. The US volume was one-third higher than in the same period the previous year.
Subpoenas accounted for 68 per cent of US requests, followed by search warrants at 22 per cent. A mix of court orders and other legal demands made up the remaining US requests for user information from Google.
India generated the second highest number of user requests during the final half of last year at 2,431, a 10 per cent increase from the previous year.
The figures include requests related to its YouTube video service.
Google said it handed over at least some data in 66 percent of the most recent cases.
The number of requests has risen over every half-year cycle since Google started publishing details three years ago.
The US made more requests than any other country with 8,438 submissions. Google complied fully or partially with 88 percent of these.
By contrast all of Turkey’s 149 requests and Hungary’s 95 applications were rejected outright. The UK made 1,458 requests - a very slight rise on the same period in 2011. 70 percent of them resulted in some information being provided.
One UK-based privacy advocacy group praised Google for releasing the data, but said it also served as a warning to individuals to be careful about the information they passed on to any online business.
Carly Nyst, Privacy International’s head of international advocacy, said the information they hand over to companies like Google merits the highest degree of privacy and security, and should only be accessed by third parties under exceptional circumstances.
Nyst added that governments should stop treating the user data held by corporations as a treasure trove of information they can mine whenever they please, with little or no judicial authorization.
Google said it would publish details of removal requests at a later time.
(CNET) -Six states have officially made it illegal for employers to ask their workers for passwords to their social media accounts. As of 2013, California and Illinois have joined the ranks of Michigan, New Jersey, Maryland, and Delaware in passing state laws against the practice, according to Wired.
With Congress not being able to come to agreement on the Password Protection Act of 2012, individual states have taken the law into their own hands. Both California and Illinois agreed on password protection laws in 2012, but the laws didn’t go into effect until yesterday.
The laws are designed to prohibit employers from requiring an employee or job applicant to provide their username and password for social media accounts, such as Facebook, Twitter, or Instagram. Assemblymember Nora Campos, who authored the California bill, called the law a “preemptive measure” that will offer guidelines to the accessibility of private information behind what she calls the “social media wall.”
It’s unclear how many employers have actually demanded access to workers’ online accounts, but some cases have surfaced publicly and inspired lively debate over the past year. In one instance last April, a teacher’s aide in Michigan was suspended after refusing to provide access to her Facebook account following complaints over a picture she posted.
According to Campos’ office, more than 100 cases before the National Labor Relations Board in September involved employer workplace policies around social media. Facebook has also said it has experienced an increase in reports of employers seeking to gain “inappropriate access” to people’s Facebook profiles or private information this past year.
While these six states now ban employer snooping on private information, all public information posted on social media accounts is still fair game.
(ArsTechnica) -Two California teenagers were arrested on New Year’s Eve after allegedly spiking one of their parents’ milkshakes with sleeping medication. The girls did this, the local police said, because one girl felt her parents’ Internet curfew was too strict. The parents apparently restricted access to the family’s wireless Internet connection after 10pm.
“The unsuspecting parents consumed only about a quarter of their shakes thinking that they tasted very odd,” the police in Rocklin, California (22 miles northeast of the state capital, Sacramento) reported.
“However, they consumed enough of the medicine for it to take effect within an hour and fell asleep. The parents did not awake until the following morning and did not remember what had occurred.”
Police told the Sacramento Bee that after waking once during the night with headaches and grogginess that persisted until morning, the adults went to the police to get a $5 drug test kit.
“Many parents buy them and have their kids’ urine tested,” Lt. Lon Milka, a Rocklin police spokesperson, told the paper. When the parents found out they had been drugged, they alerted the police, who promptly arrested the teens on charges of conspiracy and willfully mingling a pharmaceutical with food.
The names of the 15- and 16-year-old girls—who were booked in Placer County Juvenile Hall on December 31, 2012—are being withheld as they are minors.
“The girls wanted to use the Internet, and they’d go to whatever means they had to,” Milka added. “If they were adults, they could be facing prison time.”
(Occupy Corporatism) - The Immigration Sharing Treaty, an integral part of the Perimeter Security and Economic Competitiveness Action Plan (PSECAP), was signed by the US and Canada last week. David Jacobson, US Ambassador to Canada said: “This important agreement is the culmination of ten years of effort to advance the security of the United States and Canada, and to ensure the integrity of our immigration and visa systems. It reflects the commitment of President Obama and Prime Minister Harper to the Beyond the Border process, which will enhance North American security while facilitating the efficient movement of safe goods and well-intentioned travelers.
In 2011, Obama and Stephen Harper, Canadian Prime Minister, signed the PSECAP that allowed for the sharing of information on both Canadian and American citizens for the sake of immigration, improve border efficiency, border security and provide a network database to identify foreign national as well as stop illegals from crossing the border.
This includes biometric technologies to be used beginning in 2014.
Biometric border crossing cards (BCCs) have been used to identify Mexican citizens making short visits since 1997 with the approval of the Congress and in conjunction with the US State Department who employed DynCorp who is now owned by CSC.
Advancements in BBCs have led to laser visas which are “machine-readable, credit-card-sized documents with digitally encoded biometric data, including the bearer’s photograph and fingerprint.”
Those in the program were fingerprinted and photographed with their information entered into biometric databases with electronic verification of authenticity. Files were reviewed by the State Department. Once approved, the Bureau of Citizenship and Immigration Services (CIS) and the Department of Homeland Security (DHS) issued the individuals new laser visas.
Biometric technologies are defensible by the US government in use at border crossings as a quick and easy way to be identified. However the price for entering into the US is now paid in private information about each individual that sets foot in the country. This gives the US the ability to know vast amounts of data about each person such as accurately distinguishing their characteristics:
• Height • Weight • Gender • Nationality • Fingerprint • Disability
The Electronic System for Travel Authorization (ESTA), an agreed upon technology to be used under the PSECAP, was outlined in the Beyond the Border Declaration (BBD)which articulates the relationship between the US and Canada to address threats to their nations through secure borders as well as immigration, goods and services that travel through the two countries.
ESTA, an extension of the DHS through US Customs and Border Protection (CBP) oversees all applications for international travelers who enter the US. Their approval of passage is the deciding factor for entrance into America.
Stated in the BBD was the relationship between the US and Canada the purpose of interweaving the two nations to increase the resiliency of our networks, enhance public-private partnerships, and build a culture of shared responsibility,” according to Janet Napolitano, Secretary of DHS.
In November, both the US and Canadian governments revealed that they will combine efforts against cyber-attacks with the creation of an action plan between the DHS and Public Safety Canada (PSC) to improve digital infrastructure.
In Washington, DC and Ottawa, Canada there will be a collaboration of cyber security operation centers as well as shared information and the establishment of guidelines on private sector corporations. Add to this endeavor is the governmental alliance on propaganda methods to convince the citizens of both nations that cyber security must become an over-reaching control by the two governments.
Apple has filed a patent with the US Patent and Trademark Office for facial recognition systems that “analyzes the characteristics of an image’s subject and uses this data to create a “faceprint,” to match with other photos to establish a person’s identity.”
According to the patent description: “In order to automatically recognise a person’s face that is detected in a digital image, facial detection/recognition software generates a set of features or a feature vector (referred to as a “faceprint”) that indicate characteristics of the person’s face. The generate faceprint is then compared to other faceprints to determine whether the generated faceprint matches (or is similar enough to) one or more of the other faceprints. If so, then the facial detection/recognition software determines that the person corresponsing to the generated faceprint is likely to be the same person that corresponds to the “matched” faceprints(s).”
The federal government has released on a website, the information about their use of biometric technologies that they want the general public to know.
As far back as 2008, former President George W. Bush signed the National Security Presidential Directive (NSPD)-59 / Homeland Security Presidential Directive (HSPD) – 24, “Biometrics for Identification and Screening to Enhance National Security”. This NSPD explained the “framework to ensure Federal departments and agencies use compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric and associated biographic and contextual information of individuals in a lawful and appropriate manner, while respecting privacy and other legal rights under United States law.”
(DailyMail) -A popular photo-sharing website owned by Facebook has told users it now owns the rights to their pictures.
Instagram will not give any warning or payment before cashing in on the images posted on its site. It means pictures by children as young as 13 could be sold to advertisers.
People whose photos have been taken by Instagram users risk finding their image published without their knowledge.
‘Did we mention its free?’ Except Instagram’s new terms of service makes clear that users grant the company rights over all their photos and personal information uploaded to the site
The new policy will operate from the middle of January under changes to terms and conditions announced yesterday.
Instagram’s 30million global users cannot opt out and must close their accounts to maintain control over their images. The change does not affect users of Facebook, which bought Instagram for £616million in April.
The new terms make clear that users effectively hand over the rights to their pictures and personal information in exchange for ‘free’ access to Instagram.
Its website now reads: ‘You agree that a business or other entity may pay us to display your username, likeness, photos … in connection with paid or sponsored content or promotions, without any compensation to you.’
The site also updated its privacy settings to share information about its users with Facebook as well as with other affiliates and advertisers.
Instagram says users must be at least 13 years old to sign up for the service. But the new rules assume that when an underage teenager signs up, a parent or guardian is aware that their child’s image, username and photos might be used in adverts.
The shake-up was described as a ‘disgusting’ and ‘egregious’ breach of privacy yesterday. Nick Pickles, of campaign group Big Brother Watch, said: ‘People thought they were Instagram’s customers, but in reality users are Instagram’s product. It goes to show when respecting people’s data and privacy come into conflict with profit, there’s only ever going to be one winner.’
Instagram said the changes will make it easier to integrate with Facebook.
If Instagram’s new terms of service are tough for your to swallow, there is a quick way to remove yourself from the service - and save all your pictures.
First you need to download all the pictures you have handed over to the app. Wired Gadget Lab recommends using Instaport, which will download your entire library in just a few minutes.
Once your photos have been rescued, you can upload them to another photo-sharing service with less invasive terms like Flickr.
Once your photos have been removed, its time to delete your account - but bear in mind that once it’s gone, it’s gone forever.
Instagram will not reactivate delected accounts and you will never again be able to sign up to the service with the same user name.
‘This means we can do things like fight spam more effectively, detect system and reliability problems more quickly, and build better features for everyone by understanding how Instagram is used,’ it said.
It came as Simon Milner, Facebook’s UK policy director, told a Commons committee that ministers shouldn’t introduce tough laws surrounding the use of data.
‘Our services are free to users but they don’t cost us nothing. We have to pay for it and the way we pay for that is advertising and that involves innovative use of the data people provide to us,’ he said yesterday.
Instagram launched in 2010 and allows users to share on Twitter and Facebook images they have taken with digital devices including iPhones.
The app configures photos to produce a square shape similar to the Polaroid images of the 1970s. There are 11 filters that can produce a ‘retro’ look.
(SmartCompany.com) The Munich city council has realised cost savings of over €10 million ($A12.36 million) as the result of a recent program to migrate its desktop PCs from Windows to Linux.
H-Online reports the city council conducted a study on the IT savings made by switching in comparison to two scenarios in which the city council continued using Windows.
Under the first comparison scenario, using Windows with Microsoft Office, the council would have incurred around €11.6 million in operating system related costs, including €4.2 million in Microsoft Office related costs, €2.6 million for Windows, around €5 million for hardware upgrades, along with application migration costs of around €55,000.
In the second scenario, where the council had continued using Windows but had migrated to an open source office suite such as Open Office, Libre Office or Calligra, it would have incurred additional costs of €7.4 million, gaining one-third the cost savings of a full switch to Linux.
By comparison, the Linux migration has cost the city council just €270,000 in application migration costs, with no licencing fees for open source software and no need to upgrade older desktops to support the platform.
