Submit a link Features Reviews Podcasts Video Forums More ▾

Microsoft has always reserved the right to read and disclose your Hotmail messages

Microsoft's "Scroogled" campaign (no relation) boastfully compared Hotmail's privacy framework to Gmail's, condemning Google for "reading your mail." Now, Microsoft has admitted that it scoured the Hotmail messages belonging the contacts of a suspected leaker in order to secure his arrest, and points out that Hotmail's terms of service have always given Microsoft the right to read your personal mail for any of a number nebulously defined, general reasons.

The company says that is had an undisclosed "rigorous process" to determine when it is allowed to read and publish your private email. In a statement, it sets out what the process will be from now on (though it doesn't say what the process has been until now) and vows to include the instances in which it reads its users' mail in its transparency reports, except when it is secretly reading the Hotmail accounts of people who also work for Microsoft.

Here's a PGP tool that claims to work with Hotmail, and would theoretically leave your Hotmail messages unreadable to Microsoft, though the company could still mine your metadata (subject lines, social graph, etc).

Read the rest

NSA recording all the voice calls in one country; 5-6 more countries in the pipeline


A new Snowden leak reveals that all the voice calls in an unnamed country are recorded and saved for 30 days on a rolling basis, with millions of voice "cuts" (clippings) harvested from the corpus for long-term storage by the system. The system, called MYSTIC, has been running since 2009, and its search tool, RETRO, has been fully operational against a whole country's phone calls since 2011.

President Obama has stated that " the United States is not spying on ordinary people who don't threaten our national security" -- this is a hard statement to square with the idea of recording all the voice calls made in an entire country.

The Washington Post article detailing the programs states at least five more countries are now covered by MYSTIC, with a sixth coming online.

Read the rest

Zuckerberg phones Obama to complain about NSA spying


The day after a Snowden leak revealed that the NSA builds fake versions of Facebook and uses them to seed malicious software in attacks intended to hijack "millions" of computers, Facebook CEO and founder Mark Zuckerberg telephoned President Obama to complain about the NSA's undermining of the Internet's integrity.

As many have pointed out, it would have been nice to hear Zuckerberg taking the Internet's side before his own stock portfolio was directly affected, but better late than never. Zuckerberg's post on his conversation excoriates the US government for its Internet sabotage campaign, and calls on the USG to "be the champion for the internet, not a threat." Curiously, Zuckerberg calls for "transparency" into the NSA's attacks on the Internet, but stops short of calling for an end to government-sponsored attacks against the net.

In the end, though, Zuckerberg calls on companies to do a better job of securing themselves and their users against intrusive spying. It's not clear how that will work for Facebook, though: its business model is predicated on tricking, cajoling, and siphoning personal data out of its users and warehousing it forever in a neat package that governments are unlikely to ignore. I'm told that 90% of US divorce proceedings today include Facebook data; this is a microcosm of the wider reality when you make it your business to stockpile the evidentiary chain of every human being's actions.

Read the rest

UK university admissions service sells applicants' data to energy drink companies


UCAS is the UK post-secondary admissions service, and is the sole means of applying to most British tertiary institutions. It has been caught selling its applicants' data to marketing departments hoping to sell Microsoft products, mobile phone contracts and energy beverages to young people. UCAS warehouses data on children as young as 16. UCAS doesn't deny selling applicants' data, but insists that it violated no laws, because the students whose data it sold did not opt out of "mailings" (opting out of mailings with UCAS also means you won't receive information from educational institutions and potential employers).

UCAS's "UCAS Media" offshoot advertises access to children's data with the slogan, "We help them reach uni – we help you reach them." Another UCAS company, UCAS Progress, collects data on children aged 13-16 and asks them to opt into marketing pitches as well. A third of UCAS's income comes from selling university applicants' data to third parties.

Read the rest

Tim Berners-Lee calls for Web "Magna Carta" - does the "Web we want" have DRM in it?


The Web is 25 today, and its inventor, Tim Berners-Lee, has called for a "Magna Carta" for the Web, through which the people of the world will articulate how they want to curtail their governments' adversarial attacks on Internet freedom. Berners-Lee is particularly concerned with the Edward Snowden revelations about mass surveillance and systematic government sabotage of Internet security.

I'm delighted to see Berners-Lee tackling this. Everything we do today involves the Web and everything we do tomorrow will require it; getting Web policy right is the first step to getting everything else right.

I hope that this also signals a re-think of Berners-Lee's endorsement of the idea of standardizing "digital rights management" technology for Web browsers through the W3C. The majority of the Web's users live in a country in which it is illegal to report on vulnerabilities in DRM, because doing so might help to defeat the DRM's locks. The standardization of DRM in the deep structures of the Web means that our browsers will become reservoirs of long-lived, critical bugs that can be used to attack Web users -- just as Web users are massively expanding the activities that are mediated through their browsers.

If we are to have a Web that is fit for a free and fair world, it must be a Web where researchers are free to warn users about defects in their tools. We wouldn't countenance a rule that banned engineers from telling you if your house was structurally unsound. By standardizing DRM in browsers, the W3C is setting in place rules that will make it virtually impossible to know if your digital infrastructure is stable and secure.

Read the rest

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Read the rest

Modeling privacy rules on environmental regulations

Michael Froomkin writes, "My latest privacy paper, Regulating Mass Surveillance as Privacy Pollution: Learning from Environmental Impact Statements, has a new take on how to regulate mass surveillance in the US where the EU privacy model has not taken root, and where the 1st Amendment creates obstacles to stopping some data sharing."

Read the rest

Edward Snowden to speak at SXSW


The ACLU and SXSW will host a video chat with Edward Snowden on Monday, during the day's civil-liberties-focused program track. I'll be speaking immediately before Snowden, with Barton Gellman, and we will be staying for the Snowden event. Snowden will be interviewed by ACLU technologist Christopher Soghoian, and the event is moderated by the ACLU's Ben Wizner. I hope to see you there -- it's why I'm flying to Austin.

Read the rest

Mediagoblin seeks funds to finish free, open, privacy-respecting publishing platform

Daniel sez, "Mediagoblin is a free software media publishing platform that anyone can run. You can think of it as a decentralized alternative to Flickr, YouTube, SoundCloud, etc. Now the project is raising funds to finish their pump-io api, finish version 1.0 and add privacy features." Cory 2

Full NHS hospital records uploaded to Google servers, "infinitely worse" story to come

PA Consulting, a management consulting firm, obtained the entire English and Welsh hospital episode statistics database and uploaded it to Google's Bigquery service. The stats filled 27 DVDs and took "a couple of weeks" to transfer to Google's service, which is hosted in non-EU data centres. This is spectacularly illegal. The NHS dataset includes each patient's NHS number, post code, address, date of birth and gender, as well as all their inpatient, outpatient and emergency hospital records. Google's Bigquery service allows for full data-set sharing with one click.

The news of the breach comes after the collapse of a scheme under which the NHS would sell patient records to pharma companies, insurers and others (there was no easy way to opt out of the scheme, until members of the public created the independent Fax Your GP service).

According to researcher and epidemiologist Ben Goldacre, this story is just the beginning: there's an "infinitely worse" story that is coming shortly.

Read the rest

GCHQ spied on millions of Yahoo video chats, harvested sexual images of chatters, compared itself to "Tom Cruise in Minority Report"



A stunning new Snowden leak reveals that the UK spy agency GCHQ harvested images and text from millions of Yahoo video chats, including chats in which one or both of the participants was British or American. Between 3 and 11 percent of the chats they intercepted were sexual in nature, and revealing images of thousands of people were captured and displayed to spies. The programme, called OPTIC NERVE, focused on people whose usernames were similar to those of suspects, and ran from at least 2008 until at least 2010. The leak reveals that GCHQ intended to expand the programme to Xbox 360 Kinect cameras and "fairly normal webcam traffic." The programme was part of a facial recognition research effort that GCHQ compared to "Tom Cruise in Minority Report." While the documents do not detail efforts as widescale as those against Yahoo users, one presentation discusses with interest the potential and capabilities of the Xbox 360's Kinect camera, saying it generated "fairly normal webcam traffic" and was being evaluated as part of a wider program. Beyond webcams and consoles, GCHQ and the NSA looked at building more detailed and accurate facial recognition tools, such as iris recognition cameras – "think Tom Cruise in Minority Report", one presentation noted.

Read the rest

DiscoTech events: discover anti-surveillance technology


Sasha writes, "The MIT Civic Media Codesign Studio is organizing, hosting, participating in, and supporting several Countersurveillance DiscoTechs this weekend. A DiscoTech (Discovering Technology event) is a workshop/faire style event for people of all skill levels to learn about, explore, and play with a set of technologies. Countersurveillance DiscoTech Locations:"

Read the rest

Video from a dystopian future: how location data can be abused

The ACLU has produced a video based on its Meet Jack. Or, What The Government Could Do With All That Location Data slide presentation from 2013. It's a chilling and sometimes funny look at the way that location data can be used to compromise you in ways large and small. As Josh from the ACLU notes, "It's especially interesting after the news yesterday about the DHS plan for a national license plate location history database (which got scrapped after it was exposed)."

Meet Jack. Or, What The Government Could Do With That Location Data (Thanks, Josh!)

Fax Your GP: quick opt-out from insane NHS plan to sell your medical records


The UK National Health Service has initiated a plan to take the nation's private health records and sell them off to private companies in a process overseen by notorious multinational bumblewads ATOS. If you live in the UK England, your records -- mental health records, prescriptions, records of surgeries including abortions, and other sensitive personal information -- will be handed over to a wide-ranging group of companies all over the world.

Unless you opt out. And opting out isn't easy. There's no central place to opt out. Instead, you have to send a letter to your GP's surgery, which means you have to look up your GP's surgery's address, compose a legally sufficient letter, print it out, find an envelope and a stamp -- etc.

However! There's a better way. A group of volunteers whom I trust implicitly, including the astounding Stef Magdalinski (who made the Faxyourmp service that is the ancestor of Theyworkforyou) have created Fax Your GP, a dead-simple form that will look up your GP's fax number for you, create a form opt-out letter you can fill in in just a few easy steps, and then they'll fax that letter directly to your GP's surgery. I just opted out.

Read the rest

Senator Rand Paul sues US government over NSA spying

Rand Paul has launched a class-action suit against the US government over the NSA's warrantless bulk telephone metadata surveillance. Ars Technica has good analysis of the legal dimension of the suit: basically, Senator Paul isn't really advancing any new arguments, but the suit will put the pressure on the government. Techdirt has reports of outrage from other Republican congresscritters, especially noted shitweasel Rep Peter King (R-NY), who accuses Paul of aiding terrorists. Cory 48