X-ray of the RFID and coil inside a US passport

Alan writes, "For a while, I wondered what the RFID chip looked like inside the front cover of a US passport. Yesterday, I had an x-ray image of my passport taken. Looks pretty cool. Chip is in the left upper front of the book, connected coiled wire (high-rez)." Read the rest

America's spooks want Congress to extend massive spying powers but still won't answer Congress's basic questions

Two of the NSA's mass surveillance programs revealed by Edward Snowden are Prism (which give the NSA "bulk data" access to the servers of Apple, Facebook, Google, Microsoft, Yahoo and others) and Upstream (through which the NSA taps the internet's fiber optic backbones). Both are possible because of Section 702 of the Foreign Intelligence Surveillance Act, which expires this year. Read the rest

EFF presents: a guide to protecting your data privacy when crossing the US border

The Electronic Frontier Foundation has just updated its 2011 guide to Digital Privacy at the U.S. Border with an all new edition that covers the law, administrative rules, technological options and potential repercussions of crossing the US border while not undergoing the warrantless seizure and indefinite retention of all of your sensitive data -- in a guide that breaks out the different risks for US citizens, US permanent residents, and visitors to the USA. Read the rest

Taser ships a pistol-holster sensor that triggers record mode in all nearby bodycams when cops draw their guns

The Signal Sidearm is a sensor designed to be fitted to a police pistol holster: when triggered, it wirelessly signals all nearby police bodycams to go into record-and-archive mode. It's made by Axon, the bodycam division of Taser International. Read the rest

Trump vs leaks: Spicer's staff forced to undergo "phone searches" and delete privacy apps

Sean Spicer -- spokesman for the leakiest White House in history -- summoned his staff to a surprise meeting where they were forced undergo a "phone check" where they unlocked their phones to prove they had "nothing to hide." Read the rest

Federal magistrate judge in Illinois rules that being forced to unlock your phone with a fingerprint could violate your rights

M. David Weisman, a magistrate judge in Illinois's Eastern Division, denied a federal warrant application that would have allowed law enforcement officers to force suspects to unlock their mobile devices with a fingerprint, ruling that the suspects' Fourth Amendment (undue search and seizure) and Fifth Amendment (self-incrimination) rights protected them from being forced to unlock their devices. Read the rest

A "travel mode" for social media - after all, you don't take all your other stuff with you on the road

As the US government ramps up its insistence that visitors (and US citizens) unlock their devices and provide their social media accounts, the solution have run the gamut from extreme technological caution, abandoning mobile devices while traveling, or asking the government to rethink its policy. But Maciej Cegłowski has another solution: a "travel mode" for our social media accounts. Read the rest

What it's like to be spied on by Android stalkerware marketed to suspicious spouses

For $170, Motherboard's Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target's phone (the software's manufacturer sells passcode-defeating apps that help you do this); once it's loaded, you activate it with an SMS and then you can covertly operate the phone's mic, steal its photos, and track its location. Read the rest

Human rights coalition to DHS: don't demand social media passwords from people entering the USA

A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly's remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry. Read the rest

How to legally cross a US (or other) border without surrendering your data and passwords

The combination of 2014's Supreme Court decision not to hear Cotterman (where the 9th Circuit held that the data on your devices was subject to suspicionless border-searches, and suggested that you simply not bring any data you don't want stored and shared by US government agencies with you when you cross the border) and Trump's announcement that people entering the USA will be required to give border officers their social media passwords means that a wealth of sensitive data on our devices and in the cloud is now liable to search and retention when we cross into the USA. Read the rest

Have your devices and social media been invasively searched at the US border? EFF wants to know about it

After the chaos of the Muslim ban, EFF activists are worried that the TSA's existing policy of invasive data-collection at the border may be getting even worse. They're looking for stories from everyone, but especially citizens and green card holders. Read the rest

The Cyborg Bill of Rights v1.0

Our civil liberties, protections, and rights need to be revised periodically if they are to accompany us as we cross new frontiers. A new frontier looms ahead. More accurately, the new frontier looms within. And it is within our bodies and upon this battlefield that the next electronic rights war will be fought.

Sex club for bi women, some closeted, put all their risqué full-body "audition" photos in a publicly accessible folder

Skirt Club, a sex club "for girls who play with girls," required prospective members to upload "full body" photos with their applications; these photos were stored in world-readable folders with easily guessable names. When the site's owners were contacted about this, they promised action but did nothing for three weeks, and then made an incomplete job of it. They have not notified their users about the breach. Read the rest

After shutting down to protect user privacy, Lavabit rises from the dead

In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses. Read the rest

A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages -- UPDATED

Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).

When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest

Trump's NSA will be able to share its firehose of surveillance data with 16 government agencies (Thanks, Obama)

The new data-sharing rules enacted by the Obama administration will allow the NSA to lawfully share the unredacted, full take of its surveillance databases with sixteen other US government agencies -- meaning that, for example, Trump's door-to-door deportation squads could use that data to figure out who's doors to break down, and his Muslim surveillance database could bootstrap itself with NSA data. Read the rest

Why the Trump era is the perfect time to go long on freedom and short on surveillance

My new Locus column is "It’s Time to Short Surveillance and Go Long on Freedom," which starts by observing that Barack Obama's legacy includes a beautifully operationalized, professional and terrifying surveillance apparatus, which Donald Trump inherits as he assumes office and makes ready to make good on his promise to deport millions of Americans and place Muslims under continuous surveillance. Read the rest

More posts