I'm heading to San Francisco next week for a launch party on December 11th celebrating the release of The End of Trust, a collaboration between EFF and McSweeney's on internet surveillance and the future of the net; the event is at 7:30PM at Manny’s at 3092 16th Street (RSVP here), and I'll be on a panel with EFF exec director Cindy Cohn, moderated by the amazing Annalee Newitz! Read the rest

Remember when Malcolm Turnbull, the goddamned idiot who was briefly Prime Minister of Australia, was told that the laws of mathematics mean that there was no way to make a cryptography system that was weak enough that the cops could use to spy on bad guys, but strong enough that the bad guys couldn't use it to spy on cops, and he said: "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." Read the rest

Peter writes, "ThingsCon, our Berlin-based non-profit for a more responsible IoT, launches a trustmark for IoT - the Trustable Technology Mark. Cory gave some input to it a while back already, and finally it's launch day: We want to highlight the best work in IoT, the best/most respectful of users' rights, privacy and security. It's an entirely non-profit effort to elevate the debate in this odd space that's full of crap; I think you might like it." Read the rest

There are dozens of free "peoplefinder" sites that buy up commercial databases and combine them with other sources to make your home address searchable. You can find instances where this has happened to you by googling your name and home address, and then you can google the removal forms for each of the services and get yourself delisted. But your name will keep getting re-added: if you set a Google Alert for a search on your name and address, you'll get a message every time you get caught in these databases and you can remove your name again. This won't work on the for-pay background check sites that Google doesn't index, but it will keep your name and address clear of low-level scumbags who stick with free sites for their doxing activities. Read the rest

Aol deliberately provided advertisers with the means to illegally track children and target advertising to them. It will pay a $5m fine, reports The New York Times. At Ars Technica, Jon Brodkin reports that it's the largest COPPA hit yet.

Verizon has consistently fought government regulation of privacy in broadband networks. As owner of Oath, Verizon is forcing users of Yahoo services to waive their class-action rights and agree to resolve disputes through arbitration.

The attorney general investigation "examined AOL's practices between October 2015 and February 2017," The New York Times reported. Verizon did not admit or deny the investigation's findings but told the Times, "We are pleased to see this matter resolved and remain wholly committed to protecting children's privacy online."

It's like something from a creepy fable: a drooling, dangerous dog so obviously untrustworthy that to leave the children with it is tantamout to feeding it, yet we keep doing it. But if you you chain me, how will I guard your house? Read the rest

There's a lot of controversy surrounding the use of police body cameras. Some privacy advocates argue that the video captured by the always-on cameras has little effect on the behavior of police officers : the statistics surrounding use of force and citizen complaints barely budged before and after the tech was introduced. The police don't much care for them either. The NYPD's police union, for example, says that the footage captured by a body cam shouldn't be able to be used in open court as it could be considered to be part of a police officer's personnel record, which is protected from public disclosure. Then there's the middle ground: by having cops wear body cams while on duty, provided they're not covering them or turning them off during an incident, they're being held accountable for every action they take.

No matter where you sit on this spectrum, it's likely safe to say that using the tech to capture video of someone's ass and balls is likely not a great idea.

From The New York Daily News:

An NYPD detective has been suspended for using another cop’s body camera to shoot an X-rated video of his privates, the Daily News has learned.

Detective Specialist Raymond Williams, a neighborhood coordination officer at the 79th Precinct, was suspended Thursday, law enforcement sources said.

Williams waited until unsuspecting cop Michael Devonish — another neighborhood coordination officer — went to the men’s room in their Bedford-Stuyvesant, Brooklyn, stationhouse before he snatched Devonish’s body camera and put it to anatomical abuse.

There's been quite a bit of bad ink surrounding Tesla electric vehicles this year: delays in production, growing rumors about subpar customer service, former employees blowing the whistle on dangerous, indifferent working conditions in Tesla assembly plants and logistical woes to name a few. According to The Washington Post, Tesla owners in China can add in-car state surveillance to the list.

Apparently, the Chinese government has demanded that Tesla vehicles purchased in China send a steady stream of information concerning the vehicle's whereabouts and who knows what else to the Chinese government, in real-time. It's some greasy, invasive bullshit that comes at a time when China, under the leadership of Xi Jinping, has been cracking down on dissent, privacy and freedoms in the country.

At the very least, Tesla isn't alone: other makers of electric vehicles are being forced to make their customers' information available to the Chinese government as well.

From The Washington Post:

More than 200 manufacturers, including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed electric vehicle start-up NIO, transmit position information and dozens of other data points to government-backed monitoring centers, The Associated Press has found. Generally, it happens without car owners’ knowledge.

The automakers say they are merely complying with local laws, which apply only to alternative energy vehicles. Chinese officials say the data is used for analytics to improve public safety, facilitate industrial development and infrastructure planning, and to prevent fraud in subsidy programs.

But other countries that are major markets for electronic vehicles — the United States, Japan, across Europe — do not collect this kind of real-time data.

How bad is the Marriott/Starwood breach disclosed today? "Unauthorized access to the Starwood network since 2014 … For approximately 327M of these guests, the info includes some combination of name, mailing address, phone number, email address, passport number.”

Marriott says information from as many as 500 million people has been compromised, and credit card numbers and expiration dates of some guests may have been taken. Read the rest

Ted Kramer is CEO and co-founder of Six4Three, a creepy US-based machine-learning startup whose debut product was a Facebook app called Pinkini that let you search your friends' photos for pictures of them in bikinis; when Facebook shut down the app after a terms-of-service change, Six4Three sued Facebook and obtained a key trove of internal Facebook documents through the discovery process. Read the rest

If you're planning on traveling to the European Union in the near future, you'd best grease up as a new border security project is planning on sliding into your background, personal story and biometrics before you have a chance top step off of your plane.

From Lonely Planet:

A new EU-funded project designed to ramp up security will put travelers from outside the European Union to the test by using lie-detecting technology. Countries participating in the project include Luxembourg, Greece, Cyprus, Poland, Spain, Hungary, Germany, Latvia and the UK.

The iBorderCtrl project has been implemented because more than 700 million people enter the EU every year, and the huge volume of travelers and vehicles is putting pressure on external borders. This makes it increasingly difficult for border staff to uphold strict security protocols including checking the travel documents and biometrics of every passenger, while keeping disruption to a minimum. The project aims to facilitate the work of border guards in spotting illegal immigrants, and contribute to the prevention of crime and terrorism.

As part of the project which was seemingly named by someone who's watched Hackers at least 90 times, iBorderCtrl will consist of two parts. The first is a creepy online component that visitors to countries enrolled in the program will have to endure before they leave home. Speaking to a virtual border guard, they'll be asked about their gender, ethnicity and to upload a photo of their passport in order to sort out their visa. The program will also inform travelers of their rights while they're in the EU. Read the rest

Five and a half years ago, Edward Snowden put his life on the line, gave up his country, and went into exile, just to reveal that he had been part of a widespread, illegal mass-surveillance program within the US government -- an illegal enterprise that the most senior spies in the nation had routinely lied about (including lying to Congress), and that had distorted the internet, suborning the titans of surveillance capitalism and pressing them into service as part of a program of national surveillance unlike any the world has ever seen. Read the rest

The End of Trust (previously) is a special issue of McSweeney's, produced in collaboration with the Electronic Frontier Foundation, on the themes of technology, privacy and surveillance: it's in stores today, and free to download under a Creative Commons license. Read the rest

Apple CEO Tim Cook has stated that the free market "is not working" and as a result, regulation of the tech sector is "inevitable." Read the rest

Data breaches keep happening, they keep getting worse, and yet companies keep collecting our data in ever-more-invasive ways, subjecting it to ever-longer retention, and systematically underinvesting in security. Read the rest

Remember when they caught the Golden State Killer by comparing DNA crime-scene evidence to big commercial genomic databases (like those maintained by Ancestry.com, 23 and Me, etc) to find his family members and then track him down? Read the rest

"Privacy Not Included" is Mozilla's Christmas shopping (anti)-guide to toys and gadgets that spy on you and/or make stupid security blunders, rated by relative "creepiness," from the Nintendo Switch (a little creepy) to the Fredi Baby monitor (very creepy!). Read the rest

The British government has decreed that adult sites must collect age-verification data on everyone who looks at material rated for 18-and-over viewing; this amounts to a database of the porn-viewing habits of every adult in the UK. Read the rest