Amazon's being greasy about Alexa user data. Again.

Remember when Amazon introduced the ability for folks easily delete their conversations with any of the Alexa wiretap they'd foolishly allowed into their homes? Boom! Gone! No more voice history! Everyone with one of the company's smart speakers could rest easy knowing that their personal information and shopping habits wouldn't be available for the marketing world to get its grubby meathooks on. HAHAHAAHAHAHA Yeah, that was bullshit. Even if you wipe your conversations with Alexa from your Amazon devices, Amazon still retains some information.

From CNET: ... Amazon noted that for Alexa requests that involve a transaction, like ordering a pizza or hailing a rideshare, Amazon and the skill's developers can keep a record of that transaction. That means that there's a record of nearly every purchase you make on Amazon's Alexa, which can be considered personal information.

Other requests, including setting reminders and alarms, would also remain saved, Huseman noted, saying that this was a feature customers wanted.

It gets better: Amazon says that they use this personal information to train Alexa to be an even better wiretap than it already is. What they don't say, however, is what third-parties, such as outside Alexa skill developers and marketers, are allowed to do with this leftover data.

Apparently, the only way to be sure that all of a customer's user data has been obliterated from the company's servers is for them to call customer service and demand that the personal information be nuked from orbit. Of course, given that the company has already been all kinds of greasy about promising to make personal data deletion a simple task for folks to undertake once, there's no guarantee that they won't quietly screw their users again. Read the rest

They're just like us: Feds fear their phone calls and texts are being monitored

The use of fake cellphone towers, known as Stingrays or IMSI catchers, plays well with the nation's spy agencies and in some police jurisdictions. The authorities just can't get enough of being able to locate or listen in on private phone calls! But when it comes to members of the government being surveilled, well that's a different story.

According to Ars Technica, the Feds are are pretty, pretty sure that their mobile phone calls are being monitored by Stingray hardware set up by bad dudes, but they have no idea of who those bad dudes might be, or how to stop them. In a letter brought to light by the Associated Press on Tuesday, the Department of Homeland Security's National Protection and Programs Directorate hasn't got a clue of who's responsible for setting up the elicit Stingray hardware and hasn't got any ideas of how they might shut them down:

"NPPD is aware of anomalous activity outside the [National Capital Region] that appears to be consistent with IMSI catchers," Krebs also wrote. "NPPD has not validated or attributed this activity to specific entities or devices. However, NPPD has shared this information with Federal partners."

Maybe they should ask moose and squirrel a lead. I dunno.

Normally, I'd be worried about a foreign or domestic agency spying on the doings of one of the most powerful governments in the world. But the feeling that comes from hearing about the Feds getting a taste of their own medicine makes it really hard to focus on that. Read the rest

How many US wiretap requests were rejected in 2015? Not a single one.

A new federal report shows that the number of surveillance requests skyrocketed in 2015, and that courts approved every single one of them. That's right, not one single wiretap request was rejected during 2015. Read the rest

About that autopen

As noted here on Boing Boing yesterday, the US has renewed three key provisions of the USA PATRIOT Act that were to have expired last night at midnight, granting four more years of overly broad surveillance of Americans. After the Senate and House rushed the extension with only a few lawmakers drawing attention to civil liberties concerns, the bill went before President Obama, to be signed into law.

What makes this news even more depressing? The president, who is on tour in Europe, didn't even sign it in person. According to a White House spokesperson, Obama used a device called an autopen, which mechanically reproduces a human signature.

This was an act so important that it must be signed into law at once to protect us from what Harry Reid suggested could be immediate terrorist acts, but not so important that the president might be inconvenienced during a foreign trip to return to Washington, D.C.

A Reuters item is here. Gawker has a timeline of Great Moments in Autopen History here, and links to this video (animated gif, Flash-ified?) of an autopen device in action. Over at the New York Times, Michael Shear notes that it's unclear whether president Bush ever used an autopen to sign a bill into law.

ABC News examines the constitutionality of using an autopen here, but that isn't enough to comfort conservative Georgia Republican congressman Tom Graves, who sent an email to reporters today:

I thought it was a joke at first, but the President did, in fact, authorize an autopen to sign the Patriot Act extension into law.

Read the rest