Increasing Understanding of Technology and Communication

Surveillance SUV Disguised as Google Maps Car

Fed-SUV-Disguised

Who’s the owner of the government surveillance SUV disguised as a Google Maps car? For days, a few security experts on social media were buzzing about a mysterious government surveillance SUV in Philadelphia that appeared to be disguised as a Google Street View Car.

A University of Pennsylvania professor tweeted a picture of the suspicious vehicle, which he found parked in the Philadelphia Convention Center’s tunnel Wednesday morning. Motherboard reported Thursday that a placard displayed on the dashboard indicated that the car was registered as a city government vehicle. The SUV is mounted by two license plate reader cameras.

Google said it did not own the vehicle. So did the Pennsylvania State Police.

On Thursday, the Philadelphia Police Department admitted to Motherboard that the SUV is one of its vehicles. But not all of the questions surrounding the surveillance SUV are solved.

They told The Washington Post that the department said it did not know who put the Google Maps decal on the vehicle and that the placement of the decal was not approved through any chain of command. It added that it would launch an internal investigation to find out who is responsible for placing the sticker.

The Philadelphia Police Department, which operates separately from the Pennsylvania State Police, has been using license plate reading technology since 2011. These powerful cameras allow law enforcement to track the whereabouts of any Philadelphia resident without a warrant.

This data can be stored up to one year for any citizen and indefinitely for anyone who may be linked to a criminal investigation. The license plate storage program is managed by a separate police task force, the Southeastern Pennsylvania Regional Task Force, whose mission appears to include reducing terrorist threats.

Google has told Motherboard that it is looking into how its stickers got on a city police SUV. Why the Philadelphia Police Department would want to disguise this vehicle when it has been openly collecting license plate information is unknown.

But now, at least, several people are asking that question.

Read Article (Karen Turner | washingtonpost.com | 05/13/2016)

This should really come as no surprise to anyone. Government surveillance is currently on a knife edge as threats multiply and become more innovative through technology. But now it appears that they are going on the offensive.

Internet availability and access is important without a doubt, but knowing how to fully utilize the constantly evolving devices that connect to it and the Internet itself, is an issue just as important if not more.  Our instructional webinars are the long-term solution for addressing device usage, and we need your support.

Master Level High-Tech Webinars

Supreme Court OKs FBI Power to Hack Computers

FBI-Power-to-Hack

The US Congress has seven months to block a potentially massive expansion of the government’s ability to hack into [suspects’] computers. At the FBI’s request this week, the supreme court ruled that federal judges should be able to issue hacking warrants to federal law enforcement for anywhere in the US if the suspect has tried to hide their location, as criminal suspects are inclined to do.

Additionally, the FBI could get authority to infiltrate any computer – regardless of the owner – if it has already been taken over by bad hackers.

The changes to so-called “rule 41” go into effect 1 December unless Congress acts to block them. The move has set up a showdown with Senator Ron Wyden, the most senior Democrat on the Senate intelligence committee, who is marshaling the opposition on Capitol Hill. He told the Guardian on Friday that he plans to introduce a bill blocking the court’s move.

The debate offers a unique window into the struggle to maintain America’s protections against unreasonable searches in the digital age.

Many of the rules were written for a world based on searching physical spaces, like a desk, and at distinct locations, like an office. Such rules often don’t adapt well to the era of the internet and ubiquitous online services, where it is also possible to, in theory, search millions of computers at the same time.

The issue flared up earlier this week when two judges struck down search warrants for suspected users of child sex abuse websites. The FBI had taken over the website in an attempt to trap users and eventually searched hundreds of computers after a federal magistrate in Virginia issued a warrant to hack all visitors to the website.

The government reasoned this was permissible, in part, because visitors to the site were trying to conceal their location by using the Tor browser, which can help anonymize internet users. In this case, the FBI had found a way to hack the service to unmask visitors to the sex abuse website.

Civil liberties advocates, acknowledging the ickiness of the case, cried foul. Not because they wanted to defend child sex abuse material, but because, they said, domestic law enforcement shouldn’t be able to search potentially millions of computers based on the authority of one judge’s order.

Judges in Oklahoma and Massachusetts have ruled that the Virginia warrant targeting suspects in their territories is invalid and the evidence that they visited the sex abuse website consequently is inadmissible. And without digital proof that the suspects visited the criminal websites, there isn’t much of a case against them.

Wyden, without getting into the specifics of the case, said he agreed US law enforcement shouldn’t be able to conduct such bulk surveillance. “One warrant for one judge can, in effect, reach millions of computers,” he said on Friday. “This is really a big issue when you’re talking about expanding the government’s hacking and surveillance authority.”

Read Article (Danny Yadron | theguardian.com | 04/29/2016)

Personal data protection is now getting more attention and stronger, as demonstrated in Europe where the Parliament has approved tougher data privacy rules. The tarnished respect for the individual, as brought about by the Digital Era and business interests, is regaining its once esteemed character.

Technology is advancing at an exponential rate, inevitably the day will come when even millennials will be unfamiliar with the latest technology.

Master Level High-Tech Webinars

iPhone’s Accessed & Feds Drop Apple Case

Drop-Apple-Case

Government lawyers announced Friday night they had gained access to data on the iPhone of a New York City drug conspirator, and abruptly ended their effort to force Apple to help bypass the phone’s password.

The surprise news was similar to the outcome of the previous battle to compel the tech giant to assist in retrieving data from the iPhone of San Bernardino terror attack shooter Syed Farook.

The Department of Justice announcement came in a one-page letter to a Brooklyn federal court in a case focused on Jun Feng, a Queens N.Y., defendant who pleaded guilty to methamphetamine conspiracy last year.

Federal prosecutors sought access to the phone’s data in part as an effort to determine if others were involved in the alleged plot.  Government lawyers wrote that a source they did not identify provided the password to Feng’s iPhone, enabling investigators to key in the code by hand and access the unit’s data.

Emily Pierce, Justice Department spokeswoman, said the government will no longer need Apple’s assistance.

“As we have said previously, these cases have never been about setting a court precedence: they are about law enforcement’s ability and need to access evidence on devices pursuant to lawful court orders and search warrants,” Pierce said. “In this case, an individual provided the department with the passcode to the locked phone at issue in the Eastern District of New York. Because we now have access to the data we sought, we notified the court of this recent development and have withdrawn our request for assistance. This is an ongoing investigation and therefore we are not revealing the identity of the individual.”

Apple declined comment.

Apple’s attorneys argued last week that the FBI improperly sought the company’s aid before exhausting all other means to bypass the built-in security code on the Apple-manufactured unit.

The California based tech giant’s legal team also contended the government misinterpreted provisions of the All Writs Act, the 1789 statute that Department of Justice lawyers cited as the legal basis for forcing Apple’s assistance.

The legal struggle is part of a personal privacy vs. government security showdown that pits federal investigators against tech firms and cyber providers over the issue of electronic encryption.

The Brooklyn case also marks the latest legal flash point since the government withdrew a similar demand for Apple’s help in obtaining data from the iPhone used by Farook. The FBI ultimately turned to an unidentified outside party that helped investigators bypass the iPhones security without destroying material stored inside.

FBI Director James Comey earlier this week indicated the agency paid at least %1.3 million dollars for the tool that allowed it to break into Farook’s iPhone 5c, which runs on Apple’s iOS 9 operating system.

In the most recent case, prosecutors indicated they sought access to Feng’s iPhone 5 in a bid to investigate other aspects of the allege plot, including whether unknown others were involved.

In a March ruling, Magistrate Judge James Orenstein ruled that Apple was not legally required to help federal investigators get access to data on Feng’s iPhone 5s, which runs on Apple’s iOS 9 operating system. He concluded the All Writs Act didn’t support “the necessity of imposing such a burden” on the company.

The Department of Justice appealed Orenstein’s decision. The renewed legal argument in the case are now being considered by Brooklyn U.S. District Judge Margo Brodie.

Read Article (McCoy & Swartz | usatoday.com | 04/23/2016)

Is it just me or doesn’t the dropping of the case against Apple seem suspiciously close to the recent start of an investigation into the “Open Secret SS7” smartphone hacking event. Where, supposedly, authorities could listen in on “any” phone conversation, anyway.

Internet availability and access is important without a doubt, but knowing how to fully utilize the constantly evolving devices that connect to it and the Internet itself, is an issue just as important if not more.  Our instructional webinars are the long-term solution for addressing device usage, and we need your support.

Master Level High-Tech Webinars

Investigation into “Open Secret SS7” Smartphone Hack

Investigation-into-Smartpho

US congressman calls for investigation into vulnerability that lets hackers spy on every phone.  Vulnerabilities within SS7 mobile phone network brokerage system allow attackers to listen to calls, read messages and track location using just a phone number.

A US congressman hacked as part of a demonstration showing that all you need is someone’s phone number to record their calls, texts and location, has called for an oversight committee investigation into the “significant vulnerability.”

The security flaws within the system that brokers connections, billing and transfers messages between phone networks – called Signaling System No 7 (SS7), also known as C7 in the UK or CCSS7 in the US – allow remote access to mobile phone users’ data anywhere in the world regardless of the security of their smartphone, using just their phone number.

The Californian congressman Ted Lieu said: “The applications for this vulnerability are seemingly limitless, from criminals monitoring individual targets to foreign entities conducting economic espionage on American companies to nation states monitoring US government officials.”

While encrypted messaging services such as WhatsApp are unaffected, SMS messages and calls placed across the mobile phone network can be listened in to, read and recorded, while the location of the phone can be tracked using the mobile network’s location services independent of GPS or other location technologies on the phone.

Lieu said: “The vulnerability has serious ramifications not only for individual privacy, but also for American innovation, competitiveness and national security. Many innovations in digital security – such as multi-factor authentication using text messages – may be rendered useless.”

The hackers demonstrating the attack in 2014, and again for 60 Minutes, explained that it is an “open secret” that law enforcement and security services, including the US National Security Agency, were aware of and use it to spy on targets using just their phone number.

(Makes you wonder about the FBI claims about the San Bernardino case, doesn’t it?  Not to mention their continued assault on Apple.)

As the vulnerability is within the mobile phone network infrastructure, there is nothing users can do to protect themselves beyond switching off their phone.

Read Article (Samuel Gibbs | theguardian.com | 04/19/2016)

This should be an eye-opener!  The Europeans got it right in getting tougher on Internet data privacy for individuals with their recent legislation.  If you need to communicate private information, this is ANOTHER, example of why NOT to make it mobile.

There’s another practice the US should adopt from the EU and it’s that individuals (members of society) come before businesses.  The first concern after a data breach should always be the individual, businesses come second, and all press statements should reflect this order of precedence.

Master Level High-Tech Webinars

Internet Data Privacy: Europe Getting Tougher

Internet-Data-Privacy

‘Groundbreaking’ changes strengthen EU privacy protections, enshrine right to be forgotten and give regulators wide-reaching powers.  The European parliament has voted through tougher rules on data protection, aimed at boosting privacy and giving authorities greater powers to take action against companies that breach the rules.

The rules, including the much-needed General Data Protection Regulation (GDPR), were four years in the making and form the new backbone of laws for data regulators to pursue companies with heavy fines – as much as 4% of annual turnover for global companies – for incidents such as data breaches, which have become increasingly common.

Viviane Reding, MEP and former vice-president of the European commission who proposed the changes in 2012, said: “This is a historic day for Europe.  This reform will restore trust in digital services today, thereby reigniting the engine for growth tomorrow.

“There can be no freedom without security, and no security without freedom.  Today’s united adoption of these three legislations sends a strong signal that national security and data protection can and must go hand in hand.”

Replacing the patchwork of national rules

The new data privacy laws encompass the GDPR, which governs the use and privacy of EU citizens’ data, and the Data Protection Directive, which governs the use of EU citizens’ data by law enforcement.

Together they aim to create strong data protection law for Europe’s 500 million citizens; streamline legislation between the 28 member states pushing a digital single market and boost police and security cooperation.  It is due to replace the outdated patchwork of national rules that have only allowed for small fines in cases of violation.

Phil Lee, a data protection partner at Fieldfisher, said: “Is this law ground-breaking? Absolutely.  Europe has created the notions of a ‘right to be forgotten’ and of ‘data portability’, and created fines for data breaches that are on a scale equivalent to fines for antitrust violations.  No other region has done that before.  (And no other country.)

“Whatever else may be said about it, the simple fact is that the global standard for data protection will now be dictated by European rules.”

The new laws have already proved controversial with companies wishing to operate with EU citizens’ data, placing an administrative burden on some, including those based outside of Europe. (Facebook)

William Long, a partner at Sidley Austin, said: “Organizations should be under no doubt that now is the time to start the process for ensuring privacy compliance with the regulations.  Importantly, companies outside of Europe, such as those in the US who offer goods and services to Europeans, will fall under the scope of this legislation and will face the same penalties for non-compliance.”

ePrivacy Directive next

The next step in strengthening of data regulation across the EU is an overhaul of the ePrivacy Directive, which will now commence in earnest, to bring it in-line with the changes laid out in the GDPR.

The European parliament also voted through the EU Passenger Name Record (PNR), which aims to aid law enforcement in tracking people’s movement across Europe.

EC’s first vice-president Frans Timmermans, vice-president of the Digital Single Market Andrus Ansip, and commissioner for justice, consumers and gender equality Věra Jourová, said: “These new rules come at a time when improved cooperation in the fight against terrorism and other serious crime is more necessary than ever, as shown by the recent terrorist attacks in Paris and Brussels.”

Reding added: “Faced with the transnational nature of the digital revolution and the fight against terror, EU-wide rules are the only solution to our problems.

“PNR is an important tool to track terrorists flying in and out of Europe in a much wider toolkit, which should also include the systematic sharing of information in all EU databases.”

Read Article (Samuel Gibbs | theguardian.com | 04/14/2016)

There are normally two victims in the event of a data breach, the business and the consumer.  In the US, media and government agencies seem to treat business as the primary victim but in the EU, they definitely treat the consumer as the primary victim.

Which would you select as the primary victim in the event of a data breach, the business or the consumer?

Master Level High-Tech Webinars