The NSA Admits It Analyzes More People’s Data Than Previously Revealed [The Atlantic Wire]
If you’re a terror suspect, security analysts may extend their searches “two or three hops” from you, meaning the people you’re connected to and then the people they’re connected to and then the people they’re connected to. Like friends of friends on Facebook, but friends of friends of friends.
“This meant that if the NSA were following a phone metadata or web trail from a terror suspect, it could also look at the calls from the people that suspect has spoken with—one hop. And then, the calls that second person had also spoken with—two hops. Terror suspect to person two to person three. Two hops. And now: A third hop,” says The Atlantic Wire’s Philip Bump, who later in the article cites a 2011 study claiming that everyone on the Internet is at most 4.74 hops away from one another.
The American Civil Liberties Union has published a strongly-worded doozy on license plate tracking technology, culled from “more than 26,000 pages of documents from police departments in cities and towns across the country, obtained through freedom of information requests by ACLU affiliates in 38 states and Washington, D.C.”
According to the article:
Automatic license plate readers are the most widespread location tracking technology you’ve probably never heard of. Mounted on patrol cars or stationary objects like bridges, they snap photos of every passing car, recording their plate numbers, times, and locations. At first the captured plate data was used just to check against lists of cars law enforcement hoped to locate for various reasons (to act on arrest warrants, find stolen cars, etc.). But increasingly, all of this data is being fed into massive databases that contain the location information of many millions of innocent Americans stretching back for months or even years.
Deep State on social networking privacy [Business Insider]
Business Insider has run an excerpt from an April, 2013 book called Deep State: Inside the Government Secrecy Industry by Marc Ambinder and D.B. Grady. The claim: You voluntarily make a bunch of information available about yourself on Facebook, which makes it easier for law enforcement and security to collect data about you. Facebook commented on the piece, saying, “In reality we spend a lot of time building privacy controls, and working to make them powerful, easy to use, and also educating our users on them.”
It seems like the big tech companies – accused of being in cahoots with the National Security Agency — might have some things they want to get off their respective chests, but they’re being told to keep quiet. “Apple, Google, Facebook, Yahoo, Microsoft and Twitter are among the tech giants that have signed a letter to the feds, asking for the right to disclose more information about national security data requests,” writes my colleague Sam Gustin.
The Electronic Frontier Foundation wants to help you fly below the radar, putting together the first part of a two-part guide to the tools and services you can use “to blunt the effects of mass surveillance.” It’s a nice primer on various types of encryption, what is and isn’t anonymous web browsing and more.
The new Xbox console that Microsoft’s releasing later this year features a built-in camera. The Verge’s Sean Hollister says the camera “gets a perfect view of your living room. It’s always listening for voice commands, even when you turn the Xbox off. It can even read your heartbeat with the right software.” Microsoft’s response is that everything the camera collects is converted to text and data first. According to Hollister:
While some voice commands are processed at Microsoft’s servers, they’re converted to text before they ever leave the machine, and biometric data is translated into numerical values that simply indicate, say, where a player’s limbs are during online multiplayer games. While Microsoft says the Kinect is an “integral part” of the new Xbox, it also claims that sensing can be paused.
The sticking point is that Microsoft has recently been accused by The Guardian of providing direct government access into some of its products and services. Microsoft has refuted The Guardian‘s report, but has publicly wished to be allowed to explain itself more clearly.
The Creepy, Long-Standing Practice of Undersea Cable Tapping [The Atlantic]
Forget the idea of compelling technology companies to provide direct access into their systems; why not tap the undersea cables that carry internet data between continents? Over at The Atlantic, Olga Khazan writes:
In addition to gaining access to web companies’ servers and asking for phone metadata, we’ve now learned that both the U.S. and the U.K. spy agencies are tapping directly into the Internet’s backbone — the undersea fiber optic cables that shuttle online communications between countries and servers. For some privacy activists, this process is even more worrisome than monitoring call metadata because it allows governments to make copies of everything that transverses these cables, if they wanted to.
Just How Bad Was Tumblr’s Security Flaw? [BuzzFeed]
Well, Tumblr was apparently sending username and password data from its iOS app back to its servers unencrypted, meaning that your username and password were passed along in plain English. However, someone nearby would have had to have been connected to the same network as you and running software that sniffs out unencrypted cookies as they move along the network. All this at the same time you were logging in to the Tumblr app from your iPhone or iPad.
Speaking from past experience, when someone’s first learning about encryption, perhaps he or she might sit in a coffee shop running software like that just to get a feel for the software and to see what’s being passed along. The question is whether whoever’s running such software uses what they find to help people or not.