Schiff demands answers from Pentagon on monitoring domestic unrest

Schiff, a Democrat from California, wrote Joseph Kernan, the undersecretary of defense for intelligence and security, asking about whether the Pentagon has been asked or was already supporting efforts to surveil the protests.

…In his letter, Schiff cited the “sudden and impulsive manner in which the Armed Forces and law enforcement components from across the federal government have been mobilized to date, and the lack of public transparency regarding their orders,” calling these recent actions “deeply troubling.”

…Attorney General William Barr has said he believes there may be foreign influence involved in the domestic protests, which if true could provide a legal authority to allow the DIA to assist with investigating those connections. However, so far no public evidence of a foreign connection has emerged in connection with the protests, which were sparked by the killing of George Floyd, an African-American man, in police custody.

…Schiff asked Kernan for further confirmation that military agencies, including the DIA, are not being asked to support law enforcement responses to civil unrest, “including to monitor, assess, or otherwise track Americans who are taking to the streets or otherwise engaging in constitutionally protected activity within the United States.”

Schiff demands answers from Pentagon on monitoring domestic unrest



Indiana officer who made ‘closed casket’ remark after police killing is suspended, reassigned

via Indiana officer who made ‘closed casket’ remark after police killing is suspended, reassigned

Police have said… Police have said… Enough with what the police have said. The police need to start producing proof and stop covering up each other’s crimes with nonsense.

Oh, and that officer should have been at the very least fired, not “reassigned.”

Police officers should not have special HR privileges. Their position makes them a public figure and and their right to privacy and second chances should never rank below the right of the public not to have armed monsters roaming our streets with guns and not consequences if they murder someone.

A sneaky attempt to end encryption is worming its way through Congress – The Verge

It’s not clear that companies have to “earn” what are already protections provided under the First Amendment: to publish, and to allow their users to publish, with very few legal restrictions. But if the EARN IT Act were passed, tech companies could be held liable if their users posted illegal content. This would represent a significant and potentially devastating amendment to Section 230, a much-misunderstood law that many consider a pillar of the internet and the businesses that operate on top of it.

When internet companies become liable for what their users post, those companies aggressively moderate speech. This was the chief outcome of FOSTA-SESTA, the last bill Congress passed to amend Section 230. It was putatively written to eliminate sex trafficking, and was passed into law after Facebook endorsed it. 

…One item on that checklist could be eliminating end-to-end encryption in messaging apps, depriving the world of a secure communications tool at a time when authoritarian governments are surging around the world. 

…The bill’s backers have not said definitively that they will demand a backdoor for law enforcement (and whoever else can find it) as part of the EARN IT Act. (In fact, Blumenthal denies it.) But nor have they written the bill to say they won’t. And Graham, one of the bill’s cosponsors, left little doubt on where he stands:

“Facebook is talking about end-to-end encryption which means they go blind,” Sen Graham said, later adding, “We’re not going to go blind and let this abuse go forward in the name of any other freedom.

Graham raises the prospect that the federal government will get what it has long wanted — greatly expanded power to surveil our communications — by burying it in a complex piece of legislation that is nominally about reducing the spread of child abuse imagery.

A sneaky attempt to end encryption is worming its way through Congress – The Verge


They came for the U.S. on Instagram too

Russia’s Internet Research Agency operated a vast network of accounts on Instagram that sought to infiltrate American identity groups, harden ideological divides and sow distrust in the American political system.

Much of the group’s activity was concentrated among several dozen large accounts. …Many of the group’s accounts targeted specific identity groups, including African-Americans, gun-rights supporters and anti-immigration activists.

…In total, posts from Instagram accounts linked to the I.R.A. received [at least] 185 million likes during the two-year period reviewed.

…Many of the Russian posts focused on developing audiences among specific American identity groups, which could then be used to target them with content and advertising later on.

……These merchandise sales most likely were not lucrative for the I.R.A. Instead, researchers suggested, selling merchandise had two other benefits: first, it allowed Russians to collect names, addresses and other personal information from users; second, it allowed them to identify strong supporters of a cause, who could then be targeted with advertisements.

…Several of the I.R.A.’s most popular Instagram accounts focused on African-American themes and interests. One image, posted to the @blackstagram_ account in June 2017, showed a series of women’s legs, with skin tones ranging from light to dark. The caption read, “All the tones are nude! Get over it!” It received more than 250,000 likes and more than 6,000 comments.

…Another image, posted to an account called @army_of_jesus, encouraged users to “like if you believe,” and “keep scrolling if you don’t.” The account, which originally shared Kermit the Frog memes and jokes from “The Simpsons,” was later repurposed to target conservative Christians [after a following was built].

…In the days leading up to the 2016 election, some I.R.A.-linked Instagram accounts were used to seed doubts about the integrity of the election, and to accuse Democrats of trying to rig the vote in their favor. 

Russian Trolls Came for Instagram, Too – The New York Times


US accuses Huawei of spying through ‘back doors’ built for law enforcement – which is what the US has been pressuring tech companies to do for years

Huawei built equipment allowing it to tap into telecoms using interfaces designed only for law enforcement without alerting the carriers. “Huawei does not disclose this covert access to its local customers, or the host nation national-security agencies,” a senior US official told the newspaper.

…US officials say Huawei has had this technology for over a decade. The US kept this information highly classified until it started sharing it last year with allies like Germany and the UK in a bid to get them to freeze out Huawei equipment from their 5G networks, the report said.

…The US government’s latest allegation against Huawei highlights a security argument that the US has long been wrangling with tech companies about: whether it’s safe to build privacy vulnerabilities for law enforcement to use.

…”Introducing back doors weakens the internet for everyone, and leaves it so much more vulnerable to everyone from cybercrime rings to authoritarian regimes.”

“The US government’s concern about possible backdoors in Huawei-built networks only underscores why it is untenable for the government to demand that US-based tech companies create backdoors for domestic law enforcement agencies. Once built, these mechanisms can be co-opted by governments around the world.”

US accuses Huawei of spying through ‘back doors’ built for law enforcement – Business Insider


CIA Secretly Owned Global Encryption Provider, Built Backdoors, Spied On 100+ Foreign Governments: Report

More than 100 countries across the globe relied for decades upon encryption equipment from a Swiss provider, Crypto AG, to keep their top-secret communications, well, top-secret. 

….The Swiss company that global governments trusted with their most sensitive of conversations for more than fifty years was actually owned by the U.S. Central Intelligence Agency (CIA) in partnership with the West German BND intelligence service.

…Operation Rubicon, as it became known, was both brazen in nature and breathtaking in scope. Foreign governments paid top dollar for the equipment that was being used to spy upon them.

…The CIA and BND partnership added backdoors into the Crypto AG encryption products and used these for intelligence gathering purposes across the years.

CIA Secretly Owned Global Encryption Provider, Built Backdoors, Spied On 100+ Foreign Governments: Report


Apple dropped plan for encrypting backups after FBI complained

Apple Inc  dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained.

…Behind the scenes, Apple has provided the U.S. Federal Bureau of Investigation with more sweeping help, not related to any specific probe.

…More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

…That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

“They decided they weren’t going to poke the bear anymore,” the person said, referring to Apple’s court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino, California.

…The agency relies on hacking software that exploits security flaws to break into a phone. But that method requires direct access to the phone which would ordinarily tip off the user, who is often the subject of the investigation.

…Apple’s iCloud, on the other hand, can be searched in secret. In the first half of last year, the period covered by Apple’s most recent semiannual transparency report on requests for data it receives from government agencies, U.S. authorities armed with regular court papers asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts.

The company said it turned over at least some data for 90% of the requests it received. It turns over data more often in response to secret U.S. intelligence court directives, which sought content from more than 18,000 accounts in the first half of 2019, the most recently reported six-month period.

Had it proceeded with its plan, Apple would not have been able to turn over any readable data belonging to users who opted for end-to-end encryption.

Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources – Reuters


Amazon-owned Ring doorbell shares user info with Facebook, report says

The Electronic Frontier Foundation published its findings after closely examining the Android version of the Ring app.

The non-profit determined that the app is “packed with third-party trackers sending out a plethora of customers’ personally identifiable information.” And this is done “without meaningful user notification or consent and, in most cases, no way to mitigate the damage done,” the EFF said.

…The EFF notes user data can be amalgamated to create a profile of a user’s digital habits. Third-party companies can use that profile to surveil what people are doing across other apps and websites.

…Ring collects information like names, private IP addresses, mobile network carriers and sensor data on the devices of paying customers, EFF said. The personal data then goes to four primary recipients including Branch, ApplsFlyer, MixPanel and Facebook, EFF said. Google-owned Crashanalytics was also named as a recipient.

“The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device,” EFF said in the report. 

…Reports also surfaced revealing that some of Ring’s workers had been fired for spying on users. In November, the Mozilla Foundation, which created the Firefox browser, said Ring was among its worst privacy offenders. Mozilla claimed the company’s doorbells have bugs that could enable hackers to “go Big Brother on you in your own home.”

Amazon-owned Ring doorbell shares user info with Facebook, report says


Ring’s Neighborhood Watch Feature Is Bringing Out the Worst in Boston

“I’m all for technology and keeping your castle safe, but geez, can’t a guy just stop by to say hello anymore?”

…I am currently obsessed with—and horrified by—the Neighbors app, a niche but growing social network that’s become a dumping ground for videos captured by Ring cameras. Boston has embraced it with gusto, despite the fact that crime statistics show that we’ve never been safer. The app touts itself as a “new neighborhood watch,” that helps users harness “the power of your community” to keep you “safe and informed.” Police are so confident in Ring’s usefulness that many departments have even partnered with Amazon to promote the product in Massachusetts.

…Local users haven’t just been uploading videos of crimes in action—they’ve been using the app to post just about anything that seems mysterious or untoward. In other words, the app has become a cesspool of paranoia and aggression, where even looking suspicious is grounds for inclusion on the app’s ceaseless stream of updates.

…Delivery drivers and city workers …flagged as potential robbers and scammers. …Two guys dressed in business-casual attire strolling across a driveway—none of whom appears to commit any crimes—and deemed them worthy of inclusion on the app.

…Tensions that often simmer under the surface in Boston—specifically those around race and class—are laid bare in text on the app. People who are poor, non-white, or both are often unfairly labeled by Ring users as ‘dangerous.’

…“A lot of it is really gross., …people posting really just derogatory, heartless, cruel things about these folks who are obviously at a really low place in their lives, struggling with substance abuse and poverty.”

… There are countless examples of the benefits of the Neighbors app, including identifying hit-and-run drivers, helping to find lost pets, or, in one case, providing crucial evidence of a kidnapping underway in Las Vegas. Still, a review of the videos on Boston’s section of the Neighbors app reveals many doorstep moments aren’t even crimes at all. The unintended result, though, is a growing army of Bostonians who have engineered a vast network of private surveillance cameras and unwittingly volunteered their services to broadcast anyone who steps near their front door.

Ring’s Neighborhood Watch Feature Is Bringing Out the Worst in Boston


Avigilon’s appearance search tool isn’t technically facial recognition, but it still invades students’ privacy

Appearance Search can find people based on their age, gender, clothing, and facial characteristics, and it scans through videos like facial recognition tech — though the company that makes it, Avigilon, says it doesn’t technically count as a full-fledged facial recognition tool.

Even so, privacy experts told Recode that, for students, the distinction doesn’t necessarily matter. Appearance Search allows school administrators to review where a person has traveled throughout campus — anywhere there’s a camera — using data the system collects about that person’s clothing, shape, size, and potentially their facial characteristics, among other factors. It also allows security officials to search through camera feeds using certain physical descriptions, like a person’s age, gender, and hair color.

…“People don’t behave the same when they’re being watched,” warns Brenda Leong, the director of AI and ethics at the Future of Privacy Forum. “Do we really want both young students and high schoolers, and anybody else, feeling like they’re operating in that environment all the time?”

Adding to privacy concerns surrounding a tool like Appearance Search is the fact that it’s not exclusively being used to address violence in schools. School administrators are already using the system to try to intercept bullying, to deter code of conduct violations, and to assist in investigations of school employees.

…Avigilon would not share how many schools are using Appearance Search. While Recode identified at least nine public school districts that have acquired or have access to the software, it’s likely many more schools are using the tool.

For instance, the New York Civil Liberties Union says that more than a dozen school districts in New York State have purchased Avigilon equipment. While the NYCLU doesn’t know for certain how many have access to or have used the Appearance Search tool, technology strategist Daniel Schwarz said in an email that “given its inclusion into the main [Avigilon Control Center] software it is likely that a high percentage of schools will have the feature at their fingertips.”

At the schools that have gotten the tool, we already have a sense of how it can be used.

…Appearance Search has been used to locate children lost in schools, to investigate complaints against staff, and to deter violations of codes of conduct. He says the software has also made the school security staff aware of disciplinary infractions they otherwise would not have known about.

…As Kai Koerber, a recent graduate of MSD, told Recode about the technology: “I don’t think [students] should have to — by going to school — volunteer to accept this kind of new social contract where you’re going to be recorded and traced through your every move. I do think people have the right to be able to walk to the next class without being identified.”

…“Yes, it may work in terms of, ‘we can identify people who don’t belong on the campus.’ At the same time, we are invading the privacy of each and every student,” he said.

Koerber’s concerns are echoed by student privacy advocates, who say the tool could be used to track and surveil students. “It is surveillance technology, and it is tracking technology, and any school implementing any variation of those is potentially creating more harms and risks than they’re solving,” said Leong.

Avigilon’s appearance search tool isn’t facial recognition, but it still has privacy risks. – Vox


Apple dropped plan for encrypting backups after FBI complained

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

…Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

…It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources – Reuters


Hackers may have gained ‘almost total control’ of an election server in Georgia, report says

The alleged attack on a Georgia election server was first discovered by Logan Lamb, an election security expert who suggested that hackers may have been able to significantly interfere with state voting data.

If the hackers successfully broke into the server, Mr Lamb said in his report that they likely obtained “almost total control of the server, including abilities to modify files, delete data, and install malware”.

….“What Logan’s findings show us,” she added, “is that vulnerabilities were not just hypothetical as the state had been claiming. Now we know that it was a very real risk, but what we don’t know is just how bad did it get. And the public deserves to know.”

….The alleged attack has added fuel to an ongoing debate about the integrity of Georgia’s elections. The state uses paperless voting machines, a process the activist groups behind the lawsuit are hoping to put an end to, and the election server had previously faced security issues before the 2016 elections.

The Centre for Election Systems at Kennesaw State University, which was tasked with overseeing the programming of Georgia’s elections, then erased all of the data on the server in question. Mr Lamb was later able to assess a copy of the server collected by the FBI in March 2017 after state officials lost a years-long battle to prevent it from being examined in 2019.

“I can think of no legitimate reason why records from that critical period of time should have been deleted”, Mr Lamb wrote in the affidavit.

Hackers may have gained ‘almost total control’ of an election server in Georgia, report says | The Independent