Google Snubs Privacy

Search giant Google has told the British government it is immune to prosecution on privacy issues and it can do what it like. The US Company is accused of illegally snooping on its British customers by bypassing privacy settings on Apple devices, such as iPads, to track their browsing history.

A group of British people took Google to court but the search engine is trying to get the case thrown out. Its argument is that it is not subject to British privacy law because it is based in California. This is the second time that Google has tried to avoid British law by pretending to operate in another country. It has come under fire for failing to pay tax in the UK

Nick Pickles, director of Big Brother Watch, said: ‘It is deeply worrying for a company with millions of British users to be brazenly saying they do not regard themselves bound by UK law. Solicitor Dan Tench, of law firm Olswang, said this was another instance of Google being here when it suits them and not being here when it doesn’t. Ironically when the US ordered Google to stop what it was doing, it forced the search engine to pay a $22.5million to regulators.

There are some indications that Google may not get its way. In July the Information Commissioner’s Office told Google its privacy rules breached UK law so it will be very hard for it to stand up in court and say it didn’t.

Source

Is The FBI Snooping TOR?

The Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.

The FBI might be behind a security assault on the TOR network that grabs users’ information.

Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.

“[It] doesn’t download a backdoor or execute any other commands, this is definitely law enforcement,” he said in a tweet about the discovery.

He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.

“Briefly, this payload connects to 65.222.202.54:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash,” he added.

“Because this payload does not download or execute any secondary backdoor or commands it’s very likely that this is being operated by an LEA and not by blackhats.”

The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.

Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.

A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.

“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network,” the TOR project said.

“There are a variety of [rumors] about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site,” it said.

“The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research.”

Source

Are CCTV Cameras Hackable?

When the nosy British bought CCTV cameras, worried citizens were told that they could not be hacked.

Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.

They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.

He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.

Source

EPIC Wants Biometric Data From The FBI

The Electronic Privacy Information Center (EPIC) has pressed the US Federal Bureau of Investigation (FBI) for access to its database of US citizens’ biometric data.

EPIC already tried to get access twice last September, and now it is trying again. It said that it has sent repeated freedom of information act requests regarding the database, and that the FBI has failed to respond. Now it has filed a lawsuit for access (PDF).

It warned that the Next Generation Identification system (NGI) is a massive database that “when completed, [will] be the largest biometric database in the world”.

The NGI will use CCTV systems and facial recognition, and it includes DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other “identifying information”.

The FBI has an information page about the NGI, and there it said that photographs of tattoos are also included and that the system is designed to speed up suspect detection and response times.

“The NGI system will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality,” it said.

“The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology”.

In its lawsuit EPIC said that the NGI database will be used for non law enforcement purposes and will be made available to “private entities”.

EPIC said that it has asked the FBI to provide information including “contracts with commercial entities and technical specifications”.

It said that so far it has received no information from the FBI in response to its requests.

Source

Google Fights NSL Over Data Privacy

Google is fighting a National Security Letter (NSL) issued by the US government, with the Electronic Frontier Foundation (EFF) acknowledging it is one of the first firms to do so.

Google took the unusual step last month of revealing, albeit in vague terms, the number of NSLs it received from the US government. At the time the company said it was working with the authorities to improve transparency around the subject, but according to court filings it is also fighting against handing over users’ data.

In March, Google filed a petition to set aside a legal process. Kevan Fornasero, a lawyer for Google said in the filing that petitions “filed under Section 3511 of Title 18 to set aside legal process issued under Section 2709 of Title 18 must be filed under seal because Section 2709 prohibits disclosure of the legal process”.

Fornasero’s reference to Section 2709 refers to the ability of the FBI to issue NSLs and force the handover of user data. According to the EFF, Google is one of the first communications companies to fight an NSL, but because Section 2709 doesn’t allow firms to disclose the legal process, few people can be certain that others haven’t tried to stand up to the US government.

Matt Zimmerman, a lawyer for the EFF said, “The people who are in the best position to challenge the practice are people like Google. So far no one has really stood up for their users’ among large Internet service providers.”

Google has tried in recent years to provide users with some information on how it deals with government agencies’ requests for user data. If the firm can succeed in its fight against NSLs then it could open the floodgates for others to stand up against a law that some see to be nothing more than a snooper’s charter.

Source

Privacy Advocates & Lawmakers Push For Google Probe

Privacy groups and lawmakers are pushing for a new and more expansive investigation into Google and its privacy practices after the U.S. Federal Communications Commission announced that it found no evidence that the company violated eavesdropping laws.

Late last week, the FCC reported that there was no legal precedent to find fault with Google collecting unprotected home Wi-Fi data, such as personal email, passwords and search histories, with its roaming Street View cars between 2007 and 2010.

However, the FCC did fine Google $25,000 for obstructing its investigation.

A Google spokesperson took issue with the fine.

“We disagree with the FCC’s characterization of our cooperation in their investigation and will be filing a response,” said the spokesperson in an email to Computerworld. “It was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal. We have worked with the relevant authorities to answer their questions and concerns.”

The Electronic Privacy Information Center (EPIC), a national privacy watchdog, disagreed with the FCC findings.

In a letter sent to U.S. Attorney General Eric Holder today, EPIC asked that the Department of Justice investigate Google’s surreptitious collecting of Wi-Fi data from residential networks.

“Given the inadequacy of the FCC’s investigation and the law enforcement responsibilities of the attorney general, EPIC urges the Department of Justice to investigate Google’s collection of Wi-Fi data from residential Wi-Fi networks,” wrote Mark Rotenberg, executive director of the advocacy group.

“By the [FCC’s] own admission, the investigation conducted was inadequate and did not address the applicability of federal wiretap law to Google’s interception of emails, usernames, passwords, browsing histories and other personal information,” Rotenberg added.

Source…

Google Goes Pay To Track

Amid widespread concern about its new privacy policies, Google is now facing additional criticism over a deal to offer users Amazon gift certificates if they open their Web movements to the company in a program called Screenwise.

Google says the program launched “near the beginning of the year,” but the company’s low-key offer was disclosed Tuesday night on the blog Search Engine Land.

Google is asking users to add an extension to the Chrome browser that will share their Web-browsing activity with the company. In exchange, users will receive a $5 Amazon gift when they sign up and additional $5 gift card values for every three months they continue to share. (Amazon is not a partner in the project.) Users must be over age 13, and minors will need parental consent to participate. The tracking extension can be turned off at any time, allowing participants to temporarily close their metaphorical shades on Google.

The company says the program will help it “improve Google products and services and make a better online experience for everyone.”

Source…