Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Communications

A "Public Health" Approach To Internet of Things Security 32

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.
Communications

Docs: Responding To Katrina, FBI Made Cell Phone Surveillance Its Priority 56

v3rgEz writes: There's a lot of lessons that the federal government should have learned in the aftermath of Katrina. Increased domestic surveillance, however, appears to be the one the FBI took to heart, using the natural disaster as a justification for ramping up its use of Stingray cell phone tracking throughout Louisiana after the storm, according to documents released under FOIA to MuckRock.
Privacy

Tech Nightmares That Keep Turing Award Winners Up At Night 70

itwbennett writes: At the Heidelberg Laureate Forum in Germany this week, RSA encryption algorithm co-inventor Leonard Adelman, "Father of the Internet" Vint Cerf, and cryptography innovator Manuel Blum were asked "What about the tech world today keeps you up at night?" And apparently they're not getting a whole lot of sleep these days. Cerf is predicting a digital dark age arising from our dependence on software and our lack of "a regime that will allow us to preserve both the content and the software needed to render it over a very long time." Adelman worries about the evolution of computers into "their own species" — and our relation to them. Blum's worries, by contrast, lean more towards the slow pace at which computers are taking over: "'The fact that we have brains hasn't made the world any safer,' he said. 'Will it be safer with computers? I don't know, but I tend to see it as hopeful.'"
Android

Since-Pulled Cyanogen Update For Oneplus Changes Default Home Page To Bing 79

ourlovecanlastforeve writes: Nestled into GSMArena's report on the Cyanogen OS 12.1 update for Oneplus [ Note: an update that the story reports has since been pulled.] is this tasty bite: "...you'll find out that your Chrome homepage has been changed to Bing." Then it's casually dismissed with "Thankfully though, you can easily get rid of Microsoft's search engine by using Chrome settings." as if this were the most normal thing to have to do after an OTA update. Is this the new normal? Has Microsoft set a new precedent that it's okay to expect users to have to go searching through every setting and proactively monitor network traffic to make sure their data isn't being stolen, modified or otherwise manipulated?
Privacy

How To Keep Microsoft's Nose Out of Your Personal Data In Windows 10 375

MojoKid writes: Amid the privacy concerns and arguably invasive nature of Microsoft's Windows 10 regarding user information, it's no surprise that details on how to minimize leaks as much as possible are often requested by users who have recently made the jump to the new operating system. If you are using Windows 10, or plan to upgrade soon, it's worth bearing in mind a number of privacy-related options that are available, even during the installation/upgrade. If you are already running the OS and forgot to turn them off during installation (or didn't even see them), they can be accessed via the Settings menu on the start menu, and then selecting Privacy from the pop-up menu. Among these menus are a plethora of options regarding what data can be gathered about you. It's worth noting, however, that changing any of these options may disable various OS related services, namely Cortana, as Microsoft's digital assistant has it tendrils buried deep.
Data Storage

Oakland Changes License Plate Reader Policy After Filling 80GB Hard Drive 269

An anonymous reader writes: License plate scanners are a contentious subject, generating lots of debate over what information the government should have, how long they should have it, and what they should do with it. However, it seems policy changes are driven more by practical matters than privacy concerns. Earlier this year, Ars Technica reported that the Oakland Police Department retained millions of records going back to 2010. Now, the department has implemented a six-month retention window, with older data being thrown out. Why the change? They filled up the 80GB hard drive on the Windows XP desktop that hosted the data, and it kept crashing.

Why not just buy a cheap drive with an order of magnitude more storage space? Sgt. Dave Burke said, "We don't just buy stuff from Amazon as you suggested. You have to go to a source, i.e., HP or any reputable source where the city has a contract. And there's a purchase order that has to be submitted, and there has to be money in the budget. Whatever we put on the system, has to be certified. You don't just put anything. I think in the beginning of the program, a desktop was appropriate, but now you start increasing the volume of the camera and vehicles, you have to change, otherwise you're going to drown in the amount of data that's being stored."
Transportation

When Should Cops Be Allowed To Take Control of Self-Driving Cars? 230

HughPickens.com writes: A police officer is directing traffic in the intersection when he sees a self-driving car barreling toward him and the occupant looking down at his smartphone. The officer gestures for the car to stop, and the self-driving vehicle rolls to a halt behind the crosswalk. This seems like a pretty plausible interaction. Human drivers are required to pull over when a police officer gestures for them to do so. It's reasonable to expect that self-driving cars would do the same. But Will Oremus writes that while it's clear that police officers should have some power over the movements of self-driving cars, what's less clear is where to draw the line. Should an officer be able to do the same if he suspects the passenger of a crime? And what if the passenger doesn't want the car to stop—can she override the command, or does the police officer have ultimate control?

According to a RAND Corp. report on the future of technology and law enforcement "the dark side to all of the emerging access and interconnectivity (PDF) is the risk to the public's civil rights, privacy rights, and security." It added, "One can readily imagine abuses that might occur if, for example, capabilities to control automated vehicles and the disclosure of detailed personal information about their occupants were not tightly controlled and secured."
Government

California Bill Would Dramatically Limit Commercial Drones 184

An anonymous reader writes: California's Senate Bill 142 would prohibit drones from flying under 350 feet over any property without express permission from the property's owner. The bill passed the California Assembly easily. Tech advocates have been battling privacy advocates to influence the inevitable regulation of private and commercial drones. Industry groups say this restriction will kill drone delivery services before they even begin. The legislation would also drastically diminish the usefulness of camera-centric drones like the ones being rolled out by GoPro. If passed, the bill could influence how other states regulate drones. The article notes that 156 different drone-related bills have been considered in 46 different states this year alone, and the FAA will issue nationwide rules in September.
Security

Court: FTC Can Punish Companies With Sloppy Cybersecurity 85

jfruh writes: The Congressional act that created the Federal Trade Commission gave that agency broad powers to punish companies engaged in "unfair and deceptive practices." Today, a U.S. appeals court affirmed that sloppy cybersecurity falls under that umbrella. The case involves data breaches at Wyndham Worldwide, which stored customer payment card information in clear, readable text, and used easily guessed passwords to access its important systems.
Windows

A Breakdown of the Windows 10 Privacy Policy 315

WheezyJoe writes: The Verge has a piece on Windows 10 privacy that presents actual passages from the EULA and privacy policy that suggest what the OS is capturing and sending back to Microsoft. The piece takes a Microsoft-friendly point of view, arguing that all Microsoft is doing is either helpful or already being done either by Google or older releases of Windows, and also touches on how to shut things off (which is also explained here). But the quoted passages from the EULA and the privacy policy are interesting to review, particularly if you look out for legal weasel words that are open to Microsoft's interpretation, such as "various types (of data)", diagnostic data "vital" to the operation of Windows (cannot be turned off), sharing personal data "as necessary" and "to protect the rights or property of Microsoft". And while their explanations following the quotes may attempt an overly friendly spin, the article may be right about one thing: "In all, only a handful of these new features, and the privacy concerns they bring, are actually in fact new... Most people have just been either unaware or just did not care of their existence in past operating systems and software." Even pirates are having privacy concerns and blocking Windows 10 users.
Input Devices

Skylake Has a Voice DSP and Listens To Your Commands 98

itwbennett writes: Intel's new Skylake processor (like the Core M processor released last year) comes with a built-in digital signal processor (DSP) that will allow you to turn on and control your PC with your voice. Although the feature is not new, what is new is the availability of a voice controlled app to use it: Enter Windows 10 and Cortana. If this sounds familiar, it should, writes Andy Patrizio: 'A few years back when the Xbox One was still in development, word came that Kinect, its motion and audio sensor controller, would be required to use the console and Kinect would always be listening for voice commands to start the console. This caused something of a freak-out among gamers, who feared Microsoft would be listening.'
Privacy

Ashley Madison Hack Claims First Victims 705

wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there. Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.
Cellphones

In Baltimore and Elsewhere, Police Use Stingrays For Petty Crimes 210

USA Today reports on the widespread use of stingray technology by police to track down even petty criminals and witnesses, as well as their equally widespread reluctance to disclose that use. The article focuses mostly on the city of Baltimore; by cross-checking court records against a surveillance log from the city’s Advanced Technical Team, the USA Today reporters were able to determine at least several hundred cases in which phony ("simulated") cell phone towers were used to snoop traffic. In court, though, and even in the information that the police department provides to the city's prosecutors, the use of these devices is rarely disclosed, thanks to a non-disclosure agreement with the FBI and probably a general reluctance to make public how much the department is using them, especially without bothering to obtain search warrants. From the article: In at least one case, police and prosecutors appear to have gone further to hide the use of a stingray. After Kerron Andrews was charged with attempted murder last year, Baltimore's State's Attorney's Office said it had no information about whether a phone tracker had been used in the case, according to court filings. In May, prosecutors reversed course and said the police had used one to locate him. "It seems clear that misrepresentations and omissions pertaining to the government's use of stingrays are intentional," Andrews' attorney, Assistant Public Defender Deborah Levi, charged in a court filing.

Judge Kendra Ausby ruled last week that the police should not have used a stingray to track Andrews without a search warrant, and she said prosecutors could not use any of the evidence found at the time of his arrest.
Windows

Underground Piracy Sites Want To Block Windows 10 Users 384

An anonymous reader writes: Some smaller pirate sites have become concerned about Windows 10 system phoning home too many hints regarding that the users are accessing their site. Therefore, the pirate administrators have started blocking Windows 10 users from accessing the BitTorrent trackers that the sites host. The first ones to hit the alarm button were iTS, which have posted a statement and started redirecting Windows 10 users to a YouTube video called Windows 10 is a Tool to Spy on Everything You Do. Additionally, according to TorrentFreak, two other similar dark web torrent trackers are also considering following suit. "As we all know, Microsoft recently released Windows 10. You as a member should know, that we as a site are thinking about banning the OS from FSC," said one of the FSC staff. Likewise, in a message to their users, a BB admin said something similar: "We have also found [Windows 10] will be gathering information on users' P2P use to be shared with anti piracy group."
Portables

Yet Another Compromising Preinstalled "Glitch" In Lenovo Laptops 89

New submitter execthis writes: Japanese broadcaster NHK is reporting that yet another privacy/security-compromising "glitch" has been found to exist in preinstalled software on Lenovo laptops. The article states that the glitch was found in Spring and that in late July Lenovo began releasing a program to uninstall the difficult-to-remove software. The article does not specify, but it could be referring to a BIOS utility called Lenovo Service Engine (LSE) for which Lenovo has released a security advisory with links to removal tools for various models.
Canada

Extortionists Begin Targeting AshleyMadison Users, Demand Bitcoin 286

tsu doh nimh writes: It was bound to happen: Brian Krebs reports that extortionists have begun emailing people whose information is included in the leaked Ashleymadison.com user database, threatening to find and contact the target's spouse and alert them if the recipient fails to cough up 1 Bitcoin. Krebs interviews one guy who got such a demand, a user who admits to having had an affair after meeting a woman on the site and who is now worried about the fallout, which he said could endanger his happily married life with his wife and kids. Perhaps inevitable: two Canadian law firms have filed a class action lawsuit against the company, seeking more than half a billion dollars in damages.
Transportation

San Jose May Put License Plate Scanners On Garbage Trucks 258

An anonymous reader writes: It's bad enough that some places have outfitted their police vehicles with automated license plate scanners, but now the city of San Jose may take it one step further. They're considering a proposal to install plate readers on their fleet of garbage trucks. This would give them the ability to blanket virtually every street in the city with scans once a week. San Jose officials made this proposal ostensibly to fight car theft, but privacy activists have been quick to point out the unintended consequences. ACLU attorney Chris Conley said, "If it's collected repeatedly over a long period of time, it can reveal intimate data about you like attending a religious service or a gay bar. People have a right to live their lives without constantly being monitored by the government." City councilman Johnny Khamis dismissed such criticism: "This is a public street. You're not expecting privacy on a public street."
Privacy

More Ashley Madison Files Published 301

An anonymous reader writes: A second round of Ashley Madison data was released today. The data dump was twice as large as the first time, which was bad enough for "19 Kids and Counting" star Josh Duggar, and includes some of CEO Noel Biderman's email as well. The release of the cheating sites data has spawned a small scammer industry as people scramble to find a way to have their information deleted from the leaks. Wired reports: "The new release is accompanied by the note: 'Hey Noel, you can admit it's real now.' The message is likely a response to assertions made by the company's former CTO this week, who tried hard to convince reporters after the first leak occurred that the data dump was fake."
Intel

Intel's Collaborative Cancer Cloud, an Open Platform For Genome-Based Treatments 16

Lucas123 writes: Intel and the Knight Cancer Institute have announced what will be an open-source service platform, called the Collaborative Cancer Cloud. The platform will enable healthcare facilities to securely share patient genomic data, radiological imagery and other healthcare-related information for precision treatment analysis. Key to averting HIPAA privacy issues will be Intel's Trusted Execution Technology, its embedded server encryption hardware that tests the authenticity of a platform and its operating system before sharing data. Intel said it will be opening that technology up for use by any clinic that want to take part in the Collaborative Cancer Cloud or to build its own data-sharing network with healthcare partners. Dr. Brian Druker, director of the Knight Cancer Institute, said the Trusted Execution Technology will allow healthcare centers to maintain control of patient data, while also allowing clinics around the world to use it for vastly faster genomic analysis.
Encryption

Engaging Newbies In Email Encryption and Network Privacy 81

reifman writes: All six parts of my series introducing beginners to PGP encryption and network privacy are now freely available. I hope it's useful for Slashdot readers to share with their less-technical acquaintances. There's an introduction to PGP, a guide to email encryption on the desktop, smartphone and in the browser, an introduction to the emerging key sharing and authentication startup, Keybase.io, and an intro to VPNs. There's a lot more work for us to do in the ease of use of communications privacy but this helps people get started more with what's available today.