His personal computer is monitored by the government, a service for which he pays $29 a month, and he’s prohibited from using an iPhone or Android device, though he can use a BlackBerry — authorities told him the iPhone had too many capabilities.
Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.
For example, when a Mercedes-Benz driver requests data from the internet, this is processed via an external Daimler back end server. The data then move to the car via a secure virtual private network connection.
Many carmakers now offer customers downloadable apps such as via Toyota Motor’s Touch, Ford’s Sync and Chrysler’s Uconnect systems. However, these tend not to be fully open but rather offer a limited number of secure, approved apps.
Mr Hoheisel, at Bosch, says: “At the moment we don’t have open app stores in the car industry — these are really protected and shielded systems.”
A Ford spokesman says that “the safety, privacy and security of our customers is paramount” and therefore any software updates are “code-signed” and must be recognised as coming from Ford in order to update its Sync system.
Hackers can influence real-time traffic-flow-analysis systems to make people drive into traffic jams or to keep roads clear in areas where a lot of people use Google or Waze navigation systems, a German researcher demonstrated at BlackHat Europe. ‘If, for example, an attacker drives a route and collects the data packets sent to Google, the hacker can replay them later with a modified cookie, platform key and time stamps, Jeske explained in his research paper (PDF). The attack can be intensified by sending several delayed transmissions with different cookies and platform keys, simulating multiple cars, Jeske added. An attacker does not have to drive a route to manipulate data, because Google also accepts data from phones without information from surrounding access points, thus enabling an attacker to influence traffic data worldwide, he added.’ ‘You don’t need special equipment for this and you can manipulate traffic data worldwide,’ Jeske said.
— Researcher: Hackers Can Jam Traffic By Manipulating Real-Time Traffic Data - Slashdot, via @julian0liver (via new-aesthetic)
(via iamdanw)
Anonymous: Meet the 'Corporate Enemies of the Internet' for 2013
Paris-based Reporters Without Borders names five companies as “digital mercenaries” that have decided to sell their surveillance technology to authoritarian regimes.
National governments are increasingly purchasing surveillance devices manufactured by a small number of corporate suppliers and…
What this means is that if provided a valid username/password pair by Google, law enforcement agencies can gain access to an Android device that is protected with a screen unlock pattern. As I understand it, this assistance takes the form of two password changes: one to a new password that Google shares with law enforcement, followed by another that Google does not share with the police. This second password change takes place sometime after law enforcement agents have bypassed the screen unlock, which prevents the government from having ongoing access to new email messages and other Google account-protected content that would otherwise automatically sync to the device.
…
It is my understanding, based on discussions with individuals who are familiar with Google’s law enforcement procedures, that the company will provide assistance to law enforcement agencies seeking to bypass screen unlock patterns, provided that the cops get the right kind of court order. The company insists on an anticipatory warrant, which the Supreme Court has defined as “a warrant based upon an affidavit showing probable cause that at some future time, but not presently, certain evidence of crime will be located at a specific place.”
Although a regular search warrant might be sufficient to authorize the police to search a laptop or other computer, the always-connected nature of smartphones means that they will continue to receive new email messages and other communications after they have been seized and searched by the police. It is my understanding that Google insists on an anticipatory warrant in order to cover emails or other communications that might sync during the period between when the phone is unlocked by the police and the completion of the imaging process (which is when the police copy all of the data off of the phone onto another storage medium).
…
Of the three screen lock methods available on Android (pattern, PIN, password), Google only offers a username/password based bypass for the pattern lock. If you’d rather that the police not be able to gain access to your device this way (and are comfortable with the risk of losing your data if you are locked out of your phone), I recommend not using a pattern-based screen lock, and instead using a PIN or password.
However, it’s important to understand that while locking the screen of your device with a PIN or password is a good first step towards security, it is not sufficient to protect your data. Commercially available forensic analysis tools can be used to directly copy all data off of a device and onto external media. To prevent against such forensic imaging, it is important to encrypt data stored on a device.
Since version 3.0 (Honeycomb) of the OS, Android has included support for full disk encryption, but it is not enabled by default. If you want to keep your data safe, enabling this feature is a must.
Unfortunately, Android currently uses the same PIN or password for both the screen unlock and to decrypt the disk. This design decision makes it extremely likely that users will pick a short PIN or password, since they will probably have to enter their screen unlock dozens of time each day. Entering a 16-character password before making a phone call or obtaining GPS directions is too great of a usability burden to place on most users.
Using a shorter letter/number PIN or password might be good enough for a screen unlock, but disk encryption passwords must be much, much longer to be able to withstand brute force attacks. Case in point: A tool released at the Defcon hacker conference this summer can crack the disk encryption of Android devices that are protected with 4-6 digit numeric PINs in a matter of seconds.
Hopefully, Google’s engineers will at some point add new functionality to Android to let you use a different PIN/password for the screen unlock and full disk encryption. In the meantime, users who have rooted their device can download a third-party app that will allow you to choose a different (and hopefully much longer) password for disk encryption.
Furthermore, the text of the agreement reveals that U.S. Trade Representative (USTR) Ron Kirk has agreed to place the approval of “domestic stakeholders” (read: large corporations) on a level with that of the Congress. It is precisely this exalting of big business that has troubled many of the people’s representatives in Congress.
Recently Zach Carter of the Huffington Post reported that Senator Ron Wyden (D-Ore.), the chairman of the Senate Finance Committee’s Subcommittee on International Trade, Customs and Global Competitiveness, was stonewalled by the office of the USTR when he attempted to see any of the draft documents related to the governance of the TPP.
In response to this rebuff, Wyden proposed a measure in the Senate that would force transparency on the process. That was enough to convince the USTR to grant the senator a peek at the documents, though his staff was not permitted to peruse them.
Wyden spokeswoman Jennifer Hoelzer told HuffPost that such accommodations were “better than nothing” — but not ideal in light of the fact that the real work of drafting and evaluating legislation on Capitol Hill is performed by staffers who often possess expertise in particular areas of domestic and foreign policy.
“I would point out how insulting it is for them to argue that members of Congress are to personally go over to USTR to view the trade documents,” Hoelzer said. “An advisor at Halliburton or the MPAA is given a password that allows him or her to go on the USTR website and view the TPP agreement anytime he or she wants.”
A senator of the United States has to beg and plead and threaten legislation in order to be able to gain access to the TPP trade agreement, but corporate interests are given a password by the USTR that grants them a priori access to those same documents.
Now it is discovered that the chapter on intellectual property in the leaked TPP draft agreement launches another attack on U.S. sovereignty through the mandate that member nations enact regulations that requiring Internet Service Providers (ISPs) to privately enforce copyright protection laws.
These private companies — many of which are very small — would be forced to take upon themselves the responsibility of patrolling for and punishing any violation of the copyright laws by its subscribers.
Current U.S. law, specifically the Digital Millennium Copyright Act (DMCA), would be supplanted by TPP Article 16.3. This provision in the TPP draft document paves the way for a new copyright enforcement scheme that extends far beyond the limits currently imposed by DMCA. In fact, it contains mandates more expansive than even those proposed in the Anti-Counterfeiting Trade Agreement (ACTA).
ACTA is widely regarded as a threat to Internet freedom, as well as to the legislative power of the Congress. If ACTA is a threat than TPP is an all-out frontal assault.
Regardless of the merits of the DMCA, it is U.S. law and should not be subject to de facto appeal by the work of a body of internationalists who are not accountable to citizens of the United States.
Apart from the issues of sovereignty, putting such pressure on service providers is a threat not only to the owners of these small business, but also to Internet freedom, as well.
It is the good work of these ISPs that has created the Internet we know today. Were it not for the typically low-cost access these companies provide, the pool of readily accessible viewpoints, opinions, and news resources would be significantly shallower.
In a post-TPP world, ISPs would be forced to raise prices dramatically in order to cover the increase in their own overhead brought on by the requirement that they monitor and manage the websites they host.
Poitras is now forced to take extreme steps — ones that hamper her ability to do her work — to ensure that she can engage in her journalism and produce her films without the U.S. Government intruding into everything she is doing. She now avoids traveling with any electronic devices. She uses alternative methods to deliver the most sensitive parts of her work — raw film and interview notes — to secure locations. She spends substantial time and resources protecting her computers with encryption and password defenses. Especially when she is in the U.S., she avoids talking on the phone about her work, particularly to sources. And she simply will not edit her films at her home out of fear — obviously well-grounded — that government agents will attempt to search and seize the raw footage.
That’s the climate of fear created by the U.S. Government for an incredibly accomplished journalist and filmmaker who has never been accused, let alone convicted, of any wrongdoing whatsoever. Indeed, documents obtained from a FOIA request show that DHS has repeatedly concluded that nothing incriminating was found from its border searches and interrogations of Poitras. Nonetheless, these abuses not only continue, but escalate, after six years of constant harassment.
— this is your shitty future
(Source: salon.com)