Privacy Roundup #0076 • November 2012
The Petraeus affair pushed email privacy into the headlines, breaches struck Adobe, NASA and South Carolina, and governments from Syria to Washington reached for new powers over our data.
1. Five Things the Petraeus Affair Teaches Us About Online Surveillance
The CIA director resigned on 9 November after the FBI traced harassing emails to his biographer and read the private messages that exposed their affair. The case showed how readily federal agents can reach into ordinary webmail accounts, since no judge issued warrant is needed for messages older than six months.
2. Surveillance and security lessons from the Petraeus scandal
The ACLU argued that the investigation showed metadata is king, with login records and IP addresses unmasking people who thought they were anonymous. It warned that the law governing such access had fallen far behind the technology.
3. Patrick Leahy Ready To Cave To Law Enforcement: Has ECPA Reform Amendment To Include Loopholes For Warrantless Spying
On 20 November Techdirt reported that Senator Leahy had quietly rewritten his email warrant bill to let more than twenty federal agencies read private correspondence without a warrant. The revision, exposed by CNET, drew a swift backlash and Leahy disowned it within hours.
4. PayPal, Symantec, ImageShack, NBC targeted in hacking spree
On 5 November, Guy Fawkes Day, a wave of attacks hit several large targets, with the Hack The Planet group claiming to have raided Symantec and ImageShack databases through zero day flaws. PayPal account records were also leaked and NBC websites were defaced as part of the coordinated spree.
5. Email warrant bill passes the Senate Judiciary Committee
On 29 November the committee approved an amendment from Senator Patrick Leahy requiring a probable cause warrant before the government could read private emails. The measure aimed to close the loophole that exposed messages older than 180 days.
6. Skype handed a teenager's data to a private firm without a warrant
Skype reportedly gave the real name, email address and home address of a 16 year old Dutch WikiLeaks supporter to the security firm iSIGHT Partners. The disclosure came without any legal request and drew sharp criticism of the company's data handling.
7. Twitter unintentionally reset a flood of account passwords
On 8 November Twitter sent password reset emails to far more users than it intended while checking for compromised accounts. The episode caused confusion as people feared a wide breach that had not actually occurred.
8. South Carolina governor's encryption claims questioned after tax breach
Following the theft of millions of taxpayer records, Governor Nikki Haley defended the state's decision not to encrypt Social Security numbers. Security analysts said her account of standard practice was off base and that encryption was readily available.
9. Facebook moves to scrap user voting on privacy changes
Facebook proposed ending the site governance vote that let users weigh in on policy updates. The plan also sought to loosen message controls and to combine personal data with Instagram.
10. Privacy groups ask Facebook to withdraw its proposed changes
EPIC and the Center for Digital Democracy urged Facebook to drop the changes, warning they raised privacy risks and might breach the company's settlement with the FTC. They argued the plan undermined earlier commitments on site governance.
11. Stolen NASA laptop exposed thousands of employees' personal data
An unencrypted laptop taken from a worker's car held names, Social Security numbers and sensitive records for thousands of NASA staff and contractors. The loss prompted an order to encrypt agency laptops and calls for an investigation.
12. EFF tells courts that police need a warrant for GPS tracking
EFF, the ACLU and defence lawyers filed a brief arguing that attaching a GPS device to a car requires a warrant under United States v. Jones. They pressed the courts to reject government attempts to carve out exceptions.
13. Google transparency report shows government surveillance rising
Google reported nearly 21,000 government requests for user data in the first half of 2012, with the United States making the most. EFF noted the steady climb and the limits on what the figures could reveal.
14. Hacker breaches Adobe servers and leaks 150,000 accounts
A hacker using the name ViruS_HimA dumped roughly 150,000 emails and hashed passwords belonging to Adobe staff and partners, including military and government addresses. Adobe later traced the breach to its Connectusers forum.
15. EFF launches a new transparency project
EFF opened a project to make government records on surveillance technologies easier to obtain and understand. It focused on location tracking, drones, biometrics and the secret interpretation of surveillance law.
16. Syria goes dark as the internet is cut off
On 29 November almost all internet connectivity between Syria and the outside world was severed. EFF tied the blackout to a government that already ran widespread surveillance of phone and internet traffic.
17. Syrians use old and new tools to stay online during the shutdown
With the network down, Syrians turned to dial-up modems and voice to tweet services to keep communicating. EFF cautioned that these connections were not secure given the government's monitoring.
18. Skype disables password reset page to deal with email-based security 'vulnerability'
On 14 November Skype shut off its password reset page after a flaw let anyone seize an account using only the owner's registered email address. The bug locked legitimate users out and exposed their chat histories until the company stepped in.
19. Social media and internet shutdowns become weapons in Gaza
EFF examined how the Israeli military, Hamas and Anonymous fought a parallel battle across Twitter, YouTube and the wider internet during Operation Pillar of Defence. It flagged the surveillance and connectivity risks facing people in Gaza.
20. Senate defeats the vague Cybersecurity Act again
The Senate again blocked the Cybersecurity Act, which EFF opposed over loose definitions that could let companies sidestep privacy law. EFF warned the bill's broad information sharing powers threatened user privacy.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: