Privacy Roundup #0084 • July 2013
The Snowden disclosures reached full flood in July 2013, as fresh leaks exposed XKeyscore and corporate complicity while courts, lawmakers and breached websites scrambled to respond.
1. Snowden documents reveal XKeyscore, the NSA's widest reaching internet tool
The Guardian published training slides showing that XKeyscore let analysts search the emails, chats and browsing histories of millions of people. The system required only a broad on-screen justification and no warrant or supervisor sign off before a query ran.
2. Microsoft helped the NSA work around its own encryption
Leaked documents indicated that Microsoft gave the agency access to pre-encryption stages of Outlook.com and Hotmail, and helped it collect Skype video and audio. The company insisted that it did not grant any government blanket or direct access to its products.
3. NSA targeted Brazil and the wider Latin American region
Glenn Greenwald reported in O Globo that the NSA collected vast amounts of telephone and email data across Latin America, with Brazil the largest target. Colombia, Venezuela, Mexico and several smaller states were also swept into the programme according to the Snowden files.
4. European Parliament votes to investigate NSA surveillance of EU citizens
Members voted 483 to 98 to instruct the civil liberties committee to conduct an in-depth inquiry into PRISM and related programmes. The resolution also pressed officials to reconsider transatlantic arrangements for sharing banking and travel data.
5. Privacy International challenges GCHQ Tempora before the secret tribunal
The group filed a complaint at the Investigatory Powers Tribunal over bulk interception of undersea cable traffic and British access to American bulk programmes. Nine other civil liberties organisations later submitted similar complaints that the tribunal joined together.
6. Unitarian church and gun groups join EFF to sue the NSA
Nineteen organisations filed First Unitarian Church of Los Angeles v. NSA over the bulk collection of telephone records. The suit argued that recording who calls whom chills the freedom of association protected by the First Amendment.
7. Snowden formally applies for temporary asylum in Russia
Marooned in the transit zone of a Moscow airport after Washington revoked his passport, Snowden filed an asylum application through a Russian lawyer. The request, if granted, would let him remain for up to a year while he sought onward travel to Latin America.
8. Amash-Conyers amendment to defund bulk phone records narrowly fails
The House rejected the bipartisan measure by 205 to 217 after intense lobbying from leadership and the White House. The closeness of the vote signalled growing congressional unease about the metadata programme.
9. NSA director Keith Alexander heckled while defending surveillance at Black Hat
General Alexander delivered a tense keynote that drew both applause and shouts of "Freedom" and "Bullshit" from the security crowd. He insisted the agency did not read everyone's email and claimed the programmes operated under strict oversight.
10. Civil liberties groups ask the FISA court to ungag Google and Microsoft
A coalition including the EFF, ACLU and TechFreedom filed a brief supporting the companies' bid to publish aggregate figures on surveillance orders. They argued that describing one's own dealings with the government is core protected speech.
11. Apple takes its developer centre offline after a breach
Apple confirmed that an intruder had tried to obtain the personal information of registered developers, exposing names, addresses and email addresses. Most data was encrypted, but the portal stayed down for days while the company rebuilt its systems.
12. Ubuntu Forums breach exposes 1.8 million accounts
Attackers defaced the forums and stole every username, email address and hashed password in the database. The passwords were salted but used a weak MD5 scheme, and Canonical urged reuse victims to change credentials everywhere.
13. ACLU report shows licence plate readers tracking millions of innocent drivers
The "You Are Being Tracked" report drew on 26,000 pages of records from some 300 police departments. It found that location data on ordinary motorists was being stored for years with few or no rules on access or retention.
14. Revised children's privacy rule takes effect
The FTC's amended COPPA rule came into force on the first of the month, widening the definition of personal information. Operators of child-directed sites and apps now had to obtain parental consent before collecting geolocation data, photos, audio or persistent identifiers.
15. Yahoo wins the right to unseal its 2008 fight against PRISM
The surveillance court ordered the Justice Department to declassify Yahoo's briefs and the ruling from its earlier challenge to a data directive. The company argued that releasing the record was needed to inform the public debate about how the court reviews government demands.
16. Government declassifies its disputed claim of 54 thwarted plots
Ahead of a Senate Judiciary hearing, officials released documents asserting the bulk programmes had contributed to understanding 54 terrorist cases. Senator Patrick Leahy said he was not convinced that the phone records collection had prevented anything like that number of attacks.
17. Android "Master Key" flaw turns up in malicious apps
Researchers found apps on Chinese marketplaces exploiting a signature verification bug that let attackers tamper with legitimate, signed applications. The flaw affected the overwhelming majority of Android devices and could be used to plant trojans that steal data.
18. German regulators stop approving data transfers to the United States
The conference of German data protection commissioners announced it would issue no new permissions for transfers to the US in light of PRISM. The watchdogs urged Berlin to press the European Commission to suspend the Safe Harbor framework and standard contractual clauses.
19. Tango messaging app loses millions of records to attackers
The Syrian Electronic Army said it had downloaded huge backups of phone numbers, contacts and email addresses from the messaging service. Security researchers blamed an outdated WordPress installation for letting the intruders in.
20. Viber support site defaced after a phishing attack
The same hacking group compromised Viber's support systems and posted a screenshot of user records including phone numbers, device identifiers and IP addresses. Viber said the breach reached only minor support tools and that its main user database was kept beyond reach.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: