Americans are wary about IoT privacy

Americans are in an “it depends” state when it comes to disclosing personal information over internet-connected devices, according to a new Pew Research Center study. The study proposed different scenarios to which 461 Americans expressed whether they believed being monitored by a device was acceptable, not acceptable, or depended on the situation. Pew Research Center found that some scenarios were acceptable to the majority of Americans, but the answers often came with caveats. For example, most consumers find a security camera in the office acceptable, but with restrictions; one person said, “It depends on whether I would be watched and filmed every minute of the day during everything I do.”

Here are the responses to the IoT-related scenarios the study presented:

• Office surveillance cameras: More than half (54%) of Americans believe that it’s acceptable for a surveillance camera in the workplace, making it the most acceptable of the six proposed scenarios. Another 21% answered “it depends,” while 24% said it would not be acceptable.

• Sharing health information with your doctor: 52% of Americans believe it’s acceptable for their doctor to utilize a website to manage patient records and schedule appointments, 20% answered “it depends,” and 26% thought it was not acceptable. This correlates with iTriage survey, which indicated that 76% of consumers feel comfortable transferring wearable health data to their practitioner. 

• Usage-based auto insurance: 37% of respondents answered it was acceptable for auto insurance companies to collect information via a UBI dongle, such as Progressive’s Snapshot, and offer discounts for safe driving. 45% said it was not acceptable, while 16% said “it depends.”

• Smart thermostat: 27% of respondents said it was acceptable for a smart thermostat in the house to track where the occupant is and share that data. More than half of respondents (55%) said it was not acceptable, and 17% answered “it depends.”

Through focus groups and open-ended answers, Pew narrowed down the top reasons consumers believe sharing information is unacceptable: Through focus groups and open-ended answers, Pew narrowed down the top reasons consumers believe sharing information is unacceptable:

1) The threat of scammers and hackers;
2) Being repeatedly marketed from companies collecting data;
3) They do not want to share their location;
4) They think it’s “creepy”;
5) The companies collecting the data have ulterior motives to use it.

Data privacy will continue to be a big trend as the Internet of Things market matures. Device makers should be transparent about the data being collected and what it’s used for. Further, they should ensure the devices and their associated data storage bases are secure.

To read more of this article and the original story follow this link to Business Insider.

Visit the Wrong Website, and the FBI Could End Up in Your Computer

Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers’ clutches within minutes.

Now the technique is being adopted by a different kind of a hacker—the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.

The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it’s also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants. Critics also worry about mission creep, the weakening of a technology relied on by human rights workers and activists, and the potential for innocent parties to wind up infected with government malware because they visited the wrong website. “This is such a big leap, there should have been congressional hearings about this,” says ACLU technologist Chris Soghoian, an expert on law enforcement’s use of hacking tools. “If Congress decides this is a technique that’s perfectly appropriate, maybe that’s OK. But let’s have an informed debate about it.”

The FBI’s use of malware is not new. The bureau calls the method an NIT, for “network investigative technique,” and the FBI has been using it since at least 2002 in cases ranging from computer hacking to bomb threats, child porn to extortion. Depending on the deployment, an NIT can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computer’s name and address, and then evaporates.

What’s changed is the way the FBI uses its malware capability, deploying it as a driftnet instead of a fishing line. And the shift is a direct response to Tor, the powerful anonymity system endorsed by Edward Snowden and the State Department alike.

Tor is free, open-source software that lets you surf the web anonymously. It achieves that by accepting connections from the public Internet—the “clearnet”—encrypting the traffic and bouncing it through a winding series of computers before dumping it back on the web through any of over 1,100 “exit nodes.”

The system also supports so-called hidden services—special websites, with addresses ending in .onion, whose physical locations are theoretically untraceable. Reachable only over the Tor network, hidden services are used by organizations that want to evade surveillance or protect users’ privacy to an extraordinary degree. Some users of such service have legitimate and even noble purposes—including human rights groups and journalists. But hidden services are also a mainstay of the nefarious activities carried out on the so-called Dark Net: the home of drug markets, child porn, murder for hire, and a site that does nothing but stream pirated My Little Pony episodes.

Law enforcement and intelligence agencies have a love-hate relationship with Tor. They use it themselves, but when their targets hide behind the system, it poses a serious obstacle. Last month, Russia’s government offered a $111,000 bounty for a method to crack Tor.

The FBI debuted its own solution in 2012, in an investigation dubbed “Operation Torpedo,” whose contours are only now becoming visible through court filings.

Operation Torpedo began with an investigation in the Netherlands in August 2011. Agents at the National High Tech Crime Unit of the Netherlands’ national police force had decided to crack down on online child porn, according to an FBI affidavit. To that end, they wrote a web crawler that scoured the Dark Net, collecting all the Tor onion addresses it could find.

The NHTCU agents systematically visited each of the sites and made a list of those dedicated to child pornography. Then, armed with a search warrant from the Court of Rotterdam, the agents set out to determine where the sites were located.

That, in theory, is a daunting task—Tor hidden services mask their locations behind layers of routing. But when the agents got to a site called “Pedoboard,” they discovered that the owner had foolishly left the administrative account open with no password. They logged in and began poking around, eventually finding the server’s real Internet IP address in Bellevue, Nebraska.

They provided the information to the FBI, who traced the IP address to 31-year-old Aaron McGrath. It turned out McGrath was hosting not one, but two child porn sites at the server farm where he worked, and a third one at home.

Instead of going for the easy bust, the FBI spent a solid year surveilling McGrath, while working with Justice Department lawyers on the legal framework for what would become Operation Torpedo. Finally, on November 2012, the feds swooped in on McGrath, seized his servers and spirited them away to an FBI office in Omaha.

A federal magistrate signed three separate search warrants: one for each of the three hidden services. The warrants authorized the FBI to modify the code on the servers to deliver the NIT to any computers that accessed the sites. The judge also allowed the FBI to delay notification to the targets for 30 days.

This NIT was purpose-built to identify the computer, and do nothing else—it didn’t collect keystrokes or siphon files off to the bureau. And it evidently did its job well. In a two-week period, the FBI collected IP addresses, hardware MAC addresses (a unique hardware identifier for the computer’s network or Wi-Fi card) and Windows hostnames on at least 25 visitors to the sites. Subpoenas to ISPs produced home addresses and subscriber names, and in April 2013, five months after the NIT deployment, the bureau staged coordinated raids around the country.

Today, with 14 of the suspects headed toward trial in Omaha, the FBI is being forced to defend its use of the drive-by download for the first time. Defense attorneys have urged the Nebraska court to throw out the spyware evidence, on the grounds that the bureau concealed its use of the NIT beyond the 30-day blackout period allowed in the search warrant. Some defendants didn’t learn about the hack until a year after the fact. “Normally someone who is subject to a search warrant is told virtually immediately,” says defense lawyer Joseph Gross Jr. “What I think you have here is an egregious violation of the Fourth Amendment.”

But last week U.S. Magistrate Judge Thomas Thalken rejected the defense motion, and any implication that the government acted in bad faith. “The affidavits and warrants were not prepared by some rogue federal agent,” Thalken wrote, “but with the assistance of legal counsel at various levels of the Department of Justice.” The matter will next be considered by U.S. District Judge Joseph Bataillon for a final ruling.

The ACLU’s Soghoian says a child porn sting is probably the best possible use of the FBI’s drive-by download capability. “It’s tough to imagine a legitimate excuse to visit one of those forums: the mere act of looking at child pornography is a crime,” he notes. His primary worry is that Operation Torpedo is the first step to the FBI using the tactic much more broadly, skipping any public debate over the possible unintended consequences. “You could easily imagine them using this same technology on everyone who visits a jihadi forum, for example,” he says. “And there are lots of legitimate reasons for someone to visit a jihadi forum: research, journalism, lawyers defending a case. ACLU attorneys read Inspire Magazine, not because we are particularly interested in the material, but we need to cite stuff in briefs.”

Soghoian is also concerned that the judges who considered NIT applications don’t fully understand that they’re being asked to permit the use of hacking software that takes advantage of software vulnerabilities to breach a machine’s defenses. The Operation Torpedo search warrant application, for example, never uses the words “hack,” “malware,” or “exploit.” Instead, the NIT comes across as something you’d be happy to spend 99 cents for in the App Store. “Under the NIT authorized by this warrant, the website would augment [its] content with some additional computer instructions,” the warrant reads.

From the perspective of experts in computer security and privacy, the NIT is malware, pure and simple. That was demonstrated last August, when, perhaps buoyed by the success of Operation Torpedo, the FBI launched a second deployment of the NIT targeting more Tor hidden services.

This one—still unacknowledged by the bureau—traveled across the servers of Freedom Hosting, an anonymous provider of turnkey Tor hidden service sites that, by some estimates, powered half of the Dark Net.

This attack had its roots in the July 2013 arrest of Freedom Hosting’s alleged operator, one Eric Eoin Marques, in Ireland. Marques faces U.S. charges of facilitating child porn—Freedom Hosting long had a reputation for tolerating child pornography.

Working with French authorities, the FBI got control of Marques’ servers at a hosting company in France, according to testimony in Marques’ case. Then the bureau appears to have relocated them—or cloned them—in Maryland, where the Marques investigation was centered.

On August 1, 2013, some savvy Tor users began noticing that the Freedom Hosting sites were serving a hidden “iframe”—a kind of website within a website. The iframe contained Javascript code that used a Firefox vulnerability to execute instructions on the victim’s computer. The code specifically targeted the version of Firefox used in the Tor Browser Bundle—the easiest way to use Tor.

This was the first Tor browser exploit found in the wild, and it was an alarming development to the Tor community. When security researchers analyzed the code, they found a tiny Windows program hidden in a variable named “Magneto.” The code gathered the target’s MAC address and the Windows hostname, and then sent it to a server in Virginia in a way that exposed the user’s real IP address. In short, the program nullified the anonymity that the Tor browser was designed to enable.

As they dug further, researchers discovered that the security hole the program exploited was already a known vulnerability called CVE-2013-1690—one that had theoretically been patched in Firefox and Tor updates about a month earlier. But there was a problem: Because the Tor browser bundle has no auto-update mechanism, only users who had manually installed the patched version were safe from the attack. “It was really impressive how quickly they took this vulnerability in Firefox and extrapolated it to the Tor browser and planted it on a hidden service,” says Andrew Lewman, executive director of the nonprofit Tor Project, which maintains the code.

The Freedom Hosting drive-by has had a lasting impact on the Tor Project, which is now working to engineer a safe, private way for Tor users to automatically install the latest security patches as soon as they’re available—a move that would make life more difficult for anyone working to subvert the anonymity system, with or without a court order.

Unlike with Operation Torpedo, the details of the Freedom Hosting drive-by operation remain a mystery a year later, and the FBI has repeatedly declined to comment on the attack, including when contacted by WIRED for this story. Only one arrest can be clearly tied to the incident—that of a Vermont man named Grant Klein who, according to court records, was raided in November based on an NIT on a child porn site that was installed on July 31, 2013. Klein pleaded guilty to a single count of possession of child pornography in May and is set for sentencing this October.

But according to reports at the time, the malware was seen, not just on criminal sites, but on legitimate hidden services that happened to be hosted by Freedom Hosting, including the privacy protecting webmail service Tormail. If true, the FBI’s drive-by strategy is already gathering data on innocent victims.

Despite the unanswered questions, it’s clear that the Justice Department wants to scale up its use of the drive-by download. It’s now asking the Judicial Conference of the United States to tweak the rules governing when and how federal judges issue search warrants. The revision would explicitly allow for warrants to “use remote access to search electronic storage media and to seize or copy electronically stored information” regardless of jurisdiction.

The revision, a conference committee concluded last May (.pdf), is the only way to confront the use of anonymization software like Tor, “because the target of the search has deliberately disguised the location of the media or information to be searched.”

Such dragnet searching needs more scrutiny, Soghoian says. “What needs to happen is a public debate about the use of this technology, and the use of these techniques,” he says. “And whether the criminal statutes that the government relies on even permit this kind of searching. It’s one thing to say we’re going to search a particular computer. It’s another thing to say we’re going to search every computer that visits this website, without knowing how many there are going to be, without knowing what city, state or countries they’re coming from.”

“Unfortunately,” he says, “we’ve tiptoed into this area, because the government never gave notice that they were going to start using this technique.”

For more information follow the source link below.

Source: Wired

Beware New IRS Phishing Scam

The IRS warns of a new email phishing scam with hooks that look like they are from the IRS Taxpayer Advocate Service. They’re not. The scammers say your 2013 income is being reviewed and that the Taxpayer Advocate Service will help resolve it. Just click these links! Don’t!

Taxpayers who get these messages should not respond or click any links. Forward the scam emails to the IRS at phishing@irs.gov. For more information, visit the IRS’s Report Phishing web page.

Can you phish or fish as a business? Maybe. In Lowe v. Commissioner, Janice Lowe was the primary breadwinner, working full time as controller for a steel company for 38 years. Her husband Steve worked on home improvements from 1986 to 1999. And he fished.

When he attended a fishing tournament with a prize of $6,000, it spawned his interest in tournament fishing. Believing it would be like shooting fish in a barrel, Steve took to tournaments like a fish to water. Steve competed in 26 tournaments and eked out gross income of $4,241 in 2005. He entered 15 tournaments in 2006, and his gross income swelled to $10,932.

That may sound like a pretty full creel. Until you look at Steve’s expenses, that is. He racked up nearly $100,000 of expenses between 2005 and 2006, losing almost $50,000 in 2005 and $40,000 in 2006. But was he trying to land a profit? He said he was, but the IRS thought it was a fish story.

That meant Tax Court. Steve showed that he read books, magazines and newspapers about fishing. He even consulted professional fishermen seeking to improve profitability, so he was no bottom-feeder. Unfortunately, Steve’s tournament track record spoke for itself.

Steve may have had the best of intentions, but his winnings were never close to covering his entry fees, let alone his travel costs or depreciation on his equipment. Steve’s fishing activities seemed more recreational than business. Steve testified that his fishing started out as recreational.

But by 2005, he lamented, it was sure no fun! Professional fishing turned out to be a different kettle of fish. Despite all the points in Steve’s favor, the Tax Court found that Steve really hadn’t shown that he intended to make a profit. Plus, Steve hit a major snag, a veritable underwater redwood: He consistently entered his spouse as his tournament partner.

Steve’s breadwinning wife always went along and he deducted all her entry fees, but she never fished. This gave him a built-in handicap in the tournaments. By registering as a team, but with only Steve fishing, he had to catch twice as many fish! This conduct was inconsistent with intending to make a profit, said the court.

After considering all the factors, the Tax Court concluded that Steve’s fishing activity was not for profit. That meant no deductions. Still, Steve was reasonable and the court seemed to like him. So no penalties either. This is no fish story.

For more information and the original article follow the source link below.

Source: Forbes

BlackBerry First To Receive “Full Operational Capability” On U.S. DoD Networks

BlackBerry received a huge win today, as the company announced BlackBerry 10 is the first mobile operating system to have achieved Full Operational Capability on the DoD networks of the United States government.

Below is the entire press release.

BlackBerry First to Receive Coveted “Full Operational Capability” on U.S. Department of Defense Networks

Validation completes DISA’s certification process for BlackBerry 10 mobility management platform

WATERLOO, ONTARIO–(Marketwired – March 27, 2014) – BlackBerry Limited (NASDAQ: BBRY)(TSX: BB), a world leader in mobile communications, today announced that BlackBerry® 10 has become the first mobility solution to receive Full Operational Capability (FOC) to run on U.S. Department of Defense (DoD) networks from the U.S. Defense Information Systems Agency (DISA). The designation follows the Company’s Authority to Operate (ATO) certification and enables government users with a BlackBerry 10 smartphone connected with BlackBerry® Enterprise Service 10 (BES10) to securely access email, data, apps and other DoD network resources.

BlackBerry was the first Mobile Device Management (MDM) provider to earn ATO and becomes the only vendor with FOC. The granting of FOC completes BlackBerry’s security certification process with the DoD.

“As the first mobile solutions provider to achieve FOC, BlackBerry continues to prove why we are the most trusted enterprise mobility platform,” said John Sims, President of Global Enterprise Services at BlackBerry. “BlackBerry worked side-by-side with DISA to help certify the BlackBerry 10 solution offering the U.S. government an end-to-end mobile infrastructure that does not compromise on security and provides the most productive and collaborative mobile experience.”

FOC allows government employees to realize the full security, productivity, communication and collaboration benefits of the BlackBerry 10 solution. One of the key features now available to DoD customers with a BlackBerry 10 smartphone is BlackBerry® Balance™ technology, which allows users to instantly toggle between work and personal profiles. BlackBerry Balance separates and secures work data from personal content, allowing the user to gain secure access to DoD network resources, along with the full benefits of a consumer experience. BlackBerry 10 smartphones are the only DoD-approved smartphones with this capability.

About BlackBerry

A global leader in mobile communications, BlackBerry® revolutionized the mobile industry when it was introduced in 1999. Today, BlackBerry aims to inspire the success of our millions of customers around the world by continuously pushing the boundaries of mobile experiences. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Asia Pacific and Latin America. The Company trades under the ticker symbols “BB” on the Toronto Stock Exchange and “BBRY” on the NASDAQ. For more information, visit http://www.blackberry.com.

Forward-looking statements in this news release are made pursuant to the “safe harbor” provisions of the U.S. Private Securities Litigation Reform Act of 1995 and applicable Canadian securities laws. When used herein, words such as “expect”, “anticipate”, “estimate”, “may”, “will”, “should”, “intend”, “believe”, and similar expressions, are intended to identify forward-looking statements. Forward-looking statements are based on estimates and assumptions made by BlackBerry Limited in light of its experience and its perception of historical trends, current conditions and expected future developments, as well as other factors that BlackBerry believes are appropriate in the circumstances. Many factors could cause BlackBerry’s actual results, performance or achievements to differ materially from those expressed or implied by the forward-looking statements, including those described in the “Risk Factors” section of BlackBerry’s Annual Information Form, which is included in its Annu al Report on Form 40-F (copies of which filings may be obtained at http://www.sedar.com or http://www.sec.gov). These factors should be considered carefully, and readers should not place undue reliance on BlackBerry’s forward-looking statements. BlackBerry has no intention and undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

BlackBerry and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. All other marks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.

Skype Twitter Account Hacked, Group Posts Anti-Microsoft Sentiments

It looks like 2014 is off to a series of hacks, with our report earlier claiming that Snapchat was hacked, compromising some 4.6 million user names and phone numbers in the process, and now it looks like Microsoft’s Skype Twitter and Facebook accounts have been hacked by the Syrian Electronic Army, who have in the past successfully hacked Twitter, The Financial Times, and The Washington Post just to name a few. The group took the opportunity to tweet out some anti-Microsoft sentiments, and advised the followers to stop using Microsoft’s services due to monitoring, which we can only assume has to be related to the recent bout of accusations leveled at the NSA.

According to the tweet, “Don’t use Microsoft emails(hotmail,outlook), they are monitoring your accounts and selling the data to the governments. More details soon #SEA.” The tweets have since been deleted which we can only assume means that Microsoft has managed to regain control of their accounts. Thankfully unlike the Snapchat hack, this was only the hack of Microsoft’s Twitter and Facebook pages, meaning that as far as user information is concerned, it appears to be still intact. Microsoft has yet to respond to the hack.

Source: Ubergizmo

Healthcare.gov Website Allegedly Violates Software GPL, Omits Licensing Information

Healthcare.gov, the new government website designed to help Americans find and apply for health insurance plans across 36 of the 50 states (14 states have their own health insurance exchanges) hasn’t had a smooth rollout. Troubles have dogged the site from Day 1, and a recent discovery isn’t going to help matters, even if it’s just an embarrassing faux pas. British developer SpryMedia has found its own code being used on Healthcare.gov. There’s nothing intrinsically wrong with that, since the code in question is licensed under the GPL, as shown below.

But on Healthcare.gov, the aforementioned section of sript states only:

Comparisons of comments within the DataTables script by SpryMedia and the Healthcare.gov have turned up multiple instances of exact comments, so the government’s work is clearly based on SpryMedia’s. But why remove the code attribution? It turns out, there’s reason to think this may have been a genuine accident. The company that developed the website front-end, Development Seed, is devoted to open source work and passionate about giving back to both the larger world community and the programming world in particular. Companies devoted to promoting open data and universal access do not, as a rule, run about ripping off other open source contributors.

Until this week, the entire front-end of the government website was available for download on GitHub, and while it’s not clear why that repository has vanished, a great many eyeballs have been pointed at it for several weeks. The general consensus is that Healthcare.gov’s various problems and glitches have been driven by issues with the backend of the website, which was developed by other contractors, like Oracle.

Sprymedia is less-than thrilled about the discovery and has yet to receive a response, but it’s not clear who has even been manning the phones during the shutdown. Hopefully with the government reactivating, this kind of issue gets fixed immediately. It might seem a small thing, given the range of other problems, but the fact that it is a small issue means it’s also quickly and easily fixed. Proper acknowledgment of the GPL2 has proven to have teeth in court before, but this should be addressed long before that point.

Source: Hot Hardware

NSA spied on Mexican President’s emails: Report

Even foreign governments are no match for the NSA’s reach, with documents now showing that it could read the Mexican president’s email.

The US has been snooping on the inbox belonging to former Mexican President Felipe Calderon, according to documents leaked to Der Spiegel.

The documents were leaked by whistleblower Edward Snowden and, according to Der Spiegel, reveal that in May 2010, the National Security Agency’s (NSA) Tailored Access Operations division was successful in compromising an email server within the Mexican presidential network. This would provide the NSA with access to emails from the president’s own email account, as well as those of Cabinet members who also use the same server.

The NSA is alleged to boast about the achievement in the documents, noting that it now has access to “diplomatic, economic and leadership communications”.

The issue of spying on Mexico reaches further back than the presidential office. Further documents obtained by Der Spiegel show that the department responsible for regulating drug trade and human trafficking, the Public Security Secretariat, had been similarly compromised in August 2009.

Documents as recent as April 2013 show that Mexico’s leaders were a priority target for surveillance, as well as Brazil.

Brazil’s recent announcement over the security of its email may indicate that it is aware of the US surveillance campaign against its communications, however.

The country’s President Dilma Rousseff has tasked one of its departments with creating a system to ensure its email is free from espionage attempts. She previously lashed out at the US after earlier leaked documents showed that her country was being spied on.
NSA director Keith Alexander and his deputy John Inglis are soon expected to leave the US spy agency, but the NSA denies that their departures have anything to do with the recent media attention.

Source: ZDNet

Amazon Defeats IBM In $600 Million CIA Contract Case

It was rumored back in March that Amazon had been awarded a $600 million contract by the CIA to develop a cloud computing infrastructure for the clandestine agency. It is believed that this new infrastructure will cut costs for the CIA as it looks to build a new way to handle enormous amounts of data efficiently. 

When Amazon was named as the provider, IBM moved the court to reopen bidding for the contract. IBM had concerns on the process through which the contract had been awarded to Amazon, it believed that the prices were not properly evaluated and that a contract requirement had been waived for Amazon. The effort to reopen bidding has been squashed by Amazon in court.

The hammer was laid down by Judge Thomas Wheeler of the U.S. Court of Federal Claims in Washington. IBM is obviously not happy. The company says in a statement that it is “disappointed” with the ruling made by the court and that it plans to file an appeal against this decision.

IBM goes on to say that in light of current times this decision is “especially inappropriate,” adding that IBM’s bid was superior in a number of ways while also being “substantially more cost-effective.” Amazon is yet to comment on this ruling, but it seems to be far from a victory, given that IBM is showing no signs of backing off any time soon.

Source: Ubergizmo

Bruce Schneier: NSA Spying Is Making Us Less Safe

The security researcher Bruce Schneier, who is now helping the Guardian newspaper review Snowden documents, suggests that more revelations are on the way.

Bruce Schneier, a cryptographer and author on security topics, last month took on a side gig: helping the Guardian newspaper pore through documents purloined from the U.S. National Security Agency by contractor Edward Snowden, lately of Moscow.

In recent months that newspaper and other media have issued a steady stream of revelations, including the vast scale at which the NSA accesses major cloud platforms, taps calls and text messages of wireless carriers, and tries to subvert encryption.  

This year Schneier is also a fellow at Harvard’s Berkman Center for Internet and Society. In a conversation there with David Talbot, chief correspondent of MIT Technology Review, Schneier provided perspective on the revelations to date—and hinted that more were coming.

Continue reading by clicking the source link below.

Source: MIT Technology Review

AT&T Gives DEA 26 Years of Phone Call Records to Wage “War on Drugs”

AT&T provides the US Drug Enforcement Administration (DEA) with records of Americans’ phone calls dating back to 1987 as part of a surveillance program that goes beyond the scope of the National Security Agency’s (NSA) call collection, the New York Times reported Sunday.

Besides covering a longer time span, the program is unlike the NSA’s data collection because it “includes information on the locations of callers,” the report said.

“For at least six years, law enforcement officials working on a counternarcotics program have had routine access, using subpoenas, to an enormous AT&T database that contains the records of decades of Americans’ phone calls—parallel to but covering a far longer time than the National Security Agency’s hotly disputed collection of phone call logs,” the Times wrote. “The government pays AT&T to place its employees in drug-fighting units around the country. Those employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987.”

Read More by following the source link below.

Source: Ars Technica