The HP study focused purely on custom business apps, but there’s no reason to believe the issue doesn’t extend to commercial apps you find in the Apple App Store or Google Play. Many apps have access to data or permission to perform functions they shouldn’t. [...]
The security risks in apps go beyond permissions, though. There are issues in how the apps integrate with core functions of the mobile operating system, as well as how they interact with and share information with one another. Read more »
Archive for the ‘Identification’ Category
AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo have joined to launch ReformGovernmentSurveillance.com. The companies write that they “believe that it is time for the world’s governments to address the practices and laws regulating government surveillance of individuals and access to their information” and urge reform of government surveillance laws. “Consistent with established global norms of free expression and privacy and with the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight, we hereby call on governments to endorse the following principles and enact reforms that would put these principles into action,” the companies write.
Visit the site to learn about the five principles for reform of government surveillance that the companies are advocating and to read their open letter to Washington.
To recap: In the last year, there has been increasing focus on the issue of domestic use of aerial drones (also known as “unmanned aerial vehicles” or “unmanned aircraft systems,” UAV or UAS) to conduct surveillance. Months ago, Congress approved the FAA reauthorization bill, which includes a provision to integrate the use of aerial surveillance by drones in the United States by 2015. In July, drone makers sought to answer concerns by releasing voluntary guidelines, but privacy questions remain. Also, there are security questions, as well, as a recent drone “hijacking” proves. Recently, the FAA released its roadmap (pdf) for integrating the use of drones into domestic airspace as well as final privacy requirements (pdf) for the test-site program.
This year, several states have passed or considered laws restricting the use of drones for surveillance in the United States. In February, Charlottesville, Va., became the first city in the United States to pass legislation against the domestic use of drones. U.S. News and World Report says: “The resolution, passed Monday, ‘calls on the United States Congress and the General Assembly of the Commonwealth of Virginia to adopt legislation prohibiting information obtained from the domestic use of drones from being introduced into a Federal or State court,’ and ‘pledges to abstain from similar uses with city-owned, leased, or borrowed drones.’” In April, Idaho passed a law, SB 1134, that would restrict the use of UAVs by law enforcement officials. Read more »
The Washington Post reports that an investigation by Sen. Edward J. Markey (D-Mass.) has revealed that “Federal, state and local law enforcement agencies conducting criminal investigations collected data on cellphone activity thousands of times last year, with each request to a phone company yielding hundreds or thousands of phone numbers of innocent Americans along with those of potential suspects.”
Law enforcement made more than 9,000 requests last year for what are called “tower dumps,” information on all the calls that bounced off a cellphone tower within a certain period of time, usually two or more hours, a congressional inquiry has revealed.
The little-known practice has raised concerns among federal judges, lawmakers and privacy advocates who question the harvesting of massive amounts of data on people suspected of no crime in order to try to locate a criminal. Data linked to specific cell towers can be used to track people’s movements. Read more »
In an opinion column for InformationWeek, Joe Rubin, acting head of Federal Government Affairs for the technology trade association TechAmerica, writes about the need for major updates to electronic privacy laws:
Last month’s release of Google’s Transparency Report detailing government and court requests for user data highlights a growing challenge to service providers like Google and other technology companies: How to meet the skyrocketing number of requests from government authorities for data while working under murky and unclear guidelines.
The report reveals that demands by US law enforcement agencies for user account data from Google rose 30% in the last six months. A significant percentage of these demands come from civil regulatory agencies who want access to users’ email and other stored documents from online providers — using subpoenas they issue themselves, with no judicial or other third-party review. [...]
TechAmerica, like the rest of the technology community, consumer groups, privacy advocates, and others, are supporting legislation that would ensure that government agencies should be able to access these files only with a warrant issued by a judge. Read more »
In a post on the Official Microsoft Blog, Microsoft General Counsel Brad Smith announced changes that the company is making amid concerns about government surveillance, especially in light of revelations by ex-National Security Agency contractor Edward Snowden. Smith wrote: That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data.
Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.
If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.
In light of these allegations, we’ve decided to take immediate and coordinated action in three areas: Read more »