Uncategorized

Friday Shorts – Stingrays,

November 7, 2015 mitch tanenbaum Leave a comment

It’s Friday, so here is a collection of odds and ends –

Rep. Chaffetz (R-Utah) introduced a bill this week to require state and local law enforcement to follow the same rules the FBI started following recently. As a result of the policy that the DoJ just released, DoJ agencies now have to get a warrant before deploying a Stingray cell phone interceptor. The Stingray is kind of invasive – sweeping up all cell traffic, sometimes including text messages – within the radius of coverage. Once the Stingray decides you are not it’s target, it will drop you – and maybe your call as well while collecting all of your traffic until it releases your phone. The bill will also require law enforcement to stop being sleazy when going before a judge to get a warrant to use the Stingray – as reports have indicated they have been less than honest in the past. In part, this is due to a desire by Harris, who makes the Stingray, to keep the system under the radar. Of course, this bill still has to go through the legislative process, so who knows what or if anything will become law.
Mozilla released Firefox 42 this week. Besides fixing a number of bugs, including some high severity ones, it adds a new privacy and anti-tracking feature. The new feature, when the user invokes it, will actively block ads, analytics trackers and social media trackers that record the user’s behavior and report it to third parties. It is adjustable on a site by site basis.
UK Home Secretary Theresa May confirmed that the UK government will seek to force all ISPs to store Internet access data for all users for a year. While it won’t have to keep data at the page level, it will have to keep data at the site level. Given things like TOR and VPNs, this is both invasive and meaningless as it will be easy to bypass. While the bill does not ban end to end encryption as had been predicted, it does say that ISPs must take reasonable steps to provide data in response to warrants unencrypted – without defining reasonable. It also codifys what GCHQ and other agencies have been doing for years – breaking in to user’s computers and phones – including ones in other countries like, say, the US. The bill has been called the “Snooper’s Charter” by some.
Two of the largest employee background check firms have to pay consumers $10.5 million and pay the government a penalty of $2.5 million for selling inaccurate information about job applicants to employers. The reports provide information such as criminal background records and information that is not legally allowed to be included in consumer reports. Part of the problem is these firms run the checks based on first and last name and don’t have a method for resolving confusion between similar names. Apparently 70% of the disputed criminal history complaints resulted in a change or correction – maybe after the people who’s criminal history was wrongly reported lost the job opportunity.
And finally, as Apple and the DoJ fight over unlocking an iPhone, the government is invoking the All Writs Act – a revolutionary war era law as the basis of their requiring Apple to unlock the phone. The government is saying that since Apple doesn’t sell you the software, they are still the owner and therefore, the All Writs Act authorizes the court to issue All Writs necessary or appropriate to unlock it. I am sure that the framers of the Constitution did not anticipate it being used to unlock an iPhone. In the past, courts have rubber stamped these requests to have manufacturers unlock phones. This time Apple appears to have found a judge who is willing to question this. If the judge sides with the government, then any software developer anywhere could be forced to help the government bypass encryption or help the government in other unspecified ways – for example, retrieving data created by any application. Stay tuned.

Information on the Stingray bill came from Wired.

Information on the Firefox 42 came from SC Magazine.

Information on employee background check firms came from Credit.com.

Information on the All Writs Act came from JustSecurity.org.