benrothke writes "Had Locked Down: Information Security for Lawyers not been published by the American Bar Association (ABA) and 2 of its 3 authors not been attorneys; one would have thought the book is a reproach against attorneys for their obliviousness towards information security and privacy. In numerous places, the book notes that lawyers are often clueless when it comes to digital security. With that, the book is a long-overdue and valuable information security reference for anyone, not just lawyers." Read below for the rest of Ben's review.

cold fjord writes "A healthcare provider has sued the Internal Revenue Service and 15 of its agents, charging they wrongfully seized 60 million medical records from 10 million Americans ... [The unnamed company alleges] the agency violated the Fourth Amendment in 2011, when agents executed a search warrant for financial data on one employee – and that led to the seizure of information on 10 million, including state judges. The search warrant did not specify that the IRS could take medical information, UPI said. And information technology officials warned the IRS about the potential to violate medical privacy laws before agents executed the warrant, the complaint said." Also at Nextgov.com.

An anonymous reader writes "Having entered my personal details (full real name, home address) to websites with an 'https://' prefix in order to purchase goods, I am still being sent emails from companies (or their agents) which include, in plain text, those same details I have entered over a secure connection. These are often companies which are very keen to tell you how much they value your privacy and how they will not pass your details on to third parties. What recourse does one have to tell them to desist from such behaviour whilst still doing business with them if their products are otherwise desirable? I email the relevant IT team as a matter of course to tell them it's not appropriate (mostly to no avail), but is there any legislation — in any territory — which addresses this?"

theodp writes "The last thing Wired's Mat Honan remembered before awaking on the self-driving boat that dropped him on the island was sitting through a four-hour Google I/O keynote in Moscone Center and hearing Google CEO Larry Page promote a vision of a utopia where society could be free to innovate and experiment, unencumbered by government regulations or social norms. 'Welcome to Google Island,' a naked-save-for-a-pair-of-eyeglasses Larry Page tells Honan. 'As soon as you hit Google's territorial waters, you came under our jurisdiction, our terms of service. Our laws — or lack thereof — apply here. By boarding our self-driving boat you granted us the right to all feedback you provide during your journey. This includes the chemical composition of your sweat. Remember when I said at I/O that maybe we should set aside some small part of the world where people could experiment freely and examine the effects? I wasn't speaking theoretically. This place exists. We built it.'"

An anonymous reader writes "In a decision that's almost certainly going to result in this issue heading up to the Supreme Court, the Federal 1st Circuit Court of Appeals [Friday] ruled that police can't search your phone when they arrest you without a warrant. That's contrary to most courts' previous findings in these kinds of cases where judges have allowed warrantless searches through cell phones." (But in line with the recently mentioned decision in Florida, and seemingly with common sense.)

Techmeology writes "In response to declining utility of CALEA mandated wiretapping backdoors due to more widespread use of cryptography, the FBI is considering a revamped version that would mandate wiretapping facilities in end users' computers and software. Critics have argued that this would be bad for security (PDF), as such systems must be more complex and thus harder to secure. CALEA has also enabled criminals to wiretap conversations by hacking the infrastructure used by the authorities. I wonder how this could ever be implemented in FOSS."

Today eight members of the U.S. Congress have sent a letter to Google's Larry Page, asking him to address a number of privacy concerns about Google Glass. In the letter (PDF), they brought up the company's notorious Street View data collection incident, and asked how the company was planning to avoid a similar privacy breach with Glass. They also ask how Google is going to build Glass to protect the privacy of non-users who may not want their every public move to be recorded. Further, they ask about the security of recordings once they are made: "Will Google Glass have the capacity to store any data on the device itself? If so, will Google Glass implement some sort of user authentication system to safeguard stored data? If not, why not?" Google has until July 14th to respond.

hypnosec writes "Mozilla is not going ahead with its plans to block third-party cookies by default in the Beta version of its upcoming Firefox 22. Mozilla needs more time to analyze the outcome of blocking these cookies. The non-profit organization released Firefox Aurora on April 5 with a patch by Jonathan Mayer built into it which would only allow cookies from those websites which the user has visited. The patch would block the ones from sites which hadn't been visited yet. The reason for Mozilla's change in plans is that they're currently looking into 'false positives.' If a user visits one part of a group of site, cookies from that part will be allowed, but cookies from related sites in the group may be blocked, and they're worried it will create a poor user experience. On the other side of the coin, there are 'false negatives.' Just because a user may have visited a particular site doesn't mean she is comfortable with the idea of being tracked."

jfruh writes "Larry Page revealed that he'd been suffering from a vocal cord ailment that impaired his ability to speak for more than a year. The positive feedback he got from opening up about it inspired him to tell attendees at Google I/O that we should all be less uptight about keeping our medical records private. As far as Page is concerned, pretty much the only legitimate reason for worry on this score is fear of being denied health insurance. 'Maybe we should change the rules around insurance so that they have to insure people,' he said."

First time accepted submitter Stratus311 writes "An article from The Verge shows a video leaked from Microsoft that parodies Google's Chrome ad. From the article: 'Microsoft and Google have been locked in a war of words over a YouTube Windows Phone app, but in the midst of the arguments a new Scroogled ad has emerged. Designed to be an internal-only video, a copy has somehow managed to find its way onto the web right in the middle of Google's I/O developer conference.'" "Somehow" leaked.

itwbennett writes "Contrary to recent reports, data broker Acxiom is not planning to give consumers access to all the information they've collected on us. That would be too great a challenge for the giant company, says spokesperson Alexandra Levy. Privacy blogger Dan Tynan recently spoke with Jennifer Barrett Glasgow, Chief Privacy Officer at Acxiom (she claims to be the very first CPO) about how the company collects information and what they do with it. This should give you some small measure of comfort: 'We don't know that you bought a blue shirt from Lands End. We just know the kinds of products you are interested in. We're trying to get a reasonably complete picture of your household and what the individuals who live there like to do,' says Glasgow."

Today The New Yorker unveiled a project called Strongbox, which aims to let sources share tips and leaks with the news organization in a secure manner. It makes use of the TOR network and encrypts file uploads with PGP. Once the files are uploaded, they're transferred via thumb-drive to a laptop that isn't connected to the internet, which is erased every time it is powered on and booted with a live CD. The publication won't record any details about your visit, so even a government request to look at their records will fail to find any useful information. "There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards." Strongbox is actually just The New Yorker's version of a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before his death. DeadDrop is free software.

redletterdave writes "The FAA predicts 30,000 drones will patrol the US skies by 2020, but New Jersey drivers could see these unmanned aerial vehicles hovering above the New Jersey Turnpike and Garden State Parkway much sooner than that. New Jersey lawmakers from both Republican and Democratic parties have introduced a number of bills to tackle the drones issue before the federal government starts issuing the first domestic drone permits in September 2015."

itwbennett writes "We've all had a chuckle over Google's autocomplete results for various search queries. But one German businessman had a less funny experience when he searched for his name on Google.de: The autocomplete suggested search terms where his name was tied with 'Scientology' and 'fraud' (in German, of course). This was back in 2010. In 2012, a German court ruled that the autocomplete terms did not infringe the plaintiff's privacy. Now, a year later, the Federal Court of Justice in Karlsruhe has overturned that ruling and ordered that Google remove offensive search suggestions when notified."

An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."

An anonymous reader sent in this excerpt from Moxie Marlinspike's weblog: "Last week I was contacted by an agent of Mobily, one of two telecoms operating in Saudi Arabia, about a surveillance project that they're working on in that country. Having published two reasonably popular MITM tools, it's not uncommon for me to get emails requesting that I help people with their interception projects. I typically don't respond, but this one (an email titled 'Solution for monitoring encrypted data on telecom') caught my eye. ... The requirements are the ability to both monitor and block mobile data communication, and apparently they already have blocking setup. ... When they eventually asked me for a price quote, and I indicated that I wasn't interested in the job for privacy reasons, they responded with this: ' I know that already and I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that's why I took this and I seek your help. If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities.'"

Picass0 writes with distressing news from the AP wire, about the AP: "The Justice Department secretly obtained two months of telephone records of reporters and editors for The Associated Press in what the news cooperative's top executive called a 'massive and unprecedented intrusion' into how news organizations gather the news." They obtained call records from a number of desk phones, and the personal phones of many news editors. The DOJ has not commented, but it may be related to the possibility that the CIA director leaked information on a foiled terror plot in Yemen last year.

Sockatume writes "The Sunday Times has revealed that analytics firm Ipsos MORI and 4G network EE attempted to sell detailed information on 27m subscribers' activities to various parties including the UK's police forces. The data encompasses the gender, postcode and age of subscribers, the sites they visit and times they are visited, and the places and times of calls and text messages. Ipsos MORI were reportedly 'bragging that the data can be used to track people and their location in real time to within 100 meters' in negotiations. Ipsos MORI has rushed to contradict this in an effort to save face, stating that the users are anonymized and data is aggregated into groups of 50 or more, while location is only precise to 700m. Despite their prior enthusiasm, the police have indicated that they will no longer go ahead with the deal. It is not clear whether the other sales will go ahead."

New submitter ukemike points out an article at CNET reporting on a how there's a "waiting list" for Apple to decypt iPhones seized by various law enforcement agencies. This suggests two important issues: first, that Apple is apparently both capable of and willing to help with these requests, and second, that there are too many of them for the company to process as they come in. From the article: "Court documents show that federal agents were so stymied by the encrypted iPhone 4S of a Kentucky man accused of distributing crack cocaine that they turned to Apple for decryption help last year. An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms and Explosives, 'contacted Apple to obtain assistance in unlocking the device,' U.S. District Judge Karen Caldwell wrote in a recent opinion. But, she wrote, the ATF was 'placed on a waiting list by the company.' A search warrant affidavit prepared by ATF agent Rob Maynard says that, for nearly three months last summer, he "attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock' an iPhone 4S. But after each police agency responded by saying they 'did not have the forensic capability,' Maynard resorted to asking Cupertino. Because the waiting list had grown so long, there would be at least a 7-week delay, Maynard says he was told by Joann Chang, a legal specialist in Apple's litigation group. It's unclear how long the process took, but it appears to have been at least four months."

theodp writes "Big Bloomberg is watching you. CNN reports that was the unsettling realization Goldman Sachs execs came to a few weeks ago when a Bloomberg reporter inadvertently revealed that reporters from the news and financial data provider had surveillance capabilities over users of Bloomberg terminals. 'Limited customer relationship data has long been available to our journalists,' acknowledged a Bloomberg spokesman. 'In light of [Goldman's] concern as well as a general heightened sensitivity to data access, we decided to disable journalist access to this customer relationship information for all clients.' Business Insider is now reporting on allegations that Bloomberg reporters used terminals to spy on JPMorgan during the 'London Whale' disaster; Bloomberg bragged about its leadership on this story."