All posts in “Spying”

Blacklisted cybersecurity firm Kapersky decamps for Switzerland

We hear neutral territory like Zurich is lovely this time of year.
We hear neutral territory like Zurich is lovely this time of year.

Image: UIG via Getty Images

Cybersecurity company Kapersky Lab found itself blacklisted by U.S. federal agencies after accusations of enabling Russian spies to steal NSA files. Unloved and perhaps unwanted, the company — which has denied any wrongdoing — is moving a number of its international data servers to neutral territory: Zurich. Read more at PC Mag…

German government tells parents to destroy children’s smartwatches

The German government isn’t just banning some children’s smartwatches — its telling people to “destroy” the gadgets already circulating around the country.

On Friday, Germany’s telecom regulator the Federal Network Agency announced that a number of these devices, designed for ages 5 to 12, can allow someone to remotely tap into the watch’s microphone and clandestinely spy from remote locations (just like a wiretap). The regulator isn’t just concerned about the potential of people spying on children — it’s concerned the devices can be used to spy on anyone.

And in Germany, it’s illegal to record private conversations without permission.

“According to our investigations, parents were using the watches, for example, to listen in on teachers during class,” said Federal Network Agency President Jochen Homann in a statement.

Smartwatches that make phone calls, like the Apple Watch, are legal in Germany. The problem with many of the children’s smartwatches, however, is the devices have a classic snooping function, similar to a baby monitor, which can be easily activated just by using an app.

“Via an app, parents can use such children’s watches to listen unnoticed to the child’s environment and they are to be regarded as an unauthorized transmitting system,” said Homann.

The German regulator is so serious about destroying these devices, it’s asking citizens to literally document the watches’ destruction and to file evidence online. Once the watches are destroyed, the regulator will provide a “certificate of destruction,” confirming the deed was done. 

This isn’t the first time the Federal Network Agency told German citizens to destroy a consumer device. In February, the regulator prohibited the doll “My Friend Cayla” and labeled it as an “espionage device.” Apparently, the dolls were fitted with radio transmission technology that could allow children to be spied on.

Beware consumer tech manufacturers: The German government won’t just ban devices that facilitate spying, they’ll demand the devices be smashed with hammer (or whatever means of destruction one prefers) — even if they’re dolls.

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f11%2f5e3a976c 220f 63e8%2fthumb%2f00001

The NSA’s massive surveillance operation is now just a little less massive

Where the surveillance happens ...
Where the surveillance happens …

Image: jim Lo Scalzo/Epa/REX/Shutterstock

The NSA’s spying program is still vast, but it’s now a touch more restricted.

The agency has long collected texts and emails sent to and by Americans if those electronic communications contained the names of folks whom the NSA was conducting surveillance on, but that’s no longer the case. 

This, as the New York Times reported Friday, is a significant rollback of a surveillance program that privacy advocates have railed against since a series of NSA spying programs and mechanisms were revealed in 2013. 

The main issue many privacy advocates had: The spying didn’t require a warrant and was based on the content of the message rather than the people having the digital conversation. 

The NSA often collected emails and texts with little (if any) relevance to their surveillance operations. Companies from which it requested messages often grouped the irrelevant ones with the allegedly relevant ones and sent them over to the agency. According to the formerly secretive Foreign Intelligence Surveillance Court, doing so was a violation of the fourth amendment. The NSA has reportedly tried to fix this aspect of its spying for years in order to comply with the Constitution, but failed to do so. 

The news is a clear win for privacy advocates, but a win that is neither total nor irreversible. 

“While the NSA’s policy change will curb some of the most egregious abuses under the statute, it is at best a partial fix,” Neema Singh Guliani, a legislative counsel at the American Civil Liberties Union, said in an emailed statement. “Congress should take steps to ensure such practices are never resurrected and end policies that permit broad, warrantless surveillance …”

WATCH: Drone footage shows just how insanely colossal Apple Campus 2 is

Your headphones aren’t spying on you, but your apps are. Here’s why.

Lawyers in the US are claiming that headphone and speaker company Bose, is secretly collecting information about what users listen to when they use its bluetooth wireless headphones.

Edelson, the lawyers acting on behalf of customer Kyle Zak of Illinois, claim that information about what Zak has been listening to through his Bose headphones was being collected without his knowledge or explicit consent every time he used a Bose companion mobile app called Bose Connect

The app allows customers to interact with the headphones, updating software and also managing which device is connected at any time with the headphones. If the headphones are being used to listen to something, details about what is being played will show up in the Connect App.

This information is then collected by Bose and sent to third parties, including companies like Segment, who facilitate the collection of data from web and mobile applications and make it available for further analysis.

The lawyers are contending that Bose’s actions amount to illegal wire tapping and that the information being collected could reveal a great deal of personal information about customers. Allegedly, Kyle Zak would not have bought Bose headphones if he had known that this information would be collected and he further claims that he never gave his consent for this information to be collected.

Bose has denied the allegations and pointed to the privacy policy in the Connect App that is explicit about the fact that it collects de-identified data for Bose’s use only and does not sell identified data for any purpose including “behavioral advertising”. Bose also points out that what a customer listens to on the headphones is only visible to Bose if the customer is using the Connect App and has it open and running.

Given the app’s limited functionality, it is really unclear why anyone would use the Connect App for this purpose on a continuous basis.

Most software uses tracking

The majority of apps installed on a phone will be collecting data about its usage and sending it back, de-identified, for analysis. This data may well be aggregated without giving any detail about any individual user. So, it would not be possible for example to say whether people who use an app every day are more likely to use particular features. Of course, some companies do collect this level of detail.

So what is this tracking data used for?

Developers use this information to track a range of things including statistics about usage of the app. Companies usually track how many daily and monthly active users they have and how many users stop using the app after opening for the first time.

Developers are also interested to find out if the app experiences problems, like crashes for example. They are also interested in what features of the app do customers use, what sequence did they use them and for how long.

A range of companies, including Apple and Google provide means of collecting anonymous statistics from users. The data is sent back to a server and made available for analysis. This type of tracking is very different from the tracking that is done for advertising purposes. In this case, information is collected that is identifiable and used to personalise ads to be delivered either directly through the app, or through other services.

Hidden privacy statements are not enough

Privacy statements for apps, websites and other software should make it clear, and before the user starts using the app, what information the software is collecting, who it will be shared with, and for what purposes. Most software however, does not do this. Companies simply skip showing a user the privacy statement and make reference to the fact that the statement can be accessed somewhere on a website or in the app, at a later time.

Another problem with a great number of privacy policies, is that they are written in legal language and do not make explicit what information is being collected and for what purpose.

It is not only the companies that treat privacy as an afterthought. Customers also struggle with understanding the basics of their rights to privacy and what a privacy statement actually does. In 2014, Pew Research found that 52% of Americans surveyed wrongly believed that simply having a privacy policy at all meant that companies kept confidential all the information they collected on users.

In another survey, only 20% of users who read any part of a privacy policy felt they fully understood what they had read.

Ironically enough, the website of legal firm Edelson does not feature a clear link to its privacy policy. Its privacy statement is buried in a “Disclaimer” which helpfully says: “PLEASE READ THE FOLLOWING TERMS OF SERVICES & LEGAL NOTICES (“THIS AGREEMENT”) CAREFULLY BEFORE USING THE EDELSON.COM WEBSITE”. Somewhat hard to do if you have to visit the site to get to it.

Privacy should be treated as a fundamental driver of design in software. This situation has been changing, especially as companies have focused on protecting customers’ privacy, not from the companies themselves, but from law enforcement agencies, secret services and the government in general. 

Perhaps also, the threat of legal action by companies like Edelson, will prove another incentive to do the right thing.

WATCH: This college student spent his summer undercover in a Chinese iPhone factory

This article originally published at The Conversation
here