Tag Archives: privacy

Concerns Regarding “Unreasonable” Searches

Posted on by
Reply

There are concerns that a bill under consideration in the House, the Fourth Amendment Is Not For Sale Act, goes too far in protecting us Americans from 4th Amendment violations by the government at the expense of our counterintelligence capabilities.

The bill…would ban the government from buying information on Americans from data brokers. This would include many things in the cloud of digital exhaust most Americans leave behind online, from information on the websites they visit to credit-card information, health information, and political opinions.

Worse, goes the argument, the bill

would prohibit the US government from buying digital information that would remain available to the likes of China and Russia.

That last is a non sequitur, though. The fact that the data are readily available to our enemies doesn’t legitimize its collection by our government, which has Constitutional bars against most kinds of searches. It’s further the case that if we can’t be secure against the unwarranted [sic] intrusions of our own government, how can we expect our own government to keep us secure from the intrusions of foreign governments, especially enemy foreign governments?

There also is a misunderstanding buried in the claim regarding that digital exhaust [that] most Americans leave behind online. A significant fraction of that “digital exhaust” is not voluntary; it’s left behind as a condition of doing business with those enterprises that require collection of the data. Some of those data are legitimately needed by businesses: credit card account numbers if payment is being offered via credit card, shipping addresses so the seller can deliver the product, personal names so the seller can be sure of the credit card numbers and shipping addresses, and the like. Other data are demanded by the business as a condition of doing business with the customer for reasons unique to the specific enterprise.

Better would be to bar the sale, rather than bar the purchase, of such data.

That sale, too, should be barred universally, not just with respect to our government, within the following boundaries. All data that an enterprise demands be collected in order to do business needs to be barred from sale or any other transfer, to any other entity, whether government or not. There should be no default position or opt in or out; the sale or transfer of these data should be prohibited. Government legitimately can still access those data on presentation in court of a probable cause, supported by Oath or affirmation, and particularly describing the [data] to be searched, and the [data] to be seized. Voluntarily left data should require affirmative opt-in before those data can be sold or transferred. Failure to choose should be taken as not opting in—the enterprise cannot sell of transfer the data.

How is this Possible?

Posted on by
Reply

Personal information of 7.6 million AT&T customers and of 65 million former AT&T customers have appeared on the dark web in the last two weeks. Stuff happens, even egregiously bad stuff. What makes this stuff especially egregiously bad, though, is AT&T‘s claim that the data appear[] to have come from 2019 or earlier.

That especially bad status flows from some questions:

Why wasn’t the data breach discovered those 5 or more years earlier; why did AT&T not know of the breach of its own systems until they saw the results of the breach just recently?

If AT&T did know of the breach those years ago, why did they sit on the information all this time?

If AT&T did discover the data breach promptly, and the data that appeared on the dark web only happened to be from 2019 and prior, what were the safe guards in place—or not—for what would have been archived data? What are the safeguards for data from 5 years ago through to the present? How does AT&T know those data haven’t been penetrated and stolen, also?

Protecting Your Cell Phone “from a banking threat”

Posted on by
Reply

Kurt Knutsson has a Fox News article centered on protecting Android cell phones from malware that bypasses Android’s Restricted Setting Feature to steal, among other things, a user’s banking app PIN. It’s well worth reading and taking appropriate action, given that so many users have so many have banking (and other) access apps on their cells.

However.

Knutsson missed, in his article, the larger solution, or perhaps he deliberately elided it given how easy it is to use a cell phone—Android or other—to do things besides make and receive telephone calls or to exchange text messages.

What he missed is that that convenience comes with a very large cost, and that it’s an unavoidable cost given the ubiquitous presence of thieves in the world, including the virtual world of the Internet. The unavoidability of that cost stems directly from the fact that the contest between security and hacking past security is a permanent arms race in which security is, of necessity, reactive and not proactive. The hackers always have the first-user advantage, and that advantage lasts until security catches up—a gap that may be short or long but is always present.

The solution the Knutsson missed? Don’t have those banking (and other) access apps on your cell in the first place. At least, don’t go beyond social media apps—Facebook, Instagram, et al. (as if these are must haves)—at all. What’s not on a cell phone cannot be hacked by a cell phone hacker.

It’s certainly true that a laptop or PC is subject to the same vulnerabilities, but there’s no reason to extend and expand the reach of those vulnerabilities.

FISA and Search Warrants

Posted on by
Reply

The House Judiciary Committee is moving to seriously revamp FISA, the Act that was set up to deal with    widespread privacy violations by the Federal government during the Nixon administration.  It was intended to enable the government to surveil foreign persons and to limit the government’s surveillance to those foreign persons, and it includes a secretive and secret court to enable issuance of search warrants supporting that surveillance. The Act was promptly abused by the FBI and the Feds’ intelligence agencies to spy on us ordinary Americans, also, most recently during the runup to the Trump administration and continuing throughout that term, and since.

The Foreign Intelligence Surveillance Court earlier this year declassified a report revealing that FBI agents had inappropriately searched Americans’ phone records more than 270,000 times over a two year period, alarming civil liberty experts and generating bipartisan condemnation.

Bad as that abuse is, it’s also bad that that secret FISA court had been hiding that abuse behind its “classified” wall. This secret, Star Chamber court has been contributing its own abuses to the Act: it has acknowledged that the FBI had overtly lied to it on a number of those warrants, but then it had not only exacted no punishment, it continued blithely to accept FBI agents’ word on subsequent warrant applications. All of that is on top of the fundamental abuse that is the secret nature of this court, which aside from violating the spirit, if not the letter, of our court system, allows it to inflict those other abuses on us ordinary Americans.

Any suitable reform of the FISA Act must include disbanding altogether FISA’s Star Chamber Court. To the extent that the government worries about getting a warrant would tip off the bad guys—and it’s a legitimate concern—Article III courts and State courts all know how to seal and protect warrants when that’s…warranted.

Boosting my WiFi Signal at Home

Posted on by
Reply

Kurt Knutsson has some ideas for doing this. Luddite that I am, I question a couple of his going-in assumptions, at least as his suggestions apply to my case. Start with his subheadline:

Fix deadzones, speed up slow spots, and make your wireless internet signal reach farther

I have an ordinary-sized, one-story, wood frame, single-family home. I don’t have deadzones or slow zones (I’ve walked signal-assessors around my house). I don’t want my WiFi signal to reach farther, either; that would take the signal even farther outside my house, even farther past my city lot boundaries, making it even easier for wardrivers to capture, or for others to (try to) piggyback off my WiFi Internet connection (despite the several security precautions I’ve taken).

Have you ever wanted to watch your desktop screen on your smart TV, yet found out that the network connection is too weak or unreliable?

Nope. In the first place, I’ll never have a “smart” TV in my house until they’re the only ones left on the market when I need a replacement, and/or I can guarantee the device will never have or get access to the Internet. Smart TVs, currently, are just another piece of the Internet of Things that is so much a security risk.

YMMV. And probably does.