Geek Stuff

Peter Kuran:Visual Effects Artist and Atomic Bomb Archivist

Slashdot -

Lasrick links to this interview with Peter Kuran, an animator of the original Star Wars and legendary visual effects artist, writing If you saw the recent remake of Godzilla, you saw stock footage from Atom Central, known on YouTube as 'the atomic bomb channel.' Atom Central is the brainchild of Kuran, who among his many talents is an expert on archival films of the atmospheric testing era of 1945 to 1963. Combining his film restoration and photography expertise with his interest in nuclear history, he has also produced and directed five documentaries. He is currently working with Lawrence Livermore and Los Alamos National Laboratories to preserve and catalog images from the bomb-testing era, and to produce a technical handbook that will help people understand these images and the techniques used to create them.

Read more of this story at Slashdot.








OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

Slashdot -

operator_error notes a report that ownCloud developer Lukas Reschke has emailed the Ubuntu Devel mailing list to request that ownCloud (server) be removed from the Ubuntu repositories because it contains "multiple critical security bugs for which no fixes have been backported," through which an attacker could "gain complete control [of] the web server process." From the article: However, packages can't be removed from the Ubuntu repositories for an Ubuntu version that was already released, that's why the package was removed from Ubuntu 14.10 (2 days before its release) but it's still available in the Ubuntu 14.04 and 12.04 repositories (ownCloud 6.0.1 for Ubuntu 14.04 and ownCloud 5.0.4 for Ubuntu 12.04, while the latest ownCloud version is 7.0.2). Furthermore, the ownCloud package is in the universe repository and software in this repository "WILL NOT receive any review or updates from the Ubuntu security team" (you should see this if you take a look at your /etc/apt/sources.list file) so it's up to someone from the Ubuntu community to step up and fix it. "If nobody does that, then it unfortunately stays the way it is", says Marc Deslauriers, Security Tech Lead at Canonical. You can follow the discussion @ Ubuntu Devel mailing list. So, until (if) someone fixes this, if you're using ownCloud from the Ubuntu repositories, you should either remove it or upgrade to the latest ownCloud from its official repository, hosted by the openSUSE Build Service."

Read more of this story at Slashdot.








Microsoft Now Makes Money From Surface Line, Q1 Sales Reach Almost $1 Billion

Slashdot -

SmartAboutThings writes Microsoft has recently published its Q1 fiscal 2015 earnings report, disclosing that it has made $4.5 billion in net income on $23.20 billion in revenue. According to the report, revenue has increased by $4.67 billion, compared to $18.53 billion from the same period last year. However, net income has decreased 14 percent compared to last year's $5.24 billion mainly because of the $1.14 billion cost associated with the integration and restructuring expenses related to the Nokia acquisition. But what's finally good news for the company is that the Surface gross margin was positive this quarter, which means the company finally starts making money on Surface sales. Microsoft didn't yet reveal Surface sales, but we know that Surface revenue was $908 million this quarter, up a massive 127 percent from the $400 million this time last year. However, if we assume that the average spent amount on the purchase of this year's Surface Pro 3 was around $1000, then we have less than 1 million units sold, which isn't that impressive, but it's a good start.

Read more of this story at Slashdot.








Days After Shooting, Canada Proposes New Restrictions On and Offline

Slashdot -

New submitter o_ferguson writes As Slashdot reported earlier this week, a lone shooter attacked the war memorial and parliament buildings in Ottawa, Canada on Wednesday. As many comments predicted, the national government has seized this as an opportunity to roll out considerable new regressive legislation, including measures designed to* increase data access for domestic intelligence services, institute a new form of extra-judicial detention, and, perhaps most troubling, criminalize some forms of religious and political speech online. As an example of the type of speech that could, in future, be grounds for prosecution, the article mentions that the killer's website featured "a black ISIS flag and rejoiced that 'disbelievers' will be consigned to the fires of Hell for eternity." A government MP offers the scant assurance that this legislation is not "trauma tainted," as it was drafted well prior to this week's instigating incidents. Needless to say, some internet observes remain, as always, highly skeptical of the manner in which events are being portrayed. (Please note that some articles may be partially paywalled unless opened in a private/incognito browser window.)

Read more of this story at Slashdot.








AT&T Locks Apple SIM Cards On New iPads

Slashdot -

As reported by MacRumors, the unlocked, carrier-switchable SIM cards built into the newest iPads aren't necessarily so -- at least if you buy them from an AT&T store. Though the card comes from Apple with the ability to support (and be switched among with software, if a change is necessary) all major carriers, "AT&T is not supporting this interchangeability and is locking the SIM included with cellular models of the iPad Air 2 and Retina iPad mini 3 after it is used with an AT&T plan. ... AT&T appears to be the only participating carrier that is locking the Apple SIM to its network. T-Mobile's John Legere has indicated that T-Mobile's process does not lock a customer in to T-Mobile, which appears to be confirmed by Apple's support document, and Sprint's process also seems to leave the Apple SIM unlocked and able to be used with other carrier plans. Verizon, the fourth major carrier in the United States, did not opt to allow the Apple SIM to work with its network." The iPad itself can still be activated and used on other networks, but only after the installation of a new SIM.

Read more of this story at Slashdot.








Passwords: Too Much and Not Enough

Slashdot -

An anonymous reader writes: Sophos has a blog post up saying, "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen."

Read more of this story at Slashdot.








Automated Mass Surveillance is Unconstitutional, EFF Explains in Jewel v. NSA

EFF's Deeplinks -

Today EFF filed our latest brief in Jewel v. NSA, our longstanding case on behalf of AT&T customers aimed at ending the NSA’s dragnet surveillance of millions of ordinary Americans’ communications. The brief specifically argues that the Fourth Amendment is violated when the government taps into the Internet backbone at places like the AT&T facility on Folsom Street in San Francisco.

As it happens, the filing coincides with the theatrical release of Laura Poitras’ new documentary, Citizenfour. The Jewel complaint was filed in 2008, and there’s a scene early in the film that shows the long road that case has taken. In footage shot in 2011, the United States Court of Appeals for the Ninth Circuit hears argument in Jewel, and an attorney from the Department of Justice tries to convince a skeptical court that it should simply decide not to decide the case, leaving it to the other branches of government.

But the court did not agree to step aside. EFF prevailed on the issue, and the case continued, albeit very slowly. Now, years later, Poitras’ film underscores just how much the conversation around mass surveillance has changed. Americans are overwhelmingly concerned with government monitoring of their communications, and we hope to (finally) have a constitutional ruling in Jewel soon. (And another in Smith v. Obama, and still another in First Unitarian Church of Los Angeles v. NSA.)

Even so, the government continues to try to avoid a decision that any of its various means of mass surveillance is unconstitutional. The current procedural context is this: in July, EFF filed a partial motion for summary judgment requesting that the court rely on uncontested evidence that the NSA taps into the Internet backbone and collects and searches ordinary Americans’ communication to rule that the government is violating the Fourth Amendment. The technology at issue, which the government calls “upstream,” is illustrated here

Under this surveillance, the government makes a full copy of everything that travels through key Internet backbone locations, like AT&T’s peering links. The government says that it then does some rudimentary filtering and searches through the filtered copies, looking for specific “selectors,” like email addresses.

The government filed its opposition to our motion in September. In our reply, we note that the government is effectively trying to sidestep the Fourth Amendment for everything that travels over the Internet. We explain:   

The government . . . contends that [Fourth Amendment] principles have no application here, where the government is unequivocally breaching the security and privacy of the papers and effects of millions of individuals. Its position essentially is that it can circumvent the Fourth Amendment’s core principles by copying communications in transit instead of taking physical possession of the originals, and by searching their contents very quickly with computers instead of searching them with humans. The government further contends that if one of its purposes for the copying and searching the communications is foreign intelligence, then the circumvention is complete, and the Internet has for all practical purposes become a Fourth-Amendment-free zone. The government is wrong.  

Our reply brief then unravels the government’s various attempts at constitutional circumvention. Here are some key issues we address:

Tapping into the Fiberoptic Cables is a “Seizure”

We explain that the act of copying entire communications streams passing through splitters at AT&T facilities is an unconstitutional seizure of individuals’ “papers” and “effects.” This should be obvious—our “papers” today often travel over the Internet in digital form rather than being stored in our homes—but the government contends that unless it physically interferes with individuals’ possession of some tangible property, it cannot “seize” anything. This is not so. If it were true that conversations could not be “seized” except by taking possession of physical objects, all warrantless wiretapping (where “recording” is a form of “copying” communications) would be constitutional.

This argument is especially troubling in the Internet age, since the government appears to be claiming that it could make a copy of all Internet communications as long as it did so without physically taking possession of any storage media. No way. The Fourth Amendment doesn’t protect just tree pulp or hard drives. It protects your ability to have control over who sees the information carried in your papers and effects. And by copying everything, the government is plainly “seizing” it.

Searching Quickly is Still a Search

The government also argues that because it is able to conduct its entire seizure and search quickly, there’s no real problem. It claims that the only interest you have in your messages in transit is whether they are delayed—not whether you retain control over them. Again, this isn’t the case. The founders of the United States, in writing the Fourth Amendment and in banning “general warrants,” were concerned about the security of their papers. That concern wouldn’t have simply disappeared had the British troops been able to rifle through their papers at the speed of a computer rather than by hand.

The “Human Eyes” Theory

Relatedly, we explain that the act of using a computer program to scan the contents of the copied communications stream in order to find targeted “selectors” is an unconstitutional search. Although the government concedes that individuals have a reasonable expectation of privacy in their Internet communications, thus triggering the Fourth Amendment, it argues that searching through the contents of those communications via an automated computer program does not compromise that expectation of privacy because the communications are not seen by human eyes. In support of this argument, the government compares its scanning of Internet communications to a police officer’s use of a drug-sniffing dog or a chemical drug test to detect contraband in a suspect’s luggage or a suspicious package, which the Supreme Court has found to not constitute a “search.”

But the government misses the point of the “contraband” cases, which turn not on the involvement of humans, but on the fact that no one has a right to possess contraband, and contraband was the only thing the dog sniffs and chemical tests could identify.

The mass, suspicionless surveillance of millions of Americans’ Internet communications is far broader in scope than these limited contraband investigations. First of all, speech just isn’t contraband, and the government’s “selectors” cannot distinguish between potentially illegal and legal speech. That takes humans. Second, the government’s search terms are far from objective, single-criterion searches. Even scanning for hash functions, which are arguably used to identify only illegal computer files like child pornography, have been found to be a search. Here, the scope is much broader, given the government’s stated foreign intelligence goals. What’s more, the act of choosing the selectors involves an exercise of discretion simply not present when teaching a dog to detect drugs. Americans have a reasonable expectation of privacy in their Internet communications, and the government’s act of searching the contents of those communications is a search, irrespective of whether it uses a human being or an automated computer program to do so. 

“Special Needs” Again

Finally, as it did in Smith v. Obama, the government claims that its actions are justified by the “special needs doctrine,” the narrow exception to the warrant requirement that applies to minimally intrusive searches of people with reduced privacy expectations, such as students and those who work with dangerous machinery. While we’re not fans of the doctrine here at EFF, what the government is trying to do with it in this case is truly breathtaking. It argues that it needs no warrant to seize and search every single Internet activity of hundreds of millions of innocent people (who have no reduced expectation of privacy) as long as it does so quickly and a “significant reason” for doing so is collecting foreign intelligence. 

We hit back hard on that argument, noting, first, that far from having a minimal privacy interest, our “plaintiffs’ privacy interests in their Internet activities and communications lie at the heart of the Fourth Amendment.” We also note that the government’s intrusion here, while possibly speedy due to its computing power, is extensive, searching “every word from top to bottom” of those hundreds of millions of innocent Americans’ communications.

The government's dangerous “special needs” argument, which apparently the Foreign Intelligence Surveillance Court of Review adopted with regard to the targeted surveillance objected to by Yahoo!, is something the Internet public needs to be aware of. The government is essentially claiming that because there are bad foreign actors online, it should get a free pass from complying with the Constitution whenever it claims a “foreign intelligence” need, and that it gets to do so regardless of how many innocent Americans may be caught up in its net. Or to put it more bluntly, the government is basically saying that its intelligence needs should trump the Constitution, and that no one using the Internet should be able to have a private conversation or engage in private web surfing or information gathering without the government having access. 

There's More

There’s more in our brief, including our response to the government’s attack on the evidence presented by Mark Klein and the analysis by our expert witness, J. Scott Marcus.

We also filed a motion to strike a second secret brief the government submitted to the court in opposition to our motion for partial summary judgment. As we explain in our motion to strike, it is an extraordinary violation of due process to let the government make secret legal arguments to the court to which we have no ability to respond.

Next Steps

Now that briefing on our motion in Jewel is complete, the next step is oral argument. The court will hear the motion on December 19, 2014 in Oakland, California, and the public is invited. 

In the meantime, it is the busiest season for hearings in the NSA spying cases yet. First, on November 4, EFF will participate as amicus in the Klayman v. Obama oral argument before the D.C. Circuit in Washington, D.C. concerning the NSA's telephone records collection. Then, on December 8 in Seattle, Washington, the Ninth Circuit will hear argument by our co-counsel Peter Smith and Luke Malek in Smith v. Obama, the telephone records case we’re handling with the ACLU.   

Related Cases: Smith v. ObamaKlayman v. ObamaJewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this:   ||  Join EFF

Verizon Injects Unique IDs Into HTTP Traffic

Slashdot -

An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.

Read more of this story at Slashdot.








Secretive Funding Fuels Ongoing Net Neutrality Astroturfing Controversy

Slashdot -

alphadogg writes: The contentious debate about net neutrality in the U.S. has sparked controversy over a lack of funding transparency for advocacy groups and think tanks, which critics say subverts the political process. News stories from a handful of publications in recent months have accused some think tanks and advocacy groups of "astroturfing" — quietly shilling for large broadband carriers. In a handful of cases, those criticisms appear to have some merit, although the term is so overused by people looking to discredit political opponents that it has nearly lost its original meaning. An IDG News Service investigation found that major groups opposing U.S. Federal Communications Commission reclassification and regulation of broadband as a public utility tend to be less transparent about their funding than the other side. Still, some big-name advocates of strong net neutrality rules also have limited transparency mechanisms in place.

Read more of this story at Slashdot.








A Low Cost, Open Source Geiger Counter (Video)

Slashdot -

Sawaiz Syed's LinkedIn page says he's a "Hardware Developer at GSU [Georgia State University], Department of Physics." That's a great workplace for someone who designs low cost radiation detectors that can be air-dropped into an area where there has been a nuclear accident (or a nuclear attack; or a nuclear terrorist act) and read remotely by a flying drone or a robot ground vehicle. This isn't Sawaiz's only project; it's just the one Timothy asked him about most at the recent Maker Faire Atlanta. (Alternate Video Link)

Read more of this story at Slashdot.








Computer Scientist Parachutes From 135,908 Feet, Breaking Record

Slashdot -

An anonymous reader writes: The NY Times reports that Alan Eustace, a computer scientist and senior VP at Google, has successfully broken the record for highest freefall jump, set by Felix Baumgartner in 2012. "For a little over two hours, the balloon ascended at speeds up to 1,600 feet per minute to an altitude of 135,908 feet, more than 25 miles. Mr. Eustace dangled underneath in a specially designed spacesuit with an elaborate life-support system. He returned to earth just 15 minutes after starting his fall. ... Mr. Eustace cut himself loose from the balloon with the aid of a small explosive device and plummeted toward the earth at a speeds that peaked at more than 800 miles per hour, setting off a small sonic boom heard by observers on the ground. ... His technical team had designed a carbon-fiber attachment that kept him from becoming entangled in the main parachute before it opened. About four-and-a-half minutes into his flight, he opened the main parachute and glided to a landing 70 miles from the launch site."

Read more of this story at Slashdot.








Asus introduces the MeMO Pad 10 ME103K budget tablet

Liliputing -

Last month an unannounced 10 inch Android tablet from Asus started showing up at European retail sites. Now Asus has finally gotten around to officially introducing the tablet. As expected, the Asus MeMO Pad 10 ME103K features a 10 inch, 1280 x 800 pixel display, a Qualcomm Snapdragon S4 Pro processor, and Android 4.4 KitKat […]

Asus introduces the MeMO Pad 10 ME103K budget tablet is a post from: Liliputing

Researcher Finds Tor Exit Node Adding Malware To Downloads

Slashdot -

Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code. In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators. "SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted," he said via email.

Read more of this story at Slashdot.








Two Reports About FBI's Use of National Security Letters Reissued

EFF's Deeplinks -

Even the reports that are supposed to provide transparency about the FBI's use of national security lettters (NSLs) are secret—or at least a couple dozen pages of them are. NSLs are nonjudicial orders that allow the FBI to obtain information from companies, without a warrant, about their customers’ use of services. They almost always contain a gag order, which prohibits recipients from even saying they've received the request.

Two Office of the Inspector General (OIG) reports reviewing the FBI's use of NSLs from 2007 and 2008 were reissued earlier this week after having portions declassified. You can see the newly released versions of the 2007 report here and the 2008 report here.

Charlie Savage at the New York Times has reviewed and listed the changes. Some of them make sense. For example, one portion of the 2007 report masked references to a "Virginia Jihad network," which might have been redacted because of an ongoing investigation. But some of the previously classified portions are less explicable, such as the classification of the percentage of requests done under particular statutes. It's unclear what purpose keeping that number secret serves. What is clear is that excessive classification and redaction continue to get in the way of much-needed transparency around NSLs.

Related Issues: National Security LettersTransparencyRelated Cases: National Security Letters (NSLs)In re: National Security LetterIn re National Security Letter 2013 (13-80089)In re National Security Letter 2013 (13-1165)
Share this:   ||  Join EFF

Employers Worried About Critical Thinking Skills

Slashdot -

Nerval's Lobster writes: Every company needs employees who can analyze information effectively, discarding what's unnecessary and digging down into what's actually useful. But employers are getting a little bit worried that U.S. schools aren't teaching students the necessary critical-thinking skills to actually succeed once they hit the open marketplace. The Wall Street Journal talked with several companies about how they judge critical-thinking skills, a few of which ask candidates to submit to written tests to judge their problem-solving abilities. But that sidesteps the larger question: do schools need to shift their focus onto different teaching methods (i.e., downplaying the need for students to memorize lots of information), or is our educational pipeline just fine, thank you very much?

Read more of this story at Slashdot.








Recent Nobel Prize Winner Revolutionizes Microscopy Again

Slashdot -

An anonymous reader writes: Eric Betzig recently shared in the Nobel Prize for Chemistry for his work on high-resolution microscopy. Just yesterday, Betzig and a team of researchers published a new microscopy technique (abstract) that "allows them to observe living cellular processes at groundbreaking resolution and speed." According to the article, "Until now, the best microscope for viewing living systems as they moved were confocal microscopes. They beam light down onto a sample of cells. The light penetrates the whole sample and bounces back. ... The light is toxic, and degrades the living system over time. Betzig's new microscope solves this by generating a sheet of light that comes in from the side of the sample, made up of a series of beams that harm the sample less than one solid cone of light. Scientists can now snap a high-res image of the entire section they're illuminating, without exposing the rest of the sample to any light at all."

Read more of this story at Slashdot.








Cops Need to Obey Facebook’s Rules

EFF's Deeplinks -

Facebook scolded the Drug Enforcement Administration this week after learning that a narcotics agent had impersonated a user named Sondra Arquiett on the social network in order to communicate and gather intelligence on suspects. In a strongly worded letter to DEA head Michele Leonhart, Facebook’s Chief Security Officer Joe Sullivan reiterated that not only did the practice explicitly violate the site’s terms of service, but threatened Facebook’s trust-based social ecosystem.

Sullivan writes:

Facebook has long made clear that law enforcement authorities are subject to these policies. We regard the conduct to be a knowing and serious breach of Facebook’s terms and policies, and the account created by the agent in the Arquiett matter has been disabled.

Accordingly, Facebook asks that the DEA immediately confirm that it has ceased all activities on Facebook that involve the impersonation of others or that otherwise violate our terms and policies.

So far, it is unclear whether the DEA has responded, although the US Department of Justice has independently launched an investigation into the practice. We commend Facebook for holding the agency accountable.

But we also think Facebook should go further in protecting users and the integrity of its services. The DEA isn’t only law enforcement agency creating fake profiles on Facebook, and fake profiles are not the only way that law enforcement agencies routinely violate the site’s terms of service.

Sock Puppet Investigators

Facebook’s “Statement of Rights and Responsibilities” require users to provide their “real names and information” and warn users to “not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.” In other words, this is a ban on sock puppets: fake accounts that someone creates for deceptive purposes.

According to a lawsuit filed against the DEA, Arquiett was arrested in 2010 on drug charges. She allegedly agreed to allow an agent to search her phone. But the agent did much more than that, taking files from her phone—including suggestive photos of Arquiett as well as pictures of her children. The agent then used them to create a Facebook profile in her name. The agent accepted and made friend requests and engaged in conversations with other users.

While this may be the first time we have heard of the DEA impersonating an actual person, two separate independent studies show that creating fake profiles is commonplace in the law enforcement community.

In 2012, LexisNexis researchers surveyed more than 1,200 federal, state, and local law enforcement agencies and almost 70 percent of agencies surveyed said they use social media to some extent in their investigations. Among those agencies, Facebook was by far the most popular social network site, with 91 percent using it for investigations, 27 percent using it on a daily basis. Alarmingly, the LexisNexis researchers concluded that police “have no concerns around the ethics of creating fake virtual identities as an investigative technique." Approximately 83 percent reported they had no qualms about going undercover online. 

LexisNexis even included an anonymous testimonial on how police were able to track a suspect’s location through Facebook:

I was looking for a suspect related to drug charges for over a month. When I looked him up on FB, and requested him as a friend from a fictitious profile, he accepted. He kept “checking in” everywhere he went so I was able to track him down very easily.

A 2013 study [pdf] from the International Association of Chiefs of Police (IACP) mirrored the LexisNexis findings. Out of 500 predominantly municipal law enforcement agencies, more than 58 percent reported that they use fake profiles to gather information.

It’s difficult to determine exhaustively which agencies have adopted this tactic, but some have publicly acknowledged the practice:

  • Cincinnati Police Department admitted to CNN that it used undercover profiles for “targeted enforcements.”
  • In a DOJ-funded report on social media tactics, IACP revealed that the New York City Police Department has created formal policies for creating alias accounts for use in investigations. (The policies are available on page 169 of this report.)
  • The Georgia Bureau of Investigation similarly has a policy (page 157) allowing for aliases to be used in investigations.
  • In its policy on the use of social media, the La Vista Police Department in Nebraska says, “Covert undercover operations on the Internet and Social Networking are an effective investigative technique in establishing admissible, credible evidence in support of a criminal prosecution against suspects.”

Yet most of these agencies explicitly agreed to abide by Facebook’s terms of service when they created their own Facebook pages.

Ignoring ToS

Creating fake profiles is only one way that law enforcement agencies are actively violating Facebook’s terms of service.

Facebook’s terms say that you must not share your password or “let anyone else access your account.” It further states, “you will not solicit login information or access an account belonging to someone else.” Yet, law enforcement agencies are guilty of these activities, particularly when it comes to screening applicants for jobs. According to a recent article from the San Francisco Chronicle, “The standard practice in most California police departments is to require social-media passwords of job applicants, including those applying for dispatch and jail staff positions.” This past session, the California Legislature attempted to clarify the law to extend a prohibition on this practice in the private sector to public employees—including a provision explicitly prohibiting police agencies from soliciting passwords—but the bill failed to make it to the governor’s desk.

Meanwhile, the FBI has been researching ways to data mine on Facebook, which would be a violation of the ToS that says you cannot “not collect users' content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our prior permission.”

Law enforcement agencies have been potentially violating social media networks' terms of service with scraping and "covert accounts" for years (even as far back as when MySpace was the leading social network). We had to go court to find this out, but Facebook has the power to force transparency without litigation.

What Should Facebook Do About This?

Under a White House directive (most recent version here), federal agencies are supposed to sign special, negotiated terms of service with social media providers where they would like to have a presence, including Facebook (example pdf here). Facebook also has special terms of services that are applicable only to state and local government agencies. 

These agreements and special terms of services are opportunities for Facebook to demand more of law enforcement. If cops want to use Facebook for public purposes (and according IACP, most agencies find it a “very valuable” for community outreach, collecting tips and disseminating emergency information), then Facebook should make sure they know they must follow the same rules as everyone else.

We’re asking Facebook to spell out, in no uncertain language, that the terms that apply to regular users apply to government agencies as well, including law enforcement. It should remind law enforcement that violating its terms of service—such as by creating fake profiles, using impersonation, requiring passwords from applicants and employees, and data mining—isn’t OK.

But Facebook could, and should, go a step further to restore the public’s trust in their system and require that any law enforcement agency that wants to use Facebook must first develop and publish departmental policies for social media, including their policies for using social media in investigations and in screening job applicants.

It's great that Facebook sent a letter to the DEA, but for the company to protect its users it needs to do more than simply react after the damage has been done.

Related Issues: Online Behavioral TrackingSocial NetworksTransparency
Share this:   ||  Join EFF

Decades-old Scientific Paper May Hold Clues To Dark Matter

Slashdot -

sciencehabit writes: Here's one reason libraries hang on to old science journals: A paper from an experiment conducted 32 years ago may shed light on the nature of dark matter, the mysterious stuff whose gravity appears to keep the galaxies from flying apart. The old data put a crimp in the newfangled concept of a 'dark photon' and suggest that a simple bargain-basement experiment could put the idea to the test. The data come from E137, a "beam dump" experiment that ran from 1980 to 1982 at SLAC National Accelerator Laboratory in Menlo Park, California. In the experiment, physicists slammed a beam of high-energy electrons, left over from other experiments, into an aluminum target to see what would come out. Researchers placed a detector 383 meters behind the target, on the other side of a sandstone hill 179 meters thick that blocked any ordinary particles.

Read more of this story at Slashdot.








Pages

Subscribe to debianHELP aggregator - Geek Stuff