Archive for April, 2016

Skull echoes, accidental data collection, health apps, and more from this week in privacy

Here are our top picks from the lastest The Privacy Project round up, which includes more than 50 links to recent privacy-related reporting. (Be seeing you!)

5 things George Orwell understood: The brilliant author who gave us terms like “doublethink,” “thoughtcrime” and “newspeak” reminds us there’s a connection between clarity of language and truth. Story links to 75 audio hours of interviews with the author, who implores us to keep the faith of tolerance, decency, and humanity.

Lawmakers want to know how often U.S. spies accidentally collect Americans’ data: FISA’s Section 702 lets the National Security Agency collect—in bulk and without a warrant—the contents of foreigners’ communications. But if Americans are communicating with foreign targets, those messages get swept into the system.

1 million people are now connecting to Facebook without leaving a digital trail In a Facebook note, software engineer Alec Muffett said the number of Facebook over Tor users over an average 30-day period has about doubled in less than a year, now hitting 1 million.

Why does our privacy really matter? Philosophy professor Michael Lynch says that privacy violations erode individuals’ rights to autonomously make their own decisions and exercise individual power.

Could skull echos and brainprints replace the password? Researchers at Binghamton University in New York conducted a study in which some 50 participants were monitored via headgear fitted with 30 brain sensors while 500 images of things, such as celebrities, food and unusual words, flashed in front of them on a screen for less than a second each. The sensors captured how their brains automatically reacted to the pictures — and from that data, the researchers were able to figure out how to identify a person with 100 percent accuracy while using just 27 image responses collected from a handful of sensors.

British spies abused their powers to send people birthday cards “We’ve seen a few instances recently of individual users crossing the line with their database use for instance, looking up addresses in order to send birthday cards, checking passport details to organise personal travel, checking details of family members for personal reasons,” the newsletter says. “Another area of concern is the use of the database as ‘convenient’ way to check the personal details of colleagues when filling out Service forms on their behalf.”

Smartphone medical apps raise privacy concerns A recent study from the Journal of the American Medical Association found that privacy policies on health apps are often weak or completely missing. In addition, health innovations are not necessarily covered under health privacy laws or the Health Insurance Portability and Accountability Act (HIPAA). Pam Dixon of World Privacy Forum warns that if users give medical information to someone who is not a doctor and not covered under HIPAA, the information is not bound by that privacy law.

Video: LaTanya Sweeney – How Technology Impacts Humans

As part of the University of Washington’s Tech Policy Lab Lecture series, LaTanya Sweeney, Harvard professor and editor-in-chief of the new journal Technology Science, spoke to a packed Kane Hall last week about life in our ever-evolving technocracy, where we can be monitored on the job, in the street, on our keyboards, while we shop, and while we sleep.

By default and by degrees, technology designers have become policymakers. Sweeney sees privacy and security as only the first wave of issues that policymakers will have to attend to. Well worth a viewing. Thanks to Mike McCormick for the video.

Encryption & VPN & infosec & bitcoin & blockchain & more: LinuxFest Northwest April 23 & 24

Our partners at TA3M-Seattle are taking the month off in honor of LinuxFest Northwest, an always-lively and crowded weekend in Bellingham. This event is strongly recommended!

Here are some sessions to attend:

The always fantastic combined ACLU / EFF Panel:
https://www.linuxfestnorthwest.org/2016/sessions/aclu-eff-panel-discussion

Encryption & VPNs & infosec:
https://www.linuxfestnorthwest.org/2016/sessions/encryption-its-thing
https://www.linuxfestnorthwest.org/2016/sessions/secure-mesh-vpn-w-service-discovery
https://www.linuxfestnorthwest.org/2016/sessions/lets-encrypt-our-first-half-million-certs
https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016

Bitcoin & Blockchain:
https://www.linuxfestnorthwest.org/2016/bofs/bitcoin-blockchain-and-alternative-currencies-hacking-future-global-finance

And an interesting BoF:
https://www.linuxfestnorthwest.org/2016/bofs/subversive-disintermediation-or-technological-authoritarianism-exploring-power-dynamics

Marijuana in WA: the privacy issues at stake

By Jerry Whiting

Our longstanding, well-entrenched medical marijuana ecosystem is going away. Dispensaries disappear July 1 as medical marijuana patients are being shoved into the legal recreational market. This wouldn’t be a big deal if the Liquor Cannabis Board weren’t so dysfunctional.

Washington State is the only liberated territory that does *not* allow adult home grows. Everywhere else (AK, OR, CO & DC) allows adults over 21 to grow their own cannabis.

After July 1, authorized medical marijuana patients will be able to grow under extremely restrictive rules. Collective gardens are disappearing to be replaced by ‘cooperative gardens’.

The new cooperative gardens can have up to 4 members. Coop gardens must be at least one mile from a rec store (because they’re only stop gaps; the state wants everyone to shop at a rec store and pay the taxes). A cooperative garden must be at the residence of one of the members.

The above is nothing compared to the three facets of cooperative gardens that I find deeply disturbing.

1.) Only those who register with the state’s voluntary patient database can be in cooperative gardens. (So much for ‘voluntary’.)

2.) The patient cards have one’s diagnosis on them. Yes, your 502 budtender will know your health status when you use your card to avoid paying taxes in a rec store. Can Liquor Cannabis Board spell ‘HIPAA’?

3.) Cooperative gardens are subject to visits from Liquor Cannabis Board and law enforcement WITHOUT A WARRANT. Remember: cooperative gardens are at a member’s private residence.

I have absolutely no faith that LCB is capable or qualified to establish and maintain a secure patient database. With medical records being a target of choice for hackers around the world, I shudder to think how vulnerable MMJ patients will be.

Jerry Whiting is a Seattle-based cannabis activist and founder of LeBlanc CNE, Inc. Jerry has a checkered past that includes encryption & computer security, #Occupy, and Tibetan Buddhism. 

Documents temporarily removed; doing redactions

The material in the affidavits is just too vile to expose to easy public access. I will turn the post back on when I’ve redacted the relevant portions.

This is not a pleasant task.

If you, ICAC, the Seattle Police Department, the judicial system, and the rest actually want to fight the horrors described in these documents, maybe you should try educating yourselves. You pointlessly spent time and money hassling a Tor operator when things like this are going on. You had one job, and you botched it.

UPDATE  (4/11/2016, 12:34 A.M.) — Documents redacted, post back up. (See below.)