Dutch Privacy Regulator Says Windows 10 Breaks the Law

An anonymous reader quotes a report from Ars Technica: The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA)….

An anonymous reader quotes a report from Ars Technica: The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law. To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn’t always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection — though this language still wasn’t explicit about what was collected and why — and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen. In the Creators Update, Microsoft also explicitly enumerated all the data collected in Windows 10’s “Basic” telemetry setting. However, the company has not done so for the “Full” option, and the Full option remains the default. The DPA’s complaint doesn’t call for Microsoft to offer a complete opt out of the telemetry and data collection, instead focusing on ensuring that Windows 10 users know what the operating system and Microsoft are doing with their data. The regulator says that Microsoft wants to “end all violations,” but if the software company fails to do so, it faces sanctions.

Read more of this story at Slashdot.

DJI Unveils Technology To Identify and Track Airborne Drones

garymortimer shares a report from sUAS News: DJI, the world’s leader in civilian drones and aerial imaging technology, has unveiled AeroScope, its new solution to identify and monitor airborne drones with existing technology that can address safety, se…

garymortimer shares a report from sUAS News: DJI, the world’s leader in civilian drones and aerial imaging technology, has unveiled AeroScope, its new solution to identify and monitor airborne drones with existing technology that can address safety, security and privacy concerns. AeroScope uses the existing communications link between a drone and its remote controller to broadcast identification information such as a registration or serial number, as well as basic telemetry, including location, altitude, speed and direction. Police, security agencies, aviation authorities and other authorized parties can use an AeroScope receiver to monitor, analyze and act on that information. AeroScope has been installed at two international airports since April, and is continuing to test and evaluate its performance in other operational environments. AeroScope works with all current models of DJI drones, which analysts estimate comprise over two-thirds of the global civilian drone market. Since AeroScope transmits on a DJI drone’s existing communications link, it does not require new on-board equipment or modifications, or require extra steps or costs to be incurred by drone operators. Other drone manufacturers can easily configure their existing and future drones to transmit identification information in the same way.

Read more of this story at Slashdot.

US Government Has ‘No Right To Rummage’ Through Anti-Trump Protest Website Logs, Says Judge

A Washington D.C. judge has told the U.S. Department of Justice it “does not have the right to rummage” through the files of an anti-Trump protest website — and has ordered the dot-org site’s hosting company to protect the identities of its users. The…

A Washington D.C. judge has told the U.S. Department of Justice it “does not have the right to rummage” through the files of an anti-Trump protest website — and has ordered the dot-org site’s hosting company to protect the identities of its users. The Register reports: Chief Judge Robert E. Morin issued the revised order [PDF] Tuesday following a high-profile back and forth between the site’s hosting biz DreamHost and prosecutors over what details Uncle Sam was entitled to with respect to the disruptj20.org website. “As previously observed, courts around the country have acknowledged that, in searches for electronically stored information, evidence of criminal activity will likely be intermingled with communications and other records not within the scope of the search warrant,” he noted in his ruling. “Because of the potential breadth of the government’s review in this case, the warrant in its execution may implicate otherwise innocuous and constitutionally protected activity. As the Court has previously stated, while the government has the right to execute its Warrant, it does not have the right to rummage through the information contained on DreamHost’s website and discover the identity of, or access communications by, individuals not participating in alleged criminal activity, particularly those persons who were engaging in protected First Amendment activities.” The order then lists a series of protocols designed to protect netizens “to comply with First Amendment and Fourth Amendment considerations, and to prevent the government from obtaining any identifying information of innocent persons.”

Read more of this story at Slashdot.

Amazon Is Reportedly Building a Doorbell That Lets Drivers Into Your House

According to CNBC, Amazon is working with Phrame, a maker of smart license plates that allow items to be delivered to a car’s trunk, to build a smart doorbell that would give delivery drivers one-time access to a person’s home to drop off items. From t…

According to CNBC, Amazon is working with Phrame, a maker of smart license plates that allow items to be delivered to a car’s trunk, to build a smart doorbell that would give delivery drivers one-time access to a person’s home to drop off items. From the report: Phrame’s product fits around a license plate and contains a secure box that holds the keys to the car. Users unlock the box with their smartphone, and can grant access to others — such as delivery drivers — remotely. The new initiatives are part of Amazon’s effort to go beyond convenience and fix problems associated with unattended delivery. As more consumers shop online and have their packages shipped to their homes, valuable items are often left unattended for hours. Web retailers are dealing with products getting damaged by bad weather as well as the rise of so-called porch pirates, who steal items from doorsteps. Amazon also has an incentive to reduce the number of lost packages, as they can be costly.

Read more of this story at Slashdot.

Equifax Made Salary, Work History Available To Anyone With Your SSN and DOB

An anonymous reader quotes a report from KrebsOnSecurity: In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown numbe…

An anonymous reader quotes a report from KrebsOnSecurity: In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone’s Social Security number and date of birth — both data elements that were stolen in the recent breach at Equifax. At issue is a service provided by Equifax’s TALX division called The Work Number. The service is designed to provide automated employment and income verification for prospective employers, and tens of thousands of companies report employee salary data to it. The Work Number also allows anyone whose employer uses the service to provide proof of their income when purchasing a home or applying for a loan.

The homepage for this Equifax service wants to assure visitors that “Your personal information is protected.” “With your consent your personal data can be retrieved only by credentialed verifiers,” Equifax assures us, referring mainly to banks and other entities that request salary data for purposes of setting credit limits. Sadly, this isn’t anywhere near true because most employers who contribute data to The Work Number — including Fortune 100 firms, government agencies and universities — rely on horribly weak authentication for access to the information.

Read more of this story at Slashdot.

US Studying Ways To End Use of Social Security Numbers For ID

wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House…

wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House cybersecurity coordinator, said Tuesday. Joyce told a forum at the Washington Post that officials were studying ways to use “modern cryptographic identifiers” to replace social security numbers. “I feel very strongly that the social security number has outlived its usefulness,” Joyce said. “It’s a flawed system.” For years, social security numbers have been used by Americans to open bank accounts or establish their identity when applying for credit. But stolen social security numbers can be used by criminals to open bogus accounts or for other types of identity theft. Joyce said the administration has asked officials from several agencies to come up with ideas for “a better system” which may involve cryptography. This may involve “a public and private key” including “something that could be revoked if it has been compromised,” Joyce added.

Read more of this story at Slashdot.

Will London Monetize Wifi Tracking Data From Its Tube Passengers?

New questions are arising about how much privacy you’ll have on London’s underground trains. “For a month at the end of last year, Wi-fi signals were used to track passenger journeys across the network,” writes Gizmodo. “The idea is that as we travel a…

New questions are arising about how much privacy you’ll have on London’s underground trains. “For a month at the end of last year, Wi-fi signals were used to track passenger journeys across the network,” writes Gizmodo. “The idea is that as we travel across the Tube network, Wi-fi beacons in stations would detect the unique ID — the MAC address — of our phones, tablets and other devices — even if we’re not connected to the Tube’s wifi network.” The only way to opt-out is to turn off your phone’s Wi-Fi. An anonymous reader writes:
London is struggling with the transport network capacity so the ability to learn commuters’ travel patterns is compelling… Now it emerged that TfL, the operator of London Subway system, is planning to use the system to monetize passengers’ data. TfL is also not ruling out sharing the data with third-parties in future.
More information shows that the privacy protection could not be as good as TfL maintains, with reversible hashing and options of giving data to law enforcement. A privacy engineering expert points out additional issues in pseudonymisation scheme and communication inconsistencies. Final deployment has been initially scheduled to start in end of 2017.
“Once the tools are in place, there will inevitably be a temptation to make use of them,” warns Engadget, raising the possibility of the data’s use for advertising — or even the availability to law enforcement of location data for every passenger.

Read more of this story at Slashdot.

Amazon’s Echo Spot Is a Sneaky Way To Get a Camera Into Your Bedroom

Yesterday, Amazon announced six new hardware products at a surprise event in Seattle. The one that everyone is talking about though is called the Echo Spot — a little alarm clock with a camera that will probably be pointing directly at your bed. “Whil…

Yesterday, Amazon announced six new hardware products at a surprise event in Seattle. The one that everyone is talking about though is called the Echo Spot — a little alarm clock with a camera that will probably be pointing directly at your bed. “While all the focus is on what the Echo Spot looks like, it’s important to remember that Amazon is using the Spot as a very clever way of making you comfortable with having a camera in your bedroom,” reports The Verge. From the report: Amazon launched its Echo Look camera earlier this year to judge your outfits. It’s designed to sit in your wardrobe and offer you style advice, and it was Amazon’s first Echo device with a camera. Amazon quickly followed it up with the Echo Show, a touchscreen device that sits in your kitchen and lets you watch tutorials or recipes and participate in video calls. Amazon’s Look device is still only available exclusively by invitation, and in hindsight it now looks like experimental hardware to gauge the reaction of a camera in the bedroom. A litmus test, if you will. Echo Spot feels like the real push to get cameras inside your smart home. It’s more than just an alarm clock, but Amazon is definitely pushing this as a $130 device that will sit next to your bed. Promotional materials show it sitting on nightstands, providing a selection of clock faces and news / weather information. The privacy concerns are obvious: an always-listening (for a keyword) microphone in your bedroom, and a camera pointing at your bed.

Read more of this story at Slashdot.

Moscow Deploys Facial Recognition to Spy on Citizens in Streets

Moscow is adding facial-recognition technology to its network of 170,000 surveillance cameras across the city in a move to identify criminals and boost security. From a report: Since 2012, CCTV recordings have been held for five days after they’re capt…

Moscow is adding facial-recognition technology to its network of 170,000 surveillance cameras across the city in a move to identify criminals and boost security. From a report: Since 2012, CCTV recordings have been held for five days after they’re captured, with about 20 million hours of video stored at any one time. “We soon found it impossible to process such volumes of data by police officers alone,” said Artem Ermolaev, head of the department of information technology in Moscow. “We needed an artificial intelligence to help find what we are looking for.” Moscow says the city’s centralized surveillance network is the world’s largest of its kind. The U.K. is one of the most notorious for its use of CCTV cameras but precise figures are difficult to obtain. However, a 2013 report by the British Security Industry Association estimated there were as many as 70,000 cameras operated by the government across the nation.

Read more of this story at Slashdot.

Moscow Deploys Facial Recognition to Spy on Citizens in Streets

Moscow is adding facial-recognition technology to its network of 170,000 surveillance cameras across the city in a move to identify criminals and boost security. From a report: Since 2012, CCTV recordings have been held for five days after they’re capt…

Moscow is adding facial-recognition technology to its network of 170,000 surveillance cameras across the city in a move to identify criminals and boost security. From a report: Since 2012, CCTV recordings have been held for five days after they’re captured, with about 20 million hours of video stored at any one time. “We soon found it impossible to process such volumes of data by police officers alone,” said Artem Ermolaev, head of the department of information technology in Moscow. “We needed an artificial intelligence to help find what we are looking for.” Moscow says the city’s centralized surveillance network is the world’s largest of its kind. The U.K. is one of the most notorious for its use of CCTV cameras but precise figures are difficult to obtain. However, a 2013 report by the British Security Industry Association estimated there were as many as 70,000 cameras operated by the government across the nation.

Read more of this story at Slashdot.