CAT | Surveillance
There is a good analysis of the nature and implications of the latest “Bullrun” leaks over at A Few Thoughts on Cryptographic Engineering. It is worth reading.
Welcome to Episode 11 of The Privacy Blog Podcast, brought to you by Anonymizer.
In this episode, I’ll discuss the shutdown of secure email services by Lavabit and Silent Circle. In addition, we’ll dive into the problem with hoarding Bitcoins and how you can protect yourself while using the increasingly popular online currency. Lastly, I’ll chat about whether teens actually care about online privacy and an ad agency’s shocking decision to use high-tech trash cans to measure Wi-Fi signals in London.
Please leave any questions or feedback in the comments section. Thanks for listening.
There has been a lot of chatter about implications of first Lavabit and then Silent Circle’s Silent Mail being shut down by their operators.
In both cases, it appears that there was information visible to the services which could be compelled by search warrants, court orders, or national security letters.
I want to assure Anonymizer users that we have no such information about Anonymizer Universal users that could be compelled. While we know who our customers are, for billing purposes, we have no information at all about what they do.
This has been tested many times, under many different kinds of court orders, and no user activity information has ever been provided, or could be provided.
ArsTechnica has a nice article on a recent ruling by the US Fifth Circuit court of appeals.
In this 2-1 decision, the court ruled that cellular location information is not covered by the fourth amendment, and does not require a warrant. The logic behind this ruling is that the information is part of business records created and stored by the mobile phone carriers in the ordinary course of their business.
Therefor, the data actually belongs to the phone company, and not to you. The Stored Communications Act says that law enforcement must get a warrant to obtain the contents of communications (the body of emails or the audio of a phone call) but not for meta-data like sender, recipient, or location.
The court suggests that if the public wants privacy of location information that they should demand (I suppose through market forces) that providers delete or anonymize the location information, and that legislation be enacted to require warrants for access to it. Until then, they say we have no expectation of privacy in that information.
The Fifth Circuit covers Louisiana, Mississippi, and Texas.
This ruling conflicts with a recent New Jersey Supreme Court, which unanimously ruled that law enforcement does not have that right, which ruling only applies in New Jersey.
Montana has a law requiring a warrant to obtain location information, while in California a similar bill was vetoed.
It seems very likely that one or more of these cases will go to the supreme court.
Welcome to the June edition of the Privacy Blog Podcast, brought to you by Anonymizer.
In June’s episode, I’ll discuss the true nature of the recently leaked surveillance programs that has dominated the news this month. We’ll go through a quick tutorial about decoding government “speak” regarding these programs and how you can protect yourself online.
Later in the episode, I’ll talk about Facebook’s accidental creation and compromise of shadow profiles along with Apple’s terrible personal hotspot security and what you can do to improve it.
Thanks for listening!