FourthAmendment.com points to a suppression ruling out of EDNY:

The government seized 61 hard drives to copy and copied four others then took it’s time analyzing them. The court finds the delay was unreasonable and was a “flagrant disregard” of the rights of the owner of the computers and target of the search and suppresses. United States v. Metter, 2011 U.S. Dist. LEXIS 155130 (E.D. N.Y. May 17, 2011) [apparently should be a 2012 citation]

Read the excerpt from the decision on FourthAmendment.com.

Bobby Caina Calvan reports:

Facebook rode more than enthusiasm to its $100 billion stock offering Friday, children’s advocates say. A crucial propellent was investors’ belief that lawmakers will not ban such social networks from selling troves of excruciatingly private details from the lives of teenagers.

For months, legislative attempts to expand and refine a children’s online protection law have moved at the speed of a dial-up connection. The law — itself a teenager, passed before the advent of Facebook, app-enhanced smartphones, and the vast apparatus of data-collection technologies — demands that firms obtain parental consent before tracking the information and the online movements of children. But it only applies to those ages 12 and under.

Now with data trollers creating huge libraries of digital profiles and teenagers often oblivious to the consequences of sharing their lives online, privacy advocates contend the need to broaden the law is urgent.

Read more on Boston Globe. And imagine the new flurry if Facebook tries to let the under-13 crowd join…

Facebook may relax a ban on children under the age of 13 joining its site after finding that many kids, some with their parents’ permission and help, were already using it.

“There is reputable evidence that there are kids under 13 who are lying about their age to get on to Facebook,” Sunday Times quoted Simon Milner, Facebook’s head of policy in Britain as saying.

Read more on Deccan Chronicle.

I think I can already hear Congress scrambling to hold hearings….

Clearly I am not a fan of all the U.S. states that have expanded DNA collection to include arrestees who are not even charged with felonies, much less convicted.  But the problems are not just in the U.S. The Metropolitan Police Service in the U.K. has seemingly joined the ranks of expanding warrantless surveillance. Glyn Moody writes on TechDirt:

As the mobile phone moves closer to the center of daily life in many parts of the world, combining phone, computer, camera, diary, music player, and much else all in one, it becomes a concentrated store of the digital DNA that defines us — who we talk to, what we search for, who we meet, what we listen to. However convenient that may be for us as users, it’s also extremely dangerous if it falls into the wrong hands.

Unfortunately, in the UK, it looks like London’s police force must now join the list of “wrong hands”:

The Metropolitan Police has implemented a system to extract mobile phone data from suspects held in custody.

The data includes call history, texts and contacts, and the BBC has learned that it will be retained regardless of whether any charges are brought.

Read more on TechDirt.

Sky News Australia adds:

An ICO spokesperson says ‘whilst we are not aware of this particular development, any personal information taken from an individual’s phone or other possessions and then held by the police during an investigation would have to comply with the Data Protection Act’.

Surely this type of thing should be considered a human rights and privacy violation in any civilized society. Given how much personal and sensitive information people may maintain on their phones, it’s time for the public to insist that law enforcement be held to a probable cause standard before being allowed to search or collect information – regardless of whether it is phone data or DNA.

Enough is enough.

I’ve covered the allegations against IKEA in previous blog posts. From the time allegations were first made public in French media, things moved quickly. Now France24 reports:

Swedish furniture manufacturer IKEA said Friday that it was firing its risk management director and three former managers at its French division over allegations they paid for access to secret police files on staff and customers.

Read more from AFP on France24.com.

Via @LossOfPrivacy

Evonne Barry, Stephanie Wilson report:

Victoria’s privacy chief has questioned the use of finger scanners to track students in schools.

At least two government schools have replaced traditional rollcalls with the biometric technology, which identifies students by their fingertips as they enter and exit school grounds.

Ringwood Secondary College is the latest school to adopt the hi-tech attendance tracker, after Nossal High School in Berwick.

Although both schools call the system a success, Acting Privacy Commissioner Dr Anthony Bendall questioned whether they were justified.

Read more in The Herald Sun.

Interesting statistic that (only) 50 out of 1400 parents opted out of this.

ZTE Corp, the world’s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device, Reuters reported.

The hole affects ZTE’s Score model that runs on Google Inc’s Android operating system and was described by one researcher as “highly unusual.”

“I’ve never seen it before,” said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike. The hole, usually called a backdoor, allows anyone with the hardwired password to access the affected phone, he added.

ZTE and fellow Chinese telecommunications equipment manufacturer, Huawei Technologies Co Ltd, have been stymied in their attempts to expand in the United States over concerns they are linked to the Chinese government, though both companies have denied this.

Read more on panarmenian.net.

Kit Chellel and Jeremy Hodges report that over 20 lawsuits that were filed against Facebook over tracking users even after they log out of their accounts have been consolidated. The cases will be heard as one lawsuit in federal court in San Jose.

“This is not just a damages action, but a groundbreaking digital-privacy rights case that could have wide and significant legal and business implications,” David Straite, a Stewarts Law partner, said.

Read more on The Montreal Gazette.

Katie Stallard of Sky News explains that even if you do not have a Facebook account, some of your browsing data may be collected by Facebook:

Facebook declined to comment on the lawsuit, but pointed to a 2011 privacy audit by the Irish Data Protection Commissioner, their European regulator, which examined the issue.

The commissioner’s report stated: “We were satisfied that no access was made to any information that could be considered to be personal data in the logged information for advertising or profiling purposes.”

Facebook Ireland said in response at the time that it had not designed its systems to track user or non-user browsing activity and that users had provided consent for the processing of data.

It said: “When you go to a website with a ‘Like’ button, we need to know who you are in order to show you what your Facebook friends have liked on that site. The data we receive includes your user ID, the website you’re visiting, the date and time, and other browser-related information.

“If you don’t have a Facebook account and visit a website with the Like button or another social plugin, your browser sends us a more limited set of information. For example, because you’re not a Facebook user, we don’t receive a user ID.

“We do receive the web page you’re visiting, the date and time, and other browser-related information. We record this information for a limited amount of time to help us improve our products.”

So Facebook is collecting some of my browsing history even though I have no account and am not even on their site? I don’t like that, but where’s the actual harm to me? I do think there’s more of an issue for people who actually have a Facebook account, and I’m not sure that I totally agree with Lauren Weinstein, who described the lawsuit as “inane.” We do agree, however, that there are a lot more serious threats to privacy.

Earlier today Associated Press reported:

A German data protection official has warned Facebook investors that the social networking site’s $38 starting share price is based on practices that breach European privacy rules.

Thilo Weichert, the data protection commissioner for the northern German state of Schleswig-Holstein says shareholders should be aware that if European privacy authorities have their way, “Facebook’s business model will implode.”

Read more on Seattle Times.

The Metropolitan Police has implemented a system to extract mobile phone data from suspects held in custody. The data includes call history, texts and contacts, and the BBC has learned that it will be retained regardless of whether any charges are brought. The technology is being used in 16 London boroughs, and could potentially be used by police across the UK. Campaign group Privacy International described the move as a "possible breach of human rights law"... More (BBC)

When:
Monday, May 21, 2012 from 5:30 PM to 7:30 PM (ET)

Where:
R. P . McMurphy's Pub
2912 Wasson Road
Cincinnati, OH 45209

Hosted By:
(ISC)² Central Ohio Chapter - SMBA

Security MBA  (Masters of Beer Appreciation) is a member driven, vendor neutral forum for Central Ohio Information Security Professionals. The Security MBA allows for Information Security Professionals to get together and discuss current information security related topics. Some of the benefits of attending the Security MBA:

• Free Adult Beverage of Choice
• 2 CPE/CEU for maintaining certification
• Opportunity to network with peers
• Learn about the latest trends impacting IT
• Help others by giving back to the INFOSEC Community

The Security MBA meets monthly in the Central Ohio area to share information of relevance to the Information Security and associated fields. We discuss emergent threats over pints of good beer, and have been doing so since 2004. Even better, the beer is usually free, thanks to our corporate sponsors.

As the Information Security field is broad, so are the range of topics, which include network, host and application security, privacy, law, cryptography, copyrights & patents, physical security, fire suppression, DR/BCP, ethics, forensic, biometrics, identity management, firearms, project management, development, data integrity, records retention and storage, optics, chemistry, hacking, red teams, DHS, NSA, FBI, ATF, etc. And beer. We operate under the Chatham House rule.

Register for this event now at :
http://www.eventbrite.com/event/3377772007/rss

Event Details:

 

Cincinnati SMBA -- securitymba.org 

March 19th at R.P McMurphy's Irish Pub

2912 Wasson Road
Cincinnati, OH 45209

 

Event Sponsor:

 

Chris Wrolstad

Account Executive

513-335-1741

Agenda

The night's theme is "Consumerization"  Topics of discussion involve:

• BYOD - Bring your own device
• Mobile applications
• SaaS, PaaS, IaaS
• The collapse of gate and moat security
• Deperimeterization
• Should we provide an expert system?
  

Come on out and enjoy a glass while we roundtable on an ever changing list of security topics.  We are a member driven group of security professionals from the Cincinnati area. Feel free to invite friends and peers.

The Cincinnati SMBA is by no means exclusive. The e-mail list is pretty ad-hoc.  If someone isn't invited, it's merely oversight.  The more the merrier, invite friends!!

Follow us on LinkedIn: Cincinnati SMBA
Please submit topic suggestions & feedback to: mike.schiebel@gmail.com

 

 

Bob Sullivan reports:

A mother who says her middle-school daughter was forced to let school officials browse the 13-year-old girl’s private Facebook page is speaking out against the practice because, she says, “other parents are scared to talk about it.”

Pam Broviak, who lives in the Chicago suburb of Geneva, Ill., says her daughter was traumatized when the principal of Geneva Middle School South forced the child to log in to her Facebook account, then rummaged through the girl’s private information.

Read more on Red Tape.

James Hutchinson reports:

Kaspersky Labs co-founder Eugene Kaspersky has backed Australian plans to mandate retention of user telco and internet subscriber data for two years, while cautioning against the introduction of mandatory data breach disclosure laws.

Kaspersky has at times called for users to shed pretensions of anonymity on the internet and adopt a quasi-licensing scheme to remove unnecesary, and largely ineffective, levels of security online.

However, the Russian billionaire and security expert tempered his previous arguments during a wide-ranging interview with SC Magazine, defending some governments’ plans to introduce or bolster data retention regimes.

Read more on SC Magazine.

Damn and blast.  The ACLU and New York Times have lost their lawsuit against the government that sought disclosure of the “secret interpretation” of the PATRIOT Act.  District Judge William H. Pauley III of the Southern District of NY ruled that the government met its burden in claiming the requested memo was exempt from disclosure under the Freedom of Information Act.

So we, the people, remain in the dark about how the DOJ is interpreting Section 215 of the PATRIOT Act – a law passed by our representatives.

In light of this, maybe it’s time for Congress to amend Section 215 to rewrite it in such a way that it permits no other interpretation other than what they intend.

 

 

 

Don Reisinger reports:

Twitter is the latest Web giant to support Do Not Track.

Ed Felten, chief technology officer at the Federal Trade Commission, announced today at an Internet Week privacy panel that Twitter will now stop tracking user data from those who opt-out. According to the New York Times, which was first to report on the news, Twitter’s tracking will be nixed with help from Firefox’s Do Not Track feature.

Twitter confirmed Felten’s statement in a tweet today, saying that the company “now supports Do Not Track.” Twitter also commended the FTC for its “leadership on Do Not Track.”

Read more on CNET.

IntaForensics are attending CEIC 2012 Nevada, showcasing the newest release of the most advanced and configurable Digital Forensic management solution, Lima Forensic Case Management v1.3.9. The new version due for release July 2012 has many new exciting features, such as the ability for users to order, hide and sort table views, and view exhibits in detailed, tile or icon view. Please stop by booth 416 for a demonstration or visit our website at www.intaforensics.com for further information.

John, the last time you were interviewed at Forensic Focus you were the Vice Chairman and Chief Legal Officer at Guidance Software. Now you're the founder and CEO of X1 Discovery - tell us about that move. I am proud to have been a co-founder and part of the senior team at Guidance Software for ten years. The early days at Guidance were exciting as we sowed new fields, just as we are doing now at X1 Discovery. At Guidance, we first pioneered Windows-based forensics, which was the new paradigm and represented an order of magnitude improvement over Dos-based forensics. Then circa 2004, we introduced and championed the concept of enterprise in-house eDiscovery, a strategy that ended up being Guidance’s main force of growth leading to our IPO in 2006. So after leaving in 2009 and engaging in consulting projects through 2010 I began discussions with X1, an Idealab Company that I always thought had excellent search technology for both the desktop and the enterprise... Read more

Craig Civale reports:

The United Educators Association in Fort Worth is encouraging its 20,000 members to use camera phones to deal with unruly students inside the classroom.

It’s a controversial subject that most North Texas school districts say they haven’t had to deal with, but with technology creeping into the classrooms, some say it’s only a matter of time.

“A classroom is not an expectation of privacy… that’s a public forum anybody can walk in, walk out… not an expectation of privacy,” said UEA executive director Larry Shaw.

Read more on WFAA.

So… fast forward, so to speak… the district starts recording what goes on in classrooms. For how long are the tapes retained before they are rolled over? Will students who claim they are being harassed by peers or staff be able to use the recordings to prove their claims? Will the recordings be used to discipline staff who don’t do their jobs well?

And more importantly, what happens to the notion of intellectual freedom and curiosity? Will students feel comfortable raising unpopular thoughts or questions if they know they are being recorded?

If Texas is having such significant problems with unruly students, investing in recording equipment doesn’t sound like a prudent investment of resources. I will bet you that most classrooms do not have token economies or behavior plans in place and that most teachers have not been adequately trained or supported in how to manage behavior – or how to recognize the signs and symptoms of disorders that need treatment or accommodation. Are research-validated building-wide interventions and programs to promote appropriate behavior even in place? And have they asked the teachers whose students are not unruly to serve as master teachers to help train their colleagues in successful techniques and strategies?

Cameras in the classroom will not reduce unruly behavior. They will only record it. I would hope Texas educators can be more creative in proactively preventing problem behavior.

Oxygen Software has updated Oxygen Forensic Suite 2012, the company’s flagship mobile forensic tool, offering investigators a greatly improved experience with more information accessible in easier ways. The newly added Spyware section allows analyzing logs and activities performed by common spyware applications and allows access to chunks of data that would be otherwise inaccessible to an investigator. Improved Apple iOS analysis can now retrieve user passwords stored in keychain backups created with iOS 4.x and 5.x. Parsing and analyzing keychain allows investigators access to most passwords stored in Apple iOS devices such as iPhone and iPad. Adding more than 1000 new devices Oxygen Forensic Suite 2012 now supports 5200+ devices. All registered customers may download the new version immediately from their personal customer area.