Security News This Week: Now California Wants to Ban Encrypted Phones, Too
This week, 16 states got tired of waiting for the Feds to do something and introduced their own legislation that would provide new privacy protections for student data, employee social media accounts, location tracking, and more. Zcash, an untraceable Bitcoin alternative, launched its first public alpha release. An Israeli research firm found an old Linux bug that left millions of devices vulnerable. Kim Zetter explained everything we know so far about Ukraine’s power plant hack. We learned that the toy drones we use for fun can also be used by ISIS. The annual list of the 25 worst passwords made us all look dumb, but was actually a bit of hopeful news. We also explained why, and how, you should encrypt your selfies.
But that’s not all. Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there!
Et tu, California? Not long after a New York lawmaker introducing a bill to prohibit the sale of smartphones with unbreakable encryption, California Assemblymember Jim Cooper has, well, introduced a bill to prohibit the sale of smartphones with unbreakable encryption. The only real difference is that New York has cited the fight against terrorism as its rationale, while the Golden State is going with human trafficking. The bill may be illegal under the Dormant Commerce Clause, lawyers speculated. Meanwhile, Senator Dianne Feinstein’s office told the Daily Dot that the Senate bill that would grant law enforcement access to encrypted communications, remains on track, despite rumors of a delay.
After the FBI took control of Playpen, one of the largest child porn websites online, it didn’t shut it down. Instead, it spent 13 days early last year running the site in order to catch users. It left sexually explicit images of children online and did not block users from uploading new ones during that time period. The feds injected the site, hosted on Tor Hidden Services, with malware to crack the anonymity of its users. More than 100,000 registered users visited the site while it was controlled by the FBI. Of those, 137 have been charged with a crime. In the past, the government has instructed agents not to allow explicit images of children to become public.
John Holdren, President Obama’s senior advisor on science and technology, is the latest victim of a hacker associated with the now-disbanded group Crackas With Attitude. A teen going by the moniker “Fearz” apparently used a spear phishing attack to break into Holdren’s email account and home phone number, and forwarded calls to the Free Palestine Movement. (Crackas With Attitude hacked Director of National Intelligence James Clapper just last week). The White House confirmed the hack.
UK counterterrorism laws violate the right to a free press, a British appeals court ruled in a case involving the seizure of encrypted documents from David Miranda in August 2013. Miranda, the partner of journalist Glenn Greenwald, faced a nine-hour interrogation at Heathrow airport while transporting Snowden documents from Laura Poitras to Greenwald. British authorities had previously argued that disclosing (or threatening to disclose) the Snowden files was itself a terrorist act. The court determined that detention of Miranda was lawful under Schedule 7 of the Terrorism Act, but also stated that the statute itself is incompatible with Article 10 of the European Convention of Human Rights, which provides the right to freedom of expression and information. This ruling will require government ministers to reexamine the Terrorism Act.
MIKEY-SAKKE, the voice encryption protocol promoted by the British intelligence agency GCHQ, has a massive backdoor that would allow for undetectable mass surveillance, according to Steven Murdoch, a research fellow at University College in London. The backdoor would allow anyone with access to a master private key to decrypt communications in bulk, including past calls. Key escrow, an arrangement where everyone’s keys are stored by a third party—such as the government—who can use the key to decrypt communications as needed, is the motivation for the broken protocol, Murdoch wrote.
Americans are sometimes willing to give up their privacy in exchange for sweet deals, a new Pew Research Center study indicates. However, when assessing various hypothetical scenarios, the vast majority of people surveyed found certain tradeoffs unacceptable. Many also expressed concern about the security of the information they did share, and anger about negative consequences of data sharing, like third party advertising, invasive customer profiling, and the gathering of location data.
After raiding 15 addresses across the Netherlands, Dutch police arrested 10 men they suspected of using Bitcoin to launder as much as $22 million from online drug deals on the deep web. The men were caught after numerous bank deposits and withdrawals of large sums of cash, De Telegraaf reports.
Add Erik Barnett to the list of government officials looking to outlaw anonymity. The US Immigration and Customs Enforcement assistant deputy director, who also serves as an attaché to the EU at the Department of Homeland Security, argued that everyone should be required to display a digital license plate while browsing online in an article published in FIC Observatory.
Verifying information may be old hat to journalists, but apparently that doesn’t extend to cross-referencing Facebook friend requests from people claiming to be journalists with the mastheads of publications they claim to write for. “Emma Parker,” a Facebook user pretending to be a Politico reporter, has managed to friend reporters and editors at prominent publications including the New York Times, the Washington Post, Bloomberg, and even Politico itself—in spite of the fact that there is no Politico reporter by that name. Meanwhile, “Anna Goldberg,” a Facebook user claiming to be a journalist at the Atlantic, has made friends with unsuspecting journalists at ABC News, IBTimes, and Politico. Reverse image searches for both so-called journalists lead to Russian LinkedIn accounts.