Hasta La Gadget!

The White House has hired its first ever chief privacy officer, and the the person to take the helm for the first time is Twitter‘s legal director Nicole Wong, who has over a decade of experience dealing with both copyright and privacy law. The appointment of a chief privacy officer comes at a curious time, when a handful of privacy bills are trying to make their way through Congress.

Before Twitter, Wong served as the vice president and deputy general counsel at Google for eight years, in which she headed a team of lawyers that were responsible for reviewing various aspects of a new product from the company, including details like privacy, copyright, and removal requests.

Details on the new gig are scarce, but CNET reports that the new position will report to the chief technology officer as a senior advisor of sorts. The current chief technology officer of the White House is Todd Park, who was just hired on about two months ago. Wong’s job will focus on internet and privacy policy.

Before working at Google, Wong received her law degree from the University of California at Berkeley. Frankly, we’re not surprised that the White House hired Wong. She hasn’t been at Twitter for that long, but the social media service has received high marks for its privacy policies and its user data protection.

[via CNET]

White House hires Twitter legal director as chief privacy officer is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

The Syrian Electronic Army strikes again, and this time, their target was both E! Online and Justin Bieber. In a series of tweets, the SEA stated that Justin Bieber was coming out of the closet and admitting to his homosexuality in an E! Online exclusive. The group provided links following those tweets, presumably to malware infested sites. The SEA finished up their practical joke with the tweet, “The Syrian Electronic Army was here! Fans of @justinbieber, you have been trolled.”

The fake tweets resulted in a huge wave of responses from Justin Bieber’s followers. Many were shocked, many were “not surprised”, and many were indifferent. Hacking E! Online is a strange change of pace for the Syrian Electronic Army, who normally goes after news publications and human rights organizations. But its attack was foreshadowed with a recent tweet dated May 1st that said, “The next target will be different…”

E! Online is the latest victim in the Syrian Electronic Army’s attacks, but it most certainly isn’t the last. Twitter knows that as well, and has informed everyone to make sure their password is complicated and secure, and that news publications keep their passwords out of their emails. Twitter recently went to battle with the SEA by deleting their Twitter accounts, but seeing as Official_SEA12 is still up, Twitter probably assumed their attempts were futile.

Twitter is also in the process of developing a two-factor authentication system that should dramatically reduce the amount of account hacks, but the company has yet to reveal a launch date for the service. The SEA has already targeted many other accounts, such as several of CBS’s accounts, BBC’s accounts, NPR’s accounts, The Guardian’s accounts, and many more. It won’t be too long now before another group is added onto the list.

[via Business Insider]

Syrian Electronic Army takes over E! Online’s Twitter Account is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

The online Aladdin’s cave and AMA forum Reddit has revealed a revamped privacy policy intended to make clear exactly how it deals with users’ data. Legalese is notably absent, with credit for that going to Lauren Gelman, a legal consultant who’s previously worked with the likes of the EFF — a member, like Reddit, of the Internet Defense League. Essentially, the new policy is geared towards allowing “your participation to remain as anonymous as you choose,” with the website stating that any of your data won’t be shared without consent, unless the law requires it. Even then, you will be notified, with the only exception being a court order that prevents it. Reddit also notes that deleting your account will remove your username from posts and comments, but they will remain on the site. As only the last edit performed stays on the servers, however, you could trek back through your history and strip everything out to finalize your departure. There’s much more in the announcement post and full policy document over at the source links, in case you wanna have a read before it all kicks in on May 15th.

Filed under: Internet

Comments

Source: Reddit (1), (2)

A new proposal from the government would require tech companies like Facebook or Google to allow law enforcement to place real-time wiretaps on a suspect’s communication mediums, like messaging apps, emails, and more. Law officials would present a court-ordered request to the companies, and if the companies don’t comply, they would receive a fine amounting to tens of thousands of dollars. If they choose not to pay the fine after 90 days, the fines will double each day afterwards.

This information comes from current and former U.S. officials who discussed the new proposal with the Washington Post. They say that the FBI is concerned that without having access to real-time communications from suspects, they could be missing out on critical evidence. Michael Sussmann, a former federal prosecutor and partner at the law firm Perkins Coie’s, stated that if there’s data that can be used to solve crimes, “the government will be interested.” He also says,

“Today, if you’re a tech company that’s created a new and popular way to communicate, it’s only a matter of time before the FBI shows up with a court order to read or hear some conversation.”

The proposal would let companies come up with their own ways to implement a wiretap-like feature. As long as the companies are able to come up with a solution that provides the FBI the information it needs, anything can work. In 2005, the Communications Assistance for Law Enforcement Act (CALEA), was expanded to require service providers and VoIP providers to implement real-time interception in their products. Now the FBI is seeking to expand the CALEA to cover social networks, messengers, and even online games as well.

The proposal has drawn a lot of criticism from civil rights groups, companies, and experts. Many companies assure their users before signing up that they will protect their privacy, so being required to implement wiretaps would result in a loss of customers for these companies. The wiretaps are also potentially susceptible to attacks from hackers seeking to use the wiretaps to spy on people and obtain sensitive information. Greg Nojeim, Senior Counsel at the Center for Democracy and Technology, stated,

“This proposal is a non-starter that would drive innovators overseas and cost American jobs. They might as well call it the Cyber Insecurity and Anti-Employment Act.”

[via Washington Post]

FBI seeks to fine tech companies failing to comply with real-time wiretaps is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Security concerns around Google Glass and what data access those casually – or nefariously – picking up your wearable might have has prompted the first DIY lock system for the headset, Bulletproof. Resembling the standard Android lockscreen, but adding some head-detection smarts to prevent you from having to swipe in a code every time you want to use Glass, Bulletproof is the handiwork of Explorer Edition owner Mike DiGiovanni.

As others have observed, Glass lacks any sort of locking system, which means that when you’re not wearing it – or supervising it – it’s possible that anybody could pick the wearable up and start digging through your data. That’s potentially not the most worrying exploit, however; as arch-tinkerer Jay Freeman pointed out this week, with the right software and a microUSB cable, a well-placed hacker could install surveillance malware onto your Glass and joyride every app you use, every photo and video you take, and potentially even track your location when wearing the headset.

DiGiovanni’s app addresses that concern in a straightforward way. Since Glass has no keypad, it uses a combination of user-customizable swipes and taps on the trackpad on the side of the eyewear to enter an unlock code. That access then stays valid all the time you’re actually wearing Glass.

Take it off – or have it pulled off your head, whether by a thief or someone keen to try it themselves – and Glass automatically re-locks.

Since Google isn’t exactly keen on native apps running on Glass at this point, preferring web-based services that hook up through the Mirror API, you’ll need to do a little modification if you want Bulletproof on your headset. As it’s a native Android app, Glass needs to be put into debug mode, and then ADB used to install it. You can find the source on GitHub.

Glass has thrown wearables security back into the spotlight in recent weeks, as issues of privacy and data management become increasingly discussed as more of the headsets work their way into the wild. Much of the concern voiced has been about what goes on in-front of the camera, particularly since the Explorer Edition units lack any sort of clearly visible indicator that recording might be taking place. At present, only the glow of the eyepiece could be used as a sign that Glass is capturing video; some have suggested that Google should have fitted a red LED on the outside, or even a sliding cover that could entirely block out the lens.

[via LivingThruGlass]

Google Glass Bulletproof lockscreen adds unofficial wearable security is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.