Jul 312014
 July 31, 2014  Posted by  Breaches, Featured News, Misc

Ed Felten writes:

Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly.

These attacks raise serious questions about research ethics and institutional responsibilities.


I’m hard pressed to think of previous examples where legitimate researchers carried out a large scale attack lasting for months that aimed to undermine the security of real users. That in itself is ethically problematic at least. The waters get even darker when we consider the data that the researchers might have gathered—data that would undermine the security of Tor users. Did the researchers gather and keep this data? With whom have they shared it? If they still have it, what are they doing to protect it? CERT, SEI, and CMU are not talking.

Read more on Freedom to Tinker.

Jul 312014
 July 31, 2014  Posted by  Business, Court, Featured News, Surveillance

A judge has ruled against Microsoft Corp., saying U.S. law enforcement can force the company to turn over emails it stores in Ireland.

Loretta Preska, a federal judge in New York, ruled from the bench Thursday after hearing oral arguments.

Read more of this Associated Press report on CBS. See also Zack Whittaker’s report on ZDnet for implications for EU.

There’s no statement up on Microsoft’s blog at the time of this posting, but I expect they’ll have something to say.

Jul 312014
 July 31, 2014  Posted by  Business, Govt, Online, Surveillance

Dana Liebelson writes:

US law enforcement and intelligence agencies are hitting Twitter with more information requests about its users than ever before, and in most cases the social network is handing over some data, according to a new  report released by the company  on Thursday. Twitter notes that many of the government demands, which are typically related to criminal investigations, are originating from  California, New York, and Virginia. They’re coming from federal, state, and local law enforcement and intelligence officials, a Twitter spokesman says.

Read more on Mother Jones.

Jul 312014
 July 31, 2014  Posted by  Business, Court

From Courthouse News:

Attorneys for Google urged a federal judge to ignore demands made by news outlets to deny requests to seal documents in a massive – and settled – class action over Gmail privacy.

News agencies – including Courthouse News, Gannett, McClatchy and the New York Times – lobbied U.S. District Judge Lucy Koh earlier this year to deny requests by Google and the lead plaintiffs to file under seal, citing public interest in the case involving millions of Gmail users. The sprawling class action dubbed In re Google Inc. – Gmail Litigation claimed that the tech giant’s new privacy policies violate federal computer fraud, eavesdropping and wiretap laws.

Read more on Courthouse News.