Privacy

Comcast Accidentally Published 200,000 'Unlisted' Phone Numbers (arstechnica.com) 23

An anonymous reader quotes a report from Ars Technica: Comcast mistakenly published the names, phone numbers, and addresses of nearly 200,000 customers who paid monthly fees to make their numbers unlisted. The names and numbers were made available on Ecolisting, a directory run by Comcast, and picked up by third-party directories. After discovering the mistake, Comcast shut Ecolisting down, gave $100 credits to affected customers, and advised them that they can change their phone numbers at no charge. This is similar to a mistake in the early 2010s that resulted in Comcast paying a $33 million settlement in 2015.

The Denver Post reported last week: "For years, customers have had the ability to pay a small sum per month to ensure their phone numbers and personal information remain off of telephone and online directories. But in January and February, thousands of people across the country received letters from Xfinity telling them the company had inadvertently published personal information on Comcast's online directory, Ecolisting.com. The issue affected 2 percent of Comcast's 9.9 million voice customers, the company said."
In a statement to Ars, Comcast said, "We have corrected this issue for our identified customers, apologized to them for this error, and given them an additional $100 credit. We are working with our customers directly to address this issue and help make it right, and are taking steps to prevent this from happening again."

Comcast also warned that "this information could be available on online directories or through other public sources that Comcast does not control." If that's the case, the company advises contacting those online directories directly and/or changing your Xfinity Voice telephone number.
Electronic Frontier Foundation

EFF: .Org Sale 'Threatens Instability and Dysfunction' (eff.org) 26

In a scathing editorial, EFF continues to oppose Ethos Capital's plan to buy the PIR's .org domain registry for $1.1 billion, arguing that "the current system is stable and functional, and changing it threatens to introduce instability and dysfunction with no countervailing benefit to the community..."

"[W]hile there is nothing currently wrong with .ORG, there is a lot that could go wrong if this deal moves forward." Ethos and PIR have repeatedly defended the proposed deal by arguing that converting PIR to a privately owned, for-profit enterprise will allow it to offer "new products and services," but without explaining what those new offerings might be. On Thursday, they finally admitted that they actually don't know what additional products and services .ORG registrants want or need, citing a lack of market research...

The for-profit PIR that Ethos envisions would be a fundamentally different organization than today's PIR, and we have serious concerns about its business model and financial stability. Nothing we've heard from PIR and Ethos has convinced us that PIR should be transformed from something that we all know works to something that's unproven. To the contrary, the Ethos deal raises concrete dangers of censorship, financial and technical instability, and price-gouging of non-commercial .ORG registrants. And despite making their case for months, proponents of the deal haven't identified any specific benefits it would impart to .ORG users.

ICANN can, and should, reject this change to the .ORG registry. But that time is running out; ICANN's current deadline to make a decision is Friday, March 20. You can still speak out: the ICANN Board is holding a public forum next week, Monday March 9 at 10am-11:30am Eastern Daylight Time. Anyone can join by videoconference and address the Board.

Java

Oracle's Allies Against Google Include Scott McNealy and America's Justice Department (zdnet.com) 135

America's Justice Department "has filed a brief in support of Oracle in its Supreme Court battle against Google over whether Java should have copyright protection," reports ZDNet: The Justice Department filed its amicus brief to the Supreme Court this week, joining a mighty list of briefs from major tech companies and industry luminaries — including Scott McNealy, co-founder of Sun, which Oracle bought in 2010, acquiring Sun-built Java in the process. While Microsoft, IBM and others have backed Google's arguments in the decade-long battle, McNealy, like the Justice Department, is opposing Google. McNealy called Google's description of how it uses Java packages a "woeful mischaracterization of the artful design of the Java packages" and "an insult to the hard-working developers at Sun who made Java such a success...."

Joe Tucci, former CEO of now Dell-owned enterprise storage giant EMC, threw in his two cents against Google. "Accepting Google's invitation to upend that system by eliminating copyright protection for creative and original computer software code would not make the system better — it would instead have sweeping and harmful effects throughout the software industry," Tucci's brief reads.

Oracle is also questioning the motives of Google's allies, reports The Verge: After filing a Supreme Court statement last week, Oracle VP Ken Glueck posted a statement over the weekend assailing the motives of Microsoft, IBM, and the CCIA industry group, all of which have publicly supported Google. Glueck's post comes shortly after two groups — an interdisciplinary panel of academics and the American Conservative Union Foundation — submitted legal briefs supporting Oracle. Both groups argued that Google should be liable for copying code from the Java language for the Android operating system. The ACUF argued that protecting Oracle's code "is fundamental to a well-ordered system of private property rights and indeed the rule of law itself...."

Earlier this year, Google garnered around two dozen briefs supporting its position. But Oracle claims that in reality, "Google appears to be virtually alone — at least among the technology community." Glueck says Google's most prominent backers had ulterior motives or "parochial agendas"; either they were working closely with Google, or they had their own designs on Java...

Even if you accept Oracle's arguments wholeheartedly, there's a long list of other Google backers from the tech community. Advocacy groups like the Electronic Frontier Foundation and the Center for Democracy and Technology signed on to amicus briefs last month, as did several prominent tech pioneers, including Linux creator Linus Torvalds and Apple cofounder Steve Wozniak. The CCIA brief was signed by the Internet Association, a trade group representing many of the biggest companies in Silicon Valley. Patreon, Reddit, Etsy, the Mozilla Corporation, and other midsized tech companies also backed a brief raising "fundamental concerns" about Oracle's assertions.

Privacy

'Ring' Upgrades Privacy Settings After Accusations It Shares Data With Facebook and Google (cbsnews.com) 26

Amazon's Ring doorbell cameras just added two new privacy and security features "amid rising scrutiny on the company," reports The Hill, including "a second layer of authentication by requiring users to enter a one-time code shared via email or SMS when they try to log in to see the feed from their cameras starting this week...

"Until recently the company did not notify users when their accounts had been logged in to, meaning that hackers could have accessed camera feeds without owners being aware."

But CBS News reports that the changes appeared "two weeks after a study showed the company shares customers' personal information with Facebook, Google and other parties without users' consent." In late January, an Electronic Frontier Foundation (EFF) study found the company regularly shares user data with Facebook, including that of Ring users who don't have accounts on the social media platform... EFF claims the company shares a lot of other user data, including people's names, email addresses, when the doorbell app was being used, the number of devices a user has, model numbers of devices, user's unique internet addresses and more. Such information could allow third parties to know when Ring users are at home or away, and potentially target them with advertising for services based on that info...

The change will let Ring users block the company from sharing most, but not all, of their data. A company spokesperson said people will be able to opt out of those sharing agreements "where applicable." The spokesperson declined to clarify what "where applicable" might mean.

Evan Greer, deputy director of digital rights organization Fight for the Future, shared a skeptical response with The Hill.

"No amount of security updates will change the fact that these devices are enabling a nationwide, for-profit, surveillance empire. Amazon Ring is fundamentally incompatible with democracy and human rights."
The Internet

Gopher's Rise and Fall Shows How Much We Lost When Monopolists Stole the Net (eff.org) 69

Science-fiction writer, journalist and longtime Slashdot reader, Cory Doctorow, a.k.a. mouthbeef, writes: The Electronic Frontier Foundation (EFF) just published the latest installment in my case histories of "adversarial interoperability" -- once the main force that kept tech competitive. Today, I tell the story of Gopher, the web's immediate predecessor, which burrowed under the mainframe systems' guardians and created a menu-driven interface to campus resources, then the whole internet. Gopher ruled until browser vendors swallowed Gopherspace whole, incorporating it by turning gopher:// into a way to access anything on any Gopher server. Gopher served as the booster rocket that helped the web attain a stable orbit. But the tools that Gopher used to crack open the silos, and the moves that the web pulled to crack open Gopher, are radioactively illegal today.

If you wanted do to Facebook what Gopher did to the mainframes, you would be pulverized by the relentless grinding of software patents, terms of service, anticircumvention law, bullshit theories about APIs being copyrightable. Big Tech blames "network effects" for its monopolies -- but that's a counsel of despair. If impersonal forces (and not anticompetitive bullying) are what keeps tech big then there's no point in trying to make it small. Big Tech's critics swallow this line, demanding that Big Tech be given state-like duties to police user conduct -- duties that require billions and total control to perform, guaranteeing tech monopolists perpetual dominance. But the lesson of Gopher is that adversarial interoperability is judo for network effects.

Electronic Frontier Foundation

Did the Early Internet Activists Blow It? (slate.com) 128

Mike Godwin, the first staff counsel of the Electronic Frontier Foundation, writes in a column: Another thing we clearly got wrong is how large platforms would rise to dominate their markets -- even though they never received the kind of bespoke regulated-monopoly partnership with governments that, generations before, the telephone companies had received. In most of today's democracies, Google dominates search and Facebook dominates social media. In less-democratic nations, counterpart platforms -- like Baidu and Weibo in China or VK in Russia -- dominate their respective markets, but their relationships with the relevant governments are cozier, so their market-dominant status isn't surprising. We didn't see these monopolies and market-dominant players coming, although we should have. Back in the 1990s, we thought that a thousand website flowers would bloom and no single company would be dominant. We know better now, particularly because of the way social media and search engines can built large ecosystems that contain smaller communities -- Facebook's Groups is only the most prominent example. Market-dominant players face temptations that a gaggle of hungry, competitive startups and "long tail" services don't, and we'd have done better in the 1990s if we'd anticipated this kind of consolidation and thought about how we might respond to it as a matter of public policy. We should have -- the concern about monopolies, unfair competition, and market concentration is an old one in most developed countries -- but I have no reflexive reaction either for or against antitrust or other market-regulatory approaches to address this concern, so long as the remedies don't create more problems than they solve.

What's new and more troubling is the revival of the idea, after more than half a century of growing freedom-of-expression protections, that maybe there's just too much free speech. There's a lot to unpack here. In the 1990s, social conservatives wanted more censorship, particularly of sexual content. Progressive activists back then generally wanted less. Today, progressives frequently argue that social media platforms are too tolerant of vile, offensive, hurtful speech, while conservatives commonly insist that the platforms censor too much (or at least censor them too much). Both sides miss obvious points. Those who think there needs to be more top-down censorship from the tech companies imagine that when censorship efforts fail, it means the companies aren't trying hard enough to enforce their content policies. But the reality is that no matter how much money and manpower (plus less-than-perfect "artificial intelligence") Facebook throws at curating hateful or illegal content on its services, and no matter how well-meaning Facebook's intentions are, a user base edging toward 3 billion people is always going to generate hundreds of thousands, and perhaps millions, of false positives every year. On the flip side, those who want to restrict companies' ability to censor content haven't given adequate thought to the consequences of their demands. If Facebook or Twitter became what Sen. Ted Cruz calls a "neutral public forum," for example, they might become 8chan writ large. That's not very likely to make anyone happier with social media.

Security

Public Wi-Fi is a Lot Safer Than You Think (eff.org) 80

Jacob Hoffman-Andrews, writing for EFF: If you follow security on the Internet, you may have seen articles warning you to "beware of public Wi-Fi networks" in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was. The advice stems from the early days of the Internet, when most communication was not encrypted. At that time, if someone could snoop on your network communications -- for instance by sniffing packets from unencrypted Wi-Fi or by being the NSA -- they could read your email. Starting in 2010 that all changed. Eric Butler released Firesheep, an easy-to-use demonstration of "sniffing" insecure HTTP to take over people's accounts. Site owners started to take note and realized they needed to implement HTTPS (the more secure, encrypted version of HTTP) for every page on their site. The timing was good: earlier that year, Google had turned on HTTPS by default for all Gmail users and reported that the costs to do so were quite low. Hardware and software had advanced to the point where encrypting web browsing was easy and cheap.

However, practical deployment of HTTPS across the whole web took a long time. One big obstacle was the difficulty for webmasters and site administrators of buying and installing a certificate (a small file required in order to set up HTTPS). EFF helped launch Let's Encrypt, which makes certificates available for free, and we wrote Certbot, the easiest way to get a free certificate from Let's Encrypt and install it. Meanwhile, lots of site owners were changing their software and HTML in order to make the switch to HTTPS. There's been tremendous progress, and now 92% of web page loads from the United States use HTTPS. In other countries the percentage is somewhat lower -- 80% in India, for example -- but HTTPS still protects the large majority of pages visited. [...] What about the risk of governments scooping up signals from "open" public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies. If that's the case, it means the same information is commonly visible to the government whether they sniff it from the air or from the wires.

Privacy

Ring Doorbell App Packed With Third-Party Trackers (eff.org) 150

Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers. An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers' personally identifiable information (PII). From the report, shared by reader AmiMoJo: Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers. The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user's device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it.

All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done. Even when this information is not misused and employed for precisely its stated purpose (in most cases marketing), this can lead to a whole host of social ills. Ring has exhibited a pattern of behavior that attempts to mitigate exposure to criticism and scrutiny while benefiting from the wide array of customer data available to them. It has been able to do so by leveraging an image of the secure home, while profiting from a surveillance network which facilitates police departments' unprecedented access into the private lives of citizens, as we have previously covered. For consumers, this image has cultivated a sense of trust in Ring that should be shaken by the reality of how the app functions: not only does Ring mismanage consumer data, but it also intentionally hands over that data to trackers and data miners.

The Courts

EFF Defends Bruce Perens Victory Against 'Open Source Security' in Appeals Court 30

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. (And then left it this January 2nd.)

But in 2017 Perens was also sued partly over comments made in a Slashdot discussion. He's just shared a video from the 9th Circuit Appeals Court hearing -- along with this update: Open Source Security Inc. and their CEO, Mr. Bradley Spengler, sued me for 3 Million dollars for defamation, because I wrote this blog post, in which I explained why I thought they were in violation of the GPL. They lost in the lower court, and had to file this $300,000 bond to pay for my defense, which will be awarded to my attorneys if the appeals court upholds the lower court's finding.

Because OSS/Spengler are in Pensylvania and I am in California, this was tried before a Magistrate in Federal court, with the laws of California and the evidentiary rules of the Federal Court. Thus, I am now in the 9th Circuit for appeal.

The first attorney to appear is for OSS/Spengler. The second works for EFF, and the third for O'Melveny. In my opinion EFF and O'Melveny did a great job.

If you are interested in the case, I have a partial archive of the case documents from PACER, and a link to PACER where the rest can be found, here.
Books

'Unauthorized Bread': A Tale of Jailbreaking Refugees Versus IoT Appliances (arstechnica.com) 32

Science fiction writer, journalist and longtime Slashdot reader, Cory Doctorow, a.k.a. mouthbeef, writes: My novella "Unauthorized Bread" -- originally published last year in Radicalized from Tor Books -- has just been published on Ars Technica: it's an epic tale of jailbreaking refugees versus the disobedient IoT appliances they're forced to use, and it's being turned into a TV show by The Intercept's parent company and a graphic novel by First Second with help from Jennifer Doyle. Making the story open access was in honor of the book being shortlisted for Canada Reads, Canada's national book award. The story builds on the work I've done with EFF to legalize jailbreaking, including our lawsuit to overturn parts of the DMCA. The story is part of a lineage with a long history of /. interest, starting with my 2002 Salon story 0wnz0red, and it only seemed fitting that I let you know about it!
Electronic Frontier Foundation

EFF Files Amicus Brief In Google v. Oracle, Arguing APIs Are Not Copyrightable (eff.org) 147

Areyoukiddingme writes: EFF has filed an amicus brief with the U.S. Supreme Court in Google v. Oracle, arguing that APIs are not copyrightable. From the press release: "The Electronic Frontier Foundation (EFF) today asked the U.S. Supreme Court to rule that functional aspects of Oracle's Java programming language are not copyrightable, and even if they were, employing them to create new computer code falls under fair use protections. The court is reviewing a long-running lawsuit Oracle filed against Google, which claimed that Google's use of certain Java application programming interfaces (APIs) in its Android operating system violated Oracle's copyrights. The case has far-reaching implications for innovation in software development, competition, and interoperability.

In a brief filed today, EFF argues that the Federal Circuit, in ruling APIs were copyrightable, ignored clear and specific language in the copyright statute that excludes copyright protection for procedures, processes, and methods of operation. 'Instead of following the law, the Federal Circuit decided to rewrite it to eliminate almost all the exclusions from copyright protection that Congress put in the statute,' said EFF Legal Director Corynne McSherry. 'APIs are not copyrightable. The Federal Circuit's ruling has created a dangerous precedent that will encourage more lawsuits and make innovative software development prohibitively expensive. Fortunately, the Supreme Court can and should fix this mess.'" Oral arguments before the U.S. Supreme Court are scheduled for March 2020, and a decision by June.

The Internet

Internet Pioneers Fight For Control of .Org Registry By Forming a Nonprofit Alternative (nytimes.com) 17

Reuters reports that a group of "prominent internet pioneers" now has a plan to block the $1.1 billion sale of the .org internet domain registry to Ethos Capital.

The group has created their own nonprofit cooperative to offer an alternative: "There needs to be a place on the internet that represents the public interest, where educational sites, humanitarian sites, and organizations like Wikipedia can provide a broader public benefit," said Katherine Maher, the CEO of Wikipedia parent Wikimedia Foundation, who signed on to be a director of the new nonprofit.

The crowd-sourced research tool Wikipedia is the most visited of the 10 million .org sites registered worldwide...

Hundreds of nonprofits have already objected to the transaction, worried that Ethos will raise registration and renewal prices, cut back on infrastructure and security spending, or make deals to sell sensitive data or allow censorship or surveillance... "What offended me about the Ethos Capital deal and the way it unfolded is that it seems to have completely betrayed this concept of stewardship," said Andrew McLaughlin, who oversaw the transfer of internet governance from the U.S. Commerce Department to ICANN, completed in 2016.

Maher and others said the idea of the new cooperative is not to offer a competing financial bid for .org, which brings in roughly $100 million in revenue from domain sales. Instead, they hope that the unusual new entity, formally a California Consumer Cooperative Corporation, can manage the domain for security and stability and make sure it does not become a tool for censorship. The advocacy group Electronic Frontier Foundation (EFF), which previously organized a protest over the .org sale that drew in organizations including the YMCA of the United States, Greenpeace, and Consumer Reports, is also supporting the cooperative.

"It's highly inappropriate for it to be turned over to a commercial venture at all, much less one that's going to need to recover $1 billion," said EFF Executive Director Cindy Cohn.

Electronic Frontier Foundation

Brookline Votes To Ban Face Surveillance (eff.org) 32

The town of Brookline, Massachusetts, became the fifth municipality in the nation to ban its government agencies from using face surveillance. The passage of Article 25 comes as a new study from the National Institute of Standards and Technology (NIST) found that many of the world's top facial recognition algorithms are biased along lines of age, race, and ethnicity. The Electronic Frontier Foundation reports: Brookline joins nearby Somerville as the two Massachusetts municipalities to have banned face surveillance. The two Metro-Boston area municipalities have chosen to protect their residents now, rather than wait for the passage of state-level protections. Massachusetts is poised to become the first state in the nation to enact a state-level moratorium on all use of the technology.

Brookline's State Senator Cynthia Stone Creem sponsored a bill (S.1385) that would impose a moratorium on government use of the technology throughout the commonwealth. That moratorium would remain in place until state lawmakers enact an authorizing statute that clearly outlines what agencies are permitted to use the technology, requires audits, protects civil liberties, and establishes minimum accuracy rates to prevent disparate impact against women, people with darker skin, and young people. Polling from the ACLU of Massachusetts has indicated high levels of support for the statewide moratorium, with 79 percent of likely Massachusetts voters voting in favor.

Electronic Frontier Foundation

EFF Challenges Ring's Spokesperson Shaq To A Discussion About Police Surveillance (eff.org) 64

Shaq O'Neal was one of the greatest players in basketball history. But as a spokesperson for Amazon's Ring security cameras, the EFF also calls him the "one man at Ring who might listen to reason," challenging him to go one-on-one with the EFF's privacy experts: In just a year and a half, Amazon's Ring has set up more than 500 partnerships with law enforcement agencies to convince communities to spy on themselves through doorbell cameras and its social app, Neighbors. The company is moving recklessly fast with little regard for the long-term risks of this mass surveillance technology. These partnerships threaten free speech and the well-being of communities, vastly expand police surveillance, undermine trust between police and residents, and enable racial profiling by exacerbating suspicion and paranoia.

So far, Amazon has not committed to making any changes. But we think one person at Ring might listen: basketball legend Shaquille O'Neal.

Shaq has been a spokesperson and co-owner of Ring since 2016, and has been nearly as much a public face of the company as its CEO, Jamie Siminoff. EFF would like to sit down with Shaq to discuss how Ring's partnerships with police can actually end up harming the communities that the company hopes to keep safe. If we wanted to learn how to dunk, we would go to Shaq. Before he promotes the sale of cameras that surveil neighborhoods indiscriminately, Shaq should come to the experts. Shaq, sit down with us and learn how these partnerships turn our neighborhoods into vast, unaccountable surveillance networks.

The Courts

Pennsylvania Supreme Court Rules Police Can't Force You To Tell Them Your Password (eff.org) 73

An anonymous reader quotes a report from the Electronic Frontier Foundation: The Pennsylvania Supreme Court issued a forceful opinion today holding that the Fifth Amendment to the U.S. Constitution protects individuals from being forced to disclose the passcode to their devices to the police. In a 4-3 decision in Commonwealth v. Davis, the court found that disclosing a password is "testimony" protected by the Fifth Amendment's privilege against self-incrimination. EFF filed an amicus brief in Davis, and we were gratified that the court's opinion closely parallels our arguments. The Fifth Amendment privilege prohibits the government from coercing a confession or forcing a suspect to lead police to incriminating evidence. We argue that unlocking and decrypting a smartphone or computer is the modern equivalent of these forms of self-incrimination.

Crucially, the court held that the narrow "foregone conclusion exception" to the Fifth Amendment does not apply to disclosing passcodes. As described in our brief, this exception applies only when an individual is forced to comply with a subpoena for business records and only when complying with the subpoena does not reveal the "contents of his mind," as the U.S. Supreme Court put it. The Pennsylvania Supreme Court agreed with EFF. It wrote: "Requiring the Commonwealth to do the heavy lifting, indeed, to shoulder the entire load, in building and bringing a criminal case without a defendant's assistance may be inconvenient and even difficult; yet, to apply the foregone conclusion rationale in these circumstances would allow the exception to swallow the constitutional privilege. Nevertheless, this constitutional right is firmly grounded in the "realization that the privilege, while sometimes a shelter to the guilty, is often a protection to the innocent."

Privacy

DHS Will Soon Have Biometric Data On Nearly 260 Million People (qz.com) 40

The U.S. Department of Homeland Security (DHS) expects to have face, fingerprint, and iris scans of at least 259 million people in its biometrics database by 2022, according to a recent presentation from the agency's Office of Procurement Operations reviewed by Quartz. From the report: That's about 40 million more than the agency's 2017 projections, which estimated 220 million unique identities by 2022, according to previous figures cited by the Electronic Frontier Foundation (EFF), a San Francisco-based privacy rights nonprofit.

A slide deck, shared with attendees at an Oct. 30 DHS industry day, includes a breakdown of what its systems currently contain, as well as an estimate of what the next few years will bring. The agency is transitioning from a legacy system called IDENT to a cloud-based system (hosted by Amazon Web Services) known as Homeland Advanced Recognition Technology, or HART. The biometrics collection maintained by DHS is the world's second-largest, behind only India's countrywide biometric ID network in size. The traveler data kept by DHS is shared with other U.S. agencies, state and local law enforcement, as well as foreign governments.

Crime

Are Amazon's 'Ring' Cameras Exacerbating Societal Inequality? (theatlantic.com) 437

In one of America's top cities for property crime, the Atlantic examines the "porch pirate" of San Francisco's Potrero Hill. It's an 8,000-word long read about how one of the neighborhood's troubled long-time residents "entered a vortex of smart cameras, Nextdoor rants, and cellphone surveillance," in a town where the public hospital she was born in is now named after Mark Zuckerberg.

Her story begins when a 30-something product marketing manager at Google received a notification on his iPhone from his home surveillance camera, sharing a recording of a woman stealing a package from his porch. He cruises the neighborhood, spots her boarding a city bus, and calls 911, having her arrested. The article notes that 17% of America's homeowners now own a smart video surveillance device. But it also seems to be trying to bring another perspective to "the citizen surveillance facilitated by porch cams and Nextdoor to the benefit of corporations and venture capitalists."

From the article: Under the reasoning that more surveillance improves public safety, over 500 police departments -- including in Houston and a stretch of Los Angeles suburbs -- have partnered with Ring. Many departments advertise rebates for Ring devices on government social-media channels, sometimes offering up to $125. Ring matches the rebate up to $50. Dave Maass, a senior investigative researcher at the Electronic Frontier Foundation, a nonprofit focused on digital civil liberties, said it's unseemly to use taxpayer money to subsidize the build-out of citizen surveillance. Amazon and other moneyed tech companies competing for market share are "enlisting law enforcement to be their sales force, to have the cops give it their imprimatur of credibility," said Maass, a claim echoed in an open letter to government agencies from more than 30 civil-rights organizations this fall and a petition asking Congress to investigate the Ring partnerships. (Ring disputes this characterization....)

In some cities, the relationship between the police and companies has gone beyond marketing. Amazon is helping police departments run "bait box" operations, in which police place decoy boxes on porches -- often with GPS trackers inside -- to capture anyone who tries to steal them... Amazon sent police free branded boxes, and even heat maps of areas where the company's customers suffer the most thefts...

Stings and porch-pirate footage attract media attention -- but what comes next for the thieves rarely gets the same limelight. Often, perpetrators face punishments whose scale might surprise the amateur smart-cam detectives and Nextdoor sleuths who help nail them... In December, the U.S. attorney for the Eastern District of Arkansas announced an enforcement campaign called Operation Porch Pirate. Two suspects were arrested and charged with federal mail theft. One pleaded guilty to stealing $170.42 worth of goods, including camouflage crew socks and a Call of Duty video game from Amazon, and was sentenced to 14 months of probation. Another pleaded guilty to possession of stolen mail -- four packages, two from Amazon -- and awaits sentencing of up to five years in prison and a $250,000 fine...

While porch cams have been used to investigate cases as serious as homicides, the surveillance and neighborhood social networking typically make a particular type of crime especially visible: those lower-level ones happening out in public, committed by the poorest. Despite the much higher cost of white-collar crime, it seems to cause less societal hand-wringing than what might be caught on a Ring camera, said W. David Ball, a professor at Santa Clara University School of Law. "Did people really feel that crime was 'out of control' after Theranos?" he said. "People lost hundreds of millions of dollars. You would have to break into every single car in San Francisco for the next ten years to amount to the amount stolen under Theranos."

In the article the EFF's investigative researcher also asks if police end up providing more protection to affluent communities than the ones that can't afford Amazon's Ring cameras. But W. David Ball, the law professor, also asks whether locking up low-level criminals is just ignoring the larger issue of poverty in increasingly expensive cities.

"Everyone assumes that jail works to deter people. But I don't know if I were hungry, and had no other way of eating, that that would deter me from stealing."
Privacy

Berkeley City Council Unanimously Votes To Ban Face Recognition (eff.org) 48

An anonymous reader quotes a report from the Electronic Frontier Foundation: Berkeley has become the third city in California and the fourth city in the United States to ban the use of face recognition technology by the government. After an outpouring of support from the community, the Berkeley City Council voted unanimously to adopt the ordinance introduced by Councilmember Kate Harrison earlier this year. Berkeley joins other Bay Area cities, including San Francisco and Oakland, which also banned government use of face recognition. In July 2019, Somerville, Massachusetts became the first city on the East Coast to ban the government's use of face recognition.

The passage of the ordinance also follows the signing of A.B. 1215, a California state law that places a three-year moratorium on police use of face recognition on body-worn cameras, beginning on January 1, 2020. As EFF's Associate Director of Community Organizing Nathan Sheard told the California Assembly, using face recognition technology "in connection with police body cameras would force Californians to decide between actively avoiding interaction and cooperation with law enforcement, or having their images collected, analyzed, and stored as perpetual candidates for suspicion."

The Internet

China's Global Reach: Surveillance and Censorship Beyond the Great Firewall (eff.org) 68

An anonymous reader shares a report: Those outside the People's Republic of China (PRC) are accustomed to thinking of the Internet censorship practices of the Chinese state as primarily domestic, enacted through the so-called "Great Firewall" -- a system of surveillance and blocking technology that prevents Chinese citizens from viewing websites outside the country. The Chinese government's justification for that firewall is based on the concept of "Internet sovereignty." The PRC has long declared that "within Chinese territory, the internet is under the jurisdiction of Chinese sovereignty." Hong Kong, as part of the "one country, two systems" agreement, has largely lived outside that firewall: foreign services like Twitter, Google, and Facebook are available there, and local ISPs have made clear that they will oppose direct state censorship of its open Internet.

But the ongoing Hong Kong protests, and mainland China's pervasive attempts to disrupt and discredit the movement globally, have highlighted that China is not above trying to extend its reach beyond the Great Firewall, and beyond its own borders. In attempting to silence protests that lie outside the Firewall, in full view of the rest of the world, China is showing its hand, and revealing the tools it can use to silence dissent or criticism worldwide. Some of those tools -- such as pressure on private entities, including American corporations NBA and Blizzard -- have caught U.S. headlines and outraged customers and employees of those companies. Others have been more technical, and less obvious to the Western observers.

Electronic Frontier Foundation

EFF Wins Access To License Plate Reader Data To Study Law Enforcement Use 62

An anonymous reader quotes a report from the Electronic Frontier Foundation: Electronic Frontier Foundation (EFF) and the American Civil Liberties Union Foundation of Southern California (ACLU SoCal) have reached an agreement with Los Angeles law enforcement agencies under which the police and sheriff's departments will turn over license plate data they indiscriminately collected on millions of law-abiding drivers in Southern California. The data, which has been deidentified to protect drivers' privacy, will allow EFF and ACLU SoCal to learn how the agencies are using automated license plate reader (ALPR) systems throughout the city and county of Los Angeles and educate the public on the privacy risks posed by this intrusive technology. A weeks' worth of data, composed of nearly 3 million data points, will be examined.

ALPR systems include cameras mounted on police cars and at fixed locations that scan every license plate that comes into view -- up to 1,800 plates per minute. They record data on each plate, including the precise time, date, and place it was encountered. The two Los Angeles agencies scan about 3 million plates every week and store the data for years at a time. Using this data, police can learn where we were in the past and infer intimate details of our daily lives such as where we work and live, who our friends are, what religious or political activities we attend, and much more. EFF and ACLU SoCal reached the agreement with the Los Angeles Police and Sheriff's Departments after winning a precedent-setting decision in 2017 from the California Supreme Court in our public records lawsuit against the two agencies. The court held that the data are not investigative records under the California Public Records Act that law enforcement can keep secret.
"After six years of litigation, EFF and ACLU SoCal are finally getting access to millions of ALPR scans that will shed light on how the technology is being used, where it's being used, and how it affects people's privacy," said EFF Surveillance Litigation Director Jennifer Lynch. "We persevered and won a tough battle against law enforcement agencies that wanted to keep this information from the public. We have a right to information about how government agencies are using high-tech systems to track our locations, surveil our neighborhoods, and collect private information without our knowledge and consent."

Slashdot Top Deals