Obama Won’t Seek Access to Encrypted User Data (@nytimes)

In Chapter 6 of 10 Don’ts, “Don’t Let the Snoops In,” we discuss ways that the average user can protect their data from government and corporate spies.  Tech companies like Google and Apple have recently cooperated in that effort, adding encryption protocols to their devices.  More importantly, these companies (particularly Apple) have made it clear that they do NOT hold the decryption keys to unlock their devices.  So if a user refuses to decrypt his/her device for law enforcement, Apple cannot be compelled to do so — and indeed, would be unable to do so.

Federal agencies like the FBI and local law enforcement groups have argued that this makes it easy for criminals to hide data.  Apple, and many security experts, have countered by saying it is impossible to insert a “back door” available only to law enforcement.  Any weak link in the security chain — even if designed only for legitimate use — could potentially be exploited by thieves, unfriendly nation-states, and the everyday basement hacker.

The Obama Administration has now reached that same conclusion:

The Obama administration has backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices, concluding that it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit.

Full story: The New York Times

Ed Snowden joins Twitter, follows only the NSA (@arstechnica)

In chapter 6 of 10 Don’ts, “Don’t Let the Snoops In,” we discuss in great detail NSA whistleblower Edward Snowden and the documents he released into the public domain.

The former spy, living in exile in Russia, currently only follows one other Twitter account — the NSA’s.  But Snowden has quickly amassed over 1.1 million followers of his own, from all over the world — as shown in this animated GIF released by Twitter:

The @Snowden account carries a blue check mark, indicating that his identity has been verified by Twitter. His only substantive conversation so far has been with Neil deGrasse Tyson, the astrophysicist and all-around science-communicator-guy, who recently interviewed Snowden on his show Star Talk Radio.

Full story: Ars Technica

Designing IT Guidelines for Global Travel, EDUCAUSE Review

10 Don’ts author Eric Rzeszut and Bryan Lewis (both of the University of Virginia’s McIntire School of Commerce) have published a new article in EDUCAUSE Review.  Entitled “Designing IT Guidelines for Global Travel,” the article points out the info security risks inherent in international travel for academics.  The article also offers guidelines on how faculty, staff, and students can better protect their devices and their data, as well as a discussion of the legal ramifications from US and foreign perspectives.

“Global programs present a unique challenge for most universities. In addition to the educational experience, global program coordinators take on the responsibilities of student health and safety while shuttling students across time zones and countries. With the major logistical effort required to transport students around the world for academic pursuits, technology concerns can be an afterthought. By working closely with travel coordinators, IT departments can ensure that all parties are in compliance with operational, security as well as legal requirements as they travel in foreign lands.”

Designing IT Guidelines for Global Travel

Why the Hell Is Windows 10 Sharing My Wifi Passwords? (@gizmodo)

Without the profanity, we discussed Microsoft’s new Wi-fi Sense “feature” in chapter 7 (“Don’t Be Careless with Your Phone”) of 10 Don’ts.  We called it a “potentially enormous security risk,” and Gizmodo would seem to agree:

“Look, Microsoft. Just because I am Facebook friends with someone, doesn’t mean I want to share my wifi passwords with them.

[…]

I’m not really complaining about the existence of the feature in the first place — I can see how it could be helpful, if you’re a non-data-plan-having tween hopping between various wifi-enabled basements. It’s the fact that Wi-Fi Sense is enabled by default, and most people will never know that it’s there.”

Full story: Gizmodo

Comcast sued for turning home Wi-Fi routers into public hotspots (@sfgate)

In Chapter 5 of 10 Don’ts, we discuss some of the dangers in using wireless networks.  Though we focus mainly on public wifi networks, we also look at ways to better secure the reader’s home network.

We discuss the controversial Comcast/Xfinity plan, announced earlier this year, which adds a “secondary” wireless channel to subscribers’ home routers.  This secondary channel is freely accessible to other Xfinity users who may be in the area.  Comcast claims the subscriber’s personal data is not at risk and that the subscriber will not incur additional charges; however, individuals and groups have disputed these claims.

Now, two San Francisco women have filed a class-action lawsuit against Comcast and this “connection sharing” arrangement:

Two East Bay residents are suing Comcast for plugging their home’s wireless router into what they call a power-wasting, Internet-clogging, privacy threatening network of public Wi-Fi hotspots.

The class-action suit, filed last week in U.S. District Court in San Francisco on behalf of Toyer Grear and daughter Joycelyn Harris, claims Comcast is “exploiting them for profit” by using their Pittsburg home’s router as part of a nationwide network of public hotspots.

Full story: SFGate

Microsoft tells US: The world’s servers are not yours for the taking (@arstechnica)

Microsoft’s fight against the US position that it may search its overseas servers with a valid US warrant is getting nasty.

Microsoft, which is fighting a US warrant that it hand over e-mail to the US from its Ireland servers, wants the Obama administration to ponder a scenario where the “shoe is on the other foot.”

“Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany,” Microsoft said. “They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.”

In a Monday legal filing with the 2nd US Circuit Court of Appeals, Microsoft added that the US government would be outraged.

Full story: Ars Technica

Sen. Wyden puts forward a bill to ban data “backdoors” (@arstechnica)

In the wake of revelations about the extent of US spying, both Apple and Google announced in September their newest phones will be encrypted by default. That means no one—not law enforcement or the companies themselves—would be able to grab data off a locked device.

The FBI didn’t like that idea one bit and said so to Congress. On Thursday, Sen. Ron Wyden (D-Ore.) introduced a bill that, if passed, would make sure the companies can encrypt unmolested. The Secure Data Act would prohibit government agencies from requiring any “backdoors” be placed in US software or hardware.

Full story: Ars Technica

Facebook lays ground for ad push and payments with updated privacy policy (@macworld)

In chapter 6 of 10 Don’ts, we advise the reader: “Don’t let the snoops in.”  While we focus much of the chapter’s attention on government “three-letter” agencies attempting to access personal data, we also discuss the growing issue of corporate “snooping” with the goal of “targeted advertising.”  Companies want to put the products you use, the items you search for, front-and-center when they display advertisements to you.  This continues to be a controversial topic, with privacy implications at stake.

If you haven’t already, you may soon notice advertisements for items you searched for in Google and Bing showing up as ads in your Facebook feed.  Our fictional character at the beginning of chapter 6, a lawyer named Maria, argues that this isn’t a big deal — if we’re all going to see ads anyway, why not see relevant ads?  But this is far from a universal belief!

“Facebook’s new data policy, which is reportedly 70 percent shorter than the previous version, spells out what information the network collects on you, but the new data use policy might as well spell out what the company doesn’t save—it would probably be even shorter.

One of the gems: ‘We receive information about you and your activities on and off Facebook from third-party partners, such as information from a partner when we jointly offer services or from an advertiser about your experiences or interactions with them.'”

Full story: MacRumors