When a judge makes a good decision, it shouldn't be news. But, in this case, it's very good news indeed.  This week New York Magistrate Judge Gary Brown for the United States District Court for the Eastern District of New York filed a 26-page ruling pointing out that the person listed as an Internet account holder is often not the person using the account.

"It is no more likely that the subscriber to an IP address carried out a particular computer function–here the purported illegal downloading of a single pornographic film–than to say an individual who pays the telephone bill made a specific telephone call," Brown said in his Order & Report & Recommendation, filed May 1.

"An IP address merely identifies the location where a certain activity occurred", Brown noted. A computer in a household is usually shared, which means a child, a boyfriend, or any other visitor, is just as likely to be using the computer. Brown also noted that many households now have a wireless network. If the network is not secured, many people, including neighbors and strangers, can be sharing that IP address without the original account holder's knowledge.

"Considering the weak relationship between an IP address and personal identity, it's likely copyright holders were accusing the wrong people of violating copyright", Brown noted. Mass-BitTorrent lawsuits relying entirely on IP addresses to identify copyright infringers were a "waste of judicial resources," he wrote.

VIA: http://securitywatch.pcmag.com/security/297475-ip-address-not-a-person-judge-says-in-copyright-lawsuit

BackgroundCheck.org has developed an interesting infographic seaks to address your rights as a social network user. (Click below for a larger view.)

Via: http://www.backgroundcheck.org/social-networking-bill-of-rights/

This breach has already been confirmed by the big processors, and seems to be larger in scope than prior breaches.

VIA http://money.cnn.com/2012/03/30/technology/credit-card-data-breach/?source=cnn_bin

Sarkozy: Anyone who "consults Internet sites which promote terror" should go to jail | http://t.co/u34fQrH8

Researchers turn smartphone users into unwitting minions with a simple app

With mobile users becoming more reliant on their devices and accompanying applications, researchers from Northwestern University have discovered the ease with which user’s mobility can be “soft” controlled.

As smartphone apps become further and further integrate into our daily lives, you have to wonder if we’re in control of our desires or if mobile applications are starting to controlling us.

To discover the ease with which app users can be manipulated, researchers from the McCormick School of Engineering at Northwestern University underwent a study to determine whether they could change the habits of a smartphone user’s mobility through gaming and social-networking applications. The goal was to compel them to visit areas less frequented.

How can an application affect on our decisions on a daily basis?

Like with advertising, we can be compelled by Foursquare to achieve or maintain our “Mayor” standing at a particular restaurant or venue. We might be manipulated, for instance, to travel not to the local pizza shop, but instead to the Chinese food store that we’ve been visiting repeatedly for the last month.

The research was conducted by John Rula and Fabián E.

Bustamant and titled, “Crowd (Soft) Control Moving Beyond the Opportunistic.” They used four foundational elements that work together offer individuals incentives:

• Location: The location desired stated in terms of latitude and longitude, and optionally altitude and heading.
• Action: The type of action to be triggered at the particular location and time.
• Expiration Time: The time when the request is no longer valid; this is used to control the timing and relevancy of actions.
• Ranking: The relative importance of the location. This can be used by the game to differentiate incentives by priority Rula and Bustamant created an Android-based augmented reality game titled, “Ghost Hunter,” which required users to chase monsters and ghosts throughout the neighborhood. The objective of the game was to “zap” the ghosts and monsters by capturing the augmented image on their mobile phone’s camera. But what users were not aware of was the researcher’s underlying intent.

The researchers had positioned the ghosts in exact locations, around a predetermined building. The resulting photographs of the “ghosts” enabled the researchers to create a 3D picture of the building from the collected images. While the photographic modeling of the building was successfully crowdsourced by the unsuspecting “Ghost Hunter” gamers, what the researchers had also discovered was the ability to compel users to capture images of the building from angles and locations typically not frequented, as the image below indicates.

While mobile users are concerned about their privacy, the ease with which they can be “soft” controlled raises a whole new issue altogether. Games and social networks not only offer a means of learning more about the people who use them, they can potentially offer a way to control their actions. Manipulating users into conducting illegal acts or luring them to dangerous locations is very much a reality.

Only days ago, three Japanese tourists were mislead by their GPS into the Moreton Bay in Australia during a low tide and became trapped in the thick mud. With the tide rising, they were forced to abandon their waterlogged rental car.

Ultimately, users will have to decide for themselves where they draw the line. As the research reiterates, “As augmented reality gamers can be trusted to exercise their best judgment during play, users of extended location based applications should be trusted to judge the suggestions made through CSC (Crowd Soft Control).”

Via http://www.digitaltrends.com/mobile/researchers-turn-smartphone-users-into-unwitting-minions-with-a-simple-app/

In another astonishing development in the Megaupload saga, a judge in New Zealand’s High Court has declared the order used to seize Kim Dotcom’s assets as “null and void”. The blunder, which occurred because the police applied for the wrong type of court order, means that the Megaupload founder could have his property returned.

Just when it seemed that the handling of the Megaupload case couldn’t get any more controversial, a development from New Zealand has taken things to the next level.

Following the raids on Kim Dotcom’s mansion in January, police seized millions of dollars worth of property belonging to the Megaupload founder. But thanks to a police blunder, he could now see all of those assets returned.

On Friday, Justice Judith Potter in the High Court declared the order used to seize Dotcom’s property “null and void” after it was discovered that the police had acted under a court order that should have never been granted.

The error dates back to January when the police applied for the order granting them permission to seize Dotcom’s property. Rather than applying for an interim restraining order, the Police Commissioner applied for a foreign restraining order instead, one which did not give Dotcom a chance to mount a defense.

According to New Zealand Herald, on January 30th prosecution lawyer Anne Toohey wrote to the court explaining that the wrong order had been applied for and detailed five errors with the application.

Justice Potter said that police commissioner Peter Marshall tried to correct the error by applying for the correct order after the raids were completed and retrospectively adding the items already seized.

Although the correct order was eventually granted albeit on a temporary basis, Potter said she will soon rule on whether the “procedural error” will result in Dotcom having his property returned.

The Crown is arguing that since the new order was granted the earlier error no longer matters, but Dotcom’s legal team framed it rather differently by describing the seizure of assets as “unlawful”.

Whether the assets are returned will rest on Dotcom’s legal team showing a lack of “good faith” in connection with the blunder. A hearing to decide if the assets will be returned will take place next week.

Via http://torrentfreak.com/megaupload-seizure-order-null-and-void-says-high-court-120318/

Wired | CIA Chief: We’ll Spy on You Through Your Dishwasher

More and more personal and household devices are connecting to the internet, from your television to your car navigation systems to your light switches. CIA Director David Petraeus cannot wait to spy on you through them.

Earlier this month, Petraeus mused about the emergence of an “Internet of Things” — that is, wired devices — at a summit for In-Q-Tel, the CIA’s venture capital firm. “‘Transformational’ is an overused word, but I do believe it properly applies to these technologies,” Petraeus enthused, “particularly to their effect on clandestine tradecraft.” All those new online devices are a treasure trove of data if you’re a “person of interest” to the spy community. Once upon a time, spies had to place a bug in your chandelier to hear your conversation. With the rise of the “smart home,” you’d be sending tagged, geolocated data that a spy agency can intercept in real time when you use the lighting app on your phone to adjust your living room’s ambiance.

“Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters — all connected to the next-generation internet using abundant, low-cost, and high-power computing,” Petraeus said, “the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.” Petraeus allowed that these household spy devices “change our notions of secrecy” and prompt a rethink of “our notions of identity and secrecy.” All of which is true — if convenient for a CIA director.

The CIA has a lot of legal restrictions against spying on American citizens. But collecting ambient geolocation data from devices is a grayer area, especially after the 2008 carve-outs to the Foreign Intelligence Surveillance Act.

Hardware manufacturers, it turns out, store a trove of geolocation data; and some legislators have grown alarmed at how easy it is for the government to track you through your phone or PlayStation.

That’s not the only data exploit intriguing Petraeus.

He’s interested in creating new online identities for his undercover spies — and sweeping away the “digital footprints” of agents who suddenly need to vanish.

“Proud parents document the arrival and growth of their future CIA officer in all forms of social media that the world can access for decades to come,” Petraeus observed.

“Moreover, we have to figure out how to create the digital footprint for new identities for some officers.” It’s hard to argue with that. Online cache is not a spy’s friend. But Petraeus has an inadvertent pal in Facebook.

Why? With the arrival of Timeline, Facebook made it super-easy to backdate your online history. Barack Obama, for instance, hasn’t been on Facebook since his birth in 1961. Creating new identities for CIA non-official cover operatives has arguably never been easier. Thank Zuck, spies. Thank Zuck.

Via http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/

Privacy suit filed against Path, Twitter, Apple, Facebook, others Address book issue with mobile apps prompts privacy lawsuit against app makers.

Thirteen individuals have filed a lawsuit against more than a dozen mobile app makers—including Path, Twitter, Apple, and Facebook—who were accused of automatically uploading user address books without permission.

The suit, filed Monday in U.S. District Court in Austin, Texas, names 13 plaintiffs, most of them from Austin, and seeks class-action status. The defendants in the suit are: Path, Twitter, Apple, Facebook, Beluga, Yelp, Burbn, Instagram, Foursquare Labs, Gowalla, Foodspotting, Hipster, LinkedIn, Rovio Mobile, ZeptoLab UK, Chillingo, Electronic Arts, and Kik.

“Literally billions of contacts from the address books of tens of millions of unsuspecting wireless mobile device owners have now been accessed and stolen,” the suit says. “The surreptitious data uploads—occurring over both cellular networks and open, public wireless access nodes in homes, coffee shops, restaurants, bars, stores, and businesses all across the nation—have, quite literally, turned the address book owners’ wireless mobile devices into mobile radio beacons broadcasting and publicly exposing the unsuspecting device owner’s address book data to the world.” The lawsuit was prompted by reports last month that Path and a bunch of other apps were snagging address books from users without their permission when the users were prompted to find friends to connect with. The companies claimed they weren’t doing anything nefarious and figured that the users would have realized that access to contact lists were needed to provide the functionality. The news prompted questions from Congress for Apple, as well as public backlash, despite the fact that Path, Apple, and others promised to fix the problem.

Representatives from Twitter, Path and Kik said they had no comment on the lawsuit. LinkedIn spokesman Hani Durzy said, “Yes, we’ve seen the suit. It’s baffling, because quite simply, our mobile apps do not do what is alleged in the suit.” ZeptoLab provided this statement: “As far as we know we have not been legally served with any lawsuit, and thus have no comment at this time.” Representatives from the other companies did not immediately respond to e-mails seeking comment today.

Privacy has become a huge topic of concern for the industry, particularly when it comes to mobile devices. Google, Apple, and other mobile platform providers have reached an agreement with the California Attorney General’s office to require app developers to post visible privacy policies. And the Obama Administration is pushing for a code of conduct and is looking toward legislation to protect consumer privacy online.

Via http://news.cnet.com/8301-27080_3-57399021-245/privacy-suit-filed-against-path-twitter-apple-facebook-others/

FBI Can't Crack Android Pattern-Screen Lock | Threat Level | Wired.com

Pattern-screen locks on Android phones are secure, apparently so much so that they have stumped the Federal Bureau of Investigation.

The bureau claims in federal court documents that forensics experts performed “multiple attempts” to access the contents of a Samsung Exhibit II handset, but failed to unlock the phone.

An Android device requires the handset’s Google e-mail address and its accompanying password to unlock the handset once too many wrong swipes are made. The bureau is seeking that information via a court-approved warrant to Google in order to unlock a suspected San Diego-area prostitution pimp’s mobile phone. (For details on the pimp investigation, check out Ars Technica‘s story on the case.)

Locking down a phone is even more important today than ever because smart phones store so much personal information.

What’s more, many states, including California, grant authorities the right to access a suspect’s mobile phone, without a warrant, upon arrest for any crime.

Forensic experts and companies in the phone-cracking space agreed that the Android passcode locks can defeat unauthorized intrusions.

“It’s not unreasonable they don’t have the capability to bypass that on a live device,” said Dan Rosenberg, a consultant at Boston-based Virtual Security Research.

A San Diego federal judge days ago approved the warrant upon a request by FBI Special Agent Jonathan Cupina. The warrant was disclosed Wednesday by security researcher Christopher Soghoian, In a court filing, Cupina wrote: (.pdf)

Failure to gain access to the cellular telephone’s memory was caused by an electronic ‘pattern lock’ programmed into the cellular telephone. A pattern lock is a modern type of password installed on electronic devices, typically cellular telephones. To unlock the device, a user must move a finger or stylus over the keypad touch screen in a precise pattern so as to trigger the previously coded un-locking mechanism. Entering repeated incorrect patterns will cause a lock-out, requiring a Google e-mail login and password to override. Without the Google e-mail login and password, the cellular telephone’s memory can not be accessed. Obtaining this information from Google, per the issuance of this search warrant, will allow law enforcement to gain access to the contents of the memory of the cellular telephone in question.

Rosenberg, in a telephone interview, suggested the authorities could “dismantle a phone and extract data from the physical components inside if you’re looking to get access.” However, that runs the risk of damaging the phone’s innards, and preventing any data recovery.

Linda Davis, a spokeswoman for forensics-solutions company Logicube of suburban Los Angeles, said law enforcement is a customer of its CellXtract technology, which it advertises as a means to “fast and thorough forensic data extraction from mobile devices.” But that software, she said in a telephone interview, “is not going to work” on a locked device.

All of which is another way of saying those Android screen locks are a lot stronger than one might suspect.

It was not immediately clear whether the iPhone’s locking system is as powerful as its Android counterpart. But the iPhone’s passcode has been defeated with simple hacks, the latest of which was revealed in October 2010.

Clearly, the bureau is none too happy about having to call in Google for help. The warrant requires Google to turn over Samsung’s “default code” in “verbal” or “written instructions for overriding the ‘pattern lock’ installed on the Samsung model SGH-T679.” Google spokesman Chris Gaither would not say if Google would challenge any aspect of the warrant. Google, he said, does not comment on “specific cases.” “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying,” he said in an e-mail. “If we believe a request is overly broad, we will seek to narrow it.” Photo: Mike Dent/Flickr

Via http://www.wired.com/threatlevel/2012/03/fbi-android-phone-lock/