Planning on getting arrested in California any time soon? You’d better make sure your text archives are free from any incriminating information as the state’s Supreme Court has now ruled it legal for police to check your missives folder without the need for a warrant. The justification for this privacy intrusion is that a phone search is “incidental” to a lawful arrest and its contents, much like the contents of your pockets or bags, fall within the realm of reasonable search. Two of the judges in the case did dissent, with one noting that “never before has it been possible to carry so much personal or business information in one’s pocket or purse,” which she argues should afford your iPhone, Droid or BB a higher level of privacy protection than, say, the packet of gummy bears you have in the other pocket. What do you think?
You might have heard how careless some third-party apps can be with your personal data, but it may not yet have hit home — offenders can include must-have programs like MySpace and Pandora, too. The Wall Street Journal tested 101 popular apps for iPhone and Android and discovered that over half transmitted unique device identifiers (UDID) to a flock of advertisers without so much as a prompt, and that some (including Pandora) even transmitted a user’s age, gender and location to better target their marks. Now, before you boycott your favorite music apps, you might want to hear the other side of the story, which is that all this data is typically processed in batches and anonymized so that advertisers can’t necessarily separate you from the crowd. However, the worry is that there may be little stopping nefarious individuals from creating a database that links your UDID to all this other data you send out. It’s a juicy proposition for targeted advertising, sure, but also potentially real-world crime, so we doubt this will be the last we hear of UDID privacy scares.
When Google’s Street View cars glide through your neighborhood next, you can leave the WPA2 encryption off — Canada says that the company has “discontinued” the practice of snooping on unsecured WiFi networks with its mapping vehicles, and “has no plans to resume it.” That’s one of several findings in a report by Canada’s privacy commissioner today, which also claims that the controversial data collection feature was the work of a single Google engineer, and that Google intends to use smartphones to pinpoint WiFi networks from now on. Naturally, the latter caused the commissioner concern that Android phones might capture the same data as the cars. Perhaps you’d best keep those shields up after all.
The latest thrilling installment in BlackBerry’s Middle East saga has turned out not to be so thrilling after all. Having set an October 11 deadline for RIM to comply with its “telecommunications regulatory framework,” the United Arab Emirates is today reporting that the BlackBerry maker has managed to make the necessary changes with plenty of time to spare. Consequently, there’ll be no state-ordained curtailing of email, web, or BBM services within the UAE, which mirrors similar agreements that BlackBerry has managed to finagle with India and Saudi Arabia. Of course, the grand purpose of the UAE’s ultimatum was for RIM to allow the state access to encrypted messaging communications, and while the current announcement is pointedly missing details on what’s been done to appease the Abu Dhabi decision makers, we can’t imagine them giving up the fight without RIM making some type of concession. And the shady, undisclosed concessions happen to be our least favorite kind.
The forty-eight hour deadline came and went, but Saudi Arabia didn’t pull the plug — citing a “positive development” in RIM’s efforts to appease Saudi regulators, the country has allowed BlackBerry messaging services to continue for the time being. Saudi Arabia’s Communications and Information Technology Commission (CITC) didn’t specify what the aforementioned “development” was, but thanks to well-placed anonymous sources we can hazard a guess: “CITC will now be able to monitor communications via messaging services,” one Saudi telecom official told the Wall Street Journal, and Reuters reports that RIM will hand over BlackBerry decryption codes to the country. That’s all for now, but expect this issue to bubble back to the surface again in the United Arab Emirates come October.
It took two long years for India to (allegedly) tap BlackBerry traffic, but Saudi Arabia may not have to wait nearly as long; the Wall Street Journal reports that RIM has all but agreed to set up a local server in the country. While we’ve no details yet on what the deal entails, an unnamed Saudi telecom official said negotiations are already in the final stages. Sorry, RIM, but it looks like Saudi Arabia called your bluff. We imagine the company will deny any potential for government snooping in short order… and both Indonesia and the United Arab Emirates will start planning their own attempts to wrest away control. We’ll let you know where this house of cards falls.
Update: Saudi Arabia has reportedly given its three national cellular carriers 48 hours to try out proposed solutions that “meet the regulatory demands” of the country, else the BlackBerry messaging ban will take effect as originally planned.
Reports out of India this morning claim that RIM has agreed a deal with the local government to permit its security agencies to “monitor” email and messaging done on BlackBerry devices. There’s even a roadmap for this snooperiffic rollout, as all consumer email is expected to be opened up within 15 days and tools are being developed over the next six to eight months to allow chat surveillance as well. A very detailed report indeed, but the IDG News service reports RIM has rubbished the entire thing, stating it’s in a continuing dialog with the Indian government and discussions remain confidential. Then again, we’d expect RIM to keep up the facade as long as possible, considering the likely domino effect a capitulation in India would have in nearby states that have similar security concerns. In the mean time, Nokia has meekly announced it’ll be complying with the Indian government’s rules for push mail and is “installing the required infrastructure.” For more on that and the BlackBerry saga, hit the source links below.
Looks like those regulators over in the Middle East don’t mess about. Following this week’s revelation that the United Arab Emirates’ telco overseers weren’t happy with being unable to monitor how people were using their BlackBerrys, today we’re hearing what their solution to the problem will be: an outright ban. Internet access, email and instant messaging on RIM devices will be blocked in the UAE starting this October — provided, of course, that the Canadian phone maker doesn’t do something in the meantime to appease the authorities. Saudi Arabia is similarly peeved with the BBM service, which it intends to shut down later this month. And just in case you were wondering why all this drama is taking place, the BBC cites a Saudi Telecom board member as admitting it’s designed to pressure RIM into releasing users’ communication data “when needed.” Charming.
Sci-fi movies often present us with omniscient villains who are able to track the most minute actions of their underlings and foes. Rarely do we get a glimpse into their surveillance systems, but you have to imagine that some of the more rudimentary “employee evaluation” hardware will not be too far off from KDDI‘s latest. The Japanese cellphone giant has unveiled a new system, built around accelerometers, that can detect the difference between a cleaner scrubbing or sweeping a floor and merely walking along it. Based on new analytical software, stored remotely, this should provide not only accurate positional information about workers, but also a detailed breakdown of their activities. The benefits touted include “central monitoring, “salesforce optimisation,” and improvements in employee efficiency. We’re guessing privacy concerns were filed away in a collateral damage folder somewhere.
Looks like all that GSM code-cracking is progressing faster than we thought. Soon after the discovery of the 64-bit A5/1 GSM encryption flaw last month, the geniuses at Israel’s Weizmann Institute of Science went ahead and cracked the KASUMI system — a 128-bit A5/3 algorithm implemented across 3G networks — in less than two hours. If you must know, the method applied is dubbed ‘related-key sandwich attack’ where multiple values of known differentials are processed through the first seven rounds of KASUMI, then using resulting quartets that are identified sharing key differences, subkey materials can be obtained in round eight to build up the 128-bit key. Sure, it’s hardly snooping-on-the-go at this speed, but worryingly this was only an ‘unoptimized implementation… on a single PC.’ At the same time, the paper condemns the presumably red-faced GSM Association for moving from MISTY — a more computationally-expensive but much stronger predecessor algorithm — to KASUMI. Guess we’ll just have to stick with Skype.
