Jump to content

Search the Community

Showing results for tags 'court'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 10 results

  1. Illinois Court Exposes More Than 323,000 Sensitive Records Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court On September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U.S., with a population in excess of 5 million people. The records contained PII such as full names, home addresses, email addresses, and court case numbers, WebsitePlanet together with researcher Jeremiah Fowler, said. More worryingly, they also contained notes on the status of both the case and the individuals concerned. The case type seems to have been categorized by indicators such as IMM (probably ‘immigration’), FAM (probably ‘family’), and CRI (probably ‘criminal’). The data was in plaintext, and internet access had no restrictions. The content could be accessed, downloaded, altered or deleted by anyone with an internet connection. On the day of discovery, a Saturday, WebsitePlanet informed the Cook County CTO about the exposure. Early the following Monday, the database was secured and public access restricted. It was exposed for at least the best part of two days, but there is no indication on how long the database may have been available online prior to WebsitePlanet’s discovery. The researchers received no response from the Cook County CTO, so there is no guarantee that the database actually belonged to Cook County. However, the timing of disclosure and remediation makes it highly likely. Similarly, with no response from Cook County, there is no way to determine whether the database had been accessed by people with criminal intent. However, it is worth assuming that if researchers can discover a misconfigured database, so can hackers. Criminals who may have accessed the database would have found a treasure trove of actionable information. WebsitePlanet postulates that the database may have belonged to a specialist Cook County department of case workers working with people who needed additional help. Almost by definition, everybody included within the database could be classified as ‘vulnerable’ and a prime target for scammers. The information contained would provide numerous approaches to such attacks. Attacks could range from identity theft to blackmail. The latter would have been facilitated by the detailed case notes in the records. One, for example, reads, “I-30 (petition for Alien Relative) is approved through child\ she needs to marry in order to proceed with waiver\ Husband. However, Husband was accused of sexual assault against a minor. Need to wait to see Dispo of that charge to ensure eligibility - we will wait.” This was coupled with the name of the individual concerned and the case number in plaintext. The family court records ‒ most likely those delimited with the FAM epithet ‒ are similarly open to abuse by blackmail. The family court deals with matters including divorce, child custody, visitation, domestic violence, protecting minors from abuse or neglect, and crimes by minors. Sensitive data in the wrong hands could be used for extortion by threatening to release the data to other family members, employers or just generally. It is worth noting that many of the details exposed by this database are far more explicit than the details published in the public court proceedings, where personal details of vulnerable people are left vague or excluded. Interestingly, WebsitePlanet contacted the Cook County CTO via his Major Scale Technology Management ‒ a firm that specializes in management consulting on IT strategy ‒ email address. According to the researchers, this CTO had founded Major Scale Technology Management several years earlier, and it had contracts with Cook County. The speed with which the database was subsequently secured led Website Planet to comment, “We can only assume that our data exposure notice made it to the right person who was responsible for this dataset. Although the data was clearly internal court records it is still not entirely clear what role Major Scale plays currently in Cook County’s IT infrastructure or the separation between the CTO and Major Scale.” In reality, these are only assumptions. WebsitePlanet has never received confirmation of its database exposure disclosure, and has found no record of Cook County publicly confirming a possible breach. Nor is it known whether the County contacted the individuals contained in the database to warn them their personal data may have been exposed. Source: Illinois Court Exposes More Than 323,000 Sensitive Records
  2. The Administrative Court of Stockholm rejected Google’s appeal against the decision of the Swedish data protection authority (Authority) and confirmed that Google has violated the provisions of the EU’s General Data Protection Regulation (GDPR). The Authority had imposed a fine of 75 million Swedish kronor (approximately 7 million euros) on Google in March for violating the provisions of the “right to be forgotten” under the GDPR. They observed that Google did not handle individuals’ right to have search result listings with their names removed from the search engine and ordered the company to remove these search results. Google has a practice of informing webmasters after removing any search results from its search engine, and the court found that this practice was not permitted under the GDPR. The court also noted that the penalty imposed on Google by the Authority could be reduced and significantly brought it down from 75 million Swedish kronor to 52 million Swedish kronor (approximately 5 million euros). Source
  3. US regulator tries to hide embarrassment behind series of sudden announcements Comment The Federal Communications Commission (FCC) is asking the American public to tell it if its decision in 2017 to scrap net neutrality regulations was dumb or not. In a striking piece of irony – and one that the FCC is distinctly unhappy about – the watchdog is legally obliged to seek public comment on three issues: how its decision has threatened public safety, damaged broadband infrastructure rollout, and prevented poor people from getting access to fast internet access. That obligation is the result of a legal challenge to the FCC's decision to tear up net neutrality rules covering internet access in America. That attempt last year failed in court, largely because federal regulators are given significant leeway to decide their own rules, even when it comprises overturning their own rules made just two years earlier, in 2015. However, the court noted some serious concerns about the FCC scrapping its own rules, and so told the regulator it needs to gather public feedback on those issues and to consider what it needs to do to alleviate concerns. Normally this wouldn’t be a problem. It is simply a case of the judicial process carrying out its proper function: identifying issues, and seeking to get them rectified. But the net neutrality issue has become so ideological and partisan – thanks largely to the behavior of the FCC commissioners who pushed through a pre-decided outcome and actively ignored public opposition to their plans – that being forced to ask the public where it screwed up is in itself embarrassing. It is a virtual certainty that net neutrality advocates will gleefully take the opportunity to rail against the FCC, in just one more battle of words over the safeguards. Petty In a reminder of just how petty federal telecoms regulation has become, the FCC can’t even take this implicit rebuke professionally. And so it attempted to hide the reality of the situation by flooding its announcements website on Wednesday with suddenly important news and describing the public comment period in the most obscure terms possible. That’s why, this week, we were treated to a string of PR spin and quotes about how the FCC is doing a great job by opening up spectrum. “What They're Saying About Chairman Pai's C-Band Plan,” reads one announcement that features nothing but quotes from people like Vice-President Mike Pence and “Former Chairman of the House Permanent Select Committee on Intelligence Mike Rogers.” The next announcement covers the extremely important news that the FCC is closing an application to renew several radio stations. What else does the FCC have for us? Well, the vital fact it has decided on the membership of the Advisory Committee on Diversity and Digital Empowerment. That also gets its own press release and official announcement. Anything else? Yep. Here’s an entire release talking about how one FCC commissioner “applauds 5G workforce development grant.” We’re serious. Here we have Brendan Carr waxing lyrical about how he’s “thrilled that [Dept of Labor] has recognized the critical role of tower techs, linemen, and other 5G workers in building our country’s information infrastructure.” And in today's actual news... As for the only piece of real news this week – the public comment period on public safety sparked by the net neutrality decision – you could be forgiven for missing it altogether. While all the other headlines are extremely clear, this one is confusingly titled: “WCB Seeks Comment on Discrete Issues Arising from Mozilla Decision.” Not even a mention of net neutrality. The explanatory document is not much better. It is titled: “Wireline Competition Bureau Seeks to Refresh Record in Restoring Internet Freedom and Lifeline proceedings in light of the DC Circuit’s Mozilla decision.” (This is a reference to Firefox maker Mozilla's legal campaign against the FCC.) It’s hard to imagine a more obtuse explanation. Anyway, dig hard enough and the details are all in there: is there a risk to public safety communications due to packet prioritization? Would harmful conduct have been prohibited under the rules that were in place but were scrapped? Are there other ways to deal with potential public safety concerns? The FCC has clumped more convoluted versions of these questions together in long paragraphs, rather than break them out into clear and numbered questions as it frequently does when it is doing its job properly. There are other questions about pole attachments – which sounds dull but is critically important as one case currently in front of the Ninth Circuit makes clear. And on the Lifeline program that subsidizes broadband to low-income families. Rosenworcel to the rescue Now we’d love to tell you, Reg readers that we spotted this important public comment period despite the FCC’s best efforts to hide it because we are so attuned to telecoms policy and the FCC that it immediately threw up red flags. But the truth is that we only noticed thanks to FCC Commissioner Jessica Rosenworcel who remains the voice of sanity at the federal regulator. She saw what her colleagues were trying to do, and so put out her own release, which all commissioners are entitled to do. That release was titled “Rosenworcel On FCC Seeking Public Comment On Net Neutrality Remand.” Which was pretty clear. In her release, Rosenworcel speaks plainly. “The FCC got it wrong when it repealed net neutrality. The decision put the agency on the wrong side of history, the American public, and the law. And the courts agreed. That’s why they sent back to this agency key pieces regarding how the rollback of net neutrality protections impacted public safety, low income Americans, and broadband infrastructure,” she neatly summarizes. She goes on: “Today, the FCC is seeking comment on how best to move forward. My advice? The American public should raise their voices and let Washington know how important an open internet is for every piece of our civic and commercial lives. The agency wrongfully gave broadband providers the power to block websites, throttle services, and censor online content. The fight for an open internet is not over. It’s time to make noise.” To file a public comment, see the obfuscated info here [PDF] and submit your thoughts here, quoting proceedings 17-108 for net neutrality aka restoring internet freedom, by the end of March. Source
  4. A Federal Court of Appeals judge today temporarily blocked the Pentagon’s $10 billion cloud computing contract that was awarded to Microsoft Corp. last year. The Joint Enterprise Defense Initiative or JEDI contract had been expected to be awarded to Amazon Web Services Inc. The Amazon.com Inc. cloud company last year sued the Department of Defense and asked for an injunction, charging that political interference resulted in the award to Microsoft despite AWS’ greater cloud capabilities. CNBC reported that a court notice announcing the injunction was filed today. It wasn’t made public, and it wasn’t clear why documents were sealed. The first substantive work order had been scheduled to start tomorrow. The judge also told Amazon and the Pentagon to get together by Feb. 27 to determine what parts of the opinion can be released publicly. Amazon has agreed to post $42 million to pay for any costs in case its injunction is determined to be wrongfully issue. AWS and the Pentagon haven’t yet commented on the decision by Judge Patricia E. Campbell Smith, but Frank Shaw, Microsoft’s corporate vice president of communications, issued this statement: “While we are disappointed with the additional delay we believe that we will ultimately be able to move forward with the work to make sure those who serve our country can access the new technology they urgently require. We have confidence in the Department of Defense, and we believe the facts will show they ran a detailed, thorough and fair process in determining the needs of the warfighter were best met by Microsoft.” AWS filed a request for a temporary restraining order on Jan. 19. “It is common practice to stay contract performance while a protest is pending,” the company explained in a statement. In this case, the protest is an ongoing lawsuit through which AWS is challenging the decision to award the deal to Microsoft. AWS contends the decision was tainted by “egregious errors” and political interference from President Donald Trump. Filings unsealed ahead of the ruling today revealed the counterarguments the Pentagon used to convince the court not to halt work on JEDI. Lt. Gen. Brad Schwedo, the Joint Staff’s chief information officer, wrote in a declaration that delaying the project would negatively affect national security. “The men and women of the U.S. military must have access to the right technology at the right time to fight and win wars,” Schwedo told the court in a filing. “Delaying implementation of a cloud solution will negatively affect DoD’s efforts to be victorious in contested environments and retain global influence over our near-peer competitors.” Underscoring the need for the project to be completed as soon as possible, Schwedo laid out some of the advantages the DOD expects to gain from JEDI. “The U.S. military operates globally and must have a means to effectively perform if our communications are threatened or disrupted,” he wrote. “An enterprise cloud capability, with tactical edge technology, can retain its last known data update and continue operating locally in degraded, denied, disrupted, intermittent, or low bandwidth environments.” Another declaration submitted by the DOD, attributed to a contracting official whose name was not disclosed, made a financial argument against suspending the JEDI work. The DOD “anticipates a financial harm of between $5 [million] and $7 million dollars every month that performance of the JEDI contract is delayed,” the official wrote. There were no immediate details on why the judge granted the temporary restraining order. However, some observers believe DOD’s argument of the need for swift implementation of JEDI was undercut somewhat by the program’s own delays on the project, which had originally been expected to be granted early last year. Those delays included one for three months last year when Defense Secretary Mark Esper took another look at the proceedings. In October, he removed himself from the review process, ostensibly because one of his sons worked for onetime bidder IBM Corp., and the DOD granted the contract to Microsoft shortly shortly after that. Indeed, Amazon went after the urgency argument even more strongly in filings this week, noting that JEDI has already been delayed by two other legal challenges and an internal probe. “DoD did not display the urgency it now chums after it closed that investigation,” AWS said in one of the filings. “Rather than awarding the contract to allow performance by July 2019, DoD initiated a ‘review’ of the JEDI procurement by Defense Secretay Mark Esper. Before Secretary Esper even commenced his review, he publicly confirmed there was no ‘hard timeline’ for its completion, and certainly did not indicate imminent urgency for national security.” The DOD’s arguments in the documents unsealed on Wednesday also went beyond AWS’ request for a temporary restraining order. Officials took aim at a separate motion in which the Amazon subsidiary has requested that Trump and other senior officials testify about the contract. “The relevant question in this protest is not whether the president dislikes Amazon, but rather whether the source selection officials — the government personnel who actually evaluated AWS’s and Microsoft’s proposals and decided which offeror would receive the JEDI contract — exhibited bias against AWS in this procurement,” the DOD wrote. Moreover, the documents revealed at least one detail about JEDI that apparently wasn’t known until now: specifics on how much the Pentagon plans to spend on the project in the next two years. In a section spotted by Federal News Network, the declaration from the unnamed contracting official who cited the financial harm of the project disclosed that the DOD plans to spend $45 million this year and $165 million in fiscal 2021. Source
  5. On Thursday, December 6th, Louisiana Judge Keith Comeaux of the 16th judicial district court ruled that Energy Transfer Partners (ETP, also known as Energy Transfer Equity,) had the right to seize privately held-land in order to continue construction of the controversial Bayou Bridge pipeline through the Atchafalaya Basin. The lawsuit was brought to court after three landowners, Theda Larson Wright, Peter K. Aaslestad, and Katherine Aaslestad alleged that EPT had trespassed on their land and cut down trees in order to begin building the pipeline through their land parcels, without their permission. Atchafalaya Rising On Thursday, December 6th, Louisiana Judge Keith Comeaux of the 16th judicial district court ruled that Energy Transfer Partners (ETP, also known as Energy Transfer Equity,) had the right to seize privately held-land in order to continue construction of the controversial Bayou Bridge pipeline through the Atchafalaya Basin. The lawsuit was brought to court after three landowners, Theda Larson Wright, Peter K. Aaslestad, and Katherine Aaslestad alleged that EPT had trespassed on their land and cut down trees in order to begin building the pipeline through their land parcels, without their permission. The Atchafalaya basin, apart from being home to thousands of native species of plants, animals, fungi and other living beings, is also an ancestral home to some of the native peoples of Louisiana, as well as one of the last places where crawfish are fished in the wild. Even to those who do not accept the swamp as intrinsically valuable, must recognize that it provides a home, as well as economic and environmental services to the people of Louisiana in the form of stormwater absorption, air and water purification, and crawfish harvests. Although the Judge’s verdict acknowledged that ETP did indeed trespass on the privately-held land, the ruling states that ETP has the right to continue construction, and now has the right to construct on the disputed land. Though couched in the lofty, Latinate language of the law, the ruling shows a clear bias towards the so-called “necessity” of fossil fuel and its supporting infrastructure. The ruling went so far as to equate the oil with a “public utility common carrier”. ETP is not a public utility, and the oil in the pipelines is not a publicly held good. In fact, it is neither publicly held nor objectively good for the community. The verdict asserts, for instance, that “making Louisiana energy independent of foreign oil or tanker transportation of oil.” However, this statement falsely posits that fossil fuel is the only path to energy independence. It is not. At times, the verdict seemed to actively disrespect the landowners, calling the testimony of an environmental advocate “self-serving”, and noting that “although all the defendants claim some mental anguish for this property, no party has sought medical attention and all the defendants are self-admitted advocates against pipelines”. The latter bit is a tautology—if the defendants are already opposed to the pipeline, then (the judge’s logic goes) they cannot have a legitimate reason to oppose the pipeline. The verdict did, however, quote both an employee of ETP and an expert from the LSU Center for Energy Studies (which has accepted large donations from various petrochemical and fossil fuel companies) The landowners also argued that the “merchantable” value of the destroyed trees was $2854.05. Comeaux’s ruling states that “The Court agrees with Bayou Bridge [ETP] that the fair market value of the tract is zero due to the nonmarket-ability of the tract”. Never mind why it is “nonmarketable.” So long as combustion reactions continue to emit carbon dioxide, fossil fuels will pose an enormous risk to Louisiana’s future. The Southeast is a region that has seen increases in the number of “danger days” where the temperature poses risks to human health. The rise in temperature also strengthens hurricanes and makes downpours heavier, and the warming of the ocean creates sea-level rise, which floods Louisiana’s shores. Doubling down on fossil fuel infrastructure, which is literally what is happening in St. Martin Parish today (as the pipeline is being built on top of another one), is exactly the opposite of what needs to happen to combat climate change. ETP was ordered to pay each landowner $150 for their troubles. Last year, ETP/ Energy Transfer Equity, made a profit of 4 billion dollars. In a statement to Big Easy, Cherri Foytlin, the founder of the L’eau Est La Vie protest Camp, said: Source
  6. BRUSSELS (Reuters) - Facebook will face Austrian privacy activist Max Schrems next week at Europe’s top court in a landmark case that could affect how hundreds of thousands of companies transfer personal data worldwide as well as Europeans’ privacy rights. FILE PHOTO: Austrian lawyer and privacy activist Max Schrems prepares his laptop during a Reuters interview in a cafe in Vienna, Austria, May 22, 2018 At issue is standard contractual clauses used by Facebook and other companies to transfer personal data to the United States and other parts of the world and whether these violate Europeans’ fundamental right to privacy. Cross-border data transfers worth billions of dollars are a fact of life for businesses ranging from banks to carmakers to industrial giants. Schrems, an Austrian law student, successfully fought against the EU’s previous privacy rules called Safe Harbour in 2015. He is now challenging Facebook’s use of such standard clauses on the grounds that they do not offer sufficient data protection safeguards. Facebook’s lead regulator, the Irish Data Protection agency, took the case to the High Court in Ireland which subsequently sought guidance from the Luxembourg-based Court of Justice of the European Union (ECJ). Facebook was not immediately available to comment. The court ruling will have a global impact, Tanguy Van Overstraeten, global head of data protection at law firm Linklaters, said. “The whole data transfer system would be impacted and could impact the global economy,” he said. “There are alternatives to the standard clauses, including the derogations set out in the GDPR such as consent, contractual necessity and others but they are strictly interpreted and difficult to apply in practice.” Van Overstraeten said hundreds of thousands of companies would be hit if the ECJ rules against the clauses compared to some 4,500 companies affected when Safe Harbour was struck down. Safe Harbour was replaced in 2016 by the EU-U.S. Privacy Shield which was designed to protect Europeans’ personal data transferred across the Atlantic for commercial use. Data privacy has become a major concern since revelations in 2013 by former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance which triggered outrage among politicians in Europe. The EU adopted the GDPR data protection laws last year. The case is C-311/18 Data Protection Commissioner V Facebook Ireland Ltd, Maximillian Sc Source
  7. An American and three Europeans have been charged with racketeering conspiracy and conspiracy to commit wire fraud and bank fraud for allegedly distributing malware on the now-defunct Darkode computer hacking forum. A District of Columbia federal court this week unsealed an indictment against the four individuals, who are identified as Thomas McCormick (aka fubar), 26, of Washington state; Matjaz Skorjanc (aka iserdo and serdo), 32, of Maribor, Slovenia; Florencio Carro Ruiz (aka NeTK and Netkairo) 40, of Vizcaya, Spain; and Mentor Leniqi (aka Iceman), 35, of Gurisnica, Slovenia. The indictment was originally filed under seal on Dec. 4, 2018. McCormick, who is also charged with five counts of aggravated identity theft, was arrested last Dec. 10, but the three remaining suspects remain fugitives. McCormick was allegedly was among the last administrators of Darkode, while Skorjanc is accused of being the underground marketplace’s founder and first administrator. According to the indictment, the first charge of racketeering conspiracy stems from a series of alleged acts involving bank fraud, wire fraud, access device fraud, identity theft, hacking and extortion. Justice officials say the invitation-only group was responsible for $4.5 million in victim losses between September 2008 and December 5, 2013, at which time the FBI first contacted McCormick about his alleged role in the operation. Ultimately, Darkcode was taken down by international law enforcement officials in a July 2015 crackdown called Operation Shrouded Horizon. “Darkode was a criminal organization built around an online password-protected criminal forum where high-level international hackers and cybercriminals convened to develop, buy, sell, trade and share hacking tools, information and ideas,” the indictment says. “The schemes included selling and using tools – malware – to hack into victim computers and steal personally identifying information (‘PII’), bank account and other login credentials, and credit cards,” the indictment continues. “The schemes also included developing and selling tools – malware – for taking over victims’ computers and using them to attack victims’ web sites; hold victims’ websites for ransom; and hide the criminals’ identities on the internet.” For instance, Skorjanc is accused of creating a bot software called Butterfly Bot or BFBOT and selling it on Darkode. The indictment describes a forum posting that said the bot runs on Windows NT-based systems and can steal usernames and passwords for online financial services from Firefox and Internet Explorer users. The bot was also said to launch DDoS attacks and alter text entered into MSN Messenger. Other malware programs allegedly put up for sale by one or more of the defendants included the Mariposa botnet (a modified version of BFBOT), and the Zeus trojan known for stealing banking credentials. The Darkode members also allegedly sold access to compromised computers. Source
  8. The e-mail provider Tutanota advertises to be the “world’s most secure e-mail service”. The company offers encrypted e-mail communication and claims to have six million customers relying on this security promise. However, on October 2, 2018, the district court of Itzehoe asked managing director Matthias Pfau to provide the e-mails of Tutanota unencrypted and in real time to the police [4]. Why? In the previous months hackers blackmailed several companies based in Schleswig-Holstein, using an e-mail address from Tutanota. So the investigators wanted to read the e-mails to get the cyber criminals on the track. So this case leads to a dispute between security authorities, who claims that too secure encryption methods avoids the tracking of suspect, and privacy advocates, who want more data to be encrypted to better protect citizens and businesses from criminals, espionage and data hunger by tech companies. How Tutanota works? Tutanota’s service works like this: when two users write an e-mail, it is automatically protected with the most secure end-to-end encryption. Only sender and receiver can read the message. However this works only between tutanota users: mail providers like Google or Hotmail do not have such protection. If a customer receives an e-mail from a person who does not have a Tutanota account, according to provider FAQ, the message was automatically encrypted as soon as it lands on Tutanota servers. The court request Therefore, the district court asked to Tutanota that the entire contents of the e-mails be sent out without end-to-end encrypted. The company initially refused, however, five months later, the court ruled that Tutanota must hand over the data and imposed a fine of $ 1,000. Now Tutanota has to program a new function for the prosecutors: If an account has a valid legal order from a German court, the company must also create a copy of the e-mails that the investigators can read. Obiously, authorities still cannot read mails sent with end-to-end encryption between Tutanota users. So what? In this reddit thread on /r/privacytoolIO [1], Tutanota team attended the conversation, basically confirming concerns of privacy conscious users: Hi there, Tutanota team here. We came across this discussion and would like to clarify some points: End-to-end encrypted emails are not affected. End-to-end encrypted data (calendar, contacts, etc) are not affected. This applies only to non-encrypted emails received/sent after the court has been issued. A valid German court order is required for this, 4 have been issued in the first half of 2019. This applies only to non-encrypted emails received So all emails received from every other email provider except for tutanota? Yes, unless they use the e2e feature, which also works with external email addresses. My 2 cents In a privacy context, relying on just one security layer is wrong. Thinking that with a secure provider your messages are secured and confidential means overstimate your privacy model. So, reinforce every sensible message with an additional layer of security, using (for example) PGP encryption [2], suitable also from webmails and with providers less privacy-focused (like Gmail), using a specific browser extension [3]. References Tutanota seems to be forced to provide access to emails soon. The GNU Privacy guard Mailvelope Gericht zwingt E-Mail-Anbieter, Daten herauszugeben – Digital – Süddeutsche.de Source
  9. from the with-an-eye-on-undermining-all-encrypted-messaging-services dept The DOJ's war on encryption continues, this time in a secret court battle involving Facebook. The case is under seal so no documents are available, but Reuters has obtained details suggesting the government is trying to compel the production of encryption-breaking software. The request seeks Facebook's assistance in tapping calls placed through its Messenger service. Facebook has refused, stating it simply cannot do this without stripping the protection it offers to all of its Messenger users. The government disagrees and has asked the court for contempt charges. Underneath it all, this is a wiretap order -- one obtained in an MS-13 investigation. This might mean the government hasn't used an All Writs Acts request, but is rather seeking to have the court declare Messenger calls to be similar to VoIP calls. If so, it can try to compel the production of software under older laws and rulings governing assistance of law enforcement by telcos. Calls via Messenger are still in a gray area. Facebook claims calls are end-to-end encrypted so it cannot -- without completely altering the underlying software -- assist with an interception. Regular messages via Facebook's services can still be decrypted by the company but voice calls appear to be out of its reach. Obviously, the government would very much like a favorable ruling from a federal judge. An order to alter this service to allow interception or collection could then be used against a number of other services offering end-to-end encryption. It's unknown what legal options Facebook has pursued, but it does have a First Amendment argument to deploy, if nothing else. If code is speech -- an idea that does have legal precedent -- the burden falls on the government to explain why it so badly needs to violate a Constitutional right with its interception request. This is a case worth watching. However, unlike the DOJ's very public battle with Apple in the San Bernardino case, there's nothing to see. I'm sure Facebook has filed motions to have court documents unsealed -- if only to draw more attention to this case -- but the Reuters article says there are currently no visible documents on the docket. (The docket may be sealed as well.) There is clearly public interest in this case, so the presumption of openness should apply. So far, that hasn't worked out too well for the public. And if the DOJ gets what it wants, that's not going to work out too well for the public either. Source
  10. from the that's-not-how-it-works dept While there has been plenty of attention paid to the BMG v. Cox case, in which Cox was found not to be protected by the DMCA's safe harbors in dealing with repeat infringers, it's increasingly looking like the ruling in that case (which eventually led to a "substantial" settlement) was fairly unique to Cox's situation. Specifically, while much was made of Cox's "13 strikes" repeat infringer policy, in the end the nature of the policy wasn't what sunk Cox: it was the fact that Cox didn't follow its own policy. In other cases, courts seem willing to grant much more latitude to the ISPs to make their own calls. We wrote about the 9th Circuit and its ruling in the Motherless case, which made it clear that a platform gets to set its own policy, and that policy need not be perfect. Meanwhile, down in Texas, there's the UMG v. Grande Communications case, which many had seen as a parallel case to the BMG v. Cox case. This was another case that involved an ISP being bombarded with shakedown (not takedown) notices from Rightscorp, in which Righscorp and its clients felt that ISP was not willing to pass on those notices (thus denying Rightscorp and its clients the ability to collect money in exchange for a promise not to sue). As we noted back in April, while still in the district court, the Grande case wasn't going nearly as smoothly as the Cox case for those wishing to copyright troll. The magistrate judge was quite skeptical, and had tossed out entirely the claims of vicarious infringement (while somewhat skeptically allowing the claims of contributory infringement to move forward). Vicarious and contributory infringement are often lumped together, but they are different. For there to be vicarious infringement, you have to show that the party being sued both had the right and ability to supervise the activity, and that it would directly financially benefit from the infringement. The court rejected that in the case of Grande, noting that just because Grande makes money from its subscribers, that's not enough to show that it was profiting from the infringement. Universal Music tried to amend the complaint to show that it had "more evidence" that Grande and its management company, Patriot, were still vicariously liable -- but the magistrate judge says it's just trying to re-litigate what it lost last time. The recommendation makes fairly quick work of UMG's arguments: This is important. For years, the legacy copyright players have continually tried to expand what third parties could be liable for when it came to infringement. It's always been a stretch to use both vicarious and contributory infringement claims in these ways, and it's good to see courts pushing back (though, in this case, the contributory infringement claims still have a chance...). The court directly pointing out that just because a company makes money from a client, that doesn't mean the money is from infringement is an important point that many among the copyright legacy world would like to ignore. Source
  • Create New...