Joseph Cox

In a list of technical requirements for a smartphone recording app, the FBI says it doesn't need to use encryption. Encryption can protect data from all sorts of threats: it can stop sensitive information from being read after it is intercepted, or may thwart attackers from getting at data stored on a device. But according to a procurement document published by the FBI, the agency says it doesn't need to use encryption for protecting unclassified audio or video evidence. The snippet is included in a 2016 document laying out the technical requirements for a smartphone recording app that the FBI requested be developed. According to the document, the app would allow both overt and covert recording and streaming.

In a new report, Amnesty International details a prolonged phishing campaign against journalists, activists and campaigners who work with Qatari labor rights issues.

If you're a peaceful protester, but you don't necessarily want your participation in a demonstration to follow you around or lead to harassment online, what sort of steps can you take around your digital security?
Bring a clean phone: “They'll be, obviously, cell-site simulators,” said Matthew Mitchell, a founder of Crypto Harlem. These devices, otherwise known as IMSI-catchers or Stingrays, can record phones' geolocation, their phone number, and sometimes the content of texts and phone calls. "If everyone is texting a couple of organizers, or calling a bunch of friends, that one friend that connected to all people could be identified,” Mitchell said.
Or bring no phone at all: The simpler, and probably more effective approach for protecting privacy, is to not bring a cell phone at all and rely on more traditional methods of activist coordination.

Even when hackers are stealing credit card details with malware en masse, and carrying out digital bank heists, there's still money to be made by gaming phone networks.

On Dec 12, a former Verizon employee pleaded guilty to helping run a sophisticated cell phone scam, which involved routing thousands of international calls through hijacked customer accounts. Farintong Calderon, 37, pleaded guilty to one count of conspiracy to commit wire fraud; access device fraud; the use, production or possession of modified telecommunications instruments, and the use or possession of hardware or software configured to obtain telecommunications services, according to a press release from the US Department of Justice. According to the indictment against the group, the conspiracy started sometime way back in August 2009, but kept on going right up to February 2013. In short, the allegedly six-man group, of which Calderon was part, got hold of information such as phone numbers and cell phone serial numbers, and then used these details to access people’s accounts. From here, the group could “clone” the victims' phones, charging any calls to a victim's account.

For pretty much any crime involving the Internet, often the first step in an investigation is trying to figure out who is behind an IP address. But, according to the FBI and other law enforcement agencies, there is a problem: often it’s unclear which organisations are actually in a position to respond to legal orders for information, because of the way that IP addresses are distributed by Internet service providers (ISPs). In response, several law enforcement agencies are pushing for a change in how WHOIS data, the basic contact information of who is affiliated with an IP address, is recorded. Although likely not a privacy risk, the move, which will probably come into effect sometime in 2017, still presents a significant shake-up in how ISPs retain information.

Activist group Privacy International and five Internet and communications providers lodged an application before the European Court of Human Rights to challenge the United Kingdom's use of bulk hacking powers abroad. “The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices,” said Scarlet Kim, legal officer at Privacy International. The application has been made with UK-based non-profit GreenNet, the Chaos Computer Club from Germany, Jibonet from South Korea, US internet service provider May First, and communications provider Rise Up. Privacy International is challenging whether the UK's interpretation of the Intelligence Service Act for using bulk hacking powers complies with the European Convention of Human Rights (ECHR).

“As currently practiced, GCHQ’s hacking powers are neither in accordance with law nor proportionate, both of which they must be in order to satisfy Articles 8 and 10 [of the ECHR]. Our case focuses on the in accordance with law requirement, which says that if an intrusive surveillance practice like hacking is to be used, it must have an explicit legal basis that makes its use foreseeable and must be accompanied by stringent safeguards,” said Privacy International General Counsel Caroline Wilson Palow.

On July 21, a Wall Street Journal reporter claimed that the Department of Homeland Security demanded access to her mobile phones when she was crossing the border at the Los Angeles (CA) airport. The case highlights the powers that border agents purport to have, and how vulnerable sensitive information can be when taken through airports in particular.

“I wanted to share a troubling experience I had with the Department of Homeland Security (DHS), in the hopes it may help you protect your private information,” Maria Abi-Habib, a WSJ journalist focused on ISIS and Al Qaeda wrote in a post on Facebook. Abi-Habib says she had arrived in town for a wedding, when an immigration officer approached her, and took her aside from the main queue. This by itself was not unusual, Abi-Habib writes: because of her job, she has reportedly been put on a list that allows her to bypass the usual questioning someone with her travel profile may encounter. But things changed quickly, and Abi-Habib was escorted to another part of the airport. “Another customs agent joined her at that point and they grilled me for an hour—asking me about the years I lived in the US, when I moved to Beirut and why, who lives at my in-laws' house in LA and numbers for the groom and bride whose wedding I was attending. I answered jovially, because I've had enough high-level security experiences to know that being annoyed or hostile will work against you,” she writes.