Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: E-Mail

5 ways to keep your data safe right now

Christopher Soghoian is a TED Fellow, and the principal technologist at the American Civil Liberties Union, where he monitors the intersection of federal surveillance and citizen’s rights. Before joining the ACLU, he was the first-ever technologist for the Federal Trade Commission’s Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace and Netflix. Soghoian is also the creator of Do Not Track, an anti-tracking device that all major web browsers now use.  “There seems to be a new data breach in the news every week — a major company hacked, millions of usernames, passwords or credit card numbers stolen. There isn’t much that you, as an individual, can do to stop hackers from stealing the data you entrust to companies. However, there are some easy things you can do to significantly reduce the harm from such breaches.

  1. Outsource your passwords to a robot – The human brain can only remember so many passwords, not to mention we’re actually really bad at picking good ones. So, too often we just reuse passwords across multiple sites. This is a Very Bad Idea. Once hackers break into a website and steal a database of email addresses and passwords, they can then try to use those same passwords to login to other sites. This is a huge problem, because so many of us use the same password for our Facebook, Google, Twitter and online banking accounts. The solution instead is to use a password manager, a software tool for computers and mobile devices, which will pick random, long passwords for each site you visit, and synchronize them across your many devices. Two popular password managers are 1Password and LastPass.
  2. Get a U2F key — and use two-factor authentication wherever possibleOne other way to protect your accounts is to make sure that even if someone learns your password, they won’t be able to log in. To do this, you’ll want to enable two-factor authentication, an additional security feature that can be added to many online accounts. For some sites, this additional step can take the form of a random number sent to your phone by text message, or running a special app on your smartphone that generates one-time login codes. A relatively new, and even easier form of two-factor authentication is a U2F security key, a device that looks like a thumb drive, which you insert into the USB port when you login to an account from a new computer. These devices, which cost about $15, can be used to add a significant boost to the security to your GMail account. Over the coming months and years, it is likely that other major tech companies will add support for the U2F token.
  3. Enable disk encryptionIf you lose your laptop or your phone and it doesn’t have disk encryption enabled, whoever finds the device can get all your data too. On the iPhone and iPad, disk encryption is turned on by default, but for Windows, Android or Mac OS you need to make the effort to switch it on. It’s a big deal, essentially the difference between buying a new laptop (bummer) and having to put out an identity theft alert.
  4. Put a sticker over your webcamThere are software tools used by criminals, stalkers and generally creepy dudes that allow them to turn on your webcam without your knowledge. Granted, this doesn’t happen millions of times a year, but the horror stories are real and terrifying. One simple sticker means you use your webcam when you choose to use it.
  5. Encrypt your telephone calls and text messagesThe voice and text message services provided by phone companies are not secure and can be spied upon with relatively inexpensive equipment. That means that your own government, a foreign government, as well as criminals, hackers and stalkers can listen to your phone calls and read your text messages. Some Internet-based mobile apps that you likely already use are much more secure, enabling you to talk privately to your loved ones and colleagues, and don’t require that you do anything or turn on any special features to get the added security protections — Apple’s FaceTime and WhatsApp on Android are both good. If you want an even stronger level of security, there is a fantastic, free tool called Signal available on Apple’s App Store.”

StingRay surveillance device intercepts a cellphone signals, capture texts, calls, emails and other data

NYT – A Police Gadget Tracks Phones? Shhh! It’s Secret – “A powerful new surveillance tool being adopted by police departments across the country comes with an unusual requirement: To buy it, law enforcement officials must sign a nondisclosure agreement preventing them from saying almost anything about the technology… The technology goes by various names,Continue Reading

Americans’ Privacy Strategies Post-Snowden

Lee Rainie and Mary Madden: “It has been nearly two years since the first disclosures of government surveillance programs by former National Security Agency contractor Edward Snowden and Americans are still coming to terms with how they feel about the programs and how to live in light of them. The documents leaked by Snowden revealedContinue Reading

OIG – Review of State Messaging and Archive Retrieval Toolset and Record Email

Review of State Messaging and Archive Retrieval Toolset and Record Email –  What OIG Inspected – March 15, 2015. “The review took place in Washington, DC, between January 24 and March 15, 2014. What OIG Recommended – OIG made seven recommendations to improve the use of record emails by Department of State employees and missionContinue Reading

Privacy elements of Apple mobile devices targeted in ongoing surveillance program

The Intercept: “Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept. The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploitingContinue Reading

Wikimeida Foundation joined by civil rights groups in lawsuit against NSA surveillance

The Guardian – “The Wikimedia Foundation, Amnesty International and a host of civil rights groups sued the National Security Agency and the US Department of Justice on Tuesday challenging the mass surveillance programme uncovered by whistleblower Edward Snowden. “We’re filing suit today on behalf of our readers and editors everywhere,” said Jimmy Wales, founder ofContinue Reading

New Google Contacts: Bringing everyone together

Official Gmail Blog: “From email to Hangouts to a good ol’ fashioned phone call, you’ve got a lot of options to get in touch with someone. But keeping all those options organized for all your contacts…well, it can be a pain, especially when you need to find that information in a hurry! So today we’reContinue Reading

Take a Security Checkup on Safer Internet Day

Official Google Blog: “Online security is on everyone’s mind these days. According to a recent Gallup poll, more people are worried about their online accounts being hacked than having their home broken into. Security has always been a top priority for Google. Our Safe Browsing technology identifies unsafe websites and warns people before they visitContinue Reading

UK Interception of Communications Code of Practice

Via The Register: “The UK government slipped out consultation documents on “equipment interference” and “interception of communications” (read: computer hacking by police and g-men) on Friday. They were made public on the same day that the Investigatory Powers Tribunal ruled that the spying revelations exposed by master blabbermouth Edward Snowden had accidentally made British spooks’Continue Reading

Privacy Board Renews Call for President Obama to End Bulk Collection

EPIC – “The Privacy and Civil Liberties Oversight Board released a report on prior recommendations regarding the NSA’s domestic and global surveillance programs. The Board stated that the Obama Administration has failed to end the domestic telephone collection program. The Board stated, “the Administration can end the bulk telephone records program at any time, withoutContinue Reading

Guardian – WikiLeaks demands answers after Google hands staff emails to US government

Ed Pilkington and Dominic Rushe: “Google took almost three years to disclose to the open information group WikiLeaks that it had handed over emails and other digital data belonging to three of its staffers to the US government, under a secret search warrant issued by a federal judge. WikiLeaks has written to Google’s executive chairman,Continue Reading

Everybody Dies: What is Your Digital Legacy?

Alethea Lange – CDT – “What happens to your email when you die? For most people this hopefully isn’t an urgent question, but a few high profile cases have made it an issue for lawmakers and judges around the world. You might think that your family could show up with a death certificate and/or aContinue Reading