Mediaboss Marketing

It's no secret that the Chinese government heavily controls the internet within its borders. As a result, many of the world's top websites are blocked in China. Internet giants like Facebook and Google have been trying alternative ways to infiltrate the market. The latest is a stealth release of an app called Colorful Balloons.

Colorful Balloons is very similar to Facebook's Moments: an app that lets you share photos with friends and family. Even the name of the new app resembles the logo of the original. According to The New York Times, Facebook approved the release of the app back in May. The app is published by a Chinese company called Youge Internet Technology and bears no apparent affiliation with the social networking company.

Facebook CEO Mark Zuckerberg has visited the country many times in recent years. During the visits, he evidently had talks with government officials about the company's future in the country. Last year, it was reported that the company had tried to create a censorship tool to reconcile with the government.

When contacted by The Verge, Facebook replied that it's "spending time understanding and learning more about the country in different ways. Our focus right now is on helping Chinese businesses and developers expand to new markets outside China by using our ad platform."

The way the app was released in China is certainly unprecedented for a company of Facebook's stature. It remains to be seen whether the government will take any actions regarding the app's future.

Source: The New York Times | Image via The New York Times

Follow this link:
Facebook secretly introduces a new social networking app in China - Neowin

Press Release | August 14, 2017

Reporters Committee for Freedom of the Press and a coalition of 19 other media organizations support requiring the government to obtain warrants for access to cellphone location records

The government should not be able to obtain cellphone location records without first getting a warrant, said Bruce Brown, executive director of the Reporters Committee for Freedom of the Press. The current ruling makes it too easy for the government to track a persons every move through their cellphone, which is especially worrisome if the location records in question belong to a journalist. This endangers journalists ability to gather information and keep the public informed without the risk of being easily and routinely surveilled.

The coalition brief argues that cellphone location records paint an intimate and comprehensive picture of where individuals go, and thus the people and places they associate with.

According to the brief, a journalists cellphone location data can disclose particularly sensitive details about the journalistic process: It can reveal the stories a journalist is working on before they are published, where a journalist went to gather information for those stories, and the identity of a journalists sourcesExposure of sources and journalistic methods can put sources jobs and lives at risk, compromise the integrity of the newsgathering process, and have a chilling effect on reporting.

The brief also argues that if the government can easily and routinely access detailed information about a persons movements without a warrant, it threatens the ability to freely engage in activities protected by the First Amendment like newsgathering, which now often relies on use of a cellphone.

Cellphones have become a mobile newsroom and a necessary newsgathering tool for journalists. Unfortunately, theres no way to use a cellphone without sharing some location data with a service provider, said Brown. Allowing the government to easily access cellphone location records that paint a picture of where a journalist goes and possibly even who they meet with chills reporter-source relationships, threatens newsgathering, and ultimately harms the flow of information to the public.

Continue reading here:
Fourth Amendment protects against warrantless seizure of cellphone location records, amicus brief argues - Reporters Committee for Freedom of the...

If youre following along closely, youll recognize a strong similarity between the brief we filed Friday with the U.S. Supreme Courtin a criminal case called Carpenter v. United States and our argument to a District Court in California two weeks ago that the IRS should not be able to access Bitcoin users data willy-nilly. The theme running through both is that people have property rights in data about themselves that is allocated by contract between them and their service providers. Thats true whether the service being provided is cryptocurrency trading or cellular telecommunications.

In an article I published with the National Constitution Center earlier this year, I laid out a fully consistent way to apply the Fourth Amendment in the digital era. The Supreme Court has struggled with constitutional protections for communications and data, but there doesnt need to be different doctrine for physical things and for digital things. Data can be seized under the Fourth Amendment just like people and cars. Data can be searched just like homes.

In a methodical Fourth Amendment analysis, the next question is who can object to those seizures and searches. Today, various third-party services have control of the data, and some think that closes the question, but it doesnt. The right to possession is only one of the property rights. Those contracts have allocated to consumers the right to exclude othersthat is, to keep strangers away from data about them. The data may sit with a telecom provider, a crypto exchange, a cloud service, or an ISP, but our privacy comes from denying them any right to share data other than with parties agreed to in advance under conditions agreed to in advance.

When possession of data is with a service provider but the right to exclude and other rights are held by the consumer, the consumer has a right against unreasonable searches and seizures. In all but the narrowest of cases involving exigency and similar circumstances, that means the government has to go get a warrant.

Getting courts to recognize property rights in data is a big effort, and itll take a lot of work over a lot of years. But it is essential work because it will determine the shape of our future world.

Theres a path into the future where the Internet revolution causes the individual to become a pawn of governments and corporationsworking together, as often as not, to determine many, many dimensions of how we live and earn. Down the other path is a future where property rights in data make us even more free and autonomous in the digital realm then we are in our homes, neighborhoods, and marketplaces. Heres to charting our course down that second path.

Read the original:
Defending 4th Amendment Privacy Protections for Digital Property - Competitive Enterprise Institute (blog)

View Full Document as PDF

For nearly 40 years,[1] this Court and courts below have struggled with using a sociological method for interpreting the Fourth Amendment in difficult cases. They have asked whether government agents disturbed a reasonable expectation of privacy, reasoning backward from the answer to whether or not a search offensive to the Constitution has occurred.

That methodology has been difficult for courts to apply consistently, and in recent years this Court has used it less and less often as a decision rule. This Court should shed that sociological approach and adopt a juridical method for applying the Fourth Amendment. It should assess the facts of the case in terms of the law, encouraging lower courts to do the same.

Specifically, the Court should examine the following questions:

Using that simple and familiar legal methodology would allow this Court to address directly the challenging questions this case presents, including: When does a seizure of data occur? When does a search of data occur? When is data a constitutional paper or effect? Who has property rights in data sufficient to assert Fourth Amendment rights in it?

The governments compulsory acquisition of data in this case was a seizure. Processing the data to make it human-readable was a search. The records were in relevant part the property of Messrs. Carpenter and Sanders, who enjoyed contractual rights and regulatory protections making them so. And digital documents are best treated as constitutional papers or effects.

That leaves the question whether it was reasonable for the government to seize and search them. There is a presumption in favor of the warrant requirement suggested by the text of the Fourth Amendment, and it is confirmed by this Courts precedents. Thus, it was unreasonable to seize and search the data without a warrant. Lacking exigency or other excuse, the government should have gotten one.

The interests of Messrs. Carpenter and Sanders are not paramount to amici, of course. But as the importance of digital communications and data grows in society, the imperative to straightforwardly address their legal and constitutional status rises.

Without breaking from precedents, this Court can revise Fourth Amendment practice and determine when and how communications and data fit into the Fourth Amendments categories of protected things. Doing so would permit courts below to address seizures and searches of communications and data forthrightly, confidently assessing the reasonableness of such government action. Here, the result of that analysis calls for the Court to find in favor of the petitioner.

Read the full brief here.

[1] Katz v. United States, 389 U.S. 347 (1967), was decided on December 18, 1967.

Read more here:
Brief of Amici Curiae of CEI, Cato and Reason Foundation in Carpenter v. US - Competitive Enterprise Institute (blog)

As leaked NSA software exploits have been redeployed to cause computer-based misery all over the world, the discussion about vulnerability disclosures has become louder. The argument for secrecy is based on the assumption that fighting an existential threat (terrorism, but likely also a variety of normal criminal behavior) outweighs concerns the general public might have about the security of their software/data/personal information. Plenty of recent real-world examples (hospital systems ransomed! etc.) do the arguing for those seeking expanded disclosure of vulnerabilities and exploits.

Former Deputy Director of the NSA Rick Ledgett appears on the pages of Lawfare to argue against disclosure, just as one would have gathered by reading his brief author bio. Ledgett's arguments, however, feel more like dodges. First off, Ledgett says the NSA shouldn't have to disclose every vulnerability/exploit it has in its arsenal, an argument very few on the other side of the issue are actually making. Then he says arguments against exploit hoarding "oversimplify" the issue.

The WannaCry and Petya malware, both of which are partially based on hacking tools allegedly developed by the National Security Agency, have revived calls for the U.S. government to release all vulnerabilities that it holds. Proponents argue that this would allow patches to be developed, which in turn would help ensure that networks are secure. On its face, this argument might seem to make sensebut it is a gross oversimplification of the problem, one that not only would not have the desired effect but that also would be dangerous.

At this point, you'd expect Ledgett to perform some de-simplification. Instead, the post detours for a bit to do some victim-blaming. It's not the NSA's fault if undisclosed exploits wreak worldwide havoc. It's the end users who are the problem -- the ones who (for various reasons) use outdated system software or don't keep current with patches. This isn't a good argument to make for the very reasons outlined in Ledgett's opening paragraph: software vendors can't patch flaws they're unaware of. This is where disclosure would help protect more users, even if it meant the loss of some surveillance intercepts.

Then Ledgett argues the NSA's leaked exploits weren't really the problem. If they hadn't been available, the malware purveyors just would have used something else.

The actors behind WannaCry and Petya, believed by some to be from North Korea and Russia, respectively, had specific goals when they unleashed their attacks. WannaCry seemed to be straightforward but poorly executed ransomware, while Petya appeared to have a more sinister, destructive purpose, especially in the early Ukraine-based infection vector. Those actors probably would have used whatever tools were available to achieve their goals; had those specific vulnerabilities not been known, they would have used others. The primary damage caused by Petya resulted from credential theft, not an exploit.

This is undoubtedly true. Bad actors use whatever tools help them achieve their ends. It's just that these specific cases -- the cases used by Ledgett to argue against increased disclosure -- were based on NSA exploits vendors hadn't been informed of yet. The patches that addressed more current vulnerabilities weren't issued until after the NSA told Microsoft about them, and it only did that because its toolset was no longer under its control.

Ledgett also points out that the NSA does better than most state entities in terms of disclosure:

Most of the vulnerabilities discovered by the U.S. government are disclosed, and at the National Security Agency the percentage of vulnerabilities disclosed to relevant companies has historically been over 90 percent. This is atypical, as most world governments do not disclose the vulnerabilities they find.

Maybe so, but there's not much honor than just being better than the worst governments. Ledgett only says the NSA is better than "most." This doesn't turn the NSA into a beacon of surveillance state forthrightness. All it does is place it above governments less concerned about the security and wellbeing of their citizens.

Ledgett then goes back to the well, claiming a) the two recent attacks had nothing to do with the NSA, and b) disclosing vulnerabilities would make the NSA less effective.

WannaCry and Petya exploited flaws in software that had either been corrected or superseded, on networks that had not been patched or updated, by actors operating illegally. The idea that these problems would be solved by the U.S. government disclosing any vulnerabilities in its possession is at best naive and at worst dangerous. Such disclosure would be tantamount to unilateral disarmament in an area where the U.S. cannot afford to be unarmed Neither our allies nor our adversaries would give away the vulnerabilities in their possession, and our doing so would probably cause those allies to seriously question our ability to be trusted with sensitive sources and methods.

The problem here is that Ledgett ignores the obvious: leaked NSA tools helped create the problem. The NSA never disclosed these vulnerabilities to affected software vendors -- at least not until it became obvious it could no longer keep these tools secret.

I'm guessing the NSA is already living through the last part of Ledgett's paragraph. A set of effective, still-undisclosed vulnerabilities being digitally spirited away and dumped into the public's lap probably makes it less likely foreign surveillance partners will be sharing their malware toolkits with the NSA.

This leads right into another argument against vulnerability hoarding: it has been shown with complete clarity that the NSA can't guarantee its exploits will never be used by criminals and malicious governments. The leak of its toolkit shows any suggestion that only the "good guys" will have access to undisclosed vulnerabilities is both ignorant and arrogant. The NSA isn't untouchable. Neither are all the surveillance partners the NSA has shared its tools with.

In the end, it's the private sector's fault, according to Ledgett. The solution is for vendors to write better software and end users to patch more frequently. This is good advice, but not an absolution of the NSA's vulnerability secrecy.

The NSA needs to do better balancing its needs and the security of the general public. Very few people are arguing the NSA should have zero undisclosed exploits. But the exploits dumped by the Shadow Brokers affected older versions of Microsoft system software dating back to Windows XP and they still weren't patched until the exploits had already been made public. These were exploits some in the NSA thought were too powerful, and yet, the NSA did nothing until the malware offspring of its secret exploit stash were taking down systems all over the world.

Read more:
Former NSA Official Argues The Real Problem With Undisclosed Exploits Is Careless End Users - Techdirt