SEO Werkt!

Civil libertarians aren’t thrilled with the government’s ability to track our locations, even after the U.S. Supreme Court put limits on the ability for law enforcement to track car locations without search warrants.

Scary anti-government talks are the norm at Defcon, the hacker conference in Las Vegas. This year is no different, as leading-edge technology continues to race ahead of society’s laws and government policies.

In the U.S. vs Antoine Jones case, the Supreme Court concluded that placing a GPS device on a nightclub owner’s car constituted a search, and that that such an action requires a search warrant – under the Fourth Amendment of the U.S. Constitution that governs illegal search and seizures. But the court specifically did not rule that tracking cell phone usage — including location information — without a warrant was illegal. The recent CarrierIQ scandal, where a company was caught tracking the clicks of mobile users without telling them,  illustrated what can happen when tracking goes on without being questioned.

“We are in a constitutional moment,” said Ben Wizner, director of the Speech, Privacy & Technology project for the American Civil Liberties Union, on a panel at Defcon, which is expected to draw more than 8,000 people.

The ACLU’s concerns range from the ability to do “wholesale dragnets” in areas within range of a single cell phone tower to the circumvention of cell phone encryption.

Chris Soghoian, who has been tracking the government’s surveillance activities for six years and who will soon be the principal technologist for the ACLU, said that the ACLU and others have had to file Freedom of Information Act requests in all 50 states to collect information on tracking by police departments and other government entities. He went to a surveillance industry convention, nicknamed the Wiretapper’s Ball, and hung out with corporate lawyers in bars. He said that carriers are getting 1.5 million requests a year from law enforcement for location data.

Sprint reports that it gets tens of thousands of requests related to handing over location data on individuals. It used to cost $150 per ping for this tracking information, but now law enforcers can get the “all-you-can-eat” data for just $30 a month via portals on the web.

Ashkan Soltani, another tracking activist and independent security researcher, said that phones have become mini-computers, which carry lots of information about who you are and where you go, thanks to the built-in Wi-Fi or GPS tracking technology in them.The carriers began tracking location in every phone thanks to the requirement that they have the data for emergency 911 (E911) services.

There are five different kinds of entities that could be collecting location data.That include hardware companies, platform owners, carriers, application creators, and the ad networks/analytics companies. That represents a broad attack surface for hackers, but also for the government to approach if it wants to find information about your activities.

In most cases, it isn’t easy for users to opt out of being tracked. You can try to encrypt your cell phone communications using
different apps, and the civil libertarians suggested you do so. But platform owners can often decrypt the data and law enforcement can get that data from the platform owners.

Soltani said that police tracking technology can copy the contents of a phone in two minutes.The degree to which your data is treated as private varies. Android apps have the ability to copy photos on your phone.

“The problem is there is no incentive not to track,” Soghoian said. “The ability to do wholesale dragnets is scary.There are some very sketchy things happening.”

It is not clear the good the Supreme Court did with tracking cars will extend to tracking cell phones, she said.

Soghoian said that government lawyers have said single-tower tracking is so inaccurate that they don’t need a warrant to get the data. But as consumers use data-hungry smart phones, carriers have to put more towers in cities and shrink the coverage area for each tower. That reduces the area and makes the tracking information more accurate. If you use a Femtocell, or cell signal booster, to boost your cell phone signal in your home, that information can be very accurate, Soghoian said.

“There are some real anomalies in the law and it hasn’t kept pace with technology,” said Wizner of the ACLU.

“The carriers could do a lot more to help us understand how much information about our location they are giving away,” said Catherine Crump, a staff attorney for the ACLU. “The Jones decision doesn’t go far enough.”

The ACLU had to use Freedom of Information Act requests to get the carriers to say for how long they keep location data. The answer is six months to years, depending on the carrier. AT&T logs location data for seven years, Soghoian said.

One American fugitive was on the run, logged in from Sri Lanka via Skype, and the federal government was able to locate the fugitive. When Twitter receives requests for information, the company notifies users of the request so they can contest it.

[Photo credit: Mia Judkins]

Filed under: security

Apigee, a company focusing on API creation and management, has just opened its first office in the EU. The company’s London HQ will help it grow its already significant clientele in Europe.

Currently, Apigee’s EU clients include such heavyweights as Financial Times Group, Shazam, Telefónica, Thomson Reuters, and Vodafone. The new office will allow Apigee to strengthen those relationships while building a more robust list of customers and a stronger presence overall in Europe.

“Europe is our fastest-growing market, and we’re seeing strong interest across all industries, from leading-edge technology companies to traditional brick-and-mortar businesses,” said Apigee CEO Chet Kapoor in a statement today.

“APIs are the foundation of the app economy and can provide a powerful way for a business to quickly expand and reach new customers who use mobile devices.”

Apigee also has an office in Bangalore, India. The company is based in Palo Alto, Calif. Apigee was founded in June 2004 and has taken a total of $52.1 million in venture funding to date. Its fourth round in the amount of $14.1 million was closed in early 2010.

Its U.S.-based clients include AT&T, Netflix, eBay, Pearson, and Gilt Groupe.

Image courtesy of Maugli, Shutterstock

Filed under: dev

As companies move their data out from behind firewalls into the cloud and employees use self-provisioned mobile devices, infosecurity must change. That’s why cybercrime prevention provider ThreatMetrix will announce tomorrow its acquisition of TrustDefender, which detects malware-based attacks. ThreatMetrix can now offer an integrated fraud protection solution that verifies the identity and integrity of any device trying to access secure data. If an endpoint has been compromised through malware or identity theft: access denied.

Reed Taussig, ThreatMetrix’s CEO tells me the acquisition was made with a combination of cash and stock. It was bankrolled by ThreatMetrix’s 300% year on year revenue growth and the $12 million funding round it took in October 2010.

TrustDefender co-founder and CEO Andreas Baumhof will become the new ThreatMetrix CTO. The majority of the Australian TrustDefender’s team was picked up, but won’t be relocating to ThreatMetrix’s San Jose headquarters. TrustDefender took $16 million in funding from Nexbix Ltd in March 2010.

ThreatMetrix’s device identifications system looks at over 250 aspects of an endpoint device to determine its integrity. — where is it, hidden proxies, if text is being rendered in foreign language, or if that email address has been used to make a request from multiple continents. TrustDefender detects malware and other threats including trojans, Poison Ivy, and man-in-the-browser-attacks. It services financial institutions, SaaS providers, ecommerce companies, and government.

Before now, companies had to seek out separate vendors for device identification and malware detection. Taussig tells me “The identification of malware on a device should be a feature of device identification. We were fortunate to have found a malware ID company that has leading edge technology with referenceable, high-end customers that recognize this is a match made in heaven. The acquisition provides huge advantages, as clients can be supported by a single product.”

Additionally, ThreatMetrix has just signed a partnership with major credit bureau TransUnion. This will help it verify the authenticity of user biographical and financial data to protect logins and payments.

Instead of only accessing firewalled data through dedicated, pre-screened devices, employees now accessing the cloud with their own laptops, tablets, and phones. Let’s be honest. Who knows what those devices are being used for in the off-hours? It’s therefore more important than ever for IT departments to have a strong device ID security system. Otherwise their company’s source code, intellectual property, design docs, customer names or credit card numbers could be at risk.