Jump to content
Donations Read more... ×
We need your help Read more... ×

Search the Community

Showing results for tags 'doj'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 8 results

  1. The federal investigation into Facebook’s Cambridge Analytica data-sharing scandal—in which prior versions of Facebook’s advertising API allowed the shady election data firm to partner with an app to harvest data on at least 87 million users without their consent—has expanded to include a multi-agency inquiry into the social network’s data practices. Per the Washington Post, five people familiar with the investigation said the Department of Justice is now joined by “representatives for the FBI, the SEC and the Federal Trade Commission... in its inquiries about the two companies,” and specifically Facebook’s “actions and statements” over a period of years. The paper wrote the multi-agency inquiry is focused on what Facebook knew years ago and what it failed to tell “users or investors,” as well as whether there were “discrepancies in more recent accounts” like executives’ testimony before Congress. The Post wrote that CEO Mark Zuckerberg’s evasive congressional testimony is considered part of the investigation: Cambridge Analytica has attracted considerable attention not just for the data harvesting, but for undercover news investigations that caught executives bragging about scummy campaign tactics, role working on Donald Trump’s campaign, and possibly illegal use of foreign contractors to work on US elections. It has since shut down, though the DOJ and FBI are reportedly still looking into its practices. According to the New York Times, while the DOJ and FBI investigations into Facebook primarily branch from those ongoing inquiries into Cambridge Analytica, Facebook representatives admitted the SEC one focuses on “the social network’s public statements about Cambridge Analytica.” SEC investigators want to know whether when Facebook said Cambridge Analytica duped them by claiming its project was only harvesting data for academic purposes, it knew full well what was going on. The Times wrote: The FTC involvement is notable because in March 2018, the agency disclosed that it had learned of “substantial concerns about the privacy practices of Facebook” and launched an investigation as a result. The Post confirmed that said investigation concerns a 2011 consent decree on user privacy that Facebook signed with the FTC—violations of which could potentially result in mind-boggling fines in the billions of dollars, though the agency’s approach to monitoring such breaches of agreements has historically been toothless. It’s not clear whether the agencies currently are considering whether the investigation could result in “criminal charges or civil penalties” for Facebook or Cambridge Analytica, the Post wrote. “The fact that the Justice Department, the FBI, the SEC and the FTC are sitting down together does raise serious concerns,” former FTC Bureau of Consumer Protection chief David Vladeck told the Post, adding that the number of agencies involved “does raise all sorts of red flags.” Former FTC chief technologist Ashkan Soltani told the Times that the growing number of agencies involved in the inquiry is “very significant because it means the government is not just interested in harms to privacy, but is interested in a broad array of harms.” So this all certainly sounds like bad news for the social media giant. But Electronic Frontier Foundation senior staff attorney Nate Cardozo told Gizmodo in April that it’s not clear authorities have the appetite to hand down more than token punishments for Facebook’s corporate practices in current climate. While President Donald Trump’s administration has “made it clear that it is no friend of Silicon Valley,” Cardozo said, it has similarly “made it clear that it doesn’t like government regulation and the administrative state.” Of course, while investigators may determine Facebook’s historical data-sharing policies do not constitute civil or criminal matters, they could always conclude otherwise about anything the site did to cover those issues up. Source
  2. from the work-dumber,-not-harder dept SESTA/FOSTA was pushed through with the fiction it would be used to target sex traffickers. This obviously was never its intent. It faced pushback from the DOJ and law enforcement agencies because pushing traffickers off mainstream sites would make it much more difficult to track them down. The law was really written for one reason: to take down Backpage and its owners, who had survived numerous similar attempts in the past. The DOJ managed to do this without SESTA, which was still waiting for presidential approval when the feds hits the site's principal executives with a 93-count indictment. The law is in force and all it's doing is hurting efforts to track down sex traffickers and harming sex workers whose protections were already minimal. Sex traffickers, however, don't appear to be bothered by the new law. But that's because the law wasn't written to target sex traffickers, as a top DOJ official made clear at a law enforcement conference on child exploitation. Acting Assistant Attorney General John P. Cronan's comments make it clear SESTA/FOSTA won't be used to dismantle criminal organizations and rescue victims of sex traffickers. It's there to give the government easy wins over websites while sex traffickers continue unmolested. "Criminals" that "host sex trafficking markets." That's the target. That's any website that might be used by actual sex traffickers to engage in actual sex trafficking. There's no dedicated web service for sex trafficking -- at least not out in the open where Section 230 immunity used to matter. This is all about taking down websites for hosting any content perceived as sex trafficking-related. It wasn't enough to hang Backpage and its execs. The government will be scanning sites for this content and then targeting the website for content posted by third parties it seems mostly uninterested in pursuing. Hosts of third-party content are usually easy to find. The actual third parties are far more difficult to track down. Intermediary liability is back. Section 230 is no longer an effective defense. The edges have been trimmed back and the government knows it can rack up easy wins over web hosts and slowly start destroying the web under the facade of saving sex trafficking victims. The DOJ knew this law would make it harder to track down traffickers. But it also knows the law allows it to target websites instead. And here it is touting the law it fought against to a conference full of law enforcement officials, letting them know targeting websites will give them wins and accolades and far fewer headaches than tracking down the individuals actually engaged in illegal activity. Source
  3. Forget the old case, DoJ tells Supremes, all hail CLOUD Act The US government has issued Microsoft with a new warrant to get access to emails held on the firm's Irish servers, while asking the Supreme Court to dismiss the existing legal battle. The long-running wrangle began back in 2014, when Microsoft was taken to court by American prosecutors who wanted access to suspects' emails that Microsoft had stored overseas. The Feds demanded the private messages under section 2703 of the US Stored Communications Act, but Redmond refused, saying that the search warrant couldn't extend beyond US borders. In July 2016, the United States Court of Appeals for the Second Circuit ruled in Microsoft's favour – a decision the Department of Justice is in the process of appealing against in the Supreme Court. However, the passage of a new law, signed off last week, known as the CLOUD Act (Clarifying Lawful Overseas Use of Data Act) has thrown a huge question mark over the dispute. In contrast to existing laws, the CLOUD Act specifies that authorities can demand that firms pass on data, even if it's held outside the US. And so the DoJ has filed a motion (PDF) with the Supreme Court saying that, given the passage of the CLOUD Act, the court should vacate the judgment made by the Court of Appeals and dismiss the case as moot. The DoJ's argument is that the CLOUD Act now directly governs the warrant that is at the heart of the dispute, which it said settles the dispute. The US government insisted it was still possible for Microsoft to fully comply and disclose the information in question under the existing warrant, but complained Microsoft wasn't playing ball. "Microsoft has refused to acknowledge either that the CLOUD Act applies to the Section 2703 warrant at issue in this case or that Microsoft plans to disclose the required information under the original warrant," the document stated. As such, the DoJ said it had decided "the most efficient means of acquiring the information sought is through a new warrant under the CLOUD Act" – and did so on 30 March – even though it maintains it shouldn't have had to issue one. The government is "unquestionably entitled" to the information, the filing stated, adding: "Microsoft no longer has any basis for suggesting that such a warrant is impermissibly extraterritorial because it reaches foreign-stored data, which was the sole contention in its motion to quash... There is thus no longer any live dispute between the parties, and the case is now moot." We asked Microsoft to comment, but a spokesperson said the company had "nothing to share". However, president Brad Smith has previously issued broadly supportive statements about the CLOUD Act. When it was passed last week, Smith blogged to say it was a "critical step forward in resolving an issue that has been the subject of litigation for over four years". It remains to be seen whether the new law is quite as water-tight in its ability to force firms to hand over any and all data as the government wants. Frank Jennings, cloud lawyer at Wallace LLP, said that although the CLOUD Act offers useful clarity for providers, it might not be the end of the dispute. "The CLOUD Act requires a provider to preserve, backup or disclose data even if the data is outside the USA. This clarity is useful... Cloud providers can now point to a clear obligation to comply with an up-to-date law," he said. "However, the battle is not over yet." Jennings said the next stage "will be for US providers to show that data outside the US is not in their 'possession, custody, or control' but that of someone else", possibly the customer or a third party. They could also offer data encryption as standard, with the customer holding the decryption keys, he said. "This is the 'You can have it but we don't know what it says' approach." The passage of the CLOUD Act and the access it grants to data held on EU servers – which has been condemned by campaign groups in the bloc – might also lead to other battles, he said. For instance, it may give new impetus to those seeking to challenge the transatlantic data transfer deal Privacy Shield, and it isn't yet clear what the EU's data protection agencies will make of it. "We await to see whether the new European Data Protection Board [which will come into being with the General Data Protection Regulation] will recognise this as a 'necessary and proportionate measure... to safeguard national security' or an attempt to overreach and undermine GDPR from afar," said Jennings. Source
  4. President Trump says the US is "acting swiftly on intellectual property theft", noting that the country cannot "allow this to happen as it has for many years." Coincidentally, or not, a panel in Capitol Hill yesterday discussed the streaming box threat, with the MPAA revealing that the Department of Justice is looking at "a variety of candidates" for criminal action. For the past several years most of the world has been waking up to the streaming piracy phenomenon, with pre-configured set-top boxes making inroads into millions of homes. While other countries, notably the UK, arrested many individuals while warning of a grave and looming danger, complaints from the United States remained relatively low-key. It was almost as if the stampede towards convenient yet illegal streaming had caught the MPAA and friends by surprise. In October 2017, things quickly began to change. The Alliance for Creativity and Entertainment sued Georgia-based Tickbox TV, a company selling “fully-loaded” Kodi boxes. In January 2018, the same anti-piracy group targeted Dragon Media, a company in the same line of business. With this growing type of piracy now firmly on the radar, momentum seems to be building. Yesterday, a panel discussion on the challenges associated with piracy from streaming media boxes took place on Capitol Hill. Hosted by the Information Technology and Innovation Foundation (ITIF), ‘Unboxing the Piracy Threat of Streaming Media Boxes’ went ahead with some big name speakers in attendance, not least Neil Fried, Senior Vice President, Federal Advocacy and Regulatory Affairs at the MPAA. ITIF and various industry groups tweeted many interesting comments throughout the event. Kevin Madigan from Center for the Protection of Intellectual Property told the panel that torrent-based content “is becoming obsolete” in an on-demand digital environment that’s switching to streaming-based piracy. While there’s certainly a transition taking place, 150 million worldwide torrent users would probably argue against the term “obsolete”. Nevertheless, the same terms used to describe torrent sites are now being used to describe players in the streaming field. “There’s a criminal enterprise going on here that’s stealing content and making a profit,” Fried told those in attendance. “The piracy activity out there is bad, it’s hurting a lot of economic activity & creators aren’t being compensated for their work,” he added. Tom Galvin, Executive Director at the Digital Citizens Alliance, was also on the panel. Unsurprisingly, given the organization’s focus on the supposed dangers of piracy, Galvin took the opportunity to underline that position. “If you go down the piracy road, those boxes aren’t following proper security protocols, there are many malware risks,” he said. It’s a position shared by Fried, who told the panel that “video piracy is the leading source of malware.” Similar claims were made recently on Safer Internet Day but the facts don’t seem to back up the scare stories. Still, with the “Piracy is Dangerous” strategy already out in the open, the claims aren’t really unexpected. What might also not come as a surprise is that ACE’s lawsuits against Tickbox and Dragon Media could be just a warm-up for bigger things to come. In the tweet embedded below, Fried can be seen holding a hexagonal-shaped streaming box, warning that the Department of Justice is now looking for candidates for criminal action. Neil Fried of @MPAA with one of the streaming Kodi boxes leading to big piracy problems during Capitol Hill panel talk. Says DOJ looking at ‘variety of candidates’ for criminal action. @Comm_Daily pic.twitter.com/aYIRA4wgTC — Matt Daneman (@mdaneman) March 7, 2018 What form this action will take when it arrives isn’t clear but when the DoJ hits targets on home soil, it tends to cherry-pick the most blatant of infringers in order to set an example with reasonably cut-and-dried cases. Of course, every case can be argued but with hundreds of so-called “Kodi box” sellers active all over the United States, many of them clearly breaking the law as they, in turn, invite their customers to break the law, picking a sitting duck shouldn’t be too difficult. And then, of course, we come to President Trump. Not usually that vocal on matters of intellectual property and piracy, yesterday – perhaps coincidentally, perhaps not – he suddenly delivered one of his “something is coming” tweets. The U.S. is acting swiftly on Intellectual Property theft. We cannot allow this to happen as it has for many years! — Donald J. Trump (@realDonaldTrump) March 7, 2018 Given Trump’s tendency to focus on problems overseas causing issues for companies back home, a comment by Kevin Madigan during the panel yesterday immediately comes to mind. “To combat piracy abroad, USTR needs to work with the creative industries to improve enforcement and target the source of pirated material,” Madigan said. Interesting times and much turmoil in the streaming world ahead, it seems. Source
  5. The Justice Department plans to submit a "legislative fix" aimed at allowing it to demand data stored on foreign soil, an official said Thursday. The fix is meant to counter a recent ruling by the Second Circuit Court of Appeals, which the Justice Department is challenging, that determined U.S. officials need international agreements to demand data stored on foreign soil. Assistant Attorney General Leslie Caldwell explained that officials felt hamstrung by the recent Microsoft decision that U.S. officials could not require the company to turn over emails stored in Ireland using the same process as emails stored in the U.S. Internet-based companies routinely place data centers in other countries. Prosecutors are traditionally required to use “mutual legal assistance treaties” (MLATs) to request foreign governments provide physical evidence residing on their own soil. “We have mutual legal assistance treaties with less than half the countries in the world,” Caldwell said during a talk at the Center for Strategic and International Studies. “Some of those countries put very strict assistance on what kind of assistance they will provide. Some of those countries we have treaties with, but as a practical matter they don’t provide evidence to us," she said. Even in Ireland, the site of the Microsoft case and what Caldwell referred to as the best of circumstances for MLATs, "it takes them 15 to 18 months to execute a request for assistance from a foreign country." Caldwell provided no other details on a potential legislative fix. Source
  6. Potential rewards for hacking central bank are high for attackers with a sophisticated skill set The U.S. Federal Reserve, the nation's central bank, detected more than 50 cybersecurity breaches between 2011 and 2015, including a handful attributed to espionage. The Fed's Washington-based Board of Governors identified 51 information disclosures during the five-year period, according to information obtained through a Freedom of Information Act request by Reuters. The breaches reported include only those at the Fed's Washington location and don't include any at its 12 privately owned regional branches. The Fed classified four hacking incidents in 2012 as espionage, and there were information disclosures in two of those cases, according to the records released to Reuters. It was unclear whether information was disclosed in the other two cases, Reuters said. Between 2012 and this year, the Fed's Washington office reported 81 malicious code incidents, 54 cases of unauthorized access, and 12 cases of inappropriate use of networks or computers, Reuters reported. The Fed noted it is a target for cyberattacks, as are other government agencies. "Our security program and processes for detecting and countering attacks are robust and our critical operations have never been affected," a spokeswoman said by email. Earlier this year, cybercriminals made off with $81 million in a cyberattack on the central bank of Bangladesh. The attacks on the Fed illustrate a growing trend of cyberattacks on banking institutions, some cybersecurity experts said. It's no surprise that there were dozens of breaches at the Fed during that time period and that international cyberespionage may have been involved, said Eric O'Neil, national security strategist for security vendor CarbonBlack. The Fed holds information about U.S. government monetary and economic policy, including upcoming decisions, noted O'Neil, a former cybersecurity and counterintelligence expert at the FBI. Other nations could be targeting the Fed to get a jump on future U.S. policy shifts, he said. "The Federal Reserve is really a gold mine for economic espionage," O'Neil added. Attacking the Fed doesn't "sound as sexy as stealing defense secrets or military intelligence secrets, but it can be more damaging," he said. "It is a way to improve an economy at the expense of another, and unfortunately, that would be us." The Fed is a "prominent target," added Toni Gidwani, director of research operations at security vendor ThreatConnect. Attacks on the banking system are "aimed at the heart of how money flows across the globe," she added by email. Espionage attempts at the Fed would not be surprising, she added. "Gaining access to the Fed's data and its strategies for ensuring the health of the U.S. dollar and the broader economy would be very valuable for a number of actors -- whether it's nation states seeking to understand their exposure to swings in interest rates or individuals looking to profit by advanced knowledge of the Fed's next moves," Gidwani said. The banking system is often a "hard target," but the potential rewards are high for attackers who have a sophisticated skill set, added Richard Ford, chief scientist at security vendor Forcepoint. "There's a certain brand of attacker who loves going after banks," he said. "That's really where the money is." In the case of attacks on the Fed, attackers are probably looking for information, Ford said. "Information is money," he said. "There are certain pieces of information that people are looking for that can be monetized in other ways than ... moving money out." The Source
  7. The Department of Justice is clearly unhappy with Apple because they want to break into an encrypted iPhone, and Apple — their only hope in getting in — won’t help them do it. The DOJ is now seeking alternative legal procedures to try and force the tech giant into complying. The iPhone in question belongs to a defendant in felony drug case named Jun Feng, according to Ars Technica. Prosecutors believe that Feng was involved in a ring of seven others who were allegedly distributing methamphetamine. Prosecutors also claim that an “erase command” was sent to Feng’s phone remotely after the government came into its possession, which would have resulted in total loss of the data on the phone had they not intercepted it. The fact the attempt was made to destroy the data has likely led to the government believing its contents contain evidence pertinent to the case. Apple admitted that they have the capability of bypassing the lock on the phone to gain access to its contents, however in doing so, it would “threaten the trust between Apple and its customers”, tarnishing Apple’s reputation. An Engadget report pointed out the “privacy crusade” Apple has been on, quoting Apple’s CEO Tim Cook as saying that people have a “fundamental right to privacy”. The government’s new strategy to try and compel Apple into cooperating is by arguing that Apple — not the defendant — is the owner of the software on the phone, thus Apple has no legal obligation to protect its contents. If the strategy was to hold up in court, it would set up an interesting precedent in which the government could force any company to decrypt its users’ data just because the software is licensed, and not sold. This will undoubtedly raise concerns of privacy over sensitive data that is typically stored in such a fashion, though Apple admitted the only reason why they can bypass the encryption on the iPhone is because it’s running an outdated iOS 7. If the operating system was iOS 8 or later, Apple says there is no way the data on the phone could be recovered. In addition to protecting the defendant’s right to privacy in this case, Apple’s attorney said in a filing that the process of unlocking a phone is also not simple, and that it would require resources Apple is willing to sacrifice for these types of requests. The burden on Apple would continue to increase as Apple’s engineers would most likely be expected to testify at trial if they found criminal content that the DOJ planned on using. However, Apple’s stance against becoming involved is primarily motivated out of concern for the public. They point out how in wake of revelations of cases brought to light by whistleblowers like Edward Snowden, the public is sensitive to issues of online privacy. United States Attorney Robert Capers responded to Apple, claiming that Apple assisted with law enforcement in this regard before, and that their reasons for denying assistance in this particular case is “without basis as a matter of law”. Source
  8. At long last, the U.S. Department of Justice (DOJ) has announced a slew of much-needed policy changes regarding the use of cell-site simulators. Most importantly, starting today all federal law enforcement agencies—and all state and local agencies working with the federal government—will be required to obtain a search warrant supported by probable cause before they are allowed to use cell-site simulators. EFF welcomes these policy changes as long overdue. Colloquially known as “Stingrays” after Harris Corporation’s brand name for a common model, cell-site simulators masquerade as legitimate cell phone towers, tricking phones nearby into connecting to them. This allows agents to learn the unique identifying number for each phone in the area of the device and to track a phone’s location in real time. But Stingrays can get a lot more than just identifying numbers and location data—by virtue of the way they work, all mobile traffic (voice, data, and text) from every phone in the area could be routed through the Stingray, giving the operator the option to do anything from recording entire calls and texts, to selectively denying service to particular phones. Until recently, law enforcement’s use of Stingrays has been shrouded in an inexplicable and indefensible level of secrecy. At the behest of the FBI, state law enforcement agencies have been bound by non-disclosure agreements intended to shield from public scrutiny all details about the technical capabilities and even model numbers of the devices. Law enforcement has gone to extreme lengths to protect even the most basic information about them, even dropping charges rather than answering judges’ questions about them. Although today’s policy changes don’t directly affect the non-disclosure agreements already in place, the tone of the announcement, along with a clarification from May, gives us hope that more transparency is on the way. What today’s changes do: Federal law enforcement agents will be required to obtain a search warrant supported by probable cause prior to using a cell-site simulator in a law enforcement context. A search warrant requires a showing by the agent, under oath, that meets one of the highest standards in federal law. This incredibly important change is precisely what EFF has been asking for.Agents will only be allowed to use Stingrays in “pen register” mode, meaning the devices will collect only the basic location of the phone and the numbers of incoming and outgoing calls and texts. Agents will not be allowed to collect the content of your communications -- like your emails or text messages -- even if the cell-site simulator is capable of such collection.Finally, Agencies must delete data on users not targeted in either 24 hours or 30 days, depending on context.What today’s changes don’t do: The new policy isn’t law and doesn’t provide any remedy to people whose data is swept up by Stingrays operated without a warrant. Indeed, it won’t even act to keep evidence collected in violation of the policy out of court (this is known as suppression).The policy doesn’t apply to the use of Stingrays outside of the criminal investigation context. For instance, when federal agents use cell-site simulators for “national security” purposes, they won’t be required to obtain a warrant by the terms of this policy.There are two enumerated exceptions to the warrant requirement in today’s guidance. The first is the traditional “exigent circumstances” exception, common to all warrant requirements and not particularly worrisome. But the second exception listed in today’s policy for undefined “exceptional circumstances” is potentially problematic. We have no idea what that means, so we’re waiting to see if and how the exception will be used.What more is needed: While we’re pleasantly surprised by this long-needed first step to bring Stingrays out of the shadows and into compliance with the Fourth Amendment’s warrant requirement, more is needed. First and foremost, without a statute or court decision giving this voluntary policy the force of law, there will be no consequences if law enforcement agents flout its terms and continue using Stingrays as they have—without warrants. With only this policy shielding us, there’s nothing keeping warrantless Stingray evidence out of court, and therefore nothing to deter agents from behaving badly. And finally, whttp://www.nsaneforums.com/index.php?eneed to extend this warrant requirement to all state and local law enforcement agencies around the country. Some states (such as Washington) already have such laws in place. It’s time to make the message clear to cops in all 50 states: if you want to use a Stingray, get a warrant! Files doj_cell_site_simulator_policy_9-3-15.pdf eff.org