Yahoo teams up with Google on encrypted webmail

LAS VEGAS — Your webmail will be safer from prying eyes — at some point next year.

That’s the promise that Yahoo and Google are making to their mail service users, who together make up the vast majority of webmail users. More than 425 million people use Gmail, with Yahoo Mail usage estimated at 273 million.

Longtime security industry veteran Alex Stamos, who was named Yahoo’s new chief information security officer earlier this year, told attendees of the Black Hat hacker and security conference here on Thursday that at some point in 2015, Yahoo Mail would not only be encrypted end-to-end, but would be compatible with the end-to-end encryption that Google is working on for Gmail.

When that happens, it will create a secure way to email between the two services. The contents of an email protected by end-to-end encryption are hidden and much harder to tamper with. They can not be viewed by any intermediary, including the webmail provider itself.

Yahoo encrypted webmail at the data center level earlier this year, but encrypting emails sent between accounts has proven elusive so far.

Encryption in webmail is difficult to implement for a number of reasons. It’s currently extremely difficult for most people to use, and tech titans have concerns about losing customers if their services slow down because of encryption.

Similar to Google’s approach, Yahoo will be leveraging the security community to improve the encryption. Stamos said that Yahoo will release the encryption source code sometime this fall, “so that the open source community can help us refine the experience and hunt for bugs.”

“We don’t have any other providers to talk about yet, but the hope is that this is open and will be adopted by many others in the email ecosystem,” said a Yahoo spokeswoman.

How important is webmail encryption to Google and Yahoo? It’s a big enough brass ring that Stamos said they’re working together on the project.

Read More

Supreme Court limits police searches of cellphones

WASHINGTON —- Cellphones and smartphones generally cannot be searched by police without a warrant during arrests, the Supreme Court ruled unanimously Wednesday in a major victory for privacy rights.

Ruling on two cases from California and Massachusetts, the justices acknowledged both a right to privacy and a need to investigate crimes. But they came down squarely on the side of privacy rights.

“Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet or a purse,” Chief Justice John Roberts wrote for the court.

“We cannot deny that our decision today will have an impact on the ability of law enforcement to combat crime,” he said. “Privacy comes at a cost.”

Cellphone ruling may impact other privacy challenges

The justices struck down an extensive smartphone search in California that had been upheld by the state Court of Appeals, as well as a more limited probe of an old flip-top cellphone in Massachusetts that a federal judge had thrown out.

Currently, police can search a person under arrest and whatever physical items are within reach to find weapons and preserve evidence that might be destroyed. But the justices noted that vast amounts of sensitive data on modern smartphones raise privacy concerns that differentiate them from other items.

To liken physical objects to digital data, as federal and state government officials did in justifying cellphone searches, Roberts said, “is like saying a ride on horseback is materially indistinguishable from a flight to the moon. Both are ways of getting from point A to point B, but little else justifies lumping them together.”

Roberts said police still can examine “the physical aspects of a phone to ensure that it will not be used as a weapon.” But once secured, he said, “data on the phone can endanger no one” and the arrested person will not be able to “delete incriminating data.”

Justice Department spokeswoman Ellen Canale said prosecutors and police still will “make use of whatever technology is available to preserve evidence on cellphones while seeking a warrant…. Our commitment to vigorously enforcing the criminal laws and protecting the public while respecting the privacy interests protected by the Fourth Amendment is unwavering.”

In the past two years, the court has ruled that police can swab a suspect’s cheek for DNA to put into an unsolved crimes database, as well as conduct strip searches of prisoners without reasonable suspicion.

Read More

School District Pays $70K to Settle Lawsuit

One Minnesota student’s legal battle over Facebook posts could send shock waves through schools across the country, redefining schools’ rights to search students’ devices and social media accounts without reasonable cause.

The Minnewaska School District has agreed to pay $70,000 to settle the 2012 case involving former sixth-grader Riley Stratton, now 15 years old.

In a phone interview with ABC News, Stratton said the ordeal began after she posted disparaging comments on her Facebook page about a teacher’s aide. She was at home at the time and not using school computers.

“I posted on my Facebook and said I didn’t like this Kathy person … I hated this Kathy person because she was mean,” Stratton said.

Though she was not using a school computer, Stratton says she received a detention and was forced to write a letter of apology. But it didn’t end there. Several days later, school officials received a complaint that Stratton and a male classmate were having explicit private conversations on Facebook – again, not on school computers. That’s when she says school officials made a demand.

“They interrogated me and told me to give them my password,” she said.

“I didn’t want detention, so I had to give them this.”

The American Civil Liberties Union took on the case, saying Stratton’s constitutional rights were violated, including the right to free speech and privacy. They sued for, among other things, “emotional distress.”

“Students have a lot of free speech rights on campus, but they are even more enhanced when they are off-campus. So that made it a more egregious violation of Riley’s constitutional rights,” said Wally Hilke, an attorney at Lindquist & Vennum, which represented Riley in the case.

The two sides settled, and while the school district is not admitting any wrongdoing, Superintendent Greg Schmidt says the district has updated its policies regarding the search of devices and social media accounts.

“[We'll] be certainly much more cautious about punishing people for things they say off-campus outside of school time,” Schmidt said.

Stratton simply wants to move forward.

“I lost trust in adults,” she said. “I’m just happy it’s over.”

View Source

Cellphone Case Tracks Your Vitals With Built-In Health Sensors

A cellphone case promises to spit out a quick read of your blood pressure, heart rate, blood oxygen, temperature and lung function. But how much data do people really need—or even want—about their bodies’ day-to-day behaviors?

The Wello case, a hard shell made of polycarbonate plastic, will have sensors clustered around four hotspots on the surface of the phone to take readings from your hands.

“We want it to be very simple so you can see how your body is doing any given day,” said Hamish Patel, founder of Azoi, the maker of Wello. “Press on the sensors, open the app and you see your vitals.”

What they don’t tell you in the press release: The $199 Wello case likely won’t be available for iPhone and Android phones until at least the fall because it is still waiting for FDA approval. (That process alone could take 90 days or more.) The case will be manufactured in Texas but sold globally, so the data consumers will see will depend on health regulations in their country.

How accurate will the readings be? The data from the cellphone case will be on par with devices already approved by the FDA such as pulse oximeters, says Patel.

Wello is the latest entrant to the consumer personal health tracking device market that has seen the rise of wristband and clip-on health trackers such as Fitbit, Jawbone Up and Nike+ FuelBand. To start with, Wello will just integrate with Fitbit so users can see Wello data layered on top of their Fitbit stats.

But unlike with activity trackers, health monitors such as Wello could quickly become boring. Most healthy individuals are unlikely to see a change in their heart rate, blood pressure or temperature from day-to-day. Regular vital signs as displayed by the Wello could soon seem monotonous—that’s good news for one’s health but bad for anyone looking to stay interested.

“We are working to get the stickiness factor,” says Patel.

View Source

Concealed carry permits higher in Orland Park

Residents in Orland Park, Orland Hills and Homer Glen applied in January for concealed carry permits at rates higher than most of their neighbors in Cook and Will counties, according to data obtained from the Illinois State Police.

As of the last week of January, 7,843 Cook County residents had applied for permission to carry a concealed weapon, as allowed under the state law that took effect this year. That’s a rate of about 15 people per 10,000. Orland Park, by contrast, had about 40 people per 10,000 apply for a permit, and Orland Hills had 32 applications per 10,000 residents, state police data showed.

Interest by residents in Homer Glen was even higher, with 51 concealed carry applications per 10,000 residents. The rate in Will County is about 35 per 10,000, or 2,431 applications overall.

Illinois is about one month into its new law that allows residents to carry concealed guns on a permit-only basis. Illinois was the only state that still banned concealed carry until a 7th Circuit Court of Appeals ruled the state’s ban unconstitutional in December 2012.

The new law requires 16 hours of training before residents can apply for a permit.

Interest in Homer Glen may have been buoyed by local leaders.

Will County Board member Steve Balich, R-Homer Glen, said he wrote a resolution that urged Illinois lawmakers to create a concealed carry law before they were forced to do so. Illinois lawmakers passed the new law in July 2013.

The Will County resolution, which passed on a 15-6 vote in May, was a message to state lawmakers: “We in Will County want Second Amendment rights,” Balich said.

Balich has since helped put together two concealed carry classes to help residents who want to obtain a state permit. He said about 120 people signed up for those two safety classes.

“There are a lot of people that are waiting to see what’s gonna happen,” Balich said. “I think there’s a lot of groups” putting classes together.

Balich said he applied for his concealed carry license. “I didn’t get it yet, but I applied,” he said. He plans to put together a third class in Homer Glen in late February or early March.

County Board member Ragan Freitag, R-Wilmington, attended one of the classes Balich helped assemble. She said the course focused mostly on handling the weapons and safety, and not so much on when and where to appropriately use firearms.

“They’re not promoting to go out and be offensive with this license,” Freitag said, “but to be defensive.”

Freitag, an attorney who doesn’t own a gun but says she’s looking at picking up either a 38-special or a .357 if her application is approved, said she’s looking to bring residents from her district together for a safety class similar to Balich’s.

Colleen Daley, executive director of the Illinois Council Against Handgun Violence, said the group conducted statewide polls in April and the results showed “across the board people are typically in our corner.” She said Illinois residents support the idea of measures such as universal background checks and that “the majority of people (polled) were opposed to concealed carry.”

Daley doesn’t describe the group as anti-guns, but she says she works to educate people about the potential danger and violence associated with firearms.

Four weeks after the state’s new law took effect, data showed residents had lower interest in obtaining permits in Chicago and the collar counties than in the more conservative southern counties of Illinois, which didn’t surprise Daley.

“Cook County isn’t a huge gun culture,” Daley said. “Individuals in northern Illinois have very different views than people in southern Illinois.”

Daley said her group is pushing legislators for a statewide database that would log details of every shooting.

View Source

Women arming themselves a growing trend

With feet positioned shoulder-width apart and eyes narrowing in on a target several feet ahead, arms and hands are steady and knees, slightly bent.

The top third of the forefinger rests on the trigger of a .38 revolver and the outline of a man is the target. First shot: It is powerful and loud, with the sound of the force muffled only by ear protection. The target is hit in the chest area. The shooter looks at the instructor slightly and she is told to continue. Second hit: chest. Third hit. Fourth.

“You actually did really good,” said Lt. Stephen Lavender, training bureau commander with the Montgomery Police Academy. “Want to do it again?”

The revolver is reloaded.

Pop. Pop. Pop.

It is a scenario Lavender handles on a frequent basis as he trains citizens through the academy’s Firearms Familiarization Course, a monthly eight-hour course designed to make firearm owners familiar with not only their weapon, but gun laws and the parameters they have to accept when owning a gun.

“Women are coming here to learn how to use the weapon,” he said. “And what we’re able to offer is more than just the ability to shoot.”

Nationally, more and more women are refining that ability.

According to Gallup poll data, the percentage of American women who own a firearm nearly doubled from 2005-2011, rising from 13 percent to 23 percent. In August, the National Shooting Sports Foundation reported that 37 percent of new target shooters are female, though they comprise only 22 percent of the established target-shooting population.

Dennis Cotton has seen those numbers.

As the project manager of the Alabama Shooting Complex located on the north side of Talladega, he said women are the largest growing group of shooters. The 800-acre complex is a full-service shooting complex that will address pistol, rifle and shotgun sports and archery. Within 35 miles of the complex, and of the 345,000 shooters within that range, 51 percent are women, Cotton said. The majority of the women are between the ages of 25 and 64 years old.

“Women are enjoying it,” he said. “They like to have the ability to protect themselves. It’s wide range, from teens to grandmothers.”

A steady increase
At The Gun Shoppe on Bell Road, owners Doug and Marsha Williamson have seen a steady increase in women purchasing firearms over the past five to seven years.

“I think they realize in the society we live in they are not always in a group where gentlemen are around, and they are taking personal responsibility for that,” Doug Williamson said. “These ladies have (made) the decision to be able to prepare … to take care of themselves. We have been giving classes to the private sector for almost 15 years.”

While many women still participate in the store’s co-ed classes, in the past three or four years, there has been an increase in interest in the ladies-only classes.

“… Since we offered specifically ladies-only courses for those who have had no previous exposure to firearms, and make sure everybody is accommodated according to their skill level, we’ve had more interest,” he said.

Most of the time, Williamson said, the women say they want to use the weapons safely, and that they want to learn to shoot because “they might need to use it for self-defense. The way we explain all of this is that they need to understand the Alabama provision … the aggressor must have the ability to do you bodily harm. We don’t make any recommendations in how they should deal with a situation. All we can do is explain to them what the code says and what the law says about it and what the jury looks at if there is a case of self-defense.”

The three components

During training, Lavender teaches students what to think about when deciding whether to shoot if confronted: ability, capability and jeopardy.

“Does the person have the ability to cause harm, are they capable of causing harm — that depends on if they come through that barrier, like if they are in your house,” he said. “Jeopardy is the number one thing we get them to think about because jeopardy asks them to look at ‘If I don’t do something right now, am I going to die or be seriously injured?

“If they can couple all this together, they are likely in the parameters of using deadly force to stop that person,” Lavender said. “We look at all sorts of things. Gender is always a key. How big is that male versus that female? I don’t have any self-defense tactics … even if I knew it, he would overcome it. In those efforts, we tell them to look at that.”

Lavender points out the Firearms Familiarization Course is designed to teach students to “stop, not kill.

“They also teach them to render aid. If they are breathing their last breath, they will stay down,” he said.

Teaching women

They work in attorney offices, are city employees, and even teachers. Those in the course with the Montgomery Police Academy are between the ages of 21 through their 70s.

They are of all backgrounds and are taught immediately that pulling out a gun is not a bargaining tool.

“If you pull it out, it is intended to use,” Lavender said. “If you can’t answer the three components, don’t use it as a bluffing tool. They’ll come take it from you.”

Asked whether burglars take seriously women who have guns, he said yes: “More than likely they’ll run, because they didn’t come to die.”

Women are taught to always have their pistol permit on them, otherwise it is a violation of carrying a concealed weapon, Lavender said.

“We try to make sure we paint a clear picture with everything that has to do with being a responsible carrier,” he said.

A lot of the women who take the course have guns, but have never shot them, Lavender said. It sits in a locked box and they never touch it — until crime spikes and they want to learn how to use it.

“We want to build confidence in them,” he said, “especially when they hit the center of that target. If they don’t, we sit here until they do.”

View Source

Restaurant owner charged after putting camera in bathroom

HANOVER COUNTY, Va. (WTVR) – The owner of a Mechanicsville restaurant has been charged with unlawful filming, videotaping or photographing of another after installing a camera in the men’s bathroom at Calabash Seafood Restaurant. Dennis W. Smith, 54, was indicted by a grand jury earlier this week. He is not being held in jail while he awaits trial, according to Hanover County Sheriff’s Office Lt. Chris Whitley. Calabash Seafood is located along Lee Davis Rd. in Mechanicville. Earlier this month Smith told the Richmond Times-Dispatch he installed the camera to catch people who vandalized urinals and toilets. “There’s no video being taken illegally. None,” Smith told the RTD. “This is my business,” Smith said. “If you don’t like it, you don’t have to eat here.”

View Source

Kemah couple brings suit against neighbor for alleged voyeurism

GALVESTON – A Kemah couple hopes to stop a neighbor’s alleged bullying with a lawsuit against her, recent court documents say.

Scott and Teri Gale accuse Natalie Belk of “intentionally” invading their privacy in an original petition filed Nov. 21 in Galveston County Court at Law No. 3.

The Gales claim Belk “installed security video cameras on the exterior of her residence, which is directly across the street from the plaintiffs’, and has aimed the video cameras directly in the plaintiffs’ bedroom window.” video surveillance camera

“By her actions, the defendant has intentionally intruded on the plaintiffs’ solitude, seclusion or private affairs,” the suit says.

“The filming of the plaintiffs’ bedroom and private affairs is highly private and would cause any reasonable person to be highly offended.”

Belk is also alleged to have called law enforcement “no less than 35 times” on the claimants “in an attempt to harass.”

According to the Gales, no criminal conviction has resulted from the calls, but they continue to be on the receiving end of the respondent’s “constant” harassment.

Consequently, the couple seeks a temporary restraining order and unspecified monetary damages.

Attorney Dan Krieger of the Law Office of Dan Krieger in League City is representing the Gales, and Galveston County Court-at-Law No. 3 Judge Kerri M. Foley is presiding over the litigation.

Cause No. 71,116
View Source

Va. starting to develop a master identity database

Richmond VA Sept 30 2013 Using Department of Motor Vehicles records as its core, the state government is quietly developing a master identity database of Virginia residents for use by state agencies.

The state enterprise record – the master electronic ID database – would help agencies ferret out fraud and help residents do business electronically with the state more easily, officials said.While officials say the e-ID initiative will be limited in scope and access, it comes at a time of growing public concern about electronic privacy, identity theft and government intrusion.

“It makes it easier to compromise your privacy,” said Claire Guthrie Gastañaga, executive director of the American Civil Liberties Union of Virginia. “They’re using DMV for some other purpose than driving.”

DMV points out that, in today’s world, state driver’s licenses are the fundamental identification documents used by most Americans.
State officials say participation in the e-ID system will be voluntary, but the reason that the state has been moving to offer “privacy-enhancing credentials” to Virginia residents is the increasing number of government services offered online.

However, “anything you make more accessible and efficient for the user, you potentially open up for opportunities for risk, for attack,” said Robby Demeria, executive director of RichTech, Richmond’s technology council.

The first state agency using the largely federally funded Commonwealth Authentication Service system will be the Department of Social Services, aiming to satisfy federal Medicaid requirements under the Affordable Care Act and to reduce eligibility fraud and errors. The system goes live Tuesday.

About 70 percent of Social Services’ clients are in DMV’s database, said David W. Burhop, the Department of Motor Vehicles’ deputy commissioner and chief information officer.

Four state agencies are now involved in Virginia’s e-ID initiative: DMV, the state’s “ID professionals”; the Virginia Information Technologies Agency, which runs the state’s IT systems; the Department of Social Services; and the Department of Medical Assistance Services.

DMV has the records of about 5.9 million licensed drivers and ID card holders. Some of that information – names, addresses, dates of birth, driver’s license numbers – will form the core of the state’s identity authentication system.

“To us, it is a tool that allows individuals to create online accounts,” said Craig C. Markva, communications director of the Department of Medical Assistance Services, speaking for Secretary of Health and Human Resources William A. Hazel Jr.

“When someone wants to do this, we need to be able to verify that the person trying to access the account is who he or she claims to be,” Markva said.

“This requires that they provide basic demographic information … that we can compare to what is known by DMV or by DSS (Department of Social Services) already.”

So far there’s been no public discussion in Virginia of the state’s electronic personal identity initiative or the use of the Internet for increasingly more transactions with the state government.

“When we allow governments to do that,” said Virginia ACLU’s Gastañaga, “it facilitates and empowers things that we might not want to have happen if the wrong people get into power.”

Decisions based on the convenience of using information technology are often done with a short-term perspective, said Rob S. Hegedus, chief executive officer of Sera-Brynn, a cybersecurity company in Suffolk.

“The privacy aspect catches up afterwards,” he said.

The state does not plan to hold public hearings on the Commonwealth Authentication Service system, officials said, but Demeria with RichTech contends “there’s plenty of reason for us to have a public discussion, debate, (and) consideration.”

“We want to make sure all the i’s are dotted and t’s are crossed before we execute,” he said.

For members of the public, Burhop said, e-ID would allow use of the Internet with security and privacy while needing only a single sign-on, providing faster service and lowering service costs.

“This is geared toward citizens who say, ‘Why do I have to fill out this again?’ ” DMV’s Burhop said.

Virginia is a leader in using online transactions, DMV said. But in order to move higher-risk transactions to the Internet, a more robust authentication method is needed, officials said.

For example, if a Virginian sells a car to another state resident, the deal requires a physical exchange of the registration card and the handwritten information on the card that is often hard for DMV representatives to read when the buyer registers the vehicle at the agency, noted Pam Goheen, DMV’s assistant commissioner for communications.

“If both parties had a high-assurance credential such as an e-ID,” Goheen said, “this transaction could be done entirely online which would include the registration and title updates eliminating the need to visit the DMV and speeding up the process.”

The Virginia Information Technologies Agency and contractor Northrop Grumman are responsible for state IT infrastructure, but state agencies are responsible for their business applications and the data they hold, said Sam Nixon Jr., the state’s chief information officer.

IT security is a shared responsibility between VITA and the state agencies it serves, Nixon said.

DMV says the $4.3 million Commonwealth Authentication Service system will be safe from abuse because agencies will control individuals’ files. Those files will not all be put into a single database open to other agencies.

Agencies using the service to verify a client’s identity will get only a yes-or-no reply from the Commonwealth Authentication Service system, DMV said.
And the DMV has not suffered a data breach, Burhop said.

Nonetheless, cyberhackers are always trying to break into the state’s IT system.

In 2012, VITA and Northrop Grumman blocked more than 110 million cyberattacks on the state’s data networks, Nixon said. “You can do the math, but that represents hundreds of thousands of blocked attacks each day.”

More than 47,000 viruses were blocked before they affected Virginia’s government IT assets, Nixon said, and the number of security incidents VITA detects and fixes has tripled since 2011.

But in 2009, before the Northrop Grumman took over the state’s IT system, hackers got into the Virginia Department of Health Professions’ prescription-monitoring database. Though it was unclear what records were actually taken, the database contained records of more than half a million people and more than 35 million prescriptions.

Also in 2009, the Department of Education sent a thumb drive to another agency that contained more than 103,000 sensitive records. It was later determined that the thumb drive was lost.

“When you ask a government entity to keep something like this safe, they really can’t,” Sera-Brynn’s Hegedus said. “Nobody can guarantee it.”
Times-Dispatch

View Source

Circle September 10 on Your Calendar for Apple’s Big iPhone Event

Apple is expected to unveil its next iPhone at a special event on Sept. 10, sources told AllThingsD.

The launch comes at an important time for Apple, which continues to make a lot of money from the iPhone but has seen its global market share dip amid a growing wave of lower-cost Android devices, as well as an intense battle with archrival Samsung.

One of the key questions is whether Apple adopts a new tactic to address the midrange of the smartphone market. Historically, Apple has gone after those customers by offering its year-old and two-year-old models for $100 and $200 less than a new iPhone. However, there has been a great deal of talk that the company will debut a new lower-cost iPhone alongside whatever update it has in store for the current iPhone 5.

Much of the speculation there has centered on the usual kinds of camera and processor enhancements, as well as the likelihood of a fingerprint sensor.

That has been expected ever since Apple acquired Authentec last year.

Naturally, any new phones will be running iOS 7, which has been in testing since its announcement at Apple’s developer conference in June. The new software includes a radical redesign of the overall look of the iPhone’s menus and icons, but the other new features are largely incremental updates, such as improved notifications, better photo-organizing abilities and additional capabilities for developers.

This has become something of a pattern for Apple, which typically debuts its software update at its June developer conference, tests it for a couple months, then shows the new hardware a couple weeks ahead of the new phone’s availability. The iOS update is also available for older models. Apple has already said that iOS 7 will work on many recent iPhones, iPads and iPod touch devices.

Apple is also expected to formally launch the next version of Mac OS X, known as Mavericks, in the coming weeks, though that is not expected at the Sept. 10 event.

An Apple representative declined to comment on the timing of any upcoming events.

Consumers, investors (and reportedly board members, as well) have been pressing Apple for a more rapid pace of innovation.

The company has long been rumored to also be working on television and watch projects, though there is no indication either of those are close to debuting.

View Source