On Q Professional Investigations

Apple is expected to unveil its next iPhone at a special event on Sept. 10, sources told AllThingsD.

The launch comes at an important time for Apple, which continues to make a lot of money from the iPhone but has seen its global market share dip amid a growing wave of lower-cost Android devices, as well as an intense battle with archrival Samsung.

One of the key questions is whether Apple adopts a new tactic to address the midrange of the smartphone market. Historically, Apple has gone after those customers by offering its year-old and two-year-old models for $100 and $200 less than a new iPhone. However, there has been a great deal of talk that the company will debut a new lower-cost iPhone alongside whatever update it has in store for the current iPhone 5.

Much of the speculation there has centered on the usual kinds of camera and processor enhancements, as well as the likelihood of a fingerprint sensor.

That has been expected ever since Apple acquired Authentec last year.

Naturally, any new phones will be running iOS 7, which has been in testing since its announcement at Apple’s developer conference in June. The new software includes a radical redesign of the overall look of the iPhone’s menus and icons, but the other new features are largely incremental updates, such as improved notifications, better photo-organizing abilities and additional capabilities for developers.

This has become something of a pattern for Apple, which typically debuts its software update at its June developer conference, tests it for a couple months, then shows the new hardware a couple weeks ahead of the new phone’s availability. The iOS update is also available for older models. Apple has already said that iOS 7 will work on many recent iPhones, iPads and iPod touch devices.

Apple is also expected to formally launch the next version of Mac OS X, known as Mavericks, in the coming weeks, though that is not expected at the Sept. 10 event.

An Apple representative declined to comment on the timing of any upcoming events.

Consumers, investors (and reportedly board members, as well) have been pressing Apple for a more rapid pace of innovation.

The company has long been rumored to also be working on television and watch projects, though there is no indication either of those are close to debuting.

View Source

In light of the massive Twitter security breach (yes, we’re still skeptical of the claim that it was just a password reset) earlier this month, some users might be worried about protecting their accounts on social media networks.

Andrew Jaquith, CTO of Perimeter E-Security and former Forrester analyst on password security, posted some great suggestions regarding account security on the Perimeter E-Security blog (where he is a frequent contributor). Consider this one a freebie, social network aficionados! It’s not every day you get expert advice at no charge.

Protip no. 1: Password expiration:

“Prevailing security dogma holds that security passwords should be complex and frequently changed. But requiring your employees to change their passwords every 90 days just annoys them, and they will do highly insecure things to cope as a result. They will scribble passwords on sticky notes, re-use the same password everywhere, or make the absolute smallest changes to their passwords that they can while still complying with policy.

“For example, an employee might pick a ‘complex’ 8-character password ‘rosebud1!’ and then increment the ’1′ every 90 days. Even worse, because passwords must be changed so often, IT managers use the shortest passwords their regulators will let them squeak buy with: 8 characters.

“For these reasons, researchers from Microsoft, Cambridge University among other institutions have concluded that password aging is a massive waste of time.

“It’s far better to require comparatively longer passwords that never change, such as passphrases or mnemonic passwords. Although employees will face a slightly longer learning curve initially, once they commit them to memory, they becomes reflexes. The best part: long passphrases can’t be broken as easily, so you’ve increased security and productivity at the same time.“

Protip no. 2: Using LDAP, AD, and single sign-onto reduce passwords you need to remember:

“As with password length and aging considerations, the employee’s ability to remember their passwords is a strong predictor of how likely (or unlikely) they will be to behave in ways that are less secure. The fewer passwords they have to remember, the less likely they are to make mistakes or game the system.

“Tying your applications into your LDAP or Active Directory servers is a good way to reduce the burden — think of it as the poor-man’s SSO. Full-blown single-sign-on (SSO) systems, of course, are even better. Consolidating password stores has benefits beyond just convenience, though.

“You also get better security because you can centrally enforce your password policies, and suspend access to applications and infrastructure much more quickly.”

Read More

The United States Department of Homeland Security collects and retains personal information on potential security risks to U.S. transportation security including airline passengers, flight crews, contractors and TSA employees – and anyone else’s personal information stored on several data lists created by the federal government since 9/11 in an attempt to “connect the dots” that may have been previously overlooked.

The U.S. Department of Homeland Security (DHS) Transportation Security Administation’s (TSA) Office of Intelligence & Analysis Trends and Patterns Branch (TPB) will now integrate all the personally identifiable information (PII) collected into one “jumbo list,” in order to better analyze and identify previously unknown links or patterns among individuals who undergo a TSA security threat assessment.

Exactly whose information is stored in the FBI’s Terrorist Screening Database (TSDB) and DHS and TSA compiled lists is a secret.

Most Americans are aware of the U.S. government “no fly lists,” which supposedly flag potential terrorists before they board commercial airliners, and security threat assessments of flight crews and passengers, and individuals with questionable identification and airport workers. Some lesser known TSA security threat assessments are conducted on registered overnight hotel guests (Registered Guest) at certain hotels physically connected to airport terminals, Commercial Driver’s License (CDL) holders, certain non-travelers, and anyone seeking Sensitive Security Information (SSI) in a civil proceeding, and much more.

On the FBI website, the agency quotes an Washington Post editorial to explain why watch lists such as “No Fly list” and “Selectee list” remain undisclosed:

“There are legitimate law enforcement reasons for keeping the list secret: Disclosure of such information would tip off known or suspected terrorists, who could then change their habits or identities to escape government scrutiny.”

Who can access all of the personal information collected by the U.S. government? It is entirely at the discretion of the TSA.

View Source

Cell phones long ago ceased to be a luxury and became something we can’t leave home without. But even when your device is idle or turned off, it’s sending information about your location to a cell phone tower every seven seconds. One thing most of us don’t consider is access to that information isn’t limited to your cell phone carrier.

“Police and the government can use that ping to track your whereabouts. There is no expectation of privacy in carrying that cell phone,” said Savannah attorney Bates Lovett of Hunter Maclean. Lovett said carriers can give out this information without your knowledge or permission, and in some cases without a court order.

“They can pull your text messages. They can pull your search history. Those are the types of data and information that they’re being able to pull off now that they don’t always need a warrant for,” said Lovett.

Cell phone companies are now answering more demands for your data than ever before. Nine U.S. carriers responded to questions from U.S. Rep. Ed Markey (D – Massachusetts) earlier this year. According to Markey, the group reported receiving more than 1.3 million requests for information from law enforcement in 2011.

There is no denying that cell phone data is useful and often essential for investigators working to solve crimes. Privacy advocates question whether law enforcement is being allowed too much leeway with what should be protected information.

“They’re going after one person but get information on anyone who was around a cell phone tower at a certain time. Even though they’re investigating one person, they have information on hundreds or thousands of people,” said Trevor Timm of the Electronic Frontier Foundation.

Experts say the problem is the law hasn’t kept up with technology.

“That’s certainly an issue that legislatures are taking into consideration now is what level of requirement must the government go through to get that type of information,” said Lovett.

A bill called the GPS Act that would require warrants for the data has stalled in the U.S. Senate. U.S. Rep. Jack Kingston said he believes it is time for Congress to act.

“There should be a very high firewall in terms of personal information and what can be done with that information, who gathers that information, who sells, who buys that information,” Kingston told News 3.

Until regulations are in place, remember that what you do with your cell phone is more public than you think.

“Your expectation of privacy and what you and I would think of as private is just not the same thing as what the government thinks of as privacy,” cautioned Lovett.

Many of the cell phone carriers that responded to Markey’s inquiry said they don’t keep track of the law enforcement requests they reject, so the number of requests for data is actually more than estimated.

A study by the American Civil Liberties Union found that some cell phone carriers have manuals for police that explain what data the companies store, how investigators can obtain the data, and how much it would cost.

View Source

Store mannequins are meant to catch your eye. Soon you may catch theirs.

Fashion brands are deploying mannequins equipped with technology used to identify criminals at airports to watch over shoppers in their stores. Retailers are introducing the EyeSee, sold by Italian mannequin maker Almax SpA, to glean data on customers much as online merchants are able to do.

Five companies are using a total of “a few dozen” of the mannequins with orders for at least that many more, Almax Chief Executive Officer Max Catanese said. The 4,000-euro ($5,130) device has spurred shops to adjust window displays, store layouts and promotions to keep consumers walking in the door and spending.

“It’s spooky,” said Luca Solca, head of luxury goods research at Exane BNP Paribas in London. “You wouldn’t expect a mannequin to be observing you.”

The EyeSee looks ordinary enough on the outside, with its slender polystyrene frame, blank face and improbable pose. Inside, it’s no dummy. A camera embedded in one eye feeds data into facial-recognition software like that used by police. It logs the age, gender, and race of passers-by.

Read More

Ever needed to snap a picture in a quiet building without anyone noticing? Or maybe you need to document misbehavior without getting caught? Taking snapshots on the sly isn’t easy, but a few tricks can help you capture a moment without another soul noticing.

A true spy’s main goal with snapping photos is to document a situation without ever being noticed. For the average person, this comes in handy in all sorts of circumstances, including visits to the museum, snapping photos of a chalkboard in class, concerts, the guy in the robot costume on the train, or even just when you want to capture a true “in the moment” photo and not a staged shot. With that in mind, here are a few things we can learn from how spies take pictures.

Silence Your Shutter Sounds and Disable Flash

First things first. If you want to start taking pictures on the sly, you need to disable any sounds and flash your camera might make. For smartphones, this is usually done by flipping the volume mute button, and disabling the flash in the camera app itself.

For other cameras, you’ll need to dig into your settings menu to disable the shutter sound effect and the automatic flash. If you can’t find that menu, you might try snagging your camera’s manual from Manuals Online so you can find and disable the settings.

The goal here is simple: don’t draw attention to the fact you’re taking a picture. Keep it silent and don’t let the flash go off under any circumstance.

Hide Your Camera Inside Something Else

As any good purveyor of spy movies knows, hiding a camera inside of something else is a classic trick. You can stick a camera in a bow tie, contact lenses, and of course, watches. The point is, if nobody knows you even have a camera, they won’t think you’re taking pictures.

Throughout history, cameras have been stuck inside all sorts of things, from pockets, to books, and even hidden behind newspapers. Here are a few ideas to make your own:

USB Powered Spy Shirt: Instructables user Tetranitrate shows off how to use a laptop, laptop bag, and a USB camera to convert your button-up shirt into the perfect spy camera. The whole system threads through the shirt itself, and then attaches to the computer inside the bag. It’s bulky, but it’s cheap and easy to do.

Spy Glasses: Google’s Project Glass are still a little ways off for public consumption, but if you want to build your own it’s possible. In fact, Instructables user Kipkay’s build mounts a cheap camera right into any pair of sunglasses so you can record everything that happens everywhere you go.

Hide a camera in a book: The hidden camera in a book is an old trick, but this particular build takes it a step further—it’s an iPad hidden in a book with a small slot for the camera. It’s a little ridiculous, but considering you can always play it off as a “funky case” if you’re caught, it might come in handy.

On the flipside, if you’re worried about something spying on you in your house, all you need to find a pinhole camera is a flashlight. Theoretically, you can stuff a camera in any everyday object and call it a day, so use your imagination.

Conceal the Fact You’re Taking Pictures on Your Smartphone

Of course, most people use their smartphones for pictures the majority of the time, and thankfully, it’s pretty easy to disguise what you’re doing on a phone.

First and foremost, when you’re snapping hidden photos with your camera, make sure you’re holding it like you’re using it to do anything but take a picture. Position the camera like you’re texting, playing a game, or whatever else might natural in the situation you’re in. Personally, I prefer the texting position, even though it’s often difficult to get a good shot.

Second, if you want to conceal what you’re doing from anyone behind you, it’s important to hide your screen. On a jailbroken iPhone this is easy with SlyCam since it allows you to take pictures from the Notification Center without anyone behind you seeing the camera screen.

For non-jailbroken iPhone users, we like Real Spy Camera. Not only does the app icon call the app “Easy Calc,” you can also shoot video, and use either your front facing or rear facing camera. However, the best feature is the fact you can set up a fake background as well, which means you can actually make your screen look like you’re text messaging.

On Android, we like Mobile Hidden Camera. Its app icon is a notebook, so nobody will suspect a thing, but it’s also filled with features like video recording, burst-mode, customizable screens, and the incredibly handy feature to block incoming notifications so you don’t accidently draw attention to yourself. Photo by Cory Doctorow.

Know Your Rights of When You Can Pictures and Use This Information Wisely

Public photography is tricky business, and it’s good to know your rights. You can’t just walk around taking pictures of everything under the sun—people do have a right to privacy in some circumstances. So, learn up on the rules before you go snapping photos on the sly.

And this should go without saying, but be responsible. Unless you’re documenting an important event, don’t snap pictures of people who have a reasonable right to privacy, don’t be the obnoxious person at the museum snapping pictures of everything, and respect any safety rules you might come across.

View Source

Electronic eavesdropping capabilities have reached new heights with the ongoing development of technology. With high stakes and hot emotions surrounding family law litigation, finding evidence of infidelity, hidden assets, or information about legal strategies often becomes an obsession of spouses, and obtaining it through electronics may seem like a really great idea in the heat of the moment. However, there are important statutory prohibitions and constitutional safeguards for privacy rights that can apply to electronic eavesdropping. The potential criminal and civil implications of hi-tech snooping are serious business.

Electronic Communications Privacy Act

The Electronic Communications Privacy Act and the Stored Wire and Electronic Communications Act (collectively referred to in this article as the “ECPA”) are the two primary federal laws that make certain types of electronic eavesdropping illegal acts. Communications that are covered by these federal statutes are broad and include, but are not limited to, wiretaps, telephone interceptions, electronic mail, voice mail, instant messaging, and recording face-to-face conversations.

The ECPA prohibits the unauthorized and intentional interception, use, or disclosure of covered communications via electronic, mechanical, or other devices, and access to the stored wire or electronic communications of another person. “Interception” is the “aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device,” and electronic “storage” is defined as “any temporary, immediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” Courts have struggled about the difference between interceptions and access to stored information, and the resulting penalties can differ.

Secret Agent Tools

Two newer methods of monitoring or collecting the electronic information of another person include Spyware and keystroking. “Spyware” is software installed on the hard drive of a computer that records every detail of what is done on the computer. Some vendors even claim that the software can capture screenshots of exactly what is done on a computer, in the exact order it was done. “Keystroking” refers to the use of a small recording device that clips onto a computer keyboard cable and records all keystrokes made on the keyboard. Conflicting outcomes have been reached in cases across the country on the use of these devices and whether their use is illegal under the ECPA. Just because a computer product is available on the open market for consumers to buy does not make it legal to use, any more than the fact that you can buy a gun at Wal-Mart means you can legally shoot someone.

That is Highly Offensive!

North Carolina recognizes the tort (an enforceable legal claim) of intrusion into the seclusion or solitude of another. There are several elements of this tort claim, but the primary issue is whether the intrusion is “highly offensive to a reasonable person.” Answers can be revealed through examples, such as whether a reasonable person would be justified in expecting her cellular telephone calls taken in public to remain private, or whether a reasonable person would be justified in expecting his chat room conversations to remain private. One’s reasonable expectation of privacy is viewed objectively (meaning it’s based on what a jury would find to be the expectation of a hypothetical “reasonable person,” not on the basis of what a particular person, such as the plaintiff, would expect), and the main issue turns on the reasonableness of the expectation, not whether the violation of privacy was understandable or justified.

But I Have the Password?!?!

A determination of whether the interception or access to electronic storage was unauthorized is examined by the courts on a case-by-case basis. For example, a long-standing practice of an account holder of giving free access to his or her passwords and e-mail accounts can, depending on the circumstances, be viewed as explicit consent by the account holder to the interception of the account holder’s messages or access to the account holder’s stored communications. There may also be situations that provide evidence of implied consent. However, if the plaintiff provided the password to a person for a specific reason, the authority of interception/access cannot be exceeded. For example, if the password to an online bank account was provided for access to transfer funds on one particular occasion, use of the password on another occasion to review the account holder’s account history would be in excess of the authorized access. The issue of whether an interception or access is authorized is very complex, and care must be taken to act only in accordance with specific legal advice.

I’ve Been Violated: Now What?

If you believe that your covered communications have been intentionally intercepted or your stored communications have been accessed without your consent, there are multiple avenues available to you to pursue remedies. Under the ECPA, injunctive relief may be available to you, as well as actual and punitive damages and reimbursement of your attorneys’ fees. You may also be entitled to pursue criminal charges and/or a civil lawsuit under state law for invasion of privacy. Finally, “evidence” that has been obtained in violation of the applicable federal and state laws may be excluded in your underlying suit; for example, intercepted communications that confirm extramarital sexual activities could be excluded and not admitted in an alimony or custody lawsuit.

Conclusion

There are specific deadlines one has to meet in seeking legal claims, and if you have discovered, or have had a reasonable opportunity to discover, a possible violation, you should take immediate action to assess your legal options. This area of the law is not “black and white” and many aspects of eavesdropping claims are fact dependent and complex. Therefore, it is always a good idea to seek legal counsel prior to engaging in conduct that could be illegal or if you think your rights have been violated. Remember, an ounce of prevention is worth a pound of cure!

View Source

The days of sneaking out for three-hour lunch breaks will soon be over at a Bay Street law firm after it decided to install fingerprint-scanning technology to monitor its employees’ whereabouts.

Last month, McCague Borlack LLP announced plans for a revamped security system that will require staff (except lawyers who spend much of their time with clients) to clock in and out of the office with a finger swipe, keeping track of morning late-comers or those who try to jump-start their weekends by slipping out early on a Friday.

“Some people were abusing the system,” said founding partner Howard Borlack, 58. “We had people taking two to three hours for lunch and we had no way of knowing. . . . Some people were complaining.”

Other Toronto firms use security passes and honour systems to keep track of time worked. McCague Borlack, which focuses mostly on insurance law and employs about 200 people, has gone a step further with a system that not only provides office access via fingerprint, but also records employees as they enter and leave.

Come mid-November, when the system is expected to go live, the office will be equipped with finger-scanning machines supplied by Utah-based Qqest, Inc. that will keep a rolling record of the time spent in the office.

Read More

Police are allowed in some circumstances to install hidden surveillance cameras on private property without obtaining a search warrant, a federal judge said yesterday.

CNET has learned that U.S. District Judge William Griesbach ruled that it was reasonable for Drug Enforcement Administration agents to enter rural property without permission — and without a warrant — to install multiple “covert digital surveillance cameras” in hopes of uncovering evidence that 30 to 40 marijuana plants were being grown.

This is the latest case to highlight how advances in technology are causing the legal system to rethink how Americans’ privacy rights are protected by law. In January, the Supreme Court rejected warrantless GPS tracking after previously rejecting warrantless thermal imaging, but it has not yet ruled on warrantless cell phone tracking or warrantless use of surveillance cameras placed on private property without permission.

Yesterday Griesbach adopted a recommendation by U.S. Magistrate Judge William Callahan dated October 9. That recommendation said that the DEA’s warrantless surveillance did not violate the Fourth Amendment, which prohibits unreasonable searches and requires that warrants describe the place that’s being searched.

“The Supreme Court has upheld the use of technology as a substitute for ordinary police surveillance,” Callahan wrote.

Read More

The Transportation Security Administration has been quietly removing its X-ray body scanners from major airports over the last few weeks and replacing them with machines that radiation experts believe are safer.

The TSA says it made the decision not because of safety concerns but to speed up checkpoints at busier airports. It means, though, that far fewer passengers will be exposed to radiation because the X-ray scanners are being moved to smaller airports.

The backscatters, as the X-ray scanners are known, were swapped out at Boston Logan International Airport in early October. Similar replacements have occurred at Los Angeles International Airport, Chicago O’Hare, Orlando and John F. Kennedy in New York, the TSA confirmed Thursday.

The X-ray scanners have faced a barrage of criticism since the TSA began rolling them out nationwide after the failed underwear bombing on Christmas Day 2009. One reason is that they emit a small dose of ionizing radiation, which at higher levels has been linked to cancer.

In addition, privacy advocates decried that the machines produce images, albeit heavily blurred, of passengers’ naked bodies. Each image must be reviewed by a TSA officer, slowing security lines.

The replacement machines, known as millimeter-wave scanners, rely on low-energy radio waves similar to those used in cell phones. The machines detect potential threats automatically and quickly using a computer program. They display a generic cartoon image of a person’s body, mitigating privacy concerns.

“They’re not all being replaced,” TSA spokesman David Castelveter said. “It’s being done strategically. We are replacing some of the older equipment and taking them to smaller airports. That will be done over a period of time.”

He said the TSA decided to move the X-ray machines to less-busy airports after conducting an analysis of processing time and staffing requirements at the airports where the scanners are installed.

The radiation risk and privacy concerns had no bearing on the decision, Castelveter said.

Asked about the changes, John Terrill, a spokesman for Rapiscan — which makes the X-ray scanners — wrote in an email, “No comment on this.”

The TSA is not phasing out X-ray body scanners altogether. The backscatter machines are still used for screening at a few of America’s largest 25 airports, but the TSA has not confirmed which ones. Last week, Gateway Airport in Mesa, Ariz., installed two of the machines.

Moreover, in late September, the TSA awarded three companies potential contracts worth up to $245 million for the next generation of body scanners — and one of the systems, made by American Science & Engineering, uses backscatter X-ray technology.

The United States remains one of the only countries in the world to X-ray passengers for airport screening. The European Union prohibited the backscatters last year “in order not to risk jeopardizing citizens’ health and safety,” according to a statement at the time. The last scanners were removed from Manchester Airport in the United Kingdom last month.

Here’s a side-by-side comparison of the two types of body scanners the TSA uses.

The X-ray scanner looks like two blue refrigerator-sized boxes. Unseen to the passenger, a thin beam scans left and right and up and down. The rays reflect back to the scanner, creating an image of the passenger’s body and any objects hidden under his or her clothes.

The millimeter-wave scanner looks like a round glass booth. Two rotating antennas circle the passenger, emitting radio frequency waves. Instead of creating a picture of the passenger’s body, a computer algorithm looks for anomalies and depicts them as yellow boxes on a cartoon image of the body.

According to many studies, including a new one conducted by the European Union, the radiation dose from the X-ray scanner is extremely small. It has been repeatedly measured to be less than the dose received from cosmic radiation during two minutes of the airplane flight.

Using those measurements, radiation experts have studied the cancer risk, with estimates ranging from six to 100 additional cancer cases among the 100 million people who fly every year. Many scientists say that is trivial, considering that those same 100 million people would develop 40 million cancers over the course of their lifetimes. And others, including the researchers who did the EU study, have said that so much is unknown about low levels of radiation that such estimates shouldn’t be made.

Still, the potential risks have led some prominent scientists to argue that the TSA is unnecessarily endangering the public because it has an alternative — the millimeter-wave machine — which it also deems highly effective at finding explosives.

“Why would we want to put ourselves in this uncertain situation where potentially we’re going to have some cancer cases?” David Brenner, director of Columbia University’s Center for Radiological Research, told ProPublica last year. “It makes me think, really, why don’t we use millimeter waves when we don’t have so much uncertainty?”

Although there has been some doubt about the long-term safety of the type of radio frequency waves used in the millimeter-wave machines, scientists say that, in contrast to X-rays, such waves have no known mechanism to damage DNA and cause cancer.

The TSA has said that having both technologies encourages competition, leading to better detection capabilities at a lower cost.

But tests in Europe and Australia suggest the millimeter-wave machines have some drawbacks. They were found to have a high false-alarm rate, ranging from 23 percent to 54 percent when figures have been released. Even common things such as folds in clothing and sweat have triggered the alarm.

In contrast, Manchester Airport officials told ProPublica that the false-alarm rate for the backscatter was less than 5 percent.

No study comparing the two machines’ effectiveness has been released. The TSA says its own results are classified.

Each week, the agency reports on various knives, powdered drugs and even an explosives detonator used for training that have been found by the body scanners.

But Department of Homeland Security investigators reported last year that they had “identified vulnerabilities” with both types of machines. And House transportation committee chairman John Mica, R-Fla., who has seen the results, has called the scanners “badly flawed.”

View Source