Old Fucking Punk @lwriemen@librem.one

Victory: California Orders State Audit of Automated License Plate Readers

A California legislative committee today voted to direct the State Auditor to launch a probe into the use of automated license plate readers (ALPRs) by law enforcement agencies. The audit will include the first comprehensive statewide survey of which agencies use this surveillance technology and what vendors they use. It will also include a deeper audit into four specific jurisdictions across the state. 

ALPRs are camera systems that scan the license plates of vehicles in order to track people in real-time and create search databases of drivers’ historical travel patterns. As a mass surveillance technology, ALPR captures information on every driver, regardless of whether their vehicle is under suspicion. 

In 2015, EFF supported legislation—S.B. 34—to require agencies to implement policies that protect civil liberties and privacy, and to maintain a detailed log of every time someone accesses ALPR data. In the years since, EFF has filed hundreds of public records requests and analyzed scores of policies only to discover that many agencies are either ignoring the law altogether or failing to follow some of its provisions. Often EFF’s research faces hurdles because agencies signed non-disclosure agreements with the primary vendor of the technology, Vigilant Solutions. 

EFF assisted Sen. Wiener in drafting the audit request in order to obtain an impartial review of the spread of ALPRs and to assess whether agencies are complying with S.B. 34. In addition to circulating a statewide questionnaire, the auditor will conduct investigations into the Fresno Police Department, Sacramento County Sheriff and Department of Human Assistance, the Los Angeles Police Department, and the Marin County Sheriff/San Rafael Police Department (these north Bay Area jurisdictions share an ALPR system). 

California State Auditor Elaine Howle testified that the audit would take 2,800 hours of staff time and estimated that it will be completed in 7 months.

Last year, EFF collected records from 60 agencies in California: together they accounted for more than 1.1 billion license plate scans in 2017-2018 alone. Only about 0.1% were flagged as relevant to an investigation at the time they were collected. The ACLU of Northern California filed a lawsuit against ICE to obtain records about ALPR and found that immigration authorities routinely gained access to data collected by agencies in California. 

The audit is especially timely in light of news that U.S. Customs and Border Protections’ license plate vendor was breached, resulting in massive amounts of confidential records being leaked onto the Internet. While CBP’s system is outside the scope of the audit, it serves as a warning of how ALPR systems not only threaten privacy, but also create cybersecurity risks. 

A previous audit of the state’s gang databases found the systems were rife with errors, which led to the passage of two reform bills. The ALPR audit may take several months to complete, but we anticipate that the State Auditor will also make concrete recommendations for legislative reforms to reel in this controversial form of mass surveillance.

Related Cases:  Automated License Plate Readers- ACLU of Southern California & EFF v. LAPD & LASD Automated License Plate Readers (ALPR)

The History of Cellular Network Security Doesn’t Bode Well for 5G

There’s been quite a bit of media hype about the improvements 5G is set to supposedly bring to users, many of which are no more than telecom talking points. One aspect of the conversation that’s especially important to get right is whether or not 5G will bring much-needed security fixes to cell networks. Unfortunately, we will still need to be concerned about these issues—and more—in 5G.

Past security flaws in the design of cell network infrastructure are being used for everything from large scale SMS spamming to enabling dragnet surveillance by law enforcement and spying in DC via cell site simulators (a.k.a. Stingrays, IMSI-catchers). Longtime cell network security researcher Roger Piqueras Jover has recently published a short but comprehensive reflection on the history of the cell security research that uncovered much of those flaws, and with it, his view of the security outlook for 5G.

Jover draws attention to how rapidly the field of cell network security research has been accelerating. It took researchers over 10 years after GSM was first standardized and deployed to find the first security flaws in the GSM (2G) protocol. For LTE (4G), it took approximately 7 years. Fast forward to the 5G standard, which was finalized  in March 2018. While there are currently no commercial implementations of 5G widely in use yet, researchers have already discovered over 6 critical security flaws in this new protocol.

Standardization efforts simply aren’t keeping up with the rapid rise of critical security flaws. The group responsible for maintaining the standards and incorporating security fixes (the 3GPP) primarily consists of big players in the telco industry, who don’t have much incentive to come up with and incorporate the critical user privacy fixes that are needed.

On the positive side, Jover points out that there are increasing efforts from researchers to explore potential fixes for many of the security problems in cell networks. In the recent past Ericsson has stepped up their efforts to fix some of the vulnerabilities in 5G’s identification and authentication procedures (i.e. the process that takes place between a mobile phone and a cell tower when each is verifying the other is who they claim to be). Similarly, researchers recently published a proof-of-concept paper proposing a PKI (public key infrastructure) & digital certificate system for the connection between mobile phones and cell towers (similar to SSL certificates and HTTPS).

Despite these efforts, for real change to take place, it must come from within: the 3GPP’s biggest players need to embrace the work required to fix the fundamental flaws that have plagued cell networks for years. Until then, our mobile devices are still vulnerable to being caught up in dragnet and targeted surveillance attacks. As it stands, 5G won’t be any sort of panacea—for increasing security, for improving wireless accessibility, or for solving the issues of broadband monopolies that contribute to each of these.

@switchingsocial
Here is another great note taking app: @joplinapp
There are clients for all platforms. Syncing could be done via @nextcloud or other syncing platforms.

Investors in Companies Profiting Off Student Loans Are Worried About Democrats’ Proposals to Cancel Debt

With ambitious proposals from Elizabeth Warren and Bernie Sanders, momentum for canceling student debt is growing.

The post Investors in Companies Profiting Off Student Loans Are Worried About Democrats’ Proposals to Cancel Debt appeared first on The Intercept.

https://blog.mozilla.org/firefox/hey-advertisers-track-this/

In the same spirit as Ad Nauseam. I like the intent, although it's questionable if it does much for me since I use Firefox through Tor and uBlock and uMatrix and cookies are on a whitelist-only... Nice to see Mozilla extend the middle finger to the surveillance capitalism forces though 🤷

Want to find your way from A to B?

You should try:
https://maps.openrouteservice.org

I've used it a couple of times today, and it was great.

* Uses OpenStreetMap data
* Service provided by HeiGIT
* Doesn't spy on you
* Maps look great
* Effective routes
* Share with friends
* Add your own tracks
* Export to GPX plus others
* Elevation profile

You can also go to C, D, E and many more. 😉

#OSM #maps #routes #routing #FOSS #FLOSS #CrowdSourced

...And 18 Point Back

Trump says E. Jean Carroll “isn’t his type.”

Rules For Thee, But Not For Me

Now for this episode of “It’s Okay if You’re a Republican!”

Amazon Troopers: Special Delivery

Service guarantees free shipping on items over $20!

History is Repeating Itself

Four European cartoonists on the rise of the far-right in their neck of the woods

Milk: Best drink to reduce burn from chili peppers

People who order their Buffalo wings especially spicy and sometimes find them to be too 'hot,' should choose milk to reduce the burn, according to researchers, who also suggest it does not matter if it is whole or skim.

Additions, deletions, and changes to the official list of North American birds

The latest supplement to the American Ornithological Society's checklist of North and Middle American birds includes several major updates to the organization of the continent's bird species. The official authority on the names and classification of the region's birds, the checklist is consulted by birdwatchers and professional scientists alike and has been published since 1886.

Roads and deforestation explode in the Congo basin

Logging roads are expanding dramatically in the Congo Basin, leading to catastrophic collapses in animal populations living in the world's second-largest rainforest, according to new research.

Tiffany Cabán Stuns Queens Machine, Holds Solid Lead in Race for Queens District Attorney

Cabán ran on ending cash bail, decriminalizing poverty and sex work, and faced the full weight of the machine.

The post Tiffany Cabán Stuns Queens Machine, Holds Solid Lead in Race for Queens District Attorney appeared first on The Intercept.

National trash: Reducing waste produced in US national parks

When you think of national parks, you might picture the vast plateaus of the Grand Canyon, the intricate wetlands of the Everglades, or the inspiring viewscapes of the Grand Tetons. You probably don't envision 100 million pounds of mashed water bottles, barbecue-smudged paper plates, and crumpled coffee cups -- but that is the staggering quantity of garbage that is generated in our National Parks each year. And handling that amount of waste is becoming a huge problem.

A Third of Republicans Think It’s OK to Refuse Service to Muslims

I’m never quite sure how seriously to take survey results, and today Paul Waldman points to a new PRRI survey that I really, really don’t want to take seriously. Here it is: Thanks to a baker in Colorado, we’re all accustomed to the idea that conservatives think business owners should be free to refuse service […]

Tails announced an emergency release this week, 3.14.2, to address a critical security vulnerability in the Tor browser. Be sure to update the Tor Browser to version 8.5.3 to fix the sandbox escape vulnerability.
https://tails.boum.org/news/version_3.14.2/index.en.html

Pine woodland restoration creates haven for birds in Midwest

Researchers have shown in a new study that restoration of pine woodlands, through the combined use of intentional, managed fires and strategic thinning of tree density, has a strikingly beneficial effect on a diverse array of birds, some of which are facing sharp declines from human-driven impacts like climate change and habitat loss.

CryptPad v2.24.0 introduces the ability to share encrypted docs directly with friends from within the share menu. You can also add colors to folders in your CryptDrive. Try it now on https:/cryptpad.fr and see the release notes for full details: https://github.com/xwiki-labs/cryptpad/releases/tag/2.24.0

#privacy

Review by our friends at the Denver Post:
Google Chrome has become surveillance software. It’s time to switch. https://t.co/1vEfs1s01j
#privacymatters