Internet & Online Privacy - Legal Technology - Technologist
Technologist - The FindLaw Legal Technology Blog

Recently in Internet & Online Privacy Category

Think Verizon and the NSA shouldn't be in the same category as Wolfman and Frankenstein? Think again: Behind you! It's ... it's ... packet shaping!

So maybe James Clapper isn't as scary-looking as Lon Cheney in "Phantom of the Opera," but the implications of warrantless surveillance are terrifying. For Halloween, make sure you have the lights on as you read about these 13 (arguably) "frightening" legal issues facing technology today:

The Electronic Frontier Foundation has sent quite a letter to the superintendent of schools in Williamson County, Tennessee, calling out the district's Bring Your Own Technology (BYOT) policy for its restrictions on student speech online.

BYOT policies are becoming increasingly popular as schools realize it's in everyone's best interest to let kids bring their own electronic devices from home. But Williamson County's policies appear to be a little on the fatally overbroad side.

In an age where it seems like surveillance just keeps getting more surveill-ey, the Florida Supreme Court has hit the brakes on the common police practice of using live cell phone location data to track a person's movements in real time.

Police had obtained a both a pen register and a trap-and-trace order to track the numbers Shawn Tracey was calling on his cell phone. A month later, the order had expired, but nevertheless, police accessed the real-time cell site location information of Tracey's cell phone without a valid order.

Wait, what? You mean somewhere in between Aunt Sally and George Takei, the Drug Enforcement Agency was on Facebook? Apparently so. Earlier this month, Buzzfeed reported about Sondra Prince, a real person, whose Facebook page was not her own.

Prince (real name: Sondra Arquiett) was arrested on the ground that she was part of a drug ring. She was sentenced to probation. Unbeknownst to her, DEA agent Timothy Sinnigen set up a Facebook profile using her name and photos in the hope that criminals would try to communicate with her.

Last week was quite a week for FBI Director James Comey, who appeared on "60 Minutes" and at the Brookings Institute to reiterate that the government just has to have the ability to crack the encryption on mobile devices. You'll recall that Apple and Google are supporting mobile operating systems with encryption that even they can't break.

Comey's not a fan. But his statements about the nature of privacy make one wonder why he should be trusted. Comey doesn't seem to trust any of us, operating under the assumption that someone who doesn't want the government rifling through their stuff must be up to no good.

OK, reality check: All those headlines and stories claiming Dropbox was "hacked" contain a false statement and a misleading omission, making them technically false (consult your local rules of professional responsibility).

Dropbox wasn't hacked. That's the false statement. According to Dropbox, the usernames and passwords posted on Pastebin were login credentials stolen from other services. The thieves then used those same credentials to attempt to log in to Dropbox accounts.

The second statement, which is misleading, is that the hacks aren't even new. Dropbox wouldn't say when the credentials were stolen, but in a statement said the passwords "have been expired for some time now." Dropbox, like every online service provider, has the ability to forcibly expire user passwords, making them useless for logging in. This is a common first line of defense when a provider knows it's been hacked and it prevents thieves from using the stolen passwords.

Over the weekend, the Internet was abuzz with rumors that Snapchat, the insanely popular ephemeral picture- and video-messaging app, was hacked and that users' pictures and videos would soon be released. While it may seem far-fetched that an app with self-destructing media would be hackable, you only need to look at the "fappening" (the iCloud celebrity photo hack) to see that "The Snappening" wasn't too unfathomable, especially since the company has been hacked (for usernames and passwords, not photos and videos) before.

Well, today we got our answer: Snapchat wasn't hacked, but isn't completely secure. And sadly, the fears of leaked user photos and videos were realized earlier today -- much of it technically being child pornography.

Here's a rundown of what actually happened:

New York, New York. A city so nice they named it twice. A "concrete jungle where dreams are made of." The largest city in a state with the most lawyers per capita in the country.

Now, anyone can be But if you want to really show that New York City pride, yesterday's big domain name announcement should really excite you: .nyc domain names are available, and they are reserved for folks with NYC addresses only. How much cooler is than a generic .com? How much more appealing is that to proud New Yorkers?

For years, the Justice Department has been conducting surveillance on computer networks like Facebook, or sending National Security Letters (NSLs) to obtain emails from Apple, Microsoft, and Google. Various national security laws (including the PATRIOT Act) prevent the companies that operate those networks from disclosing the fact that they've even received a NSL.

Twitter is fed up with this secrecy. Yesterday, Twitter sued the DOJ alleging "prior restraint" -- i.e., censorship -- in that Twitter is being forced to refrain from speaking about how many NSLs it's received.

This just in from the hilarity department: Police departments nationwide have, for years, been spending taxpayer money to distribute what is essentially malware to unsuspecting parents who want to monitor their kids' online activity: a little program called ComputerCOP.

The extensive report comes from the Electronic Frontier Foundation's Deeplinks Blog, which investigated ComputerCOP, a piece of "software" that has been around for 15 years. For the last few years, it has included a keylogger that transmits everything your child (or anyone using that computer) types, unencrypted, to a remote server, making it easy for any snooper on a wireless network to snatch up your sensitive data.