Internet & Online Privacy - Legal Technology - Technologist
Technologist - The FindLaw Legal Technology Blog

Recently in Internet & Online Privacy Category

Last week was quite a week for FBI Director James Comey, who appeared on "60 Minutes" and at the Brookings Institute to reiterate that the government just has to have the ability to crack the encryption on mobile devices. You'll recall that Apple and Google are supporting mobile operating systems with encryption that even they can't break.

Comey's not a fan. But his statements about the nature of privacy make one wonder why he should be trusted. Comey doesn't seem to trust any of us, operating under the assumption that someone who doesn't want the government rifling through their stuff must be up to no good.

OK, reality check: All those headlines and stories claiming Dropbox was "hacked" contain a false statement and a misleading omission, making them technically false (consult your local rules of professional responsibility).

Dropbox wasn't hacked. That's the false statement. According to Dropbox, the usernames and passwords posted on Pastebin were login credentials stolen from other services. The thieves then used those same credentials to attempt to log in to Dropbox accounts.

The second statement, which is misleading, is that the hacks aren't even new. Dropbox wouldn't say when the credentials were stolen, but in a statement said the passwords "have been expired for some time now." Dropbox, like every online service provider, has the ability to forcibly expire user passwords, making them useless for logging in. This is a common first line of defense when a provider knows it's been hacked and it prevents thieves from using the stolen passwords.

Over the weekend, the Internet was abuzz with rumors that Snapchat, the insanely popular ephemeral picture- and video-messaging app, was hacked and that users' pictures and videos would soon be released. While it may seem far-fetched that an app with self-destructing media would be hackable, you only need to look at the "fappening" (the iCloud celebrity photo hack) to see that "The Snappening" wasn't too unfathomable, especially since the company has been hacked (for usernames and passwords, not photos and videos) before.

Well, today we got our answer: Snapchat wasn't hacked, but isn't completely secure. And sadly, the fears of leaked user photos and videos were realized earlier today -- much of it technically being child pornography.

Here's a rundown of what actually happened:

New York, New York. A city so nice they named it twice. A "concrete jungle where dreams are made of." The largest city in a state with the most lawyers per capita in the country.

Now, anyone can be fakepracticearealawyer.com. But if you want to really show that New York City pride, yesterday's big domain name announcement should really excite you: .nyc domain names are available, and they are reserved for folks with NYC addresses only. How much cooler is fakepracticearea.nyc than a generic .com? How much more appealing is that to proud New Yorkers?

For years, the Justice Department has been conducting surveillance on computer networks like Facebook, or sending National Security Letters (NSLs) to obtain emails from Apple, Microsoft, and Google. Various national security laws (including the PATRIOT Act) prevent the companies that operate those networks from disclosing the fact that they've even received a NSL.

Twitter is fed up with this secrecy. Yesterday, Twitter sued the DOJ alleging "prior restraint" -- i.e., censorship -- in that Twitter is being forced to refrain from speaking about how many NSLs it's received.

This just in from the hilarity department: Police departments nationwide have, for years, been spending taxpayer money to distribute what is essentially malware to unsuspecting parents who want to monitor their kids' online activity: a little program called ComputerCOP.

The extensive report comes from the Electronic Frontier Foundation's Deeplinks Blog, which investigated ComputerCOP, a piece of "software" that has been around for 15 years. For the last few years, it has included a keylogger that transmits everything your child (or anyone using that computer) types, unencrypted, to a remote server, making it easy for any snooper on a wireless network to snatch up your sensitive data.

The "Internet of Things" is a fun buzz-phrase that describes non-computer devices with Internet connections, like your car, your refrigerator, or your thermostat. Unfortunately, companies that make such devices don't always have security in mind.

When we think of "Internet security," it's typically in the context of computers, maybe smartphones. But as more and more of our stuff starts surfing the Web, security becomes more of a problem.

Not a week after Apple announced that it couldn't break the new default encryption in iOS 8 even if it had to, FBI Director James Comey fired the first of the government's PR shots at Apple and Google, chiding them for having the audacity to prevent the government from snooping on people's phones at its pleasure.

In Comeyland -- which is a lot like Disneyland, but with more armed guards -- the government always holds the spare key to your diary and if you don't let the government snoop on you, children could die.

Way back in August, the Public Access to Court Electronic Records (PACER) folks over at the Administrative Office of the U.S. Courts announced that a selection of dated federal appeals court files, and one California-based bankruptcy court's inactive files would be pulled from the system, as they were incompatible with an ongoing upgrade.

Many people were upset about the deletion of important court records, including Sen. Patrick Leahy of Vermont, chair of the Senate Judiciary Committee. Leahy wrote a stern letter to the Administrative Office, which responded this week with some welcome information: The "deleted" records were only taken down temporarily and will be restored by the end of October, reports The Wall Street Journal.

Last month, we brought you news out of Delaware, the first state to pass into law the Uniform Fiduciary Access to Digital Assets Act (UFADAA), which allows estate administrators access to testators' email, social media accounts, and the like. The problem this law resolved was social media companies' refusal to grant anyone access to a dead person's accounts unless they got served with a court order.

Last week, Yahoo came out on its Global Public Policy Tumblr against the law. In arguing against the Digital Assets Act, does Yahoo mischaracterize the law? (Was that a leading question?)