Apple is storing your ‘deleted’ Safari search history in iCloud

A RUSSIAN HACKING TEAM has shown evidence that Apple is storing records of users’ browser history even after it has been ‘deleted’. Elcomsoft has sounded the alarm bells and has warned that users of Safari, the default browser for Mac, iPhone and iPad, may find that the list of sites they’ve visited is being stored in iCloud for a year or more even if they have opted to delete it. Elcomsoft makes a software package called Phone Breaker which they used to find the information which they came upon by accident.

— source

Uber to Pay $20 Million to Settle FTC Charges

Uber Technologies, the San Francisco-based ride-hailing company, will pay $20 million to resolve Federal Trade Commission charges that it misled prospective drivers with exaggerated earning claims and claims about financing through its Vehicle Solutions Program. The $20 million will be used to provide refunds to affected drivers across the country.

According to the FTC’s complaint, in its efforts to attract prospective drivers, Uber exaggerated the yearly and hourly income drivers could make in certain cities, and misled prospective drivers about the terms of its vehicle financing options.

— source

Microsoft, Google and Amazon gave cash for Trump inauguration

Big US technology companies Amazon, Google and Microsoft donated both cash and services to the ceremonies around the swearing-in of US President Donald Trump on 20 January. The same companies, and a host of others, have put their names to a letter requesting that the ban on travel to the US by citizens of seven Muslim-majority countries be rescinded. Microsoft contributed US$250,000 in cash and a similar amount in services on 28 December to the Presidential Inauguration Committee, according to federal ethics records.

— source

Las Vegas Sands to Pay $7 Million Gets FCPA Non Prosecution Agreement

Las Vegas Sands will pay a $6.96 million criminal penalty and enter into a non prosecution agreement to resolve the government’s investigation into violations of the Foreign Corrupt Practices Act (FCPA) in connection with business transactions in the People’s Republic of China (PRC) and Macao.

According to admissions by Sands made in connection with the resolution, certain Sands executives knowingly and willfully failed to implement a system of internal accounting controls to adequately ensure the legitimacy of payments to a business consultant who assisted Sands in promoting its brand in Macao and the PRC, and to prevent the false recording of those payments in its books and records.

In total, from 2006 through 2009, Sands paid about $5.8 million to the business consultant without any discernable legitimate business purpose, it admitted.

— source

Deutsche Bank to Pay Millions in Fines for Helping Wealthy Russians Launder US$ 10 Billion

Deutsche Bank said Monday it will pay US$ 625 million to US and UK financial authorities to settle charges that it helped Russian investors launder up to US$ 10 billion. At the end of last year the bank agreed to pay US$ 7.2 billion to the US Department of Justice for selling dubious mortgage securities. This time Germany’s largest bank has agreed to pay US$ 425 million to New York’s Department of Financial Services (DFS) and 163 million pounds (US$ 202 million) to the UK’s Financial Conduct Authority (FCA) to settle money laundering allegations.

— source

All private banks are criminals.

Amazon Echo, Google Home, It’s almost like a police state

If you received one of those home digital assistants, like Amazon Echo or Google Home, over the holidays, you might want to listen closely. Privacy experts are keeping a close watch on the case of a Bentonville, Arkansas, man who was charged with murder after prosecutors obtained a warrant to receive data from his Amazon Echo, a voice-activated device that’s always listening and often recording. James Andrew Bates says he’s innocent of the murder of Victor Collins, who was found strangled in Bates’s hot tub. Prosecutors hope to search audio recordings on Bates’s Amazon Echo for clues.

So far lawyers for Amazon have refused to comply with the warrant, and experts say it’s unlikely the device was recording at the time of the murder. But the case has drawn national attention and alarmed civil liberties groups. Bates’ lawyer, Kimberly Weber, told USA Today, “I have a problem [that] a Christmas gift that is supposed to better your life can be used against you. It’s almost like a police state,” she said.

Marc Rotenberg talking:

These are a category of consumer devices that we refer to as always-on devices. To operate, they literally have to be listening to the user to interpret the instruction and to act on it. The companies say that they rely solely on the wake words, which, for Echo, for example, might be “Alexa”; for Apple, it might be “Siri.” But the problem turns out to be quite a bit more complex, because, first of all, the devices are easily triggered. People have had the experience—when a radio is on in the background, for example, it can alert the device. Also, we have found that in a number of these new consumer products, when companies say that the privacy protection measures work, in fact, they don’t. A very famous example of that occurred with Snapchat. Snapchat was telling its users that it would delete photos, that they would literally vanish once they were sent. But, of course, that’s not what Snapchat was doing. They were simply changing filenames, and the photos could be retrieved. We had a similar experience, by the way, with a search company called AskEraser. It said it was deleting all search queries—except for the ones that law enforcement wanted.

So, this is the reason that, actually, more than a year ago, EPIC went both to the Federal Trade Commission and the U.S. Department of Justice, and we said, “You really need to look closely at these products.” We’re obviously not against new technology that helps consumers and is certainly a bit of fun, but at the same time we need a better understanding of how they operate. What information about the user is being collected? How reliable are these wake words? And most significantly in this case, how can it be that the company is actually in possession of information that could be useful to law enforcement? Because, of course, if you play back the tape a little bit and think about what Mr. Snowden showed us regarding the collection and use of telephone logs, for example, it would be quite easy to imagine a company such as Amazon could persistently retain this type of data on all of its users and make it available to law enforcement in a whole variety of circumstances unrelated to criminal investigations. So there are a lot of important policy issues here, a lot of important legal issues here, that we think both the Federal Trade Commission and the Department of Justice need to look at much more closely.

when we go into these investigations, the companies often say, “Well, we can’t tell you exactly what type of information we’re retaining on our consumers. We can’t tell you exactly the technique of the wake word or how much data is being retained.” And this immediately, I think, should be a warning to those who do public oversight and help enforce important privacy safeguards, that if the companies can’t establish that the products work as they’re supposed to work—for example, they only record when the wake word is being used—then there’s a real problem.

And another point which I think is important to keep in mind is that this is not just a debate about law enforcement access to personal information. I think we’re familiar with that debate. We’ve had it also around the Apple iPhone. These are also devices in the home that can be exploited by criminal hackers. In other words, once you put a device like a Echo in your home, someone can gain remote access to that device and may be able to listen into private communications. This has certainly been the experience with webcams on laptops and the reason that a lot of people are now placing post-it notes on top of those webcams to prevent that type of surreptitious remote recording. But this can also happen with audio devices in the home. And it’s the reason that we think law enforcement and the FTC actually have a responsibility to protect consumers from that type of unwanted listening.

next week the Senate Judiciary Committee will hold two days of hearings on Senator Sessions to be the attorney general. I think it is absolutely vital for that committee to ask the nominee his views about privacy, about some of these new surveillance techniques, about what the appropriate limitations should be. I don’t think there’s any real dispute that for a proper criminal investigation or even for a national security matter, where there’s legal authority and a judicial determination, that searches are appropriate. But if we’ve learned anything in the last few years, it’s that these techniques can be used for the public at large. And there is a real risk right now, with the growing use of these consumer devices connected to the internet—it’s not just Alexa, it’s thermostats, it’s, you know, connected toys—that the government will take advantage of all this personal data that’s being collected for the type of mass surveillance that I don’t think we could permit. So the attorney general really needs to be asked about this issue. And we need to get—I should say, in fact, the nominee to be attorney general should be asked about this issue, and we should get his views.

Marc Rotenberg
executive director of the Electronic Privacy Information Center.

— source