Firewalls Don't Stop Dragons Podcast

So what happens when your face print (or any biometric info) is stolen from a server? You can't change your face like you can change your password. Is there anything you can do to avoid your face being scanned or prevent your face from being recognized? What can you do right now to halt the use of facial recognition technologies while we sort out all the social implications? The answers to these questions and more in the second half of my interview with EPIC's Jeramie Scott! Jeramie Scott is Senior Counsel at EPIC and Director of the EPIC Domestic Surveillance Project. His work focuses on the privacy issues implicated by domestic surveillance programs with a particular focus on drones, AI, biometrics, and social media monitoring. Mr. Scott regularly litigates open government cases and cases arising under the Administrative Procedure Act. He is also a co-editor of "Privacy in the Modern Age: The Search for Solutions” and the author of “Social Media and Government Surveillance: The Case for Better Privacy Protections of Our Newest Public Space.” Prior to joining EPIC, Mr. Scott graduated from the New York University Law School where he was a clinic intern at the Brennan Center's Liberty and National Security Program. His work at the Brennan Center focused on civil liberty issues arising from local law enforcement surveillance. Further Info: Electronic Privacy Information Center (EPIC): https://epic.orgPrivacy in the Modern Age: The Search for Solutions: https://www.amazon.com/Privacy-Modern-Age-Search-Solutions/dp/1620971070Glenn Greenwald's TED Talk on Privacy: https://www.ted.com/talks/glenn_greenwald_why_privacy_mattersPetition to ban the use of FRT: https://www.banfacialrecognition.com/

Use of facial recognition technology (FRT) is exploding around the globe. While touted as a convenience for checking in for a flight or crossing the border, the opportunities for abuse are staggering. People act differently when they feel they're being watched. There's a reason we have sayings like "dance like no one is watching". But US agencies like TSA and CBP have gained access to treasure troves of faces from DMV and passport databases, without ever asking our permission, and they're rolling out FRT across the nation. There are no laws or regulations on the use of this technology, and little thought being given to how constant, mass surveillance will affect our democratic and human rights. In the first part of my two-part interview with Jeremie Scott (EPIC), we'll discuss how we got here. Jeramie Scott is Senior Counsel at EPIC and Director of the EPIC Domestic Surveillance Project. His work focuses on the privacy issues implicated by domestic surveillance programs with a particular focus on drones, AI, biometrics, and social media monitoring. Mr. Scott regularly litigates open government cases and cases arising under the Administrative Procedure Act. He is also a co-editor of "Privacy in the Modern Age: The Search for Solutions” and the author of “Social Media and Government Surveillance: The Case for Better Privacy Protections of Our Newest Public Space.” Prior to joining EPIC, Mr. Scott graduated from the New York University Law School where he was a clinic intern at the Brennan Center's Liberty and National Security Program. His work at the Brennan Center focused on civil liberty issues arising from local law enforcement surveillance. Further Info: Electronic Privacy Information Center (EPIC): https://epic.orgPrivacy in the Modern Age: The Search for Solutions: https://www.amazon.com/Privacy-Modern-Age-Search-Solutions/dp/1620971070

No doubt sensing the impending US privacy regulations, Google has released a plan to "enhance" user privacy... by finding different ways to track you. Instead of relying on cookies and fingerprinting, Google proposes that we just come out in the open and formalize tracking technologies. While that could give users more transparency and a modicum of control, the bottom line is that Google is really just trying desperately to save its business model (ads based on tracking). While there are actually some good ideas in their proposal, many of the technologies they're putting forward could be even worse for your privacy than the current schemes. Today I'll walk through the EFF's excellent analysis of these propositions and give my own take. Further Info: EFF: Don't Play in Google's Privacy Sandbox: https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1 EFF's Panopticlick tool: https://panopticlick.eff.org/

Today we speak with EFF's Matthew Guariglia about the creepy new partnership between Amazon's Ring Doorbell division and local law enforcement. Recent disclosures reveal that Amazon has partnered with over 400 police agencies to market their product and share surveillance footage. While these footage requests can supposedly be refused by the Ring owners, there appear to be circumstances where Amazon will provide footage without consent. The marketing of Ring has changed from convenience to an automated neighborhood watch program, where the police have been coached in how to drum up interest in the product and to assuage fears over sharing their private footage. Matthew Guariglia is a policy analyst for surveillance and privacy at the Electronic Frontier Foundation. He is also a visiting research scholar at the University of California-Berkeley and holds a PhD in U.S. history. His work focuses on the relationship between race, immigration, policing and government surveillance in the past and present. You can find his writing in the Washington Post, VICE, and the Freedom of information-centered outlet MuckRock. To find his writing you can follow him on Twitter at @mguariglia or visit MatthewGuariglia.com. Further Info EFF's Street Level Surveillance : https://www.eff.org/issues/street-level-surveillance Protecting Civic Spaces: https://privacyinternational.org/long-read/2852/protecting-civic-spaces

Evaluating VPN providers on privacy is really, really hard. Even if you read all their privacy claims, how do you know if they're telling the truth? I've read many reviews on many sites, but the recent review from The Wirecutter is the most comprehensive and helpful review I've ever come across. It focused first and foremost on privacy - something many other reviews fail to do, instead focusing on more readily verifiable aspects like speed, number of servers, and cost. In recent years, some top VPN providers have turned to third party, independent auditors to verify their privacy claims and published the results. This is what allows for a truly privacy-focused review. Many top contenders like ExpressVPN and NordVPN didn't make the cut due to lack of transparency compared to the providers that topped Wirecutter's list. Who won? Listen to today's show to find out. In other news, iPhones have been vulnerable to some nasty website hacks for several years, Facebook finally releases a tool to manage your "off-Facebook" data (though it fails), Kaspersky antivirus products have been marking all their users with a unique, trackable ID, and Kazakhstan tries to implement mass surveillance of its citizens and ends up being foiled (thankfully) by the three major browser makers. Further Info: Choosing a VPN Provider: https://firewallsdontstopdragons.com/choosing-a-vpn-service/

In the second half of my interview with EFF's Aaron Mackey, we'll discuss why our federal agencies are not enforcing the laws already on the books that should be protecting your privacy, the real implications of tracking someone's location, other ways in which we're tracked, and how you - as a consumer and citizen - can best defend yourself and advocate for better enforcement and protections. Aaron Mackey works on free speech, privacy, government surveillance and transparency. Before joining EFF in 2015, Aaron was in Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. He also holds an LLM from Georgetown Law. Prior to law school, Aaron was a journalist at the Arizona Daily Star in Tucson, Arizona. He received his undergraduate degree in journalism and English from the University of Arizona in 2006, where he met his amazing wife, Ashley. They have two young children. Further Info: Donate to EFF: https://supporters.eff.org/donate/Surveillance Self Defense Guide: https://ssd.eff.orgEFF's California lawsuit: https://www.eff.org/cases/geolocation-privacyReport abused location information: geolocation@eff.orgEFF IMSI Catcher white paper: https://www.eff.org/files/2019/07/09/whitepaper_imsicatchers_eff_0.pdf

In January 2019, Motherboard broke a story about how cellular providers were allowing your location information to be sold to several third parties, effectively allowing anyone to buy the real-time location of any cell phone. The Electronic Frontier Foundation has brought a suit against AT&T and others, claiming that this practice broke several state and federal laws. Today in part one of my interview with the EFF's Aaron Mackey, we'll discuss this case and why our location data can expose so much about us. Aaron Mackey works on free speech, privacy, government surveillance and transparency. Before joining EFF in 2015, Aaron was in Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. He also holds an LLM from Georgetown Law. Prior to law school, Aaron was a journalist at the Arizona Daily Star in Tucson, Arizona. He received his undergraduate degree in journalism and English from the University of Arizona in 2006, where he met his amazing wife, Ashley. They have two young children. Further Info: Donate to EFF: https://supporters.eff.org/donate/Surveillance Self Defense Guide: https://ssd.eff.orgEFF's California lawsuit: https://www.eff.org/cases/geolocation-privacyReport abused location information: geolocation@eff.org

Marketing firms love to tell us that we control our privacy - you simply need to opt out of tracking! Like Dorothy, we've had the power all along. Just click your heels three times and uncheck all those pesky tracking options under Settings... somewhere. Which, statistically speaking, no one ever does. It's the Tyranny of the Default. I'll discuss why it's so hard. (Spoiler alert, it's on purpose.) Also in today's show: Apple massively expands its bug bounty program; several "air gapped" US elections systems found on the internet; Instagram pulls a Cambridge Analytica move; watch out for fake Equifax settlement sites; another sex hook-up app exposes its user's private information; and it's time to update your Android devices (if you can). Further Info: Instagram data leak: https://www.businessinsider.com/startup-hyp3r-saving-instagram-users-stories-tracking-locations-2019-8Election Systems exposed online: https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denialsOfficial FTC/Equifax settlement site: https://ftc.gov/equifax or https://www.equifaxbreachsettlement.com/Changing WiFi Router (and other IoT) default passwords: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/The Cop Out that is Opt Out: https://firewallsdontstopdragons.com

In today's show, I'll discuss the Capitol One hack that affected over 100 million card users and applicants. I'll also cover the latest in the backlash against Apple, Google and Amazon over humans listening in on your private digital assistant voice recordings. The Ring doorbell, whose parent company was bought by Amazon, is quickly becoming a darling of local law enforcement agencies due to its ability to share surveillance footage. School districts are being hit with ransomware and being bilked for hundreds of thousands of dollars. And finally, Netflix has created a sobering documentary about the Facebook and Cambridge Analytics scandal, covering not just the 2016 US elections but also Brexit and many other voter influence campaigns around the globe. Further Info: The Great Hack on Netflix: https://www.netflix.com/Title/80117542RSA Conference Blog book review: https://www.rsaconference.com/blogs/bens-book-of-the-month-review-of-firewalls-dont-stop-dragons-a-step-by-step-guide-to-computer-security-for-non-techiesApress Beginner's Book series: https://www.amazon.com/stores/page/7383A13D-EAFC-426B-A944-5B6C1B6886E9

Two years after the massive Equifax breach, the Federal Trade Commission (FTC) has reached a tentative settlement that will purportedly provide some restitution to the 148 million Americans who whose data was leaked. Unfortunately, there are lots of little devils in the details - not to mention the this settlement has yet to be approved. However, you can (and probably should) go ahead and submit your claim. I'll give you all the details and tell you how do it. In other news, Firefox is coming out with a premium, for-pay version of its privacy-centric web browser, the Pentagon has revealed technology that will allow them to identify people surreptitiously from up to 200 meters away, some of your Apple's Siri recordings are being listened to by real humans, I'll give my take on the FaceApp scandal, and finally, if you have a Logitech wireless keyboard or mouse, you're going to watch to update the software to patch a nasty bug. Further Info: Logitech Wireless Keyboard/Mouse security update: https://support.logi.com/hc/en-001/community/posts/360032078393-Logitech-Response-to-Research-FindingsEquifax settlement claim site: https://www.equifaxbreachsettlement.com/Free (official) annual credits reports: https://www.annualcreditreport.com/index.action