privacy

Microsoft makes changes to geolocation service

Windows Phone News

By Rich Edmonds, Monday, Aug 1, 2011 at 9:55 pm

Microsoft has recently made changes to its geographic location service, which we reported on not so long ago as having a lack of safeguards and a privacy flaw. Elie Bursztein, a researcher at Stanford University, created a web page that allowed visitors to search the database at Live.com for locations using device MAC addresses.

Reid Kuhn, a Partner Group Program Manager on the Windows Phone engineering team, made the announcement today over at Technet and stated that while it was not possible to track a roaming mobile phone or laptop using its MAC address, they aware of the fine line Microsoft was treading on with regards to privacy issues surrounding geolocation.

"Microsoft's privacy and security team has been in contact with Elie and we will continue the ongoing dialog with experts in the privacy field to improve our service offerings. We thank Elie and his team for working with us on this issue."

Kudos to Microsoft in taking measures to address the issue head on.

Source: Microsoft, via: WinRumors

Microsoft's privacy and security team has been in contact with Elie and we will continue the ongoing dialog with experts in the privacy field to improve our service offerings. We thank Elie and his team for working with us on this issue.

EU ready to fight Microsoft on access to cloud data

Windows Phone News

By Seth Brodeur, Wednesday, Jul 6, 2011 at 4:04 pm

European Parliament members are up in arms after a recent admission by Microsoft that they may be required by the Patriot Act to secretly give U.S. authorities access to European data stored in Microsoft's cloud. The controversy stems from the EU's Data Protection Directive, which dictates that companies must notify users if/when their data is handed over to another party. If Microsoft is forced to follow Patriot Act guidelines, then that would mean the U.S. law would trump European law. Some parliamentarians have taken up the cause to prevent that from happening.

Sophia In't Veld, a member of the Parliament's civil liberties committee, urged her colleagues to consider the matter:

"Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?"

Currently, the Safe Harbor act, which allows companies like Microsoft to transfer data from European storage facilities guarantees users reasonable security and enforcement. However, if the Patriot Act is allowed supersede that, then it renders that guarantee useless. Theo Bosboom, IT lawyer with Dirkzager Lawyers, had this to say:

"I'm afraid that Safe Harbor has very little value anymore, since it came out that it might be possible that U.S. companies that offer to keep data in a European cloud are still obliged to allow the U.S. government access to these data on basis of the Patriot Act..."

The struggle for data protection extends beyond the issue of sovereignty of state. Should the matter remain as is, it opens the floodgates for other companies' data to be secretly put in the hands of U.S. officials. Google, Facebook, Twitter, etc. could all be affected. European Parliament members have taken up the cause for their constituents, but until it is fully resolved, Bosboom says that, "Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution, offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally."

Source: PCWorld

Safe! Police need a search warrant for your phone

Windows Phone News

By Phil Nickinson, Sunday, Dec 27, 2009 at 7:13 pm

If there is one thing Windows phone users know, it's that their little device can hold a whole lot of information. Whether it's e-mail, personal finances, PIN codes, documents, or naked drunk pictures of yourself at that office holiday party, these mini computers can contain a vast resource of information about our personal lives (and those around you).

While a lot of security issues on smartphones revolves around potential thievery, e.g. remote wiping or spyware, one area up till now has been gray: Do the police have a right to search your phone, even when arrested?

At least according to a recent Ohio Supreme Court ruling, no the police cannot search your phone. Like other areas such as car and home searches, police are required to get a search warrant first. To quote the NY Times:

The Ohio Supreme Court ruled this month, by a 4-to-3 vote, that the search violated the Fourth Amendment’s protection against unreasonable search and seizure. Rather than seeing a cellphone as a simple closed container, the majority noted that modern cellphones — especially ones that permit Internet access — are “capable of storing a wealth of digitized information.”

Expanding upon that notion, there is no need to distinguish between "smartphones" and "dumbphones" either as all phones will be covered, ruling out potential areas of dispute in court.

Of course the flip-side is law enforcement will argue that this will make their job harder, something to which we sympathize. Regardless, we are quite pleased with this decision. (Counter argument: we're trying to think of situations where remote-wiping could be nefariously employed here once the phone is in possession, but not searched yet by the police. Hmmm...)

Either way, would you trust that guy (above) with your tricked out, custom Touch Pro 2 with stealth-tethering hack? Heck, no ...

What are you thoughts? Sound off in comments...

[via NY Times]

iPhone gets a taste of spyware

Windows Phone News

By Phil Nickinson, Monday, Dec 7, 2009 at 10:12 pm

Just a few months ago we reported on a pretty ingenious and frightening program called PhoneCreeper that could seriously compromise security on your WinMo phone. Of course people went into a tither of it and rightly so, even though this was more proof-of-concept.

Now the iPhone is getting a taste of the future with SpyPhone. SpyPhone can steal all sorts of things, including "... geolocation data, passwords, address book entries and email accounts information, images, Safari Browsing history, youtube, keyboard logger, etc.".

Now the truly frightening part: it works on Jailbroken and "virgin" phones alike. It just uses the public API offered by Apple to use it's own features as exploits. Acting like a trojan, the app will steal and send out your data.

So much for the "jailbroken = security threat" meme.

This is just another volley it what is sure to be an ongoing problem with the mobile internet age, though for once Microsoft might not be the number one security target. Point is, we know this can already be done on Windows Mobile so folks will need to keep their ears perked.

[via Taranfx]

Can customs seize your Windows Mobile device?

By chris#wp, Saturday, Jan 3, 2009 at 3:28 am

A bit of hoopla was raised last week over border search policies disclosed by the U.S. Department of Homeland Security. In almost every news story, the word "laptop" was used in the headline. And this is true. Your laptop can be seized and its information inspected for an unspecified amount of time, no suspicion necessary.

If you're visiting WM Experts, you're probably a fine, upstanding member of society, and a model patriot and benefit to the American way of life, blah blah blah.

But the next logical question is, "Can they take my Windows Mobile device?" Check in after the jump for the answer, and for some tips that could save you some time and embarrassment. (Though if you're looking for a way to completely sneak one past the government and cause some shenanigans, you're at the wrong place.)

Welcome back. So can The Man snag your phone and look at your data?

The answer is: Absolutely. Along with just about anything (electronic or otherwise) you have on your person.

From the Policy Regarding Border Search of Information (pdf link), dated July 16, 2008 (bold section emphasized by us):

CBP [Customs and Border Protection] is responsible for ensuring compliance with customs, immigration, and other Federal laws at the border. To that end, officers may examine documents, books, pamphlets, and other printed material, as well as computers, disks, hard drives, and other electronic or digital storage devices. These examinations are part of CBP's long-standing practice and are essential to uncovering vital law enforcement information. For example, examinations of documents and electronic devices are a crucial tool for detecting information concerning terrorism, narcotics smuggling, and other national security matters; alien admissibility; contraband including child pornography, monetary instruments, and information in violation of copyright or trademark laws; and evidence of embargo violations or other import or export control laws.

The policy isn't new, and it applies to anyone entering the United States, citizen or not.

Handling the information

So customs can snag your device, copy your data or inspect it on site, and there's not a whole lot you can do to stop them from doing so. If they find probable cause that you're up to no good, they may "seize and retain the originals and/or copies of relevant documents or devices, as authorized by law."

And your data can be copied and shared with just about any other governmental agency.

Copies of documents or devices, or portions thereof, which are retained in accordance with this section, may be shared by CBP with Federal, state, local, and foreign law enforcement agencies only to the extent consistent with applicable law and policy.

Absent probable cause, they can only keep information regarding immigration matters.

Other provisions

Windows Mobile is primarily still a business device, and businesspeople tend to travel with sensitive information.

There are provisions for "business information," though it doesn't say much more than "We'll do what we can to keep your stuff from falling into the wrong hands." And it adds that "Depending on the nature of the information presented, the Trade Secrets Act, the Privacy Act, and other laws may govern or restrict the handling of the information."

But we don't recommend claiming that the photos you took of the, er, entertainment, on your - cough, cough - "business trip" to Tijuana are proprietary information.

Attorney-client privilege is also addressed. While claiming such can't keep them from being searched, it should bring an extra level of oversight in the handling of your data.

Correspondence, court documents, and other legal documents may be covered by attorney-client privilege. If an officer suspects that the content of such a document may constitute evidence of a crime or otherwise pertain to a determination within the jurisdiction of CBP, the officer must seek advice from the Associate/Assistant Chief Counsel or the appropriate U.S. Attorney's office before conducting a search of the document.

What can you do?

The easiest answer is, leave your laptop or WinMo device at home. But that's not much of an answer, is it?

Here are a couple of simple solutions.

1. The cloud: We love the cloud. We talk about the cloud all the time. Store your data in the ether, and you don't have to worry about someone snagging it off your device. (Who has access to it way up the sky is a whole 'nother matter, but that's for another day.)

2. The ninja-stealth move: We'll keep saying it until we're blue in the face. Backup software is your friend, and SPB Backup 2.0 is perfect for this one.

It's as simple as doing a full - and encrypted - backup of your device, and saving that backup to a storage card (which you should already be doing) or, better yet, somewhere in the cloud (though the 20-meg or so file sizes could be a problem there).

Then, before heading back across the border, do a hard reset and wipe your device. When you get back home, restore from the backup, and you're right where you left off. No muss, no fuss.

The caveat

This isn't a foolproof way to keep your data completely out of the hands of, well, anyone but you, nor is it meant to be. If Jack Bauer wants to make sure you're not using your phone to make his next 24 hours a living hell, he's going to do so. (And, yes, we're well aware that it takes more than a simple reformatting to make data irretrievable.) This is just the equivalent of keeping a screener from riffling through your underwear in your suitcase, looking for a shotgun.

That said, there isn't a whole lot of legal precedent for this sort of thing yet, so there likely will be some bumps in the road.

Look, we certainly don't endorse transporting anything illegal over U.S. (or anyone else's) borders. And we're all for catching terrorists before they strike. So please don't view this as a way to circumvent policies and procedures meant to safeguard all of us.

But your data, your privacy and your Fourth Amendment rights are priceless, too.