U.S. Accuses Harvard Scientist of Concealing Chinese Funding; The New York Times, January 28, 2020

Ellen Barry, The New York Times; U.S. Accuses Harvard Scientist of Concealing Chinese Funding


“Charles M. Lieber, the chair of Harvard’s department of chemistry and chemical biology, was charged on Tuesday with making false statements about money he had received from a Chinese government-run program, part of a broad-ranging F.B.I. effort to root out theft of biomedical research from American laboratories.
 
Dr. Lieber, a leader in the field of nanoscale electronics, was one of three Boston-area scientists accused on Tuesday of working on behalf of China. His case involves work with the Thousand Talents Program, a state-run program that seeks to draw talent educated in other countries.

American officials are investigating hundreds of cases of suspected theft of intellectual property by visiting scientists, nearly all of them Chinese nationals or of Chinese descent. Some are accused of obtaining patents in China based on work that is funded by the United States government, and others of setting up laboratories in China that secretly duplicated American research.”

FBI violated Americans’ privacy by abusing access to NSA surveillance data, court rules; October 8, 2019

Nick Statt, The Verge; FBI violated Americans’ privacy by abusing access to NSA surveillance data, court rules

"The Federal Bureau of Investigation made tens of thousands of unauthorized searches related to US citizens between 2017 and 2018, a court ruled. The agency violated both the law that authorized the surveillance program they used and the Fourth Amendment of the US Constitution.

The ruling was made in October 2018 by the Foreign Intelligence Surveillance Court (FISC), a secret government court responsible for reviewing and authorizing searches of foreign individuals inside and outside the US. It was just made public today."

The walls are closing in on Trump, says “Enemies: The President, Justice & the FBI” author Weiner; Salon, November 18, 2018

Melanie McFarland, Salon; The walls are closing in on Trump, says “Enemies: The President, Justice & the FBI” author Weiner


[Kip Currier: Good advice from author Tim Weiner in the Q & A exchange below, for anyone writing and creating:]

"You know, I've been a reporter on deadline most of my life. You gotta press the button. You gotta hit 'send.’"

[Salon's Melanie McFarland] "Why does the series end at the Comey firing and his testimony? I'm imagining that a number of people who view it may have questions as to why it halted there, given everything that's happened since.

[Tim Weiner] It's the fact of Mueller and Comey, the two men who ran the FBI from the fall of 2001 to the spring of 2017 — 15 and a half years — who are now, by turns, special counsel and star witness.

It’s reminding people about how they teamed up to stop President Bush's assault on the Constitution, and trying to drive home that when Trump fired Comey, the counter-intelligence investigation into the Russian attack on the 2016 election became a criminal investigation, led to the appointment of Mueller and lead to a charge for Mueller that he could investigate anything. He was not delimited to the question of Russia.

You can bet your bottom dollar that there is going to be a sequel. And we talked, the directors, producers and Alex and I, we talked more than once about, you know, when we get to that Sunday in November, what Mueller brings the hammer down on that Friday? The grand jury meets on Fridays.
And you know, we decided we'd just saddle up and start again.

You know, I've been a reporter on deadline most of my life. You gotta press the button. You gotta hit 'send.’

A book needs a back cover. So we've got to decide what is the strongest structure that we can present."

Judge balks at FBI’s 17-year timeline for FOIA request; Politico, July 29, 2017

Josh Gerstein, Politico; Judge balks at FBI’s 17-year timeline for FOIA request

"U.S. District Judge Gladys Kessler bluntly rejected the Federal Bureau of Investigation’s proposal that documentary filmmaker Nina Seavey wait until the year 2034 to get all the law enforcement agency’s records for a request pertaining [sic] surveillance of anti-war and civil rights activists in the 1960s and 1970s."

FBI Public Service Announcement: CONSUMER NOTICE: INTERNET-CONNECTED TOYS COULD PRESENT PRIVACY AND CONTACT CONCERNS FOR CHILDREN, July 17, 2017

July 17, 2017

Alert Number

I-071717-PSA

Questions regarding this PSA should be directed to your local FBI Field Office.
Local Field Office Locations: www.fbi.gov/contact-us/field

CONSUMER NOTICE: INTERNET-CONNECTED TOYS COULD PRESENT PRIVACY AND CONTACT CONCERNS FOR CHILDREN

The FBI encourages consumers to consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes or trusted environments. Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions. These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options. These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.

WHY DOES THIS MATTER TO MY FAMILY?

The features and functions of different toys vary widely. In some cases, toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment. The collection of a child’s personal information combined with a toy’s ability to connect to the Internet or other devices raises concerns for privacy and physical safety. Personal information (e.g., name, date of birth, pictures, address) is typically provided when creating user accounts. In addition, companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs. The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.
Consumers should examine toy company user agreement disclosures and privacy practices, and should know where their family’s personal data is sent and stored, including if it’s sent to third-party services. Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use. Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports.

WHAT MAKES INTERNET-CONNECTED TOYS VULNERABLE?

Data collected from interactions or conversations between children and toys are typically sent and stored by the manufacturer or developer via server or cloud service. In some cases, it is also collected by third-party companies who manage the voice recognition software used in the toys. Voice recordings, toy Web application (parent app) passwords, home addresses, Wi-Fi information, or sensitive personal data could be exposed if the security of the data is not sufficiently protected with the proper use of digital certificates and encryption when it is being transmitted or stored.
Smart toys generally connect to the Internet either:

• Directly, through Wi-Fi to an Internet-connected wireless access point; or
• Indirectly, via Bluetooth to an Android or iOS device that is connected to the Internet.

The cyber security measures used in the toy, the toy’s partner applications, and the Wi-Fi network on which the toy connects directly impacts the overall user security. Communications connections where data is encrypted between the toy, Wi-Fi access points, and Internet servers that store data or interact with the toy are crucial to mitigate the risk of hackers exploiting the toy or possibly eavesdropping on conversations/audio messages. Bluetooth-connected toys that do not have authentication requirements (such as PINs or passwords) when pairing with the mobile devices could pose a risk for unauthorized access to the toy and allow communications with a child user. It could also be possible for unauthorized users to remotely gain access to the toy if the security measures used for these connections are insufficient or the device is compromised.

WHAT CONSUMER LAWS EXIST TO PROTECT MY CHILDREN?

The Children’s Online Privacy Protection Act (COPPA) imposes requirements on Web site and online service operators directed to children under the age of 13 and on operators of other sites and services who knowingly collect personal online information on children under 13 (for further details on COPPA and protecting children online, refer tohttps://www.consumer.ftc.gov/topics/protecting-kids-online). On 21 June 2017, the Federal Trade Commission (FTC) updated its guidance for companies required to comply with COPPA to ensure those companies implement key protections with respect to Internet-connected toys and associated services, to include the use of mobile apps, Internet-enabled location-based services, and voice-over IP services (https://www.ftc.gov/news-events/blogs/business-blog/2017/06/ftc-updates-coppa-compliance-plan-business). In addition, a manufacturer’s failure to implement reasonable security measures for data collected by its Internet-connected toys could subject that company to an FTCenforcement action under Section 5(a) of the FTC Act, which prohibits unfair or deceptive practices in the marketplace. The FBI is encouraging all consumers to research areas and circumstances concerning the toys and Web services where laws may or may not provide coverage.

WHAT SHOULD I DO?

The FBI encourages consumers to consider the following recommendations, at a minimum, prior to using Internet-connected toys.

• Research for any known reported security issues online to include, but not limited to:
• Only connect and use toys in environments with trusted and secured Wi-Fi Internet access
• Research the toy’s Internet and device connection security measures
• Use authentication when pairing the device with Bluetooth (via PIN code or password)
• Use encryption when transmitting data from the toy to the Wi-Fi access point and to the server or cloud
• Research if your toys can receive firmware and/or software updates and security patches
• If they can, ensure your toys are running on the most updated versions and any available patches are implemented
• Research where user data is stored – with the company, third party services, or both – and whether any publicly available reporting exists on their reputation and posture for cyber security
• Carefully read disclosures and privacy policies (from company and any third parties) and consider the following:
• If the company is victimized by a cyber-attack and your data may have been exposed, will the company notify you?
• If vulnerabilities to the toy are discovered, will the company notify you?
• Where is your data being stored?
• Who has access to your data?
• If changes are made to the disclosure and privacy policies, will the company notify you?
• Is the company contact information openly available in case you have questions or concerns?
• Closely monitor children’s activity with the toys (such as conversations and voice recordings) through the toy’s partner parent application, if such features are available
• Ensure the toy is turned off, particularly those with microphones and cameras, when not in use
• Use strong and unique login passwords when creating user accounts (e.g., lower and upper case letters, numbers, and special characters)
• Provide only what is minimally required when inputting information for user accounts (e.g., some services offer additional features if birthdays or information on a child’s preferences are provided)

If you suspect your child’s toy may have been compromised, file a complaint with the Internet Crime Complaint Center, at www.IC3.gov.

FBI to parents: Beware, your kid's smart toy could be a security risk; ZDNet, July 18, 2017

Liam Tung, ZDNet; FBI to parents: Beware, your kid's smart toy could be a security risk

"The FBI has warned parents that internet-connected toys could pose privacy and "contact concerns" for children.

The FBI on Monday released a public service announcement (PSA) warning that smart toy sensors such as microphones, cameras and GPS, raise a concern for the "privacy and physical safety" of children.

"These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed," it warns.

It highlights that toys can collect the child's name, school, preferences and activities when conversing with the toy or talking near it."

The investigation of Jared Kushner fits a very troubling pattern; Washington Post, May 25, 2017

Aaron Blake, Washington Post; The investigation of Jared Kushner fits a very troubling pattern

"Former Obama administration ethics counsel Norman L. Eisen was among those criticizing that move. And here's what Eisen said back in December, when Kushner's potential role in the Trump White House first made news:

The problem with it is it sends a message that if you want to have influence in the administration, do it through the kids. And there’s a tradition. This is not the first time this has happened. I’m just shocked it’s happened in the United States.

It's possible that Kushner's familial relationship with Trump is part of the reason he's been subjected to more scrutiny than any other White House adviser in this probe. And as emphasized above, we have no idea what will come of this.

But if scrutiny of Kushner becomes more intense and there appears to be some validity to it, it will reinforce a central reason why ethics experts say these kinds of arrangements are to be avoided in the first place.

FBI Arrests Hacker Who Hacked No One; Daily Beast, March 31, 2017

Kevin Poulsen, Daily Beast; FBI Arrests Hacker Who Hacked No One

"Now free on bond, Huddleston, 26, is scheduled to appear in a federal courtroom in Alexandria, Virginia on Friday for arraignment on federal charges of conspiracy and aiding and abetting computer intrusions.

Huddleston, though, isn’t a hacker. He’s the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers. NanoCore has been linked to intrusions in at least 10 countries, including an attack on Middle Eastern energy firms in 2015, and a massive phishing campaign last August in which the perpetrators posed as major oil and gas company. As Huddleston sees it, he’s a victim himself—hackers have been pirating his program for years and using it to commit crimes. But to the Justice Department, Huddleston is an accomplice to a spree of felonies.

Depending on whose view prevails, Huddleston could face prison time and lose his home, in a case that raises a novel question: when is a programmer criminally responsible for the actions of his users?"

Taking a bite at the Apple; The Economist, 2/27/16

The Economist; Taking a bite at the Apple:

"“WE FEEL we must speak up in the face of what we see as an overreach by the US government.” With those words Tim Cook, head of Apple, the world’s biggest information-technology (IT) company, explained on February 16th why he felt his firm should refuse to comply with an FBI request to break into an iPhone used by Syed Farook, a dead terrorist. Farook and his wife Tashfeen Malik, who were sympathisers with Islamic State, shot and killed 14 people in California in December, before both were themselves killed by police. The FBI’s request, Mr Cook said, was “chilling”.

Ever since 2013, when Edward Snowden’s leaks pushed privacy and data security into the public eye, America’s IT firms have been locked in battle with their own government. The issue at stake is as old as mass communication: how much power should the authorities have to subvert the means citizens and companies use to keep their private business private?"

The Apple Case Will Grope Its Way Into Your Future; New York Times, 2/24/16

Farhad Manjoo, New York Times; The Apple Case Will Grope Its Way Into Your Future:

"To understand what’s at stake in the battle between Apple and the F.B.I. over cracking open a terrorist’s smartphone, it helps to be able to predict the future of the tech industry.

For that, here’s one bet you’ll never lose money on: Digital technology always grows hungrier for more personal information, and we users nearly always accede to its demands. Today’s smartphones hold a lot of personal data — your correspondence, your photos, your location, your dignity. But tomorrow’s devices, many of which are already around in rudimentary forms, will hold a lot more...

But if Apple is forced to break its own security to get inside a phone that it had promised users was inviolable, the supposed safety of the always-watching future starts to fall apart. If every device can monitor you, and if they can all be tapped by law enforcement officials under court order, can anyone ever have a truly private conversation? Are we building a world in which there’s no longer any room for keeping secrets?

“This case can’t be a one-time deal,” said Neil Richards, a professor at the Washington University School of Law. “This is about the future.”

Mr. Richards is the author of “Intellectual Privacy,” a book that examines the dangers of a society in which technology and law conspire to eliminate the possibility of thinking without fear of surveillance. He argues that intellectual creativity depends on a baseline measure of privacy, and that privacy is being eroded by cameras, microphones and sensors we’re all voluntarily surrounding ourselves with."

Apple's Standoff With FBI Raises Questions About How Americans View Privacy; NPR, 2/18/16

Ari Shapiro, NPR; Apple's Standoff With FBI Raises Questions About How Americans View Privacy:

"NPR's Ari Shapiro talks with Lee Rainie, director of Internet, Science and Technology at Pew Research Center, about the general public's opinion on digital privacy and government surveillance."

A Message to Our Customers; Apple, 2/16/16

Tim Cook, Apple; A Message to Our Customers:

"The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook"

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm; New York times, 10/2/13

Nicole Perlroth and Scott Shane, New York Times; As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm: "On Aug. 8, Mr. Levison closed Lavabit rather than, in his view, betray his promise of secure e-mail to his customers. The move, which he explained in a letter on his Web site, drew fervent support from civil libertarians but was seen by prosecutors as an act of defiance that fell just short of a crime. The full story of what happened to Mr. Levison since May has not previously been told, in part because he was subject to a court’s gag order. But on Wednesday, a federal judge unsealed documents in the case, allowing the tech entrepreneur to speak candidly for the first time about his experiences. He had been summoned to testify to a grand jury in Virginia; forbidden to discuss his case; held in contempt of court and fined $10,000 for handing over his private encryption keys on paper and not in digital form; and, finally, threatened with arrest for saying too much when he shuttered his business. Spokesmen for the Justice Department and the F.B.I. said they had no comment beyond what was in the documents. Mr. Levison’s battle to preserve his customers’ privacy comes at a time when Mr. Snowden’s disclosures have ignited a national debate about the proper limits of surveillance and government intrusion into American Internet companies that promise users that their digital communications are secure."

Online Privacy Issue Is Also in Play in Petraeus Scandal; HuffingtonPost.com, 11/13/12

Scott Shane, HuffingtonPost.com; Online Privacy Issue Is Also in Play in Petraeus Scandal: "The F.B.I. investigation that toppled the director of the C.I.A. and has now entangled the top American commander in Afghanistan underscores a danger that civil libertarians have long warned about: that in policing the Web for crime, espionage and sabotage, government investigators will unavoidably invade the private lives of Americans. On the Internet, and especially in e-mails, text messages, social network postings and online photos, the work lives and personal lives of Americans are inextricably mixed. Private, personal messages are stored for years on computer servers, available to be discovered by investigators who may be looking into completely unrelated matters."