Craig Timberg

The Federal Communications Commission has established a task force to study reported misuse of surveillance technology that can intercept cellular signals to locate people, monitor their calls and send malicious software to their phones.

The powerful technology -- called an IMSI catcher, though also referred to by the trade name “Stingray” -- is produced by several major surveillance companies and widely used by police and intelligence services around the world.

The FCC, in response to questions from Rep Alan Grayson (D-FL), plans to study the extent to which criminal gangs and foreign intelligence services are using the devices against Americans.

Android phones, some Blackberries and phones running older Microsoft operating systems all are vulnerable to Gamma’s spyware, called FinSpy, which can turn your smart phone into a potent surveillance device.

For FinSpy to hack into an iPhone, its owner must have already stripped away much of its built-in security through a process called “jailbreaking.” No jailbreak, no FinSpy on your iPhone, at least according to a leaked Gamma document dated April 2014.

This is good news for people with iPhones, and perhaps for Apple as well. But at a time of rising concern about government surveillance powers, it’s ironic that a different mobile operating system – Google’s Android – has emerged as the global standard, with a dominant share of the world market.

The result is what might be called a growing “Surveillance Gap.” The consequences can be serious if a government anywhere in the world decides to target you with FinSpy, or if a police officer or border patrol agent attempts to browse through your smartphone -- or worse still, copy its entire contents for later examination.

The Iraqi government moved to block access to Facebook, Twitter and YouTube in a bid to disrupt the social media tools deployed by insurgents as they have swept through the country in a bold drive toward Baghdad.

But the initiative ran into a hard reality of warfare in the 21st century: Losing physical ground means losing control of cyberspace as well. Companies that monitor Internet traffic reported significant declines in access to social media services in Baghdad and the immediate vicinity as providers complied with censorship orders from the Ministry of Communication.

Internet monitoring services detected several hours of outages in Iraq. In Iraq, overall Internet traffic was running at about one-third of its usual levels, according to Akamai, a network that delivers Internet content from servers across much of the world.

In addition to affecting Facebook, Twitter and YouTube, the outages also curbed access to WhatsApp and Viber, both of which provide instant messages through cellphones, said Collin Anderson, a researcher affiliated with the University of Pennsylvania’s Annenberg School for Communication, who tested access within Iraq to thousands of top Web sites. “Anything that’s a social media site . . . that’s what they’re going after,” Anderson said.

As the political push to curb digital spying remains mired in debate, those who produce the technological wonders of our age are fixing on a more direct response: If you can’t legislate privacy, build it in.

It is against this backdrop that many in the technological community are applauding the decision by Apple to tweak how the iPhone searches for wi-fi connections. Through a relatively simple software update, the company plans to undermine a widely deployed system that stores such as Nordstrom have used to track the movements of customers to analyze shopping habits.

Sen Al Franken (D-MN), who has proposed legislation banning such tracking except when customers explicitly choose to participate, said, “Companies are tracking your movements when you go shopping without your knowledge -- and often when you don’t even enter a store. Apple’s decision to protect their users against this form of tracking is a smart and powerful move for privacy.”

Data brokers that quietly gather billions of pieces of data on Americans should be required to operate more openly, so that those categorized as “financially challenged” or possibly suffering from serious medical conditions have the ability to check and challenge those characterizations, a federal report said.

The data broker industry, which is lightly regulated, develops profiles of hundreds of millions of people using online and offline sources, such as magazine subscriptions, visits to Web sites, posting on social networking services and purchase histories, the Federal Trade Commission reported. The information sold to marketers can include race, income and homeownership. Categories used to label consumers include “Bible Lifestyle,” “Smoker in Household” and “New Age/Organic Lifestyle,” the report said. One category, called “Rural Everlasting,” describes people of retirement age who have “low educational attainment and low net worths.”

FTC officials, who based their report on documents gathered by issuing subpoenas to nine data brokers in December 2012, expressed concern about how the data is collected, how it’s used and the potential for making errors that are kept secret from the consumers themselves. “The extent of consumer profiling today means that data brokers often know as much -- or even more -- about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more,” said FTC Chairwoman Edith Ramirez. “It’s time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist.”

The report included several legislative proposals intended to help Americans learn what information has been gathered about them and to correct errors. Consumers, under the FTC proposals, also would have the option to opt-out of data gathering about themselves. Such information is widely used by digital advertisers to improve the targeting of their marketing messages.

Data Brokers: A Call for Transparency and Accountability

Judges at the lowest levels of the federal judiciary are balking at sweeping requests by law enforcement officials for cellphone and other sensitive personal data, declaring the demands overly broad and at odds with basic constitutional rights.

This rising assertiveness by magistrate judges -- the worker bees of the federal court system -- has produced rulings that elate civil libertarians and frustrate investigators, forcing them to meet or challenge tighter rules for collecting electronic evidence.

Among the most aggressive opinions have come from DC Magistrate Judge John Facciola, a bow-tied court veteran who in recent months has blocked wide-ranging access to the Facebook page of Navy Yard shooter Aaron Alexis and the iPhone of the Georgetown University student accused of making ricin in his dorm room.

In another case, he deemed a law enforcement request for the entire contents of an e-mail account “repugnant” to the US Constitution.

For these and other cases, Judge Facciola has demanded more focused searches and insisted that authorities delete collected data that prove unrelated to a current investigation rather than keep them on file for unspecified future use. He also has taken the unusual step, for a magistrate judge, of issuing a series of formal, written opinions that detail his concerns, even about previously secret government investigations.

A major flaw in widely used encryption software has highlighted one of the enduring -- and terrifying -- realities of the Internet: It is inherently chaotic, built by multitudes and continuously tweaked, with nobody in charge of it all.

The Heartbleed bug was a product of the online world’s makeshift nature. While users see the logos of big, multibillion-dollar companies when they shop, bank and communicate over the Internet, nearly all of those companies rely on free software -- often built and maintained by volunteers -- to help make those services secure.

Heartbleed, security experts say, was lodged in a section of code that had been approved two years ago by a developer that helps maintain OpenSSL, a piece of free software created in the mid-1990s and still used by companies and government agencies almost everywhere. While the extent of the damage caused by the bug may never be known, the possibilities for data theft are enormous.

At the very least, many companies and government agencies will have to replace their encryption keys, and millions of users will have to create new passwords on sites where they are accustomed to seeing the small lock icon that symbolizes online encryption.

The old-fashioned newspaper, long maligned for its stodginess and sagging profits, has one advantage over high-tech alternatives: You read it. It never reads you.

The digital sources that increasingly dominate our news consumption, by contrast, transmit information across the fundamentally public sphere of the Internet, leaving trails visible to anyone with the right monitoring tools -- be it your employer, your Internet provider, your government or even the scruffy hacker sitting next to you at the coffee shop, sharing the Wi-Fi signal.

A pay scale that doesn’t reward star employees makes hiring the best tech talent impossible. This is why privacy advocates have begun pushing news organizations, including The Washington Post, the New York Times and the Guardian, to encrypt their Web sites, as many technology companies increasingly do for e-mails, video chats and search queries. The growing use of encryption -- signaled by the little lock icon in your browser’s address box -- has emerged as perhaps the most concrete response to Edward Snowden’s revelations about the ability of the National Security Agency to collect almost anything that exists in digital form, including the locations, communications and online activities of people worldwide.

Encrypting something as complex as a news site is enormously difficult, according to technical experts within the industry. Several major news organizations offered encryption for some elements of their sites in recent years but largely stopped when problems arose in displaying content quickly and cleanly to readers, said Peter Eckersley, technology projects director for the Electronic Frontier Foundation, which tracks the use of the technology. In an era when news zings across the globe at the speed of light, making encryption work properly across an entire site is a challenge worth undertaking, advocates say. “No one has done it for real,” Eckersley said.

China’s Great Firewall, as the world’s most sophisticated Internet censorship system is known, is facing a new challenge as Google begins to automatically encrypt searches there as part of its global expansion of privacy technology.

Google and other technology companies responded to documents leaked by former National Security Agency contractor Edward Snowden with major new investments in encryption worldwide, complicating relations between the companies and governments long accustomed to having the ability to quietly monitor the Web. Googling the words “Dalai Lama” or “Tiananmen Square” from China long has produced the computer equivalent of a blank stare, as that nation’s government has blocked Web sites that it deemed politically sensitive.

But censors spying on Google’s search queries in China increasingly are seeing only gibberish, undermining the government’s ability to screen them. China -- and other nations, such as Saudi Arabia and Vietnam, that censor the Internet on a national level -- will still have the option of blocking Google search services altogether. But routine, granular filtering of content will become more difficult, experts say. It also will become more difficult for authorities to monitor search queries for signs that an individual Internet user may be a government opponent, experts say.