Ars Technica

Lack of Twitter geotags can’t stop researchers from getting location

Three researchers from IBM have developed an algorithm that can predict a Twitter user's location without needing so much as a single geotag from them.

According to the Arxiv paper on the subject, the location prediction comes largely from assessing the similarity of the content of a user's tweets to other users' tweets who do use geotags, which turns out to be a decent predictor.

The authors of the paper created their algorithm by analyzing the content of tweets that did have geotags and then searching for similarities in content in tweets without geotags to assess where they might have originated from. Of a body of 1.5 million tweets, 90 percent were used to train the algorithm, and 10 percent were used to test it. Using this system, the researchers could predict a user's city with 58 percent accuracy -- far from deadly aim, but statistically significant nonetheless. Larger regions could be predicted with increasing levels of accuracy, with 66 percent on a state level and 73 percent on a time zone level.

How the NSA turns back the clock on phone taps without choking on data

National Security Agency documents released by The Washington Post gave a glimpse of an NSA program that allows the agency to capture the voice content of virtually every phone call in an unnamed country and perform searches against the stored calls’ metadata to find and listen to conversations for up to a month after they happened.

Just as the NSA and GCHQ have used Xkeyscore to make it possible to search through torrents of Internet traffic captured by its Turmoil monitoring systems scattered around the world, a system called Retrospective (or Retro) allows analysts to search through phone calls that are up to 30 days old based on call metadata.

Originally developed for the NSA’s Mystic international telephone monitoring effort as a “one-off” capability, Retro may now be used in a number of other countries, scooping up calls that undoubtedly include ones that have nothing to do with the NSA’s foreign intelligence goals.

Of course, whether that capture can be considered monitoring comes down to semantics. In the NSA’s reasoning, it’s not “surveillance” until a human listens in. And since most of the calls accessible by Retrospective are flushed from its “cache” after a month without being queried, the NSA could argue that the calls have never been surveilled.

Snowden: Big revelations to come, reporting them is not a crime

Edward Snowden made a surprise appearance on the TED stage in Vancouver -- and urged online businesses to encrypt their websites immediately.

"The biggest thing that an Internet company in America can do today, right now, without consulting lawyers, to protect users of the Internet around the world, is to enable Web encryption on every page you visit," he said. "If you look at a copy of 1984 on Amazon, the NSA can see a record of that, the Russians, the French can -- the world's library is unencrypted. This is something we need to change, not just for Amazon -- all companies need to move to an encrypted browsing habit by default."

Snowden said the leaks from his document cache would continue. "There are absolutely more revelations to come," he said. "Some of the most important [publishing] to be done is yet to come." He said he struggled to find a way to leak the intelligence documents in as responsible a way as he could.

He said the NSA's PRISM program allowed the US government to "deputize corporate America to do its dirty work for the National Security Agency. Another NSA program, Boundless Informant, was hidden from Congress, he said. "What Boundless Informant tells us is more communications are being intercepted in America by Americans than in Russia by Russians." "The NSA has violated their own rules thousands of times in a single year -- in one event they intercepted all the calls in Washington DC by accident." Not only were there 2,776 abuses in 2011-12, he said, but the chairman of the US Senate Intelligence Committee had no idea that the rules were being broken thousands of times every year.

WhatsApp’s idealism and Facebook realism: A study in contrast

[Commentary] WhatsApp founder Jan Koum asserted that Facebook's acquisition of his company does not mean that WhatsApp's internal values will change.

Koum called speculation that WhatsApp will turn traitor to its users' data not just "baseless and unfounded" but "irresponsible," countering the concerns of privacy advocates.

Since Facebook laid out its $19-billion plan to acquire WhatsApp, both users and expert onlookers have derided the partnership as an opportunity for Facebook to make a massive data-grab to correlate with its own user information troves. Per WhatsApp's privacy policy, the company stores virtually no customer information, not even phone numbers -- messages are associated with a phone number "dynamically" on each device, according to Koum. WhatsApp's statements are not only strong, but highly unusual.

While ownership has transferred, Koum now has a seat on Facebook's board of directors, so he is still positioned to protect the app. It's refreshing to see an app founder not only stick to his guns, regardless of what those guns are, but also stand up for pro-consumer privacy policies.

But there are some side concerns about WhatsApp's commitments, too, in light of the number of security flaws the app has displayed, including vulnerabilities that expose message histories locally and allow sent communications to be easily decrypted. While the app ideologically protects its users, it seems to have some trouble putting its ideas into practice.

Level 3 blames Internet slowdowns on ISPs’ refusal to upgrade networks

Recent public battles over how network interconnections affect the quality of streaming video have almost all involved one company: Cogent Communications. Cogent CEO Dave Schaeffer has claimed that his company is simply the only one willing to put up a public fight.

But even though Cogent makes the most noise, it's not the only Internet bandwidth provider battling consumer Internet service providers like Comcast, Verizon, and AT&T. Level 3, another company that has fought consumer ISPs in previous years, has mostly remained quiet lately.

But now, Level 3 decided to voice its displeasure in a blog post by general counsel for regulatory policy Michael Mooney. Additionally, Level 3 recently asked the Federal Communications Commission to regulate the network interconnections known as peering in a possible revision of network neutrality rules.

Judge rebukes Feds for overbroad search warrant applications for e-mail

In a rare public rebuke of American prosecutors’ request on accessing a person’s e-mail, a federal magistrate judge in the District of Columbia has denied a government warrant request to search an unnamed user’s e-mail address, citing the request as being over broad.

According to the March 7, 2014 court opinion and order, the case involves alleged corruption and conspiracy by a defense contractor, and “for purposes of this opinion, the details of the investigation -- which remain under seal on the Court’s docket -- are irrelevant.” Citing a key 2010 appellate ruling establishing a warrant requirement (at least in one United States federal judicial district), Judge John Facciola observed, “[T]he government continues to submit overly broad warrants and makes no effort to balance the law enforcement interests against the obvious expectation of privacy e-mail account holders have in their communications.”

As a magistrate, Judge Facciola has the power to grant search and arrest warrants -- and he has done so numerous times in his nearly 17 years on the bench. Legal scholars note that this case is the latest example of increasing judicial scrutiny in recent years against the government’s overreach in its attempt to gather digital data in criminal investigations.

“I think it reflects a growing recognition that we can't treat e-mail as a separate, less-protected form of communication, either as a matter of law or as a matter of practice,” Brian Pascal, a research fellow with the University of California, Hastings Law School, told Ars. “It's just how we talk these days.”

EU votes in favor of universal mobile charger

A common charger for mobile phones sold in the European Union should be developed in order to reduce waste and hassle for consumers, according to members of the European Parliament voting on an update to radio equipment laws.

The draft Radio Equipment Directive outlines a range of harmonized rules for bringing "radio equipment," which includes mobile phones and modems, on the market. The rules aim to make sure that the increasing range of devices don't interfere with each other and respect health and safety requirements. Part of the directive focused on reducing waste.

MEPs called for a renewed effort to develop a common charger for certain categories of radio equipment -- particularly mobile phones. They amended the draft law to stipulate that the ability to work with common chargers will be an essential requirement for radio equipment. It will be up to the European Commission to decide which specific types of radio equipment will have to meet the requirement. Rapporteur Barbara Weiler said that the directive is "an efficient tool to prevent interference between different ratio equipment devices."

Google and Microsoft are out to stop dual-boot Windows/Android devices

According to a report from the Wall Street Journal, Microsoft and Google are both out to stifle any device that doesn't have a firm allegiance to either Android or Windows.

The report says that both companies have told Asus to end its dual-OS product lines and that Asus is complying. The WSJ says Asus' newest dual-boot product, the Transformer Book Duet TD300, which we wrote about during CES 2014, will never see the light of day. Asus' all-in-one PCs, the Transformer AiO P1801 and P1802, will be pulled from the market.

The report seems to indicate that Microsoft is unhappy that Android would be packaged with both Windows 8 and Windows Phone, which is interesting given that Microsoft has an upcoming Windows Phone update that supports on-screen buttons, which would mean Android hardware could be reused for Windows Phone. Apparently switching operating systems in the factory is OK, but allowing consumers to do so at will is a step too far.

In two key cases, activists now ask judge to order NSA metadata preservation

In a new federal court filing, the Electronic Frontier Foundation has asked for a preservation order similar to one that it already received years ago in one National Security Agency-related case (Jewel v. NSA) to be extended to a second case (First Unitarian Church of Los Angeles et al v. NSA) that the group filed after former National Security Agency contractor Edward Snowden began leaking NSA documents.

Such an order compels the government to retain everything it collected even after the standard five-year deletion period, so that the plaintiffs can pursue civil discovery and if necessary, prove that their calls were among those swept up.

In the filing to Judge Jeffrey White, the EFF also said that it wants the United States government to “disclose the steps it has taken to preserve evidence and to disclose whether it has destroyed telephone records, Internet metadata records, Internet or telephone content data, or any other evidence potentially relevant to these lawsuits.”

NSA says “indiscriminate” Facebook hacking allegations “are simply false”

Days after new documents provided by Edward Snowden showed that the National Security Agency was deploying malware allowing it to pose as Facebook and other sites in order to intercept data, the NSA is now denying this characterization and insisting that what it does is legal.

With Turbine, no humans are required to exploit phones, PCs, routers, VPNs. “NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities,” says the document, which was published on the NSA’s Twitter account. (Yes, the NSA has a Twitter account.)

"Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed. NSA's authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible. NSA does not use its technical capabilities to impersonate US company websites. Nor does NSA target any user of global Internet services without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false.”