Month: November 2014

A judge in Charlotte, North Carolina, has unsealed a set of 529 court documents in hundreds of criminal cases detailing the use of a stingray, or cell-site simulator, by local police. This move, which took place earlier this week, marks a rare example of a court opening up a vast trove of applications made by police to a judge, who authorized each use of the powerful and potentially invasive device.

According to the Charlotte Observer, the records seem to suggest that judges likely did not fully understand what they were authorizing. Law enforcement agencies nationwide have taken extraordinary steps to preserve stingray secrecy. As recently as this week, prosecutors in a Baltimore robbery case dropped key evidence that stemmed from stingray use rather than fully disclose how the device was used.

The newspaper also reported on Friday that the Mecklenburg County District Attorney’s office, which astonishingly had also never previously seen the applications filed by the Charlotte-Mecklenburg Police Department (CMPD), will now review them and determine which records also need to be shared with defense attorneys. Criminals could potentially file new claims challenging their convictions on the grounds that not all evidence was disclosed to them at the time.

In early 2013, researchers exposed some unsettling risks stemming from Android-based password managers. In a paper titled “Hey, You, Get Off of My Clipboard,” they documented how passwords managed by 21 of the most popular such apps could be accessed by any other app on an Android device, even those with extremely low-level privileges. They suggested several measures to help fix the problem.

Almost two years later, the threat remains viable in at least some, if not all, of the apps originally analyzed. An app recently made available on Google Play, for instance, has no trouble divining the passwords managed by LastPass, one of the leading managers on the market, as well as the lesser-known KeePassDroid. With additional work, it’s likely that the proof-of-concept ClipCaster app would work seamlessly against many other managers, too, said Xiao Bao Clark, the Australia-based programmer who developed it. While ClipCaster does nothing more than display the plaintext of passwords that LastPass and KeePassDroid funnel through Android handsets, a malicious app with only network privileges could send the credentials to an attacker without the user having any idea what was happening.

“Besides the insecurity of it, what annoyed me was that I was never told any of this while I was signing up or setting up the LastPass app,” Clark wrote in an e-mail. “Instead, I got the strong impression from LastPass that everything was very secure, and I needn’t worry about any of it. If they at least told users the security issues using these features brings, then the users themselves could decide on their own trade-off between usability and security. Not mentioning it at all strikes me as disingenuous.”

Six members of the United Kingdom’s National Union of Journalists—including comedian and journalist Mark Thomas—have filed suit against London’s Metropolitan Police after discovering that their daily activities were being monitored and recorded in a police database. The database is gathered by the National Domestic Extremists and Disorder Intelligence Unit, a task force led by the Metropolitan Police Service that tracks political and religious groups in the UK and monitors protests.

In an interview on BBC Radio 4, Thomas said that the surveillance was discovered through information uncovered by a request under the UK’s Data Protection Act—a law similar to the US’ Freedom of Information Act. “The police are gathering information under the domestic extremist list about journalist and NUJ members, “ he said. “And we know this because six of us have applied to the police using the Data Protection Act to get some of the information the police are holding on us on these lists. And what they are doing is monitoring journalists’ activities and putting them under surveillance and creating databases about them.”

Thomas has used the Data Protection Act in the name of both journalism and comedy. In 2001, he launched a contest in which he encouraged people to do creative performances in front of surveillance cameras and then submit the videos to him after obtaining them through Data Protection Act requests.

A computer programmer whose massive public records request threatened Seattle’s plan to put body cameras on its police officers has made peace with the police department.

Today’s Seattle Times reports that Seattle Police Department COO Mike Wagers has invited the man into police headquarters to meet with him and tech staff to discuss how he could receive video regularly. As a condition of the meeting, he has dropped the public records request.

“I’m hoping he can help us with the larger systemic issue—how can we release as much video as possible and redact what we need to redact so we can be transparent?” Wagers told the newspaper. “What do we have to lose? We have nothing to hide. There are no secrets.”

A Virginia-based law enforcement data sharing ring, which allows signatory police agencies to share and analyze seized “telephone intelligence information,” was first proposed by federal prosecutors, according to new documents obtained by Ars. Federal involvement suggests that there could be more such databases in other parts of the country.

“It’s unsurprising to see the feds encouraging local law enforcement agencies to create these localized databases,” Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation, told Ars. “In fact, there’s a whole division within the Department of Justice that focuses on educating and advancing local law enforcement interests, the National Institute of Justice. And so I would imagine there are others.”

As Ars reported last month, according to a memorandum of understanding (MOU) first published by the Center for Investigative Reporting, the police departments from Hampton, Newport News, Norfolk, Chesapeake, and Suffolk all participate in something called the “Hampton Roads Telephone Analysis Sharing Network,” or HRTASN.

As features on chips get smaller, we’re edging closer to where we bump up against basic physics, which dictates that the behavior of wiring will become unpredictable once the number of atoms involved gets small enough. As a result, there’s been some preliminary work done on producing processor components out of single molecules, like carbon nanotubes.

But it’s not just processors we care about. As features of flash memory shrink, we’ll eventually run up against a similar problem: the locations where electrons are stored will be too small to hold sufficient charge for the device to actually work. Fortunately, it looks like molecules may be able to help us out here, as well. Researchers are reporting that they’ve designed a combination of two molecules that can hold electrons for use as flash memory.

This isn’t the first advance in single-molecule flash memory. Last year, researchers reported building a flash device that included layers of graphene and molybdenum disulfide, both of which form molecular sheets a single atom thick. But these devices required several layers of these materials to work, so the charge ended up stored in several stacked sheets of graphene.