Google Begs Court to Reconsider Ruling That Wi-Fi Sniffing Is Wiretapping
WIRED / Threat Level by David Kravets September 25, 2013
Google is asking a federal appeals court to reconsider a recent ruling finding Google potentially liable for wiretapping when it secretly intercepted data on open Wi-Fi routers.
The Mountain View-based company said the September 10 decision by the 9th U.S. Circuit Court of Appeals will create “confusion” (.pdf) about which over-the-air signals are protected by the Wiretap Act, including broadcast television.
The case concerns nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open Wi-Fi networks from its Street View mapping cars. The vehicles, which rolled through neighborhoods around the world, were equipped with Wi-Fi–sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But the cars also gathered snippets of content.
The search giant petitioned the San Francisco-based appeals court to reconsider its decision that allowed the case to proceed at trial — a ruling that upended Google’s defense.
Google claimed it is was legal to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Google said open Wi-Fi networks are “radio communications” like AM/FM radio, citizens’ band and police and fire bands, and are “readily accessible” to the general public and exempt from the Wiretap Act — a position the appeals court rejected.
“This error is exceptionally important. It promises to have a substantial, long-lasting effect on the application of the Wiretap Act in an environment of rapid technological change. If allowed to stand, the panel’s ruling will create confusion about the Wiretap Act’s prohibitions, threaten the development of new radio-based technologies, and raise questions about whether activities that Congress intended to protect may now be deemed unlawful,” Google wrote the appeals court late Monday.
The court has the option of rejecting Google’s petition. Or, it could rehear the case with the same three-judge panel or decide the issue en banc with an 11-judge panel. The 9th Circuit is the nation’s largest appeals court, and covers Arizona, California, Montana, Alaska, Hawaii, Idaho, Oregon, Washington and Nevada.
Google said the decision makes it unclear whether intercepting broadcast television might be deemed wiretapping, as might the interception of “public safety communications” or “any marine or aeronautical communications systems.”
“That makes no sense, will create confusion about what radio-based signals can be lawfully received, and is not what Congress intended,” Google wrote in its petition.
Google was sniffing packets of data on unsecured Wi-Fi networks in about a dozen countries over a three-year period, until German privacy authorities began questioning in 2010 what data Google’s Street View cars were collecting. Google, along with other companies, use databases of Wi-Fi networks and their locations to augment or replace GPS when attempting to figure out the location of a computer or mobile device. Google had claimed the lawsuit was “without merit,” and has abandoned the practice of payload sniffing from open networks.
The flap, meanwhile, has wide-ranging implications for the millions who use open, unencrypted Wi-Fi networks at coffee shops, restaurants or any other businesses that try to attract customers by providing free Wi-Fi.
Hanni Fakhoury, an Electronic Frontier Foundation staff attorney, said the court’s decision had some pluses and minuses. One fallout is that security researchers face the risk of civil penalties or even criminal prosecution for intentionally capturing payload data traveling over open Wi-Fi networks.
On the other hand, the decision also provides a strong argument that the feds and other law enforcement agencies that want to spy on data transmitted over unencrypted Wi-Fi will need to get a wiretap order to do so. We’ve seen the government use a device called a ‘moocherhunter’ without a search warrant to read Wi-Fi signals to figure out who’s connecting to a particular wireless router. This decision suggests that to the extent the government uses a device like this (or even a ‘stingray’ to the extent it can capture Wi-Fi signals) to capture payload data — even if just to determine a person’s location—they’ll need a wiretap order to do so. That’s good news since wiretap orders are harder to get than a search warrant.
Ironically, the Federal Communications Commission last year cleared Google of wrongdoing in connection to it secretly intercepting Americans’ data on unencrypted Wi-Fi routers.
The commission said that, between 2008 and 2010, “Google’s Street View cars collected names, addresses, telephone numbers, URL’s, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States.”
The commission, however, fined Google $25,000 for stonewalling the investigation.
WIRED / Threat Level by Kevin Poulsen September 26, 2013
The NSA has released some details of 12 incidents in which analysts used their access to America’s high-tech surveillance infrastructure to spy on girlfriends, boyfriends, and random people they met in social settings. It’s a fascinating look at what happens when the impulse that drives average netizens to look up long-ago ex-lovers on Facebook is mated with the power to fire up a wiretap with a few keystrokes.
One such analyst working on foreign soil started surveillance on nine phone numbers belonging to women over five years, from 1998 to 2003. He “listened to collected phone conversations,” according to a letter from the NSA’s Inspector General to Senator Charles Grassley released today. The unnamed spy conducted “call chaining” on one of the numbers — to determine who had called, or been called from, the phone — and then started surveillance on two of those numbers as well.
He was thwarted only after a woman he was sleeping with reported her suspicions that the analyst had been listening to her phone calls. The analyst resigned.
In 2011, another civilian NSA employee abroad “tasked” the telephone number of her boyfriend and other foreign nationals. When she was asked about it, she claimed it was her practice to query the phone numbers of people she met socially to make sure she wasn’t talking to “shady characters.” (Because you wouldn’t want that.)
In 2005, a military member used his first day of access to run six e-mail addresses belonging to an ex-girlfriend.
Some of the abuses were referred to the Department of Justice, but none resulted in prosecution. The complete letter to Grassley follows.
Keeping Your Laptop Plugged in All the Time Will Kill Its Battery Faster
WIRED / Gadget Lab by Roberto Baldwin September 28, 2013
Laptops are our indispensable lifeline to the majesty that is the Internet. We use them to work and play from anywhere in the world. But if you’re like most people, you probably keep yours plugged in when you’re at work or home. Stop doing that.
In order to squeeze as much life out of your lithium-polymer battery, once your laptop hits 100 percent, unplug it. In fact, you should unplug it before that.
Cadex Electronics CEO Isidor Buchmann told WIRED that ideally everyone would charge their batteries to 80 percent then let them drain to about 40 percent. This will prolong the life of your battery — in some cases by as much as four times. The reason is that each cell in a lithium-polymer battery is charged to a voltage level. The higher the charge percentage, the higher the voltage level. The more voltage a cell has to store, the more stress it’s put under. That stress leads to fewer discharge cycles. For example, Battery University states that a battery charged to 100 percent will have only 300-500 discharge cycles, while a battery charged to 70 percent will get 1,200-2,000 discharge cycles.
Buchmann would know. His company Cadex sponsers Battery University. The site is the go-to destination for anyone interested in battery technology. And it’s not just constant power that shortens your battery’s life. While batteries degrade naturally, heat also accelerates the degradation. Extreme heat can cause the cells to expand and bubble. Kyle Wiens of iFixit told WIRED: “Too much heat to the battery over time, and the battery isn’t going to last as long.”
You can battle this degradation by keeping the lid open and your laptop out of your actual lap while using it.
While those are simple fixes, Buchmann admits that putting the 40 to 80 percent battery-status workflow into practice is easier said than done. Keeping an eye on your computer’s battery level while trying to work can be a pain. “The ideal would be that the laptop would only charge 80 percent,” Buchmann says, “and if you had to travel, you could push a button before you travel to charge it to 100 percent.”
A search of Windows and OS X apps yielded nothing that would alert a user when a computer reached both an 80 percent charge and a 40 percent discharge. A quick DIY solution is to measure how long it takes to go from 80 percent to 40 percent then set a timer. Do the same thing as it charges from 40 percent to 80 percent. If it saves you money and keeps your battery healthy, it’s worth it.
U.S. Telcos Have Never Challenged NSA Demands for Your Metadata
WIRED / Threat Level by David Kravets September 17, 2013
Since at least 2006 a secret spy court has continuously compelled the nation’s carriers to hand over records of every telephone call made to, from, or within the United States.
But none of the phone companies have ever challenged the orders in court, according to an August 29 opinion (.pdf) by the Foreign Intelligence Surveillance Court, which was declassified today.
“To this date, no holder of records who has received an Order to produce bulk telephony metadata has challenged the legality of such an Order,” reads the ruling. “Indeed, no recipient of any Section 215 Order has challenged the legality of such an Order, despite the explicit statutory mechanism for doing so.”
The FISC orders cited Section 215 of the Patriot Act to require phone companies like Verizon and AT&T to hand over the phone numbers of both parties involved in all calls, the international mobile subscriber identity (IMSI) number for mobile callers, calling card numbers used in the call, and the time and duration of the calls.
To be sure, any challenge to the surveillance program would have been done before the court in secret, and it’s unlikely one would have been successful.
That carriers willfully provided the metadata without blinking a legal eye, however, is cause for alarm, as the telcos appear to be the only ones so far with legal standing to make a challenge to the bulk collection orders. The Electronic Frontier Foundation, American Civil Liberties and others have brought challenges, but the legal fight on whether they have the right to sue remains undecided.
The bulk collection program came to public light in June, when the Guardian published a FISC order on the topic leaked to the media outlet by NSA whistleblower Edward Snowden.
The court declassified (.pdf) an opinion today in the wake of Snowden’s leaks.
“This Court is mindful that this matter comes before it at a time when unprecedented disclosures have been made about this and other highly-sensitive programs designed to obtain foreign intelligence information and carry out counterterrorism investigations. According to NSA Director Gen. Keith Alexander, the disclosures have caused ‘significant and irreversible damage to our nation,’” according to the opinion.
The metadata surveillance became lawful with a 2006 update to the Patriot Act. But it’s been reported that most major carriers were providing the NSA with bulk metadata voluntarily before then in the wake of the 2001 terror attacks.
So the Electronic Frontier Foundation sued the nation’s carriers. After a San Francisco federal judge refused to toss the lawsuit, Congress in 2008 passed legislation immunizing the telcos from ever being sued for forwarding customer data to the NSA.
“It’s disappointing that the telecoms did not stand up for their users,” Kurt Ospahl, an EFF staff attorney, said in a telephone interview.
The opinion declassified today spells out the court’s interpretation of why it is legal under the Patriot Act that all calling records can be forwarded to the NSA. It also notes that there is no adversarial process, meaning without a third-party challenger, the court relies solely on the government’s assertions. Every 90 days the court orders carriers to forward all calling metadata on a rolling basis.
“To ensure adherence to its Orders, this Court has the authority to oversee compliance … and requires the government to notify the Court in writing immediately concerning any instance of non-compliance. According to the government, in the prior authorization period there have been no compliance incidents,” the court wrote.
The telcos we contacted for this story did not return calls for comment or were not immediately prepared to comment.
A day after the Guardian‘s story, however, Verizon declined to acknowledge the program but also said it was just following orders.
“Verizon continually takes steps to safeguard its customers’ privacy. Nevertheless, the law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply,” Randy Milch, Verizon’s general counsel, said in a letter to employees.
How to Uninstall Windows 8, Install Windows 7 on Your PC
Has Windows 8 got you down? It’s not easy, but you can switch your new PC back to Windows 7. We show you the step-by-step (and the pitfalls).
PC MAG by Brian Westover April 8, 2013
If you’re fed up with the Windows 8 operating system that came on your new laptop, and just want to switch back to Windows 7, I’ve got good news, and bad news. The good news is that it is possible. You can remove Windows 8, install Windows 7, and go about your life as if Windows 8 never happened. The bad news is that it’s a complicated endeavor.
In addition to the expected BIOS wrangling, drive formatting, and reinstalling device drivers, Microsoft has actually added extra layers of complexity. The BIOS has the added obstacle of the Unified Extensible Firmware Interface (UEFI). Drives are partitioned and protected so that it’s difficult to reclaim all of the space on your hard drive. And finally, manufacturers are spotty at best when it comes to offering Windows 7 drivers and rarely support users in making the switch. The result is a snarled Gordian Knot of complications, but there’s not necessarily a sword available to simplify the issue. This guide, however, should help you navigate the many twists and turns.
If you don’t want to remove Windows 8 completely but still want to have your familiar Windows 7 experience, want to avoid compatibility issues with programs and games, or need a feature that’s gone missing in the new OS, there are other options. Your best bet is actually running Windows 7 on a virtual machine—and we can suggest several.
If you’re ready to embark on the journey back to Windows 7—it feels wrong to simply call it a downgrade—then gather your supplies, muster your courage, and let’s dive in.
A Few Words of Warning
Microsoft does offer downgrade rights, complete with support services and a clear downgrade path to Windows 7, but only for systems with Windows 8 Pro. If you’ve just got plain old Windows 8—and most mainstream systems do—you’re on your own. Switching between the two operating systems is still very doable, but you’ll be doing it without Microsoft’s blessing.
Related to this, you may also run into trouble getting support from your manufacturer, as most do not provide legacy support for Windows 7 on systems that were factory-shipped with Windows 8. This extends to drivers. You’ll need to do your homework as to what your devices are, what drivers they require, and whether or not there are Windows 7 drivers available. Unfortunately, this will vary from model to model, and even from one configuration to the next.
Do Your Driver Homework
Start by opening the device manager in your control panel. It will provide you with a list of all the different devices found on the system, from touchpad and keyboard to networking and Wi-Fi adapters. Don’t skip this step, because you can’t use the device without a working driver—meaning that without the proper drivers, you can easily find yourself stuck with a nearly unusable machine.
By digging into the properties of each device individually, you should be able to find the specific part model name, and information about the drivers. Some searching online will help you discover whether or not Windows 7 drivers are available for each part, but you will often need to track do each driver individually. The one exception to this is when the manufacturer offers two versions of the same model PC—both a Windows 8 configuration, and a Windows 7 version.
The first place to check is the PC manufacturer’s product support page. By looking up your specific PC model number, you should be able to locate a list of all the needed drivers for the laptop’s hardware. If you’re lucky, the manufacturer support page includes drivers for both Windows 8 and Windows 7, giving you everything you need for your entire PC. With one of our test PCs, this was all we needed to do, because all the device drivers were available.
If not, you’ll need to take it one device at a time. Find the name of the manufacturer for each device and search for that company’s website, which should have its own driver download page. If even this doesn’t seem to help, you can always fire up your search engine and search for “[Device name] + Windows 7 Driver.” That should bring up plenty of resources.
Be aware, however, that for some newer devices, drivers may not be available for Windows 7 and older operating systems. If this is the case, you may be out of luck—which is why you’re looking all of this up beforehand.
Back up everything. Tech journalists often preach the importance of regularly backing up, but this is more than the usual preparation against hypothetical disaster—you’re about to overwrite your hard drive. Everything on that drive will be gone. Files, programs, and the original operating system, all gone. Just because you want to ditch Windows 8 now doesn’t mean you won’t change your mind in the future. Additionally, you may want a way to revert back to Windows 8 should you ever need to take advantage of the warranty—there’s worry that some manufacturers will void the warranty on the system if Win 8 is removed.
First, you’ll need Windows 7 installation media, either on disc or on a USB Key. Yes, Microsoft still sells it, as does Amazon. In addition to your installation media, you’ll need a valid Windows 7 Product Key, the 25-digit alphanumeric code used to activate your copy of Windows. If you’re installing from a brand-new copy of Windows, you’re fine to use the product key that was included, but if you’re using an older copy (or a copy of a copy) you’ll need to pay for a new valid key.
You will also need a USB key (separate from your installation media) with drivers loaded on it. This is the result of the aforementioned homework—you really don’t want to install Windows 7 without it.
Disable UEFI and Enable Legacy Boot
Unlike past PCS, which would let you access the BIOS at startup, you’ll need to first enable Advanced Startup Mode.
Commence Installing Windows 7
With Legacy Boot enabled and your boot order changed, you should now be able to boot into your installation media to begin installing Windows 7.
The first thing you’ll see is a prompt to begin installation.
Start the installation process, choose your language and region, and press “Install Now” to begin the process.
You’ll be asked to agree to Microsoft’s software license, and then to choose between an Upgrade or Custom installation. In this instance, you’ll want to choose Custom.
The next step is to choose the destination drive for the installed OS. At the very least, you’ll want to install Windows 7 to your C: drive. If you want to wipe Windows 8 completely off of your system, this is the time to do it. Select the various partitions on the hard drive and go through the process of deleting each, and consolidating the free space. This all handled in the installer, which gives you the option to delete or format each partition as it’s selected. But beware—this is the Rubicon of OS installation. Once those drives are gone, they are gone, and rebooting the system without finishing the Windows 7 installation will leave you with a PC that has no operating system. Next, the installer will go through the process of extracting and expanding all of the necessary installation folders. Kick back and relax for a while, because this part is automatic. During this process, the PC will also restart on its own—don’t panic, that’s just part of the installation process.
Finally, your laptop will boot into Windows, and you should see a more familiar version of the Windows logo come up.
Once you boot into Windows, you’ll be asked to provide a 25-digit Product Key. You can proceed without one, but you’ll be forever hounded by warnings about using a pirated version of Windows, even if it’s a brand new store-bought copy.
Install Drivers from USB key
Once you’ve got Windows 7 installed on your system, it’s time to install your drivers. As a rule, I always start by installing networking drivers—once you’ve got your Wi-Fi or Ethernet connection up and running, you can hunt down the rest and troubleshoot online as needed.
Once you’ve got your drivers installed for everything else (trackpad, graphics processing, USB 3.0 ports, Bluetooth, etc.) do one final reboot. Viola! You’ve now got a pristine Windows 7 PC, ready and waiting for all of your software and files.
Hopefully, this little guide has helped you to navigate the minefield of switching from Windows 8 to Windows 7 without the loss of a limb. Enjoy your Start Menu, and bask in the light of a tile-free existence, free to use Windows as you always have. With any luck, the next version of Windows will be a little easier to adjust to.