Google to push for law enforcement to have more access to overseas data

FILE PHOTO: A Google logo is seen in a store in Los Angeles, California, U.S., March 24, 2017. REUTERS/Lucy Nicholson/File Photo

By Dustin Volz

WASHINGTON (Reuters) – Alphabet Inc’s <GOOGL.O> Google will press U.S. lawmakers on Thursday to update laws on how governments access customer data stored on servers located in other countries, hoping to address a mounting concern for both law enforcement officials and Silicon Valley.

The push comes amid growing legal uncertainty, both in the United States and across the globe, about how technology firms must comply with government requests for foreign-held data. That has raised alarm that criminal and terrorism investigations are being hindered by outdated laws that make the current process for sharing information slow and burdensome.

Kent Walker, Google’s senior vice president and general counsel, will announce the company’s framework during a speech in Washington, D.C., at the Heritage Foundation, a conservative think tank that wields influence in the Trump White House and Republican-controlled Congress.

The speech urges Congress to update a decades-old electronic communications law and follows similar efforts by Microsoft Corp <MSFT.O>.

Both companies had previously objected in court to U.S. law enforcement efforts to use domestic search warrants for data held overseas because the practice could erode user privacy. But the tech industry and privacy advocates have also admitted the current rules for appropriate cross-border data requests are untenable.

The Mountain View, California-based company calls for allowing countries that commit to baseline privacy, human rights and due process principles to directly request data from U.S. providers without the need to consult the U.S. government as an intermediary. It is intended to be reciprocal.

Countries that do not adhere to the standards, such as an oppressive regime, would not be eligible.

Google did not detail specific baseline principles in its framework.

“This couldn’t be a more urgent set of issues,” Walker said in an interview, noting that recent acts of terrorism in Europe underscored the need to move quickly.

Current agreements that allow law enforcement access to data stored overseas, known as mutual legal assistance treaties, involve a formal diplomatic request for data and require the host country obtain a warrant on behalf of the requesting country. That can often take several months.

In January, a divided federal appeals court refused to reconsider its decision from last year that said the U.S. government could not force Microsoft or other companies to hand over customer data stored abroad under a domestic warrant.

The U.S. Justice Department has until midnight on Friday to appeal that decision to the Supreme Court. It did not respond to a request for comment.

U.S. judges have ruled against Google in similar recent cases, however, elevating the potential for Supreme Court review.

Companies, privacy advocates and judges themselves have urged Congress to address the problem rather than leave it to courts.

Google will also ask Congress to codify warrant requirements for data requests that involve content, such as the actual message found within an email.

Chris Calabrese, vice president of policy at the Center for Democracy & Technology, said Google’s framework was “broadly correct” but urged caution about the process for letting countries make direct requests to providers.

“We need to make sure the people in the club are the right people,” he said.

(Reporting by Dustin Volz; Editing by Lisa Shumaker)

Families of San Bernardino shooting sue Facebook, Google, Twitter

FILE PHOTO: Weapons confiscated from the attack in San Bernardino, California are shown in this San Bernardino County Sheriff Department handout photo from their Twitter account released to Reuters December 3, 2015. REUTERS/San Bernardino County Sheriffs Department/Handout/File Photo

By Dan Whitcomb

LOS ANGELES (Reuters) – Family members of three victims of the December 2015 shooting rampage in San Bernardino, California, have sued Facebook, Google and Twitter, claiming that the companies permitted Islamic State to flourish on social media.

The relatives assert that by allowing Islamic State militants to spread propaganda freely on social media, the three companies provided “material support” to the group and enabled attacks such as the one in San Bernardino.

“For years defendants have knowingly and recklessly provided the terrorist group ISIS with accounts to use its social networks as a tool for spreading extremist propaganda, raising funds and attracting new recruits,” family members of Sierra Clayborn, Tin Nguyen and Nicholas Thalasinos charge in the 32-page complaint, which was filed in U.S. District Court in Los Angeles on Wednesday.

“Without defendants Twitter, Facebook and Google (YouTube), the explosive growth of ISIS over the last few years into the most feared terrorist group in the world would not have been possible,” the complaint said.

Spokeswomen for Twitter and Google declined to comment on the lawsuit. Representatives for Facebook could not immediately be reached by Reuters on Thursday afternoon.

Syed Rizwan Farook and his wife, Tashfeen Malik, opened fire on a holiday gathering of Farook’s co-workers at a government building in San Bernardino on Dec. 2, 2015, killing 14 people and wounding 22 others.

Farook, the 28-year-old, U.S.-born son of Pakistani immigrants, and Malik, 29, a Pakistani native, died in a shootout with police four hours after the massacre.

Authorities have said the couple was inspired by Islamist militants. At the time, the assault ranked as the deadliest attack by Islamist extremists on U.S. soil since the Sept. 11, 2001, attacks. In June 2016, an American-born gunman pledging allegiance to the leader of Islamic State shot 49 people to death at the Pulse nightclub in Orlando, Florida, before he was killed by police.

In December 2016 the families of three men killed at the nightclub sued Twitter, Google and Facebook in federal court on allegations similar to those in the California lawsuit.

Federal law gives internet companies broad immunity from liability for content posted by their users. A number of lawsuits have been filed in recent years seeking to hold social media companies responsible for terror attacks, but none has advanced beyond the preliminary phases.

(Reporting by Dan Whitcomb in Los Angeles; Additional reporting by David Ingram and Julia Love in San Francisco; Editing by Dan Grebler and Grant McCool)

Spam campaign targets Google users with malicious link

A security guard keeps watch as he walks past a logo of Google in Shanghai, China, April 21, 2016. REUTERS/Aly Song/File Photo

By Jim Finkle and Alastair Sharp

(Reuters) – Alphabet Inc <GOOGL.O> warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.

“This is the future of phishing,” said Aaron Higbee, chief technology officer at PhishMe Inc. “It gets attackers to their goal … without having to go through the pain of putting malware on a device.”

He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords.

Google said its abuse team “is working to prevent this kind of spoofing from happening again.”

Anybody who granted access to the malicious app unknowingly also gave hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)

Major internet providers say will not sell customer browsing histories

The NBC and Comcast logo are displayed on top of 30 Rockefeller Plaza, formerly known as the GE building, in midtown Manhattan in New York July 1, 2015. REUTERS/Brendan McDermid/File Photo

By David Shepardson

WASHINGTON (Reuters) – Comcast Corp, Verizon Communications Inc and AT&T Inc said Friday they would not sell customers’ individual internet browsing information, days after the U.S. Congress approved legislation reversing Obama administration era internet privacy rules.

The bill would repeal regulations adopted in October by the Federal Communications Commission under former President Barack Obama requiring internet service providers to do more to protect customers’ privacy than websites like Alphabet Inc’s Google or Facebook Inc.

The easing of restrictions has sparked growing anger on social media sites.

“We do not sell our broadband customers’ individual web browsing history. We did not do it before the FCC’s rules were adopted, and we have no plans to do so,” said Gerard Lewis, Comcast’s chief privacy officer.

He added Comcast is revising its privacy policy to make more clear that “we do not sell our customers’ individual web browsing information to third parties.”

Verizon does not sell personal web browsing histories and has no plans to do so in the future, said spokesman Richard Young.

Verizon privacy officer Karen Zacharia said in a blog post Friday the company has two programs that use customer browsing data. One allows marketers to access “de-identified information to determine which customers fit into groups that advertisers are trying to reach” while the other “provides aggregate insights that might be useful for advertisers and other businesses.”

Republicans in Congress Tuesday narrowly passed the repeal of the rules with no Democratic support and over the objections of privacy advocates.

The vote was a win for internet providers such as AT&T Inc, Comcast and Verizon. Websites are governed by a less restrictive set of privacy rules.

The White House said Wednesday that President Donald Trump plans to sign the repeal of the rules, which had not taken effect.

Under the rules, internet providers would have needed to obtain consumer consent before using precise geolocation, financial information, health information, children’s information and web browsing history for advertising and marketing. Websites do not need the same affirmative consent.

Some in Congress suggested providers would begin selling personal data to the highest bidder, while others vowed to raise money to buy browsing histories of Republicans.

AT&T says in its privacy statement it “will not sell your personal information to anyone, for any purpose. Period.” In a blog post Friday, AT&T said it would not change those policies after Trump signs the repeal.

Websites and internet service providers do use and sell aggregated customer data to advertisers. Republicans say the rules unfairly would give websites the ability to harvest more data than internet providers.

Trade group USTelecom CEO Jonathan Spalter said in an op-ed Friday for website Axios that individual “browser history is already being aggregated and sold to advertising networks – by virtually every site you visit on the internet.”

This week, 46 Senate Democrats urged Trump not to sign the bill, arguing most Americans “believe that their private information should be just that.”

(Reporting by David Shepardson; Editing by Cynthia Osterman and Lisa Shumaker)

EU-U.S. commercial data transfer pact enters into force

Servers in Iceland

By Julia Fioretti

BRUSSELS (Reuters) – A new commercial data pact between the European Union and the United States entered into force on Tuesday, ending months of uncertainty over cross-border data flows, and companies such as Google <GOOGL.O>, Facebook <FB.O> and Microsoft <MSFT.O> can sign up from Aug. 1.

The EU-U.S. Privacy Shield will give businesses moving personal data across the Atlantic – from human resources information to people’s browsing histories to hotel bookings – an easy way to do so without falling foul of tough EU data transferral rules.

The previous such framework, Safe Harbour, was struck down by the EU’s top court in October on the grounds that it allowed U.S. agents too much access to Europeans’ data.

Revelations three years ago from former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance practices caused political outrage in Europe and stoked mistrust of big U.S. tech companies.

In the months that followed the EU ruling companies have had to rely on other more cumbersome mechanisms for legally transferring data to the United States.

The Privacy Shield will underpin over $250 billion dollars of transatlantic trade in digital services annually.

Google and Microsoft said they would sign up to the Privacy Shield and would work with European data protection authorities in case of inquiries.

A person familiar with social network Facebook’s thinking said the company had not yet decided whether to sign up.

“It’s too early to say as we haven’t seen the full text yet but like other companies we will be evaluating the text in the coming weeks,” the person said.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying.

However the framework also faces criticism from privacy advocates for not going far enough in protecting Europeans’ data and is widely expected to be challenged in court.

Max Schrems, the Austrian law student who successfully challenged Safe Harbour, said the Privacy Shield was “little more than a little upgrade to Safe Harbour”. However he added that he did not have plans to challenge it himself for the time being.

“We are confident the framework will withstand further scrutiny,” Penny Pritzker, U.S. Secretary of Commerce, told a news conference.

EU data protection authorities, who had demanded improvements to the Privacy Shield in April, said they were analyzing the framework and would finalize a position by July 25.

(Editing by Alexandra Hudson and Louise Heavens)

Apple, Google Products Target of Court Order

Apple Logo inside Corporate offices

SAN FRANCISCO (Reuters) – The American Civil Liberties Union on Wednesday said it had identified 63 cases across the U.S. in which the federal government asked for a court order compelling Apple Inc or Google to help access devices seized during investigations.

The cases predominantly arise out of investigations into drug crimes, the ACLU said, adding that the data indicate such government requests have become “quite ordinary.”

Representatives for the Justice Department and Apple declined to comment.

A spokesman for Google, a unit of Alphabet Inc, declined to say how frequently it has cooperated with All Writs Act requests or orders, and how often it has contested them.

The Justice Department previously disclosed that Apple has received 70 court orders requiring it to provide assistance since 2008, which it obeyed without objection.

However, last October Apple contested a Justice Department demand for assistance in a Brooklyn drug case. Since then, Apple has objected to several other government requests for help accessing devices across the country, the company said in a court filing last month.

A U.S. judge in Brooklyn agreed with Apple and ruled that Congress has not authorized the government to ask for the help it demanded of the company. The Justice Department has appealed that ruling.

The ACLU report comes after the Justice Department withdrew a request for Apple’s assistance in California, saying on Monday it had succeeded in unlocking an iPhone used by one of the shooters involved in a rampage in San Bernardino in December without Apple’s help.

Other cases involving government requests for Apple’s help are still pending.

A variety of Apple and Google products have been targeted by court orders, according to the ACLU report. In one, an Apple iPhone 5 was seized by a man arrested in 2013 for importing methamphetamine from Mexico.

A California court ordered Apple to help the Justice Department bypass the passcode and copy data onto an external hard drive. The order does not specify which operating system was running on the phone.

(Reporting by Dan Levine)

Google accused of improperly tracking students’ web activity

A civil liberties group is accusing Google of invading the privacy of schoolchildren by improperly collecting information through their computers, according to a federal complaint filed this week.

The Electronic Frontier Foundation (EFF) claims the information is being obtained through the Google for Education program, which many schools are utilizing. Through that program, schools can buy Chromebook laptop computers and provide them to their students for educational use.

Fortune reported that 3.4 million Chromebooks were added to the education sector last year.

The problem, the EFF alleges in the complaint, is a default setting on those Chromebooks allows Google to collect and store data about the websites students visit and use it for its own benefit.

The feature is called Chrome Sync, and the EFF says it’s automatically turned on in the Google Chrome web browser. It allows users to have the same Internet browser configuration — things like saved settings, bookmarks and passwords — anytime they log in to Chrome on any device.

But the EFF alleges that also allows Google to collect and keep track student’s browsing records, including things like their search history and what videos they watch on YouTube. They say that’s a violation of the Student Privacy Pledge, which Google and other tech companies signed. One of the terms of that pledge is that companies will only use data for educational purposes.

The EFF alleges Google is using the data to improve its products and asking the Federal Trade Commission to investigate the company and order it to destroy any student data it collected.

Google disputes the claims, telling Fortune that its programs comply with the law and its pledge.

“Our services enable students everywhere to learn and keep their information private and secure,” Google said in a statement reported by the Associated Press. And the Future of Privacy Forum, which helped draft the Student Privacy Pledge, thinks the allegations are unfounded.

“We have reviewed the EFF complaint but do not believe it has merit. … The Chrome Sync setting is a general feature of all Chromebooks, whether purchased by schools or the general public. We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge,” the forum’s executive director, Jules Polonetsky, said in a statement.

Google Eliminates Pornographic Ads

Google has announced that it will no longer allow advertising to depict sexual acts and other types of pornography.

The company sent an e-mail to advertising accounts saying that anyone using the Google AdWords system that it will restrict ads containing or linking to any sexually explicit content.  The announcement follows a meeting in May between Google and groups such as Morality in Media, Concerned Women for America and Focus on the Family.

“We are grateful that they are realizing that their profits from porn are not worth the devastation to children and families,” Morality in Media said in a statement.

In addition to the new restrictions on advertising, Google has increased policies for apps that can be sold through the Google Play store.  Apps that contain or promote sexually explicit or erotic content are no longer permitted and Google has removed several apps from the site that violated those policies.

Google has been part of the “Dirty Dozen” list released each year by PornHarms.com, a listing that shows the biggest contributors to sexual exploitation in America.  Google is on the 2014 list, released just before the announcement of the changes.  Other major companies on the list include Verizon, Barnes & Noble and Cosmopolitan magazine.

Google To Produce Contact Lens To Monitor Diabetes

Google has put on display a prototype of a contact lens that could be used by diabetics to monitor their disease.

The lens contains a miniaturized glucose sensor and wireless chip.  The lens would continually monitor glucose levels in tears and report the information to a computer or smartphone.

Google says the lens will be a lot less intrusive for measuring glucose levels than pricking fingers for blood tests.

“We wondered if miniaturized electronics — think chips and sensors so small they look like bits of glitter, and an antenna thinner than a human hair — might be a way to crack the mystery of tear glucose and measure it with greater accuracy,” Google said in its press release.  “We hope a tiny, super sensitive glucose sensor embedded in a contact lens could be the first step in showing how to measure glucose through tears, which in the past has only been theoretically possible.”

The unit is reportedly powered by radio waves.

Google Announces They Will Block Searches For Child Pornography

Google executives have said the search giant will block searches for child pornography.

In addition, the company says they have been reporting to authorities anyone they find who has been posting pictures of child sexual abuse to the web. The evidence handed over by Google has been used in multiple convictions of abusers.

The changes to Google’s search algorithm are also being applied to 150 different languages in an attempt to combat the sharing of child pornography worldwide. The company is also putting warnings at the top of pages where people search for illegal images that the images violate international law and advice on where to seek help.

Engineers at YouTube are also working on a system that will automatically identify videos with children being abused so they can be immediately flagged by the search engine.

In addition, Google is funding internships at both the Internet Watch Foundation and the US National Center for Missing and Exploited Children to help those groups track down child abusers.