**The following essay was written by Eric Hughes and published on March 9, 1993. “A Cypherpunk’s Manifesto” was originally published on activism.net and is reprinted here on *Bitcoin.com for historical preservation. The opinions expressed in this article are the author’s own. Bitcoin.com is not responsible for or liable for any opinions, content, accuracy or quality within the historical editorial.**

If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.

Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.

Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.

Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one’s identity with assurance when the default is anonymity requires the cryptographic signature.

We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor’s younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.

We must defend our own privacy if we expect to have any. We must come together and create systems, which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.

We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one’s fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.

The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.

Onward.

Read Original Article…

One common scamming trend over the years has been to call people claiming to be from a famous company like Microsoft in order to gain remote access to their computer and extort cash ranging from a few to hundreds of dollars.

They do this by convincing users of malware or something more serious existing on their system which needs to be removed. Many such scammers operate from call centers located in other countries far away making it difficult for law enforcement agencies to crack in on them.

However, in the latest, we’ve seen a United Kingdom-based vigilante hacker taking action giving us great insight into how these tech support scammers and their infrastructure functions.

The hacker who goes by the name of Jim Browning shared a series of videos on his YouTube channel that details his exploits and how the whole hack worked. Additionally, BBC Panorama and another YouTuber named Karl Rock has also released a report coordinating with Browning.

Firstly, he traced these fake tech support scammers (call agents) to be from call centers in India and then went on a rather daring way to attack them. He did so by allowing them to establish a remote connection to his own computer giving them the view that they had conned him.

However, instead, he used that very established connection to attack the scammers back, something they would have not imagined. Although we don’t know the technical specifics of how he accomplished this reverse attack vector, we do know that it helped him gain access to CCTV cameras located in the vicinity of the call center based in Kolkata along with records of almost 70,000 calls.

The footage from the hacked CCTVs showed the entire routine of the staff operating there with workers hanging around and sitting on their workspaces just like you would find in any normal workplace. The conversations of workers trying to convince potential victims can also be heard.

In fact, a quote of Steve Jobs can be found muralled on a wall as shown in the image below, quite ironic considering the nature of their work. What’s even more surprising is that this is not some slum out of which they are operating, the building as seen from outside CCTV footage is well furnished and appears to host a modern looking office.

The image below is taken from a drone flown by Karl Rock. This is the ‘Sonit Tower‘ building where the entire tech support scam call center was operating from.

An interesting thing here to note is that despite all the evidence gathered, Browning’s work here would not be legally compliant considering he took the law into his own hand. Someone who does so can thereby be prosecuted and hence this may be one reason that the vigilante does not reveal his real identity.

Instead, law enforcement agencies recommend a more coordinated approach such as when we saw Avast team up with French authorities back in September 2019 to take down the Retadup botnet. Nonetheless, the entire topic of hacking back is a hotly contested one and hence we may see changes in the legislation governing it in the future.

Raided
However, the good news is that this particular scam call center has been raided by police and its owner Amit Chauhan has been arrested as well. More on his arrested is available in the video shared by Karl Rock.

For users to avoid being victims of such scammers, it is common sense that can prove to be the most effective here. Under no circumstances do well-reputed companies demand payments and access to one’s computer in a way that would place user security at risk.

Therefore, one should remain vigilant and in the case that you actually do need any help cleaning up your computer, visiting an authorized service agent of either the company itself or any third party service is preferable rather than trusting a random stranger behind a phone call.

Read Original Article…

Day after day, our lives are increasingly becoming reliant on the Internet and technology more than ever. We use computers in the form of PCs, tablets, mobile phones, and wearable devices, and every traditional gadget from an alarm clock to the refrigerator is becoming smart.

We use Google and other search engines to navigate the Internet, and we depend on the Internet to store information and retrieve it on demand. I have recently found myself hopelessly lost in a city while trying to remember directions without using digital maps, and I always check for prices online before shopping offline.

Our lives are highly dependent on the Internet.

The all-seeing eye
Carrying a mobile phone with me means that Google knows where I am every day. They know where I work because that’s is where my phone is during the day, they know where I live because I spend the night there, and they know the entertainment joint that I frequent on Saturdays. They know that the place that I go and spend some time every Sunday morning must be where I go to church, and they know the people I met since they see the devices meeting together.

I trust a browser to help me remember my passwords, with the hope that those passwords I store there are a secret between only me and the browser. I give Apps on my phone permission to read my messages, assuming that they will read only if necessary, only to realize that some of them spend time analyzing the SMS that I have received.

Terms & Conditions apply
Navigating the online space is simple on the surface, but a complicated exercise when we dig deeper.

Take the example of the ‘Terms & Conditions’ segments that we encounter on many websites, applications, software and many other digital tools we use. Do we read that text? No. Do the writers of these T&C expect us to read them? No. The documents are usually unnecessarily long, written in the smallest font possible, and using complicated terms which a layperson would likely not understand. We have little option other than checking the ‘Accept’ box. Even when browsing any website, we encounter the notorious pop-up ‘This site uses cookies… Click here to accept,’ and we always accept without a second thought, not knowing what cookies are.

Artificial Intelligence
Artificial Intelligence is making matters more complex.

Amazon’s Alexa is a device that is always listening to all that you are saying, while Google has a similar feature on Android phones which can be activated by saying ‘Ok Google.’ When you imagine that someone is listening to everything you say, knows all your passwords, knows every web page you visit, knows where you are at any moment, knows all the people you chat with, and the content of those chats; you only hope that person is God alone.

However, unfortunately, there are many ‘gods’ doing that.

Why collect data?
What do do digital technology companies do with all the data that they have?

Governments have always used the data they have to do government work. They spy over the bad guys (sometimes the good guys) and do intelligence. Big Tech is only interested in using the data to make money primarily through sharing the data with third parties. Thus, Facebook will see you chat with someone on WhatsApp, then they recommend that you add them as friends on Facebook.

Google will see you searching for the pregnancy test kit, and know that they can now start showing you maternity dress ads. Mobile lending apps read your M-PESA messages and use that to determine how much money they can loan you. Information is a powerful tool, and he who has it rules the day.

The new order
What are the new realities that we should wake up to? We are seeing more people get concerned about the data being held by tech firms, and new laws and legislation governing the use of collected data.

Tech firms and users need to guard all the Personally Identifiable Information (PII) that they collect, as well as the metadata that can be used to identify a person through their behaviors. There is also a need to ensure that data is encrypted appropriately, both when the data is in transit and when it is seated somewhere in a server.

However, an important part is also to ensure that data is used only for the intended purposes. Another good practice is to ensure people who collect data for whatever purpose collect the least amount of data possible, and do not hold it longer than necessary.

Even with regulations and best practices, the concept of privacy is way much different from what it used to be. It is a new world.

Read Original Article…

With many countries now into their second month of lockdown due to the coronavirus pandemic, people all around the world now consider entertainment platforms as essential services.

This week, for example, Netflix announced that it had signed up 15.77 million new subscribers during the last three months, more than double the 7 million it previously expected. Disney’s streaming platform Disney+ has also hit the jackpot, doubling its subscriber base to 50 million since February.

As one might expect, piracy levels have gone up too. Interest in pirate sites increased in March and a global surge was evident in early April, increasing broadly in line with countries’ lockdown measures.

One of the many tools contributing to this surge is Popcorn Time. After storming the scene in 2014 and impressing with its ground-breaking Netflix-style interface, it drew an audience of millions. Since then improvements to its multiple variants have been incremental rather than ground-breaking but one Popcorn Time fork has now released Popcorn Time Kids, an app that only presents family-friendly content to the user.

According to the team behind the app, they recently noticed a surge in demand, something they attribute to people being in quarantine.

“The amount of love and thankfulness we’ve received from our millions of users in recent weeks was overwhelming! And taking the risk of sounding corny – they really touched us. We understood suddenly how much this project meant not only to us, but to millions of people from all over the world,” a developer told TF.

“Out of all the enthusiastic responses, we received thousands(!) of emails from parents asking for something so obvious, a family-friendly version of Popcorn Time!”

The resulting Popcorn Time Kids software is essentially a version of the regular app but with filters that aim to remove all content unsuitable for the younger viewer.

“Popcorn Time Kids provides a more contained environment for kids and is designed to help parents and guardians keep their kids entertained as they spend most of their time at home. PT Kids library is filled with a variety of the best family-friendly movies and shows from the broader universe of content on Popcorn Time,” the team add.

While there have been Kodi-addons that have catered directly to a younger audience in the past, it is relatively unusual to see an app targeted directly at children. In a way, of course, the app seems designed to appeal to adults who might enjoy not having to keep worrying about the type of content their kids might be viewing.

Popcorn Time Kids will no doubt prove attractive to a certain subset of users but being BitTorrent-based, it comes with the usual caveats. While streaming copyrighted content can be illegal depending on jurisdiction, users will be uploading at the same time, an act that is illegal almost everywhere on the planet. The threat can be mitigated with a VPN but ensuring that stays on in the hands of a seven-year-old sounds like Russian roulette.

There can be little doubt that plenty of broke and perhaps now unemployed parents will find this kind of app attractive but there is no doubt that copyright holders will not. In many respects then, it’s business as usual, even in these remarkable times.

Read Original Article…

Who needs to conduct a sophisticated cyber attack to bring down a country’s Internet service when all you need is a shovel?

There were news stories this week in the London Guardian and the Wall Street Journal (here and here) regarding a 75-year old Georgian woman by the name of Aishtan Shakarian who was scavenging for copper accidentally damaged with her shovel the international fiber-optic cable carrying 90% of Armenia’s Internet traffic. While some Armenian telecom companies were able to switch to connections running through Iran, most of the 3.2 million citizens of Armenia were without Internet service for up to 12 hours, as were some portions of Georgia and Azerbaijan.

According to the Wall Street Journal:

“The Georgia section of the international cable, commonly called the country’s West East fiber-optic backbone, is laid underground along railway tracks and operated by Georgia’s state railway company and its partners. The line comes to Georgia from Bulgaria, crossing the Black Sea to the Georgian port of Poti. It later forks into Armenia and Azerbaijan.”

The cable is supposed to be heavily protected, says the Guardian article, but “landslides or heavy rain may have exposed it to scavengers,” it reports. When Ms. Shakarian, dubbed the “the spade-hacker” by the local media, cut into the cable, she set off alarms signals which helped police locate her. Ms. Shakarian was arrested, but a severe jail sentence is unlikely given her age, the stories say.

In 2008, submarine cables off Egypt were damaged twice (see here and here) which disrupted Internet, data and telephone communications across Europe and the Middle East. Also in 2008, a backhoe operator severed a fiber-optic cable causing a major land line, mobile phone and Internet shutdown for more than one million people in Queensland and Northern New South Wales, Australia.

Update 14 Apr 2011

Not much new about this incident, but there is this a story here from earlier this week published by the Sydney Morning Herald that states the woman, Aishtan Shakarian, who is accused of damaging the fiber-optic cable, denies doing it. Ms. Shakarian is quoted as saying that she isn’t strong enough to have damaged the cable:

“I did not cut this cable. Physically, I could not do it.”

The Morning-Herald says that the Georgian Interior Ministry notes that all claims of innocence aside, Ms. Shakarian “has already confessed to cutting the cable.”

The Herald also states that “.. Georgian Railway Telecom insists that the 600-kilometre cable has ‘robust protection’ …”

Read Original Article…

Have you ever heard the computer security advice, “Don’t open attachments”? This is solid advice, but unfortunately for journalists, activists, and many other people, it’s impossible to follow. Imagine if you were a journalist and got an email from someone claiming to work for the Trump Organization with “Donald Trump tax returns.pdf” attached. Are you really going to reply saying, “Sorry, I don’t open attachments” and leave it at that?

The truth is, as a journalist, it’s your job to open documents from strangers, whether you get them in an email, a Signal or WhatsApp message, or through SecureDrop. Journalists also must open and read documents downloaded from all manner of websites, from leaked or hacked email dumps, or from any number of other potentially untrustworthy sources.

Dangerzone, a new open source tool that First Look Media just released at the Nullcon 2020 hacker conference in Goa, India, aims to solve this problem. You can install dangerzone on your Mac, Windows, or Linux computer, and then use it to open a variety of types of documents: PDFs, Microsoft Office or LibreOffice documents, or images. Even if the original document is dangerous and would normally hack your computer, dangerzone will convert it into a safe PDF that you can open and read.

You can think of it like printing a document and then rescanning it to remove anything sketchy, except all done in software.

Getting started

• Download dangerzone 0.1 for Mac
• Download dangerzone 0.1 for Windows
• See installing dangerzone on the wiki for Linux repositories

How can a document be dangerous?

PDFs and office documents are incredibly complex. They can be made to automatically load an image from a remote server when the document is open, tracking when a document is opened and from what IP address. They can contain JavaScript or macros that, depending on how your software is configured, could automatically execute code when opened, potentially taking over your computer. And finally, like all software, the programs you use to open documents – Preview, Adobe Reader, Microsoft Word, LibreOffice, etc. – have bugs, and these bugs can sometimes be exploited to take over your computer. (You can reduce your risk of getting hacked by always installing your updates, which fix the bugs that software vendors are aware of.)

For example, if an attacker knows about a security bug in Microsoft Word, they can carefully craft a Word document that, when opened using a vulnerable version of Word, will hack your computer. All they have to do is trick you into opening it, perhaps by sending you a convincing enough phishing email.

This is exactly what Russian military intelligence did during the 2016 US election. First, they hacked a US election vendor known as VR Systems and got their client list. Then they send 122 emails to VR Systems’ clients (election workers in swing states) from the email address vrelections@gmail.com, with the attachment New EViD User Guides.docm.

If any of the election workers who got this email opened the attachment using a vulnerable version of Word in Windows, the malware would have created a backdoor into their computer for the Russian hackers. (We don’t know if anyone opened the document or not, but they might have.)

If you got this email today and opened New EViD User Guides.docm using dangerzone, it will convert it into a safe PDF (New EViD User Guides-safe.pdf), and you can safely open this document in a PDF viewer, without risking getting hacked.

Inspired by Qubes TrustedPDF

I got the idea for dangerzone from Qubes, an operating system that runs everything in virtual machines. In Qubes, you can right-click on a PDF and choose “Convert to TrustedPDF”. I gave a talk called Qubes OS: The Operating System That Can Protect You Even If You Get Hacked in 2018 at the Circle of HOPE hacker conference in New York. I talk about how TrustedPDF works for about 2 minutes starting at 9:20:

Dangerzone was inspired by TrustedPDF but it works in non-Qubes operating systems, which is important, because most of the journalists I know use Macs and probably won’t be jumping to Qubes for some time.

It uses Linux containers to sandbox dangerous documents instead of virtual machines. And it also adds some features that TrustedPDF doesn’t have: it works with any office documents, not just PDFs; it uses optical character recognition (OCR) to make the safe PDF have a searchable text layer; and it compresses the final safe PDF.

How does dangerzone work?

Dangerzone uses Linux containers (two of them), which are sort of like quick, lightweight virtual machines that share the Linux kernel with their host. The easiest way to get containers running on Mac and Windows is by using Docker Desktop. So when you first install dangerzone, if you don’t already have Docker Desktop installed, it helps you download and install it.

When dangerzone starts containers, it disables networking, and the only file it mounts is the suspicious document itself. So if a malicious document hacks the container, it doesn’t have access to your data and it can’t use the internet, so there’s not much it could do.

Here’s how it works. The first container:

• Mounts a volume with the original document
• Uses LibreOffice or GraphicsMagick to convert original document to a PDF
• Uses poppler to split PDF into individual pages, and to convert those to PNGs
• Uses GraphicsMagick to convert PNG pages to RGB pixel data
• Stores RGB pixel data in separate volume

Then that container quits. A second container starts and:

• Mounts a volume with the RGB pixel data
• If OCR is enabled, uses GraphicsMagick to convert RGB pixel data into PNGs, and Tesseract to convert PNGs into searchable PDFs
• Otherwise uses GraphicsMagick to convert RGB pixel data into flat PDFs
• Uses poppler to merge PDF pages into a single multipage PDF
• Uses ghostscript to compress final save PDF
• Stores safe PDF in separate volume

Then that container quits, and the user can open the newly created safe PDF.

Here are types of documents that dangerzone can convert into safe PDFs:

• PDF (.pdf)
• Microsoft Word (.docx, .doc)
• Microsoft Excel (.xlsx, .xls)
• Microsoft PowerPoint (.pptx, .ppt)
• ODF Text (.odt)
• ODF Spreadsheet (.ods)
• ODF Presentation (.odp)
• ODF Graphics (.odg)
• Jpeg (.jpg, .jpeg)
• GIF (.gif)
• PNG (.png)
• TIFF (.tif, .tiff)

It’s still possible to get hacked with dangerzone

Like all software, it’s possible that dangerzone (and more importantly, the software that it relies on like LibreOffice and Docker) has security bugs. Malicious documents are designed to target a specific piece of software – for example, Adobe Reader on Mac. It’s possible that someone could craft a malicious document that specifically targets dangerzone itself. An attacker would need to chain these exploits together to succeed at hacking dangerzone:

• An exploit for either LibreOffice or GraphicsMagic
• A container escape exploit in the Linux kernel
• In Mac and Windows, a VM escape exploit for Docker Desktop

If you opened such a malicious document with dangerzone, it would start the first container and begin the conversion process. While it was converting the original document (say, a docx file) into a PDF using LibreOffice, it would exploit a vulnerability in LibreOffice to hack the container. Then, it would exploit a vulnerability in the Linux kernel to escape the container, and from there attempt to take over the computer.

If you keep Docker Desktop updated and regularly update the container that dangerzone uses, such attacks will be much more expensive for attackers.

Dangerzone is open source

This tool is still in early development, so there may be bugs. If you find any, please check the issues on GitHub and open one if your issue doesn’t exist. Please start discussions and make pull requests if you’d like to get involved.

You can find the code for the Mac, Windows, and Linux graphical app here: https://github.com/firstlookmedia/dangerzone

And you can find the code for the Linux container here: https://github.com/firstlookmedia/dangerzone-converter

Dangerzone is released under the MIT license.

Read Original Article…

• Internet speeds should be back to normal for South Africans, one day earlier than expected and just in time for your weekend streaming binge. 
• The Ile D’Aix vessel has completed its repair work on the undersea cable break of the West African Cable System (Wacs), says the South African National Research and Education Network.
• Likewise, the SAt-3 system is back online as well. 

South African’s internet should be back to normal thanks to speedy repair work done by the Ile D’Aix vessel at the cable break of the West African Cable System (Wacs) – just in time for a lockdown weekend binge. 

The South African National Research and Education Network (NREN) confirmed that the cable had been repaired on Saturday morning. 

WACS Outage Update: We have had final confirmation that the WACS repairs are complete and everything is according to specification. This matter is now resolved from an SA NREN perspective.798:54 AM – Apr 4, 2020Twitter Ads info and privacy40 people are talking about this

A second, different break of the South Atlantic Telecommunications (SAT-3) undersea cable was fixed by the Leon Thevenin vessel on Thursday. 

This brings to an end another set of unusual circumstances where two undersea cables broke at the same time, resulting in slow internet across the country. Earlier this year, South Africans also suffered slow internet after an unusual double cable break.

The latest outage inconvenienced South Africans who are trying to work from home, after the country went into lockdown to stem the spread of coronavirus, more than a week ago. 

The Sat-3 fault was located in a similar area to the previous break in January, which was apparently caused by a short circuit. This was due to intense pressure from being trapped under heavy sediment carried by the flow of turbulent waters from the Congo River into the submarine canyon where the cable runs.

Wacs and SAT-3 are segments of a 25 000km undersea cable which connects Africa to Europe.

Read Original Article…

Bill Gates is plugging money into building factories for seven promising coronavirus vaccine candidates, even though it will mean wasting billions of dollars.

On Thursday’s episode of “The Daily Show,” the Microsoft billionaire told the host Trevor Noah that his philanthropic organization, the Gates Foundation, could mobilize faster than governments to fight the coronavirus outbreak.

“Because our foundation has such deep expertise in infectious diseases, we’ve thought about the epidemic, we did fund some things to be more prepared, like a vaccine effort,” Gates said. “Our early money can accelerate things.”

Gates said he was picking the top seven vaccine candidates and building manufacturing capacity for them. “Even though we’ll end up picking at most two of them, we’re going to fund factories for all seven, just so that we don’t waste time in serially saying, ‘OK, which vaccine works?’ and then building the factory,” he said.

Gates said that simultaneously testing and building manufacturing capacity is essential to the quick development of a vaccine, which Gates thinks could take about 18 months.

In a Washington Post op-ed article published earlier this week, Gates said some of the top candidates required unique equipment.

“It’ll be a few billion dollars we’ll waste on manufacturing for the constructs that don’t get picked because something else is better,” Gates said in the clip. “But a few billion in this, the situation we’re in, where there’s trillions of dollars … being lost economically, it is worth it.”

The Gates Foundation “can get that bootstrapped and get it going and save months, because every month counts,” he added.

The Daily Show✔@TheDailyShow

“We can save months, and every month counts.” @BillGates and Trevor discuss combating coronavirus tonight at 11/10c7,0023:44 AM – Apr 3, 2020Twitter Ads info and privacy2,336 people are talking about this

Gates and his wife, Melinda Gates, have already pledged $100 million toward fighting the coronavirus pandemic, including an effort to send at-home coronavirus test kits to people in Washington state.

In his Post op-ed article, Gates urged the government to enforce stricter lockdown measures in every state and estimated that the US would need another 10 weeks of nationwide shutdowns to effectively deal with the crisis.

Read Original Article…

• The South African government is setting up a Covid-19 database to track anyone who may be carrying the SARS-CoV-2 virus, or anyone who has had contact with a carrier.
• The health department now has the power to demand location data from cellphone companies, going back to 5 March, for that database.
• People tracked will not be notified intially, but a judge will get a list of those whose movements are traced, after the fact.
• The database is supposed to be de-identified six weeks after the Covid-19 disaster is declared over.
• For more stories go to www.BusinessInsider.co.za.

---

As of Thursday the South African government can trace the movements of any South African cellphone user back as far as 5 March, in order to fight Covid-19.

That movement data will go into a special database to identify anyone who may have had physical contact with a person known to be carrying the SARS-Cov-2 virus, for possible testing and quarantine.

Users whose locations are traced need not be notified initially, but a judge will be given a list of the people affected – after the fact – in order to make recommendations about privacy protections.

In the month after the state of national disaster is ended, those who were tracked must be told their movements had been traced. 

The database is due to be de-identified, leaving only general data for future study, six weeks after South Africa’s national state of disaster around Covid-19 is declared over.

The government has made clear its intention to use cellphone tracking since 25 March, when it said cellphone operators had agreed to hand over such data.

But South Africa’s cellphone operators said they had not made any such agreement – because it would have been illegal.

“We cannot provide personal information or information that identifies a specific individual without a Section 205 subpoena. We can assist governments with high-level aggregated data that can be critical during this global health crisis with due regard to the privacy of our customers,” Vodacom told Business Insider South Africa.

MTN did not answer questions, but Cell C also said it had not been asked to track its users.

“The data information request doesn’t include personal data or information that identifies any specific individual,” Cell C told Business Insider.

But under new regulations gazetted on Thursday by the department of cooperative governance and traditional affairs (which is in overall charge of disaster regulations), cellphone companies are required to hand over exactly that kind of individual data.

Under the rules, which are in force immediately, the director-general of the health department can direct any licensed electronic communications company to provide information on “the location or movements of any person known or reasonably suspected to have contracted Covid-19” as well as “any person known or reasonably suspected to have come into contact, during the period 5 March 2020 to the date on which the national state of disaster has lapsed or has been terminated” with someone thought to have the condition.

That data is supposed to be kept in a tightly controlled Covid-19 database.

Six weeks after the state of disaster ends, individual data must be destroyed and the database must be de-identified, the regulations say, thought that de-personalised information can be “retained and used only for research, study and teaching purposes”.

There will be no oversight of the process as the data is requested and collected, but a designated retired judge is supposed to receive weekly reports including the names and details of everyone traced.

That judge may then make recommendations “as he or she deems fit regarding the amendment or enforcement of this regulation in order to safeguard the right to privacy while ensuring the ability of the Department of Health to engage in urgent and effective contact tracing to address, prevent and combat the spread of Covid-19.”

Read Original Article…

Google will publish location data from its users around the world from Friday to allow governments to gauge the effectiveness of social distancing measures put in place to combat the COVID-19 pandemic, the tech giant said.

The reports on users’ movements in 131 countries will be made available on a special website and will “chart movement trends over time by geography,” according to a post on one of the company’s blogs. 

Trends will be display “a percentage point increase or decrease in visits” to locations like parks, shops, homes and places of work, not “the absolute number of visits,” said the post, signed by Jen Fitzpatrick, who leads Google Maps, and the company’s chief health officer Karen DeSalvo.

“We hope these reports will help support decisions about how to manage the COVID-19 pandemic,” they said.

“This information could help officials understand changes in essential trips that can shape recommendations on business hours or inform delivery service offerings.”

Like the detection of traffic jams or the measurement of traffic on Google Maps, the new reports will use “aggregated, anonymised” data from users who have activated their location history. 

No “personally identifiable information,” such as a person’s location, contacts or movements, will be made available, the post said.

The reports will also employ a statistical technique that adds “artificial noise” to raw data, making it harder for users to be identified. 

From China to Singapore to Israel, governments have ordered electronic monitoring of their citizens’ movements in an effort to limit the spread of the virus, which has infected more than a million people and killed over 50,000 worldwide. 

In Europe and the United States, technology firms have begun sharing “anonymised” smartphone data to better track the outbreak. 

Even privacy-loving Germany is considering using a smartphone app to help manage the spread of the disease.

But activists say authoritarian regimes are using the coronavirus as a pretext to suppress independent speech and increase surveillance.

And in liberal democracies, others fear widespread data harvesting and intrusion could bring lasting harm to privacy and digital rights.

Read Original Article…