New Episode Alert EP137

NSA Data Collection Ruling 😎

September 08, 2020

In episode 137 for September 7th 2020: A federal appeals court finds the NSA's bulk collection of phone data was unlawful, new research shows that browsing histories are unique enough to reliably identify users, and my personal story about a car accident and the privacy of your public records.

I've been so impressed with the innovative privacy focused products that our sponsor Silent Pocket has been releasing over the last several weeks. One of these products is their new

which offers laptops up to the latest 16 Inch MacBook Pro complete protection from the elements and all signals to and from your laptop. This bag protects your laptop from everything including Bluetooth location tracking, remote hacking, and anything else the weather can throw at you laptop. Get yours today at

. And don't forget to take 15% off your order by using discount code "sharedsecurity".

Appeals court finds NSA's bulk phone data collection was unlawful

The big news this past week was that

. The ruling stated that the NSA collected massive amounts of phone records well beyond the scope of what Congress originally allowed and that the program may also have violated the US Constitution. This is actually a very significant development, especially for Edward Snowden, who in 2013 revealed leaked documents showing a surveillance campaign by the NSA that was harvesting massive amounts of personal data of US citizens in the name of preventing terrorist attacks. Snowden tweeted last Wednesday that quote Seven years ago, as the news declared I was being charged as a criminal for speaking the truth, I never imagined that I would live to see our courts condemn the NSA's activities as unlawful and in the same ruling credit me for exposing them. And yet that day has arrived. Now even if you disagree with what Snowden did, his actions have drastically changed the way tech companies protect your personal data, and have forced the NSA and other government agencies to be held more accountable for what type of data is being collected and the reasons for doing so.

Mozilla research: Browsing histories are unique enough to reliably identify users

A

showed that most users of the Internet have unique web browsing habits that allow online advertisers to create accurate profiles of them. These profiles can then be used to track and re-identify users across different sets of user data that contain even small samples of a user's browsing history.  Mozilla's study shows that even a small list of 50 to 150 of the user's favorite and most accessed domains can let advertisers create a unique tracking profile. And while this research sounds pretty scary, there are things that we can do about limiting the ability of advertisers to track our movements across the web. This includes using more privacy aware browsers and add-ons (my recommendations are of course Firefox, and the EFF's Privacy Badger add-on), and even using private browser viewing modes that all major browsers now have available. However, there is no silver bullet unless you, well, don't use a web browser or the Internet at all. But as this research notes, education and improvements in the way browsers are blocking and preventing fingerprinting and tracking look to be moving in the right direction.

My personal story about a car accident and public record "privacy"

I want to slightly depart from traditional privacy news this week to share my story about a recent situation that I'm going through after one of my family members was involved in a minor car accident. First of all, everyone is fine and there were no injuries and the accident itself was the fault of the other driver that rear-ended our car when we were turning off a freeway exit ramp. The driver that hit our car thought that we were turning when, in fact, we were waiting for oncoming traffic to pass. The good news is that there was only minor damage to our car and we have a police report to back up that claim, but the bad news is that we're now being solicited by chiropractors and personal injury attorneys through text messages and snail mail. And I'm not just talking about a few messages, literally every day it's been phone calls, voice mails, and letters soliciting us for post-accident services. In fact, several letters from a few personal injury attorneys even included a copy of the police report that was filed. Now this got me thinking.  How did all of these solicitors obtain accident details and our personal contact information literally a day after the accident occurred?  Well it all comes down to a problem known as

and the easy availability of public records. Ambulance chasing is when scumbag lawyers and doctors show up at the hospital to solicit legal, medical, and other services without the consent of the accident victims. Ambulance chasers remind me of a certain lawyer, Saul Goodman, on the popular TV show, Breaking Bad. Better Call Saul! Now ambulance chasing is nothing new, in fact it’s a huge problem. I found myself down a rabbit hole of issues with how public records can be accessed as well as how various state solicitation laws can vary pretty significantly in the US. So here's what I discovered. In the state that I live in, I can go to the department of public safety website and simply enter the date of the accident, the county, law enforcement agency, and pull up all the crash reports I want. These crash reports have names, addresses, date of birth, and all kinds of details about the accident, including injuries. Even though phone numbers are not in the crash report, it's extremely easy to Google or use other ways through open source intelligence to match up names to phone numbers. And this may be only one way solicitors get access to your information. In my research I found

about people that work at police departments, state and local governments, and even hospital employees being bribed for handing over personal details of accident victims to these solicitors.

So what can we do about this? Unfortunately, there isn't a lot that you can do but there may be solicitation laws in the state that you reside in that can help. For example, I found out that in my state a new solicitation law was passed just last year which prohibits chiropractors and other health care practitioners from immediately calling people who were involved in a car crash. Surprisingly, there's no law in my state that prevents solicitors from contacting you at all after a crash! In fact, even with the recent law that was passed in my state, solicitors can still contact you through physical mail immediately after an accident. But there are good things that some states are doing. For example,

after the date of a crash and only prior to that access to reports are extremely limited, yet, after 60 days the crash report still becomes public record. So the bottom line is, there isn't a good solution to prevent people from soliciting you after a car accident unless your state has a law in place to hold these solicitors more accountable or to hold back the eventual release of your details. In the meantime, be sure to screen those phone calls and toss all those junk solicitations from the Saul Goodman's of the world in the trash.

Watch this episode on our YouTube Channel!

AugustMonthly ShowEpisode 103In our August monthly episode we start our three part series on targeted attacks. In this episode we focus on OSINT (Open Source Intelligence) and reconnaissance techniques used by attackers in phishing and BEC (Business Email Compromise) attacks. Kyle Lovett, Principal Penetration Tester at Veracode, joins us to demonstrate some of the tools and techniques used by attackers and professional penetration testers when conducting these targeted attacks.

Watch this episode on our YouTube Channel!

Please support our sponsors!

Take advantage of this exclusive offer and help support this podcast!

Visit

to shop Silent Pocket's great line of privacy focused products.