At a glance.
- US House Democrats propose renewal of domestic surveillance legislation.
- NSO Group and Facebook continue court fight over spyware allegations.
- Google Chrome identifier may contain PII after all.
- Geofence warrant fingers wrong man in a burglary.
US domestic surveillance authorities, set to expire on March 15th, face uncertain renewal.
Democrats in the US House of Representatives have prepared legislation that would extend some domestic surveillance authorities beyond their March 15th sunset, the Wall Street Journal reports. They believe they may be able to attract some Republican support (the Minority Leader among them) for a vote by week's end. But the likelihood any such renewal would pass the Senate, still less secure the President's signature, seems low. As the Journal puts it, there's an unsympathetic "emboldened civil-liberties bloc" in Congress.
NSO Group and Facebook wrangle over spyware in court.
In this particular fight Facebook is on the side of privacy, NSO Group not so much. Facebook’s WhatsApp subsidiary sued NSO Group in US District Court for the Northern District of California last October after it found what it took to be evidence that the spyware vendor had exploited a vulnerability in WhatsApp in order to remotely install its Pegasus intercept tool in susceptible smartphones. NSO Group no-showed for its initial court appearance last week, and the court entered a default judgment against the Israeli company. Now, Reuters reports, NSO Group has asked the court to find that Facebook was in violation of international law. Specifically, NSO Group alleges that Facebook “lied to the court in their application for default by stating that defendants had been served under the Hague Convention, when in fact, plaintiffs had been told by the government of Israel two days earlier that service under the Hague Convention was not complete, and the application for service needed to be resubmitted.” They've asked that Facebook be ordered to cover $17,000 in court costs. Facebook says the Hague Convention business is a technicality, that it "diligently" attempted to serve NSO Group properly, and that it will be happy to withdraw its application for default so that the suit against NSO Group can proceed on its merits.
Google may be holding some personally identifiable information in an internal identifier.
The Register says that Google may, in fact, be keeping some PII in an internal identifier it uses to track experimental features in the Chrome browser. This appears more a matter of oversight than deliberate policy.
Geofence warrants may put innocents at crime scenes.
Naked Security recounts the story of a man who was notified by Google that police had inquired about his whereabouts. His Android geolocation data had been swept up in a Gainesville, Florida, geofence warrant, effectively a kind of digital dragnet, and it had made him a suspect in a burglary.