White House, Judges Grapple Over State Secrets in AT&T Spy Suit

The Bush administration is urging the U.S. Court of Appeals for the 9th District in San Francisco to dismiss a lawsuit filed by consumers and privacy advocates against AT&T for its role in a program that enables eavesdropping on phone calls and e-mails, saying allowing the case to proceed would put intelligence efforts at risk.

Permitting the case — which the Electronic Frontier Foundation (EFF) brought as a class action on behalf of AT&T customers — to go to trial would “reveal the sources, methods and operational details” of covert intelligence agencies such as the National Security Agency (NSA), Deputy Solicitor General Gregory Garre said during a hearing Wednesday.

The appeals court held the hearing on motions by the government to dismiss two lawsuits — the AT&T case being one of them — filed in connection with the NSA spying program.

The EFF said the argument, which the government has used throughout the proceedings, falls short, and amounts to efforts to avoid responsibility for using a private company such as AT&T to help the government spy on its own citizens.

“The courts are well-equipped to protect state secrets” even while allowing the trial to take place to help determine if the program was illegal, said EFF Legal Director Cindy Cohn.

Out of Balance?

The appeals court took the matter under consideration, and is expected to rule in a matter of weeks. The three judges on the panel peppered both sides in the case with questions, aiming many of their inquiries at Garre. For instance, they asked about how a court should determine if something is a state secret and requires protection on security grounds.

“Who decides what’s a state secret?” Judge Harry Pregerson asked. “Are we just a rubber stamp? We’re just supposed to take the word of the executive?”

In response, Garre argued the court should give the “utmost deference” to the executive branch if such a claim is made.

The main case is known as “Hepting v. AT&T,” and is a class action brought on behalf of AT&T customers who say their right to privacy was violated when AT&T took part in a NSA-sponsored program to channel Internet traffic — including VoIP phone calls and e-mail messages — through government systems that enable eavesdropping.

Spying on Millions?

The EFF has said it has a sworn affidavit from a former AT&T employee who was aware of a room within AT&T’s regional operations facility that only NSA employees had access to. The group says such surveillance requires a search warrant under federal law.

The second suit involves a direct complaint alleging illegal wiretapping. The Al-Haramain Islamic Foundation claims federal agents violated the law when they tapped into phone calls between the charity and its outside attorneys.

The Bush administration is making the same argument in that case — that any trial would make public spying techniques that could weaken efforts to protect the U.S. against future terrorist attacks.

“The government is hoping to avoid accountability for spying on millions of AT&T customers,” EFF Staff Attorney Kevin Bankston told the E-Commerce Times.

A vigorous hearing in the courts would be part of the “system of checks and balances that is supposed to thwart abuses of power,” he added.

“The White House is trying to wiggle out of those checks by taking the courts out of the picture,” Bankston said.

Taking Sides

Lawmakers last month granted the president additional power under the Protect America Act of 2007 to conduct surveillance of international communications involving U.S. citizens without a warrant.

In passing that extension and expansion of the Foreign Intelligence Surveillance Act (FISA), Congress backed up the president’s sweeping surveillance efforts, said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC).

“It is the most dramatic change in the 30 year history of the FISA and will leave millions of Americans subject to electronic surveillance, without court review, regardless of whether they are suspected of any wrongdoing,” Rotenberg told the E-Commerce Times.

Still, Congress will likely debate the issue again as the extension expires in about six months and could add in some means of providing oversight to prevent abuses. Meanwhile, the courts are another key battleground in the privacy front.

There have been numerous court cases launched since the NSA program was first revealed last year. Last month, a federal judge said five states — Missouri, Maine, New Jersey, Connecticut and Vermont — could continue with investigations into AT&T’s involvement with the surveillance program. In fact, a U.S. District Court judge has already ruled that the Hepting case could continue despite government claims of the need for secrecy.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

Technewsworld Channels

5 Cyber Safety Tips To Survive the Internet, Hackers and Scammers

phone fraud hacker

Navigating the internet can be a trouble-filled journey. Bad actors intent on exploiting uninformed users are constantly lurking behind emails, websites, and social media invites. Even your Wi-Fi router and those now-ubiquitous QR codes can be danger points. Add to that, the never-ending virus and malware threats.

Computer and mobile device users are often unaware of the danger zones. However, the internet need not be a constant trip through the badlands. What it takes to stay protected online is knowing what to avoid and how to protect yourself.

Here are five things in your control to help keep your digital activity safe.

1. QR Codes, Handy but Potentially Harmful

QR Code for TechNewsWorld.com
A safe QR code for TechNewsWorld.com

These postage-size image links to websites can be convenient. Just point your smartphone camera at it and instantly go to a website, tech support location, discount offer on a purchase, or restaurant menu.

However, QR codes can also take you to a nefarious place where malware or worse is waiting. QR codes can be programmed to link to anything, putting your privacy and security at big risk.

Think before you scan a QR code. If the code is displayed on a website or printed document you trust, it is probably a safe. If not, or you are unsure, check it out.

You can download reputable QR reader apps that will perform a security check on the endpoint of the QR code’s destination. One such safety tool I use is the Trend Micro QR Scanner app, available for Android and iOS.

2. Avoid ‘Unsubscribe’ Email Scams

This is a popular ongoing scam that has a high success rate for hackers. Potential victims get an email for a product offer or other business invitation. The opt-out action step is enticing, looks familiar, and sounds reasonable. “Don’t want to receive our emails? Click here to unsubscribe,” it beckons.

Sometimes the annoying repeat emails ask if you want to unsubscribe from future emails. Some even offer you a link to cancel a subscription.

Do not select any options. Clicking on the links or replying confirms your active address.

Never input your email address in the “unsubscribe me” field, either. More senders will follow.

A better solution to deleting the unwanted email, especially from an unknown sender, is to mark it as spam. That moves it to the spam folder. You also can add that sender to your email program’s block list, or set up a filter to automatically delete it before it reaches your inbox.

Finally, check out the free service Unroll.me. There you can unsubscribe from unwanted emails, keep others, or get the rest in a daily digest.

3. Lockout Facebook Hackers

Other villains try to usurp Facebook accounts. Hackers can change your password, email address, phone number, and even add a security code to lock you out of the pirated account. Before trouble happens, be proactive to prevent these situations. Facebook provides the following security settings you need to enable.

Enable two-factor authentication (2FA) to require your login approval on a separate device.

To do this, log in to your Facebook account on a desktop computer and navigate to Settings & privacy. Next, select Security and login. Then scroll down and edit the Two-factor authentication option. 

Facebook two-factor authentication settings

To complete this step, you must enter your Facebook password.


Activate these two additional features to block Facebook hackers:

  • Turn on the Code Generator feature in the Facebook mobile app
  • Set up login alerts to your email

First, open the Facebook mobile app and tap the magnifying glass, enter the term “code generator” and tap the search icon. Tap the result Code Generator to navigate to the next screen, then tap the button “Turn On Code Generator” to get a 6-digit code that changes every 30 seconds. You must enter this code within that short time span to login to your account on another device.

Next, set up alerts about unrecognized logins. You can do this from either a computer or a mobile device.

  • Computer: go to Settings & privacy > Settings > Security and login > Get alerts about unrecognized logins (see above screenshot).
  • Mobile app: tap Menu > Settings & privacy gear icon > Settings. Then tap Password and security. Next, scroll to Setting Up Extra Security > Get alerts about unrecognized logins > tap to select your preferred notification methods.

If you have trouble logging in, head to facebook.com/login/identify to fix the problem. If you are unable to login there, go to this Facebook help page instead and fill out the request form for Facebook to review your account. You will need to answer a few security questions to prove your identity. This might include providing proof of ID like a photo of a driver’s license.

4. Secure Your Wi-Fi Router

The flood of people working remotely since Covid put home Wi-Fi routers squarely in hackers’ target sights. As a result, malware attacks on home Wi-Fi networks are on the rise because residential setups often lack the level of security and protection that is found on enterprise networks.

One nasty attack tool, dubbed ZuoRAT, is a remote access trojan designed to hack into small office/home office routers. It can affect macOS, Windows, and Linux computers.

With it, hackers can collect your data and hijack any sites you visit while on your network. One of ZuroRAT’s worst factors is that once your router is infected, it can infect other routers to continue spreading the hackers’ access.

Apply these steps to better secure your home/office Wi-Fi network:

  • Be sure to enable WPA2 or WPA3 encryption on your routers. The default factory setting is often the outdated WEP (Wired Equivalent Privacy) security protocol, or none is set at all. Check the user manual or the router manufacturer’s website for directions.
  • Change your router’s SSID (Service Set Identifier) and password. This is critical. Typically, the factory setting shows the router’s make or model and has a universal password such as 0000 or 1234. Rename the SSID to not easily identify you. Avoid names that include, for example, all or parts of your name or address. Make sure the password is very strong.
  • For added protection, change the router’s password regularly. Yes, this is a big inconvenience because you also must update the password on all your devices that use that Wi-Fi network. But considering it will keep out hackers, it is well worth the hassle.
  • Keep the router’s firmware updated. Check the user manual and/or the manufacturer’s website for steps to download the latest updates.

FAQ
How do I create a password that is hard to hack?

The strongest passwords have all these characteristics:

  • Lengthy — the more characters, the better
  • A mix of upper-case and lower-case letters, numerals, and special characters
  • No dictionary words or anything related to personal information

Pro Tip: When using a password generator, always change at least a few characters from the random result to create your final credentials.

5. Beware of Phony Tech Support Schemes

Some fraudsters call on the phone to tell you they are a tech support division working for a well-known computer or software company. The caller claims to be calling in response to an alert from your computer of a virus detection or malware on your device. The scammer offers to fix it if you simply provide your credit card number.

Hang up. Your computer is not infected.

A modified version of this tech support scam is a text or email claiming the same details. Do not reply. Just delete the message and move on.

You might also be browsing the web when a pop-up message crashes onto your screen. I have received very loud audio alerts warning me that my computer is at risk and not to turn it off without responding for help.

In all these cases, the scammers want to scare you to comply with their instructions. The action they want you to take to let them fix the alleged problem will hurt your bank account and possibly let them transmit real infections.

Follow these best practices to protect yourself from tech support fraud:

  • Never let a scammer con you into going to a website or clicking on a link.
  • Never agree to a remote connection by the so-called tech support agent that initiated contact to you.
  • Never give payment information in exchange for technical support you did not initiate. Legitimate tech companies will not call you and ask for payment to fix a problem they claim to have discovered on your device.

If you suspect your computer has a virus or malware problem, initiate contact with a repair center yourself. You probably already have a support plan or active warranty from where you purchased the computer. If you have not contacted a tech support company, the call or message you received is illegitimate.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Cybersecurity

6 Signs Cybercriminals Infected Your Phone and How To Fix It

Unless you are one of those rare folks who shuns the use of cell phones, you are walking around with a ticking cyber bomb in your pocket.

Smartphone malware is an ever-growing threat. More than 5 billion people use mobile phones worldwide. More than 90% of those individuals rely on smart- or internet-enabled phones with an average of 40 installed apps on each phone.

By the end of this year, more than 200 billion apps will have been downloaded from virtual app stores. Therein lies the danger.

Official Apple and Google-controlled software stores are vigilant in weeding out unsafe apps. But many cell phone users rely on rogue and third-party download repositories that are overrun with infectious malware.

The threat does not end at the app stores. Cybercriminals have a toolbox full of methods to slip malicious mobile malware onto your phone. All you have to do is visit the wrong website, click on an embedded link in an email or text message, or open an attached document to enable a cyber trap.

Know the Risks

Mobile malware is a growing cybersecurity concern. It can result in the theft and subsequent sale of your private data.

Adware now is the cause of 42% of new mobile malware worldwide. Banking malware threats, especially on Android devices, are up by 80%.

Having most of the free or even paid antivirus apps on your phones does little to detect or prevent sophisticated cyber assaults, according to the latest reports regarding enterprise security. Nearly half of the free Android antivirus programs do not effectively detect malware.

IPhone security is not impenetrable either. Although Android malware is much more prevalent than iOS infections, cybercriminals are getting better access to iPhones. Both platforms are susceptible to malware that open backdoors into phones through text messaging and other shared file exchanges.

Cybercriminals want your data. Much of the mobile malware is designed to peer into your digital data to steal your various usernames and passwords. That gets them into your bank accounts.

But cyber thieves do not stop there. They also have invasive software that lets them snoop into your audio and video, and track your locations.

What To Do

Start by eliminating some of the loopholes in how you use your smartphone. You want to make it more difficult for cybercriminals to take advantage of you. A great starting point is taking stock of your installed apps.

Android Phones

Go to the settings panel and open the permissions section. Its exact location will vary based on the Android version installed and whatever user interface (UI) overlays the phone’s manufacturer uses.

Generally, you can go to Settings > Apps > See all Apps. Then tap an app name and scroll down the list to tap Permissions.

Check each app for the permissions granted by default. Remove all but the ones the app needs. Question why access to camera, microphone, documents, and photos are required. These are the ways app developers collect your data to monetize the software.

Be sure to toggle on the option to remove permissions and free up space for unused apps. Even better, long press on the app name to uninstall apps you do not use.

iPhones

Go to Settings > Apple ID > Password & Security

Work your way through the menu items to set up your preferred options. Especially focus on the Apps Using Apple ID section. This is where you can find third-party apps connected to your accounts, such as fitness or email apps.

Keep this list short. Be sure to remove apps you no longer use by touching the Edit button and the red “delete” icon.

Got Malware?

Be suspicious at the first sign of your phone behaving oddly. Both the Android and Apple smartphone platforms present the same set of common symptoms to indicate malware may be at play inside your device. 

It helps if you know the most recent apps you installed and documents or text links you opened. This knowledge can help you troubleshoot a potential malware problem.

If your phone has one or more of these six symptoms, the cause could be malware:

1. Unusual messages and pop-ups
Inappropriate messages or unwanted ad pop-ups are sure signs of mobile malware or spyware.

2. Titles in your app drawer or library you do not recognize
Do an internet search for the title. It may indicate if the app is safe. Delete all unknown app titles.

3. Slow performance
This might mean that you are almost maxed out on your available RAM (random access memory). Remove unused apps and restart your phone. If the slowness remains, suspect malware.

4. High internet usage and/or increased battery consumption
These two symptoms often go hand in hand when malware runs on a device. See below for how to do a system reset to wipe your memory and storage clean, removing the malware as well.

5. Unusual noise or static on your phone connections
This is a telltale sign that a surveillance app is snooping on your phone conversations.

6. Strange voicemail messages or text messages
Getting messages and calls from unknown parties are key indicators that access to your phone is compromised.

Wipe Away the Malware

Resetting or restoring your smartphone is one of the most effective remedies for removing suspected malware. Do this before you waste time and money buying and downloading so-called mobile security solutions. Like most battery savers and memory clearing apps, they are fairly useless.

When finished with these steps you will need to set up your phone again.

Follow these steps to reset your Android smartphone:

Be sure your data is backed up to Google Drive or a comparable solution (see below). Backing up to Google Drive is not a requirement, but it is an easy way forward. You do need to make a backup of at least your personal data. Otherwise, a copy of your data that existed on the device prior to performing the reset will no longer exist.

  • Open Settings and select System
  • Select Reset options
  • Select Erase all data (factory reset)
  • Select Reset Phone at the bottom
  • Select Erase Everything when prompted to confirm you want to perform a factory reset.
  • Download and install your apps again from Google Play

Follow these steps to reset your iPhone:

Back up your data using iCloud or another solution listed below. Make sure, however, that your stored iCloud data is not infected.

  • Go to Settings > General > Transfer or Reset iPhone
  • Tap “Erase All Content and Settings” to clear all apps and data — again, make sure you’ve backed up your data either to iCloud or a local drive!
  • Restart your iPhone and set it up again
  • Download and install your apps again from the App Store

We cannot emphasize enough to make a backup copy of your data.

You will not have access to the data that existed on your device prior to the reset. So please understand that making a backup of your data is your only safeguard against losing it.

Alternative backup locations not mentioned above are Microsoft’s OneDrive or another cloud storage service you use, an XD card in the device, your local computer, or external media such as a USB drive.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Smartphones