US privacy wins victory as judge limits FBI warrantless searches

This week started with a bang and just kept going. In the hours of Saturday evening, TikTok has cut access to users in the United States in front of The deadline is Sunday which forced Apple and Google to remove the video sharing app from their app stores. While TikTok was dark, US users came on board bypass TikTok ban while many other unexpected apps he also saw his access to Americans cut off. At noon on Sunday, however, Access to TikTok was already back in the United States. From Monday evening, the new president of the United States Donald Trump had signed an executive order delaying the ban on TikTok from 75 days.

On Tuesday, Trump well done on his promise to free Ross Ulbricht, the imprisoned creator of the Silk Road Dark Web Marketwhere users sell drugs, guns, and worse. Ulbricht had spent more than 11 years behind bars after he was arrested by the FBI in 2013 and then sentenced to life in prison. Trump’s decision to pardon Ulbricht is widely seen as linked to the support he has received from the libertarian cryptocurrency community, which has long considered the creator of the Silk Road a martyr.

As the world enters the second era of Trump, WIRED sat down with Jen Easterlywho recently left his top post as director of the Cybersecurity and Infrastructure Agency to discuss the cyber threats facing the United States and CISA’s uncertain future as the frontline watchdog against to nation state hackers and other digital security threats facing the United States.

Finally, we detailed a new research that revealed how trivial the bugs were exposed Subaru’s system for tracking the locations of its customers’ vehicles. The researchers found that they could access a web portal for Subaru employees that allows them to identify up to a year of a car’s location, down to the parking lots they use. The flaws have now been patched, but Subaru employees still have access to sensitive driver location data.

That’s not all. Every week, we add security and privacy news that we haven’t covered in depth. Click the headlines to read the full stories. And stay safe outside.

A US judge in New York this week found that the FBI’s practice of searching for data on US persons under Section 702 of the Foreign Intelligence Surveillance Act without obtaining a warrant is unconstitutional . FISA gives the US government the authority to collect communications from foreign entities through Internet providers and companies like Apple and Google. Once these data were collected, the FBI could conduct “backdoor searches” for information on US citizens or residents who communicated with foreigners, and did so without first having a warrant. Judge DeArcy Hall found that these searches required a warrant. “To hold otherwise would effectively allow law enforcement to amass a repository of communications under Section 702 — including those of US persons — that can then be searched upon request without limitation,” the judge wrote.

A “problem” with the basic functionality of Internet infrastructure company Cloudflare’s content delivery network, or CDN, may reveal the gross plight of people using apps, including those intended to protect privacy, according to the findings of an independent security researcher. Cloudflare has servers in hundreds of cities and more than 100 countries around the world. Their CDN works by caching people’s Internet traffic on their servers, then relaying that data from the server closest to a person’s location. The security researcher, who goes by Daniel, found a way to send an image to a target, collect the URL, then use a custom tool to query Cloudflare to find out which data center provided the image – and so the state or possibly. Fortunately, Cloudflare tells 404 Media that it fixed the problem after Daniel reported it.

In one of its first moves after Trump took office on Monday, the Department of Homeland Security let go of everyone on the agency’s advisory committees. This includes the Cyber ​​Security Review Board, which was investigating widespread attacks on the US telecommunications system by the Chinese-backed Salt Typhoon hacking group. US authorities revealed in mid-November that Salt Typhoon had embedded itself into at least nine US telecoms for espionage purposes, potentially exposing anyone using unencrypted calls and text messages to Beijing’s surveillance. While the future of the CSRB remains uncertain, sources say reporter Eric Geller that his investigation into the Salt Typhoon attacks is effectively “dead”.