Monthly Archives: February 2014

Identity Theft Triggers a Surge in Tax Fraud

Justice Department Has Charged Nearly 900 for Claiming Bogus Refunds.

With tax season under way, federal authorities are stepping up efforts to stop what they call a growing problem of fraudulent filings seeking tax refunds based on stolen identities.

The scam, which involves repeatedly filing fake tax returns electronically and receiving refunds within days, is so enticing it is attracting suspects not typically associated with white-collar crime.

On Friday, two members of an alleged crack-dealing gang in Miami were indicted on charges they also ran a tax-refund scam on the side. Suspects typically steal lists of names and Social Security numbers. Then they file large numbers of electronic returns claiming refunds, and can start getting money before investigators spot the fraud.

Identity fraud tax refund crimes are partly an outgrowth of the more recent ability to file tax returns electronically—in many cases fraudsters take advantage of that and of separate Internal Revenue Service measures intended to ease the filing process for those without bank accounts.

A spike in the number of bogus returns in the last five years has prompted law enforcement agencies—including the Justice Department and the IRS—to dramatically increase their focus on finding the tax thieves.

On Monday, the Justice Department will release data showing it filed charges against more than 880 people suspected of stolen identity tax refund crimes in the last budget year.

The number of IRS investigations jumped 66% in the past year, with the agency initiating 1,492 probes of identity-theft related crimes in fiscal 2013, up from 898 in 2012 and 276 in 2011. The IRS said it is working closely with local law-enforcement officials in more than 35 identity theft task forces nationwide.

Often the first to spot the suspects are local authorities investigating other crimes—another indication, officials say, that such paperwork crimes are being adopted by a wider range of crooks.

The scams can be sophisticated, but even simpler versions are difficult to stop. Unlike more traditional versions of tax fraud, where individuals lie about their income or deductions, stolen-identity refund fraud involves creating an entirely fake tax document, in which the only true items are the name and Social Security number.

One problem is that the IRS generally can’t match up recent earnings records with individual returns until well after the false returns are filed.

“There’s been a perception out there by criminals used to earning their money through crimes of violence that if they shift to this, it is cleaner and simpler,” said Kathryn Keneally, head of the Justice Department’s tax division. “But if you look at our prosecutions and the lengths of the sentences we’re getting, we are moving toward our goal of making this a very unprofitable crime.”

More sophisticated groups have stolen millions of taxpayer dollars before getting caught. During the past year federal authorities have brought cases targeting large fraud networks in Montgomery, Ala. The Tampa Bay region of Florida also has been a hot spot for such fraud.

The crime creates two victims—the U.S. Treasury and individual taxpayers, who only learn of the fraud when they try to file their legitimate returns. Those taxpayers are stuck with the hassle of proving to the IRS that the previous document was a phony claim.

The IRS has adopted elaborate electronic filters to screen phony returns. An IRS watchdog agency recently reported that the IRS identified nearly 580,000 returns claiming $3.6 billion in fraudulent refunds during the 2013 filing season. The IRS said it prevented refunds in about 96% of the cases. But some doubt remains about exactly how many phony claims are being paid. The IRS watchdog recently said the agency has issued potentially fraudulent returns totaling several billion dollars in some past years.

“The question is, do the systems that are in place at DOJ and the IRS actually work? Certainly not yet, given recent data we’ve seen,” said Sen. Orrin Hatch (R., Utah), the top Republican on the Senate Finance Committee.

IRS Commissioner John Koskinen said in a statement the agency is “fighting identity theft head-on at the IRS and making substantial progress with the help of the Justice Department and local law enforcement.” He said the IRS is “stopping more identity theft before these fraudulent refunds go out the door.”

 

Via: wsj

Internet Explorer ‘SnowMan’ zero-day spreading

Attack first noted on VFW website is spreading, say Symantec researchers. If you must use IE9 or IE10, get patched now.

Two weeks ago FireEye discovered a sophisticated iframe infection on the VFW website that leverages (yet another) “use after free” security hole in Internet Explorer 9 and 10. The attack, known as “Operation SnowMan” and identified by CVE-2014-0322, installs a backdoor that lets the attackers remove data from an infected computer. Ominously, it operates on a “drive by” vector — you don’t need to do anything wrong; visit an infected site, and if you’re running IE9 or IE10, you’re pwned.

Fortunately, the attacks were not widespread. They were directed at specific targets — so-called APT attacks, commonly attributed to rogue government organizations or the NSA (which may be a tautology).

Last week, Microsoft acknowledged the problem and posted a “Fix it” as part of Security Advisory 2934088.

Symantec now advises that the same technique has spread widely:

Attacks targeting this vulnerability are no longer confined to advanced persistent threats (APT) — the zero-day attacks are expanding to attack average Internet users as well. We refer to these attacks as drive-by downloads. This is not a surprising result, as the vulnerability’s exploit code received a lot of exposure, allowing anyone to acquire the code and re-use it for their own purposes.

Our internal telemetry shows a big uptick in attempted zero-day attacks. The attacks started to increase dramatically from February 22, targeting users in many parts of the world. Our telemetry shows both targeted attacks and drive-by downloads in the mix.

The Symantec advisory says that most of the infections it has observed occur in Japan on an odd array of websites — a community site for mountain hikers, an adult dating site, a shopping site, and more. “We believe that the same attacker undertook the majority of the attacks, based on the file components used… the exploit drops a banking Trojan that steals login details from certain banks.”

As I noted last week, your smartest approach is to avoid IE9 and IE10 completely — switch to Chrome or Firefox or your browser of choice. Failing that, bite the bullet and upgrade to IE11. If you absolutely must use IE9 or IE10, it would be a very good idea to apply the Fix it. Start by applying all updates to your version of Internet Explorer, then go to the KB 2934088 site and click the link to enable the MSHTML shim workaround.

There’s still no word on when Microsoft will supply a comprehensive fix.

 

Via: infoworld

Stolen Laptop Exposes 1,100 Indianapolis Hospital Patients Data

The unencrypted laptop contained patients’ names, birthdates, genders, dates of service, types of service and physician names.

Indiana’s St. Vincent Indianapolis Hospital recently began notifying approximately 1,100 patients that their personal information may have been exposed when a laptop connected to an EEG machine was stolen from the hospital on December 22, 2013 (h/t SC Magazine).

The laptop, which was password-protected but not encrypted, contained patients’ names, birthdates, genders, dates of service, types of service and physician names.

No financial information or Social Security numbers were on the laptop.

 

“After a thorough assessment, there is no indication that the theft was related to patients’ personal health information, and hospital officials believe patients are at low risk of identity theft,” the hospital said in a statement [PDF]. “In addition, St. Vincent is taking precautionary steps to avoid future incidents, and is evaluating its medical devices and installing encryption protection software as appropriate. Also, the hospital is working to enhance its physical security measures.”

While no credit monitoring services are being offered to those affected, all recipients of the notification letter are being advised to review their credit reports for suspicious activity.

 

So if your in business or even in your personal life, laptop encryption is a must.

 

Just remember: Is your laptop still unencrypted? Perhaps 7 seconds of CCTV might change your mind…

 

Via: esecurityplanet

New iOS flaw allows malicious apps to record touch screen presses

The captured touch screen data could be used to reconstruct what users typed.

Security researchers identified a vulnerability in iOS that allows apps to record all touch screen and button presses while running in the background on non-jailbroken devices.

Since the touch screen is the primary input interface on an iOS device, this attack is the equivalent of keylogging. An attacker could use the captured touch data — X and Y axes coordinates — to determine what characters victims inputted using the on-screen keyboard.

The vulnerability has been confirmed in iOS versions 7.0.6, 7.0.5, 7.0.4 and 6.1.x by researchers from security firm FireEye who identified the issue and reported it to Apple. The researchers also claim they found ways to bypass Apple’s app review process which could allow uploading an app with such touch screen monitoring capabilities in the App Store.

“We have created a proof-of-concept ‘monitoring’ app on non-jailbroken iOS 7.0.x devices,” the FireEye researchers said Monday in a blog post. “This ‘monitoring’ app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server.”

Attackers could use social engineering techniques to trick victims into installing a malicious app or they could exploit some vulnerability in an existing app to use it for this type of background monitoring, the researchers said.

IOS 7 allows users to control which apps are allowed to refresh their content while running in the background, but there are ways to bypass that restriction, according to the FireEye researchers.

“For example, an app can play music in the background without turning on its ‘background app refresh’ switch,” the researchers said. “Thus a malicious app can disguise itself as a music app to conduct background monitoring.”

The best way to avoid this security issue in the absence of a patch from Apple is to use the iOS task manager to close apps operating in the background, the researchers said.

This is not the first research about recording touch screen events. Neal Hindocha, a senior security consultant at Trustwave, plans to demo “touchlogging” apps for Android and iOS at the RSA security conference Wednesday. However, his iOS proof-of-concept app requires the targeted device to be jailbroken, unlike FireEye’s attack.

The FireEye researchers said they’ve conducted their research independently of Hindocha’s and without being aware of his plans.

 

Via: itworld

Microsoft, Sony team up to kill GameStop

We live in a world of transition from solid media to digital distribution. There’s no mistaking that. From Netflix to Steam to iTunes, physical media is rapidly falling out of favor, at least among the content creators. I suspect they are more anxious for the advent of all-digital content distribution than consumers because it will reduce OPEX.

But that day has not yet arrived. Best Buy still has a sizable section of DVDs, CDs, and videogames. Even the MacBook still comes with a DVD drive, and we all know Apple’s penchant for jettisoning something it considers old hat.

But apparently Microsoft and Sony didn’t get the memo. They are about to undertake a strategy to blatantly favor digital downloads, which could mean the demise of one of their mutual retailers, GameStop.

If you’ve never been in a GameStop, just ask your kids. It’s wall-to-wall, floor-to-ceiling plastic DVD cases of games for PlayStations 2 through 4, Xbox 360 and One, Nintendo Wii, Wii-U and DS. That’s because while PC gaming has shifted quite successfully to digital downloads, consoles have not.

Consoles have had digital downloads for a while, but there was no incentive for gamers to use it. In fact, there was a counter-incentive. GameStop buys back used games, usually for pennies on the dollar, so kids could get rid of games they didn’t like to buy new ones, and you can’t do that with a digital download. Plus, the digital download costs the same as the physical copy, so at that point you are better off with the DVD.

Well, Microsoft and Sony are about to make them an offer they can’t refuse. Microsoft announced plans to offer digital downloads at significant discount over the physical version. “Ryse: Son of Rome,” one of the more visually impressive games for Xbox One, is for sale direct from Microsoft’s online marketplace for just $40. GameStop sells it new for $59.99 and used for $37.99, plus taxes.

Sony, meanwhile, has come up with its own spin on digital distribution. Last month, it introduced PlayStation Now, an on-demand game-streaming service that promises to deliver old PlayStation games over the Internet to console players, no downloading required.

Then there’s Sony’s Instant Game Collection, which gives subscribers to Sony’s PlayStation+ service a batch of digital games that they can download and play as long as they remain members of the service. This service has been available for years, but Sony continues to beef it up.

Now, Microsoft has said this is only a test to see how gamers respond, but what if it takes off? We’re talking one-third off the retail price, after all. PC games are pretty much gone from retail, having moved to digital downloads via Valve Software’s Steam service, EA’s Origin and UbiSoft’s UPlay. The argument that you need to save a hard copy is negated by the fact that Steam knows all of my purchases. If I delete a game that I bought and decide I want to play it again, I can download it for free.

How quickly will GameStop go down? That’s hard to say. It’s nearly a $10 billion company now. It sells consoles, peripherals, used hardware and other things gamers need and can’t download. They really have no means of retaliation against Microsoft and Sony for doing this. Best Buy would be hurt by this but has other business on which to fall back. GameStop is fully invested in gaming.

All they can do is cut prices to compete, or offer other spiffs, because cutting the price of a game by one-third is going to kill its margins, something it can’t afford. In its third quarter of 2013, GameStop recorded sales of $2.1 billion but a net income of just $68 million. Its margins are razor-thin now. Competing with Microsoft and Sony would undoubtedly be fatal.

Way to mess over a partner, Microsoft and Sony.

 

Via: networkworld

Banks should brace for massive DDoS attacks this year, warns Ovum

Banks will face increasing massive-scale DDoS attacks from hacktivists this year, in addition to the smaller scale DDoS attacks used by cybercriminals to distract IT teams from detecting theft, predicts market research firm Ovum.

A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master, also known as the botmaster, identifies and identifies and infects other vulnerable systems with malware. Eventually, the assailant instructs the controlled machines to launch an attack against a specified target.

There are two types of DDoS attacks: a network-centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls. The inundation of packets to the target causes a denial of service. While the media tends to focus on the target of a DDoS attack as the victim, in reality there are many victims in a DDoS attack — the final target and as well the systems controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have been compromised, they are nevertheless likely to suffer a degradation of service and not work well.

A computer under the control of an intruder is known as a zombie or bot. A group of co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and Symantec have identified botnets — not spam, viruses, or worms — as the biggest threat to Internet security.

“DDoS attacks have undergone significant evolution over the past year. On the one hand they have grown larger, even while their average individual duration has actually decreased,” observed Rik Turner, senior analyst for financial services technology at Ovum.

“Attacks the size of those mounted in Operation Ababil are still the outliers rather than the norm,” Turner added.

Operation Ababil involved a series of coordinated DDoS attacks against U.S. banks carried out in the fall of 2012. Bank of America, JPMorgan Chase, Wells Fargo and PNC Bank were the primary targets of the attacks, which disrupted service to their online banking portals.

Cyber threat information sharing carried out by the Financial Services Information Sharing and Analysis Center helped thwart the campaign, which was carried out by a group calling itself Izz ad-Din al-Qassam Cyber Fighters.

Turner noted that banks will continue to face more targeted DDoS attacks, particularly those from cybercriminals intent on stealing money: “We have seen a trend of DDoS attacks being blended into other activities in order to throw banks off the trail of more financially motivated exploits. By employing a DDoS alongside an account hacking attack, the criminals hope to enjoy more time to transfer funds and remove traces of their activities.”

Turner recommends that banks consider cloud-based security products to help them deal with large-scale DDoS attacks and filtering to help with more targeted attacks.

For more:
– check out Turner’s analysis

Read more of this article and find other worthy stories at fierceitsecurity.com

 

Start now to make sure you are staying prepared.

 

Via: survivalring

One tweak can make your Windows PC virtually invulnerable

A study from Avecto found that almost all of the vulnerabilities reported by Microsoft in 2013 could be mitigated with one easy change.

Microsoft published 147 vulnerabilities in 2013 that were rated as Critical. Critical, however, is a relative term, and there is one simple thing anyone can do that would guard against almost every single Critical vulnerability according to a new report from Avecto.

In its 2013 Microsoft Vulnerabilities Study, Avecto found that you could mitigate almost every single Critical vulnerability simply by removing administrator rights. The exact number was 92 percent, but that brings the number of serious threats from 147 down to around 12.

Avecto also determined this would circumvent 91 percent of the Critical flaws in Office, and 100 percent–as in every single Critical vulnerability–of those that impact Internet Explorer.

Taken in the larger context of all vulnerabilities published by Microsoft, as opposed to just the Critical ones, the efficacy of taking away administrator privileges drops to 60 percent. However, the ability to make more than half of the vulnerabilities essentially go away by just changing from administrator to standard user privileges is nothing to scoff at.

There is another piece of this puzzle that the Avecto report doesn’t really address: Windows XP. Starting with Windows Vista, Microsoft introduced the concept of User Account Control (UAC), which enforces the concept of running with least privilege and requests authorization before elevating privileges for tasks that require Administrator rights.

The other aspect of Windows XP that skews the data is that Windows XP is simply more vulnerable. Generally, a flaw that exists for various versions of Windows is only Important or even Moderate on Windows 7 or Windows 8, but is Critical when exploited on Windows XP because it lacks many of the advanced security controls in the more modern versions of the operating system.

If you take Windows XP out of the mix–which will happen in April when Microsoft support for the archaic OS expires–there will likely be far fewer security bulletins rated as Critical, and the idea of putting systems at risk by running with unobstructed administrator privileges will be mostly be a thing of the past.

Regardless of which version of Windows you use, though, the Avecto report underscores a very simple reality. An attacker can typically only execute malicious code in the context of the currently logged in user, and if that user is a standard user without access to critical system functions, and with no ability to run unknown software without explicit administrator permission, most threats would be rendered harmless.

 

Via: networkworld

If you use IE9 or IE10, Security Advisory 2934088 says get patched now

Microsoft has released a ‘Fix it’ for the Internet Explorer zero-day used in Operation SnowMan attack on VFW’s website.

If you were following the news last week, you know that the VFW website was hacked. According to Dan Goodin at Ars Technica, the website was modified so that an iframe tag “silently loaded a page on another site that hosted the exploit” — a traditional silent drive-by attack, using Flash as an infection vector.

Jeremy Kirk at PC World reports that FireEye, which discovered the hack, thinks it might have originated in China and was intended to spy on active military members. The attack, now called Operation SnowMan, installs a backdoor that lets the originators pull data from an infected computer.

At the time, Operation SnowMan was categorized as (yet another) “use after free” vulnerability in Internet Explorer — the same kind of security hole patched by MS10-002, MS12-037, MS12-063, MS13-080, and many others. The “use after free” bugs are particularly pernicious because they manage to bypass IE’s ASLR technology.

This exploit was assigned CERT VU number 732479. At the time, it appeared as if the hole only affected Internet Explorer 10.

Yesterday Microsoft issued Security Advisory 2934088, which confirms that the “Operation SnowMan” security hole affects IE9 as well: IE11 and IE8 and earlier don’t have the same problem. You XP users (who are prohibited from using IE9 and later) can breathe easy, as can anyone with the foresight to be using Firefox, Chrome, or another competitive browser. In addition, the problem doesn’t crop up on default installations of Server 2003, 2008, 2008 R2, 2012, or 2012 R2.

If your version of IE9 or IE10 is updated to include the latest patches, you can manually apply a Microsoft “Fix it” to block the SnowMan. Go to KB 2934088 and, at the bottom of the page, click the link to Enable the MSHTML shim workaround.

Or you can upgrade to IE11. Or you can just use a different browser — none of the other major browsers support MSHTML.

No word as yet on when a permanent solution will be delivered.

 

Via: infoworld

Time Warner Cable Raises Rates (Again), Adds ‘Broadcast TV’ Fee

Users in our Time Warner Cable forum inform us they too are taking part in rate hike season festivities, the cable operator informing users that prices will be going up for many users starting March 1 for both cable TV and broadband services (not to mention set top box rentals).

Time Warner Cable is also starting to charge users a $2.25 “Broadcast TV” fee next month, which as we’ve been discussing is something most cable operators have been doing as a way to sneakily bury retransmission fee hikes from broadcasters in below the line fees.

That allows cable operators to not only sock you twice for content (since such programming hikes generally should be included in the overall cost of business and the existing rate hikes), but it allows them to misleadingly leave advertised rates the same. It also lets them increase prices for users in price-guarantees or under contract.

As with most rate hikes, the notices are accompanied with the insistence that the hikes are about bringing you added “value,” and necessary because of all the great upgrades the companies have been busy with. Except in Time Warner Cable’s case those upgrades have been slow in coming, the company considerably slower than Comcast in deploying faster DOCSIS 3.0 speeds or new TV technologies.


That doesn’t stop the company from blaming these largely non-existent upgrades for higher bills:

quote:


We want you to get the most value possible out of your services, which is why we continually introduce new benefits and features like faster Internet, hundreds of thousands of free WiFi hotspots, crystal-clear HD channels and innovative apps that let you watch live TV on virtually any device.

It is also important to us that we keep you informed of any changes to your service. This is why we wanted to make you aware that you will see a change in the cost of your TWC services in your next bill.

This change is being driven by several factors. One is that the rates TV networks and programming providers are charging us to deliver your favorite channels have risen to new heights in the last year. We work our hardest to control these costs on your behalf, but the price of programming is increasing dramatically. Another factor is that the cost to maintain and grow our network has also increased. This investment is critical, however, as it allows us to continue bringing you the innovative features and reliable service you deserve.


Users in our forums note they would jump to competitors like Verizon FiOS, if they weren’t in many areas even more expensive. As for users dodging the new Broadcast TV fee by being acquired by Comcast? It’s not happening, as Comcast started charging the same kind of sneaky fee last fall.

 

Via: dslreports

Where Police Can & Can’t Snoop Through Your Phone

A privacy issue has been brewing in the U.S. for years now: if the police arrest you, should they be able to snoop through your iPhone like a jealous lover? Judges across the country have come to different conclusions as to whether a search of a phone without a warrant is an unreasonable one, setting up a legal disagreement that will likely need to be settled by the Supreme Court. (Update 8/19/13: They’ve been officially asked to do so.) For now, the differing decisions mean that the privacy of the photos, texts, emails, contacts, call logs, and ‘Bang With Friends’ app on your phone of choice varies from state to state.

Hanni Fakhoury, a lawyer at the Electronic Frontier Foundation, has compiled a rough guide of where warrantless cell phone searches are allowed and not allowed when arresting someone based on rulings in state and federal courts “that have looked at the legal issue head on.” FORBES has turned that into the map below. Red states are those where your phone can be searched when you’re arrested. Blue states are those where police need to get a warrant to take a look inside those information-rich devices. Yellow states have no precedent set yet.


If you want a map that will take you to a court decision that helped determine the state’s color go to original article here.

“Cellphones are a potential treasure trove for law enforcement officers seeking evidence of a crime. When a person is arrested with a cellphone on him, law enforcement officers will likely want to search the phone’s contents,” wrote Bridget Rohde in a Law360 article earlier this year on the lack of a clear rule on this around the country. A precedent-setting case in 1973 involving drugs found in a cigarette carton in someone’s pocket established that the po-po can search “containers” people have on them when arrested. Where courts have disagreed is whether the information held in a phone is so vast that it should be treated differently. Unlike a cigarette carton, looking through a phone is as intimate as searching a person’s house as today’s mobile devices contain schedules, contacts, history of communication, private correspondence, financial apps, medical apps, time-wasting games, and inevitably, some racy photos. Having the right to look through phones means police could take a suspect into custody for the chance to search the many planets of intel in a Samsung Galaxy for evidence, or could wind up stumbling upon something incriminating on a Droid while arresting its owner for being at a protest or rally.

Most of the blue parts of the map only recently became that way thanks to decisions this year in Florida and in the First Circuit. The Florida case involved Cedric Smallwood, a man suspected of robbing a convenience store in Jacksonville of about $15,000 in 2008. After Smallwood was identified by witnesses, police got a warrant to arrest him. They seized his phone, and while scrolling through it found photos that made a perfect (and romantic) infographic for the crime: a photo of a handgun taken before the robbery, a photo of Smallwood’s girlfriend holding a bundle of money the day after the robbery, a photo of a handgun next to a fanned-out stack of cash four days after the robbery, and an image of hands with engagement rings five days after the robbery. In other words, the cellphone search made the prosecution’s job a whole lot easier.

Smallwood challenged the search of his cellphone on appeal saying police should have gotten a warrant to look through it first. Florida’s Supreme Court agreed with him. “We refuse to authorize government intrusion into the most private and personal details of an arrestee’s life without a search warrant simply because the cellular phone device which stores that information is small enough to be carried on one’s person,” wrote the Florida judges in May. A Florida sheriff’s office says they are now writing warrants that include the right to search phones, but this protects someone who might be ‘casually arrested,’ say for being at a protest.

The same month, the federal court for the First Circuit reached the same conclusion in U.S. v. Wurie, saying the police shouldn’t have searched a Boston man’s phone without a warrant after they saw him engaged in a drug sale in a car.

“The storage capacity of today’s cell phones is immense…. That information is, by and large, of a highly personal nature: photographs, videos, written and audio messages (text, email, and voicemail), contacts, calendar appointments, web search and browsing history, purchases, and financial and medical records,'” wrote the First Circuit judges in their ruling, which put northeast states into the blue. “It is the kind of information one would previously have stored in one’s home and that would have been off-limits to officers performing a search incident to arrest.”

“The First Circuit and Florida Supreme Court issued their decisions  weeks apart from each other earlier this year meaning that for a while prohibiting cell phone searches incident to arrest was clearly the minority position,” says EFF’s Fakhoury. “There’s greater momentum now.”

Back in 2011, after California’s Supreme Court ruled that it was okay to look through people’s phones when you arrested them, the legislature tried to pass a law to protect phones, but the governor vetoed it. There are no other states with laws on the books about the practice. Now that federal courts have disagreed on the question, it sets the stage for a showdown at the nation’s highest court. The First Circuit declined to revisit its Wurie decision this week with its chief judge writing that he hopes it will “speed this case to the Supreme Court.”

 

 

Via: forbes