Your daily round-up of some of the other stories in the news
Kelly moots requiring social media passwords from visitors
People wanting to visit the US might be asked to hand over passwords to their social media accounts, homeland security secretary John Kelly told Congress yesterday.
He told a congressional hearing: “We want to say, for instance, which websites do you visit, and give us your passwords, so we can see what they do on the internet. If they don’t want to give us that information, they don’t come in.”
While Kelly said that this was “a work in progress”, the advice from our security bods here at Sophos stands: we would never recommend that you give anyone your password, and we hope that this does not become a real thing.
Meanwhile, we’ll just note that Facebook clearly states in its terms and conditions: “You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.”
BlackBerry brings BBM technology to developers
Blackberry, which has been struggling ever since the market for its smartphones fell off a cliff, is to make its security-focused BBM messaging technology available to developers who want to beef up the security of their products.
The software development kit (SDK) it’s making available later this month to iOS and Android developers will include messaging, video and voice calling and file-sharing, and will support push notifications.
ZDNet reported that the pricing will be in the form of a monthly subscription, based on the number of users and which services the developer adds to their app.
City decries Uber’s ‘one-way street’
Pittsburgh is fed up with Uber, which has been testing autonomous cars in the city since September and, according to officials, has given very little back in return.
Michael Lamb, the city’s Controller, recently urged mayor Bill Peduto to make clear what benefits the city was getting in return for supporting Uber‘s programme to test driverless cars, saying that the relationship between the taxi platform and the city had become a “one-way limited access highway”.
Lamb raised the pertinent point of data collection, saying: “At Uber’s request, the city of Pittsburgh has opened its streets to a fleet of data collecting robotic vehicles. This is much more than ride sharing. These vehicles are capable of collecting endless amounts of data about our city. Who owns that data? In your negotiations with Uber, was this ever discussed? Can Uber turn around and sell that data without our consent? And do we get a share of any royalties? Do we even have free access to the data that our city streets generate?”
Uber in December pulled its fleet of driverless cars from San Francisco after falling out with regulators there and decamped to Arizona instead.
Catch up with all of today’s stories on Naked Security
John
The U.S. does such a terrific job at keeping track of people entering the country on Visa’s that there is nothing stopping someone from handing over their FB password then changing it 10 minutes later.
Jim
I’m not sure the government thought that through (first article). Not even a little.
If I’m just an honest tourist, I might not change it. But, if I’m a terrorist (I’m not), I would just change my password after I’ve gotten into the country.
SubSurge
I’m curious what the protocol would be when they got to the prompt “Enter your 2FA code.” Or when the user, quite honestly, answers “Was this you?” with a “No” and locks the officials out.
Kate Bevan
Yes indeed. Another very good reason to use 2FA!
Anonymous
Won’t help. Terrorists will create fake social media accounts that sing patriotic themes of how great America is, and provide the passwords to those, while keeping the existence of their real account secret. People without social media accounts will be treated with suspicion. If you say you don’t have one, and they do a Facebook search and find one, and they point it out to you and you say you didn’t create that account and don’t know who did, then what?
Wihan
or create a fake profile
RichardD
So what do they think will happen if you *don’t have* an account with a particular social media site? Are they going to believe anyone who says that, or are they going to assume that anyone who says they don’t must be lying?
Does every person visiting the US have to create and maintain a profile on every major social network, with regular posts so that it doesn’t look fake?
Someone’s getting confused between fighting “terrorism” and “tourism” again.
Anton.
Okay this is getting funny , social media passwords ?, seriously ?!, is part of the government just lacking important things to put time to or just bored and thinking hard on what will occupy the too much time it has on there hands ?.
It makes me wonder “what’s wrong with the government of the people , for the people and by the people” ! crazy world indeed.