Facebook on Wednesday banned about 900 pages and groups and 1,500 ads tied to the pro-Trump conspiracy theory QAnon, part of a sweeping action that also restricted the reach of over 10,000 Instagram pages and almost 2,000 Facebook groups pushing the baseless conspiracy theory that has spawned real-world violence. From a report: Facebook also took down thousands of accounts, pages and groups as part of what they called a "policy expansion," seeking to limit violent rhetoric tied to QAnon, political militias and protest groups like antifa. QAnon is an elaborate, unfounded conspiracy theory alleging that President Donald Trump is secretly saving the world from a group of prominent Satanic cannibals that run the world. The group has been linked to several violent, criminal incidents, including a train hijacking, kidnappings, a police chase and a murder. The new policy states that "Pages, Groups and Instagram accounts associated with these movements and organizations will be removed when they discuss potential violence." QAnon, militia movements and violent movements tied to protests will now no longer be allowed to purchase ads on Facebook. QAnon ads, which often pushed merchandise, were allowed on the platform before Wednesday's announcement.

The U.S. Department of Energy and Microsoft on Tuesday announced a partnership to develop artificial-intelligence tools aimed at helping first-responders better react to fast-changing natural events, such as floods and wildfires. From a report: "There are just so many technologies where we can solve some of the toughest problems, in a moment where we're having an explosion of wildfires and floods and some really major natural disasters," said Cheryl Ingstad, director of the Energy Department's Artificial Intelligence and Technology Office. "And we think we can bring AI to bear here and help save lives." The First Five Consortium, a nod to the importance of the first five minutes in responding to a natural disaster, aims to build between 10 and 30 different AI-powered systems. The Energy Department will spearhead the development and testing efforts. Microsoft will provide technological resources, including its Azure cloud for AI model training and inference. Other organizations, including public- and private-sector entities, are expected to participate. The announcement comes as California confronts another summer of raging wildfires, while Iowa reels from devastating windstorms. The consortium is expected to have its first prototype ready for testing this fall. Over the longer term, officials envision a range of AI systems that can help save lives, property and resources.

An anonymous reader shares a report: Back in 2005, before the iPhone, Apple purportedly helped a U.S. Department of Energy contractor modify a 5th-generation iPod to secretly record and store data. The exact reason why remains a mystery, but an ex-Apple engineer involved in the project thinks it could have been a surreptitious Geiger counter. This bonkers story comes courtesy of David Shayer, a former Apple software engineer who was with the company for 18 years and worked on devices such as the iPod and Apple Watch. Shayer, who wrote the story for TidBITS, recounts a "gray day in late 2005" when his boss's boss, the director of iPod software, told him that he was assigned to a top-secret project with two engineers from the U.S. Department of Energy to build a "special iPod." In actuality, the two engineers were from Bechtel, a U.S. defense contractor for the DOE. The request was to build a normal, functioning iPod that could also secretly record data onto custom hardware. In other words, some spy-level shit. At the time, the iPod wasn't a particularly easy device to modify. That's because according to Shayer, the iPod's operating system wasn't based on any other Apple operating system. Instead, it was based on a "reference platform Apple bought from a company called Portal Player" and cobbled together with code from Pixo, a company started by former Apple engineers who wrote a "general-purpose cell phone operating system." TL;DR -- the iPod OS was complicated, and there wasn't an easy way to figure out how it worked without help from Apple.

In the name of security and privacy, Google is taking away the ability for users to select third-party camera apps in Android 11, forcing users to rely on the built-in camera app. Android Police reports: At the heart of this change is one of the defining traits of Android: the Intent system. Let's say you need to take a picture of a novelty coffee mug to sell through an auction app. Since the auction app wasn't built for photography, the developer chose to leave that up to a proper camera app. This where the Intent system comes into play. Developers simply create a request with a few criteria and Android will prompt users to pick from a list of installed apps to do the job.

However, things are going to change with Android 11 for apps that ask for photos or videos. Three specific intents will cease to work like they used to, including: VIDEO_CAPTURE, IMAGE_CAPTURE, and IMAGE_CAPTURE_SECURE. Android 11 will now automatically provide the pre-installed camera app to perform these actions without ever searching for other apps to fill the role. Google describes the change in a list of new behaviors in Android 11, and further confirmed it in the Issue Tracker. Privacy and security are cited as the reason, but there's no discussion about what exactly made those intents dangerous. Perhaps some users were tricked into setting a malicious camera app as the default and then using it to capture things that should have remained private.

Not only does Android 11 take the liberty of automatically launching the pre-installed camera app when requested, it also prevents app developers from conveniently providing their own interface to simulate the same functionality. I ran a test with some simple code to query for the camera apps on a phone, then ran it on devices running Android 10 and 11 with the same set of camera apps installed. Android 10 gave back a full set of apps, but Android 11 reported nothing, not even Google's own pre-installed Camera app.

Researchers have demonstrated that they can make a working 3D-printed copy of a key just by listening to how the key sounds when inserted into a lock. Slashdot reader colinwb writes: While you cannot hear the shape of a drum it seems you can hear the shape of one type of key from the sound it makes in the lock. That says it all really, but [here's how Soundarya Ramesh and her team at the National University of Singapore accomplished this feat]: "[The NUS team developed and tested what it calls SpiKey, an end-to-end attack technique for, as its name suggests, spying on Yale/Schlage type keys and using signal processing software to infer their correct shapes.] Once they have a key-insertion audio file, SpiKey's inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock's pins [and you can hear those filtered clicks online here]. These clicks are vital to the inference analysis: the time between them allows the SpiKey software to compute the key's inter-ridge distances and what locksmiths call the 'bitting depth' of those ridges: basically, how deeply they cut into the key shaft, or where they plateau out. If a key is inserted at a nonconstant speed, the analysis can be ruined, but the software can compensate for small speed variations.

The result of all this is that SpiKey software outputs the three most likely key designs that will fit the lock used in the audio file, reducing the potential search space from 330,000 keys to just three. 'Given that the profile of the key is publicly available for commonly used [pin-tumbler lock] keys, we can 3D-print the keys for the inferred bitting codes, one of which will unlock the door,' says Ramesh." The article has a link to a 15-minute video presentation of the research and to another article on the research.

Secure Thoughts reports that artificial intelligence company Cense AI, which specializes in "SaaS-based intelligent process automation management solutions," has leaked nearly 2.6 million medical records on the internet. PCMag reports: [O]n July 7 security researcher Jeremiah Fowler discovered two folders of medical records available for anyone to access on the internet. The data was labeled as "staging data." Fowler believes the data was made public because Cense AI was temporarily hosting it online before loading it into the company's management system or an AI bot.

The medical records are quite detailed and include names, insurance records, medical diagnosis notes, and payment records. It looks as though the data was sourced from insurance companies and relates to car accident claims and referrals for neck and spine injuries. The majority of the personal information is thought to be for individuals located in New York, with a total of 2,594,261 records exposed. Fowler sent a responsible disclosure notice to Cense AI and public access to the folders was restricted soon after. However, the damage has potentially already been done if others had previously discovered the data was available. Fowler points out that medical data is the most valuable on the black market, fetching as much as $250 per record. If someone willing to act maliciously came across this data you can guarantee it is, or has been sold.

KindMind shares a report from The Register: Toyota has expanded its collaboration with Amazon Web Services in ways that will see many of its models upload performance data into the Amazonian cloud to expand the services the auto-maker offers to drivers and fleet owners. [...] Toyota reckons the data could turn into "new contextual services such as car share, rideshare, full-service lease, and new corporate and consumer services such as proactive vehicle maintenance notifications and driving behavior-based insurance."

The two companies say their joint efforts "will help build a foundation for streamlined and secure data sharing throughout the company and accelerate its move toward CASE (Connected, Autonomous/Automated, Shared and Electric) mobility technologies." Neither party has specified just which bits of the AWS cloud Toyota will take for a spin but it seems sensible to suggest the auto-maker is going to need lots of storage and analytics capabilities, making AWS S3 and Kinesis likely candidates for a test drive. Whatever Toyota uses, prepare for privacy ponderings because while cheaper car insurance sounds lovely, having an insurer source driving data from a manufacturer has plenty of potential pitfalls.

An anonymous reader quotes a report from Motherboard: A group of activists have released Landlord Tech Watch, a site that allows anyone to report where this "landlord tech" is being used and plot it on a map -- like a version of Nextdoor that turns the tables to hold property owners and real estate companies accountable. The project is the effort of technologists and tenants rights advocates, who say they're aiming to use data to shed light on the use of biometric locks, tenant screening systems, and other technology used by landlords to exert power over tenants.

"It just became apparent that these technologies are increasingly being deployed in residential spaces, and there's so little public information about them," Erin McElroy, a postdoctoral researcher at the AI Now Institute and co-founder of the Anti-Eviction Mapping Project, told Motherboard. McElroy said the project came together following a prominent tenant dispute at Atlantic Plaza Towers, a rent-stabilized building in Brownsville, Brooklyn. The landlord, Robert Nelson, was trying to replace physical key fobs with a facial recognition system, a technology which has been repeatedly shown to exhibit racial bias. The project was abandoned after 136 tenants rallied in protest, filing a legal complaint with the New York State Department of Housing and Community Renewal. "We want to be able to collectively organize tenants from multiple buildings," adds McElroy. "That's the ultimate goal -- whether it be for direct action or policy reform or both."

An anonymous reader quotes a report from Gizmodo: A newly released document shows the U.S. Secret Service went through a controversial social media surveillance company to purchase the location information on American's movements, no warrant necessary. Babel Street is a shadowy organization that offers a product called Locate X that is reportedly used to gather anonymized location data from a host of popular apps that users have unwittingly installed on their phones. When we say "unwittingly," we mean that not everyone is aware that random innocuous apps are often bundling and anonymizing their data to be sold off to the highest bidder.

Back in March, Protocol reported that U.S. Customs and Border Protection had a contract to use Locate X and that sources inside the secretive company described the system's capabilities as allowing a user "to draw a digital fence around an address or area, pinpoint mobile devices that were within that area, and see where else those devices have traveled, going back months." Protocol's sources also said that the Secret Service had used the Locate X system in the course of investigating a large credit card skimming operation. On Monday, Motherboard confirmed the investigation when it published an internal Secret Service document it acquired through a Freedom of Information Act (FOIA) request. (You can view the full document here.) The document covers a relationship between Secret Service and Babel Street from September 28, 2017, to September 27, 2018. In the past, the Secret Service has reportedly used a separate social media surveillance product from Babel Street, and the newly-released document totals fees paid after the addition of the Locate X license as $1,999,394.

An anonymous reader quotes a report from Wired: Findings published on Thursday by the security firm Check Point reveal that Alexa's Web services had bugs that a hacker could have exploited to grab a target's entire voice history, meaning their recorded audio interactions with Alexa. Amazon has patched the flaws, but the vulnerability could have also yielded profile information, including home address, as well as all of the "skills," or apps, the user had added for Alexa. An attacker could have even deleted an existing skill and installed a malicious one to grab more data after the initial attack. [...] For an attacker to exploit the vulnerabilities, they would need first to trick targets into clicking a malicious link, a common attack scenario. Underlying flaws in certain Amazon and Alexa subdomains, though, meant that an attacker could have crafted a genuine and normal-looking Amazon link to lure victims into exposed parts of Amazon's infrastructure. By strategically directing users to track.amazon.com -- a vulnerable page not related to Alexa, but used for tracking Amazon packages -- the attacker could have injected code that allowed them to pivot to Alexa infrastructure, sending a special request along with the target's cookies from the package-tracking page to skillsstore.amazon.com/app/secure/your-skills-page.

At this point, the platform would mistake the attacker for the legitimate user, and the hacker could then access the victim's full audio history, list of installed skills, and other account details. The attacker could also uninstall a skill the user had set up and, if the hacker had planted a malicious skill in the Alexa Skills Store, could even install that interloping application on the victim's Alexa account. Both Check Point and Amazon note that all skills in Amazon's store are screened and monitored for potentially harmful behavior, so it's not a foregone conclusion that an attacker could have planted a malicious skill there in the first place. Check Point also suggests that a hacker might be able to access banking data history through the attack, but Amazon disputes this, saying that information is redacted in Alexa's responses. "The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us," an Amazon spokesperson told WIRED in a statement. "We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed."

Four cities in Indiana are suing Netflix and other video companies, claiming that online video providers and satellite-TV operators should have to pay the same franchise fees that cable companies pay for using local rights of way. Ars Technica reports: The lawsuit was filed against Netflix, Disney, Hulu, DirecTV, and Dish Network on August 4 in Indiana Commercial Court in Marion County. The cities of Indianapolis, Evansville, Valparaiso, and Fishers want the companies to pay the cable-franchise fees established in Indiana's Video Service Franchises (VSF) Act, which requires payments of 5 percent of gross revenue in each city.

The lawsuit is based on an unusual legal argument and doesn't seem likely to succeed. Essentially, the cities are claiming that Netflix and similar providers use the public rights of way simply by offering video streaming services over the Internet: "Defendants transmit video programming to Indiana subscribers using Internet protocol and other technologies. When doing so, Defendants transmit their programming through facilities located at least in part in public rights of way within the geographic boundaries of Indiana Units, including public rights of way located within Plaintiffs' geographic boundaries. Therefore, Defendants are required by the VSF Act to pay the Plaintiffs -- and all other Indiana Units in which Defendants transmit video programming through facilities located at least in part in a public right-of-way -- "franchise fees."

But streaming companies don't have to build physical infrastructure in each city to offer online video, so they aren't deploying their own wires on public rights of way. US law defines a cable system as "a facility, consisting of a set of closed transmission paths and associated signal generation, reception, and control equipment that is designed to provide cable service." Local franchising rules and fees are based on cities' authority to manage their local rights of way. Netflix, Hulu, and Disney+ are Internet-only services. Dish and DirecTV are primarily satellite operators but also offer online access. The cities' lawsuit never mentions the word "satellite" and doesn't fully explain how DirecTV and Dish use the public rights of way.

The website of Notepad++ is banned in China as of Monday, "obviously due to" its release of editions named "Free Uyghur" and "Stand with Hong Kong," the source code and text editor announced on Twitter. TechCrunch reports: First released in 2003 by France-based developer Don Ho, free-to-use Notepad++ operates on Windows and supports some 90 languages. In his release notices for the two editions, Ho openly voiced his concerns over "human rights" conditions, respectively in the Xinjiang autonomous region and Hong Kong. Tests by TechCrunch found that the Notepad++ ban only applies to its Download page -- which showcases the special editions and thus politically sensitive language -- when one tries to reach it from Chinese browsers developed by Tencent (QQ Browser and WeChat's built-in browser), Alibaba (UC Browser), 360 and Sogou. These services flag the page as containing content "prohibited" by local regulators.

Notepad++'s home page, on the other hand, remains unblocked through these local browsers. One can still access the full site from Chrome and DuckDuckGo in China. The ban began as early as August 12 when a user notified Ho of the ban, the developer told TechCrunch. He has never been contacted by any Chinese government authority and does not plan to take measures to cope with the website restriction.

Apple is expanding its program that provides parts, resources and training to independent repair shops to now include support for Mac computers. From a report: The repair program was first announced last fall, with the goal of making it easier for consumers to repair their out-of-warranty iPhones by allowing them to use third-party shops, including small businesses, that would now have access to official repair parts and other tools. The program was meant to complement Apple's existing network of over 5,000 Apple Authorized Service Providers, like Best Buy, which handle both in- and out-of-warranty repairs. To some extent, the program arose from consumer demand.

Many iPhone users were turning to unauthorized repair shops for a variety of reasons -- perhaps the shop was closer to their home, could fix their device more quickly, or offered more affordable repairs, for example. But this choice could result in an uneven consumer experience as the shops were locked out from using official Apple parts. Since its U.S. launch, the independent repair shop program expanded to over 140 businesses and over 700 new locations. This summer, Apple announced the program would now expand internationally as well, to both Europe and Canada.

Below its home page's search bar, Google is now warning everyone in Australia ominously that "The way Aussies search every day on Google is at risk from new Government regulation."

For more emphasis, Google even added the "hazard sign" symbol — a yellow triangle with an exclamation point, reports Gizmodo. "And in case you missed that, the website has also added a famously popular pop-up prompt that comes up during a search." After a year and a half of investigating, the ACCC, affectionately known as Australia's consumer watchdog, published a report last year that found that digital platforms had significant bargaining powers. News publishers, on the other hand, were a lot less powerful and this imbalance had significant adverse affects... In April this year, the Australian government asked Australia's consumer watchdog, the ACCC, to create some rules for a negotiation between news publishers and tech platforms... It laid out a process for negotiation and requirements that the platforms give more information to publishers...

In the letter, Google's ANZ Director Mel Silva claims that the code places free services — like Search, Gmail, Youtube — "at risk", seemingly implying that these services will be affected or may be discontinued if the draft code goes through. "A proposed law, the News Media Bargaining Code, would force us to provide you with a dramatically worse Google Search and YouTube, could lead to your data being handed over to big news businesses, and would put the free services you use at risk in Australia," she wrote...

In adding these warnings, the company is using its real estate on Australia's most visited website as a way to push back against negotiations that could force it to pay for its dominance.
UPDATE (8/17/2020): "The open letter published by Google today contains misinformation..." responds the Australian Competition and Consumer Commission.

American's National Security Agency (NSA) "has shared new guidance with U.S. military and intelligence personnel, suggesting they take additional precautions to safeguard their location data," reports Engadget. "The agency argues the information devices and apps collect can pose a national security threat."

Ars Technica reports: The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. "Location data can be extremely valuable and must be protected," an advisory stated. "It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations."

NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all. But these features come at a cost. Adversaries may be able to tap into location data that app developers, advertising services, and other third parties receive from apps and then store in massive databases. Adversaries may also subscribe to services such as those offered by Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity documented, respectively. Both companies either tracked or sold locations of customers collected by the cell towers of major cellular carriers.

Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a common class of website bug, but a Vice reporter was able to obtain the real-time location of a phone by paying $300 to a different service. The New York Times also published this sobering feature outlining services that use mobile location data to track the histories of millions of people over extended periods.

The advisory also warns that tracking often happens even when cellular service is turned off, since both Wi-Fi and Bluetooth can also track locations and beam them to third parties connected to the Internet or with a sensor that's within radio range.
Long-time Slashdot reader AmiMoJo shares some of the agency's other recommendations:

• Enter airplane mode when not using the device
• Minimize web browsing on your device and do not allow browsers to access location services
• Use an anonymous VPN
• Minimize location information stored in the cloud

Long-time Slashdot readers 93 Escort Wagon and schwit1 both shared the news that U.S. President Trump is "considering" a pardon for Edward Snowden, a former National Security Agency contractor who "leaked a trove of secret files in 2013 to news organizations that revealed vast domestic and international surveillance operations" carried out by the agency, according to Reuters: U.S. authorities for years have wanted Snowden returned to the United States to face a criminal trial on espionage charges brought in 2013. Snowden fled the United States and was given asylum in Russia... Trump's softening stance toward Snowden represents a sharp reversal. Shortly after the leaks, Trump expressed hostility toward Snowden, calling him "a spy who should be executed..."

Some civil libertarians have praised Snowden for revealing the extraordinary scope of America's digital espionage operations including domestic spying programs that senior U.S. officials had publicly insisted did not exist. But such a move would horrify many in the U.S. intelligence community, some of whose most important secrets were exposed.
In 2015 a petition with 100,000 signatures was submitted to the U.S. government seeking a pardon. But then-president Obama's Advisor on Homeland Security and Counterterrorism responded that "Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it," also arguing that Mr. Snowden had failed to accept the consequences of his actions. "He should come home to the United States, and be judged by a jury of his peers — not hide behind the cover of an authoritarian regime."

In 2016, then-president Obama insisted "I can't pardon somebody who hasn't gone before a court and presented themselves... I think that Mr. Snowden raised some legitimate concerns. How he did it was something that did not follow the procedures and practices of our intelligence community." But the New York Times disagreed. "Snowden told The Washington Post that he did report his misgivings to two superiors at the agency, showing them the volume of data collected by the NSA, and that they took no action," the Times wrote in an editorial pushing for clemency.

Others pushing for a pardon include Green Party presidential candidate Jill Stein, the American Civil Liberties Union, one million people who eventually signed another petition which was submitted to the White House — and Edward Snowden.

Slashdot reader Tekla Perry is also senior editor at IEEE Spectrum, and brings a story about San Diego's 3,300 "smart streetlights," each one equipped with "an Intel Atom processor, half a terabyte of storage, Bluetooth and Wi-Fi radios, two 1080p video cameras, two acoustical sensors, and environmental sensors that monitor temperature, pressure, humidity, vibration, and magnetic fields."

San Diego's smart streetlights were supposed to save money and inspire entrepreneurs to use streetlight sensor data to develop apps that would make the city a better place. The money savings didn't add up and the apps never emerged. Instead, the San Diego police realized the video data, intended to be processed at the edge by AI algorithms [and deleted after 5 days], could be tapped directly for law enforcement. Now consumer groups are looking to the city to pass legislation governing the use of data, and other cities are opting to avoid such issues by leaving cameras out of future intelligent lighting systems.
The first video accessed by police exonerated a person they'd arrested for murder in August of 2018. But over the next 10 months they'd accessed 99 more videos to investigate what they called "serious" crimes, a number climbing to up to 175 videos by early 2020. "The list included murders, sexual assaults, and kidnappings — but it also included vandalism and illegal dumping, which caused activists to question the city's definition of 'serious'..." according to IEEE Spectrum. "To date, San Diego police have tapped streetlight video data nearly 400 times, including this past June, during investigations of incidents of felony vandalism and looting during Black Lives Matter protests."

Morgan Currie, a lecturer in data and society at the University of Edinburgh, tells the site it's "a classic example of how data collection systems are easily retooled as surveillance systems, of how the capacities of the smart city to do good things can also increase state and police control."

Charter can charge Netflix and other online video streaming services for network interconnection despite a merger condition prohibiting the practice, a federal appeals court ruled today. From a report: The ruling [PDF] by the US Court of Appeals for the District of Columbia Circuit overturns two merger conditions that the Obama administration imposed on Charter when it bought Time Warner Cable and Bright House Networks in 2016. The FCC under Chairman Ajit Pai did not defend the merits of the merger conditions in court, paving the way for today's ruling. The case was decided in a 2-1 vote by a panel of three DC Circuit judges.

The lawsuit against the FCC seeking to overturn Charter merger conditions was filed by the Competitive Enterprise Institute (CEI), a free-market think tank, and four Charter users who claim they were harmed by the conditions. The FCC unsuccessfully challenged the suing parties' standing to sue, and it did not mount a legal defense of the conditions themselves. Though Charter did not file this lawsuit, the ISP separately asked the FCC to let the network-interconnection condition and a condition prohibiting data caps expire on May 18, 2021, two years earlier than scheduled. Today's court's ruling seems to render Charter's petition moot as far as the network-interconnection condition goes, but the court ruling did not overturn the data-cap prohibition.

TikTok's US employees are planning to file a lawsuit challenging a Trump administration executive order they say would make it illegal for their employer to pay them. From a report: Last week, President Donald Trump issued an executive order barring any US transactions with ByteDance, the Chinese company that owns TikTok, and its subsidiaries. The language of the order is broad, so it's unclear if it would bar TikTok from paying its employees. The Trump administration didn't respond to questions about how the order would impact TikTok's employees. The order, which would take effect Sept. 20, would effectively ban the short-form video app from operating in the US if ByteDance doesn't sell TikTok. Microsoft has acknowledged it's discussing a deal to buy TikTok's service in the US, Canada, Australia and New Zealand. Negotiations could be completed by Sept. 15, which is before the executive order's deadline.

Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers. From a report: In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices. For years, DHS and border agents were allowed to search devices without a warrant, until a court found the practice unconstitutional in November 2019. In 2018, the agency searched more than 33,000 devices, compared to 30,200 searches in 2017 and just 4,764 searches in 2015. Civil rights advocates have argued against this kind of surveillance, saying it violates people's privacy rights.

The report highlights the DHS' capabilities, and shows that agents can create an exact copy of data on devices when travelers cross the border. According to the DHS, extracted data from devices can include: Contacts, call logs/details, IP addresses used by the device, calendar events, GPS locations used by the device, emails, social media information, cell site information, phone numbers, videos and pictures, account information (user names and aliases), text/chat messages, financial accounts and transactions, location history, browser bookmarks, notes, network information, and tasks list. The policy to retain this data for 75 years still remains, according to the report.