 Sorry about that. The wiring gods were really not smiling on us right now. I blame VGA as I have for about the last 40 years. Welcome to Crypto Privacy Village. Thank you for being here. I got another great talk lined up and we've got Lauren Rucker who's going to be talking about privacy within a relationship. Let's talk about you and me. Give it up for Lauren. No one's adapters seem to be working so fuck it. We're doing it live. You'll see me look down a lot because I can't see my slides to the right and see where I'm at. So I apologize for that. I had an awesome salt and pepper talking about, let's talk about you and me. Let's talk about all the good things and the bad things that may be. So half this talk is going to talk more on privacy law and the other half is going to talk on privacy mitigation techniques, especially specifically spyware. So first thing I wanted to cover was a brief history of your privacy rights. So in case you don't know the background on that, the right to privacy was Harvard Law Review article and it was published in 1890 and it ended up coming about because of the invention of the Kodak cameras and two lawyers at the time were just really concerned with how invasive that privacy was that people's pictures could be taken and distributed and generally how it would weaken the right of people's and their privacy and private lives as it could be published in the newspapers. So they ended up writing a pretty long article published in Harvard Law Review and from that came what we mainly use now as the right to privacy from a law perspective and specifically there's four torts or ways that you will infringe on someone's privacy and the four torts are intrusion upon seclusion and I'll talk through each of these really quickly. Appropriation, publication of private facts and false light. So the biggest thing that this talk is going to hit on is intrusion upon seclusion. So if you're living with someone or you're in a relationship or a marriage with someone, the biggest, you're giving up a lot of your privacy rights because you're sharing so much with that person anyway. So intrusion upon seclusion is intentionally intruding physically or otherwise upon the solitude or seclusion of another of his private affairs or concerns and if the intrusion would be highly offensive to a reasonable person. So you'll see language like that in these privacy torts where it's really gray and what's defining a reasonable person and a lot of that's up to the court and I'll go through some of the Supreme Court cases that have helped define this when you're talking privacy rights in a marriage. There's also publication of private facts so a lot of that has to do with if someone puts revenge porn on websites and so that is protected by law, false light where you're having slander if you're a public figure. And again, we're going to talk about what defines highly offensive to a reasonable person. So next up is our, if they're up there, basically our bigger federal laws that help talk to privacy and that's the Federal Wiretap Act, Stored Communications Act, Computer Fraud and Abuse Act and the 14th Amendment really help touch on this subject and kind of cut through the gray. So wiretap obviously, I'm sure you guys are familiar but protects interception or access to personal communications and so that's supposed to protect people accessing your data, your telephone taps, your access to the internet and are they monitoring it. And then with Stored Communications Act that's protecting the computer and online accounts from unauthorized access and how that data is stored. And it also addresses voluntary disclosure so stored wired and electronic communications and the records that are being held by the ISPs themselves or internet service writers, excuse me. For the Computer Fraud and Abuse Act that's a really overarching act but in this case it's talking about prohibiting access, unauthorized access to somebody's account or computer and not, you know, walking into, not logging into other viewers' accounts. And then I didn't really touch too much on the Fourth Amendment because that's talking about right to people being secure in their person's house and papers or effects but when you're talking about privacy within a relationship a lot of that is shared. So the amendment as far as a constitutional right is actually the 14th Amendment that defines a lot of these further laws when you're talking individual rights to privacy when you are legally bound. So I'm just going to, I had it up here but just so you know the language a little bit, no state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States nor shall any state deprive any person of life, liberty or property without due process of law nor deny any person within its jurisdiction the equal protection of the laws. So enforcing these privacy torts is really where the Fourth Amendment comes in in order to protect yourself and your individual privacy. So I'm going to talk about some famous Supreme Court cases that have helped define this. The biggest one going back in time and coming forward is the Union Pacific Railway Company and Botsford actually and this was back in I think the 1890s and so that basically had to do with individual's right to privacy and making sure that that was a constitutional amendment and defining that I think at that point no right is held more sacred or is more carefully guarded by the common law than the right of every individual to the possession and control of his own person free from all restraint and interference of others and so that particular case helped define and solidify that privacy was part of U.S. constitutional rights and for their U.S. citizens. So another famous case is the Einsteht versus Barad and that safeguarded a single person's access to contraception so that whole court case was about defining if you were single or you were married and your access to contraception and what came out of that was both single and married people should have access to contraception and be able to make that choice for themselves. It is the right of the individual to make that type of choice and so even if they're married they should be able to choose. So I know we're touching a little bit on like abortion, you'll see that in these cases I'll bring up abortion laws a little bit or contraception or reproduction but that's a lot of the battles that do make it to the Supreme Court case in order to help define. So the next one is Rowe versus Wade. This was a big obviously abortion heavy like mainly focusing on that and was really paramount but again it legalized abortion and then protected the woman's reproductive choice within the marriage. So again protecting their privacy to make a choice and so that's the main take away from these court cases is I'm not talking reproductive rights today but the privacy to make a choice and these are some of the Supreme Court cases that help you see the background as to why you should have online privacy as well. And then we have Lawrence versus Texas and this had to do with a Texas stature that was criminalizing different sexual acts by consenting gay couples and it overturned a lot of anti-esotomy laws and it actually set the groundwork for decriminalization of a lot of adultery laws that were still withheld in a lot of states as well. I think about 20 states still had those type of laws and so it outlawed most of the time these criminal sodomy laws passed over half the states and outlawed all forms of like sexual expression between persons of the same sex so it was targeting them specifically so this particular case of Lawrence versus Texas put the choice back to the individual and their private matters back to the individual and that you couldn't go to jail just for having sex with who you want to have sex with that was a choice and that is your private choice to do so and then for the most recent one is in 2012 we had United States versus Jones and that had to do with installing a GPS tracking device they were actually this one has to do with the drug ring more than anything but basically the government put a tracking device on this guy's wife's car and they had a warrant to do so but they had to do so within 10 days and I think they had to do so within I think it was the District of Columbia so DC that's a very small geographic area so they didn't install the device until 11 days so the warrant had expired to do so and it also installed it in Maryland so basically what came out of that is the data was not used in the court case for that drug ring and it confirmed that to do GPS location and get that data on someone and collect on that you have to have a warrant to do so otherwise it doesn't hold water in court and we're talking a lot about law in court here because privacy in a relationship if you want to know your rights you kind of have to know the law and what has helped define that so a lot of the state cases as well and state by state has different rules on what you can or can't collect or some of them just have gray areas so I'll have a resource at the end that I'll say out loud and it has a great comprehensive website like state by state to get you started if you're truly interested in that and when I was talking to a couple of my friends that do practice law the biggest people they pointed me to for their state is it's going to be by state and it's going to be divorce lawyers usually know that stuff way better because when things get nasty that's where people don't like to share as much sometimes so for state cases this was a big one it's white versus white and this was in New Jersey so basically what happened with here is the guy was kind of staying in the sunroom and so the family computer was also used in the sunroom like family kids husband wife would all log in and use it the wife saw a letter addressed to the guy's girlfriend supposedly laying out so she took him to court for divorce and it was pretty nasty custody case what came out of that though is because the computer was in a shared use space and it wasn't unreasonable for people to view or have access to his shared files on the computer and his email that actually no tort had been offended so no privacy had been offended just because of that so it's pretty defining again it was a state course not necessarily supreme course but it's good to pay attention to because it helps know the precedence that needs to be set when shit gets real and if you do want your accounts protected and you do want your emails not viewed by your spouse or not all the time or whatever you choose to share with them but to protect yourself I think it's not as big of a deal because usually we don't have one computer per household anymore many people have their own individual laptops but just something to keep in mind is that a laptop that many people in your household use who has access to it do they have different accounts you know set up on the laptop itself these are all things to protect yourselves and protect your spouse to just you don't necessarily know how things end and how they can go bad another good one was for from Michigan it's Lewis versus Lee grow and so this one's interesting as well sorry it basically involved a relationship of two girlfriends and one boyfriend he had invited them back to the bedroom they had a consensual relations back there plenty of times and I believe that they had a threesome and he recorded it without letting them know he was recording it so the ladies took him to court he argued that because his bedroom was a private place there was a reasonable expectation of privacy and you'll hear that in these court cases as well so the court actually cited on the side of the ladies because even though it is a private place they're not necessarily expecting to be recorded in that type of private place that's the intrusion of privacy even though it is a private area and it is shared so if you've ever had friends or been in a situation where you have been recorded in a bedroom without knowing whether that's the sex tapes or just undressing or just recorded in general in your bedroom and you're not expecting it this court case Lewis versus the grow is a good one to point to as far as they ruled that that is definitely expecting privacy within the bedroom even if you're two consenting adults and I think also the it expanded on this principle because it was a threesome the private realm and specifically rejected the notion whether the parties are living together or estranged as a factor so in other words one of these one of the ladies was not living with this couple so it didn't necessarily matter if you're in a relationship married to them living with them there if they're not they're coming into your bedroom they're not expecting to be recorded and a reasonable person would find that offensive and that court was able to prove that next case I want to talk about is a colon versus colon in New Jersey and this had to do with the wife invaded the defendant's privacy by recording and videotaping his activities even sexual activities in their home the key to distinct the factor here is she was recording it while in his office in the home office so it was not necessarily a private area and I do believe she won that and they held the wife's video surveillance even though it was in their marital home and did not constitute an evasion of the husband's privacy due to being in a more public room of the household so something else to keep in mind from a video surveillance you don't know who's recording what where you're going to do stuff that you would like private make sure you're any private place in the safety of your own home and that there is a reasonable expectation of privacy and that you would be able to prove that so TK excuse me key takeaways from those court cases is the biggest factor here is intrusion upon seclusion and the manifestation of the expectation of privacy so what that means is if you do have to go to court for these types of instances you have to show and or manifest an expectation of privacy like the ladies going into the bedroom the bedroom is a private place you go there to dress and undress you go there to sleep you go there to not be bothered whereas the guy who had the computer in the sun room you can't really say that's private if family traffic is coming in and out and everyone's using that computer so biggest takeaways are don't share passwords and accounts if you have a history of recording activities in a private area because you know that's you and your spouse's hobby or not spouse and it's consensual make sure it's being recorded and just because you did it with someone who consented doesn't mean everyone who comes in engages in those activities is consenting so consent is a big one on that and then if the area is visited by multiple parties that's not probably it's probably not a private place it's not going to hold up in court so we have the office where obviously a little bit more private right not all your guests are probably going to come into your home office but people do come in there outside of just the owners of the home and the sun room example as well so I'll just repeat those again don't share passwords and accounts if you have a history of recording in private areas make sure all parties are consenting to that recording and if the area is visited by multiple parties outside of the people in the relationship that's not considered a private area at least in the eyes of the court in most cases the rest of the half of the stock is just talking just basic security measures you can take to protect yourself in the case that you're in a relationship and you want some more privacy for yourself just good old common knowledge to not get hacked and then also sometimes you are you see find yourself in relationships that are a little aggressive or abusive and these are some ways to help so big one is phone settings first and foremost right pretty basic so turn off location setting features on apps as much as you can great example of that is Uber likes to track your GPS location all the time not even when you're using apps might not be the best app for grabbing a cab in that case being able to block and filter numbers having a remote white feature make sure you have a phone lock in code I know where this is a hacker community here but I can't tell you how many of my you know Midwestern grandma's friends don't do that and I think that's something they need to start doing and be aware of to protect themselves and disable file and media sharing again going back to sharing of account so if you share an iCloud account and you're sharing pictures that way well in the eyes of the court you're sharing some type of account they can take you to court and say well yeah I did have the right to snoop through your email we're sharing accounts elsewhere and sharing media files not that it will hold up just that that's evidence of you know you've done it before when you're at home if you feel like your network could possibly you know pick up your network traffic you could use a VPN enabled while on a wireless network it's probably the best anyway also on your mobile device if you're you're at a coffee shop just some helpful hints there you know you have open VPN where you can VPN back into your home network or you can use a paid service and additionally there's helpful apps so if you are in a more threatening environment from a domestic standpoint secure messaging apps like signal or crypto cat are really great and even if you do have spyware installed on your phone they're not necessarily able to go in there and decrypt those type of messaging apps depends on the spyware and root kit that's put on there you can do apps that can see your text messages are in calls like vault or shady contacts so it obfuscates who you're talking to and then decoy apps which I think are every parent's favorite thing right now concealed data and other apps and do like remote lock an example of that is an app called prey where it looks like a certain app you go in you know it has a whole bunch of different files and other apps that look like a baseball scoring game but not really at all it's like a messaging app and did want to talk privacy and social media this is going to depend there's so much different social media that everybody uses so biggest one is turn off geolocation filters knowing how to manage who sees your content review of the privacy settings that are even the advanced settings security settings in general and the notifications for multiple logins that you know your multiple browser sessions and how to kill those and two-factor authentication and then for keeping online activity private in general obviously two-factor authentication or unique and complex passwords auto deleting a history and cookies in your browser you can also do tour just delete me which is saves you time by providing direct links for canceling numerous internet sites so Google door canes a little harder to do do privacy mode in your browser I know a lot of this is basic and this community is really aware of that but so many people don't know this so many of my friends don't know this until it's too late or they're in a bad situation and duck duck go is a search browser not browser Jesus search engine it doesn't save your searches it also doesn't sell your searches like Google or Yahoo does so that's a great one even though like sometimes their interface is frustrating disconnect me is another one it lets you visualize and block sites that track your search and browsing history and I again for online activity private I mentioned a bunch of VPN clients like hide my ass tunnel bear open VPNs that that one's free and then you know for the more technically inclined I would recommend tails if they're super wanting to dive into that world and if you don't know that's a live OS and you can put it on almost any computer just sitting on top of your normal OS and you with a DVD USB stick or SD card and it's a Debian base Linux distribution aimed at preserving privacy and it has tour built in it's a fun one if you haven't used it and then did want to talk about if your laptop and stuff is in private areas make sure it's locked make sure it has a passcode otherwise that reasonable expectation of privacy might not be there encrypting your laptops hide hard drive so when someone does try to install spyware root kit they need that additional password notification to do so covering up webcams and then backing up your data and change default passwords on hardware so those are just some cybersecurity techniques for the home for people who might not be ridiculously technically inclined and I was going to talk specifically about some surveillance technologies so ways you can be surveilled you can have a spyware or and that can just go for your camera can go for audio where it can record it and save it for later content created apps so going after like your snapchat and going in to Twitter and being able to pull that data keylogger, password finders, GPS tracking phone and text filtering where it can even send phone and text for you I know for this community like none of this is a shocker but I talked to some of my friends who really just use their phone to take pictures and snapchat and a lot of this is like what I didn't know people could do that so in general spyware gathers info about a person without their knowledge and I just had a couple of examples here so for as low as $20 a month in spy you can block someone's incoming calls and by predefined numbers monitor their content apps again like any kind of social media and you know use their GPS location there's also spy era and that can listen on your phone calls everything else that's happening near the smartphone and record it for it tracks text it uploads copies of the photos you take it spies on conversations held through other apps such as Skype and Viper and WeChat and it logs everything you type so it's a keylogger as well and even uses the camera to find spy on you physically and I think you can grab that for about four to five hundred a device that you're going to install it on so I mean if someone wants to truly be malicious and they live with you like that's not too much of a hefty price to start tracking people your significant other if you're a little paranoid that they're on dating sites or if they're talking to people and then for keyloggers I'm going to talk about Spyrix keylogger it's free it screenshots the active programs on the computer and intervals and it reports the programs that are running back to the person who installed it that's a big deal if you're living together and you're separated and someone gets a little jealous you know like oh fuck they're on match.com it can be pretty aggressive really fast when they're finding out that kind of information and you're already in a bad situation a fun one I found was it's actually advertised as a backup data recovery software it's DDI utilities and you can download the alt program remote send it if you know the phone number you want it to track and just for the few simple commands you have full route on that phone you're able to track everything and I think it's only $70 and yeah it's definitely advertised as a backup data recovery software and yes it does that too but it tells you everything that's happening on that phone because it does that and I thought that one was really fun because well not fun because it's a remote connect that one's a little scary to find and I did want to talk about the dangers of parental controls you can have net nanny for your kids but if you're in the middle of a separation or a nasty divorce that can totally be used against you and if you're not familiar with net nanny that controls and access what someone's viewing from anywhere anytime using any device you get alerts when they're attempted to download a certain something or if they're going to a certain website bam you get pinged right away another one is iPhone spy stick and it's just plugged into a USB port it downloads it all the web history emails text message even the deleted text messages this one I thought was interesting it's the iPhone dot camera so you think that you're just charging your device but actually it's a recording video that's going on in the room and it has a voice activated audio monitor a lot of parents use these tools to monitor their kids and their online activities but you can totally use it for your spouse or someone that you live with to under the premise that it's for the kids pretty interesting and then just one more on that for the parental controls is mobile spy and that software that allows users to follow a phone in real time geographic location and see online activity so a lot of these have similar features but each one is a little different just some basic surveillance detection techniques if you think your mobile device is possibly compromised these are just some quick physical ones are you getting battery loss a lot quicker than you have been is it overheating all the time you can go in and check your phone settings and look at the permissions that the apps are doing so maybe a new apps on there they're not necessarily paying attention to how many people download not named brand photo editor apps you know and say that's a big one at least for a lot of my friends it was and like that looks pretty shady man where did you get that app and where did you download it let's see what it has access to and then for anything that's like a net nanny or a content filtering you can usually just pick pick up the computer processes in order to detect the internet filters and content control software depending on what the software is your area if you think it's a certain software you can usually just kind of Google what internet computer process to look for for a net nanny specifically I think it's a work aware process you can go in there and kill it to bypass that for that session anyway and then there's also spyware detection software specifically and anti root kit scans for spyware detection software I think Norton power eraser bite defender root kit removal Kaspersky has a pretty good anti keylogger under their security scan and then malware bites has a free anti root kit so at least that there's one product that's free the biggest mitigation techniques for you know getting root kit and spyware installed is actually keeping the software up to date and patch and I know we hear that a thousand times but a lot of these root kits or spyware that's installed is specific to a certain OS a certain certain version and below as the iOS or OS gets updated those software programs have to get updated to in order to be effective read those end user license agreements when you're picking up apps and seeing what that's really paying really asking for I don't do it but you could do a quick search I do it sometimes depending on the app but also two factor authentication is a big one for your device your bank accounts your email anything where you're going to house significant personal privacy data you should really look at doing two factor authentication I've heard some security friends say oh I don't I hate doing that because we share Amazon accounts and when I do two factor authentication they're not necessarily next to my phone and it's just all sorts of red right there if you're in maintaining personal accounts how many people live together and share a Netflix Hulu or Amazon account well what other at the information in those accounts that you're letting your spouse or significant other have access to pretty sure that's tied to your bank account information your email different addresses your shipping stuff to so actually a lot of personal data I haven't been using it on a business side so then that significant other has access to some of your business information try and parse off separate accounts for that like Hulu and Netflix you can make you know separate account that they'll log into Amazon I think they have a feature now where it's like a shared household and you can have another account however with the Amazon one they do not separate the banking information so watch out for on that one to be aware of I mentioned those because most people live together those are pretty common to share at least people I know lock your devices encrypt your hard drive so installation of new software is hard and again I'm just gonna say one more time don't share passwords if it comes worse to worse for spyware root kit you know back up your data as best you can in factory reset of devices that'll get that off there and since I don't have a slide up I'm just gonna go over some of the bigger resources I think yeah violet blue has a great book it's called smart girls guide to privacy and practical tips for saying safe online that one's great highly recommend that I think it's a free e-book or on a Kindle account or if you just want to buy it I think it's like between five and ten bucks I think she's even doing a book signing here at Defcon I found today or yesterday but it is really awesome hackblossom.org slash domestic dash violence and I was gonna show you some screenshots of that particular site I thought it was really great because there's not a comprehensive guide how to secure yourself online that I've really found outside of that and so they even have a quick exit button in case you are in a really aggressive environment and you need that and get out of the browser quickly because they just walked in the room so I thought that was a really nice feature so they have different threat scenarios in that and it's like my partners harassing me through my cell phone, harassing me through social media, stalking my location surveilling my online activity et cetera et cetera and they do a pretty nice little like overview walk through it's just a nice resource that I thought was online and comprehensive and then some great organizations out there such as Crash Override Network they have a pretty it's not super comprehensive but they have some definite resources of how to protect yourself online especially when you're talking like abusive relationships but their main focus for Crash Override is online harassment so you'll see a lot of sites right and a lot of information about being cyber bullied but when you're living with someone it's a whole other level because you're expecting calls from them so you can't necessarily block their number especially if you both have kids that might be an emergency situation so anyway Crash Override for online bullying also the national network to end domestic violence had some really good resources for those that would need help and another organization called Next Door and I think Next Door offered support groups even temporary housing solutions and self-sufficiency programs to help some people feel really powerless in these situations because as the victim you have to change your life so much usually not the other way around and as far as I said I talked to laws by state that are different for privacy so victimsofcrime.org you can get in there and it actually is kind of under their stalking laws because when you're talking domestic surveillance that's probably where you're going to go first so any questions sorry for the lack of slides and me looking down any questions at all sure I think there's a mic up here if you want or thanks such an important topic for the crucial juncture where somebody is first leaving the domestic situation and they need to escape to some other place surveillance of course to be able to track you if it's on your phone if your phone is off of your lifeline to all of the other support networks so do you have any recommendations for that specific crucial juncture I don't have personal experience with that but from everything I've seen on a resource is doing that first outreach usually to a trusted friend or organization and the biggest thing is have somewhere to go and have some stuff set up there from a surveillance and tracking your phone at that point I personally anyway would leave my phone and get a burner while you're doing that set up to leave and start making your own accounts and like say you're sharing Amazon or email because some people do share email start making your own accounts and making that defined moment for yourself and not tying it to the other individual that you will be separating from because you can at least in a court situation show hey from this date we knew we were separating and here's the proof of when that stuff was created so from a law perspective you'll be covered there from a domestic violence because I think that's a really scary situation is you really have to work with the organizations and friends that will be able to support you get you away from that situation you usually have a almost like a safe house safe space you can go to get ready to jump ship and you like cut lifelines in a way from the other individual as best you can and don't share your location and new contact information and make sure all of your close friends and relatives know that as well that's the best advice I have for that situation I'm not a professional in that category in any means but everything I've read that would be my ultimate recommendation any other questions? sure I don't at the moment I can totally do that I'll throw it up on my twitter later I'll probably put it on LinkedIn share slides so my twitter is yeah I guess you can't see that either Lauren K. Rucker and it's L-A-U-R-E-N-K R-U-C-K-E-R sorry it's all together it doesn't have any weird spelling so yeah Lauren K. Rucker I'll be sure to put that link on there and I'll pin it so you guys can see it for a little bit yeah what's the expectation of privacy that children should have from parents like adolescents and teenagers what can they expect as their reasonable privacy that parents should violate? yeah I think I kept hitting on or running across that as I was doing a lot of research for this talk and this time from a law perspective it's really at the discretion of the parents since they are the parent and guardian if a child is 18 and under unfortunately law has not caught up with the reasonable expectation of privacy when it comes to children so that's why things like net nanny which are mass advertised and a lot of these parental control softwares in internet filtering that you see is really scary and perfectly legal to purchase due to the fact law hasn't defined a child's privacy I think possibly the defining moment is to have a facebook or snapchat a lot of those laws if you're 13 and under privacy as far as your parents concerned doesn't necessarily exist privacy from other individuals outside of your family is a different story and ultimately pretty protected from that perspective does that answer your question? oh, okay any others? cool, alright well thank you so much for coming to my talk