• The FBI violated its own rules in surveillance of anti-Keystone XL pipeline activists

    More than eighty pages of internal FBI documents dated from November 2012 to June 2014, obtained under the Freedom of Information Act, reveal that the FBI breached its own investigation rules when it spied on protesters opposing the controversial Keystone XL pipeline. Agents in the FBI’s Houston field office failed to get approval before they cultivated informants and opened files on pipeline protesters — a violation of guidelines designed to prevent the agency from becoming excessively involved in sensitive political issues.

  • New airport security technologies raise privacy concerns

    Researchers are developing surveillance technologies better to help airport security officials scan passengers and luggage for contraband and suspicious behavior. Privacy advocates say these expensive and ambitious projects, meant to increase public safety and ease air travel delays, risk intruding on passengers’ privacy.“What starts in the airport doesn’t stay there,” says a technology expert at the ACLU.

  • Court rules NSA bulk metadata collection exceeded Patriot Act’s Section 215

    On Thursday, a three-judge panel from the New York-based 2nd Circuit U.S. Court of Appeals overturned an earlier ruling by Judge William Pauley, which found that the controversial NSA bulk collection of domestic phone metadata was legal and could not be subject to judicial review. That section, which the appeals court ruled the NSA program exceeded, will expire on 1 June. The judges did not address the issue of whether the NSA program violated the Constitution, instead waiting for Congress to decide how to proceed after the program’s 1 June expiration.

  • Lawmakers reintroduce “Aaron’s Law” to curb CFAA abuses

    A bipartisan group of lawmakers have reintroduced a bill known as “Aaron’s Law,” which aims to reform the Computer Fraud and Abuse Act (CFAA). CFAA has been cited by civil libertarians (EFF) as having been abused to the point where it now stifles research and innovation, as well as civil liberties. the measure is intended to honor Aaron Swartz, the Reddit co-founder who was apprehended after downloading millions of scholarly articles from a Massachusetts Institute of Technology database in 2011. Following his arrest, with charges under the CFAA which might lead to a maximum sentence of thirty-five years in prison, Swartz committed suicide at age 26, leading some to charge that the aggression of prosecutors led to the his decision.

  • Breach of background-checks database may lead to blackmail

    Newly released documents show how hackers infiltrated servers used by US Investigations Services(USIS), a federal contractor which conducts background checks for DHS. In a House Oversight and Government Reform Committeehearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management(OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for malicious gain.

  • Efforts to improve cyber information sharing between the private sector, government

    Lately, Obama administration officials having been venturing West to encourage tech firms to support the government’s efforts to improve cyber information sharing between the private sector and government agencies. The House of Representatives last week passed two bills to advance such effort. The Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act of 2015 authorize private firms to share threat data such as malware signatures, Internet protocol addresses, and domain names with other companies and the federal government. To the liking of the private sector, both bills offer companies liability protection for participating in cyberthreat information sharing.

  • Emerging threats require a new social contract between the state, citizens: Study

    Technological advancements create opportunities for governments and the private sector, but they also pose a threat to individual privacy and individual – and public — safety, which most Americans look to the government to protect. The authors of a new book on emerging threats argue that while, at one time, “the government used to be our sole provider of security,” companies which store troves of private information are also key to Americans’ privacy and security. They say that the United States may need a new social contract between the state and its citizens on matters of security and privacy. “The old social contract has its roots in the security dilemmas of the Enlightenment era,” they write. “In our new era, everyone is simultaneously vulnerable to attack and menacing to others. That requires a different, more complex social contract — one that we are just starting to imagine.”

  • FBI, NSA want surveillance measures to remain in reauthorized Patriot Act

    On 1 June, Section 215 of the U.S.A Patriot Act, which permits law enforcement and intelligence agencies to collect certain customers’ records from U.S. businesses including communications and credit card firms, is set to expire. Congress has been debating whether to reauthorize the section of the act or pass measures that will curb the level of surveillance it currently grants. In recent days, representatives from the NSA and the FBI have been meeting with legislators to inform them of the importance of Section 215, still both chambers of Congress seem to be uncertain on how to move forward.

  • Police use of Stingray technology raises privacy advocates’ ire

    Detective Emmanuel Cabreja, a member of the Baltimore Police Department’s Advanced Technical Team, recently testified that the unit owns and operates a Hailstorm cell site simulator, the latest version of the Stingray — a device which mimics a cellphone tower to force phones within its range to connect. For years, law enforcement agencies have used Stingrays to find wanted suspects, but until recently, the technology was largely unknown to the public, partly because law enforcement officers were banned from revealing such information to judges and defense attorneys.

  • New privacy technologies protect personal data better

    In Estonia, the public and private sector have databases, the merging and analysis of which could help the state and enterprises make better management decisions. Such consolidation of data, however, would be a serious threat to privacy and violate data protection rules. A researcher suggests a more convenient way of analyzing very sensitive data without the fear of data leak. The new approach would be appropriate for preserving privacy in genome-wide association studies, satellite collision prediction analysis, and conducting labor market studies.

  • As law enforcement increases use of license plate readers, privacy advocates fret

    Law enforcement agencies across the country have adopted license plate readers (LPRs) to monitor vehicles driving on roads and to locate wanted suspects or suspended drivers.After canceling plans last year to operate its own LPR database, DHS announced last week, through a bid request, that the agency’s ICE is seeking a private sector firm to provide access to already functioning LPR databases for a subscription fee.Privacy advocates argue that the gains made with LPR systems, do not justify the mass monitoring of Americans who drive.

  • Do you know where your data is?

    Bitglass, a data protection company, undertook an experiment aiming to gain better understanding of what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia. “This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO.

  • DHS seeking license plate readers (LPRs) technology -- again

    A year after privacy concerns led DHS to recall its solicitation for bids by private companies to help the department create a national license-plate database which would allow unlimited access to information obtained from commercial and law enforcement license plate readers (LPRs), the agency has renewed its solicitation on the basis that privacy concerns raised by civil liberties groups and lawmakers could be addressed and managed.

  • People act to protect privacy – after learning how often apps share personal information

    Many smartphone users know that free apps sometimes share private information with third parties, but few, if any, are aware of how frequently this occurs. A new study shows that when people learn exactly how many times these apps share that information, they rapidly act to limit further sharing. In an experiment, researchers found that one of the more effective alert messages which g grabbed the attention of phone users and caused them to act to protect their privacy, was: “Your location has been shared 5,398 times.”

  • Senate panel passes revised cybersecurity bill, but privacy concerns remain

    Last Thursday, the Senate Intelligence Committeepassed the Cybersecurity Information Sharing Act(CISA) meant to encourage the private sector to share data with federal agencies, with the hopes of preventing and responding to cyberthreats before they materialized. The bill is a reincarnation of the 2013 Cyber Intelligence Sharing and Protection Act(CISPA), which drew a veto threat from President Barack Obama because of privacy concerns. Critics say that CISA, as was the case with its predecessor, would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.