• If you seek to “switch off” encryption, you may as well switch off the whole Internet

    Prime Minister David Cameron has stated that the U.K. government will look at “switching off” some forms of encryption in order to make society safer from terror attacks. This might make a grand statement but it is impossible to implement and extremely technologically naïve. Encryption is a core part of the Internet; its use is increasing every day — Google’s services, including search and e-mail, use encrypted streams, as do Facebook and Twitter and many other widely used sites. Encryption makes it almost impossible for eavesdroppers to read the contents of the traffic. It is the foundation upon which all e-commerce is based. The technical case for switching off encryption is thus simply a non-starter. In fact we are moving in the opposite direction, replacing the old, open Internet with one that incorporates security by design. If you wish to switch off encryption, it will unpick the stitching that holds the Internet together.

  • No technological replacement exists for bulk data collection: Report

    No software-based technique can fully replace the bulk collection of signals intelligence, but methods can be developed more effectively to conduct targeted collection and to control the usage of collected data, says a new report from the National Research Council. Automated systems for isolating collected data, restricting queries that can be made against those data, and auditing usage of the data can help to enforce privacy protections and allay some civil liberty concerns, the unclassified report says.

  • Keeping citizens safe while respecting their right to privacy

    Surveillance is an increasingly common – and sometimes controversial – activity, designed fundamentally to protect public and property. The rapid increase in information gathered by surveillance cameras however has led to spiraling costs in terms of storage filtering and data checking, and has also led to concerns that innocent citizens are routinely being tracked. Using innovative new technology, EU-funded researchers have reconciled the need for robust surveillance with the right to privacy.

  • When the camera lies: our surveillance society needs a dose of integrity to be reliable

    Being watched is part of life today. Our governments and industry leaders hide their cameras inside domes of wine-dark opacity so we can’t see which way the camera is looking, or even if there is a camera in the dome at all. They’re shrouded in secrecy. But who is watching them and ensuring the data they collect as evidence against us is reliable? Surveillance evidence is increasingly being used in legal proceedings, but the surveillants – law enforcement, shop-keepers with a camera in their shops, people with smartphones, etc. — have control over their recordings, and if these are the only ones, the one-sided curation of the evidence undermines their integrity. There is thus a need to resolve the lack of integrity in our surveillance society. There are many paths to doing this, all of which lead to other options and issues that need to be considered. But unless we start establishing principles on these matters, we will be perpetuating a lack of integrity regarding surveillance technologies and their uses.

  • Can a hacker stop your car or your heart? Security and the Internet of Things

    An ever-increasing number of our consumer electronics is Internet-connected. We’re living at the dawn of the age of the Internet of Things. Appliances ranging from light switches and door locks, to cars and medical devices boast connectivity in addition to basic functionality. The convenience can’t be beat, but the security and privacy implications cannot and should not be ignored. There needs to be a concerted effort to improve security of future devices. Researchers, manufacturers and end users need to be aware that privacy, health and safety can be compromised by increased connectivity. Benefits in convenience must be balanced with security and privacy costs as the Internet of Things continues to infiltrate our personal spaces.

  • Online tools help users adopt better privacy practices

    Research shows a growing concern for online privacy, but Internet users give up personal information every day in exchange for the convenience and functionality of a variety of online services. Online privacy is distinct from online security, which encompasses efforts to mitigate the theft of personal information. Most violations of online privacy are not illegal but rather the results of tacit consumer consent. The new Privacy Helper mobile app teaches users about the features on their phones that can affect privacy. The key to Privacy Helper, its developers say, is its flexibility in giving users better control over how they share personal information.

  • Judges question claims that NSA metadata collection poses threat to ordinary citizens

    A panel of three judges on the U.S. Court of Appeals for the District of Columbia challenged arguments made earlier this week by Larry Klayman, a conservative lawyer arguing on his own behalf, and Cindy Cohn, an attorney representing the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU), that the National Security Agency’s (NSA) mass-surveillance program is a breach of the Fourth Amendment, which protects against unreasonable searches.The case, Klayman v. Obama, is one of three currently at the appeals-court level regarding the NSA surveillance program.In the D.C. Circuit Court of Appeals, Judges Stephen Williams and David Sentelle voiced skepticism about claims that collecting metadata posed a threat to ordinary citizens.

  • Identifying ways to improve smartphone security

    What information is beaming from your mobile phone over various computer networks this very second without you being aware of it? Experts say your contact lists, e-mail messages, surfed Web pages, browsing histories, usage patterns, online purchase records and even password protected accounts may all be sharing data with intrusive and sometimes malicious applications, and you may have given permission. The apps downloaded to smartphones can potentially track a user’s locations, monitor his or her phone calls and even monitor the messages a user sends and receives — including authentication messages used by online banking and other sites, he says, explaining why unsecured digital data are such a big issue. Assigning risk scores to apps may slow down unwarranted access to personal information.

  • ICE offices subscribed to national license-plate database in violation of DHS policy

    In February, DHS officials dropped a controversial bidwhich would have allowed the department to access a national license-plate database, citing possible violation of Americans’ civil liberties. Soon after, DHS officials established a policy which required similar plans to be reviewed by department privacy officers. Roughly two months after that policy was put in place, officials with DHS’s Newark and Houston field offices of the Immigration and Customs Enforcement(ICE) agency purchased subscriptions for a commercially run national license-plate database without approval from DHS’ privacy office.

  • Peekaboo, I see you: Government authority intended for terrorism is used for other purposes

    The Patriot Act continues to wreak its havoc on civil liberties. Section 213 was included in the Patriot Act over the protests of privacy advocates and granted law enforcement the power to conduct a search while delaying notice to the suspect of the search. Known as a “sneak and peek” warrant, law enforcement was adamant Section 213 was needed to protect against terrorism. But the latest government report detailing the numbers of “sneak and peek” warrants reveals that out of a total of over 11,000 sneak and peek requests, only fifty-one were used for terrorism. Yet again, terrorism concerns appear to be trampling our civil liberties.

  • Law enforcement: Apple iOS 8 software would hinder efforts to keep public safety

    With its new iOS 8 operating software, Apple is making it more difficult for law enforcement to engage in surveillance of users of iOS8 smartphones. Apple has announced that photos, e-mail, contacts, and other personal information will now be encrypted, using the user’s very own passwords — meaning that Apple will no longer be able to respond to government warrants for the extraction of data.

  • Growing scrutiny of police use of Stingray surveillance technology

    IMSI-catcher (International Mobile Subscriber Identity), aka Stingray, is a surveillance technology which simulates cell phone towers in order to intercept mobile phone calls and text messages. Privacy advocates have scrutinized the use of Stingrays in U.S. cities because, when the device tracks a suspect’s cell phone, it also gathers information about the phones of bystanders within the target range. Additionally, police use Stingrays without properly identifying the technology when requesting search warrants has raised concerns.

  • Social media firms pledging to keep users anonymous still collect users’ information

    Social media firm Whisperprides itself on offering anonymity in a market where the biggest players are often considered too transparent. Its co-founder, Michael Heyward, a tech entrepreneur, describes the company as “the first completely anonymous social network,” an alternative to Facebookand Twitter. It now emerges that Whisper’s back-end systems that retain digital libraries of texts and photographs sent by users, and in some cases the location information of users.

  • New Web privacy system would revolutionize surfing safety

    Scientists have built a new system that protects Internet users’ privacy while increasing the flexibility for Web developers to build Web applications that combine data from different Web sites, dramatically improving the safety of surfing the Web. The system, “Confinement with Origin Web Labels,” or COWL, works with Mozilla’s Firefox and the open-source version of Google’s Chrome Web browsers and prevents malicious code in a Web site from leaking sensitive information to unauthorized parties, while allowing code in a Web site to display content drawn from multiple Web sites — an essential function for modern, feature-rich Web applications.

  • $3 million in grants for three pilot projects to improve online security, privacy

    The National Institute of Standards and Technology (NIST) the other day announced nearly $3 million in grants that will support projects for online identity protection to improve privacy, security and convenience. The three recipients of the National Strategy for Trusted Identities in Cyberspace (NSTIC) grants will pilot solutions that make it easier to use mobile devices instead of passwords for online authentication, minimize loss from fraud and improve access to state services.