• Breach of background-checks database may lead to blackmail

    Newly released documents show how hackers infiltrated servers used by US Investigations Services(USIS), a federal contractor which conducts background checks for DHS. In a House Oversight and Government Reform Committeehearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management(OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for malicious gain.

  • Efforts to improve cyber information sharing between the private sector, government

    Lately, Obama administration officials having been venturing West to encourage tech firms to support the government’s efforts to improve cyber information sharing between the private sector and government agencies. The House of Representatives last week passed two bills to advance such effort. The Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act of 2015 authorize private firms to share threat data such as malware signatures, Internet protocol addresses, and domain names with other companies and the federal government. To the liking of the private sector, both bills offer companies liability protection for participating in cyberthreat information sharing.

  • Emerging threats require a new social contract between the state, citizens: Study

    Technological advancements create opportunities for governments and the private sector, but they also pose a threat to individual privacy and individual – and public — safety, which most Americans look to the government to protect. The authors of a new book on emerging threats argue that while, at one time, “the government used to be our sole provider of security,” companies which store troves of private information are also key to Americans’ privacy and security. They say that the United States may need a new social contract between the state and its citizens on matters of security and privacy. “The old social contract has its roots in the security dilemmas of the Enlightenment era,” they write. “In our new era, everyone is simultaneously vulnerable to attack and menacing to others. That requires a different, more complex social contract — one that we are just starting to imagine.”

  • FBI, NSA want surveillance measures to remain in reauthorized Patriot Act

    On 1 June, Section 215 of the U.S.A Patriot Act, which permits law enforcement and intelligence agencies to collect certain customers’ records from U.S. businesses including communications and credit card firms, is set to expire. Congress has been debating whether to reauthorize the section of the act or pass measures that will curb the level of surveillance it currently grants. In recent days, representatives from the NSA and the FBI have been meeting with legislators to inform them of the importance of Section 215, still both chambers of Congress seem to be uncertain on how to move forward.

  • Police use of Stingray technology raises privacy advocates’ ire

    Detective Emmanuel Cabreja, a member of the Baltimore Police Department’s Advanced Technical Team, recently testified that the unit owns and operates a Hailstorm cell site simulator, the latest version of the Stingray — a device which mimics a cellphone tower to force phones within its range to connect. For years, law enforcement agencies have used Stingrays to find wanted suspects, but until recently, the technology was largely unknown to the public, partly because law enforcement officers were banned from revealing such information to judges and defense attorneys.

  • New privacy technologies protect personal data better

    In Estonia, the public and private sector have databases, the merging and analysis of which could help the state and enterprises make better management decisions. Such consolidation of data, however, would be a serious threat to privacy and violate data protection rules. A researcher suggests a more convenient way of analyzing very sensitive data without the fear of data leak. The new approach would be appropriate for preserving privacy in genome-wide association studies, satellite collision prediction analysis, and conducting labor market studies.

  • As law enforcement increases use of license plate readers, privacy advocates fret

    Law enforcement agencies across the country have adopted license plate readers (LPRs) to monitor vehicles driving on roads and to locate wanted suspects or suspended drivers.After canceling plans last year to operate its own LPR database, DHS announced last week, through a bid request, that the agency’s ICE is seeking a private sector firm to provide access to already functioning LPR databases for a subscription fee.Privacy advocates argue that the gains made with LPR systems, do not justify the mass monitoring of Americans who drive.

  • Do you know where your data is?

    Bitglass, a data protection company, undertook an experiment aiming to gain better understanding of what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia. “This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO.

  • DHS seeking license plate readers (LPRs) technology -- again

    A year after privacy concerns led DHS to recall its solicitation for bids by private companies to help the department create a national license-plate database which would allow unlimited access to information obtained from commercial and law enforcement license plate readers (LPRs), the agency has renewed its solicitation on the basis that privacy concerns raised by civil liberties groups and lawmakers could be addressed and managed.

  • People act to protect privacy – after learning how often apps share personal information

    Many smartphone users know that free apps sometimes share private information with third parties, but few, if any, are aware of how frequently this occurs. A new study shows that when people learn exactly how many times these apps share that information, they rapidly act to limit further sharing. In an experiment, researchers found that one of the more effective alert messages which g grabbed the attention of phone users and caused them to act to protect their privacy, was: “Your location has been shared 5,398 times.”

  • Senate panel passes revised cybersecurity bill, but privacy concerns remain

    Last Thursday, the Senate Intelligence Committeepassed the Cybersecurity Information Sharing Act(CISA) meant to encourage the private sector to share data with federal agencies, with the hopes of preventing and responding to cyberthreats before they materialized. The bill is a reincarnation of the 2013 Cyber Intelligence Sharing and Protection Act(CISPA), which drew a veto threat from President Barack Obama because of privacy concerns. Critics say that CISA, as was the case with its predecessor, would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

  • The Brandeis program: Harnessing technology to ensure online privacy

    In a seminal 1890 article in the Harvard Law Review, Louis Brandeis developed the concept of the “right to privacy.” DARPA the other day announced the Brandeis program – a project aiming to research and develop tools for online privacy, one of the most vexing problems facing the connected world as devices and data proliferate beyond a capacity to be managed responsibly.

  • Guaranteeing online anonymity

    Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. “The Tor network isn’t perfect, however,” says a researcher at the Research Center for IT Security (CISPA). CISPA researchers have developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.

  • Security risks, privacy issues too great for moving to Internet voting

    The view held by many election officials, legislators, and members of the public is that if people can shop and bank online in relative security, there is no reason they should not be able to vote on the Internet. Contrary to this popular belief, the fundamental security risks and privacy problems of Internet voting are too great to allow it to be used for public elections, and those problems will not be resolved any time soon, according to a researcher who has studied the issue for more than fifteen years. The security, privacy, reliability, availability, and authentication requirements for Internet voting are very different from, and far more demanding than, those required for e-commerce, and cannot be satisfied by any Internet voting system available today or in the foreseeable future. Such systems are susceptible to “attack” or manipulation by anyone with access to the system, including programmers and IT personnel, not to mention criminal syndicates and even nation states.

  • Government’s authority to protect consumer privacy questioned

    A case in the U.S. Court of Appeals for the Third Circuitin Philadelphia could determine what authority the federal government has in protecting consumer privacy on the Internet. Hotel giant Wyndham Worldwide Corp. argued in court that the Federal Trade Commission(FTC) unlawfully tried to enforce cybersecurity standards when the agency brought a case against Wyndham after hackers allegedly stole data from hundreds of thousands of customer accounts in a series of attacks between April 2008 and January 2010.