• Virginia lawmakers mull limiting police use of license plate readers

    Some Virginia lawmakers are planning to propose legislation which will limit the police use of license plate readers (LPRs). The state currently has no laws restricting how police collect or store license plate data gathered by LPRs. Last year, then-Attorney General Ken Cuccinelli said he believed Virginia State Police should be restricted from capturing and storing license plate data outside of a specific, ongoing criminal investigation, but for now, police departments across the state have adopted their own measures.

  • Using biometrics to protect India’s one billion people raises security, privacy concerns

    The cutting edge of biometric identification — using fingerprints or eye scans to confirm a person’s identity – is not at the FBI or the Department of Homeland Security. It is in India. India’s Aadhaar program, operated by the Unique Identification Authority of India (UIDAI) and created to confirm the identities of citizens who collect government benefits, has amassed fingerprint and iris data on 500 million people. It is the biggest biometric database in the world, twice as big as that of the FBI. It can verify one million identities per hour, each one taking about thirty seconds. The program unnerves some privacy advocates with its Orwellian overtones.

  • Businesses looking to bolster cybersecurity

    Since the recent data breaches at retailers Target and Neiman Marcus, in which hackers stole millions of customers’ credit and debit card information, consumers have been urging card providers to offer better secure payment processors. Legislators have introduced the Data Security Act of 2014 to establish uniform requirements for businesses to protect and secure consumers’ electronic data. The bill will replace the many different, and often conflicting, state laws that govern data security and notification standards in the event of a data breach.

  • Adoption of battlefield surveillance system in urban settings raises privacy concerns

    More cities are adopting an aerial surveillance system first developed for the military. The surveillance cameras, fitted on a small plane, can record a 25-square-mile area for up to six hours, and cost less than the price of a police helicopter. The system also has the capability of watching 10,000 times the area that a police helicopter could watch. Privacy advocates are concerned. “There are an infinite number of surveillance technologies that would help solve crimes, but there are reasons that we don’t do those things, or shouldn’t be doing those things,” said one of them.

  • How the Heartbleed bug reveals a flaw in online security

    The Heartbleed bug – which infects an extremely widespread piece of software called OpenSSL  — has potentially exposed the personal and financial data of millions of people stored online has also exposed a hole in the way some security software is developed and used. The Heartbleed bug represents a massive failure of risk analysis. OpenSSL’s design prioritizes performance over security, which probably no longer makes sense. But the bigger failure in risk analysis lies with the organizations which use OpenSSL and other software like it. A huge array of businesses, including very large IT businesses with the resources to act, did not take any steps in advance to mitigate the losses. They could have chosen to fund a replacement using more secure technologies, and they could have chosen to fund better auditing and testing of OpenSSL so that bugs such as this are caught before deployment. They didn’t do either, so they — and now we — wear the consequences, which likely far exceed the costs of mitigation.

  • Measuring smartphone malware infection rates

    Researchers show that infection rates in Android devices at around 0.25 percent are significantly higher than the previous independent estimate. They also developed a technique to identify devices infected with previously unknown malware.

  • Protecting personal data on smartphone

    Social networking and the instantaneous sharing of information have revolutionized the way we communicate. Our mobile phones are able to automatically obtain information such as our current location and activities. This information can be easily collected and analyzed to expose our private life. What is even more malicious is that the personal data contained in our smartphones can be disclosed via installed applications without our being informed.

  • Quantum cryptography to help us keep our secrets secret

    In the history of secret communication, the most brilliant efforts of code-makers have been matched time and again by the ingenuity of code-breakers. Sometimes we can even see it coming. We already know that one of today’s most widely used encryption systems, RSA, will become insecure once a quantum computer is built. An article in Nature reviewing developments in quantum cryptography describes how we can keep our secrets secret even when faced with the double challenge of mistrust and manipulation.

  • New tool makes scanning the Internet for illegal images possible

    Researchers have developed a system that makes it possible to scan traffic on the Internet for illegal photographs. The system can, for example, help trace child pornography on the Internet without infringing on the privacy of Internet users. Internet service providers could use the tool to keep their network “clean.”

  • NSA program captures, replays phone calls

    The NSA’s MYSTIC program, created in 2009, deploys a “retrospective retrieval” (RETRO) tool which allows agents to rewind and playback all phone conversations that have taken place in the past thirty days in an unnamed foreign country, according to Edward Snowden-leaked documents. The MYSTIC program differs from other NSA surveillance programs revealed by Snowden because it captures the content of phone conversations, not just calls’ metadata.

  • Facebook making snooping more difficult

    Facebook has joined its Silicon Valley competitors to improve cybersecurity following a recent report suggesting that the NSA may have posed as Facebook to infect targeted computers. Joe Sullivan, Facebook’s chief security officer, said Facebook was working to “make sure the system is robust enough that everyone should be coming in the front door with legal process and not getting information any other way.” He added that no one could pose as Facebook servers any more since the company made “https,” a secure method of accessing Web pages, standard last year.

  • MetaPhone: The sensitivity of telephone metadata

    Is telephone metadata sensitive? This is, at base, a factual dispute. Is it easy to draw sensitive inferences from phone metadata? How often do people conduct sensitive matters by phone, in a manner reflected by metadata? New research finds that phone metadata is unambiguously sensitive, even in a small population and over a short time window. The researchers were able to infer medical conditions, firearm ownership, and more, using solely phone metadata.

  • Software spots malicious behavior by apps

    Last year at the end of July the Russian software company Doctor Web detected several malicious apps in the app store Google Play. Downloaded on a smartphone, the malware installed — without the permission of the user — additional programs which sent expensive text messages to premium services. German computer scientists have now developed software which can discover such malicious apps already in the app store. The software detects pieces of code where the app accesses sensitive data and where data is sent from the mobile device.

  • Biometric security for mobile devices becoming mainstream

    Biometric security such as fingerprint, face, and voice recognition is set to hit the mainstream as global technology companies market the systems as convenient and easy to use. The latest biometric technologies are not without their security issues, but they are marketed as more convenient than traditional methods rather than more secure, and encourage adoption by people who currently do not have any security on their phone at all.

  • Collecting digital user data without compromising privacy

    The statistical evaluation of digital user data is of vital importance for analyzing trends. It can also undermine users’ privacy. Computer scientists have now developed a novel cryptographic method that makes it possible to collect data and protect the privacy of the user at the same time.