• Potential threat to speech privacy via smartphone motion sensors

    Could smartphone motion sensors be used by cybercriminals to record speech? It is a question that many academic and industry researchers are working to answer in order to ward off this kind of malicious use before it happens. Recent studies suggest security flaws and sensitivities to low-frequency audio signals, such as human speech, in accelerometers and gyroscopes could allow cybercriminals to collect confidential information such as credit card numbers and Social Security numbers as users speak into or near a mobile device.

  • The ENCRYPT Act protects encryption from U.S. state prying

    It’s not just the DOJ and the FBI that want to compromise your right to private communications and secure devices—some state lawmakers want to weaken encryption, too. In recent years, a couple of state legislatures introduced bills to restrict or outright ban encryption on smartphones and other devices. Fortunately, several Congress members recently introduced their own bill to stop this dangerous trend before it goes any further.

  • HART: Homeland Security’s massive new database will include face recognition, DNA, and peoples’ “non-obvious relationships”

    The U.S. Department of Homeland Security (DHS) is quietly building what will likely become the largest database of biometric and biographic data on citizens and foreigners in the United States. The agency’s new Homeland Advanced Recognition Technology (HART) database will include multiple forms of biometrics—from face recognition to DNA, data from questionable sources, and highly personal data on innocent people. It will be shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments. And yet, we still know very little about it.

  • Civil liberties organizations urge transparency on NSA domestic phone record surveillance

    Last week, twenty-four civil liberties organizations sent a letter to Director of National Intelligence Daniel Coats, urging him to report—as required by law—statistics that could help clear up just how many individuals are subject to broad NSA surveillance of domestic telephone records. According to the most recent transparency report from the Office of the Director of National Intelligence (ODNI), the NSA collected more than 530 million call records in 2017, an increase of more than 300 percent from the year prior.

  • Failing to keep pace: The cyber threat and its implications for our privacy laws

    “The time has come — indeed, if it has not already passed — to think seriously about some fundamental questions with respect to our reliance on cyber technologies: How much connected technology do we really want in our daily lives? Do we want the adoption of new connected technologies to be driven purely by innovation and market forces, or should we impose some regulatory constraints?” asked NSA General Counsel Glenn Gerstell in a Wednesday presentation at Georgetown University. “Although we continue to forge ahead in the development of new connected technologies, it is clear that the legal framework underpinning those technologies has not kept pace. Despite our reliance on the internet and connected technologies, we simply haven’t confronted, as a U.S. society, what it means to have privacy in a digital age.”

  • NIST updates Risk Management Framework to include privacy considerations

    Augmenting its efforts to protect the U.S. critical assets from cybersecurity threats as well as protect individuals’ privacy, NIST has issued a draft update to its Risk Management Framework (RMF) to help organizations more easily meet these goals.

  • Privacy advocates urge New York court to ban warrantless searches at the border

    The Electronic Frontier Foundation (EFF) filed an amicus brief Tuesday, along with the ACLU and NYCLU, urging a New York State appellate court to rule that border agents need a probable cause warrant to search the electronic devices of people at international airports and other border crossings. EFF notes that recent weeks saw court victories for travelers’ digital privacy.

  • Your genome may have already been hacked

    On 25 April, California law enforcement announced the possible capture of a long-sought serial killer. Shortly after, it was reported that police had used public DNA databases to determine his identity. This extraordinary event highlights that when you send off a cheek swab to one of the private genome companies, you may sacrifice not just your own privacy but that of your family and your ancestors. In a time of widespread anxiety over the misuse of social media, Americans should also be concerned over who has access to their genetic information.

  • Britain’s mass surveillance regime is directly opposing human rights

    In light of the Facebook data scandal more people are beginning to challenge the web’s pervasive surveillance culture. But few British citizens seem to be aware of the government’s own online surveillance regime – significant parts of which have been deemed unlawful.

  • Hearing Monday in lawsuit over border searches of laptops, smartphones

    The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) will appear in federal court in Boston Monday, fighting the U.S. government’s attempts to block their lawsuit over illegal laptop and smartphone searches at the country’s borders.

  • Activists cry foul as Russian court orders Telegram app blocked

    A Moscow court has issued an order to block access to Telegram, ruling in favor of the state and against the defiant self-exiled Russian entrepreneur who created the popular messaging app. The 13 April ruling was expected, but is certain to deepen concerns that the government is seeking to close avenues for dissent as President Vladimir Putin heads into a new six-year term. Amnesty International warned that blocking Telegram would be “the latest in a series of attacks on online freedom of expression” in Russia.

  • New approaches are needed to protect consumer data

    Facebook’s current privacy crisis and questions about how Google gathers, uses and stores our personal information demonstrate an urgent need to review and replace inadequate and outdated ways to regulate data and information, according to a business law expert.

  • Privacy of Americans not protected in omnibus spending bill

    The CLOUD Act, inserted at the very end of the 2,232-page omnibus spending bill, will make substantial amendments to the Electronic Communications Privacy Act (ECPA). It grants U.S. law enforcement entities new powers to compel U.S. companies to disclose communications and data on U.S. and foreign users that is stored overseas. It also empowers foreign governments to demand the stored and real-time data and communications of users outside the U.S.

  • Leaky apps exacerbate Facebook’s privacy risks

    A bug in Facebook’s advertising platform made it possible for potential hackers to uncover users’ phone numbers, according to new research. The Facebook advertising system is incredibly effective at targeting specific audiences, which is what has made the company so lucrative, says a researcher. But because anyone can become an advertiser, and there is very little transparency in what ads are being placed, the platform “could be used for nefarious purposes,” he added.

  • With no clear liability against Facebook, expert calls for stronger data privacy laws

    The Federal Trade Commission announced Tuesday that it has opened an investigation into Facebook after a data analytics firm collected the private data of more than fifty million users. Cambridge Analytica, the data company hired by the Trump campaign in 2016, has been accused of taking private information unbeknownst to users. The FTC will investigate whether or not Facebook violated a 2011 consent order with the FTC over its handling of user data and how the company notifies changes to its terms of service. Northeastern’s Professor Woodrow Hartzog, who specializes in privacy and data protection law, explains the possible legal fallout from this investigation.