• Amendment to CISA: U.S. courts could pursue foreigners for crimes abroad against other foreigners

    A controversial amendment to an already-controversial cybersecurity bill will allow U.S. courts to pursue, convict, and jail foreign nationals in cases in which these foreigners committed crimes against other foreigners on foreign soil. The amendment to the Cybersecurity Information Sharing Act (CISA) cleared a key Senate hurdle on Thursday. It aims to lower the barrier for prosecuting crimes committed abroad.

  • EFF leads privacy advocates in opposing CISA

    Privacy advocates have intensified their campaign against the Cybersecurity Information Sharing Act (CISA), which the Senate will vote on sometime next week. The Electronic Frontier Foundation (EFF) says it vehemently opposes the bill, as well as amendments which would expand the Computer Fraud and Abuse Act. EFF says that CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and what EFF describes as “aggressive spying powers” combine to “make the bill a surveillance bill in disguise.”

  • Ruling shows Europe still vexed over NSA spying, leaving U.S. companies in legal limbo

    For over fifteen years, the Data Transfer Pact between the European Union and the United States, more commonly known as Safe Harbor, had ensured that companies with EU operations could transfer online data about their employees and customers back to the United States despite stark differences between U.S. and European privacy law. Earlier this month, U.S. companies operating in Europe got some unwelcome news: Safe Harbor had been ruled invalid. The European court’s ruling has serious implications for these companies’ business models and profitability, leaving many scrambling to find solutions. But it also exposes a fundamental cultural rift between the U.S. and Europe’s conceptions of privacy – one that a new agreement won’t be able to paper over.

  • New tool allows users to see how their personal information is used on the Web

    Navigating the Web gets easier by the day as corporate monitoring of our e-mails and browsing habits fine-tune the algorithms that serve us personalized ads and recommendations. But convenience comes at a cost. In the wrong hands, our personal information can be used against us, to discriminate on housing and health insurance, and overcharge on goods and services, among other risks. “The Web is like the Wild West,” says one researcher. “There’s no oversight of how our data are being collected, exchanged and used.”

  • If you think your emails are private, think again

    When you type up a racy e-mail to a loved one, do you consider the details private? It appears that at least some Internet users expect a different, and higher, level of privacy simply because the information is cloaked in an e-mail. That’s the issue at stake in a pending lawsuit against Yahoo! Inc. Plaintiffs filed an e-mail privacy lawsuit against Yahoo in the U.S. District Court for the Northern District of California under several privacy laws, including the Stored Communications Act (SCA) — a federal law that prohibits an e-mail service provider from knowingly divulging to any person or entity the contents of a communication while in electronic storage. The plaintiffs won a short-term victory in achieving class action certification, but the bigger issue over whether they can object to the scanning of their e-mails by Yahoo — based on a right to privacy — given Yahoo’s disclosure of its scanning and possible sharing practices and given that they chose to send and/or receive an e-mail to a Yahoo user, is far from being decided in their favor.

  • European Court of Justice: U.S. data systems expose users to state surveillance

    The European Court of Justice (ECJ) in Luxembourg has ruled that U.S. digital data storage systems fail to provide sufficient privacy from state surveillance. The ECJ declared the American so-called safe harbor scheme “invalid.” The ruling, which is binding on all EU members states, stated that: “The United States … scheme thus enables interference, by United States public authorities, with the fundamental rights of persons…” The ruling will have far-reaching ramifications for the online industry and would likely lead many companies to relocate their operations.

  • Supposedly encrypted national identifying numbers easily decrypted

    Studies raise questions about the use of national identifying numbers by showing that Resident Registration Numbers (RRN) used in South Korea can be decrypted to reveal a host of personal information. A team of researchers in two experiments was able to decrypt more than 23,000 RRNs using both computation and logical reasoning. The findings suggest that, while such identifiers are encrypted to protect privacy, they remain vulnerable to attack and must be designed to avoid such weaknesses.

  • Smart watches allow hackers to harvest users’ data

    They are the latest rage in jewelry and gadgetry, but like all computer devices, smart watches are vulnerable to hackers. Using a homegrown app on a Samsung Gear Live smart watch, researchers were able to guess what a user was typing through data “leaks” produced by the motion sensors on smart watches. The project, called Motion Leaks through Smartwatch Sensors, or MoLe, has privacy implications, as an app that is camouflaged as a pedometer, for example, could gather data from emails, search queries and other confidential documents.

  • Bill requiring Internet companies to report “terrorist activity” opposed by digital rights groups

    A coalition of digital rights groups and trade associations last week released a joint letter opposing a proposal in the Senate to require U.S. tech firms to police the speech of their users and to report any signs of apparent “terrorist activity” to law enforcement. The letter says that this sweeping mandate covers an undefined category of activities and communications and would likely lead to significant over-reporting by communication service providers. The letter urged senators to remove the “terrorist activity” reporting requirements from the Intelligence Authorization Act (S. 1705).

  • Windows 10 is not really free: you are paying for it with your privacy

    Windows 10, it seems, is proving a hit with both the public and the technology press after its release last week. After two days, it had been installed on sixty-seven million PCs. For those concerned about privacy, it is the very fact that the upgrade is free that has them concerned that Microsoft has adopted a new, “freemium” model for making money from its operating system. Microsoft is employing a unique “advertising ID” that is assigned to a user when Windows 10 is installed. This is used to target personalized ads at the user. There are steps users can take to mitigate the worst of the privacy issues with Windows 10, and these are highly recommended. Microsoft should have allowed users to pay a regular fee for the product in exchange for a guarantee of the levels of privacy its users deserve.

  • Shoring up Tor

    With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and Web sites hosting content that’s been deemed subversive have used it to hide the locations of their servers. Researchers have now demonstrated a vulnerability in Tor’s design, mounting successful attacks against popular anonymity network — and show how to prevent them.

  • NSA to destroy millions of American call records collected under controversial program

    The director of national intelligence said on Monday that the NSA would no longer examine call records collected by the NSA in its controversial bulk collection program before the June reauthorization of the Patriot Act which prohibits such collection. Bulk records are typically kept for five years, but the director said that although the records in the NSA database were collected lawfully, they would not be examined, and would soon be destroyed.

  • Journalists’ computer security tools lacking in a post-Snowden world

    Edward Snowden’s leak of classified documents to journalists around the world about massive government surveillance programs and threats to personal privacy ultimately resulted in a Pulitzer Prize for public service. Though Snowden had no intention of hiding his identity, the disclosures also raised new questions about how effectively news organizations can protect anonymous sources and sensitive information in an era of constant data collection and tracking. Researchers found a number of security weaknesses in journalists’ and news organizations’ technological tools and ad-hoc workarounds.

  • In first case of its kind, UK high court rules surveillance law unconstitutional

    Controversial surveillance legislation hustled through parliament last summer has been ruled unlawful by the U.K. High Court, which argued that the vague terms and descriptions of powers in the Data Retention and Investigatory Powers Act 2014 (DRIPA) renders the act incompatible with human rights under European law. DRIPA, one in a series of laws supporting controversial surveillance powers passed by successive U.K. governments, establishes the principle by which anti-terrorism measures and national security priorities take precedence over human rights considerations. However, the judgment rules that the EU Charter of Fundamental Rights must take precedence, and in doing so requires the U.K. government to undo its own act of parliament — a significant precedent by a British court.

  • Questions raised about Kaspersky’s close ties to the Russian government

    Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.