• U.K. surveillance bill debate: Judicial warrants vs. ministerial authorization for intercepts

    Former Conservative shadow home secretary David Davis has said that the plans to grant police and intelligence agencies new powers to monitor suspects online will not get through parliament without a requirement for judges to sign off on spying warrants. A legal report written at the request of Home Secretary Theresa May recommended that judicial warrant rather than a ministerial authorization be required for intercepting individuals’ communications. Parliament’s Intelligence and Security Committee, however, recommended in March that ministerial authorization would be preferable. A draft of a new investigatory powers bill will be published Wednesday, and May said she would “be explaining the government’s position to parliament this week.”

  • Legislation would give U.K. police powers to access U.K. computer users’ browsing history

    The U.K. police and intelligence service, ahead of the publication this coming Wednesday of legislation on regulating surveillance powers, have urged the government to give them the power to view the Internet browsing history of British computer users. Senior officers were pressuring the government to revive measures which would require telecommunications companies to retain for twelve months data which would reveal Web sites visited by customers. The police and intelligence agencies argue that such measures are necessary because the scale of online activity has made traditional methods of surveillance and investigation less useful.

  • IRS commissioner confirms agency employs cellphone tracking devices

    IRS commissioner John Koskinen on Tuesday confirmed to lawmakers that his agency employed StingRay cellphone tracking devices. Koskinen said that the agency’s use of StingRay devices is limited to its criminal investigations division, which is responsible of investigating money laundering, terrorism, and organized crime cases. “It can only be used with a court order. It can only be used based on probable cause of criminal activity,” Koskinen said, the Hill reports. “It is not used in civil matters at all,” he continued. “It’s not used by other employees of the IRS.”

  • Amendment to CISA: U.S. courts could pursue foreigners for crimes abroad against other foreigners

    A controversial amendment to an already-controversial cybersecurity bill will allow U.S. courts to pursue, convict, and jail foreign nationals in cases in which these foreigners committed crimes against other foreigners on foreign soil. The amendment to the Cybersecurity Information Sharing Act (CISA) cleared a key Senate hurdle on Thursday. It aims to lower the barrier for prosecuting crimes committed abroad.

  • EFF leads privacy advocates in opposing CISA

    Privacy advocates have intensified their campaign against the Cybersecurity Information Sharing Act (CISA), which the Senate will vote on sometime next week. The Electronic Frontier Foundation (EFF) says it vehemently opposes the bill, as well as amendments which would expand the Computer Fraud and Abuse Act. EFF says that CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and what EFF describes as “aggressive spying powers” combine to “make the bill a surveillance bill in disguise.”

  • Ruling shows Europe still vexed over NSA spying, leaving U.S. companies in legal limbo

    For over fifteen years, the Data Transfer Pact between the European Union and the United States, more commonly known as Safe Harbor, had ensured that companies with EU operations could transfer online data about their employees and customers back to the United States despite stark differences between U.S. and European privacy law. Earlier this month, U.S. companies operating in Europe got some unwelcome news: Safe Harbor had been ruled invalid. The European court’s ruling has serious implications for these companies’ business models and profitability, leaving many scrambling to find solutions. But it also exposes a fundamental cultural rift between the U.S. and Europe’s conceptions of privacy – one that a new agreement won’t be able to paper over.

  • New tool allows users to see how their personal information is used on the Web

    Navigating the Web gets easier by the day as corporate monitoring of our e-mails and browsing habits fine-tune the algorithms that serve us personalized ads and recommendations. But convenience comes at a cost. In the wrong hands, our personal information can be used against us, to discriminate on housing and health insurance, and overcharge on goods and services, among other risks. “The Web is like the Wild West,” says one researcher. “There’s no oversight of how our data are being collected, exchanged and used.”

  • If you think your emails are private, think again

    When you type up a racy e-mail to a loved one, do you consider the details private? It appears that at least some Internet users expect a different, and higher, level of privacy simply because the information is cloaked in an e-mail. That’s the issue at stake in a pending lawsuit against Yahoo! Inc. Plaintiffs filed an e-mail privacy lawsuit against Yahoo in the U.S. District Court for the Northern District of California under several privacy laws, including the Stored Communications Act (SCA) — a federal law that prohibits an e-mail service provider from knowingly divulging to any person or entity the contents of a communication while in electronic storage. The plaintiffs won a short-term victory in achieving class action certification, but the bigger issue over whether they can object to the scanning of their e-mails by Yahoo — based on a right to privacy — given Yahoo’s disclosure of its scanning and possible sharing practices and given that they chose to send and/or receive an e-mail to a Yahoo user, is far from being decided in their favor.

  • European Court of Justice: U.S. data systems expose users to state surveillance

    The European Court of Justice (ECJ) in Luxembourg has ruled that U.S. digital data storage systems fail to provide sufficient privacy from state surveillance. The ECJ declared the American so-called safe harbor scheme “invalid.” The ruling, which is binding on all EU members states, stated that: “The United States … scheme thus enables interference, by United States public authorities, with the fundamental rights of persons…” The ruling will have far-reaching ramifications for the online industry and would likely lead many companies to relocate their operations.

  • Supposedly encrypted national identifying numbers easily decrypted

    Studies raise questions about the use of national identifying numbers by showing that Resident Registration Numbers (RRN) used in South Korea can be decrypted to reveal a host of personal information. A team of researchers in two experiments was able to decrypt more than 23,000 RRNs using both computation and logical reasoning. The findings suggest that, while such identifiers are encrypted to protect privacy, they remain vulnerable to attack and must be designed to avoid such weaknesses.

  • Smart watches allow hackers to harvest users’ data

    They are the latest rage in jewelry and gadgetry, but like all computer devices, smart watches are vulnerable to hackers. Using a homegrown app on a Samsung Gear Live smart watch, researchers were able to guess what a user was typing through data “leaks” produced by the motion sensors on smart watches. The project, called Motion Leaks through Smartwatch Sensors, or MoLe, has privacy implications, as an app that is camouflaged as a pedometer, for example, could gather data from emails, search queries and other confidential documents.

  • Bill requiring Internet companies to report “terrorist activity” opposed by digital rights groups

    A coalition of digital rights groups and trade associations last week released a joint letter opposing a proposal in the Senate to require U.S. tech firms to police the speech of their users and to report any signs of apparent “terrorist activity” to law enforcement. The letter says that this sweeping mandate covers an undefined category of activities and communications and would likely lead to significant over-reporting by communication service providers. The letter urged senators to remove the “terrorist activity” reporting requirements from the Intelligence Authorization Act (S. 1705).

  • Windows 10 is not really free: you are paying for it with your privacy

    Windows 10, it seems, is proving a hit with both the public and the technology press after its release last week. After two days, it had been installed on sixty-seven million PCs. For those concerned about privacy, it is the very fact that the upgrade is free that has them concerned that Microsoft has adopted a new, “freemium” model for making money from its operating system. Microsoft is employing a unique “advertising ID” that is assigned to a user when Windows 10 is installed. This is used to target personalized ads at the user. There are steps users can take to mitigate the worst of the privacy issues with Windows 10, and these are highly recommended. Microsoft should have allowed users to pay a regular fee for the product in exchange for a guarantee of the levels of privacy its users deserve.

  • Shoring up Tor

    With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and Web sites hosting content that’s been deemed subversive have used it to hide the locations of their servers. Researchers have now demonstrated a vulnerability in Tor’s design, mounting successful attacks against popular anonymity network — and show how to prevent them.

  • NSA to destroy millions of American call records collected under controversial program

    The director of national intelligence said on Monday that the NSA would no longer examine call records collected by the NSA in its controversial bulk collection program before the June reauthorization of the Patriot Act which prohibits such collection. Bulk records are typically kept for five years, but the director said that although the records in the NSA database were collected lawfully, they would not be examined, and would soon be destroyed.