• Journalists’ computer security tools lacking in a post-Snowden world

    Edward Snowden’s leak of classified documents to journalists around the world about massive government surveillance programs and threats to personal privacy ultimately resulted in a Pulitzer Prize for public service. Though Snowden had no intention of hiding his identity, the disclosures also raised new questions about how effectively news organizations can protect anonymous sources and sensitive information in an era of constant data collection and tracking. Researchers found a number of security weaknesses in journalists’ and news organizations’ technological tools and ad-hoc workarounds.

  • In first case of its kind, UK high court rules surveillance law unconstitutional

    Controversial surveillance legislation hustled through parliament last summer has been ruled unlawful by the U.K. High Court, which argued that the vague terms and descriptions of powers in the Data Retention and Investigatory Powers Act 2014 (DRIPA) renders the act incompatible with human rights under European law. DRIPA, one in a series of laws supporting controversial surveillance powers passed by successive U.K. governments, establishes the principle by which anti-terrorism measures and national security priorities take precedence over human rights considerations. However, the judgment rules that the EU Charter of Fundamental Rights must take precedence, and in doing so requires the U.K. government to undo its own act of parliament — a significant precedent by a British court.

  • Questions raised about Kaspersky’s close ties to the Russian government

    Kaspersky Lab is a Moscow-based company which sells security software, including antivirus programs. The company has 400 million customers, and it ranks sixth in revenue among security-software makers. Since 2012, the company began to replace senior managers with people with close ties to Russia’s military or intelligence services. The company is also helping the FSB, the KGB’s successor, in investigating hacks – and people in the know say the company provides the FSB with the personal data of customers. The company’s actual or perceived alliances have made it a struggle to win U.S. federal contracts.

  • New U.K. surveillance review calls for a fresh start in the law for interception of communications

    After a year of investigation and consultation, the U.K. Independent Surveillance Review has delivered its conclusions to Prime Minister David Cameron. The authors presented their report, A Democratic License to Operate, yesterday (14 July 2015). The Review shows how a democracy can combine the high level of security the public has a right to expect, and also ensure the respect for privacy and freedom of speech that are the foundations of a democracy. The panel unanimously calls on government, civil society, and industry to accept its recommendations and work together to put them into practice.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Privacy by design: Protecting privacy in the digital world

    It is a fact of modern life — with every click, every tweet, every Facebook Like, we hand over information about ourselves to organizations which are desperate to know all of our secrets, in the hope that those secrets can be used to sell us something. What power can individuals have over their data when their every move online is being tracked? Researchers are building new systems that shift the power back to individual users, and could make personal data faster to access and at much lower cost.

  • Administration rejects criticism of NSA’s surveillance of foreign hackers

    Just two years after the Edward Snowden leaks exposed the NSA’s domestic surveillance program, another report released last Friday from the Snowden files shares information about the NSA’s efforts to track foreign hackers. As with the NSA’s controversial foreign surveillance program which kept metadata records of suspected foreign terrorists’ conversations with Americans, the NSA’s hacker program may incidentally gather Americans’ private information from the files of foreign hackers.

  • Computer searches at border subject to case-by-case reasonableness: Court

    A Washington, D.C. District Court has upheld a ruling that U.S. intelligence and border security agents must have “reasonable suspicion” to seize and search any computer or storage media at the border – especially if the computer and storage media belong to an individual about to leave the country. A South Korean businessman, suspected of buying missile parts for China, was stopped at LAX on his way back to Korea. He was allowed to leave, but his laptop and storage media were seized by agents. Judge Amy Berman Jackson stressed that in border searches, the government has a more compelling interest in searching things that are being brought into the country than things that are about to leave the country. Kim’s lawyers asked the judge to suppress any incriminating evidence found on Kim’s laptop during a warrantless search conducted by the case agents, and she granted to lawyers’ motion. DHS says it will appeal her decision.

  • USMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.

  • The FBI violated its own rules in surveillance of anti-Keystone XL pipeline activists

    More than eighty pages of internal FBI documents dated from November 2012 to June 2014, obtained under the Freedom of Information Act, reveal that the FBI breached its own investigation rules when it spied on protesters opposing the controversial Keystone XL pipeline. Agents in the FBI’s Houston field office failed to get approval before they cultivated informants and opened files on pipeline protesters — a violation of guidelines designed to prevent the agency from becoming excessively involved in sensitive political issues.

  • New airport security technologies raise privacy concerns

    Researchers are developing surveillance technologies better to help airport security officials scan passengers and luggage for contraband and suspicious behavior. Privacy advocates say these expensive and ambitious projects, meant to increase public safety and ease air travel delays, risk intruding on passengers’ privacy.“What starts in the airport doesn’t stay there,” says a technology expert at the ACLU.

  • Court rules NSA bulk metadata collection exceeded Patriot Act’s Section 215

    On Thursday, a three-judge panel from the New York-based 2nd Circuit U.S. Court of Appeals overturned an earlier ruling by Judge William Pauley, which found that the controversial NSA bulk collection of domestic phone metadata was legal and could not be subject to judicial review. That section, which the appeals court ruled the NSA program exceeded, will expire on 1 June. The judges did not address the issue of whether the NSA program violated the Constitution, instead waiting for Congress to decide how to proceed after the program’s 1 June expiration.

  • Lawmakers reintroduce “Aaron’s Law” to curb CFAA abuses

    A bipartisan group of lawmakers have reintroduced a bill known as “Aaron’s Law,” which aims to reform the Computer Fraud and Abuse Act (CFAA). CFAA has been cited by civil libertarians (EFF) as having been abused to the point where it now stifles research and innovation, as well as civil liberties. the measure is intended to honor Aaron Swartz, the Reddit co-founder who was apprehended after downloading millions of scholarly articles from a Massachusetts Institute of Technology database in 2011. Following his arrest, with charges under the CFAA which might lead to a maximum sentence of thirty-five years in prison, Swartz committed suicide at age 26, leading some to charge that the aggression of prosecutors led to the his decision.

  • Breach of background-checks database may lead to blackmail

    Newly released documents show how hackers infiltrated servers used by US Investigations Services(USIS), a federal contractor which conducts background checks for DHS. In a House Oversight and Government Reform Committeehearing last week, Representative Elijah Cummings (D-Maryland) said more than 27,000 personnel seeking security clearances likely were affected by the USIS breach. Similar hacks also affected servers at the Office of Personnel Management(OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for malicious gain.

  • Efforts to improve cyber information sharing between the private sector, government

    Lately, Obama administration officials having been venturing West to encourage tech firms to support the government’s efforts to improve cyber information sharing between the private sector and government agencies. The House of Representatives last week passed two bills to advance such effort. The Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act of 2015 authorize private firms to share threat data such as malware signatures, Internet protocol addresses, and domain names with other companies and the federal government. To the liking of the private sector, both bills offer companies liability protection for participating in cyberthreat information sharing.