• Emerging threats require a new social contract between the state, citizens: Study

    Technological advancements create opportunities for governments and the private sector, but they also pose a threat to individual privacy and individual – and public — safety, which most Americans look to the government to protect. The authors of a new book on emerging threats argue that while, at one time, “the government used to be our sole provider of security,” companies which store troves of private information are also key to Americans’ privacy and security. They say that the United States may need a new social contract between the state and its citizens on matters of security and privacy. “The old social contract has its roots in the security dilemmas of the Enlightenment era,” they write. “In our new era, everyone is simultaneously vulnerable to attack and menacing to others. That requires a different, more complex social contract — one that we are just starting to imagine.”

  • FBI, NSA want surveillance measures to remain in reauthorized Patriot Act

    On 1 June, Section 215 of the U.S.A Patriot Act, which permits law enforcement and intelligence agencies to collect certain customers’ records from U.S. businesses including communications and credit card firms, is set to expire. Congress has been debating whether to reauthorize the section of the act or pass measures that will curb the level of surveillance it currently grants. In recent days, representatives from the NSA and the FBI have been meeting with legislators to inform them of the importance of Section 215, still both chambers of Congress seem to be uncertain on how to move forward.

  • Police use of Stingray technology raises privacy advocates’ ire

    Detective Emmanuel Cabreja, a member of the Baltimore Police Department’s Advanced Technical Team, recently testified that the unit owns and operates a Hailstorm cell site simulator, the latest version of the Stingray — a device which mimics a cellphone tower to force phones within its range to connect. For years, law enforcement agencies have used Stingrays to find wanted suspects, but until recently, the technology was largely unknown to the public, partly because law enforcement officers were banned from revealing such information to judges and defense attorneys.

  • New privacy technologies protect personal data better

    In Estonia, the public and private sector have databases, the merging and analysis of which could help the state and enterprises make better management decisions. Such consolidation of data, however, would be a serious threat to privacy and violate data protection rules. A researcher suggests a more convenient way of analyzing very sensitive data without the fear of data leak. The new approach would be appropriate for preserving privacy in genome-wide association studies, satellite collision prediction analysis, and conducting labor market studies.

  • As law enforcement increases use of license plate readers, privacy advocates fret

    Law enforcement agencies across the country have adopted license plate readers (LPRs) to monitor vehicles driving on roads and to locate wanted suspects or suspended drivers.After canceling plans last year to operate its own LPR database, DHS announced last week, through a bid request, that the agency’s ICE is seeking a private sector firm to provide access to already functioning LPR databases for a subscription fee.Privacy advocates argue that the gains made with LPR systems, do not justify the mass monitoring of Americans who drive.

  • Do you know where your data is?

    Bitglass, a data protection company, undertook an experiment aiming to gain better understanding of what happens to sensitive data once it has been stolen. In the experiment, stolen data traveled the globe, landing in five different continents and twenty-two countries within two weeks. Overall, the data was viewed more than 1,000 times and downloaded forty-seven times; some activity had connections to crime syndicates in Nigeria and Russia. “This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO.

  • DHS seeking license plate readers (LPRs) technology -- again

    A year after privacy concerns led DHS to recall its solicitation for bids by private companies to help the department create a national license-plate database which would allow unlimited access to information obtained from commercial and law enforcement license plate readers (LPRs), the agency has renewed its solicitation on the basis that privacy concerns raised by civil liberties groups and lawmakers could be addressed and managed.

  • People act to protect privacy – after learning how often apps share personal information

    Many smartphone users know that free apps sometimes share private information with third parties, but few, if any, are aware of how frequently this occurs. A new study shows that when people learn exactly how many times these apps share that information, they rapidly act to limit further sharing. In an experiment, researchers found that one of the more effective alert messages which g grabbed the attention of phone users and caused them to act to protect their privacy, was: “Your location has been shared 5,398 times.”

  • Senate panel passes revised cybersecurity bill, but privacy concerns remain

    Last Thursday, the Senate Intelligence Committeepassed the Cybersecurity Information Sharing Act(CISA) meant to encourage the private sector to share data with federal agencies, with the hopes of preventing and responding to cyberthreats before they materialized. The bill is a reincarnation of the 2013 Cyber Intelligence Sharing and Protection Act(CISPA), which drew a veto threat from President Barack Obama because of privacy concerns. Critics say that CISA, as was the case with its predecessor, would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

  • The Brandeis program: Harnessing technology to ensure online privacy

    In a seminal 1890 article in the Harvard Law Review, Louis Brandeis developed the concept of the “right to privacy.” DARPA the other day announced the Brandeis program – a project aiming to research and develop tools for online privacy, one of the most vexing problems facing the connected world as devices and data proliferate beyond a capacity to be managed responsibly.

  • Guaranteeing online anonymity

    Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. “The Tor network isn’t perfect, however,” says a researcher at the Research Center for IT Security (CISPA). CISPA researchers have developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network.

  • Security risks, privacy issues too great for moving to Internet voting

    The view held by many election officials, legislators, and members of the public is that if people can shop and bank online in relative security, there is no reason they should not be able to vote on the Internet. Contrary to this popular belief, the fundamental security risks and privacy problems of Internet voting are too great to allow it to be used for public elections, and those problems will not be resolved any time soon, according to a researcher who has studied the issue for more than fifteen years. The security, privacy, reliability, availability, and authentication requirements for Internet voting are very different from, and far more demanding than, those required for e-commerce, and cannot be satisfied by any Internet voting system available today or in the foreseeable future. Such systems are susceptible to “attack” or manipulation by anyone with access to the system, including programmers and IT personnel, not to mention criminal syndicates and even nation states.

  • Government’s authority to protect consumer privacy questioned

    A case in the U.S. Court of Appeals for the Third Circuitin Philadelphia could determine what authority the federal government has in protecting consumer privacy on the Internet. Hotel giant Wyndham Worldwide Corp. argued in court that the Federal Trade Commission(FTC) unlawfully tried to enforce cybersecurity standards when the agency brought a case against Wyndham after hackers allegedly stole data from hundreds of thousands of customer accounts in a series of attacks between April 2008 and January 2010.

  • FISA court reauthorizes NSA’s bulk metadata collection until 1 June

    More than a year after President Barack Obama announced that he will work with Congress to curb the National Security Agency’s (NSA) dragnet surveillance program which collects large amounts of U.S. phone metadata, the Foreign Intelligence Surveillance Court approved last week a government request to continue allowing the agency to operate its bulk data collection until 1 June, when the legal authority for the program is set to expire. The required reauthorization of the program every ninety days has already been granted four other times — March, June, September, December — since Obama made his announcement in January 2014.

  • Obama’s cybersecurity initiative: a start but businesses – and individuals – need to do more

    The linchpin of President Obama’s recently launched cybersecurity initiative is to encourage the private sector to share information to better defend against cyberattacks. Yet U.S. companies have historically been wary of openly talking about their cybersecurity efforts with competitors and with government — for good reason. Many businesses fear that sharing threat-related information could expose them to liability and litigation, undermine shareholder or consumer confidence, or introduce the potential for leaks of proprietary information. For some companies, Edward Snowden’s revelations of sweeping government surveillance programs have reinforced the impulse to hold corporate cards close to the vest. Yet on the heels of a deluge of high-profile cyberattacks and breaches against numerous U.S. companies, we may finally have reached a tipping point, where potential harm to reputation and revenue now outweighs the downside of disclosure from a corporate perspective. Obama’s executive order is thus a spur to get the ball rolling but, frankly, there is a limit to what government alone can (and should) do in this area. Changes in attitudes and behaviors are needed across the board, right down to families and individuals.