• License plate readers still to reach their full potential

    Systems which automatically read automobile license plates have the potential to save police investigative time and increase safety, but law enforcement officials must address issues related to staffing, compatibility and privacy before the technology can reach its full potential, according to a new study. Addressing these issues will require a clear understanding of the current and potential value of the systems to criminal justice agencies.

  • NSA shelved collection program which could have prevented 9/11 attacks: Critics

    Fourteen years ago the NSA research unit developed a collection program called Thin Thread which, its authors say, could have detected the perpetrators of the 9/11 attacks and prevented it. Critics of the program agreed it was a good program, but that it picked up more Americans than the other systemsthen being considered, and was thus deemed too invasive of Americans’ privacy. In the fall of 2000 General Michael Hayden, then-director of the NSA, decided against the program largely because of the legal implications.

  • Privacy advocates worried about new Senate cybersecurity bill

    Privacy groups are concerned that a new Senate cybersecurity bill could give the NSA unrestricted access to personal information of Americans. The Cybersecurity Information Sharing Act (CISA), a counterpart to the Cyber Intelligence Sharing and Protection Act (CISPA) which passed the House in 2013, would create a “gaping loophole in existing privacy law,” several privacy advocacy groups wrote in a letter to lawmakers.

  • Supreme Court: police must obtain a warrant to search suspect’s cellphone

    Earlier this week the Supreme Courtruled that law enforcement must obtain a warrant to search a suspect’s cellphone. Law enforcement argued that no current law makes a distinction between cellphones and the pocket litter (wallets, cigarette packs) which police have always been permitted to search when arresting a suspect, but Chief Justice John Roberts rejected this argument, saying, “That is like saying a ride on horseback is materially indistinguishable from a flight to the moon,” adding: . “Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet or a purse.” Roberts acknowledged that requiring police to seek a warrant could impede some investigations but “privacy comes at a cost,” he said.

  • New approach to balancing security and privacy

    Online identification and authentication keeps transactions secure on the Internet, but this also has implications for your privacy. Disclosing more personal information than needed online when, say, you log in to your bank Web site may simplify the bank’s security at the cost of your privacy. Now, thanks to research by the EU-funded project Attribute-based Credentials for Trust, or ABC4Trust, there is a new approach that keeps systems secure and protects your identity.

  • Improved performance of facial recognition software

    Who is that stranger in your social media photo? A click on the face reveals the name in seconds, almost as soon as you can identify your best friend. While that handy app is not quite ready for your smart phone, researchers are racing to develop reliable methods to match one person’s photo from millions of images for a variety of applications.

  • Drone surveillance raises legal, ethical concerns

    The use of drones for domestic security purposes, surveillance of citizens, and putative criminals and organizations raises many legal and ethical concerns particularly with regard to the Fourth Amendment to the U.S. Constitution, Council of Europe instruments, and the EU Data Protection Framework. Experts suggest that the rise of drones for surveillance and other applications highlights particular challenges to civil liberties and tensions between these and national security and justice concerns.

  • Snowden revelations spur a surge in encrypted e-mail services

    The Edward Snowden revelations about National Security Agency(N.S.A) surveillance programs have fueled a surge of new e-mail encryption services. “A lot of people were upset with those revelations, and that coalesced into this effort,” said the co-developer of a new encrypted e-mail service which launched last Friday. The company notes that its servers are based in Switzerland, making it more difficult for U.S. law enforcement to reach them.

  • Wisconsin silent about cell phone tracking by state police

    The Wisconsin Department of Justice(DOJ) is refusing to acknowledge that it has deployed Stingray technology to track Wisconsin residents’ cellphones, despite reports claiming the state has used the technology during previous investigations. The state also denied a public records request made in April seeking details on how often Stingray technology is used, how data is stored and shared, and how often warrants are obtained.

  • Virginia lawmakers mull limiting police use of license plate readers

    Some Virginia lawmakers are planning to propose legislation which will limit the police use of license plate readers (LPRs). The state currently has no laws restricting how police collect or store license plate data gathered by LPRs. Last year, then-Attorney General Ken Cuccinelli said he believed Virginia State Police should be restricted from capturing and storing license plate data outside of a specific, ongoing criminal investigation, but for now, police departments across the state have adopted their own measures.

  • Using biometrics to protect India’s one billion people raises security, privacy concerns

    The cutting edge of biometric identification — using fingerprints or eye scans to confirm a person’s identity – is not at the FBI or the Department of Homeland Security. It is in India. India’s Aadhaar program, operated by the Unique Identification Authority of India (UIDAI) and created to confirm the identities of citizens who collect government benefits, has amassed fingerprint and iris data on 500 million people. It is the biggest biometric database in the world, twice as big as that of the FBI. It can verify one million identities per hour, each one taking about thirty seconds. The program unnerves some privacy advocates with its Orwellian overtones.

  • Businesses looking to bolster cybersecurity

    Since the recent data breaches at retailers Target and Neiman Marcus, in which hackers stole millions of customers’ credit and debit card information, consumers have been urging card providers to offer better secure payment processors. Legislators have introduced the Data Security Act of 2014 to establish uniform requirements for businesses to protect and secure consumers’ electronic data. The bill will replace the many different, and often conflicting, state laws that govern data security and notification standards in the event of a data breach.

  • Adoption of battlefield surveillance system in urban settings raises privacy concerns

    More cities are adopting an aerial surveillance system first developed for the military. The surveillance cameras, fitted on a small plane, can record a 25-square-mile area for up to six hours, and cost less than the price of a police helicopter. The system also has the capability of watching 10,000 times the area that a police helicopter could watch. Privacy advocates are concerned. “There are an infinite number of surveillance technologies that would help solve crimes, but there are reasons that we don’t do those things, or shouldn’t be doing those things,” said one of them.

  • How the Heartbleed bug reveals a flaw in online security

    The Heartbleed bug – which infects an extremely widespread piece of software called OpenSSL  — has potentially exposed the personal and financial data of millions of people stored online has also exposed a hole in the way some security software is developed and used. The Heartbleed bug represents a massive failure of risk analysis. OpenSSL’s design prioritizes performance over security, which probably no longer makes sense. But the bigger failure in risk analysis lies with the organizations which use OpenSSL and other software like it. A huge array of businesses, including very large IT businesses with the resources to act, did not take any steps in advance to mitigate the losses. They could have chosen to fund a replacement using more secure technologies, and they could have chosen to fund better auditing and testing of OpenSSL so that bugs such as this are caught before deployment. They didn’t do either, so they — and now we — wear the consequences, which likely far exceed the costs of mitigation.

  • Measuring smartphone malware infection rates

    Researchers show that infection rates in Android devices at around 0.25 percent are significantly higher than the previous independent estimate. They also developed a technique to identify devices infected with previously unknown malware.