• U.S. Sanctions NSO Group, Israeli Maker of Pegasus Spyware

    The U.S. authorities said the NSO Group’s spyware helped authoritarian governments “silence dissent.” The new measures will limit NSO Group’s access to U.S. components and technology.

  • U.S. Tightens Export Controls on Items Used in Surveillance of Private Citizens, other Malicious Cyber Activities

    The Commerce Department has released an interim final rule, establishing controls on the export, reexport, or transfer (in-country) of certain items that can be used for surveillance of private citizens or other malicious cyber activities. 

  • Calif. Sheriff Sued for Sharing Drivers’ License Plate Data With ICE, CBP, Other Out-of-State Agencies

    License plate scans occur through Automated License Plate Readers (ALPRs): high-speed cameras mounted in a fixed location or atop police cars moving through the community that automatically capture all license plates that come into view, recording the exact location, date, and time that the vehicle passes by. The information can paint a detailed picture of our private lives, our daily schedules, and our social networks.

  • Vaccine Passports Are Coming. But Are They Ethical?

    It is the foundational ethical principle of any liberal society that the state should only restrict liberty if people represent a threat of harm to others. Ethics is about weighing different values. Decisions about vaccination should be fundamentally ethical, not political or purely medical.

  • In U.S. v Wilson, the Ninth Circuit Reaffirms Fourth Amendment Protection for Electronic Communications

    The Ninth Circuit Court of Appeals, in a new ruling which is a victory for digital privacy rights, has confirmed that the police need to get a warrant before they open your email attachments—even if a third party’s automated system has flagged those attachments as potentially illegal.

  • Private Data/Public Regulation

    Police, increasingly relying on the collection of digital data,  seek fewer search warrants and more requests to harvest metadata. They buy data from brokers, they track location and other aspects of our lives. Sometimes police collect the data themselves. More often they gather it from third parties. Barry Friedman writes that “The benefits of this approach are uncertain, but placing this much personal data in the hands of the government has its costs.”

  • Vaccine Passport Missteps We Should Not Repeat

    As they roll out, we must protect users of vaccine passports and those who do not want to use—or cannot use—a digitally scannable means to prove vaccination. We cannot let the tools used to fight for public health be subverted into systems to perpetuate inequity or as cover for unrelated, unnecessary data collection.

  • Members of Scientific Journal Editorial Board Resign over China Genetics Papers

    Eight members of the editorial board of Molecular Genetics & Genomic Medicine have resigned after the journal published several controversial papers which “critics fear could be used for DNA profiling and persecution of ethnic minorities in China.”

  • Maximum Privacy for Sharing Files Online

    People who share documents or pictures online, or organizations which share confidential documents with employees and others, have little to no control over who views the information which is being sent and where it is being viewed. An FAU researcher has received a patent from the U.S. Patent and Trademark Office for a novel invention that controls how and when shared documents are displayed.

  • Spyware: Why the Booming Surveillance Tech Industry Is Vulnerable to Corruption and Abuse

    The latest revelations about NSO Group’s Pegasus spyware are the latest indication that the spyware industry is out of control, with licensed customers free to spy on political and civilian targets as well as suspected criminals. We may be heading to a world in which no phone is safe from such attacks.

  • Journalists, Activists among 50,000 Targets of Israeli Spyware: Reports

    Israeli cyber firm NSO Group claims that its Pegasus surveillance malware is sold to governments so they can better track terrorists and criminals, but many of the 45 governments deploying the surveillance software use it to track journalists, opposition politicians, and civil society activists. Some of these governments are authoritarian (for example, Azerbaijan, Bahrain, Kazakhstan, UAE, Saudi Arabia). Other are democracies (for example, India, Mexico, South Africa). The only EU member country to deploy the surveillance malware is Hungary, which places it in violation of the EU’s strict privacy and surveillance regulations.

  • Encrypting Photos on the Cloud to Keep Them Private

    The limited amount of data that smartphones hold, and the way in which they are vulnerable to accidental loss and damage, lead many users to store their images online via cloud photo services. However, these online photo collections are not just valuable to their owners, but to attackers seeking to unearth a gold mine of personal data.

  • Berlin Court: Searching Phone of Asylum-Seeker Was Unlawful

    Refugees have sued Germany for searching their cell phones during asylum applications. Regional judges have now ruled one such search unlawful. The impact could be far-reaching.

  • Privacy Activists Challenge Clearview AI in EU

    European privacy groups accuse the facial scan company of stockpiling biometric data on billions of people without their permission. The firm’s database contains images “scraped” from websites, including social media.

  • How a Norwegian Government Report Shows the Limits of CFIUS Data Reviews

    Amid growing attention to data and national security threats from China, a recent Norwegian government report sheds light on the limits of a U.S. government process for tackling them: the Committee on Foreign Investment in the United States (CFIUS). Kamran Kara-Pabani and Justin Sherman write that “CFIUS is still a useful and important mechanism for addressing the national security risks associated with direct foreign access to sensitive U.S. citizen data,” but that “policymakers must recognize that CFIUS must be complemented with other measures outside of the body’s scope.”