July 29th, 2014
Newsweek reports on a new bill from Sen. Patrick Leahy (D-Vermont), chairman of the Judiciary Committee, that seeks to reform the National Security Agency’s controversial bulk telephone data collection surveillance program, which was revealed by former NSA contractor Edward Snowden. (In related news, the ACLU and HRW have released a report on how NSA surveillance programs harm journalism, “With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law, and American Democracy.” Also, the Open Technology Institute has released a report on the cost of the NSA surveillance program, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity.”)
Earlier today, Senator Patrick Leahy (D-Vt.), the Chairman of the SenateJudiciary Committee, introduced a bill aimed at reining in some of the NSA’s most controversial digital surveillance practices including the bulk collection of Americans’ telephone records. [...]
The USA Freedom Act of 2014 is a revised version of the USA Freedom Act legislation that, back in October, was introduced in the Senate by Leahy and in the House by Representative Jim Sensenbrenner (R-Wis.). A weaker version of the bill ultimately passed in the House back in May. Leahy, meanwhile, has been working with Congress and the White House to develop a stronger version in the Senate. The result has the support of the administration and, according to Leahy’s press office, “a wide range of privacy and civil liberties groups.” [...] Read more »
July 29th, 2014
Ars Technica reports that Russia has posted a reward for technology that can identify the users of Tor, an anonymization network for online activities:
In a notice on the Russian government’s procurement portal under the title “Perform research, code ‘TOR’ (Navy),” originally posted on July 11, the [Russian Ministry of Internal Affairs (MVD)] announced it was seeking proposals for researchers to ”study the possibility of obtaining technical information about users and users equipment on the Tor anonymous network.” The competition, which is open only to Russian citizens and companies, requires entrants to pay a 195,000 ruble (approximately $5,555) application fee. Proposals are due by August 13, and a winner of the contract will be chosen by August 20.
The MVD had previously sought to ban the use of any anonymizing software. That proposal was dropped last year. However, a new “blogger law” passed in April, which goes into effect in August, requires all bloggers with an audience of over 3,000 readers to register their identity with the government—and enforcement of the law could be made difficult if bloggers use the Tor network to retain their anonymity.
Tor has been the constant target of intelligence agencies and other entities seeking to unmask anonymous Internet users.
July 28th, 2014
Bloomberg News reports on controversy over Google’s take-down notices related to the “right to be forgotten” and privacy in Europe:
European Union privacy regulators continued to criticize Google Inc. a day after a data-protection summit where officials demanded the company justify its decision to notify publishers when removing links to personal data.
Google is the only company to notify websites that it is taking down links to material to comply with a court ruling that allows EU residents to erase references to personal data, said Isabelle Falque-Pierrotin, who heads a group of EU privacy regulators. [...]
Data-protection officials in Ireland and Germany have already complained about how Google, the largest search-engine company, has handled the issue. Read more »
July 25th, 2014
Reuters reports that researchers have found a flaw in privacy-protective system Invisible Internet Project:
Researchers have found a flaw that could expose the identities of people using a privacy-oriented operating system touted by Edward Snowden, just two days after widely used anonymity service Tor acknowledged a similar problem.
The most recent finding concerns a complex, heavily encrypted networking program called the Invisible Internet Project, or I2P. Used to send messages and run websites anonymously, I2P ships along with the specialized operating system “Tails,” which former U.S. spy contractor Snowden used to communicate with journalists in secret.
Though a core purpose of I2P is to obscure the Internet Protocol addresses of its roughly 30,000 users, anyone who visits a booby-trapped website could have their true address revealed, making it likely that their name could be exposed as well, according to researchers at Exodus Intelligence. [...] Read more »
July 24th, 2014
McClatchy News Service reports that computing company Microsoft wants the public to know it’s working on data security and privacy:
As some of its competitors have been battered over their policies for protecting student data, Microsoft Corp. has sought to make sure that the issue—and what it regards as its strong record on privacy—remain firmly in the public eye.
But as the company moves aggressively to position itself as a protector of student-data privacy, some say it also runs the risk of a backlash if it doesn’t back up its talk with the kind of vigilance the technology giant promises to deliver.
During the past year, Microsoft has supported academic research on privacy and guides for school officials on the subject. Its executives have also kept a steady presence at public forums urging school districts and policymakers, as well as parents and families, to pay attention to the issue. [...] Read more »
July 23rd, 2014
Law professors Woodrow Hartzog and Daniel Solove have released a research paper, “The Scope and Potential of FTC Data Protection,” discussing the Federal Trade Commission and its regulatory powers concerning privacy and data security. Here’s the abstract:
For more than fifteen years, the Federal Trade Commission (FTC) has regulated privacy and data security through its authority to police deceptive and unfair trade practices as well as through powers conferred by specific statutes and international agreements. Recently, the FTC’s powers for data protection have been challenged by Wyndham Worldwide Corporation and LabMD. These recent cases raise a fundamental issue, and one that has surprisingly not been well explored: How broad are the FTC’s privacy and data security regulatory powers? How broad should they be? Read more »