Search


  • Categories


  • Archives

    « Home

    Archive for the ‘International’ Category

    Electronic Frontier Foundation: ISPs Removing Their Customers’ Email Encryption

    Wednesday, November 12th, 2014

    The Electronic Frontier Foundation reports on disturbing research concerning Internet Service Providers and the privacy of their customers’ e-mail:

    Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

    By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception. [...]

    It is important that ISPs immediately stop this unauthorized removal of their customers’ security measures. ISPs act as trusted gateways to the global Internet and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using. It is a double violation when such modification disables security measures their customers use to protect themselves.

    Opinion at Slate: Big Data and the Underground Railroad

    Tuesday, November 11th, 2014

    In a column at Slate, Alvaro M. Bedoya, the founding executive director of the Center on Privacy and Technology at Georgetown Law, writes about “big data” and what widespread data collection on individuals can mean for civil liberties:

    Most of the questions, however, focus on how our data should be used. There’s been far less attention to a growing effort to change how our data is collected.

    For years, efforts to protect privacy have focused on giving people the ability to choose what data is collected about them. Now, industry—with the support of some leaders in government—wants to shift that focus. Businesses say that in our data-saturated world, giving consumers meaningful control over data collection is next to impossible. They argue that we should ramp down efforts to give individuals control over the initial collection of their data, and instead let industry collect as much personal information as possible. Read more »

    Eurasia Review: Interpol Facial Recognition Experts Meeting Develops Global Guidelines

    Monday, October 27th, 2014

    Eurasia Review reports that facial-recognition technology experts are developing global guidelines for the use of the biometric technology, which could have wide-ranging impact on individuals’ privacy:

    The first meeting of the INTERPOL Facial Expert Working Group brought together global experts in biometrics to begin the process of developing international facial recognition standards.

    The two-day meeting (14 and 15 October) gathered 24 technical and biometrics experts and examiners from 16 countries who produced a ‘best practice guide’ for the quality, format and transmission of images to be used in facial recognition. [...]

    INTERPOL is currently developing a facial image database with the support of Safran Morpho, a leader in biometrics in the private sector. The database is expected to become operational in early 2015, and will enhance INTERPOL’s forensic capabilities as many crimes do not have hard evidence such as DNA or fingerprints to help identify suspects.

     

    Update: DNI Releases Interim Progress Report on Implementing PPD-28

    Monday, October 20th, 2014

    To recap: There has been considerable controversy about the privacy and civil liberties implications of the bulk telephone data collection program revealed by former National Security Agency contractor Edward Snowden. (He revealed several surveillance programs by the agency.) The Review Group on Intelligence and Communications Technologies (created by President Obama in August after the Snowden revelations) issued a report (archive pdf) recommending against the telephone call record database. Recently, the Privacy and Civil Liberties Oversight Board (PCLOB), an independent oversight agency within the executive branch, released a report (archive pdf) on the NSA’s surveillance program that collects telephone records in bulk saying the NSA surveillance program is illegal and should be ended. Federal judges have issued conflicting rulings on the surveillance program. In January, Obama announced reforms and proposed changes to the NSA surveillance programs, including the call record database surveillance program. Obama also issued a “Presidential Policy Directive, PPD-28,” (pdf) concerning signals intelligence activities.

    Now, the Office of the Director of National Intelligence has issued an interim progress report (DNI pdf; archive pdf) on implementing PPD-28. In an announcement, Robert Litt, general counsel for the Office of the Director of National Intelligence, and Alexander W. Joel, civil liberties protection officer for the Office of the Director of National Intelligence, said the report “articulates key principles for agencies to incorporate in their policies and procedures, including some which afford protections that go beyond those explicitly outlined in PPD-28. These principles include the following: Ensuring that privacy and civil liberties are integral considerations in signals intelligence activities.”

    IT News (Australia): NSW to add offshore data rules into privacy legislation

    Monday, October 20th, 2014

    IT News in Australia reports that New South Wales Attorney-General Brad Hazzard is considering new privacy rules for the storing of data offshore:

    The office of NSW Attorney-General Brad Hazzard has confirmed the government’s intentions to update the state’s privacy legislation to make it clear where agencies and healthcare providers stand when it comes to storing data offshore, particularly as part of cloud computing arrangements.

    The NSW Privacy Commissioner, Elizabeth Coombs, finalised her draft code of practice for offshore data hosting and handed it to the Attorney-General in May this year, after a number of aborted attempts by her predecessors. [...] Read more »

    Intelligence Squared: Debate on constitutionality of mass collection of phone records

    Tuesday, October 14th, 2014

    A recent Intelligence Squared podcast debate included experts discussing whether the mass collection of phone records by the National Security Agency violates the Fourth Amendment. (This was a surveillance program revealed by former NSA contractor Edward Snowden. The program has faced considerable criticism from the public and federal legislators.) The experts are: Alex Abdo, Staff Attorney, ACLU Speech, Privacy and Technology Project; Elizabeth Wydra, Chief Counsel, Constitutional Accountability Center; Stewart Baker, former Assistant Secretary, Homeland Security & former General Counsel, NSA; and John Yoo, Professor of Law, UC Berkeley & former Justice Department lawyer. The moderator is John Donvan, Author & Correspondent for ABC News.

    Here’s the blurb on the podcast:

    Some say that the mass collection of U.S. phone records is a gross invasion of privacy. Others say that it is necessary to keep us safe. But what does the U.S. Constitution say? “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Is collection of phone records a “search” or “seizure”? If so, is it “unreasonable”? Does it require a particularized warrant and probable cause? These are among the most consequential—and controversial—constitutional questions of our time.