Catching up with Lenovo to pre-install malware of their own devices?
(Above) Photo Credit: Wired
The following from the New York Times:
European Parliament Urges Protection for Edward Snowden
By JAMES KANTER and SEWELL CHAN
OCTOBER 29, 2015
BRUSSELS — The European Parliament narrowly adopted a nonbinding but nonetheless forceful resolution on Thursday urging the 28 nations of the European Union to recognize Edward J. Snowden as a “whistle-blower and international human rights defender” and shield him from prosecution.
On Twitter, Mr. Snowden, the former National Security Agency contractor who leaked millions of documents about electronic surveillance by the United States government, called the vote a “game-changer.” But the resolution has no legal force and limited practical effect for Mr. Snowden, who is living in Russia on a three-year residency permit.
Whether to grant Mr. Snowden asylum remains a decision for the individual European governments, and none have done so thus far.
Still, the resolution was the strongest statement of support seen for Mr. Snowden from the European Parliament. At the same time, the close vote — 285 to 281 — suggested the extent to which some European lawmakers are wary of alienating the United States.
Many European citizens have expressed sympathy for Mr. Snowden and criticism of eavesdropping and wiretapping by the United States and its closest intelligence-sharing allies, which include Britain and Canada.
The resolution calls on European Union members to “drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties.”
In June 2013, shortly after Mr. Snowden’s leaks became public, the United States charged him with theft of government property and violations of the Espionage Act of 1917. By then, he had flown to Moscow, where he spent weeks in legal limbo before he was granted temporary asylum and, later, a residency permit.
Four Latin American nations have offered him permanent asylum, but he does not believe he could travel from Russia to those countries without running the risk of arrest and extradition to the United States along the way.
The White House, which has used diplomatic efforts to discourage even symbolic resolutions of support for Mr. Snowden, immediately criticized the resolution.
“Our position has not changed,” said Ned Price, a spokesman for the National Security Council in Washington.
“Mr. Snowden is accused of leaking classified information and faces felony charges here in the United States. As such, he should be returned to the U.S. as soon as possible, where he will be accorded full due process.”
Jan Philipp Albrecht, one of the lawmakers who sponsored the resolution in Europe, said it should increase pressure on national governments.
“It’s the first time a Parliament votes to ask for this to be done — and it’s the European Parliament,” Mr. Albrecht, a German lawmaker with the Greens political bloc, said in a phone interview shortly after the vote, which was held in Strasbourg, France. “So this has an impact surely on the debate in the member states.”
The resolution “is asking or demanding the member states’ governments to end all the charges and to prevent any extradition to a third party,” Mr. Albrecht said. “That’s a very clear call, and that can’t be just ignored by the governments,” he said.
Mr. Albrecht said the close vote on the matter reflected the divide between a progressive, pro-civil-liberties wing of the Parliament and a centrist, conservative wing.
Wolfgang Kaleck, a German civil rights lawyer who founded the European Center for Constitutional and Human Rights and represents Mr. Snowden, praised the resolution.
“It is an overdue step, and we urge the member states to act now to implement the resolution,” he said in a statement.
James Kanter reported from Brussels, and Sewell Chan from London.
From the Engadget:
NSA spied on your email even after program was shut down
by Daniel Cooper | @danielwcooper |
The New York Times is reporting that the NSA developed a way to spy on our emails even after the program allowing it to do so was shut down. Until December 2011, the agency was entitled to bulk-collect emails at will because it was subject to oversight from the intelligence court. That meant that the data had to be used according to the regulations laid down by the Foreign Intelligence Surveillance Act. The NSA, however, had a second, more secretive program, based overseas, that did a similar job, but was under no such legal restriction. As such, when its powers were curtailed, it simply went back to doing what it always did, but in a foreign country.
The paper secured this disclosure after going after the agency with a series of freedom of information act requests. The report explains that the NSA wasn’t able to read the text of a message, but could identify the “social links” that were revealed by email patterns. The outfit was able to trawl so much domestic data because information is often shifted between servers in different countries. It’s this free movement of information that troubled European lawmakers so much that they suspended Safe Harbor between Europe and the US.
Check out the Lifars article below:
Chinese Hackers Target Samsung Mobile Pay Technology
CYBERAWARENESS CYBERCRIME CYBERSECURITY NEWS BY SAMBURAJ DAS
OCTOBER 8, 2015
A group of Chinese hackers had breached LoopPay, a subsidiary of Samsung and now the technology gearing Samsung’s new mobile payment system, earlier this year. Samsung insists that its payment system remains unaffected.
A New York Times report has revealed that a group of hackers known as the Codoso Group or the Sunshock Group by those keeping tabs on them – had breached LoopPay’s computer network as early as in March, this year. LoopPay was originally acquired by Samsung in February this year for over $250 million.
Massachusetts-based startup LoopPay was acquired by Samsung in February to deliver the tech required for the hardware giant’s Samsung Pay mobile payments system. Similar to Apple Pay and Google Wallet, Samsung Pay is meant to bring mobile NFC (Near field communications) technology to its popular roster of phones used all around the world.
LoopPay, however, has a significant advantage in the way it works by using magnetic secure transmission (MST) that works with old payment systems without the need for new infrastructure.
It is believed that the hackers were after the company’s unique technology.
LoopPay only became aware of the breach in late August when an independent organization came across the company’s data while looking into a separate investigation.
In conducting their own investigation since the revelation, Samsung and LoopPay executives are adamant that no customer payment information nor personal devices were infected. Furthermore, they claim all infected machines have been discarded.
In a statement, Darlene Cedres, Samsung’s chief privacy officer told the NYT:
“We’re confident that Samsung Pay is safe and secure. Each transaction uses a digital token to replace a card number.
“The encrypted token combined with certificate information can only be used once to make a payment. Merchants and retailers can’t see or store the actual card data.”
Samsung Pay was launched on September 28 in the U.S. and can now be used by the company’s flagship phones such as the Galaxy S6 and the Note 5 to make payments at retail outlets.
Since the news of the breach, Samsung once again appeased concerns by claiming that the hackers, while having accessed LoopPay undetected for five months, accessed email, file servers and printing from the company’s corporate network.
“Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay office network, which is a physically separate network from Samsung Pay.”
Remember the Safety Check feature Facebook launched last year? Facebook activated the tool during the Paris attack Friday.
Snowden gave an exclusive 5 hours long interview, this time to Dagens Nyheter.
Photos credit: Dagens Nyheter
More from the Independent:
Facebook ‘Photo Magic’ tool scans through all of users’ phone camera pictures, before they’re uploaded
Users have probably already given permission for the app to scan through their phone
Andrew Griffin @_andrew_griffin
Facebook is to release a new ‘Photo Magic’ tool that will scan through the pictures on its users’ cameras to tell them which photos to share.
The tool, which will be integrated with Facebook Messenger, is intended to help people find old pictures and share them with the people that are in them. But it will also mean that all of the pictures on a persons’ phone are being sent up to Facebook’s servers.
Users will have to let Facebook Messenger see their pictures so that the Photo Magic tool can work. But most users have probably already done that — a pop-up tells them to do so when they first share a picture.
On Android, the app scansthe pictures as soon as they are taken, offering a push notification that advises users to send the photo to the people that are in it. On iOS that process is slightly slower, since Apple is more restrictive about how much and how often an app can see pictures.
Users can either opt out of the facial recognition tool, or turn off the notification.
Facebook Messenger boss David Marcus confirmed that the feature was “testing in Australia” and would be rolling out in the US soon. It’s unlikely that it will come to the UK or the rest of Europe any time soon, since the EU has stopped people from operating facial recognition software that doesn’t allow people to explicitly opt in.
The tool is in testing on Android in Australia and will be rolling out on iOS later. In both cases it will likely be added with an update rather than requiring the downloading of a new app.
Check out this story from Naked Security:
Are you (inadvertently) selling your personal data on eBay?
by Lisa Vaas on October 9, 2015
We might well think we’re properly erasing data from gadgets before we sell them or dump them, but in fact we’re leaving smears of personal data lingering that can lead to identity theft.
According to a recent analysis of 122 second-hand mobile phones, flash drives and mechanical hard drives – bought from eBay, Amazon.com and Gazelle.com between May and August 2015 – 35% of the phones and 48% of the drives had residual data that was simple to recover, including email, texts, call logs, videos and photos.
Take the analysis with a grain of salt: it was done by Blancco Technology Group, which offers what it calls secure erasure services that it guarantees will ensure data sterilization, along with data-recovery specialist Kroll Ontrack.
Still, PR aroma aside, there are plenty of studies that back up the findings.
Naked Security has talked before about the danger of sensitive information falling into the wrong hands because of unsafe disposal of hard drives.
We’ve even seen the details of a million bank customers sold on eBay on a hard drive costing £35.
It’s not like we’re not at least trying to wipe our hardware before we sell it – it’s just that we aren’t doing a very good job.
The Blancco/Kroll Ontrack analysis found that inadequate attempts to wipe hardware were found on 57% of the phones with data, and on 75% of the hard and flash drives with data.
Enough residual data was found on two of the phones – both running Android – to identify previous owners. Such data could easily be used for identity theft if it falls into the wrong hands.
The iPhones, in contrast, got a clean bill of health. The authors said that performing a factory reset on an iPhone is an adequate precaution, but the same can’t be said for Android phones.
When analyzing 20 handsets, including Android models from HTC, LG, Motorola and Samsung, the study found data left behind that included 2153 e-mails and 10,838 texts or instant messages.
Bank data was among the sensitive data that could have been exposed.
The study found that a range of data-erasure methods had been used on the hardware, including “quick format” tools as well as exhaustive methods that overwrite the entirety of a data-storage device with fresh data one or more times in order to obliterate old data.
The study found quick-format attempts on 61% of devices that still contained data, with 81% of the quick-format drives still having residual data.
On four of the drives, users had only put their information in the trash: a method that hides the data from view but doesn’t purge it, thus making it easy to recover.
According to the study, buying used gear is on the rise. More people are selling used data-storing devices, and more residual data is getting passed on to new owners along with the sold items.
The study says that some 35% of consumers in the US, Canada, the UK and Australia will recycle, sell, donate or trade in their mobile devices every two to three years.
Early adopters are on an even tighter update cycle: 17% swap out their mobile devices more frequently – often on a yearly basis – as the latest, greatest, shiniest new gadgets are released.
If the data on your hard drive was properly encrypted, of course, then you wouldn’t need to worry about what happens next to your hardware, given that a would-be identity thief wouldn’t be able to detangle the gobbledygook.
Don’t make it easy for the criminals. If you’re dumping old hardware, make sure you dispose of it appropriately and ensure that any data contained on the drives is either securely wiped or was strongly encrypted in the first place.
We have read a lot about the surveillance state. The Electronic Frontier Foundation has an interesting article on 6 ways your friendly local law enforcement is watching you.
From the TrueActivist.com:
Police Will Be Able To Read Everyone’s Internet Search History Under New Plan
November 1, 2015 by John Vibes
UK Police are asking the government for new surveillance powers to be able to view the internet search history of every single person in the country.
Richard Berry, the National Police Chiefs’ Council spokesman told The Guardian that “We want to police by consent, and we want to ensure that privacy safeguards are in place. But we need to balance this with the needs of the vulnerable and the victims. We essentially need the ‘who, where, when and what’ of any communication – who initiated it, where were they and when did it happened. And a little bit of the ‘what’, were they on Facebook, or a banking site, or an illegal child-abuse image-sharing website?.
“Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit,” he added.
It is likely that police are already looking at your online activity, but just want the power to do it legally. As we learned from whistleblower Edward Snowden, governments are very interested what their citizens are doing online, and they do have the technology to spy on every telephone call and internet communication.
Police in the UK have been attempting to reach for these powers through legislation for years, but they have been blocked on multiple occasions. This new effort proves that they will not be giving up on getting legal permission for their spying programs.
MP David Davis told The Guardian “It’s extraordinary they’re asking for this again, they are overreaching and there is no proven need to retain such data for a year.”
Home Secretary Theresa May will announce the specifics of the plan during a meeting about the Government’s new surveillance bill in the House of Commons on Wednesday.
“I’ve said many times before that it is not possible to debate the balance between privacy and security, including the rights and wrongs of intrusive powers and the oversight arrangements that govern them without also considering the threats that we face as a country,” May said.
“They include not just terrorism from overseas and home-grown in the UK, but also industrial, military and state espionage.They include not just organized criminality, but also the proliferation of once physical crimes online, such as child sexual exploitation. And the technological challenges that that brings. In the face of such threats we have a duty to ensure that the agencies whose job it is to keep us safe have the powers they need to do the job,” she added.
The fearmongers in the UK are government are hoping that the bill will pass this time around, ushering in a new era of legalized mass surveillance.
Here’s an interesting read from RogueInfo:
Arranging Secret Meetings
Posted on September 28, 2015 How-To Guides
This article teaches you how to check for surveillance before you meet with a clandestine contact. You’ll learn a protocol that will beat security services like the FBI, BATF, DEA, and others. The method is particularly effective against standard police surveillance. It also works against the so-called inspection teams of the IRS.
Tradecraft origins. The method described in this article was originally devised in 1943-1944 by countersurveillance expert Anthony Blunt for Britain’s MI.5. Unfortunately for the British, Blunt was a deep-cover agent for the KGB.
Six years later, Blunt taught the protocol to his new KGB controller, Yuri Modin. Together they perfected the technique as it is known today. They successfully thwarted MI.5 surveillance for three years, sometimes even meeting daily to exchange information and top secret documents. In effect, Blunt was using his inside knowledge of MI.5’s surveillance techniques to beat them at their own game.
Proliferation. This countersurveillance method has since been adopted by Israel’s Mossad, Germany’s BND, Russia’s KGB (now the SVR), the American CIA, and many others. The protocol is taught by intelligence agencies to their controllers – these are the intelligence officers who manage and meet with deep cover agents in foreign countries. The method is also being used today by resistance movements and urban guerrilla groups.
When this countersurveillance protocol is methodically applied, it is extremely difficult for a security service to breach your security.
Here’s a hypothetical situation. Assume that you and I wish to meet clandestinely. We wish to ensure that our meeting is not observed by a surveillance team.
You and I have previously agreed upon a place, date, and time. In addition, we are familiar with each other’s appearance – we can recognize each other on sight.
You and I independently arrive at the previously agreed-upon general location. Rather than fixing a specific location, we agree to be only in the general vicinity. This is an important principle.
This might be a large park, a residential district, etc. The location must be outdoors and free of video surveillance cameras. It should also be selected with the intention of thwarting telephoto lenses.
You and I should each know the area well. The location should provide reasonable cover for each of us being there – strolling in the park, walking through a residential area to a bus stop, convenience store, etc.
You and I will eventually make eye contact at some distance from each other. We do this discretely, so others are unaware. I use a pre-arranged signal to alert you that I have spotted you. Perhaps I’ll throw my jacket over my shoulder, or remove and clean my sunglasses, etc. The signal must be a natural movement that does not attract unwanted attention.
Safety first. Even though you and I have seen each other, we do NOT approach each other. This is an important safety valve. If either of us has grown a tail we do not want to compromise the other person.
BACKGROUND – The phrase grown a tail is spy-talk for being under surveillance. The phrase is somewhat inaccurate, because they don’t just follow you, they often surround you.
When you see my signal you simply walk off. Then I follow you in order to ensure that you’re not being watched. I carefully check for the presence of a floating-box foot surveillance team. I check for agents at fixed observation posts. I also watch for drive-by support from a floating-box vehicle surveillance team.
BACKGROUND – In particular, I may follow you, I may walk parallel to you, I may occasionally walk ahead of you. The goal is simply to be nearby so I’m in a position to detect surveillance around you. I always remain at a distance from you, of course, never approaching too closely.
When I have satisfied myself that you are clean, I again signal you. Perhaps I re-tie my shoe laces.
Now we reverse roles and this time it is I who simply walks off. You begin to follow me in order to ensure that I’m not being watched. You check for floating-box foot surveillance, fixed observation post foot surveillance, and drive-by support by a vehicle surveillance team.
What to look for. You carefully watch for persons who are pacing me or moving parallel with me. You check for persons loitering at positions with a good line-of-sight to my location. You watch for an ongoing pattern of people coming and going that results in someone always being in a position to monitor me. You watch for vehicles dropping someone off ahead of me.
When you are satisfied that I am clean, you signal me that I’m not being watched. (On the other hand, if you suspect that a surveillance team is in the vicinity, you simply abort the operation and walk away.)
BACKGROUND – You must trust your instincts, because if something seems not quite right it’s better to be safe than sorry. Many people are surprised to learn that it is not difficult to detect a surveillance team watching someone else. This is the subtle elegance of Blunt’s countersurveillance system. And the goons are helpless against it.
You and I can now approach each other and meet. After our discussion we agree upon the date, time, and location of our next clandestine meeting – as well as two backup plans in case the meeting is thwarted by surveillance. If we are unable to meet at the first venue we will use our fallback position and we will meet at the same time and place one week later. If we are unable to make that meeting happen, we will shift to a previously agreed-upon failsafe plan and we will meet at a different location at an agreed-upon date and time.
Neither you nor I writes down the particulars of our next meeting. We commit the details to memory.
BACKGROUND 1 – If you have any documents to give me, I will not accept those documents until the final moments of our meeting. I will have already started making my getaway when I accept the documents. This reduces the chance of discovery and arrest by a surveillance team that has managed to elude our countersurveillance protocol. If the security service acts too quickly, they will have no evidence against me, because the documents have not yet been passed to me.
BACKGROUND 2 – The best agents never mix discussion and documents. If a document is to be passed, no discussion occurs. The entire contact takes only a moment – the perfect brushpass. The principle is simple. It is foolhardy to stand around holding incriminating documents.
Spies in North America call this seven-step protocol for countersurveillance drycleaning. In Europe, it is called parcours de sécurité – a French phrase which can be translated as security run or security circuit.
Julian Assange’s advice to journalists in a RT coverage:
Want to thwart govt spies? Use snail mail, Assange says
Published time: 25 Oct, 2015 01:27
Wikileaks founder Julian Assange advised journalists to use the regular postal service instead of email to avoid government surveillance, while talking about how to protect information sources and whistleblowers in an interview with a Belgian newspaper.
“Journalists are treated by intelligence services as spies,” Assange told the Belgian daily Le Soir in an interview on Saturday. “The same methods used against spies are used against journalists, and now journalists must learn counter-espionage methods to protect their sources.”
“My recommendation, for people who don’t have 10 years’ experience in cryptography, is to return to old methods [and] use the traditional postal service,” he added.
He also suggested other methods to avoid spying and protect confidentiality, such as meeting with the sources at conferences or “in any place where someone spying [on you] from outside the… building cannot see that you are meeting with your source.”
He claimed that, although improvements in both legislation and technologies were needed to improve protection for whistleblowers, the latter still played a greater role.
“If there is an opportunity for intelligence agencies, governmental investigative services or transnational private companies to intercept your communication with a source, they will do it regardless of whether the law allows them to do it or not,” he said.
“The development of electronic surveillance makes technical protection increasingly difficult.”
In another interview to the Belgian daily L’Echo, Assange promised to release a new batch of documents from CIA chief John Brennan’s personal email account on Monday.
“These documents are awaited by many human rights activists and lawyers, but also people who were tortured,” Assange told the daily.
(Above) Photo Credit: The Daily Mail
Chinese spy master posed as President Xi’s official translator in a bid to get into the Queen’s royal carriage
- A Chinese spy tried to get close to the Queen during last week’s state visit
– Official allegedly intercepted by members of diplomatic protection squad
– He posed as an official interpreter to the Chinese president Xi Jinping
– When the ruse was rumbled it led to furious diplomatic exchanges
– Comes after the PM struck a deal to end ‘cyber-enabled theft’ with China
By TOM MCTAGUE, DEPUTY POLITICAL EDITOR FOR MAILONLINE
PUBLISHED: 17:46 GMT, 25 October 2015 | UPDATED: 19:59 GMT, 25 October 2015
A Chinese spy tried to get into the Queen royal carriage during last week’s official state visit, it was claimed today.
The official was allegedly intercepted by members of the diplomatic protection squad when he posed as an official interpreter.
British officials believe the agent wanted to join China’s President Xi and the Queen as they travelled down the Mall towards Buckingham Palace.
When the ruse was rumbled it led to furious exchanges, according to three senior figures who confirmed details of the incident to the Sunday Times.
One source said: ‘The bodyguard, or spy, attempted to get in the carriage and was prevented when it was ascertained by our security officials that he was actually a security official rather than the official translator.
‘In other words, they were trying to get someone dodgy into the carriage alongside the president and the Queen.’
A senior Tory added: ‘There was a stand-off and our protection people were shouldered aside. There’s an issue here about bullying, uncomprehending Chinese police. This security should be done by us, not them.’
But a royal source said: ‘No one got into the carriage except the principals.’
The revelation will heighten concern over the continuing threat posed by China in the wake of last week’s multi-billion deal for the country to help build nuclear power plants in the UK.
As part of the visit last week, David Cameron unveiled a non-aggression pact with China on cyber-crime.
In a tacit admission that the two countries are engaged in an online war, Mr Cameron and Chinese President Xi pledged the end of ‘cyber-enabled theft of intellectual property, trade secrets or confidential business information’.
The deal – which mirrors a similar agreement between China and the US last month – reflects growing concern about the impact of cyber attacks. MI5 views China as one of the biggest perpetrators of cyber-crime.
The US agreement has faced criticism for being too feeble, but No 10 yesterday insisted that the British deal would have an impact.
In a separate deal, China also confirmed it will invest £6 billion in the construction of a nuclear power station at Hinkley Point in Somerset.
The deals were announced as Mr Cameron and Mr Xi held two hours of talks at Downing Street.
Security experts have warned against the wisdom of allowing China to take a stake in Britain’s critical infrastructure.
Other critics complain that the deals are coming at a ruinous price, with consumers likely to see a rise in their electricity bills of more than £30. But ministers say the deals will produce years of clean electricity.
Here’s everything you need to know about the TalkTalk cyber breach.
U.K. broadband company TalkTalk hacked, gets ransom demand
By Kevin Collier
Oct 23, 2015, 4:20pm CT | Last updated Oct 23, 2015, 4:25pm CT
TalkTalk, a British Internet and phone provider, is the latest major company to suffer from a massive hack.
And its customers’ information is maybe being held ransom. “We have been contacted by an individual or group purporting to be the hacker,” Chief Executive Dido Harding told the BBC, “looking for money.” TalkTalk didn’t immediately respond to the Daily Dot’s request for more information about that request.
The company openly admits it’s still reeling from the attack, and is otherwise short on details, but announced Thursday that the attackers could have accessed the names, addresses, birthdays, contact information, TalkTalk accounts, and financial information of any number of its approximately 4 million customers.
The actual attack occurred Wednesday, the company said. London’s Metropolitan Police Cyber Crime Unit got involved Thursday, and TalkTalk is offering a year’s worth of credit-monitoring services to victims, which is fast becoming an industry standard response.
Otherwise, TalkTalk has little to offer its customers besides some generic advice. “If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation,” it says. That was good advice to anyone in the world before the TalkTalk hack, however, and will remain so for the foreseeable future.
Dreamy smurfs, Nosey smurfs, tracker smurfs, etc
Smurfs’ no longer cute. Be afraid, very afraid of smurfs, says Snowden.
Check out more from the ComputerWorld article below:
Google, Facebook and peers criticize CISA bill ahead of Senate consideration
The US legislation would allow government agencies and companies to share cyberthreat data
By John Ribeiro
IDG News Service | Oct 16, 2015 3:23 AM PT
A trade group representing Facebook, Google, Yahoo and other tech and communications companies has come down heavily against the Cybersecurity Information Sharing Act of 2015, a controversial bill in the U.S. that is intended to encourage businesses to share information about cyberthreats with the government.
The Computer & Communications Industry Association claims that the mechanism CISA prescribes for the sharing of cyberthreat information does not adequately protect users’ privacy or put an appropriate limit on the permissible uses of information shared with the government.
The bill, in addition, “authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties,” the CCIA said in a blog post Thursday.
CISA, which would give businesses immunity from customer lawsuits when they share cyberthreat data with the government, is due for consideration by the U.S. Senate in the coming weeks.
Critics of the bill are concerned that the provisions of the bill could be used by companies to hand over customers’ personal data to government intelligence agencies such as the National Security Agency. Cyberthreat information-sharing may not have prevented several recent attacks on government agencies, according to experts.
Civil rights groups opposed to the bill got an unexpected ally in the U.S. Department of Homeland Security, which warned in July about the privacy implications of the bill.
The authorization in CISA to share cyberthreat data with any federal agency, notwithstanding any other provision of law, could impact key privacy provisions, including those in the Stored Communications Act that limit the disclosure of the content of electronic communications to the government by providers, wrote Alejandro N. Mayorkas, deputy secretary of the DHS in a letter to Senator Al Franken, a Democrat from Minnesota, who opposes the legislation.
DHS also warned that the proposed information sharing system with multiple agencies would slow down responses to a cyberthreat, and advocated a more centralized mechanism for sharing data through the National Cybersecurity and Communications Integration Center (NCCIC), a non-law enforcement, non-intelligence center focused on network defense activities, that would scrub private information from the data before sending it to other agencies.
The tech industry holds that current rules already permit companies to share cyberthreat indicators with the government, and “should not be discounted as useful existing mechanisms.” CCIA approves of the goal of building a more robust mechanism for information sharing, but does not want it to come at the expense of user privacy.
A privacy group last month started an online protest, called YouBetrayedUs, after a letter by the BSA | The Software Alliance of software vendors to Congress appeared to endorse CISA. The letter had urged action by the House of Representatives and the Senate on five pending legislative efforts, including CISA, but BSA later clarified that it had not endorsed any specific legislation in its current form. “The letter clearly was a mistake and doesn’t imply CISA support. We need to clarify. I’m against it,” Marc Benioff, CEO of Salesforce.com said in a tweet.
So the round-the-clock guard outside the London’s Ecuadorian embassy where WikiLeaks founder Julian Assange took refuge the last 3 years and cost British taxpayers over $20 million has finally ended Monday but…