Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’

index

New Intelligence Bill Gives FBI More Secret Surveillance Power

June 10, 2016

A Senate bill published late Monday night includes a new provision that would give the FBI more power to issue secret demands, known as national security letters, to technology, internet, communications, and banking companies for their customers’ information.
The provision, tucked into the Senate Intelligence Authorization Act, would explicitly authorize the FBI to obtain “electronic communication transactional records” for individuals or entities — though it doesn’t define what that means. The bill was passed by the Senate Intelligence Committee last week.
In the past, the FBI has considered “electronic communication transactional records” to be a broad category of information — including everything from browsing history, email header information, records of online purchases, IP addresses of contacts, and more.
The Justice Department told the FBI in 2008 that it was not authorized to receive this information from companies without a court order, although as The Intercept reported last week, the FBI has continued to demand such data anyway — insisting on a different legal interpretation.
The major technology companies have been fighting back since then by refusing to provide email metadata and online records — forcing the FBI to pursue a legislative solution.
Before the full text of the bill was published, Sen. Ron Wyden, D-Ore., issued a press release warning about the expansion of power.
Read the text of the amendment below:
Sec. 803. Counterintelligence Access to Telephone Toll and Transactional Records:
Subsection (b) of section 2709 of title 18, United States Code, is amended to read as follows:
“(b) REQUIRED CERTIFICATION.—The Director of the Federal Bureau of Investigation, or the designee of the Director in a position not lower that Deputy Assistant Director at Bureau headquarters or a Special Agent in Charge in a Bureau field office designated by the Director, may, using a term that specifically identifies a person, entity, telephone number, or account as the basis for a request, request the name, address, length of service, local and long distance toll billing records, and electronic communication transactional records of a person or entity, but not the contents of an electronic communication, if the Director (or the designee) certifies in writing to the wire or electronic communication service provider to which the request is made that the name, address, length of service, toll billing records, and electronic communication transactional records sought are relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the First Amendment of the Constitution of the United States.”.
By Jenna McLaughlin
www.theintercept.com

Tags: , , , , , , ,

fbi

FBI Wants Email Privacy Act To Allow Warrantless Access To Browsing Histories

June 8, 2016

Fixing a “typo” in a law governing domestic surveillance is the top priority for the bureau this year, FBI Director James B. Comey has said.
A “typo?” Tech companies and privacy advocates are strenuously disagreeing with his characterization of the proposed amendment, which would give the FBI explicit authority to access a person’s internet browser history and other electronic data without a warrant in terrorism and spy cases.
At the FBI’s request, lawmakers have put forth legislation that would amend the Electronic Communications Privacy Act (ECPA), which Comey claims now lets some tech companies refuse to hand over data that, the government claims, Congress had intended for them to provide.
The proposed legislation would do away with the necessity to get a warrant for such data and would let the government get a national security letter (NSL) instead: a subpoena that doesn’t require a judge’s approval.
The Senate Intelligence Committee panel recently voted out an authorization bill with the NSL amendment, but it’s since crept back, reintroduced in an amendment to the ECPA floated last week by Sen. John Cornyn (R-Texas).
Cornyn’s on-message with the FBI. As reported by The Washington Post, he referred to Comey’s “typo” in the law as a “scrivener’s error” that’s “needlessly hamstringing our counterintelligence and counterterrorism efforts.”
If the amendment passes, it would allow the FBI to access internet browsing records without a warrant in terrorism and spy cases. That doesn’t mean they’d get at the content of email: rather, with an NSL, the Feds could access a host of online information, including IP addresses, routing and transmission information, session data, and more.
The bureau told The Washington Post that there’s a limit to how specific the browsing history would be. For example, somebody could visit any part of the newspaper’s website, but law enforcement would only see that they’d visited washingtonpost.com.
Privacy advocates say that’s bunk.
A letter signed by the American Civil Liberties Union (ACLU), Amnesty International USA, the Computer & Communications Industry Association, the Electronic Frontier Foundation (EFF), Google, Facebook and Yahoo, among others, pointed out that a 2007 audit found that the FBI illegally used NSLs to collect information that wasn’t permitted by NSL statutes.
This history of abusing NSLs compounds the civil liberties and human rights concerns brought up by expanding the use of the subpoenas, the letter said.
As it is, even without email content, the Electronic Communication Transactional Records (ECTRs) the Feds are after would paint “an incredibly intimate picture of an individual’s life,” the letter signers said.
“ECTRs could include a person’s browsing history, email metadata, location information, and the exact date and time a person signs in or out of a particular online account.
This information could reveal details about a person’s political affiliation, medical conditions, religion, substance abuse history, sexual orientation, and, in spite of the exclusion of cell tower information in the Cornyn amendment, even his or her movements throughout the day.”
According to The Hill, Cornyn’s amendment was one of a few that delayed the Senate Judiciary Committee’s consideration of the Email Privacy Act last week.
That bill, which the House of Representatives unanimously passed in April, would require investigators to get a warrant before they can force technology companies to hand over customers’ email or other electronic communications, no matter how old.
The Senate committee’s slated to mark the bill up on Thursday.

By Lisa Vaas
www.nakedsecurity.sophos.com

Tags: , , , , ,

defense-large

The Military Is Building an Employee Database to Predict Traitors

June 6, 2016

The “DoD Component Insider Threat Records System” is part of the U.S. government’s response to the 2010 leaks of classified diplomatic cables by former Pfc. Chelsea Manning.
The Defense Department is building a massive information-sharing system detailing national security personnel and individuals cleared for accessing U.S. secrets, to flag who among them might be potential turncoats or other “insider threats.”
The “DoD Component Insider Threat Records System” is part of the U.S. government’s response to the 2010 leaks of classified diplomatic cables by former Pfc. Chelsea Manning. A 2011 so-called WikiLeaks executive order called for an “insider threat detection” program.
A review of the 2013 Washington Navy Yard shootings found that the department still lacked “a centralized hub” to obtain a holistic view into potential threats, Defense spokeswoman Linda Rojas told Nextgov in an email.
Now, the Pentagon is establishing a team of “cross-functional experts” trained in cybersecurity, privacy, law enforcement, intelligence and psychology—aided by the new workflow technology—to help fill that gap, she said.
But some civil liberties advocates say this Defensewide insider threat analytics system could create a culture of mutual suspicion that silences whistleblowers.
The Pentagon expects to enter into the tool information that is gleaned, in part, from a new ”continuous evaluation” approach to screening clearance-holders that uses automated data checks, according to a May 19 Privacy Act notice.
The insider-threat system also will share data pulled from public social media posts and “user activity monitoring” of employees’ private digital habits at work, the notice states. The surveillance of military networks may include keystrokes, screen captures, and content transmitted via email, chat, and data import or export.
Earlier this month, Director of National Intelligence James Clapper signed a policy that would authorize investigators to vet public social media posts when conducting background checks of national security personnel.
In the privacy notice, Aaron Siegel, alternate Defense Federal Register Liaison officer, describes user activity monitoring as the technical capability to “record the actions and activities of all users, at any time, on a computer network controlled by DoD.”
The insider threat technology also would disseminate equal employment opportunity complaints, security violations, and personal contact records, the notice states. Logs of printer, copier, and fax machine use would be shared through the tool. Public information from professional certifications—like pilot’s licenses, firearms and explosive permits—would be fair game too, the notice states.
Traitor or Truthsayer?
Referring to the equal employment opportunity complaints and security violation data, some civil liberties advocates said the new technology could propagate misleading information about behaviors that are common in any workplace.
“Almost all of us at different periods of time, have been upset with the people we work with, and that is part of the human nature, so to identify that behavior as potentially troubling and indicative of being a—quote—insider threat is both inappropriate and likely to lead to errors,” said Michael German, a 16-year FBI veteran who now is a fellow with the Brennan Center for Justice’s Liberty and National Security Program.
“When you read the insider threat material, what they view as a threat is somebody reporting information about government activity to the press, which is, in a democratic society, not only important but necessary,” he said.
According to the privacy notice, the system will be governed under the following definition of “insider threat:”
The threat that an insider will use his or her access, wittingly or unwittingly, to do harm to the security of the United States. This threat includes damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or the loss or degradation of government, company, contract or program information, resources, or capabilities.
German said personnel who ruffle the feathers of managers while trying to root out government abuses could be tracked by the system.
“They are definitely attempting to get whistleblowers and people who are reporting the truth in the face of government efforts to suppress that truth,” he said. “The real threat are the people that they are not seeing,” German added, pointing to cases like that of Robert Hanssen, who spied for the Russian government while serving at the FBI—unnoticed—between 1979 and 2001.
And if national security personnel know their criticisms will be widely circulated, they might shy away from reporting problems, German said.
“If you have an agency whose mission is national security and that entity is being hampered by waste, fraud, misconduct or illegality, you would think reporting that would be something that is positive and promoted, but this program would tend to suppress that type of internal activity and instead cause more problems which then undermine our national security goals,” he said.
System Specs
Defense officials said only military-affiliated personnel who fall under certain criteria will be entered into the insider-threat system.
“Adequate controls, training, and oversight are in place to ensure that personally identifiable information is protected and that only information which meets a pre-determined threshold is entered into the system,” Rojas said.
The tool will share records on people eligible to hold sensitive Defense positions and people granted security clearances who have “exhibited actual, probable, or possible indications of insider threat behaviors or activities,” Siegel said in the privacy notice.
Only personnel trained in insider threat, privacy and civil liberties, and intelligence oversight, who are approved by the department, will be allowed to use the system, Rojas said. The system will not be activated until after a public comment period that ends June 20.
Insider threat programs require “a holistic approach to information management,” since the “data containing anomalous behaviors that may be indicative of an insider threat can come from many sources, such as personnel security, physical security, information assurance, and law enforcement,” Rojas said. But, right now, this information is not easy to access, plus the size and complexity of the Pentagon makes it hard to share information among military components, she said.
The insider threat tool’s ”workflow management and analytics” features will facilitate the exchange of information, Rojas said. When one department unit identifies and validates behavior that may signal a threat, it can be shared with other department units for further analysis, once the tool is in place, she said.
The system also will provide access to traditional background check records like biometric data files, and self-reported “SF-86” forms detailing the medical and personal lives of individuals applying for security clearances.
On the Record
A diverse group, including the press and civilian agency employers, will be able to use certain material in the system, according to the privacy notice.
Information in the tool also could be used outside the Pentagon for HR, licensing and counterterrorism purposes.For example, other federal and state agencies can obtain information that is relevant to a “decision concerning the hiring or retention” of a worker, the notice states. The “news media or the general public” can view factual information that is in the public interest and does not constitute an unwarranted invasion of personal privacy, Siegel said. And congressional offices can request records on specific individuals.
In addition to active troops, individuals profiled by the system could include National Guard members, civilian employees cleared to handle classified material, and defense contractors, the notice states.
U.S. Coast Guard members, “mobilized” retired military personnel, and Limited Access Authorization grantees could be documented in the system too, according to the notice.

By Aliya Sternstein

www.defenseone.com

Tags: , , , , , , ,

2f211d498f833

Google And Microsoft Have Made A Pact To Protect Surveillance Capitalism

May 11, 2016

Two bitter rivals have agreed to drop mutual antitrust cases across the globe. Why? To fend off the greater regulatory threat of democratic oversight. Microsoft and Google, two of the world’s greatest monopolies, have been bitter rivals for nearly 20 years. But suddenly, in late April, they announced a startling accord. The companies have withdrawn all regulatory complaints against one another, globally. Rather than fighting their battles in public courts and commissions, they have agreed to privately negotiate.
This is a gentleman’s agreement. The specifics are secret, but the message on both sides is that the deal reflects a change in management philosophy. Microsoft’s new chief, Satya Nadella, is eager to push the vision of a dynamic, collaborative Microsoft, partnering with everyone from Apple to Salesforce.
The most dramatic of these partners is Google, a company that has long been considered Microsoft’s great arch-rival.
The wind started to change in September, just after Sundar Pichai became Google’s chief executive, when the two companies agreed to stop feuding over patents – a first step toward the current agreement. The common corporate line is that the companies want to compete on products, not court cases.
But this public relations gambit masks two far more interesting tales. One is about Microsoft and its desperate chase for relevance. The other is about Google, money and power. Both are part of a broader, deeply worrying narrative – a story about how tech companies are busy redrawing the lines around our lives, and facing little resistance in doing so.
Nobody ever wants to start a legal fight. Fractious, painful and wasteful, they divert huge resources, often for little productive gain. But this in itself fails to explain Microsoft’s decision to drop pending regulatory complaints against Google in Europe, Brazil and Argentina, as well as to cease funding and participating in lobby groups that it has backed for eight years, such as FairSearch.org and ICOMP, the Initiative for a Competitive Online Marketplace. So what does explain it?
It could be seen as a pragmatic move. Microsoft’s profits still exceed Google’s, but the ratio has been in decline for a decade. Meanwhile, since 2012, Apple has outstripped both companies combined (even if recent figures suggest this momentum might be slowing). A suite of regulatory enquiries into Google’s alleged abuses of its monopoly will continue even in Microsoft’s absence – both in places where Microsoft has filed complaints (Europe, Brazil, Argentina) and in others where it hasn’t, such as India.
With Microsoft’s withdrawal, it is clear that the remaining complainants in these fights – generally small, niche internet businesses – are legitimate critics in their own right. But then again, it takes serious coordination and resources to sustain and succeed in antitrust fights. Winning, especially in a broad and generally impactful manner, is a much taller order without a deep-pocketed supporter such as Microsoft.
But there’s another possible, rather more cunning, motive. Microsoft today is facing a very different business ecosystem to the one it dominated in the 1990s. It needs to adapt. And it appears to want to do so by positioning itself at the heart of what Satya Nadella describes as “systems of intelligence”.
Explaining this concept at Hannover Messe 2016, Nadella defined systems of intelligence as cloud-enabled digital feedback loops. They rely on the continuous flow of data from people, places and things, connected to a web of activity. And they promise unprecedented power to reason, predict and gain insight.
This is unbridled Big Data utopianism. And it is a vision that brings Microsoft squarely into Google territory. So maybe Microsoft is pulling out of regulatory battles because it doesn’t want to shoot itself in the foot. For emeritus Harvard Business School professor Shoshana Zuboff, this gets to the core of the Google-Microsoft deal.
Zuboff is a leading critic of what she calls “surveillance capitalism”, the monetization of free behavioral data acquired through surveillance and sold on to entities with an interest in your future behavior. As she explained to the Guardian: “Google discovered surveillance capitalism. Microsoft has been late to this game, but it has now waded in. Viewed in this way, its agreement with Google is predictable and rational.”
And here the most sinister upshot of Microsoft’s decision to stop needling Google with legal disputes becomes clear. “A key theme I write about is that surveillance capitalism has thrived in lawless space,” says Zuboff. “Regulations and laws are its enemy. Democratic oversight is a threat. Lawlessness is so vital to the surveillance capitalism project,” she continues, “that Google and Microsoft’s shared interest in freedom from regulation outweighs any narrower competitive interests they might have or once thought they had. They can’t insist to the public that they must remain unregulated, while trying to impose regulations on one another.”
What does all this mean for the cases pending against Google? For Maurice Stucke and Allen Grunes, American antitrust experts and co-authors of a comprehensive new book examining the deep and reaching implications of platform and data monopolies, Zuboff’s warning of a lawless alliance among tech giants such as Microsoft and Google only accentuates the demand for rigorous, intellectually led regulatory action. And when it comes to Google, the case for action is in their view clear.
“The one thing that any antitrust regime absolutely has to do, if it is to be effective, is to stand up to the most powerful companies of the time,” explains Grunes. “Take that away and antitrust ceases to be meaningful.
“The antitrust authorities in the US and EU did that in the case of Microsoft. It required brains, resources and relentless pursuit and commitment.”
Yet only the Europeans, he argues, seem to have the intellectual leadership to be doing it in the case of Google. “The failure of the FTC to take meaningful action against Google is without question one of the great failures of all time.”
Microsoft and Google’s new deal to stop fighting each other is an interesting, strategic corporate move. But it is a move accompanied by a much stronger, deeper play: to collect and capitalize data – including data about us, our behaviors, and our interactions. The challenge for regulators and citizens is complex but essential – and has only just begun.

By Julia Powels

www.theguardian.com

Tags: , , , , ,

info-hacks-2

Health care records frequently targeted by anonymous hackers

May 5, 2016

For 10 days in February one hospital’s records hung in limbo. At Hollywood Presbyterian Medical Center in California, a ransomware attack kept health care records in control of anonymous hackers, until hospital officials paid $17,000 to take back their system.
Data ransom attacks are today’s technological version of kidnapping. It’s anonymous, more cost-effective and more appealing to criminal enterprises than taking physical hostages. And it’s the reason health care institutions today are taking steps to ensure security.
As part of an ongoing conversation, health care professionals and government agencies will meet on May 1-11 in Washington D.C. to discuss health data as part of the Health Datapalooza event presented by Health Data Consortium.
At Creighton University, law professor Edward Morse is researching the technological and legal limitations for paying data ransom.
“If you can deny access to patient care records, you shut down hospital operations,” Morse said. “With HIPAA, a patient’s electronic records are protected under law. But, a patient’s medical information is only as strong as an institution’s weakest link.
It can be as simple as a disgruntled employee; someone who is willing to give up a password to a potential hacker, so hospitals are working to increase security and limit the number of employees who can access sensitive data.
Adam Kuenning, attorney with Erickson | Sederstrom and a Creighton law professor, teaches HIPAA privacy and security.
“Patient care comes first for any medical professional,” Kuenning said. “The importance of keeping the information secure, may sometimes be lost while the medical professional is focused on the patient’s care.”
Any HIPAA breach of more than 500 patients must be reported to the media, and the Department of Health and Human Services keeps a record of these cases online. Since 2009, more than 1500 cases have been recorded. For cases affecting less than 500 patients, only a letter sent to affected persons is required.
To ensure HIPAA compliance, HHS is conducting audits healthcare companies, but often carelessness is the root cause of a breach. A frequent problem are laptops and thumb drives with private medical information left in an employee’s car.
“Data that’s not encrypted is being stolen somehow,” Kuenning said. “People are breaking into your office, stealing your computer, your servers when you didn’t encrypt your records that evening.”
In the California hospital case, an outside hacker stole records by taking over the computer system. In these cases, it’s common that patient information isn’t actually stolen; rather, hackers freeze the system, making the records inaccessible to medical personnel who need the information to properly care for the patients.
Last June, President Barack Obama stated while the U.S. government won’t pay ransom for hostages, American families have never “been prosecuted for paying a ransom.” In most health care cases, private ransom payments often go unnoticed. Few cases like Hollywood Presbyterian Hospital are publicized. According to Morse, thousands of attacks are attempted, but it’s unknown how many are successful.
“With this crime, it’s embarrassing to institutions, that their systems aren’t secure,” Morse said.
Payouts to criminal enterprises are relatively inexpensive. The black market values each patient’s record at $50 or $60, Morse found. According to a Ponemon Institute Survey, hackers only earn about $28,000 annually, but Morse notes that this wage could equate to a lot more with hackers coming from developing countries.
Without patient’s records, the hospital reaches a standstill, creating the need to comply and pay ransom.
“If you can pay, you would do it in a New York minute,” Morse said.
As the health care industry becomes more invested in technological innovations, institutions must keep privacy in mind, as a data breach can “ultimately, sully the reputation of an institution,” Morse said.

Source: Creighton University

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more