Privacy and Cybersecurity News: Week of 10-13-2013

Justice Department Files Response to EPIC’s Challenge To Telephony Records Collection
Appropriations Act Gives 3.1 Million to Privacy and Civil Liberties Oversight Board
NIST Misses Cybersecurity Framework Deadline
NSA Intercepting and Storing Contact Lists
Director of NSA and Cyber Command to Step Down
NSA Involved in Targeted Killing

Justice Department Files Response to EPIC’s Challenge To Telephony Records Collection
The United States filed an opposition brief in In Re Electronic Privacy Information Center, EPIC’s Supreme Court petition for a writ of mandamus that would prevent the government from continuing its collection of telephony records under the Foreign Intelligence Surveillance Act. According to EPIC’s website, its Petition seeks “to halt the disclosure of the telephone records of millions of Americans,” arguing that the Foreign Intelligence Surveillance Court “did not have legal authority to compel Verizon to turn over all domestic telephone ‘metadata’ to the NSA.” David Kravets with WIRED magazine reported that a major defense argued by the Government is “that only the phone companies can challenge the secret orders from the Foreign Intelligence Surveillance Court.”  Marty Lederman at Just Security provided a comprehensive breakdown of the Government’s brief as well. Lederman’s post is highly recommended for those wishing to gain a better understanding of the Government’s arguments.
DISCLOSURE-Director of the Center for Applied Cybersecurity, Fred Cate, and CACR Fellow, David Fidler, were among a group of information privacy professors who filed an amicus curiae brief in support of EPIC’s petition.
Appropriations Act Gives 3.1 Million to Privacy and Civil Liberties Oversight Board
As Steve Almasy with CNN stated on Thursday, “So much for a ‘clean’ bill.” While many Americans expressed a sigh of relief that the debt crisis was finally over (especially the furloughed government employees who could now return to work), news organizations were hard at work dissecting the bill signed by President Obama late Wednesday night. Of particular note is the bill’s Sec. 130, which appropriates 3.1 million dollars to fund the Privacy and Civil Liberties Oversight Board. As The Hill‘s Pete Kasperowicz reported, “The board was set up in 2004 to ensure privacy concerns are addressed as laws and regulations are issued related to fighting terrorist threats against the country.” According to Almasy’s article, The Hill reports that the 3.1 million is double the top amount the five-member panel has been previously given.
NIST Misses Cybersecurity Framework Deadline
In other government shutdown news, the National Institute of Standards and Technology (NIST) missed the Thursday deadline to publish a preliminary version of the Cybersecurity Framework as stipulated in the President’s February Executive Order. According to The Hill‘s Brendan Sasso, a Department of Commerce spokesman stated that the Department “will reevaluate the release date when government operations are fully restored.” With the government shutdown ending Wednesday night, check back for more updates as to when the the Government believes it will have a preliminary framework ready to go. The Executive Order, which called for the framework, provides a strategy to “enhance the security and resilience of the Nation’s critical infrastructure” through “a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards.” More information on the progress of the Cybersecurity Framework can be found at the NIST’s Cybersecurity Framework page.
NSA Intercepting and Storing Contact Lists
Barton Gellman and Ashkan Soltani of the Washington Post report that the NSA has been indiscriminately intercepting and storing the address books of e-mail and instant messaging accounts around the world. According to the Post, this address book information is transmitted when users log in or when a user’s device syncs with online servers. As the NSA has not been authorized by Congress or the FISA courts to intercept this data within the United States, the NSA only intercepts these contact lists in non-U.S. territories. However, as much American internet traffic is routed overseas or comes from companies’ foreign data centers, “data from Americans is collected in large volumes.” In a recent blog post, Bruce Schneier offers further insight into the NSA’s address book collection process. He also highlights the importance of large e-mail providers opting to use SSL by default: Gmail, which uses SSL by default, allows for the collection of far less data than Yahoo!, which does not.
Director of NSA and Cyber Command to Step Down
Warren Strobel and Mark Hosenball of Reuters report that Keith Alexander, Director of the U.S. National Security Agency and Commander of U.S. Cyber Command, will depart early next year. Additionally, Alexander’s civilian deputy director, John C. (Chris) Inglis, reportedly will retire before the end of 2014. According to NSA spokeswoman Vanee Vines, these departures were voluntary and made before the recent media leaks. As Brian Fung with the Washington Post discusses, these departures will require President Obama to decide whether to appoint a single successor or to split apart the N.S.A. and the U.S. Cyber Command.
NSA Involved in Targeted Killing
Greg Miller, Julie Tate, and Barton Gellman of the Washington Post reported on Wednesday that the NSA has had extensive involvement with President Obama’s targeted killing program (drone campaign). According to the Washington Post, “the drone campaign – often depicted as the CIA’s exclusive domain – relies heavily on the NSA’s ability to vacuum up enormous quantities of e-mail, phone calls and other fragments of signals intelligence.”
Significantly, the documents obtained by the Washington Post do not reference the data obtained from the NSA’s more controversial programs: forcing companies such as Microsoft and Google to provide data, and phone number metadata collection. Instead, the NSA appears to have employed “highly targeted network penetrations” such as software implants and “man-in-the-middle” attacks.
The Washington Post also reported that the NSA played a significant role in locating Hassan Ghul, the courier who provided intelligence that lead to the eventual location of Osama bin Laden. This information was sufficient to launch a capture/kill operation against Ghul.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s