Privacy and Cybersecurity News: Week of 10-20-2013

Google Debuts “Project Shield,” An Anti-DDoS tool, and “Digital Attack Map,” at Ideas Conference
As part of its recent Ideas conference in New York this past week, the Google-affilated think tank, Google Ideas, introduced new projects that attempt to both understand and defend against Distributed Denial of Service (DDoS) Attacks. Included at this conference was the release of Project Shield, which “uses Google’s own DDoS mitigation technology to provide protection for free expression online, by allowing other websites to serve their content through Google’s infrastructure.” Russell Brandom with The Verge described the Project’s ability to shield against DDoS attacks as a solution to “a persistent problem for small-scale activists on the web.” Additionally, Google Ideas in collaboration with Arbor Networks released the Digital Attack Map, which is a real-time data visualization maps of global DDoS attacks. The map is updated hourly, and allows users to view and explore “historical trends.” Both Projects, as well as the other Google Ideas Projects, are definitely worth checking out.
NIST Releases Draft Cybersecurity Framework
Last week, we detailed how the deadline for the President’s Executive Order calling on the National Institute for Standards and Technology (NIST) to create a “Cybersecurity Framework” for critical infrastructure was delayed due to the government shutdown. This past week, the preliminary draft of the Framework was released, and NIST is currently accepting comments. Dara Kerr with CNET reports that the Framework aims to “create guidelines that companies can use to beef up their networks and guard against hackers and cybersecurity threats.” Initial feedback on the framework appear to be mixed, both in principle and with its particular text. Reuters’ Alina Selyukh reported that “[m]any in the private sector have expressed fears that the voluntary framework will inevitably turn into a set of requirements or create new liabilities,” and that, currently, “companies have little incentive to adopt the framework.” Earlier this year, the Department of Commerce released a draft report on possible incentives that could be granted for companies that adopted the Framework.  Author and former General Counsel for the NSA, Stewart Baker, was also critical of the current framework’s heavy reliance on privacy protections, stating on his blog that he “fear[s] that the net result of the package will be to impose a ‘privacy tax’ on cybersecurity, adding to the cost of security measures by tying those measures to expensive privacy obligations whose value is unproven.” Also, Dan Verton’s coverage of the NIST Framework can be found at FedScoop, here.
NSA Monitored the Phone Calls of 35 World Leaders, According to New Snowden Disclosure
James Ball of the Guardian reports that the National Security Agency has monitored phone calls made by 35 world leaders, according to a classified document furnished to the newspaper by Edward Snowden. The classified memo provides details of a program in which members of the NSA’s Signals Intelligence Directorate asked the White House and other NSA liaisons for the private contact information of world leaders. The NSA then tapped these phone lines. However, “the memo acknowledges that eavesdropping on the numbers had produced ‘little reportable intelligence.’”
The NSA Reportedly Gained Access to the Mexican President’s Domain Server and E-mail
On Sunday, Jens Glüsing of der Spiegel reported that the NSA gained access to the Mexican Presidential server, and accessed President Felipe Calderon’s public email account, as well as the email accounts and files of other high ranking officials. The NSA denies that it hacked into Mexico’s files for economic gain, however der Spiegel reports that the NSA “gained access to ‘diplomatic talking-points.’ According to internal documents, “In the space of a single year . . . [the NSA’s] operation produced 260 classified reports that allowed US politicians to conduct successful talks on political issues and to plan international investments.” According to CIO.com’s Lucian Constantin, in a recent meeting between President Obama and President Nieto of Mexico, “Obama promised a thorough investigation into the allegations,” and U.S. Secretary of State John Kerry affirmed this commitment in a recent US-Mexico work meeting.
European Union Parliament’s Committee for Civil Liberties, Justice and Home Affairs (“LIBE”) Voted to Approve the European Commission’s Data Protection Reform Proposals
On Tuesday, the LIBE voted to approve the European Commission’s data protection reform proposals. The proposals require that companies gain explicit consent before processing data and require companies to delete data when this consent is withdrawn, increase data breach notification requirements, and impose steep fines on those companies in violation of the law. The New York Times reported that according to Jan Philipp Albrecht, the Rapporteur responsible for drafting and shepherding the bill through the EU Parliament, the bill would also prevent companies that operate in Europe from transferring personal data from Europe to a foreign government unless the transfer was authorized under EU law. James Kanter of the New York Times reports that such transfers would require “approval from a ‘supervisory authority’ in a [EU] bloc country before transferring data . . . outside the union at the request of a foreign government or court.” The bill now moves to the Council of Ministers, the EU’s second chamber.
EU Parliament Votes to Suspend Data Sharing Deal with the United States
Jennifer Baker, of CIO.com, reports that on Wednesday the European Parliament voted to suspend the Terrorist Finance Tracking Program (TFTP) agreement between the European Union and the United States. The TFTP created a procedure under which US authorities could gain access to EU financial data for investigations relating to terrorism. This suspension was prompted by allegations that the NSA had circumvented the TFTP procedures and gained indiscriminate access to EU citizen’s financial data.
The Third Circuit requires a warrant for GPS Tracking
On Tuesday, the United States Court of Appeals for the Third Circuit decided United States v. Katzin. The court held that the Fourth Amendment requires police to obtain a warrant to track the location of a car when using a GPS device. For more in depth coverage see Justin Webb’s article at Cybercrime Review.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s