NSA declassifies and releases hundreds of pages of documents
On Monday, Director of National Intelligence James Clapper declassified and released hundreds of pages of documents relating to information collection under sections 501 and 702 of the Foreign Intelligence Surveillance Act. Coverage of the released documents has focused on the court opinions issued by the Foreign Intelligence Surveillance Court. Spencer Ackerman of The Guardian reports that, in the FISA opinions, FISA judges criticized the NSA for “disregard[ing] the special rules for disseminating United States person information outside of NSA.” The court had ordered the NSA to follow United States Signals Intelligence Directive (USSID) 18, a previously confidential directive that requires a senior NSA official to affirm that the material to be disseminated pertained to counter-terrorism. However, Judge Walton, the current presiding FISA judge wrote in 2009 that he was “seriously concerned” that the NSA had “violate[d] not only the court’s orders, but also NSA’s minimization and dissemination procedures as set forth in USSID 18.”
Cupid Media leaks 42 million passwords in plain text
Brian Krebs reported last Wednesday that Cupid Media, the niche online dating site, had exposed 42 million user accounts. The stolen files had used unencrypted plain text to store the email, password, first name, last name, and date of birth of Cupid Media’s 42 million customers. The Australia-based company’s files were found on the same server where hackers stored Adobe’s compromised files (as we summarized here). Krebs reports that the company notified its active customers of the breach, but has taken no steps to inform “inactive members.” The Guardian provides further coverage of this breach here.
FTC Announces Chief Technologist and Senior Policy Advisor
Federal Trade Commission Chairwoman Edith Ramirez announced the appointments of Latanya Sweeney as the agency’s Chief Technologist and Andrea Matwyshyn as a Senior Policy Advisor on privacy and data security issues. Dr. Sweeney is a professor of government and technology at Harvard University and the founder and director of Harvard’s data privacy lab. Dr. Sweeney’s research has focused on the de-identification of data, developing privacy technologies, and the protection of health information. Dr. Matwyshyn’s background is in the law, and she holds a Ph.D in human development in social policy, with research that focuses on technology and innovation, data security, consumer privacy, and technology entrepreneurship.
FTC Hosts “Internet of Things” Workshop
On November 19th, the FTC hosted a workshop discussing the privacy and security issues stemming from the growing connectivity of consumer devices. The workshop brought together academics, business and industry representatives, and consumer advocacy groups to explore the security and privacy issues in this changing world. “I don’t feel like privacy is dead,” keynote speaker Vint Cerf, a Vice President and Chief Internet Evangelist at Google, told an audience at the FTC workshop. However, Cerf warned, “I do feel like privacy will be increasingly difficult for us to achieve.”
New Snowden disclosures reveal that the UK allowed US spying on UK citizens
The Guardian, in collaboration with Britain’s Channel 4 News, published a new Snowden memo documenting the NSA’s surveillance operations on members of the ‘Five-Eyes’ intelligence-sharing alliance. This alliance consists of the United Kingdom, Canada, Australia, New Zealand, and the United States; and it was previously understood that citizens of these countries were not subjected to NSA surveillance. However, the newly published Snowden documents disclose an agreement between the US and UK that allows the NSA to retain and analyze any British meta-data (including phone and fax numbers, email addresses, and IP addresses), that was incidentally collected in the NSA’s dragnet. Prior to this agreement, the NSA stripped this information for its databases. Additionally, the documents included a 2005 draft memo that established a procedure for spying on Five-Eyes citizens even without foreign permission. The NSA refused to state whether this draft memo was put into effect.
Google settles Apple Safari cookie tracking case
Rolfe Winkler of the Wall Street Journal reports that Google accepted a $17 million settlement with US states to settle the dispute concerning Google’s circumvention of Apple Safari’s default privacy settings by placing tracking cookies without user knowledge. This penalty comes in addition to a 22.5 million civil penalty that Google paid to the FTC in August 2012. The settlement agreement can be found here.