Archive

Archive for the ‘privacy and security’ Category

New From the GAO

September 14, 2012 Comments off

New GAO Reports and Testimonies

Source: Government Accountability Office

+ Reports

1. Spent Nuclear Fuel: Accumulating Quantities at Commercial Reactors Present Storage and Other Challenges. GAO-12-797, August 15.
http://www.gao.gov/products/GAO-12-797
Highlights – http://www.gao.gov/assets/600/593746.pdf

2. Federal Real Property: Strategic Partnerships and Local Coordination Could Help Agencies Better Utilize Space. GAO-12-779, July 25.
http://www.gao.gov/products/GAO-12-779
Highlights – http://www.gao.gov/assets/600/593002.pdf

3. Electronic Government Act: Agencies Have Implemented Most Provisions, but Key Areas of Attention Remain. GAO-12-782, September 12.
http://www.gao.gov/products/GAO-12-782
Highlights – http://www.gao.gov/assets/650/648181.pdf

4. Recovery Act: Broadband Programs Are Ongoing, and Agencies’ Efforts Would Benefit from Improved Data Quality. GAO-12-937, September 14.
http://www.gao.gov/products/GAO-12-937
Highlights – http://www.gao.gov/assets/650/648356.pdf

5. The Distribution of Federal Economic Development Grants to Communities with High Rates of Poverty and Unemployment. GAO-12-938R, September 14.
http://www.gao.gov/products/GAO-12-938R

6. Unmanned Aircraft Systems: Measuring Progress and Addressing Potential Privacy Concerns Would Facilitate Integration into the National Airspace System. GAO-12-981, September 14.
http://www.gao.gov/products/GAO-12-981
Highlights – http://www.gao.gov/assets/650/648349.pdf

7. Medicare Savings Programs: Implementation of Requirements Aimed at Increasing Enrollment. GAO-12-871, September 14.
http://www.gao.gov/products/GAO-12-871
Highlights – http://www.gao.gov/assets/650/648369.pdf

8. Disaster Relief: Reimbursements to the American Red Cross for Certain 2008 Disaster Assistance. GAO-12-877, September 14.
http://www.gao.gov/products/GAO-12-877
Highlights – http://www.gao.gov/assets/650/648340.pdf

9. Disaster Assistance: USDA and SBA Could Do More to Help Aquaculture and Nursery Producers. GAO-12-844, September 11.
http://www.gao.gov/products/GAO-12-844
Highlights – http://www.gao.gov/assets/650/648075.pdf

+ Testimonies

1. SSA Disability Programs: Progress and Challenges Related to Modernizing, by Dan Bertoni, director, education, workforce, and income security issues, before the Subcommittee on Social Security, House Ways and Means Committee. GAO-12-891T, September 14.
http://www.gao.gov/products/GAO-12-891T

2. Human Capital: The Department of Health and Human Service’s and Environmental Protection Agency’s Use of Special Pay Rates for Consultants and Scientists, by Robert Goldenkoff, director, strategic issues, and Robert Cramer, managing associate general counsel, before the Subcommittee on Health, House Committee on Energy and Commerce. GAO-12-1035T, September 14.
http://www.gao.gov/products/GAO-12-1035T
Highlights – http://www.gao.gov/assets/650/648328.pdf

Categories: aviation, disabilities, energy, Government Accountability Office, government and politics, housing and real estate, Medicare and Medicaid, natural disasters, privacy and security, salaries and wages, small business and entrepreneurship, Social Security, technology and internet

2012 Secrecy Report: Sunlight Overshadowed

September 14, 2012 Comments off

2012 Secrecy Report: Sunlight Overshadowed

Source: OpenTheGovernment.org

The 2012 Secrecy Report released today by OpenTheGovernment.org — a coalition of more than 80 groups advocating for open and accountable government— reveals that positive changes from the Obama administration’s open government policies nevertheless appear diminished in the shadow of the President’s bold promise of unprecedented transparency. Ultimately, though, the public needs more information to judge the size, shape, and legitimacy of the government’s secrecy.

Efforts to open the government continue to be frustrated by a governmental predisposition towards secrecy, especially in the national security bureaucracy. Among the troubling trends: the National Declassification Center will not meet its goal for declassifying old records on time; the government continues to use the state secrets privilege in the same way it did prior to release of a new procedural policy; and the volume of documents marked “Classified” continues to grow, with little assurance or reason offered for the decision that the information properly needs such protection.

The report also indicates some of the Administration’s openness policies are having a positive effect. The federal government received and processed significantly more public requests for information than in previous years. The Office of Special Counsel is also on track to deliver an all-time high number of favorable actions for federal employees who have been victims of reprisal, or other prohibited personnel practices, for blowing the whistle on waste, fraud, abuse, or illegality. Even in the national security field, there is some progress: most notably, the total amount of money requested for intelligence for the coming year was formally disclosed. This is a tremendous success because such disclosure was resisted by government officials for so long. Additionally, the number of people with the authority to create new secrets continued to drop.

The 2012 Secrecy Report includes a look at the limitations of the data the government currently makes available. Missing and misleading data have a very real effect on the public’s ability to trust that the government is using taxpayer monies wisely, and that it is following its own policies.

Categories: FOIA, government and politics, national security, privacy and security

New Army Guide to Open-Source Intelligence

September 14, 2012 Comments off

Open-Source Intelligence (PDF)

Source: U.S. Army (via Federation of American Scientists)

ATP 2-22.9 establishes a common understanding, foundational concepts, and methods of use for Army opensource intelligence (OSINT). ATP 2-22.9 highlights the characterization of OSINT as an intelligence discipline, its interrelationship with other intelligence disciplines, and its applicability to unified land operations.

This Army techniques publication—

  • Provides fundamental principles and terminology for Army units that conduct OSINT exploitation.
  • Discusses tactics, techniques, and procedures (TTP) for Army units that conduct OSINT exploitation.
  • Provides a catalyst for renewing and emphasizing Army awareness of the value of publicly available information and open sources.
  • Establishes a common understanding of OSINT.
  • Develops systematic approaches to plan, prepare, collect, and produce intelligence from publicly available information from open sources.
Categories: national security, privacy and security, technology and internet, U.S. Army

Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses

September 10, 2012 Comments off

Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses (PDF)

Source: Congressional Research Service (via Federation of American Scientists)

The prospect of drone use inside the United States raises far-reaching issues concerning the extent of government surveillance authority, the value of privacy in the digital age, and the role of Congress in reconciling these issues.

Drones, or unmanned aerial vehicles (UAVs), are aircraft that can fly without an onboard human operator. An unmanned aircraft system (UAS) is the entire system, including the aircraft, digital network, and personnel on the ground. Drones can fly either by remote control or on a predetermined flight path; can be as small as an insect and as large as a traditional jet; can be produced more cheaply than traditional aircraft; and can keep operators out of harm’s way. These unmanned aircraft are most commonly known for their operations overseas in tracking down and killing suspected members of Al Qaeda and related organizations. In addition to these missions abroad, drones are being considered for use in domestic surveillance operations, which might include in furtherance of homeland security, crime fighting, disaster relief, immigration control, and environmental monitoring.

Although relatively few drones are currently flown over U.S. soil, the Federal Aviation Administration (FAA) predicts that 30,000 drones will fill the nation’s skies in less than 20 years. Congress has played a large role in this expansion. In February 2012, Congress enacted the FAA Modernization and Reform Act (P.L. 112-95), which calls for the FAA to accelerate the integration of unmanned aircraft into the national airspace system by 2015. However, some Members of Congress and the public fear there are insufficient safeguards in place to ensure that drones are not used to spy on American citizens and unduly infringe upon their fundamental privacy. These observers caution that the FAA is primarily charged with ensuring air traffic safety, and is not adequately prepared to handle the issues of privacy and civil liberties raised by drone use.

This report assesses the use of drones under the Fourth Amendment right to be free from unreasonable searches and seizures. The touchstone of the Fourth Amendment is reasonableness. A reviewing court’s determination of the reasonableness of drone surveillance would likely be informed by location of the search, the sophistication of the technology used, and society’s conception of privacy in an age of rapid technological advancement. While individuals can expect substantial protections against warrantless government intrusions into their homes, the Fourth Amendment offers less robust restrictions upon government surveillance occurring in public places and perhaps even less in areas immediately outside the home, such as in driveways or backyards. Concomitantly, as technology advances, the contours of what is reasonable under the Fourth Amendment may adjust as people’s expectations of privacy evolve.

In the 112th Congress, several measures have been introduced that would restrict the use of drones at home. Senator Rand Paul and Representative Austin Scott introduced the Preserving Freedom from Unwarranted Surveillance Act of 2012 (S. 3287, H.R. 5925), which would require law enforcement to obtain a warrant before using drones for domestic surveillance, subject to several exceptions. Similarly, Representative Ted Poe’s Preserving American Privacy Act of 2012 (H.R. 6199) would permit law enforcement to conduct drone surveillance pursuant to a warrant, but only in investigation of a felony.

Categories: aviation, Congressional Research Service, government and politics, legal and law enforcement, privacy and security

Privacy and Data Management on Mobile Devices

September 6, 2012 Comments off

Privacy and Data Management on Mobile Devices

Source: Pew Internet & American Life Project

More than half of mobile application users have uninstalled or avoided certain apps due to concerns about the way personal information is shared or collected by the app, according to a nationally representative telephone survey conducted by the Pew Research Center’s Internet & American Life Project.

In all, 88% of U.S. adults now own cell phones, and 43% say they download cell phone applications or “apps” to their phones. Among app users, the survey found:

  • 54% of app users have decided to not install a cell phone app when they discovered how much personal information they would need to share in order to use it
  • 30% of app users have uninstalled an app that was already on their cell phone because they learned it was collecting personal information that they didn’t wish to share

Taken together, 57% of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons.

Categories: consumer issues, privacy and security, technology and internet, telecommunications

New From the GAO

August 21, 2012 Comments off

New GAO Report

Source: Government Accountability Office

Information Security: Environmental Protection Agency Needs to Resolve Weaknesses. GAO-12-696, July 19.
http://www.gao.gov/products/GAO-12-696
Highlights – http://www.gao.gov/assets/600/592756.pdf

Categories: Government Accountability Office, government and politics, privacy and security, technology and internet

FTC Advises Parents How to Protect Kids’ Personal Information at School

August 21, 2012 Comments off

FTC Advises Parents How to Protect Kids’ Personal Information at School
Source: Federal Trade Commission

A new school year usually means filling out paperwork like registration forms, health forms, and emergency contact forms, to name a few. The Federal Trade Commission wants parents to know that many school forms require personal and sensitive information that, in the wrong hands, could be used to commit fraud in their child’s name.

A criminal can use a child’s Social Security number to get government benefits, open bank and credit card accounts, or rent a place to live. Most parents and guardians don’t expect their child to have a credit file, and rarely order or monitor a child’s credit report. Child identity theft may go undetected for years – until the child applies for a job or loan and discovers problems in a credit report.

To help limit the risks of child identity theft, the Federal Trade Commission offers Protecting Your Child’s Personal Information at School. It explains how the federal Family Educational Rights and Privacy Act protects the privacy of student records and gives parents of school-age children the right to opt out of sharing contact information with third parties. It also suggests that parents ask their child’s school about its directory information policy, learn about privacy policies of sports or music activities that are not school-sponsored, and find out what to do if their child’s school experiences a data breach.

The second publication, Safeguarding Your Child’s Future, offers tips on how to keep your child’s data safe at home and online, and explains the warning signs of child identity theft. It also explains how parents and guardians can check whether their child has a credit report, and what to do if the report has errors.

Categories: children and families, education, Federal Trade Commission, K-12, privacy and security

Keeping Information Safe from Social Networking Apps

August 20, 2012 Comments off

Keeping Information Safe from Social Networking Apps
Source: Microsoft Research

The ability of third-party applications to aggregate and repurpose personal data is a fundamental privacy weakness in today’s social networking platforms. Prior work has proposed sandboxing in a hosted cloud infrastructure to prevent leakage of user information. In this paper, we extend simple sandboxing to allow sharing of information among friends in a social network, and to help application developers securely aggregate user data according to differential privacy properties. Enabling these two key features requires preventing, among other subtleties, a new “Kevin Bacon” attack aimed at aggregating private data through a social network graph. We describe the significant architectural and security implications for the application framework in the

Categories: Microsoft Research, privacy and security, social media, technology and internet

Progressive authentication: deciding when to authenticate on mobile phones

August 11, 2012 Comments off

Progressive authentication: deciding when to authenticate on mobile phones
Source: Microsoft Research

Mobile users are often faced with a trade-off between security and convenience. Either users do not use any security lock and risk compromising their data, or they use security locks but then have to inconveniently authenticate every time they use the device. Rather than exploring a new authentication scheme, we address the problem of deciding when to surface authentication and for which applications. We believe reducing the number of times a user is requested to authenticate lowers the barrier of entry for users who currently do not use any security. Progressive authentication, the approach we propose, combines multiple signals (biometric, continuity, possession) to determine a level of confidence in a user’s authenticity. Based on this confidence level and the degree of protection the user has configured for his applications, the system determines whether access to them requires authentication. We built a prototype running on modern phones to demonstrate progressive authentication and used it in a lab study with nine users. Compared to the state-of-theart, the system is able to reduce the number of required authentications by 42% and still provide acceptable security guarantees, thus representing an attractive solution for users who do not use any security mechanism on their devices.

Categories: Microsoft Research, privacy and security, technology and internet, telecommunications

FTC Seeks Comments on Additional Proposed Revisions to Children’s Online Privacy Protection Rule

August 3, 2012 Comments off

FTC Seeks Comments on Additional Proposed Revisions to Children’s Online Privacy Protection Rule

Source: Federal Trade Commission

The Federal Trade Commission is publishing a Federal Register Notice seeking public comments on additional proposed modifications to the Children’s Online Privacy Protection Rule.

In updating the Rule to keep current with technology advances, in September 2011, the FTC issued a Notice of Proposed Rulemaking seeking comment on proposed changes to the Commission’s COPPA Rule. The Commission received 350 comments. In response to those comments and informed by its experience in enforcing and administrating the Rule, the FTC now proposes to modify certain definitions to clarify the scope of the Rule and strengthen its protections for the online collection, use, or disclosure of children’s personal information.

The proposed modifications to the definitions of "operator" and "website or online service directed to children" would allocate and clarify the responsibilities under COPPA when third parties such as advertising networks or downloadable software kits ("plug-ins") collect personal information from users through child-directed websites or services. The Commission proposes to state within the definition of "operator" that personal information is "collected or maintained on behalf of" an operator where it is collected in the interest of, as a representative of, or for the benefit of, the operator. This change would make clear that an operator of a child-directed site or service that chooses to integrate the services of others that collect personal information from its visitors should itself be considered a covered "operator" under the Rule.

Categories: children and families, Federal Trade Commission, government and politics, privacy and security, technology and internet

New From the GAO

July 31, 2012 Comments off

New GAO Reports and Testimony

Source: Government Accountability Office

+ Reports

1. Coast Guard: Legacy Vessels’ Declining Conditions Reinforce Need for More Realistic Operational Targets. GAO-12-741, July 31.
http://www.gao.gov/products/GAO-12-741
Highlights – http://www.gao.gov/assets/600/593162.pdf

2. Modernizing the Nuclear Security Enterprise: NNSA’s Reviews of Budget Estimates and Decisions on Resource Trade-Offs Need Strengthening. GAO-12-806, July 31.
http://www.gao.gov/products/GAO-12-806
Highlights – http://www.gao.gov/assets/600/593153.pdf

3. Strategic Weapons: Changes in the Nuclear Weapons Targeting Process Since 1991. GAO-12-786R, July 31.
http://www.gao.gov/products/GAO-12-786R

+ Testimony

1. Privacy: Federal Law Should Be Updated to Address Changing Technology Landscape, by Gregory C. Wilshusen, director, information security issues, before the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Senate Committee on Homeland Security and Governmental Affairs. GAO-12-961T, July 31.
http://www.gao.gov/products/GAO-12-961T
Highlights – http://www.gao.gov/assets/600/593147.pdf

Categories: Government Accountability Office, military and defense, national security, privacy and security, technology and internet

How to Track Your Data: Rule-Based Data Provenance Tracing Algorithms

July 26, 2012 Comments off

How to Track Your Data: Rule-Based Data Provenance Tracing Algorithms
Source: HP Labs

As cloud computing and virtualization technologies become mainstream, the need to be able to track data has grown in importance. Having the ability to track data from its creation to its current state or its end state will enable the full transparency and accountability in cloud computing environments. In this paper, we showcase a novel technique for tracking end-to-end data provenance, a meta-data describing the derivation history of data. This breakthrough is crucial as it enhances trust and security for complex computer systems and communication networks. By analyzing and utilizing provenance, it is possible to detect various data leakage threats and alert data administrators and owners; thereby addressing the increasing needs of trust and security for customers’ data. We also present our rule-based data provenance tracing algorithms, which trace data provenance to detect actual operations that have been performed on files, especially those under the threat of leaking customers’ data. We implemented the cloud data provenance algorithms into an existing software with a rule correlation engine, show the performance of the algorithms in detecting various data leakage threats, and discuss technically its capabilities and limitations.

Categories: cloud computing, HP Labs, privacy and security, technology and internet

Tracking of Data Leaving the Cloud

July 20, 2012 Comments off

Tracking of Data Leaving the Cloud
Source: HP Labs

Data leakages out of cloud computing environments are fundamental cloud security concerns for both the end- users and the cloud service providers. A literature survey of the existing technologies revealed the inadequacies of current technologies and the need for a new methodology. This position paper discusses the requirements and proposes a novel auditing methodology that enables tracking of data transferred out of Clouds. Initial results from our prototypes are reported. This research is aligned to our vision that by providing transparency, accountability and audit trails for all data events within and out of the Cloud, trust and confidence can be instilled into the industry as users will get to know what exactly is going on with their data in and out of the Cloud.

Categories: cloud computing, HP Labs, privacy and security

Privacy Management in Global Organisations

July 16, 2012 Comments off

Privacy Management in Global Organisations
Source: HP Labs

In this paper it is considered how meeting privacy requirements can be challenging for global organisations, particularly where future Internet service provision models are involved. Approaches will be explained that can be used to help address these issues, with a focus on some of the innovative solutions that the author has been involved in developing in HP Labs that are currently being used, rolled out or are the subjects of further research.

Categories: business and economics, HP Labs, international, privacy and security, technology and internet

Privacy, Security and Trust in Cloud Computing

July 8, 2012 Comments off

Privacy, Security and Trust in Cloud Computing
Source: HP Labs

Cloud computing refers to the underlying infrastructure for an emerging model of service provision that has the advantage of reducing cost by sharing computing and storage resources, combined with an on-demand provisioning mechanism relying on a pay- per-use business model. These new features have a direct impact on information technology (IT) budgeting but also affect traditional security, trust and privacy mechanisms. The advantages of cloud computing – its ability to scale rapidly, store data remotely, and share services in a dynamic environment – can become disadvantages in maintaining a level of assurance sufficient to sustain confidence in potential customers. Some core traditional mechanisms for addressing privacy (such as model contracts) are no longer flexible or dynamic enough, so new approaches need to be developed to fit this new paradigm. In this chapter we assess how security, trust and privacy issues occur in the context of cloud computing and discuss ways in which they may be addressed.

Categories: cloud computing, HP Labs, privacy and security, technology and internet

Regulators Must Remain Vigilant, Ask Tough Questions in Cyber Debate: NARUC Primer

July 5, 2012 Comments off

Regulators Must Remain Vigilant, Ask Tough Questions in Cyber Debate: NARUC Primer

Source: National Association of Regulatory Utility Commissioners

With the electric-utility sector focusing on cybersecurity protections, State public service commissioners must remain vigilant and ask effective questions as regulated utilities make critical investments, a new paper from the National Association of Regulatory Utility Commissioners concludes.

Although a cyber attack has never interrupted utility services in the U.S., State commissioners will need to work with regulated utilities and ensure they are taking prudent steps and making sound investments for installing cybersecurity protections, the primer said. While not directly responsible for installing these protections, State regulators should continue being proactive in monitoring utility progress.

“It may fall to regulators to ask questions of utilities to determine if there are [cybersecurity] gaps and facilitate action,” the NARUC primer said. “This may be the key role for commissions in cybersecurity. Commissioners do not need to become cyber industry authorities or enforcers, but asking a utility a question may motivate the development of a well-founded answer.”

Categories: energy, government and politics, privacy and security, technology and internet, terrorism

Measuring the Cost of Cybercrime

July 4, 2012 Comments off

Measuring the Cost of Cybercrime (PDF)
Source: 11th Annual Workshop on the Economics of Information Security (WEIS 2012)

In this paper we present what we believe to be the fi rst systematic study of the costs of cybercrime. It was prepared in response to a request from the UK Ministry of Defence following scepticism that previous studies had hyped the problem. For each of the main categories of cybercrime we set out what is and is not known of the direct costs, indirect costs and defence costs { both to the UK and to the world as a whole. We distinguish carefully between traditional crimes that are now `cyber’ because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly. As far as direct costs are concerned, we nd that traditional o ences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/Euros/dollars a year; transitional frauds cost a few pounds/Euros/dollars; while the new computer crimes cost in the tens of pence/cents. However, the indirect costs and defence costs are much higher for transitional and new crimes. For the former they may be roughly comparable to what the criminals earn, while for the latter they may be an order of magnitude more. As a striking example, the botnet behind a third of the spam sent in 2010 earned its owners around US$2.7m, while worldwide expenditures on spam prevention probably exceeded a billion dollars. We are extremely inecient at ghting cybercrime; or to put it another way, cyber- crooks are like terrorists or metal thieves in that their activities impose disproportionate costs on society. Some of the reasons for this are well-known: cybercrimes are global and have strong externalities, while traditional crimes such as burglary and car theft are local, and the associated equilibria have emerged after many years of optimisation. As for the more direct question of what should be done, our gures suggest that we should spend less in anticipation of cybercrime (on antivirus, rewalls, etc.) and more in response { that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail.

Hat tip: JRB

Categories: 11th Annual Workshop on the Economics of Information Security, business and economics, financial crime and fraud, international, privacy and security, technology and internet

CRS — Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions

July 3, 2012 Comments off

Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised.

The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure.

More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002.

Recent legislative proposals, including many bills introduced in the 111th and 112th Congresses, have focused largely on issues in 10 broad areas (see “Selected Issues Addressed in Proposed Legislation” for an overview of how current legislative proposals would address issues in several of those areas):

  • national strategy and the role of government,
  • reform of the Federal Information Security Management Act (FISMA),
  • protection of critical infrastructure (including the electricity grid and the chemical industry),
  • information sharing and cross-sector coordination,
  • breaches resulting in theft or exposure of personal data such as financial
    information,

  • cybercrime,
  • privacy in the context of electronic commerce,
  • international efforts,
  • research and development, and
  • the cybersecurity workforce.

For most of those topics, at least some of the bills addressing them have proposed changes to current laws. Several of the bills specifically focused on cybersecurity have received committee or floor action, but none have become law.

Categories: Congressional Research Service, financial crime and fraud, government and politics, national security, privacy and security, technology and internet

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud

June 29, 2012 Comments off

From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud
Source: Social Science Research Network

This paper explains how changing technology, especially the rising adoption of encryption, is shifting law enforcement and national security lawful access to far greater emphasis on stored records, notably records stored in the cloud. The major and growing reliance on surveillance access to stored records results from the following changes:

      Encryption. Adoption of strong encryption is becoming much more common for data and voice communications, via virtual private networks, encrypted webmail, SSL web sessions, and encrypted Voice over IP voice communications.

        Declining effectiveness of traditional wiretaps. Traditional wiretap techniques at the ISP or local telephone network increasingly encounter these encrypted communications, blocking the effectiveness of the traditional techniques.

          New importance of the cloud. Government access to communications thus increasingly relies on a new and limited set of methods, notably featuring access to stored records in the cloud.

            The “haves” and “have-nots.” The first three changes create a new division between the “haves” and “have-nots” when it comes to government access to communications. The “have-nots” become increasingly dependent, for access to communications, on cooperation from the “have” jurisdictions.

          Part 1 of the paper describes the changing technology of wiretaps and government access. Part 2 documents the growing adoption of strong encryption in a wide and growing range of settings of interest to government agencies. Part 3 explains how these technological trends create a major shift from real-time intercepts to stored records, especially in the cloud.

Categories: cloud computing, government and politics, legal and law enforcement, privacy and security, Social Science Research Network, technology and internet

New From the GAO

June 28, 2012 Comments off

New GAO Reports and Testimonies

Source: Government Accountability Office

+ Reports

1. Freedom of Information Act: Key Website Is Generally Reliable, but Action Is Needed to Ensure Completeness of Its Reports. GAO-12-754, June 28.
http://www.gao.gov/products/GAO-12-754
Highlights – http://www.gao.gov/assets/600/592011.pdf

2. Defense Management: Steps Taken to Better Manage Fuel Demand but Additional Information Sharing Mechanisms Are Needed. GAO-12-619, June 28.
http://www.gao.gov/products/GAO-12-619
Highlights – http://www.gao.gov/assets/600/592023.pdf

3. Internal Revenue Service: Status of GAO Financial Audit and Related Financial Management Recommendations. GAO-12-695, June 28.
http://www.gao.gov/products/GAO-12-695
Highlights – http://www.gao.gov/assets/600/592016.pdf

+ Testimonies

1. Mission Iraq: State and DOD Face Challenges in Finalizing Support and Security Capabilities, by Michael J. Courts, acting director, international affairs and trade, before the Subcommittee on National Security, Homeland Defense, and Foreign Operations, House Committee on Oversight and Government Reform. GAO-12-856T, June 28.
http://www.gao.gov/products/GAO-12-856T
Highlights – http://www.gao.gov/assets/600/591998.pdf

2. Residential Appraisals: Regulators Should Take Actions to Strengthen Appraisal Oversight, by William B. Shear, director, financial markets and community investment, before the Subcommittee on Insurance, Housing and Community Opportunity, House Committee on Financial Services. GAO-12-840T, June 28.
http://www.gao.gov/products/GAO-12-840T
Highlights – http://www.gao.gov/assets/600/592001.pdf

3. Information Security: Cyber Threats Facilitate Ability to Commit Economic Espionage, by Gregory C. Wilshusen, director, information security issues, before the Subcommittee on Counterterrorism and Intelligence, House Committee on Homeland Security. GAO-12-876T, June 28.
http://www.gao.gov/products/GAO-12-876T
Highlights – http://www.gao.gov/assets/600/592009.pdf

4. Modernizing the Nuclear Security Enterprise: Observations on the Organization and Management of the National Nuclear Security Administration, by Gene Aloise, director, natural resources and environment, before the Subcommittee on Strategic Forces, House Committee on Armed Services. GAO-12-867T, June 27.
http://www.gao.gov/products/GAO-12-867T
Highlights – http://www.gao.gov/assets/600/591975.pdf

Presentation by the Comptroller General

1. Partnership and Collaboration: Meeting the Challenges Across All Levels of Government, by Gene L. Dodaro, Comptroller General of the United States, before the 19th Biennial Forum of Government Auditors, Alexandria Virginia. GAO-12-882CG, June 27.
http://www.gao.gov/products/GAO-12-882CG

Categories: business and economics, Government Accountability Office, government and politics, housing and real estate, Iraq, military and defense, privacy and security, taxation, technology and internet
Follow

Get every new post delivered to your Inbox.

Join 363 other followers