The NSA’s foreign surveillance: 5 things to know

A contentious piece of U.S. law giving the National Security Agency broad authority to spy on people overseas expires at the end of the year. Expect heated debate about the scope of U.S. surveillance law leading up to Dec. 31.

One major issue to watch involves the way the surveillance treats communications from U.S. residents. Critics say U.S. emails, texts, and chat logs -- potentially millions of them -- are caught up in surveillance authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA).

U.S. residents who communicate with foreign targets of the NSA surveillance have their data swept up in what the NSA calls "incidental" collection. The FBI can then search those communications, but it's unclear how often that happens.

To read this article in full or to leave a comment, please click here

Continue reading »

It’s time for websites to turn on HTTPS encryption: the benefits are worth the effort

After Edward Snowden revealed that online communications were being collected en masse by some of the world’s most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we’ve passed the tipping point.

The number of websites supporting HTTPS—HTTP over encrypted SSL/TLS connections—has skyrocketed over the past year. There are many benefits to turning on encryption, so if your website not yet support the technology it’s time to make the move.

Recent telemetry data from Google Chrome and Mozilla Firefox shows that over 50 percent of web traffic is now encrypted, both on computers and mobile devices. Most of that traffic goes to a few large websites, but even so, it’s a jump of over 10 percentage points since a year ago.

To read this article in full or to leave a comment, please click here

Continue reading »

Assange: CIA had lost control of its cyberweapon documents

Information about purported CIA cyberattacks was "passed around" among members of the U.S. intelligence community and contractors before it was published by WikiLeaks this week, Julian Assange says.

The CIA "lost control of its entire cyberweapons arsenal," the WikiLeaks editor in chief said during a press conference Thursday. "This is a historic act of devastating incompetence, to have created such an arsenal and stored all in one place and not secured it."

Assange declined to name the source who gave the information to WikiLeaks, but he seemed to suggest the 8,700-plus documents, purportedly from an isolated CIA server, came from an insider source.

To read this article in full or to leave a comment, please click here

Continue reading »

U.S. Senate resolution aims to let ISPs share your private data without permission

A resolution introduced in the U.S. Senate on Tuesday aims to roll back privacy rules for broadband service providers that were approved by the Federal Communications Commission in October.

The rules include the requirement that internet service providers like Comcast, AT&T, and Verizon should obtain “opt-in” consent from consumers to use and share sensitive personal information such as geolocation and web browsing history, and also give customers the option to opt out from the sharing of non-sensitive information such as email addresses or service tier information.

The rules have been opposed by internet service providers who argue that they are being treated differently from other Internet entities like search engines and social networking companies.

To read this article in full or to leave a comment, please click here

Continue reading »

US senator probes into CloudPets smart toy hack

A U.S. senator is probing reports of a breach of data from smart toys from Spiral Toys, writing to the company’s CEO a letter with ten questions about the issue, including about the company’s security practices.

Bill Nelson, a Florida Democrat, wrote in a letter Tuesday to CEO Mark Meyers that the breach raises serious questions concerning how well the company protects the information it collects, particularly from children.

Nelson also said that the incident raises questions about the vendor's compliance with the Children’s Online Privacy Protection Act that requires covered companies to have reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.

To read this article in full or to leave a comment, please click here

Continue reading »