EU and US officials sign ‘umbrella’ data protection agreement, but it’s no Privacy Shield

The European Commission has signed a landmark agreement with the U.S. in its quest to legitimize the transatlantic flow of European Union citizens' personal information.

No, it's not the embattled Privacy Shield, which the Commission hopes to conclude later this month, but the rather flimsier-sounding umbrella agreement or, more formally, the U.S.-EU agreement "on the protection of personal information relating to the prevention, investigation, detection, and prosecution of criminal offenses."

It covers the exchange between EU and U.S. law enforcers, during the course of their investigations of personal data including names, addresses and criminal records. U.S. Attorney General Loretta Lynch, European Commissioner for Justice Vĕra Jourová and Dutch Minister for Security and Justice Ard van der Steur signed the agreement in Amsterdam on Thursday.

To read this article in full or to leave a comment, please click here

Continue reading »

All about your ‘fullz’ and how hackers turn your personal data into dollars

If cyber criminals have a Holy Grail, it’s your fullz, or your full set of personal information. And they’ll go to great lengths to get it.

Since 2005, more than 6,000 companies and organizations have reported breaches. Judging from prior trends, about half of those breaches likely involved the exposure of sensitive information, where consumers’ names are paired with additional data such as addresses, phone numbers, birth dates, Social Security numbers, and health records. In just 2015, for example, nearly 165 million records containing Social Security numbers were compromised in 338 breaches, according to the Identity Theft Resource Center.

To read this article in full or to leave a comment, please click here

Continue reading »

All about your ‘fullz’ and how hackers turn your personal data into dollars

If cyber criminals have a Holy Grail, it’s your fullz, or your full set of personal information. And they’ll go to great lengths to get it.

Since 2005, more than 6,000 companies and organizations have reported breaches. Judging from prior trends, about half of those breaches likely involved the exposure of sensitive information, where consumers’ names are paired with additional data such as addresses, phone numbers, birth dates, Social Security numbers, and health records. In just 2015, for example, nearly 165 million records containing Social Security numbers were compromised in 338 breaches, according to the Identity Theft Resource Center.

To read this article in full or to leave a comment, please click here

Continue reading »

Senate proposal to require encryption workarounds may be dead

A proposal in the U.S. Senate to require smartphone OS developers and other tech vendors to break their own encryption at the request of law enforcement may be dead on arrival.

The proposal, released as a discussion draft last month, may not be formally introduced this year because of strong opposition, according to a Reuters report.

The draft bill, pushed by Senators Richard Burr and Dianne Feinstein, would allow judges to order tech companies to comply with requests from the FBI and other law enforcement agencies to help them defeat security measures and break into devices.

To read this article in full or to leave a comment, please click here

Continue reading »

Senate proposal to require encryption workarounds may be dead

A proposal in the U.S. Senate to require smartphone OS developers and other tech vendors to break their own encryption at the request of law enforcement may be dead on arrival.

The proposal, released as a discussion draft last month, may not be formally introduced this year because of strong opposition, according to a Reuters report.

The draft bill, pushed by Senators Richard Burr and Dianne Feinstein, would allow judges to order tech companies to comply with requests from the FBI and other law enforcement agencies to help them defeat security measures and break into devices.

To read this article in full or to leave a comment, please click here

Continue reading »

‘Black box’ no more: This system can spot the bias in those algorithms

Between recent controversies over Facebook's Trending Topics feature and the U.S. legal system's "risk assessment" scores in dealing with criminal defendants, there's probably never been broader interest in the mysterious algorithms that are making decisions about our lives.

That mystery may not last much longer. Researchers from Carnegie Mellon University announced this week that they've developed a method to help uncover the biases that can be encoded in those decision-making tools.

To read this article in full or to leave a comment, please click here

Continue reading »

Senators want warrant protections for US email stored overseas

A new bill in Congress would require U.S. law enforcement agencies to obtain court-ordered warrants before demanding the emails of the country's residents when they are stored overseas.

The International Communications Privacy Act, introduced Wednesday by three senators, would close a loophole that allows law enforcement agencies to request emails and other electronic documents without warrants. 

Congress has been working since 2010 to rework the 1986 Electronic Communications Privacy Act (ECPA), a law that sets down rules for law enforcement access to electronic communications, but the focus has been on requiring warrants for emails and other communications stored in the cloud for longer than 180 days.

To read this article in full or to leave a comment, please click here

Continue reading »

Celebrity hacker Guccifer’s confession gives us all a lesson in security

The activity of Romanian hacker Guccifer, who has admitted to compromising almost 100 email and social media accounts belonging to U.S. government officials, politicians, and other high-profile individuals, is the latest proof that humans are the weakest link in computer security.

Marcel Lehel Lazar, 44, is not a hacker in the technical sense of the word. He’s a social engineer: a clever and persistent individual with a lot of patience who a Romanian prosecutor once described as “the obsessive-compulsive type.” By his own admission, Lazar has no programming skills. He didn’t find vulnerabilities or write exploits. Instead, he’s good at investigating, finding information online and making connections.

To read this article in full or to leave a comment, please click here

Continue reading »