The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal.
Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail. The IRS, on the other hand, publicly said last month that it would abandon a controversial policy that claimed it could get warrantless access to e-mail correspondence.
Each year, the Executive Women's Forum announces their "Women of Influence" Awards at their annual EWF event.
The awards, co-presented by Alta Associates and CSO Magazine, recognize outstanding women in several categories: one winner from the public sector, a private solutions provider from the security industry, a corporate practitioner from the private sector, and a "One to Watch," a future leader in the security field. This year, a lifetime achievement award was also given. The winners were nominated by peers in the security community.
CSO asked each winner of the 2012 WOI awards to give us their perspective on their success, lessons learned in their careers — and how women are making their mark in the security industry today.
What is a good BYOD policy? Step one is to clarify the rights of both company and employee and state upfront what's business and what's personal. But there's a lot more to it. In this interview with a technology transactions lawyer, CIO.com explores the do's and don'ts of BYOD policies.
If we want to protect privacy, we should be more clear about why it is important.
[Privacy] is better understood as an important buffer that gives us space to develop an identity that is somewhat separate from the surveillance, judgment, and values of our society and culture. Privacy is crucial for helping us manage all of these pressures -- pressures that shape the type of person we are -- and for "creating spaces for play and the work of self-[development]."
I have three children: twins Rachel and Abby, both age 16 and Jacob, age 14. While in my second year at Eli Lilly and Company nearly a decade ago, my wife, Melisa, had a medical procedure. Jake and I drove Melisa to the doctor’s office for the colonoscopy (although HIPAA does not apply, rules of matrimonial harmony do, so I have received a verbal consent for this disclosure).
At that moment, Melisa, herself an Indiana University Law graduate, looked at me from the front passenger seat and said to me, the CPO of a major multi-national corporation, “Well, at least someone knows something about privacy.”
And that’s the point, isn’t it? Even a five year old has the basic wisdom to understand the idea of human dignity and those things that should be held privately. The concept of privacy is intuitive. It is pure.
Researchers from U.C. Berkeley say brain scan authentication is reliable enough to replace traditional passwords.
Rather than a using a password to gain access, a user would submit a “passthought,” generating a unique signal from brainwaves that may or may not prove difficult to duplicate by a hacker, Phys.org reported. The recent commercialization of external electroencephalogram (EEG) devices -- the researchers used a Neurosky MindSet, which connects wirelessly via bluetooth and costs about $100 -- makes this technology plausible.
As California considers going above and beyond what the EU gives its citizens in data access request rights, technology and Web firms in Silicon Valley will likely fight any hopes of such rights hopping across the Atlantic.
When smartphone users upload files to cloud-based services, remnants of those files often remain on their handheld device, even if the data is meant to be stored only in the cloud, researchers have found.
The consequence is that hackers could potentially access files stored in the cloud, or get access to cloud accounts, using leftover data stored on your Android device, iPhone or other smartphone.
The tracing of leftover data on smartphones is not for the layperson, Kothari says, but could be looked at as the modern-day equivalent of Dumpster-diving for personal information.
A hacker created a worldwide map of more than 100,000 vulnerable devices after “playing around” with a scripting tool. The “Carna” botnet was named after the Roman goddess that protected inner organs because it was “a good choice for a bot that runs mostly on embedded routers.” Carna ran from June to October last year and was allegedly never detected.
Senator Patrick Leahy (D-VT) and Senator Mike Lee (R-UT) today introduced a bill that would reform the Electronic Communications Privacy Act (ECPA). This Senate “Dream Team” will give ECPA reform a strong boost: Leahy, the Chairman of the Senate Judiciary Committee and original author of the 1986ECPA, is joining forces with Mike Lee, a Tea Party favorite, and a strong voice for Constitutional rights when the Committee marked up a nearly identical bill last year.
The Leahy-Lee bill would amend ECPA to require government officials to obtain a warrant in order to require ISPs or other online service providers to disclose the private communications of their users (except, of course, in emergency cases). This would include personal or proprietary documents stored with providers of “cloud” services (the increasingly popular services that allow companies, non-profits and individuals to edit documents from any location). Under ECPA as currently written, the warrant requirement applies only to email 180 days old or less and does not apply at all to documents stored in the cloud. Simply put, the goal of the Leahy-Lee legislation is to ensure that the warrant standard of the U.S. Constitution, which now applies to letters you send in the US Mail, is extended to your email.
Importantly, the legislation would maintain existing emergency exceptions to the warrant requirement so law enforcement can act quickly in those occasions when there is no time to go to a judge. It also leaves in place the provisions of current law that require providers – without a warrant – to affirmatively report child pornography and other child abuse of which they become aware.
The use of big data and analytics to predict student success presents unique ethical questions for higher education administrators relating to the nature of knowledge; in education, "to know" entails an obligation to act on behalf of the student. The Potter Box framework can help administrators address these questions and provide a framework for action.
Thanks to an exploding number of wellness apps and wearable devices, you may be beaming biodata into the cloud right now. As the Quantified Self movement picks up steam, who stands to profit? (Hint: not you.) And can those cashing in on Big Data use your heart rate against you? (Take a guess.)
Nine winners of the 5th Annual Information Security Awareness Video and Poster Contest have been selected. The winning videos and posters are now available for colleges and universities to use in campus security awareness campaigns during National Cyber Security Awareness Month in October, student orientations, and throughout the year.
This year's sponsors and supporters include: CyberWatch, the National Cyber Security Alliance, and Google.
Visit the Information Security Guide's Cybersecurity Awareness Resource Library for more campus education, awareness, and training materials.
Online security, privacy, and safety are often top concerns for policymakers. Microsoft is committed to addressing these concerns by sharing information, technology, and guidance. (Want to learn more about mobile devices & youth safety?
Acxiom is preparing to step out of the shadows. The consumer data broker, which tracks everything from a person’s estimated income to his political leanings, shopping patterns and exercise habits, is readying a service that will reveal to people what it knows about them.
New York-listed Acxiom, which has a market capitalisation of $1.4bn, collects details about more than 700m consumers across the globe and sells them to more than 7,000 clients.
The move to add a new level of transparency to its business practice comes amid mounting regulatory and governmental scrutiny of its multibillion-dollar industry, which include an investigation launched in December by the US Federal Trade Commission.
The CISO role in many enterprises is expanding beyond security risk mitigation to risk management, privacy and regulations, and compliance.
"If you have worked in information security for the past 15 years, you have witnessed a maturation in the mission of security that is quite remarkable. In its infancy, security was oftentimes viewed as the troglodytes at the end of the corridor, who focused on analyzing packet streams, firewall logs and anti-virus anomalies...
Fast forward to the current day, and you will see a new view of security in many enterprises: security is evolving towards a broader focus in risk management. The responsibility of traditional information security has not decreased in importance or duty, but the mindset and role has certainly become more risk-based in nature for security leaders and many current CISOs. And this is appropriate, as information security management at its core is the mitigation, transference, reduction and elimination of risk to the enterprise."
Can you be identified only by where you take your phone? Yes, according to a new study, which finds it's not very hard at all.
While most of us are free to go wherever we want, our daily and weekly movement patterns are pretty predictable. We go to work, to school, to church, to our neighborhood gym, grocery store or coffee shop, and we come home -- all quietly tracked by the GPS in our phone.
And with nothing more than this anonymous location data, someone who wanted to badly enough could easily figure out who you are by tracking your smartphone. Patterns of our movements, when traced on a map, create something akin to a fingerprint that is unique to every person.
Like others in the industry, Microsoft believes it is important for the public to have access to information about law enforcement access to customer data, particularly as customers are increasingly using technology to communicate and store private information.
This data covers law enforcement requests and/or court orders Microsoft received in calendar year 2012 related to our online and cloud services. Skype data is included, but reported separately, since prior to being acquired by Microsoft in late 2011, Skype collected data in a different format and because Skype continues to operate under Luxembourg law.