In July of 2015, 400 gigabytes of documents outlining the dealings of spyware company Hacking Team were released. The for-profit surveillance firm was found to work with oppressive regimes across the globe, including those of Russia, Ethiopia, Azerbaijan, Kazakhstan, Vietnam, Saudi Arabia, and Sudan. Also benefiting from the company’s exploitive surveillance tools is the US Bureau of Investigation, which has spent $775,000 on Hacking Team tools since 2011.

Hacking Team’s abilities are expansive. The firm can steal pre-encrypted data and passwords typed in Web browsers, as well as activate the microphone and camera on a target device. Users of Google Play and Apple stores may also be activating surveillance malware coded by Hacking Team.

Privacy and human rights advocates are outraged by the lack of legislation regulating firms like Hacking Team and its rival Gamma International, but regulation can be tricky. Badly drafted export controls could create red tape for journalists to circumvent when trying to access communications mechanisms or antivirus software. Syrian activists, for example, have cited American export controls as one of the leading obstacles of installing anti-surveillance software on phones and computers to protect their communications from the Assad regime.

The discussion is subtle, as it must take into account the personal liberties of global citizens, the dynamic nature of the technology industry, and the diverse interests of country governments.

Article via Committee to Protect JournalistsJuly 13, 2015

Photo: On the Phone via Artform Canada [Creative Commons Attribution-NonCommercial-NoDerivs]

 

 

 

According to Manhattan’s District Attorney, smartphone data encryption hinders criminal investigations in state courts. Cyrus R. Vance, Jr. testified to the Senate Judiciary Committee on July 8, 2015 in an effort to advocate legislation allowing law enforcement officials to access private phone data with judicial authorization.

Vance, Jr. cites that 71% of phone evidence in his office comes from Apple or Android devices. As a result, Apple and Google’s move to fully integrate data encryption in their next devices will significantly affect prosecution processes in state courts.

State courts adjudicate over 90% of all criminal cases annually, which means over 100,000 cases for Vance’s office alone.

“To investigate these 100,000 cases without smartphone data is to fight crime with one hand tied behind our backs,” he asserts.

Vance does not support bulk data collection or surveillance without authorization. Civil liberty and privacy advocates are still wary, however, and endorse data encryption overall. This sentiment is in relative accordance with statements from Deputy Attorney General Sally Yates and FBI Director James Comey. They say that the Obama administration has no current plans to mandate companies to provide federal agents encryption keys for their products, but they also recognize that companies should not make their devices “warrant-free zones” that impede law enforcement’s authorized access to criminal evidence.

Article via Legaltech NewsAugust 10, 2015

Photo: IPhone via Jorge Quinteros [Creative Commons Attribution-NonCommercial-NoDerivs]

Recent incidences of police brutality have sparked public outrage, and as a result, the use of police dashboard and body cameras has increased. However, footage released to the public could be altered. Sandra Bland’s arrest video, for example, loops several times in the 52 minute span. Journalists have accused police departments of editing the videos; the Texas Department of Public Safety denies any tampering of the footage.

Police camera footage is stored unaltered on police department software systems. This is because the Axon body cam dominates the police camera industry, and it records footage in a way that is nearly impossible to corrupt. The only way an officer could impede a video is by physically pushing the off-button for five seconds, an unlikely occurrence during a high-intensity event. Additionally, the officer’s name is attached to the video for as long as it exists in the software system.

Although raw footage can’t be edited, there’s no way to regulate what edits are made to the footage released to the public. In fact, almost all videos that the media releases are edited—bystanders’ faces are blurred, and sections of video with no action are removed. The Freedom of Information Act has no provisions that require police departments to release raw footage. However, several incidences recorded on police cameras have led to the indictment of guilty officers, and no allegations that videos are tampered have been confirmed.

It’s evident that police body and dashboard cams will continue to rise to prominence, whether the accusations of video tampering are true or not. The Obama administration has proposed a $75 million program to provide 50,000 cameras to agencies, and the Department of Justice is allocating $20 million for police body cameras.

Article via The Huffington Post, August 28, 2015

Photo:  via Whoop Whoop that’s the Sound of the Police via AshtonPal [Creative Commons Attribution-NonCommercial-NoDerivs]

In a ruling by the US Court of Appeals on Aug. 24, the Federal Trade Commission (FTC) has the authority to prosecute corporations that have insufficient cybersecurity to protect customers against hackers.

The Third Circuit ruled in favor of the FTC, which litigated the international hotel company Wyndham Worldwide Corporation for failing to prevent the theft of 619,000 customer’s personal and financial information by hackers. The hacking resulted in over $10.6 million in counterfeit charges.

Wyndham attempted to counter the Commission’s lawsuit in the US Court of Appeals, but the recent ruling declared the FTC’s actions legal.

The FTC will be expected “to increase its regulatory activity in this area now that its authority has been upheld,” says Michael Hindelang, head of the data security/privacy litigation and e-discovery/information management practice groups at Honigman Miller Schwartz and Cohn.

 

Article via Legaltech News, August 26, 2015

Photo: statue at Federal Trade Commission via sha in LA [Creative Commons Attribution-NonCommercial-NoDerivs]

As more and more content ranging from emails to personal information is being stored virtually in the cloud, questions about who should be able to access this content and how they must obtain the information are starting to arise. Currently, Microsoft has challenged the ability of the US government to obtain information stored in one of their data centers located abroad. If the information was stored in a physical form, the United States would have to work in cooperation with the government of the country in which the information is stored. However, the law is not as black and white concerning digital files. Executive Vice President and General Counsel of Microsoft Brad Smith states that is the responsibility of not only tech companies but also Congress to start setting precedents for laws regarding internet privacy so citizens can trust and understand digitally-storing files.

Smith also states that views on who has ownership of digital files may need to be altered. He explains that companies providing online storage have no more ownership of the files than the post office has of the content of a letter that is being mailed. Congress will also have to decide whether physical borders between countries continue to exist in the virtual world. Though the technicalities and concerns about internet privacy may seem confusing, Smith reassures tech users that measures are already being implemented that relieve citizens of having to worry about their privacy being violated even if they don’t understand all the ins and outs of cloud storage.

Article via Above the LawAugust 18, 2015

Photo DSC_6005 via Judson Weinsheimer [Creative Commons Attribution-NonCommercial-NoDerivs]

China has censored the internet again after adopting a new national cyber security law that seeks to make data, IT infrastructure and systems, and the internet  in certain areas “secure and controllable,” according to the National People’s Congress website.

Reporters were told by Zheng Shuna, of the NPC’s Legislative Affairs Commission, that cyberspace sovereignty is “the embodiment and extension of national sovereignty” and an important part of national infrastructure (according to Xinhua, a state-owned news agency).

Article via Above The Law, 10 July 2015

Photo:China Flag via Bryan Jones [Creative Commons Attribution-NonCommercial-NoDerivs]