Filters Applied


Campaign Data Breaches: Political Toxic Waste

Calling last week’s news that security researchers found an abandoned political campaign database on the internet with detailed information on over 200 million voters from 2008, 2012, and 2016 troubling is a massive understatement akin to calling the Titanic a boating accident. It’s closer to a catastrophe. Moreover, it may represent only the tip of the iceberg; Gizmodo points out that, “Five voter-file leaks over the past 18 months exposed between 350,000 and 191 million files.” As data collection and usage play an ever-growing role in political campaigns, the iceberg below is starting to look ominous. In partnership with political campaigns, Political Action Committees, consulting firms, and other NGOs that work in and around elections, CDT will lead efforts to draft a “campaign data stewardship pledge,” including templates for privacy policies, data security playbooks, and other materials that will move the principles reflected in a stewardship pledge into action.

Read More Read More

“The Cyber” Part IV: Are There Appropriate Ethical Limits on Hacking?

How far is too far? We’ve been asking this question over and over again at CDT while conducting interviews of security researchers and in drafting CDT’s new white paper that surveys “hard questions” in the world of computer security research. Through these conversations, we are developing a basic set of ethical spectra – essentially, axes along which security research activities become more or less ethically questionable. In this white paper, we note a few possible options for better mapping the ethical landscape of the security research world.

Read More Read More

Serious Privacy Risks Lie in the Path of Vehicle Automation

Yesterday, CDT joined four top cryptography and security experts in raising serious privacy concerns with proposed next-generation vehicle-to-vehicle communication standards. We call for this system to be explicitly opt-in or for the design to be significantly reconsidered so as to avoid the problems we identify. There are some promising tools from applied cryptography that could be leveraged to design a system that would impact driver and passenger privacy to a much lesser extent.

Read More Read More

The Beginning of the End of Sharing Banking Credentials

JPMorgan Chase and Intuit announced that they’ve agreed to a new model on bank login credentials and third-party access. It’s one that not only vastly improves the privacy and security of relationships between banks and third-party financial tools, but also improves how these kinds of apps work. The new process will eliminate cumbersome user interfaces for detailed account access information and will put more choice and control into the hands of consumers.

Read More Read More

It’s Time to Move to HTTPS

You’ve heard us talk extensively about the importance of moving the web to HTTPS – the encrypted version of the web’s HTTP protocol. CDT has released a one-pager aimed at website system administrators (and their bosses!) that describes the importance of HTTPS. And we are excited to announce a partnership to increase HTTPS adoption for online adult entertainment.

Read More Read More

The Web Became More Secure with Let’s Encrypt

The implications are staggering: anyone can have an encrypted website up and running in no time and very cheaply. What HTML and HTTP did for allowing regular people to start putting content on the Web, Let’s Encrypt will do for allowing people to put up encrypted pages that are safe, secure, private, and not subject to hijacking.

Read More Read More

Coalition Seeks Revisions to Potentially Restrictive Wassenaar Proposal

A broad coalition of civil society filed comments with the Bureau of Industry and Security (BIS) in the U.S. Department of Commerce on their proposed implementation of new export control rules for “cybersecurity software”. The new controls are intended to prevent the export of digital surveillance tools to nation-state-level actors who plan to use them to spy on their citizens, but also limit the export of encryption technologies.

Read More Read More