Another Invasive, Costly DHS Proposal Chilling Free Speech At the Border

Earlier this year, DHS proposed to begin requesting information pertaining to Chinese visitors’ social media identifiers. This is not the first time we have seen this type of proposal from DHS. In 2016, CDT and over 30 other organizations raised concerns that a DHS proposal asking people traveling to the U.S. through the Visa Waiver Program to volunteer information about their “online presence” and social media use amounted to an expansion of surveillance of U.S. visitors and residents alike. Last week, CDT argued that the new proposal would raise the same issues.

Read More

Three Core Security & Privacy Issues of Connected Vehicles

Connected vehicles have tremendous potential to reshape the transportation landscape – bringing important safety and efficiency benefits but also creating new security and privacy risks. In addition, there are long-standing security and privacy issues that, if not resolved, will be compounded with the continued trends towards greater use of software and connectivity in motor vehicles. Our comments focus on three main issues: the need for secure software, the increasing dependence on critical information infrastructures, and the need for greater transparency around data privacy.

Read More

Uber’s Fingerprinting Foibles and the Costs of Not Complying with Industry Self-Regulation

No stranger to privacy kerfuffles, Uber is once again in the news for its business practices and invasive use of technology. This time, the headlines are focused on Uber’s intentional circumvention of Apple’s developer rules, which prohibit apps from collecting certain technical identifiers from iPhones. The larger challenge this raises is determining whether Uber’s violation of Apple’s developer terms could or should raise regulatory ire. Sanctions should be tailored to fit the crime, but when it comes to privacy and security mishaps with technology, consumers and their advocates are left in the dark.

Read More

“The Cyber” Part IV: Are There Appropriate Ethical Limits on Hacking?

How far is too far? We’ve been asking this question over and over again at CDT while conducting interviews of security researchers and in drafting CDT’s new white paper that surveys “hard questions” in the world of computer security research. Through these conversations, we are developing a basic set of ethical spectra – essentially, axes along which security research activities become more or less ethically questionable. In this white paper, we note a few possible options for better mapping the ethical landscape of the security research world.

Read More

Serious Privacy Risks Lie in the Path of Vehicle Automation

Yesterday, CDT joined four top cryptography and security experts in raising serious privacy concerns with proposed next-generation vehicle-to-vehicle communication standards. We call for this system to be explicitly opt-in or for the design to be significantly reconsidered so as to avoid the problems we identify. There are some promising tools from applied cryptography that could be leveraged to design a system that would impact driver and passenger privacy to a much lesser extent.

Read More