CISA Manager’s Amendment Falls Short on Privacy and Security

The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA) (S. 754) on the Senate floor this week. The managers of the bill released a manager’s amendment on July 31 that makes some important changes to the bill, but that leaves key privacy and security concerns that CDT identified unaddressed or insufficiently addressed. In short, there are some partial fixes, but huge problems remain.

Read More

Unsanctioned Web Tracking is Harmful

Recently, the Technical Architecture Group (TAG) of the World Wide Web Consortium (W3C), a group within the W3C charged with stewardship of the Web’s architecture, released a statement that “unsanctioned tracking” is harmful to the web. Specifically, the TAG noted three types of unsanctioned tracking technologies that are especially harmful to users’ privacy: browser fingerprinting, super cookies, and header enrichment.

Read More
Screen Shot 2015-07-27 at 12.07.12 PM

Another State Taking On Privacy Legislation

New Hampshire became the ninth state to enact legislation reigning in warrantless law enforcement access to location records generated by cell phones and other electronic devices. Location records show where you are and have been, based on communications between your mobile device and the nearest cellular tower, and other electronic location tracking techniques such as GPS. The New Hampshire legislation prohibits the government from obtaining “location information from an electronic device without a warrant issued by a judge based on probable cause and on a case-by-case basis.”

Read More

Coalition Seeks Revisions to Potentially Restrictive Wassenaar Proposal

A broad coalition of civil society filed comments with the Bureau of Industry and Security (BIS) in the U.S. Department of Commerce on their proposed implementation of new export control rules for “cybersecurity software”. The new controls are intended to prevent the export of digital surveillance tools to nation-state-level actors who plan to use them to spy on their citizens, but also limit the export of encryption technologies.

Read More

Make Your Password Exponentially More Secure

If you’ve used the internet, you’ve probably created a password. There’s a lot of advice out there about creating passwords: use uppercase! use lowercase! Use numbers! Symbols! Don’t use a dictionary word! Use many dictionary words in a passphrase! There is so much advice, and so much of it is conflicting, and often it comes without any explanation. In this post, I’ll detail what a good password is (and why), give you some tools to help remember your password, and give a few other simple ways to help protect your account.

Read More

Graham/Whitehouse Draft Bill Would Make CFAA Worse

Senators Graham and Whitehouse are circulating draft cybercrime legislation, with several provisions modifying the Computer Fraud and Abuse Act (CFAA) – 18 USC 1030, the primary anti-hacking law of the United States. The draft bill is called the “International Cybercrime Prevention Act of 2015″ and aims to crack down on theft of trade secrets and malicious hacking. Overall, the draft bill would exacerbate, not eliminate, the harshness, over breadth, and confusion with the CFAA.

Read More

EU Industry Committee Makes Strides in Protecting the Open Internet

The European Parliament Committee on Industry, Research, and Energy has approved an informal proposal on the Telecoms Single Market regulation. This moves the regulation another step closer to becoming law, with a plenary vote likely sometime this fall. The proposed regulation goes a long way towards protecting the open Internet. Although far from perfect, the agreed-upon text is a significant accomplishment that at times seemed exceedingly unlikely.

Read More

Parliament Adopts Reda Report Calling on Commission to Harmonize and Balance Copyright

In a plenary session, the European Parliament voted yesterday to adopt a report on “the harmonization of certain aspects of copyright and related rights in the information society.” In a previous post, we applauded the report’s recognition of the importance of balanced copyright while lamenting over some the elements of the draft report that failed to make their way into the text adopted by Parliament’s legal affairs committee (JURI). Even with deletions and alterations, the report highlights the need for minimum baseline of copyright limitations and exceptions across the Union. The text of the report remains largely unchanged since its adoption by JURI, but a few late amendments made important improvements to the report.

Read More

Intel Authorization Bill Would Turn Online Service Providers into Law Enforcement Watchdogs

Last week, the Senate Intelligence Committee passed a version of the Intelligence Authorization Act for FY 2016 (S. 1705) that would create a new “duty to report” apparent “terrorist activity” for providers of electronic communication services, which include online content hosts, internet service providers, and public libraries and coffee shops that offer WiFi access. The ramifications of this provision, which was introduced through a secret, closed-door committee process, are immense.

Read More