Related Posts

New Voting System Vulnerabilities in Congo

The Sentry, an NGO that works to prevent genocide and mass atrocities in Africa, released a detailed analysis of the new system slated for use in the upcoming elections in the Democratic Republic of the Congo. The Sentry worked with Argentinian security researchers Javier Smaldone and Alfredo Ortega and CDT Chief Technologist Joseph Lorenzo Hall to examine what little public information is available about this system. The verdict is not good. A lot of unanswered questions should be addressed before it can be used safely in DRC elections.

Read More

Can Cybersecurity Tech Accord Really Curb State Actions?

Guest Post: Thirty-four leading global technology firms announced a new private-sector agreement intended to curb the worst excesses of state behavior in the cyber domain, and to improve the general state of global computer network security. The agreement is a worthwhile effort. It indicates that the private-sector is prepared to take some responsibility for actual and potential harms enabled by their business operations. However, it places firms in clear opposition to states, and commits these companies to taking steps that governments may interpret as inhibiting their legitimate prerogatives in the conduct of foreign policy.

Read More

When IoT Kills: Preparing for Digital Products Liability

Today we released a paper that examines issues in product liability for Internet of Thing (IoT) devices to mark the start of a research agenda in this area. We expect that the digital technology industry is about to undergo a process of change akin to what the automobile industry experienced in the 1960s and 70s. Then, as now, insufficient security measures, dangerous design or adding-on of security features post-design were widely accepted industry practice. Those practices had to change as the perils of unsafe cars became obvious – as is increasingly the case today with IoT devices.

Read More

DNS: Strengthening the Weakest Link in Internet Privacy

For many, the conversation about online privacy centers around a few high-profile companies, and rightly so. We consciously engage with their applications and services and want to know who else might access our information and how they might use it. But there are other, less obvious ways that accessing the World Wide Web exposes us. One such part of the web’s infrastructure, the Domain Name System (DNS), “leaks” your private information, but there are now ways to better protect your privacy and security.

Read More

Inspector General: FBI Chomping at the Bit for Backdoors to Encryption

For years, the Federal Bureau of Investigation has been lobbying for backdoor access to the communications of every American. The Bureau has long argued it is “going dark” and can’t access communications protected by encryption. This concern was the basis of the famous Apple v. FBI case, where the FBI attempted to force Apple to break the encryption protecting the iPhone of San Bernardino, CA terrorist Syed Rizwan Farook. Now, a damning report released by the Department of Justice Inspector General casts significant doubt on that argument and the FBI’s honesty in making it.

Read More

Election Officials Need Timely Information about Data Breaches and Network Intrusions

In the United States, a lack of a comprehensive notification strategy for network intrusions and data breaches in election systems undermines national interests and security. The Department of Homeland Security’s (DHS) crucial role in coordinating the protection of election systems as a critical infrastructure should include a plan for broad notification about data breaches and network intrusions to both election system owners and state-level Election Directors responsible for certifying the election results. This is not currently the case.

Read More

Opposing the Mandating of Kill Switches to Address Contraband Cell Phones

Citing the potential threat to law enforcement and the general public, correctional facility officials have pushed for the FCC to address the issue of contraband phone use in prisons. Now, the FCC is considering a mandate for hard kill switches on all wireless devices. This proposal would provide correctional facility officers with the ability to permanently disable (or “brick”) a phone upon request. CDT has joined our colleagues at the EFF in opposing this proposal and expressing our concerns in an ex parte filing to the FCC.

Read More

Cloudflare Steps Up To Help Protect Elections with Project Athenian

It’s no exaggeration to say the US election ecosystem faces a number of challenges in the wake of the 2016 election cycle. We learned of new threats from disinformation campaigns, to attacks on state voter registration websites, to direct attacks on election officials themselves. While the philanthropic sector has been very active from grants to organizations to funding deep academic analysis of threats to the election system, the private sector has been slower to recognize the important role they can play to help better protect US elections. That is changing, particularly with the launch of Cloudflare’s Athenian Project, which will provide free-of-charge protection and content distribution for official election websites.

Read More