Related Posts

Opposing the Mandating of Kill Switches to Address Contraband Cell Phones

Citing the potential threat to law enforcement and the general public, correctional facility officials have pushed for the FCC to address the issue of contraband phone use in prisons. Now, the FCC is considering a mandate for hard kill switches on all wireless devices. This proposal would provide correctional facility officers with the ability to permanently disable (or “brick”) a phone upon request. CDT has joined our colleagues at the EFF in opposing this proposal and expressing our concerns in an ex parte filing to the FCC.

Read More

Cloudflare Steps Up To Help Protect Elections with Project Athenian

It’s no exaggeration to say the US election ecosystem faces a number of challenges in the wake of the 2016 election cycle. We learned of new threats from disinformation campaigns, to attacks on state voter registration websites, to direct attacks on election officials themselves. While the philanthropic sector has been very active from grants to organizations to funding deep academic analysis of threats to the election system, the private sector has been slower to recognize the important role they can play to help better protect US elections. That is changing, particularly with the launch of Cloudflare’s Athenian Project, which will provide free-of-charge protection and content distribution for official election websites.

Read More

The Vulnerabilities Equities Process: Is Congress Getting Ready to Provide Transparency and Regulation?

The Vulnerabilities Equities Process has been subject to policy debates over the last few years, but this fall Congress may act on the topic for the first time. Despite making incredibly important decisions, the VEP has generally been ignored by Congress, but two new legislative proposals would provide oversight, and in one case, light reforms.

Read More

Campaign Data Breaches: Political Toxic Waste

Calling last week’s news that security researchers found an abandoned political campaign database on the internet with detailed information on over 200 million voters from 2008, 2012, and 2016 troubling is a massive understatement akin to calling the Titanic a boating accident. It’s closer to a catastrophe. Moreover, it may represent only the tip of the iceberg; Gizmodo points out that, “Five voter-file leaks over the past 18 months exposed between 350,000 and 191 million files.” As data collection and usage play an ever-growing role in political campaigns, the iceberg below is starting to look ominous. In partnership with political campaigns, Political Action Committees, consulting firms, and other NGOs that work in and around elections, CDT will lead efforts to draft a “campaign data stewardship pledge,” including templates for privacy policies, data security playbooks, and other materials that will move the principles reflected in a stewardship pledge into action.

Read More

“Hacking Back” a Recipe for Digital Arms Race

“Malicious hacking”—using technological means to penetrate or manipulate the networks, data, or devices of others without permission is a threat to the Internet and to the health of the Internet infrastructure companies that serve as its backbone. “Hacking back” would make us all more vulnerable to more sophisticated and frequent attacks. Our focus should be on protecting networks from intrusion, rather than making them more vulnerable by turning the Internet ecosystem into a digital war zone.

Read More

Three Core Security & Privacy Issues of Connected Vehicles

Connected vehicles have tremendous potential to reshape the transportation landscape – bringing important safety and efficiency benefits but also creating new security and privacy risks. In addition, there are long-standing security and privacy issues that, if not resolved, will be compounded with the continued trends towards greater use of software and connectivity in motor vehicles. Our comments focus on three main issues: the need for secure software, the increasing dependence on critical information infrastructures, and the need for greater transparency around data privacy.

Read More

“The Cyber” Part IV: Are There Appropriate Ethical Limits on Hacking?

How far is too far? We’ve been asking this question over and over again at CDT while conducting interviews of security researchers and in drafting CDT’s new white paper that surveys “hard questions” in the world of computer security research. Through these conversations, we are developing a basic set of ethical spectra – essentially, axes along which security research activities become more or less ethically questionable. In this white paper, we note a few possible options for better mapping the ethical landscape of the security research world.

Read More