Category: Countries

Further developments regarding EU-U.S. data transfers: the “Umbrella-Agreement” has been signed

6. June 2016

On the 2nd June, the so called “Umbrella-Agreement” was signed between the EU and the U.S. This agreement aims at creating a cooperation framework between the EU and the U.S. regarding criminal law enforcement and the prevention of serious crime and terrorism.

Personal data covered under this agreement includes data exchanged between police and criminal Authorities of the EU Member States and the US Authorities for the purpose of prevention, investigation, detection and prosecution of criminal offences as well as terrorist acts. The data transfers will be carried out according to the existing legal frameworks and enough safeguards will be provided.

The agreement provides EU citizens an equal treatment with U.S. citizens before American courts regarding judicial redress and a full respect for fundamental rights.

However, this agreement does not provide a legal basis for data transfers but it is a complement to the existing and future frameworks between law enforcement authorities.

Renegotiation of the Privacy Shield

1. June 2016

The European Parliament approved a resolution concerning the European Commission reopening negotiations with US authorities on the EU-US Privacy Shield last week. Furthermore, the resolution intends to implement the recommendations of the Article 29 Working Party on the draft Privacy Shield adequacy decision.

The resolution that was approved by the majority of members of the European Parliament says that the executive still needs to improve the data transfer deal allowing US authorities to collect EU citizens’ data.

Although the Parliament’s opinion is not binding, it builds up pressure on the Commission in order to increase the level of data protection in the much discussed agreement.

After the Safe Harbour agreement was declared invalid last October due to the fact that it did not protect European citizens’ data once they were sent to the USA, the executive is now behind schedule as EU Justice Commissioner Vera Jourova and Digital Commissioner Günther Oettinger initially stated that the new agreement should go into effect by the end of June. However, in order for that to happen a group of diplomats from European member states have to sign their approval first. Nevertheless, although the diplomats were expected to vote on the Privacy Shield last week, they delayed their final decision as they scheduled new meetings up until the end of June.

Generally, the Commission has already finished the negotiations concerning the Privacy Shield with US authorities, though clarification on some points is needed. Commission spokesman Christian Wigand described the clarifications as realistic changes and not a drastic renegotiation of the agreement.

However, the Parliament’s resolution intends to take criticism from national privacy protectors of the European member states “fully” into account.

Category: EU · Safe Harbor · USA
Tags:

USA: Is the government able to require users to unlock smartphones via fingerprints?

25. May 2016

Most of the market leaders in smartphone manufacturing have been developing fingerprint sensors as a security measure in order to protect the smartphone against unauthorized access. However, legal complications might force them to reconsider this security measure.

As NBC reported, a woman in California was compelled by a search warrant to unlock her iPhone via fingerprint in February. Some experts say, that this falls in a legal gray area.

Although it has not been clarified why the FBI wanted the iPhone of the woman in California, as the search warrant did not specify the reason the FBI wanted access to the phone, only that it was granted. The smartphone, however, was found in the home of the boyfriend, who is a suspected gang member, as the Los Angeles Times reported in April.

Is there a difference in opening the smartphone via passcode and via fingerprint?

Neil Richards, a privacy law professor at Washington University, said that opening the smartphone with a passcode violates the Fifth Amendment protection against self-incrimination, whereas the use of a fingerprint provides law enforcement some legal cover. He went on “Most people don’t draw a distinction between a fingerprint and a password, but the law does”.  The problem is due to the fact that the laws have been made before smartphones were invented. According to the respected law, it is allowed to collect physical evidence during the course of an arrest, such as DNA evidence or fingerprints. Therefore, typing a passcode, for example 1-2-3-4, in order to access a smartphone counts as testimonial whereas the fingerprint sensor that also opens the smartphone, only with biometric data instead of a password, can be seen as physical evidence.

Due to the fact that eight people are killed and 1,161 are injured every day in the USA as a result of distracted driving, there is the discussion to implement a test for texting while driving. As the New York times reported that the state legislature considers roadside tests called the Textalyzer. Police officers would be able to plug a cellphone into a laptop and determine if it was used while driving. However, in case a police officer looks at the content of a phone the Textalyzer could cause a number of privacy problems.

Richards concluded “They’re going to start thinking twice about nudging people toward just using fingerprints. It is secure against private parties, but under current law, it’s not as secure against the government.”

 

Category: USA
Tags: ,

Update EU-U.S. Privacy Shield: Article 31 needs more time to consider the implications of the proposal

23. May 2016

On the 19th May, the Article 31 Committee, made up of representatives of the EU Member States, met in order to discuss the implications of the proposed draft of the EU-U.S. Privacy Shield. The Article 31 was created in order to reach decisions that require the approval of the EU Member States according to the Data Protection Directive 95/46/EC. This is the case, for example of the adoption of adequacy decisions, such as Safe Harbor in the past or the EU-U.S. Privacy Shield currently.

Article 31 concluded that it needed more time to reach a decision about the proposal. Moreover, a source of the Commission affirmed that further meetings in May and early June will take place. Also, the recommendations of the Article 29 WP are being taken into consideration before reaching a decision.

The decision of the Article 31 is expected by the end of June. The EU-U.S. Privacy Shield can be only adopted if a qualified majority of 16 Member States representing 65 percent of the EU population votes for the adoption of the Privacy Shield.

Until a decision is reached, Standard Contractual Clauses and Binding Corporate Rules can still be used to carry out international data transfers on a legal basis.

Twitter blocks U.S. Intelligence Agencies from Dataminr service

10. May 2016

Dataminr is used as a tool that analyzes and traces social media posts and notifies users about breaking news in real time, such as the terror attack in Brussel´s airport in March. This analysis is carried out by using key words, patterns, or geotags.

Twitter, that owns 5% of Dataminr, has now blocked U.S. intelligence services from its Dataminr service, in order not to appear to support the surveillance activities of the U.S. Intelligence services.

Dataminr services where used by the American Government in 2013 to detect any risks on the inauguration of U.S. President Obama´s second term. However, it is not clear how Dataminr provided this service to the U.S. Intelligence services, as Twitter´s privacy policy prohibits selling its data to governmental agencies.

Category: General · USA
Tags: ,

U.S. House of Representatives passes Email Privacy Bill

29. April 2016

The U.S. House of Representatives voted unanimously on Wednesday about the Email Privacy Bill. The bill aims at updating the current Electronic Communications Privacy Act (ECPA) from 1986. Under the ECPA, U.S. Authorities can access email communications directly from service providers with just a subpoena, if data is more than 180 old. However, under the new Email Privacy Act, they will need furthermore a warrant to access emails or other electronic communications no matter how old they are.

Currently, access to electronic communications from U.S. authorities is being subject to debate at an international level. Specially, after some weeks ago the FBI requested Apple to develop a software that allows to extract data from an iPhone device that belonged to the San Bernardino terrorist.

The Email Privacy Bill will have to be voted by the Senate, but the position of the upper chamber towards the bill is still not clear.

Category: USA
Tags: ,

Data from dating website stolen and sold

28. April 2016

As BBC just reported the data of more than a million members of the dating website www.beauftifulpeole.com has been sold online. The traded data not only included the weight, height, job, and phone numbers of members but further more income, sexual preferences, smoking and drinking habits and relationship status. The firm stated that the data belonged to members, who joined before July 2015 and that no passwords or financial information were included.

The data has now been sold on the online black market, said security expert Troy Hunt, an Australian security expert, who runs the website HaveIBeenPwned.com, where people can verify whether their data has been leaked. Although he does not know exactly where or for how much money the data was sold, he stated that by selling data tens of thousands of dollars can be earned, bearing in mind that the data originally can cost as little as $300.

Chris Vickery, security researcher, told the BBC that the affected company acted quickly after notifying them that he had discovered it. However, the data had then already been sold. He went on by saying that “they published it openly to the world with no protection whatsoever”. This is a contradiction to the company’s statement that the content was from a test server. Therefore, Vickery added that “whether or not it’s in the test database makes no difference if it’s real data”. His analysis is further supported as a second researcher had identified the same weakness on the same day.

However in a statement BeautifulPeople said that “the breach involves data that was provided by members prior to mid-July 2015. No more recent user data or any data relating to users who joined from mid-July 2015 onward is affected”.

David Emm, principal security researcher at Kaspersky Lab commented on the stolen and sold data by summarizing “now it’s public, cybercriminals have the opportunity to use this information to steal personal identities or more” and added “unfortunately, once a breach of this nature has been made, there is not much that can be done.”

Emm went by giving the advise that “organisations need to take action and use more data, analytical insights and triangulation of multiple-identity proofing techniques to minimise the potential effects of identity theft for both the user and the businesses serving them”.

 

Category: USA
Tags:

FBI paid probably more than 1 Million for cracking San Bernardino iPhone

26. April 2016

NBC News reports that FBI Director James Comey might have disclosed how much the agency spent for cracking the iPhone of the San Bernardino attackers.

Comey commented on the case so that the organization paid “a lot, more than I will make in the remainder of this job, which is seven years and four months, for sure” at a security conference in London. He went on that it “was in my view worth it” and that the FBI will now be able to crack any other iPhone 5s with IOS 9 by using the developed software.

Based on this given timeframe and by multiplying his salary of $180,000 per year, NBC News comes to a figure of $1.3 million. However, there was no official comment on part of the FBI.

Category: USA
Tags: , ,

UK Information Commissioner gives opinion on EU-U.S. Privacy Shield

25. April 2016

The UK Information Commissioner, Christopher Graham, issued last week his opinion about the EU-U.S. Privacy Shield. He criticized the reluctance of the U.S. authorities to make amendments on the agreement. On the 13th April, the Article 29WP also called American negotiators for clarification of some aspects of the Privacy Shield such as data transfers, the institution of the ombudsman or the justification for the collection of personal data, etc. Graham also remarked that the ECJ will also ask for clarification regarding these points and invited both American and European authorities to provide the required clarification.

On the other side, Stefan Selig, U.S. undersecretary of commerce for international trade, affirmed that the opinion issued by the EU Data Protection Authorities will be revised carefully. However, he believes that the current draft of the EU-U.S. Privacy Shield achieves a balance of interests for both parties.

Graham also remarks the importance of reaching an agreement regarding international data transfers, so that the English DPA (ICO) can focus on providing support to organizations regarding the implementation of the GDPR that will be effective on the first half of 2018.

Tech coalitions write open letter over US bill banning encryption

21. April 2016

A Tech group just wrote an open letter to US Senators Richard Burr and Dianne Feinstein, concerning their bill requiring all encryption to be breakable on command.

The mentioned letter starts by saying “We write to express our deep concerns about well-intentioned but ultimately unworkable policies around encryption that would weaken the very defenses we need to protect us from people who want to cause economic and physical harm.” and goes on by pointing out “unintended consequences”.

Reform Government Surveillance, the Computer and Communications Industry Association, the Internet Infrastructure Coalition, and the Entertainment Software Association have signed the letter. Those four represent most of the major internet and tech companies such as Microsoft, Google, Amazon, eBay, Facebook, Netflix and Verisign.

At the same time an US survey from ACT concludes that 93 percent of peole being asked answered it is important that their data is secured and that 92 percent of people being asked support strong encryption on their devices.

 

Category: USA
Tags:
Pages: Prev 1 2 3 ... 6 7 8 9 10 11 12 13 14 15 16 Next
1 12 13 14 15 16