Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

A Worldwide Survey of Encryption Products

“In this paper, [available for download as part of the Berkman Publication Series on SSRN at: http://ssrn.com/abstract=2731160] which is modeled on a similar effort in 1999 by researchers from George Washington University, Berkman Fellow Bruce Schneier and collaborator Kathleen Seidel together with Harvard College student Saranya Vijayakuma identify and survey 865 encryption products from 55 different countries, 546 of them from outside the United States. In contrast, the 1999 survey found 805 encryption products from outside the US. Very few products from the earlier survey appear in the new one, indicating much change in this market over the last 17 years. The new survey also identified 587 entities that sell or give away encryption products, and of those, two-thirds are outside the US. Schneier argues in the paper that the survey findings call into question the efficacy of any US mandates forcing backdoors for law-enforcement access. He asserts that they show that anyone who wants to avoid US surveillance has hundreds of competing products to choose from. The report findings indicate that foreign products offer a wide variety of secure applications—voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency—providing the same levels of security as US products do today. Additional findings include:

  • The most common non-US country for encryption products is Germany, with 112 products. This is followed by the United Kingdom, Canada, France, and Sweden, in that order.

  • The five most common countries for encryption products—including the US—account for two-thirds of the total. But smaller countries like Algeria, Argentina, Belize, the British Virgin Islands, Chile, Cyprus, Estonia, Iraq, Malaysia, St. Kitts and Nevis, Tanzania, and Thailand each produce at least one encryption product.

  • Of the 546 foreign encryption products we found, 56% are available for sale and 44% are free. 66% are proprietary, and 34% are open source. Some for-sale products also have a free version.

  • At least 587 entities—primarily companies—either sell or give away encryption products. Of those, 374, or about two-thirds, are outside the US.

  • Of the 546 foreign encryption products, 47 are file encryption products, 68 e-mail encryption products, 104 message encryption products,  35 voice encryption products, and 61 virtual private networking products…”

Worldwide Threat Assessment of the US Intelligence Community

Statement for the Record Worldwide Threat Assessment of the US Intelligence Community. Senate Armed Services Committee, James R. Clapper, Director of National Intelligence. February 9, 2016. Global threats include: Cyber and Technology; Terrorism; Weapons of Mass Destruction and Proliferation; Space and Counterspace; Counterintelligence; Transnational Organized Crime; Economics and Natural Resources; Human Security. “..The consequences ofContinue Reading

Executive Order – Commission on Enhancing National Cybersecurity

“By the authority vested in me as President by the Constitution and the laws of the United States of America, and in order to enhance cybersecurity awareness and protections at all levels of Government, business, and society, to protect privacy, to ensure public safety and economic and national security, and to empower Americans to takeContinue Reading

President Obama’s new Cybersecurity National Action Plan

“What is the President’s Cybersecurity National Action Plan (CNAP)? It’s the capstone of more than seven years of effort from this administration that takes near-term actions and puts in place a long-term strategy to ensure the federal government, the private sector, and American citizens can take better control of our digital security. The President’s planContinue Reading

FDA Guidance – Postmarket Management of Cybersecurity in Medical Devices

Draft Guidance for Industry and Food and Drug Administration Staff – Postmarket Management of  Cybersecurity in Medical Devices – This guidance document is being distributed for comment purposes only. Document issued on: January 22, 2016. “FDA is issuing this guidance to inform industry and FDA staff of the Agency’s recommendations for managing postmarket cybersecurity vulnerabilitiesContinue Reading

OPM to issue new requirements for personnel background investigations by contractors

Via Nextgov: “Contractors that conduct background investigations for the federal government will have to report information security incidents to the Office of Personnel Management within half an hour, are required to use smartcards as a second layer of security when logging on to agency networks and must agree to let OPM inspect their systems atContinue Reading

OCC Report Highlights Top Risks Facing National Banks and Federal Savings Associations

“Strategic, underwriting, cybersecurity, compliance, and interest rate risks lead the Office of the Comptroller of the Currency’s (OCC) supervisory concerns in its Semiannual Risk Perspective for Fall 2015, released [December 15, 2015]. The report noted that the risks associated with underwriting and cybersecurity are increasing, while strategic, compliance, and interest rate risks remain stable. HighlightsContinue Reading

GAO – DHS Needs to Support Greater Adoption of Its National Cybersecurity Protection System

DHS Needs to Enhance Capabilities, Improve Planning, and Support Greater Adoption of Its National Cybersecurity Protection System, GAO-16-294: Published: Jan 28, 2016. Publicly Released: Jan 28, 2016. “What GAO Found The Department of Homeland Security’s (DHS) National Cybersecurity Protection System (NCPS) is partially, but not fully, meeting its stated system objectives: Intrusion detection: NCPS providesContinue Reading

FTC Announces Significant Enhancements to IdentityTheft.gov

“For the first time, identity theft victims can now go online and get a free, personalized identity theft recovery plan as a result of significant enhancements to the Federal Trade Commission’s IdentityTheft.gov website. The new one-stop website is integrated with the FTC’s consumer complaint system, allowing consumers who are victims of identity theft to rapidlyContinue Reading

Federal Background Investigations Tasked to New Agency

Via the White House Blog, January 22, 2016 – “The Government has a responsibility to determine the fitness of Federal employees, members of the Armed Forces, and contractors for the jobs they are hired into and for the sensitive work they do on behalf of the American people each and every day. At the sameContinue Reading

EFF FOIA Filings Surface More Info on Zero Days

Via EFF – “In fact, in response to EFF’s FOIA suit to get access to the official U.S. policy on zero days, the government redacted every single reference to “offensive” use of vulnerabilities. …In response to EFF’s motion for summary judgment, the government has disclosed a new version of the Vulnerabilities Equities Process, minus manyContinue Reading

Operationalizing Cybersecurity Due Diligence: A Transatlantic Comparative Case Study

Shackelford, Scott and Russell, Scott, Operationalizing Cybersecurity Due Diligence: A Transatlantic Comparative Case Study (January 12, 2016). South Carolina Law Review, 2016. Available for download at SSRN: http://ssrn.com/abstract=2714529 “Although much work has been done on applying the law of warfare to cyber attacks, far less attention has been paid to defining a law of cyberContinue Reading