Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Judicial Conference Committee seeks to implement wider law enforcement surveillance

Follow up to Supreme Court expands surveillance powers of intelligence agency via EFF – With Rule 41, Little-Known Committee Proposes to Grant New Hacking Powers to the Government – The government hacking into phones and seizing computers remotely? It’s not the plot of a dystopian blockbuster summer movie. It’s a proposal from an obscure committee that proposes changes to court procedures—and if we do nothing, it will go into effect in December. The proposal comes from the advisory committee on criminal rules for the Judicial Conference of the United States. The amendment would update Rule 41 of the Federal Rules of Criminal Procedure, creating a sweeping expansion of law enforcement’s ability to engage in hacking and surveillance. The Supreme Court just passed the proposal to Congress, which has until December 1 to disavow the change or it becomes the rule governing every federal court across the country.  This is part of a statutory process through which federal courts may create new procedural rules, after giving public notice and allowing time for comment, under a “rules enabling act.” The Federal Rules of Criminal Procedure set the ground rules for federal criminal prosecutions. The rules cover everything from correcting clerical errors in a judgment to which holidays a court will be closed on—all the day-to-day procedural details that come with running a judicial system. The key word here is “procedural.”  By law, the rules and proposals are supposed to be procedural and must not change substantive rights. But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress…”

2016 Data Breach Investigations Report

Via Verizon: “For the ninth time, the 2016 Data Breach Investigations Report (DBIR) lifts the lid on what’s really happening in cybersecurity. The 2016 dataset is bigger than ever, examining over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. With data provided by 67 contributors including security service providers, law enforcement and governmentContinue Reading

Cybersecurity: Overview Reports and Links to Government, News, and Related Resources

Via FAS, CRS report – Cybersecurity: Overview Reports and Links to Government, News, and Related Resources, March 2, 2016 (R44405) “Much is written on the topic of cybersecurity. This CRS report and those listed below direct the reader to authoritative sources that address many of the most prominent issues. Included in the reports are resources andContinue Reading

Smart Farming May Increase Cyber Targeting Against US Food and Agriculture Sector

FBI/USDA Notification: “The FBI and the US Department of Agriculture (USDA) assess the Food and Agriculture (FA) Sector is increasingly vulnerable to cyber attacks as farmers become more reliant on digitized data. While precision agriculture technology (a.k.a. smart farming) a reduces farming costs and increases crop yields, farmers need to be aware of and understandContinue Reading

Let’s Encrypt Reaches 2,000,000 Certificates

EFF: “The Let’s Encrypt certificate authority issued its two millionth certificate on Thursday, less than two months after the millionth certificate. As we noted when the millionth certificate was issued, each certificate can cover several web sites, so the certificates Let’s Encrypt has issued are already protecting millions and millions of sites. This rapid adoptionContinue Reading

IG Review of NASA’s Information Security Program

Final Memorandum, Review of NASA’s Information Security Program (IG-16-016; A-15-005-01), April 14, 2016. “As part of our annual review of NASA’s compliance with the Federal Information Security Management Act of 2002 (FISMA) for fiscal year 2015, we reviewed a representative sample of 29 information systems from NASA Centers, Headquarters, and the Jet Propulsion Laboratory (JPL)Continue Reading

Paper – OPM Demonstrated that Antiquated Security Practices Harm National Security

Handing Over the Keys to the Castle – OPM Demonstrated that Antiquated Security Practices Harm National Security. Institute for Critical Infrastructure Technology. July 2015. “In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorizedContinue Reading

EU Parliament adopts General Data Protection Regulation

European Parliament News: “New EU data protection rules [EU General Data Protection Regulation (“GDPR”)] which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday. The reform also setsContinue Reading

DoD tests public key infrastructure for DTIC secure website access

SecureIDNews:  “The federal government’s use of user IDs and passwords for access to its applications could soon give way to more secure PKI-based credentials if more government entities follow the lead of the U.S. Department of Defense. The Defense Department is leveraging PKI to better protect its information systems, with the intent of making accessContinue Reading

FTC Announces Significant Enhancements to IdentityTheft.gov

“For the first time, identity theft victims can now go online and get a free, personalized identity theft recovery plan as a result of significant enhancements to the Federal Trade Commission’s IdentityTheft.gov website. The new one-stop website is integrated with the FTC’s consumer complaint system, allowing consumers who are victims of identity theft to rapidlyContinue Reading

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

CRS Report – Cybersecurity: Legislation, Hearings, and Executive Branch Documents, Rita Tehan, Information Research Specialist. March 30, 2016. “Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomaticContinue Reading

NIST Cryptographic Standards and Guidelines Development Process

NIST – IR 7977 – NIST Cryptographic Standards and Guidelines Development Process, Cryptographic Technology Group Computer Security Division Information Technology Laboratory, March 31, 2016.” “This document describes the principles, processes and procedures that drive cryptographic standards and guidelines development efforts at the National Institute of Standards and Technology (NIST). This document reflects public comments receivedContinue Reading