Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: E-Mail

OMB – Federal Information Security Modernization Act Audit FY 2015

“In FY 2015 OPM was the victim of a massive data breach that involved the theft of sensitive personal information of millions of individuals. For many years we have reported critical weaknesses in OPM’s ability to manage its information technology (IT) environment, and warned that the agency was as an increased risk of a data breach. In the wake of this data breach, OPM is finally focusing its efforts on improving its IT security posture. Unfortunately, as indicated by the variety of findings in this audit report, OPM continues to struggle to meet many FISMA requirements. During this audit we did close a long-standing recommendation related to OPM’s information security management structure – [Report Number 4A-CI-00-15-011, November 10, 2015] However, this audit also determined that there has been a regression in OPM’s management of its system Authorization program, which we classified as a material weakness in the FY 2014 FISMA audit report. In April 2015, the Chief Information Officer issued a memorandum that granted an extension of the previous Authorizations for all systems whose Authorization had alrea dy expired, and for those scheduled to expire through September 2016. Should this moratorium on Authorizations continue, the agency will have up to 23 systems that have not been subject to a thorough security controls assessment. We continue to believe that OPM’s management of system Authorizations represents a material weakness in the internal control structure of the agency’s IT security program. The moratorium on Authorizations will result in the IT security controls of OPM’s systems being neglected. Combined with the inadequacy and non-compliance of OPM’s continuous monitoring program, we are very concerned that the agency’s systems will not be protected against another attack.”

PWC 2015 US CEO Survey

“For the first time in five years in PwC’s Annual Global CEO Survey, more business leaders rate the US as their most important market for overseas growth ahead of all others, including China’s. As the US recovery gains traction, it is gaining more adherents. Challenges remain, yet key measures of US economic health are improving.Continue Reading

Google – An Empirical Analysis of Email Delivery Security

Neither Snow Nor Rain Nor MITM…An Empirical Analysis of Email Delivery Security “The SMTP protocol is responsible for carrying some of users’ most intimate communication, but like other Internet protocols, authentication and confidentiality were added only as an afterthought. In this work, we present the first report on global adoption rates of SMTP security extensions,Continue Reading

Pew – Apps Permissions in Google Play Store

“Analysis of over 1 million apps in Google’s Android operating system in 2014 shows apps can seek 235 different kinds of permissions from smartphone users. The average app asks for five permissions.” “The findings in this study pertain specifically to apps running on the Android operating system. Pew Research Center examined the Android platform becauseContinue Reading

Password Security – How to Memorize a Random 60-Bit String

How to Memorize a Random 60-Bit String. Marjan Ghazvininejad, Kevin Knight – Information Sciences Institute, Department of Computer Science, University of Southern California: “User-generated passwords tend to be memorable, but not secure. A random, computer-generated 60-bit string is much more secure. However, users cannot memorize random 60- bit strings. In this paper, we investigate methodsContinue Reading

Victims of Identity Theft, 2014

Victims of Identity Theft, 2014 – Erika Harrell, Ph.D., – BJS Statistician “An estimated 17.6 million persons, or about 7 percent of U.S. residents age 16 or older, were victims of at least one incident of identity theft in 2014, the Bureau of Justice Statistics (BJS) announced today. These statistics were similar to those inContinue Reading

Manners 2.0: Key findings about etiquette in the digital age

“Some 92% of Americans now have a cellphone of some kind, and 90% of those cell owners say that their phone is frequently with them. This “always-on” mobile connectivity is changing the nature of public spaces and social gatherings. It is also rewriting social norms regarding what is rude and what is acceptable behavior when peopleContinue Reading

UK surveillance program collected billions of records from persons in multiple countries

Ryan Gallagher, The Intercept: “…The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ…The surveillance is underpinned byContinue Reading

ACLU – Capitol Hill staffers should be able to make encrypted calls, send secure text messages

“Today, the ACLU sent a letter to both the House and Senate, urging them to provide secure voice and text messaging capabilities to Members and their staff. (The Washington Post writes about our letter today. In recent years, computer security researchers have warned about the poor security of cellular networks, which in many cases useContinue Reading

Federal Court Invalidates 11-Year-old FBI gag order on National Security Letter recipient Nicholas Merrill

Calyx Institute: “A federal district court has ordered the FBI to lift an eleven-year- old gag order imposed on Nicholas Merrill [document is redacted] forbidding him from speaking about a National Security Letter (“NSL”) that the FBI served on him in 2004. The ruling marks the first time that an NSL gag order has beenContinue Reading

DNI Testimony on Worldwide Cyber Threats

Statement for the Record – Worldwide Cyber Threats – House Permanent Select Committee on Intelligence – James R. Clapper, Director of National Intelligence, September 10, 2015. “Worldwide Cyber Threats – Overview – Cyber threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact. The ranges of cyber threatContinue Reading

EFF Provides Evidence to Courts on Telecoms Collection of Metadata

“This week EFF presented evidence in two of its NSA cases confirming the participation of Verizon Wireless, Sprint and AT&T in the NSA’s mass telephone records collection under the Patriot Act.  This is important because, despite broad public acknowledgement, the government is still claiming that it can dismiss our cases because it has never confirmedContinue Reading