July 2016

FTC Approves Final Order in ASUS Privacy Case

After a public comment period, the Federal Trade Commission has approved a final order resolving the Commission’s complaint against ASUSTeK Computer, Inc., charging that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The settlement was first announced in February 2016. In its complaint, the FTC alleged that ASUS failed to take reasonable steps to secure the software on its routers, despite making promises to consumers about their security.

Under the terms of the consent order, ASUS is required to establish and maintain a comprehensive security program subject to independent audits for the next 20 years. In addition, ASUS must notify consumers about software updates or other steps they can take to protect themselves from security flaws, including through an option to register for direct security notices (e.g., through e-mail, text message, or push notification). The consent order also prohibits the company from misleading consumers about the security of the company’s products, including whether a product is using up-to-date software. The Commission vote to approve the final order and letters to commenters was 3-0.

Future of Pay-TV: Rumors of My Demise Have Been Greatly Exaggerated (Sort Of)

If you follow the broadband industry closely, you have probably seen a pay-TV forecast or two that suggests pay-TV’s brightest days are in the past. Cord cutting and over-the-top (OTT) alternatives are now ‘in vogue’ and some say the future of pay-TV is in jeopardy as a result. At least the pay-TV model that we are all used to.

In the midst of this debate, small independent video providers have additional challenges, including rising costs, growing regulatory obligations, and slimmer margins. It would be easy to think the future doesn’t look at all promising. But is it really that bad? Perhaps not, depending on the angle at which you look at the problem. That’s a key take away for me from this week’s NCTC/ACA Independent Show, taking place in Orlando (FL). There was a real vibe at the show among the organizations’ small independent cable/IPTV members that, while challenging, the future can be bright. It’s just a matter of recognizing the business environment and adjusting accordingly.

In Secret Battle, Surveillance Court Reined in FBI Use of Information Obtained From Phone Calls

Beginning over a decade ago, the country’s surveillance court intervened to limit the FBI’s ability to act on some sensitive information that it collected while monitoring phone calls. The wrangling between the FBI and the secret court is contained in previously undisclosed documents obtained by the Electronic Privacy Information Center, or EPIC. The documents reveal that the Foreign Intelligence Surveillance Court (FISA) told the FBI several times between 2005 and 2007 that using some incidental information it collected while monitoring communications in an investigation — specifically, numbers people punch into their phones after they’ve placed a call — would require an explicit authorization from the court, even in an emergency.

“The newly obtained summaries are significant because they show the power that the [Foreign Intelligence Surveillance Court] has to limit expansive FBI surveillance practices,” said Alan Butler, an attorney for EPIC. Additionally, sections of the FBI’s 2011 Domestic Investigations and Operations Guide described how the FBI currently deals with information it obtains after getting a court order for what’s called a “pen register,” or “trap and trace” on a target — a capability built into the phone lines that records incoming and outgoing phone numbers for a particular phone. The 2011 guide is currently public but heavily redacted. The Operations Guide, in addition to shedding light on how the FBI uses pen registers, reveals that the surveillance court’s pushback more than a decade ago has become internal FBI policy.

Shane Tews: Russians aren’t just hacking the DNC – they are hacking America

Submitted by Robbie McBeath on Thu, 07/28/2016 - 15:18

A Post reporter was banned from a Trump-Pence rally yesterday. That should frighten you.

Submitted by Robbie McBeath on Thu, 07/28/2016 - 15:18

Adonis Hoffman: Nexstar-Media General Merger No Threat to Public Interest

Submitted by Robbie McBeath on Thu, 07/28/2016 - 15:17

Washington Post reporter barred, patted down by police, at rally for Mike Pence

Donald Trump’s campaign has denied press credentials to a number of disfavored media organizations, including The Washington Post, but on July 27, the campaign of his running mate, Gov Mike Pence (R-IN), went even further. At Gov Pence’s first public event since he was introduced as the Republican vice-presidential candidate two weeks ago, a Post reporter was barred from entering the venue after security staffers summoned local police to pat him down in a search for his cellphone. Gov Pence’s campaign expressed embarrassment and regret about the episode, which an official blamed on overzealous campaign volunteers.

Post reporter Jose A. DelReal sought to cover Gov Pence’s rally at the Waukesha County Exposition Center outside Milwaukee (WI), but he was turned down for a credential beforehand by volunteers at a press check-in table. DelReal then tried to enter via the general-admission line, as Post reporters have done without incident since Trump in June banned the newspaper from his events. He was stopped there by a private security official who told him he couldn’t enter the building with his laptop and cellphone. When DelReal asked whether others attending the rally could enter with their cellphones, he said the unidentified official replied, “Not if they work for The Washington Post.” After placing his computer and phone in his car, DelReal returned to the line and was detained again by security personnel, who summoned two county sheriff’s deputies. The officers patted down DelReal’s legs and torso, seeking his phone, the reporter said.

Weather Service conducts ‘illegal surveillance’ on staff, union says

If it’s on Facebook, can it be secret? Members of the National Weather Service Employees Organization (NWSEO) thought they had a secret Facebook page that was available only to them. But not only did National Weather Service (NWS) management officials know about the page, they accessed it and made scornful comments about the postings, according to the union. That amounts to “illegal surveillance” of union activities, according to the labor organization’s complaint filed July 27 with the Federal Labor Relations Authority.

In the past six months, Weather Service officials “engaged in the surveillance of internal union communications about and discussions of protected activities” on the labor organization’s “ ‘secret’ (that is, ‘members only’) Facebook page,” according to the complaint. Susan Buchanan, an NWS spokeswoman, said the agency does “not conduct surveillance on our employees’ private social media accounts, including NWSEO’s members-only Facebook page.” Unlike other cases of surreptitious surveillance, managers did not try to keep their spying secret, the union’s complaint alleges. It says management officials made critical comments about some of the Facebook postings to stifle the commentary.

Jacob Appelbaum was an online privacy hero. Then a scandal exploded.

The Tor Project, a digital privacy group, said July 27 that an internal probe found that Jacob Appelbaum, a former employee who has been held up across the Web as a champion of online privacy, engaged in sexual misconduct. "Many people inside and outside the Tor Project have reported incidents of being humiliated, intimidated, bullied and frightened by Jacob, and several experienced unwanted sexually aggressive behavior from him," Tor Project Executive Director Shari Steele wrote.

The allegations against Appelbaum shook the online privacy community when they surfaced in June because he had become a bit of a celebrity in the online world as the debate intensified over government surveillance and online privacy. The scandal caused a divide in the broader privacy community, with some rushing to his defense and others coming forward with even more troubling stories.

Time to Stop Hitting the Cyber Snooze Button on US Infrastructure

[Commentary] Power grids have proven to be vulnerable to cyber terrorists. Hackers interrupted a regional power supply abroad (in the Ukraine), and white hat hackers in the Midwest recently demonstrated there’s nothing special about our own grid that would protect our systems from the eventuality of a similar – and potentially much more damaging – fate. Those of us who make our bread and butter in the world of cyber defense have long warned of the possibility of cyberattacks that could threaten our critical infrastructure, our economy and our very way of life by extension.

In July, new legislation was introduced in the Senate to protect our electrical infrastructure from cyberattack. The Securing Energy Infrastructure Act proposes taking our industrial control systems offline in an effort to isolate them from insidious threats that can lurk in our always-on and always-connected networks. While this approach might be a bit unconventionally retro in nature, it is heartening to see members of Congress working with industry to think about new (and old) ways to address a very real and difficult challenge. But further thinking and action are needed on a global scale. By working with our allies and industrial partners across the globe to ensure information sharing about cyberthreats and attacks, we can do much to further secure our collective online existence. The consequences of oversleeping are far too great to consider ignoring the alarm for an extra nine minutes of peace.

[Jack Harrington is vice president of cybersecurity and special missions at Raytheon]

« first
‹ previous
…
3
4
5
6
7
8
9
10
11
…
next ›
last »

Benton

Search