U.S. spying exposed by Snowden was illegal, court rules
The government surveillance operation that National Security Agency contractor Edward Snowden blew the whistle on seven years ago was illegal, and the U.S. intelligence officials who publicly defended it were not telling the truth, the Ninth Circuit Court of Appeals ruled on Wednesday. By secretly collecting millions of Americans’ telephone records without a warrant, the NSA violated the Foreign Intelligence Surveillance Act, the court said. Snowden fled to Russia shortly after the revelations were first published and still faces espionage charges.
DHS starts countdown clock on vulnerability disclosure policies
Six months: That’s how long the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has given all federal agencies to set up the kinds of vulnerability disclosure programs that are now commonplace in the private sector. On Wednesday, CISA told agencies that the policies must protect security researchers who act in good faith to submit vulnerabilities, must allow anonymous vulnerability submissions, and must cover at least one Internet-accessible system or service.
Canadian police more reliant than ever on predictive computing
Police departments across Canada have become increasingly dependent on controversial computer algorithms designed to anticipate where crimes could happen next, a new study finds. Civil liberties are at risk because of historical systemic bias in the data sets used to fuel the technology, according to the investigation by the University of Toronto law school’s human rights program and the technology researchers at Citizen Lab.
Kinder, if not gentler, FBI on hack notifications
The FBI won’t admit that it did a poor job of telling hacking victims that they’d been breached, but agency representatives and its private-sector partners claim it’s changed in the wake of the 2016 Democratic National Committee breach which contributed to the election of Donald Trump. The revelation comes none too soon, as ransomware attacks surge and the next election is two months away.
Thanks to our sponsor, Trusona
Attackers abuse Google DNS over HTTPS to download malware
Sending Domain Name Server information encrypted over HTTPS has been a long-time goal of privacy advocates who want to eliminate the passive surveillance of DNS lookup spying. But it has a dark side, too: Hackers can abuse it to customize and control an attack, without direct access to their targets, not to mention evade detection.
Silk Road returns: Next-gen black markets thrive in Ukraine
End-to-end encryption has fueled protections for journalists and activists, but also the drug trade in Ukraine and central Europe. Graffiti blasts the names of drug-selling Telegram channels across city walls, and law enforcement struggles to track criminals who use it—and fraudsters who exploit both ends of the deal.
Short, hot, and filled with spam: Early-adopter emails carry risks
Longtime cybersecurity reporter Brian Krebs explains how having a desirable, short email address has created more spammy, scammy opportunities than he ever thought possible.
Does the Internet need a Glass-Steagall Act?
88 years ago, the Glass-Steagall Act separated commercial and investment banking because they believed that consumers were harmed when a single bank could perform both functions. Is it time for Internet development to face a similar bifurcation? The House Antitrust Committee thinks so, and subcommittee chair David Cicilline explains why.(Lawfare)