Mediaboss Marketing

On March 15, 2020, Section 215 of the PATRIOT Acta surveillance law with a rich history of government overreach and abuseexpired. Along with two other PATRIOT Act provisions, Section 215 lapsed after lawmakers failed to reach an agreement on a broader set of reforms to the Foreign Intelligence Surveillance Act (FISA).

In the week before the law expired, the House of Representatives passed theUSA FREEDOM Reauthorization Act, without committee markup or floor amendments, which would have extended Section 215 for three more years, along with some modest reforms.

In order for any bill to become law, the House and Senate must pass an identical bill, and the President must sign it. That didnt happen with the USA FREEDOM Reauthorization Act. Instead, knowing the vote to proceed with the Houses bill in the Senate without debating amendments was going to fail, Senator McConnell brought a bill to the floor that would extend all the expiring provisions for another 77 days, without any reforms at all. Senator McConnell's extension passed the Senate without debate.

But the House of Representatives left town without passing Senator McConnells bill, at least until May 12, 2020, and possibly longer. That means that Section 215 of the USA PATRIOT Act, along with the so-called lone wolf and the roving wiretap provisions have expired, at least for a few weeks.

EFF has argued that if Congress cant agree on real reforms to these problematic laws, they should be allowed to expire. While we are pleased that Congress didn't mechanically reauthorize Section 215, it is only one of a number of largely overlapping surveillance authorities. The loss of the current version of the law will still leave the government with a range of tools that is still incredibly powerful. These include other provisions of FISA as well as surveillance authorities used in criminal investigations, many of which can include gag orders to protect sensitive information.

In addition, the New York Times and others have noted that Section 215s expiration clause contains an exception permitting the intelligence community to use the law for investigations that were ongoing at the time of expiration or to investigate offenses or potential offenses that occurred before the sunset. Broad reliance on this exception would subvert Congresss intent to have Section 215 truly expire, and the Foreign Intelligence Surveillance Court should carefullyand publiclycircumscribe any attempt to rely on it.

Although Section 215 and the two other provisions have expired, that doesnt mean theyre gone forever. For example, in 2015, during the debate over the USA FREEDOM Act, these same provisions were also allowed to expire for a short period of time, and then Congress reauthorized them for another four years. While transparency is still lacking in how these programs operate, the intelligence community did not report a disruption in any of these critical programs at that time. If Congress chooses to reauthorize these programs in the next couple of months, its unlikely that this disruption will have a lasting impact.

The Senate plans to vote on a series of amendments to the House-passed USA FREEDOM Reauthorization Act in the near future. Any changes made to the bill would then have to be approved by the House and signed by the President. This means that Congress has the opportunity to discuss whether these authorities are actually needed, without the pressure of a ticking clock.

As a result, the House and the Senate should take this unique opportunity to learn more about these provisions and create additional oversight into the surveillance programs that rely on them. The expired provisions should remain expired until Congress enacts the additional, meaningful reforms weve been seeking.

You can read more about what EFF is calling for when it comes to reining in NSA spying, reforming FISA, and restoring Americans privacy here.

Follow this link:
Yes, Section 215 Expired. Now What? - EFF

Big Brother is watching you appeared on billboards in George Orwells acclaimed novel, 1984, first published in 1949. Today, that ominous warning is rapidly becoming a reality.

In the past two decades, roughly since the tragic events of September 11, 2001, the U.S. government has increased its surveillance of Americans to a level unforeseen, even by Orwell.

Whether it be the National Security Administration, Central Intelligence Agency, Federal Bureau of Investigation, or your supposedly benign local government, you are being watched and tracked at almost every turn.

Making matters even more harrowing, the advent of smartphones, GPS tracking devices, social media, and countless other new technologies has made it easier than ever for private corporations to track your every move, thought, and desire. Just think about it: your every text message, Google search, phone call, and email is stored somewhere.

And as we have seen in the recent past, the government is not shy about forcing companies to hand over their users most private data should they deem it necessary. Although there is a need for the work of the NSA, CIA, FBI, or whichever organization claims jurisdiction to access sensitive personal data in extreme cases, such as an imminent terrorist attack, common sense and reality shows that these omnipotent agencies have been more than willing to seek data and information that is well outside the bounds of these strict guidelines.

Fortunately, whistleblowers such as Edward Snowden, a former NSA employee, have exposed some of the surveillance-state actions perpetrated by his ubiquitous former employer. Who knows what is actually happening in the deep corridors of these agencies, however, under the auspices of national security?

Although technology per se is not the primary driver of the increased government surveillance weve all come to expect and accept today, it certainly makes it much easier for governments to monitor their citizens. From a historical perspective, the scourge of surveillance has been alive and well for centuries. The Soviet KGB and the East German Stasi are just two examples of the sordid history of government surveillance.

In perhaps the most ominous current case, consider Communist Chinas massive surveillance apparatus, where every citizen is monitored constantly. Chinas social credit system is the most all-encompassing and terrifying surveillance program in world history.

For better or worse, most Americans are not overly concerned with government surveillanceyet. When we hear about things like city cameras capturing our every move, however, we should definitely raise our eyebrows. Even worse, stories abound over seemingly innocuous government surveillance operations that continue to push the envelope while trampling upon privacy rights and individual liberty.

The U.S. Constitution protects our privacy rights for a reason. Before our victory over Great Britain in the War of Independence, Americans (or colonists as they were then known) were victims of British surveillance and spy networks. Indeed, a primary reason for going to war against the mighty British military was so Americans would be free from surveillance.

Yet, here we are, more than two centuries later, struggling to avoid the onset of our own surveillance state. Although numerous officials from NSA, CIA, FBI, etc. will claim surveillance is necessary to protect the homeland, this is a false choice.

Benjamin Franklin warned us, Those who give up liberty for security deserve neither. This may be more relevant today than ever before.

Link:
Government Surveillance Is a Dangerous Path to Trek - American Greatness

The National Sheep Association (NSA) is calling for the public to observe the lockdown rules more closely.

NSA Chief Executive Phil Stocker explains: There is no doubt this lockdown is difficult. We are all feeling the effect, and NSA completely understands the frustration and the want to get outside. However, we mustnt forget that the fields were walking across are where our food is produced, and by being there we put the people producing our food at risk.

NSA has heard some extreme and concerning stories from its members of people still arriving in cars for walks, picnics and more.

Mr Stocker continues: By travelling to farms you are risking passing on this dangerous virus to a food producing farmer, and that is simply not acceptable. We all know the rules and simply put, travelling to walk somewhere a car drive away from your home is not necessary. We implore the British public to obey these rules and respect other peoples homes and lives particularly as we approach the Easter weekend.

With little still known about the virus, NSA is concerned about viral transmissions on gates, fences and other surfaces. Mr Stocker adds: These risks are very real and if people continue to flout the rules, we have no doubt the Government will be prepared to step things up to protect lives.

Read the rest here:
Walkers asked to heed rules - Craven Herald

In January, the NSA issued guidance titled: Mitigating Cloud Vulnerabilities. With security organizations already overburdened with too many threat intelligences feeds, alerts, mandates and fire drills, its understandable that this information might go unnoticed, or be tossed onto the well get to it sooner or later pile.

However when an organization like the NSA speaks, it is generally a good idea to listen. Which raises the question: how does one operationalize guidance from the NSA and other elite security organizations? The short answer is the same as it is for all cybersecurity undertakings: prioritization and outcomes. Lets examine this approach, using the recent NSA guidance as our use case.

Vulnerability Components

The NSA broke down its guidance into four key vulnerabilities: misconfigurations, poor access control, shared tenancy vulnerabilities and supply chain vulnerabilities. It also provided this handy chart to articulate the prevalence and sophistication of exploit for each.

This chart provides clear prioritization for security professionals. In a time where resources (particularly skills on staff) are strained, it is critical to attack problems that represent the highest risk. Here is a look at each.MisconfigurationsIf weve learned nothing else about threat actors over the years, its that they want a good return on investment. This means theyll take the easiest route to stealing data, every time. It is for this reason that misconfigurations represent such a risk to enterprises there is nothing easier than stealing data left exposed by bad configuration management.

Cloud configuration management poses a particularly vexing problem because with the advent of DevOps, the cloud environment is constantly changing. This makes cloud monitoring a major challenge and, within that discipline, configuration and policy management need to transition to a continuous state. Here are the key elements of a modern cloud monitoring program:

Creating a continuous cloud monitoring program is the most important thing enterprises can do to operationalize the NSA guidance. Now lets look at the next most important thing.

Cloud Access ControlExploiting poor access control in cloud systems takes a higher degree of sophistication than simply looking for exposed data, so it is not yet a major contributor to cloud data breaches. However, the problem is widespread and stands to become such a contributor, if organizations do not improve their identity and access control processes.

The good news is the first step to ensuring strong access control in the cloud is also the first step to achieving continuous cloud monitoring visibility. Because cloud services and systems can be spun up by virtually anyone in an organization, it is critical to have the visibility required to understand when this is happening, so security pros can ensure proper access control.

The recurring theme in the NSA guidance is multifactor authentication. Enterprises can dramatically improve the integrity of cloud access control if they implement multifactor authentication across all cloud resources. Ideally, this will be part of a broader enterprise identity and access management (IAM) program that brings all enterprise resources on premises, in the cloud, and hybrid under appropriate identity governance.

Shared Tenancy and Supply ChainIm lumping these together because, for the most part, they are primarily the responsibility of cloud service providers, not the enterprise, and exploitation requires a high degree of sophistication. Therefore, as we sit here today, they are not a likely source of risk. The compromised hypervisor has been a nightmare scenario since the dawn of server virtualization, but according to the NSA, there have been no reported isolation compromises on major cloud platforms (although researchers have demonstrated the possibility of container of hypervisor compromises).

As for supply chain issues, that is the domain of cloud service providers (see chart below). They must do proper due diligence and continuous monitoring to ensure that none of their software or hardware components are vulnerable.

If nothing else, remember the two words that should define cybersecurity strategy and operationalization: prioritization and outcomes. If all security organizations prioritized activities based on the reduction of business risk (the desired outcome), the cyberworld would be a much safer, simpler place.

Read the original here:
Operationalizing NSA Guidance (or any Guidance, For That Matter!) - Infosecurity Magazine

As governments turn to technology to help contain the spread of COVID-19, privacy advocates are expressing concern over how new bio-surveillance practices might stick around long after the pandemic ends.

Edward Snowden, the former CIA contractor who exposed NSA surveillance programs, recently spoke to Danish Broadcasting Corporation correspondent Henrik Moltke about surveillance in the time of the coronavirus pandemic.

"When we see emergency measures passed, particularly today, they tend to be sticky," Snowden said. "The emergency tends to be expanded. Then the authorities become comfortable with some new power. They start to like it."

Snowden is especially concerned about the long-term implications of strengthening the national surveillance infrastructure. Granted, the surveillance measures we may deploy today say, using biometric facial recognition technology might help to slow the transmission of COVID-19. What's more, these measures might not noticeably curtail our civil liberties, even if they stick around after the pandemic ends.

But the problem is that the surveillance measures we install today will probably still be here decades from now. Over time, they may creep their way into becoming the new normal (unless sunset clauses are enforced). Another possibility is that these new surveillance measures go unused at least until an administration comes along that's not afraid to use them in an unprecedented way. By that point, the public may be helpless.

"You have no civil power remaining to resist it," Snowden said. "Because you cannot coordinate. You cannot gather in public, because the government instantly knows all of these people are around."

Giving the government access to biometrics could open up alarming new ways for governments to spy on citizens, Snowden said.

"They already know what you're looking at on the internet," he said. "They already know where your phone is moving. Now they know what your heart rate is, what your pulse is. What happens when they start to mix these and apply artificial intelligence to it?

Snowden offered an example: A man in the U.S. watches a YouTube video of a federal official giving a speech. The speech angers him. His pulse and heart-rate shoot up, and this biometric data gets recorded by his smartphone. The government, using algorithms that compare biometrics with online activity and other data, puts this man on a watch-list for people deemed to be potential terrorists or other undesirables.

Since the pandemic began, Asia has seen the most noticeable uptick in surveillance measures.

In China, citizens are required to install a smartphone app that assigns them a color code green, yellow or red that represents health status. The exact methodology of the app remains unclear. But less ambiguous are the CCTV cameras that the government has installed above the apartment doors of infected citizens, to ensure they stay inside for a 14-day quarantine.

South Korea has done an exceptional job at containing the spread of COVID-19. One reason is the nation's aggressive use of smartphone tracking: The South Korean government has ordered everyone who tests positive for COVID-19 to install an app that alerts officials if they exit quarantine. Citizens also receive text messages about the movements of infected people, like: "A woman in her 60s has just tested positive [...] Click on the link for the places she visited before she was hospitalized," according to The Guardian.

According to a survey conducted in February by Seoul National University's Graduate School of Public Health, 78.5 percent of citizens said they would sacrifice privacy rights to help prevent a national epidemic.

The U.S. hasn't rolled out similar surveillance tools to help contain the virus, as of March 27. But companies like Google, Facebook and Amazon have been speaking with White House officials about how they might be able to model and help track the spread of the pandemic, according to the Wall Street Journal.

China News Service / Getty

Concerned about the potential ways Silicon Valley and the government might use technology to track the spread of COVID-19, the Electronic Frontier Foundation recently issued ethical guidelines for data collection during the pandemic:

Still, it may be the case that stopping coronavirus requires us to temporarily sacrifice personal privacy, as Jeremy Cliff wrote for the New Statesman:

"So countries are faced with what one might call the "coronavirus trilemma". They can pick two of three things but cannot have them all: limit deaths, gradually lift lockdowns, or uphold cherished civil liberties. Not all countries are facing up to this reality the US remains a notable laggard but most will have to eventually. Those countries that have recognised the choices before them are picking the first two options at the cost of the third, bio-surveillance. It is a choice that has most clearly been made in east Asia. But it is coming to much of the rest of the world too and will transform the role and reach of the state."

From Your Site Articles

Related Articles Around the Web

Original post:
Edward Snowden warns 'bio-surveillance' may outlast coronavirus - Big Think