Noah Shachtman, The Daily Beast, Monday, July 27, 2015
The head of the FBI has spent the last several months in something of a panic, warning anyone who will listen that terrorists are “going dark”—using encrypted communications to hide from the FBI—and insisting that the bureau needs some kind of electronic back door to get access to those chats. It’s an argument that civil libertarians and technology industry executives have largely rejected. And now, members of the national security establishment—veterans of both the Obama and Bush administrations—are beginning to speak out publicly against FBI Director Jim Comey’s call to give the government a skeleton key to your private talks. “I hope Comey’s right, and there’s a deus ex machina that comes on stage in the fifth act and makes the problem go away,” retired General Michael Hayden, the former head of the CIA and the NSA, told The Daily Beast. “If there isn’t, I think I come down on the side of industry. The downsides of a front or back door outweigh the very real public safety concerns.”
Amber Corrin, C4ISR & Networks, Saturday, July 25, 2015
The Defense Information Systems Agency on July 24 issued three new documents targeting cloud security, including two new requirements guides and a new concept of operations. The three new documents more thoroughly define cloud security and the steps to achieving it, outlining the responsibilities of the organizations and managers increasingly capitalizing on commercial cloud offerings. The release underscores the Defense Department's growing adoption of commercial cloud offerings.
Advisory Committee to the Congressional Internet Caucus, Friday, July 24, 2015
Podcast: Do warrants allow law enforcement to reach into data centers across borders? Can 19th-century international legal processes keep up with 21st-century speed? Join us for a briefing on the law and policy that determines the reach of law enforcement into data stored outside of the United States and the important questions and issues the debate has raised.
Orin Kerr, Washington Post, Friday, July 24, 2015
The ready solution is a statutory fix that treats these two scenarios differently. U.S. companies should have to comply with U.S. warrants for U.S. persons even when they put data on servers abroad. At the same time, U.S. warrants should not be used to access foreign-stored files of foreign users even when held by U.S.-based companies. That’s the basic approach taken by the LEADS Act, which Microsoft supports. And I would guess that DOJ doesn’t have a problem with that approach, either, as it preserves the power that criminal investigators need in the overwhelming majority of cases that will involve U.S.-based users.
Peter Ferrara, TownHall.com, Thursday, July 23, 2015
And in the struggle between security and privacy, there can be no security without privacy. But what good is privacy without security? In 1986, when electronic and digital information was in its infancy, Congress passed the Electronic Communications Privacy Act (“ECPA”) to extend the age old protections of the Fourth Amendment to the newly emerging technology. But today the technology has exploded to create vast, unforeseeable, transnational realms of data communication and storage.
IDC Press Release, Tuesday, July 21, 2015
Cloud, as one of the substantial transformative forces, is impacting all areas of IT supply, composition, and consumption and provides the basis for many of the big data, mobile, and social solutions. In fact, International Data Corporation (IDC) predicts the number of new cloud-based solutions will triple in the next four to five years.
Justine Brown, Government Technology, Monday, July 20, 2015
Last month, the International Association of Chiefs of Police, the largest organization of police leaders in the U.S., issued updated guidelines recommending that cloud storage of all criminal justice information — including video — should comply with the FBI’s Criminal Justice Information Services (CJIS) Security Policy. CJIS outlines the security precautions that must be taken to protect sensitive information gathered by local, state and federal criminal justice and law enforcement agencies. The CJIS Security Policy contains specific requirements for wireless networking, remote access, encryption, etc. CJIS compliance by potential vendors is therefore important to criminal justice agencies looking to move to the cloud. And so far, the only hyper-scale cloud vendor that has contractually committed to meeting CJIS requirements for all levels of government is Microsoft.
Margrethe Vestager (European Commissioner for Competition), POLITICO EU, Monday, July 20, 2015
Effective competition puts companies to a test — it makes sure they have an incentive to invest and to innovate, to keep up with their rivals. It also gives companies a fair chance — they can compete on their merits, without being pushed out of markets by unfair practices or by subsidized rivals. So they can contribute to job creation and economic growth, while allowing consumers to share the benefits of the single market.
Andrew Quinlan, Roanoke.com, Monday, July 20, 2015
A U.S.-based company expanding into foreign markets must follow the domestic privacy laws of that jurisdiction as well as convince customers that they are trustworthy stewards of their sensitive data. The actions of the Justice Department make that task exponentially more difficult and disadvantage American companies compared to those headquartered in more reasonable nations. The dangers similarly posed to American citizens may not be as obvious, but are nonetheless significant. Should the government’s case hold up through ongoing legal challenges and be allowed to set precedence, other nations will likely follow the lead of the Justice Department and seek the private data of American citizens held entirely within the United States if they can find any legal nexus connecting that company to their own nation. With an increasingly interconnected global economy, that’s not often hard to do.
David Meyer, POLITICO EU, Saturday, July 18, 2015
The U.K. High Court struck down a key piece of the country’s surveillance legislation on Friday, but gave the government nine months to rewrite it. The Data Retention and Investigatory Powers Act (DRIPA) had been fast-tracked a year ago as “emergency” legislation, after Europe’s highest court struck down the data retention directive for the European Union. The U.K. law gives enforcement and intelligence agencies a way to force communications providers to store records of their customers’ activities.