Jan 312020
 January 31, 2020  Posted by  Breaches, Business, Featured News

Naomi Gilens of EFF writes:

Computer security researchers and journalists play a critical role in uncovering flaws in software and information systems. Their research and reporting allows users to protect themselves, and vendors to repair their products before attackers can exploit security flaws. But all too often, corporations and governments try to silence reporters, and punish the people who expose these flaws to the public.

This dynamic is playing out right now in a court in India, where a company is seeking to block Indian readers from accessing journalism by the American security journalist known as Dissent Doe. If it succeeds, more than a billion people in India would be blocked from reading Dissent Doe’s reporting.

Here’s what happened: last summer, Dissent Doe discovered that an employee wellness company was leaking patients’ private counseling information on the publicly available Web. Dissent alerted the company, called 1to1Help, so that it could secure its patients’ records. After Dissent repeatedly contacted the company, it finally secured the confidential data, a month after Dissent first notified them of the breach.

At that point—once the leak was fixed, and the data was no longer available to malicious actors—Dissent wrote about the breach on the website DataBreach.net, where Dissent reports on significant security flaws.

At first, 1to1Help seems to have recognized the strong public interest in having these types of vulnerabilities exposed. After fixing the breach, the company emailed Dissent to express its thanks for alerting the company, and allowing it to strengthen its data security.

A few weeks later, however, the company took a different tack. It filed a meritless criminal complaint against Dissent in the Bangalore City Civil Court alleging that Dissent “hacked” its patient files—even though the complaint itself acknowledges that the patient files were available to anyone on the public Web, until Dissent alerted the company about this flaw. The criminal complaint also alleges that Dissent’s emails requesting comment for the DataBreach.net story were “blackmail.”

Thankfully, any judgment against Dissent Doe in India would be unenforceable in the United States thanks to the protections of an important law called the Securing the Protection of Our Enduring and Established Constitutional Heritage (SPEECH) Act. Under the SPEECH Act, foreign orders aren’t enforceable in the United States unless they are consistent with the free speech protections that the U.S. and state constitutions guarantee, as well as with state laws.

But the injunction that 1to1Help is asking for would prevent Dissent’s website, DataBreaches.net, from being accessed by anyone in India. And if 1to1Help’s meritless lawsuit succeeds, other companies would surely follow suit in order to block Indians’ access to journalism online.

We hope the court in India decides to adhere to global principles of freedom of speech, and of the press. It should throw this dangerous lawsuit out of court.

Jan 312020
 January 31, 2020  Posted by  Govt, Surveillance

Alex Ellerbeck of the Center for Public Integrity writes:

The Trump administration is pushing ahead with a project that could lead to the government collecting DNA from hundreds of thousands of detained immigrants, some as young as 14 years old, alarming civil rights advocates. Once fully underway, the DNA program could become the largest U.S. law enforcement effort to systemically collect genetic material from people not accused of a crime.

U.S. Customs and Border Patrol (CBP) announced in early January that it would begin a pilot project to take genetic samples from detained migrants held in Detroit, on the northern border, and Eagle Pass on the southern.

Read more on Texas Tribune.

h/t, Joe Cadillic


Jan 312020
 January 31, 2020  Posted by  Business, Non-U.S., Surveillance

Reuters reports:

Russia said on Wednesday it had blocked the Swiss email service ProtonMail, popular among journalists and activists for its focus on user privacy and high levelc of encryption.

Russian communications watchdog Roskomnadzor said ProtonMail, which uses end-to-end encryption to protect user data, had been used to send fake, anonymous bomb threats.

Read more on Reuters.

Jan 312020
 January 31, 2020  Posted by  Laws, Surveillance, U.S.

Ray Schultz reports:

A privacy bill that addresses email only has been introduced in the Oklahoma State Legislature.

House Bill 2810, the so-called Oklahoma Email Communication Content Privacy Protection Act, would prohibit email service providers from scanning subject lines or the body of any email communication sent to its users, and from letting any other entity do so.

Read more on MediaPost.