CIS in the news.

  • The Cybersecurity 202: Security community has its own encryption debate after discovery of new flaw

    Date published: 
    May 15, 2018

    "Whether people decide to keep PGP or make the switch, the flaw shows how difficult it is to perfect the art of sending secure messages, said Riana Pfefferkorn, a cryptography fellow at Stanford University. 

    “Even after withstanding years' worth of widespread scrutiny by security experts, a flaw in an encryption standard may still turn up,” she told me. “Plus, even if the vulnerability is fixed by the maintainers, users' configuration of their email client may not be perfect, potentially leaving them unwittingly exposed.”"

  • Service Meant to Monitor Inmates’ Calls Could Track You, Too

    Date published: 
    May 10, 2018

    "As long as they are following their own privacy policies, carriers “are largely free to do what they want with the information they obtain, including location information, as long as it’s unrelated to a phone call,” said Albert Gidari, the consulting director of privacy at the Stanford Center for Internet and Society and a former technology and telecommunications lawyer. Even when the phone is not making a call, the system receives location data, accurate within a few hundred feet, by communicating with the device and asking it which cellphone towers it is near."

  • Did YouTube Phenomenon Poppy Steal Her Style From Another Star?

    Date published: 
    May 9, 2018

    ""You'll notice the complaint is very vague when it comes to what works actually infringe—there's just a lot of hand-waving about global similarities between the two projects," says Daniel Nazer, a staff attorney on the Electronic Frontier Foundation's intellectual property team. "But you'd need to show that a particular work (either a song or video) infringed another specific work. The complaint just doesn't do that.""

  • Uber sets safety review; media report says software cited in fatal crash

    Date published: 
    May 7, 2018

    "Bryant Walker Smith, a self-driving car expert and law professor at the University of South Carolina, said in an email that the report by The Information raised the question of whether Uber’s “software might have detected something but misclassified as something other than a human (which could include determining that the probability of that something being a human was low).”

  • Drowning in privacy-related email updates? Tips on what to look for

    Date published: 
    May 4, 2018

    "“If you walked up to the average person on the street in the U.S. and ask them about GDPR, they’d probably say, ‘Is that a hockey team?’ ” said Albert Gidari, director of privacy at the Center for Internet & Society at Stanford Law School, on Thursday. Gidari said many people don’t seem too concerned about privacy issues.

    “I think people believe the benefits (of technology) outweigh the risk to their privacy,” he said."

  • Facebook Dating Looks a Whole Lot Like Hinge

    Date published: 
    May 3, 2018

    "Daniel Nazer, a staff attorney on the Electronic Frontier Foundation's intellectual property team, thinks Tinder's case faces many of the same pitfalls. "I think most utility patents in this space face the same problems," he says. (Utility patents protect new machines, processes, and other inventions).

  • Judge to Consider This Week Whether to Unseal Vast Surveillance Records

    Date published: 
    May 2, 2018

    "The Apple-FBI fight over encryption was a rare event. Most of the time, the public never has a clue when authorities come knocking and ask a company for “technical assistance” to help get access to digital communications. That makes the true scale of U.S. government surveillance hard to assess—even if we can glean that it’s pervasive nowadays. And probably equally as important, it doesn’t really allow the public to tell just how difficult it is for prosecutors to convince a judge that communications should be turned over.

  • Terrorists still have rail in their target sights

    Date published: 
    May 2, 2018

    "“While al Qaeda and ISIS and their compatriots have staged high profile attacks and plots targeting aviation in the U.S, their high profile  attacks targeting rail tended to be either a long time ago (like Madrid and London), in concert with other targets (like Brussels) or in places people in the US pay less attention to (like Mumbai). This is unfortunate, because plots targeting rail infrastructure in the U.S.

  • SEC sounds cyber 'wake-up call' to public companies

    Date published: 
    May 1, 2018

    "Riana Pfefferkorn, cryptography fellow at Stanford Law School's Center for Internet and Society, said the enforcement action could "light a fire" under other public companies to disclose their own cybersecurity incidents, though the case may not help determine where to set the bar for reporting.

  • How the Supreme Court Could Rewrite the Rules for DNA Searches

    Date published: 
    April 30, 2018

    "Like fingerprints in an earlier age, finding a DNA match is now considered the gold standard for criminal prosecutions in America. But the Golden State Killer case puts new attention on how samples are used and obtained in addition to what they tell us. “This isn’t really a DNA story,” Elizabeth Joh, a UC Davis law professor who studies the Fourth Amendment and technology, told me. “It’s a story about data.”

  • Driverless cars are growing in number, but makers don't want to reveal how they sometimes fail

    Date published: 
    April 30, 2018

    "The lack of transparency about the workings of sensors, logic processors, mapping systems and other driverless technology, like the debate over robot-car regulation, could shape public perception of the nascent industry, said Bryant Walker Smith, a law professor at the University of South Carolina.

    "Essentially, [the public will be] looking to see whether these companies are trustworthy," he said"


  • How the internet tricks you out of privacy using 'dark patterns' of design

    Date published: 
    April 30, 2018

    "Deceptive design nudges, tricks and goads you into sharing more than you might intend to online, Professor Hartzog argues in his new book, Privacy's Blueprint: The Battle to Control the Design of New Technologies.

    And when you think you're in control of your own data, you rarely are.

    "If you want to know when social media companies are trying to manipulate you into disclosing information or engaging more, the answer is always," he said."

  • Cops take dead man’s smartphone to his corpse in attempt to unlock it

    Date published: 
    April 29, 2018

    "Another attorney, Riana Pfefferkorn, a cryptography fellow at Stanford Law School, underscored the fact that not only was going to a dead person’s fingerprints unsettling, but that it was questionable from a practical perspective.

    "This gives cops a perverse incentive to delete any evidence and films or text messages," she told Ars. "What's to stop them from doing that if they learn that this is a viable technique and if the person is dead?""