Richard Forno's blog

The Sony incident reminds us again about the fragile yet constantly shifting state of cybersecurity and Internet policy.  Clearly the international political ramifications of this incident, who actually did it, and Sony's potential culpability remain unknown. Read more about The Sony Hack: A Warning for Internet Policy

As Congress winds down for the holidays, it delivers yet another lump of coal for the American people.  

Contained in the 2015 Intelligence Authorization Act is a provision quietly inserted by the US Senate (just prior to voting) that authorizes the “acquisition, retention, and dissemination” of all communications data from U.S. citizens without a court order and then transferred to law enforcement for criminal investigations. Read more about Congress quietly expands surveillance (again)

Last evening the Senate voted 58-42 to delay implementation of the USA FREEDOM Act with the goal of reforming, albeit modestly, America's controversial domestic surveillance programs. Read more about USA FREEDOM Act stalls

Panel 2 of today's PCLOB public hearing explored privacy interests within a counterterrorism context with an emphasis on what impact technology has upon it.  The panel was fairly fluid and free-flowing with discussion, but a few salient points emerged that are worth commenting on. Read more about PCLOB: Defining Privacy Interests, 2/2

Today I am attending the Privacy and Civil Liberties Oversight Board hearing on "Defining Privacy" here in Washington, DC.  Four sessions are planned for the day, as outlined on the PCLOB agenda, however due to a schedule conflict, I only anticipate being able to attend 2 or 3 of them, but will provide brief summaries of their salient points. Read more about PCLOB: Defining Privacy Interests, 1/2

For those following or researching the NSA disclosures by Edward Snowden (or privacy issues in general) this interactive chart will be a useful tool both for reference and in educating others about the scope of the surveillance situation at the moment -- such that we know about, obviously. Read more about NSA Revelations At-A-Glance

Earlier this week I had the opportunity to muse conceptually at the 2014 Computers, Freedom, and Privacy conference in Warrenton, VA.  Kudos to co-chairs Nuala O'Connor and Amie Stepanovich and the CFP '14 program committee for a fantastic event! Read more about Musings from CFP '14

A recent Guardian article reminds us that computer crime laws may be applied toward cybersecurity researchers disclosing vulnerabilities in modern technology products, services, and systems. So perhaps it's not the issue 'resurfacing' per se as it is reminding us of the current state of cybersecurity laws in America -- and especially how those laws relate to the perpetual 'debate' over cybersecurity research and disclosure. Read more about Is the vulnerability disclosure 'debate' resurfacing?

Spring is here. The flowers are in bloom, the days are longer, and Congress queues up for another legislative proposal to 'address' cybersecurity in the United States. Yes -- springtime is CISPA-time.

Last year, on April 18, 2013, I discussed the "Cybersecurity Information Sharing and Protection Act" (CISPA) as it moved through the US House.  (And thankfully failed.) Read more about Springtime for CISPA

Washington insiders know the best time to release potentially controversial news is after 5PM on a Friday afternoon -- when most journalists likely are heading home and/or otherwise are out-of-place when a big news item drops. Read more about US transitioning Internet DNS control

The much-anticipated Review Group on Intelligence and Communications Technologies report (PDF) "Liberty and Security in a Changing World" was released this afternoon, containing 40-plus recommendations regarding technology surveillance, privacy, and intelligence security following the Snowden NSA disclosures earlier this year.  The Review Group consists of 5 members (Richard A. Clarke, Michael J. Morell, Geoffrey R. Stone, Cass R. Read more about Intelligence Revew Group Report Released

During a rare mid-afternoon late summer Friday press conference, President Obama outlined several actions that he believes will help restore American citizens' trust in the government's assorted electronic surveillance programs.   Read more about Initial Thoughts on POTUS surveillance reforms

In a closely watched vote that ended within the past hour, the US House of Representatives narrowly rejected Rep. Read more about Amash Amendment to defund NSA surveillance fails narrowly

UPDATE #1 (1900 ET):  The WaPo and Guardian report this evening that through its PRISM program, NSA also is directly tapped into the systems of many leading Internet services, such as Microsoft, Yahoo, Google, AOL, Skype, and (as of April 2013) Apple.

* * * * * Read more about Initial thoughts on the NSA-Verizon surveillance order

According to a US News report, a spokesperson for the U.S. Senate Committee on Commerce, Science and Transportation suggests that the Senate will not take up CISPA 2.0 and instead will work towards breaking it up into separate bills.  The article also quotes Committee chairman Senator Jay Rockefeller (D-WV) confirming what many of us have been saying: that CISPA 2.0's privacy protections "were insufficient." Read more about CISPA 2.0 Likely Stalled in Senate