from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: February 5, 2016

Schrems Safe Harbor CFR Net Politics Cyber
Schrems Safe Harbor CFR Net Politics Cyber

February 5, 2016

Schrems Safe Harbor CFR Net Politics Cyber
Schrems Safe Harbor CFR Net Politics Cyber
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Goodbye Safe Harbor. Hello Privacy Shield! The European Commission and the United States have agreed on a new framework for transatlantic data transfers. In a press release, the Commission argued the data sharing framework--called the EU-U.S. Privacy Shield--provides stronger obligations on U.S. companies that have access to Europeans’ personal data because it offers European citizens the possibility of redress if their information has been misused and requires an annual review of U.S. commitments to only engage in necessary and proportionate surveillance. The new agreement follows months of negotiation after the top court in the European Union struck down Safe Harbor agreement that previously regulated transatlantic data flows. The new deal is almost surely expected to be challenged in the courts as Max Schrems, the Austrian privacy activist whose complaint led to Safe Harbor’s invalidation, expressed skepticism that it would withstand a judicial challenge. The Commission and the Department of Commerce, which led the negotiations on behalf of the United States, are expected to release the details of the Privacy Shield later this month.

2. Harvard study refutes the "going dark" argument. A study from Harvard’s Berkman Center for Internet Society rejects the claims that a greater use of encryption in software products will obstruct law enforcement investigations, commonly referred to as “going dark.” For months, FBI and tech companies have argued over the use of encryption in communications products, with the FBI demanding a way to access encrypted communications with a warrant and tech companies--supported by technologists--telling them it’s a bad idea. Although the Harvard study agrees that encryption in communication devices may cause a problem for law enforcement, it also remarks that certain developments in Internet-connected communication devices will provide new opportunities for tracking targets. It also points out that metadata, which includes email headers, phone call records and location data from phones, is usually not encrypted and will likely never be encrypted on a large scale. This report, which paints a novel, more optimistic view on the future use of technology, can be read here.

3. National Security Agency plans to merge offense and defense branches into one unified directorate. The NSA announced plans to reorganize by merging its Information Assurance Directorate, charged with providing advice on how to keep data safe, and its Signals Intelligence Directorate, charged with acquiring information on foreign targets, into one unified structure. According to NSA Director Michael Rogers, the new Directorate of Operations will break down the "walls of granite" between the NSA’s offensive and defensive missions, allowing the NSA to better do its job. Critics largely accused the NSA of being tone deaf. Over at Passcode, Jay Healey argued that merging the two could further undermine public confidence in the NSA’s defensive mission, especially given that the NSA has already been caught deliberately weakening cryptographic standards to facilitate their offensive mission.

4. Media outlet swamped with junk web traffic after publishing article about Putin’s daughter. The website of Russian magazine, The New Times, was hit by a denial of service attack after publishing an article about President Vladimir Putin’s daughter, Maria. Putin’s private life is traditionally considered taboo in Russia but that didn’t prevent The New Times from publishing Maria’s address. In addition to being DDOSed, the publication was also slapped with a fine. It’s unclear whether the Kremlin was responsible for the denial of service, though it’s not the first time that The New Times’ website has suffered an outage as a result of Putin-related reporting. In 2013, its website was knocked offline shortly after an an interview with Putin foe Mikhail Khodorkovsky was published.