Information Sharing: Walking a Tightrope or Tightening the Rope?

Technology and politics make strange bedfellows. Rarely do politicians understand the capabilities or nuances of the cyber landscape, and rarely do technologists understand (or care to understand) the compromises of politics. But in a world of cyber espionage and cyber warfare, where technology is as integrated into the fabric of society as utilities and transportation, these two worlds are colliding.

As evidence, we have the Cybersecurity Information Sharing Act (CISA) of 2015, passed by the Senate Select Committee on Intelligence a few weeks ago, followed by the passing of a similar bill, the Protecting Cyber Networks Act (PCNA) passed last week by the House of Representatives Intelligence Committee.

Momentum seems to be gathering at the federal level to pass legislation making it easier for private companies to share information about cybersecurity threats and breaches with the government.

I personally struggle with the privacy implications. Cyber intelligence can include computer names and addresses, user names, emails, websites being visited, and more. While both the Senate and House bills contain provisions regarding privacy and the need to “scrub” data of personal information, it is inevitable and foreseeable that such information will sometimes find its way into the data being shared, and into the hands of intelligence agencies with no role in cyber security.

A number of my colleagues whom I respect sent an open letter to the Senate regarding their concerns about privacy in CISA. This was prior to some recent amendments, but many of their concerns remain.

At the same time, I am an unabashed proponent of information sharing when it comes to cyber threats. Too often, I see companies attacked using techniques that have been known to others in the industry for years; attacks that could be prevented or, at minimum, against which companies could be better prepared—if given the right information. We know that our adversaries are sharing, even buying and selling, cyber intelligence with each other. We need to do a better job sharing ourselves.

Read more @ https://blog.bit9.com/2015/03/31/information-sharing-walking-a-tightrope-or-tightening-the-rope/ 

 

Researchers Claim Facebook Tracks You Even If You Opt Out

If you've visited a Facebook page—even if you don't have an account, and even if you've opted out of tracking—the social network drops a long-lasting cookie onto your computer, and follows you everywhere you go.

That's according to an in-depth ​report from a pair of Belgian universities, who were commissioned to investigate the issue by​ their local data protection agency. (Asked for a response, the UK’s own Information Commissioner Office directed us to Ireland’s data protection watchdogs, saying it wasn’t their remit as Facebook is based in Ireland.)

The report found that Facebook tracks users even if they’re logged out, have deactivated their account, or have opted out of behavioural advertising. The problem centres on Facebook's social plugins, those widgets that people install on their sites with the Like button.

The researchers suggested that Facebook sets a tracking cookie that can last for two years on your PC or device in three​ instances. First, when you visit a Facebook page—whether it's your own profile or a company page when you're not signed in; second, if you visit specific third-party websites (including mtv.com and, rather oddly, myspace.com); and third, rather ironically, if you go to the European D​igital Advertising Alliance website to opt out of tracking.

From then on, every time you visit a page with a Like button or other social plugin, it sees the cookie and sends the tracking details back to Facebook. That happens even if you don't click Like, login to Facebook, or interact in any other way with the site.

Read more @ http://motherboard.vice.com/read/researchers-claim-facebook-tracks-you-even-if-you-opt-out 

 


"What lies behind us and what lies before us are small matters compared to what lies within us."  ~ Ralph Waldo Emerson ~