The U.S. House of Representatives could vote later this month on two bills focused on encouraging private companies and the government to share cyberthreat information with each other, even though there are major civil liberties concerns with one of the bills and some outstanding questions about the second, CDT officials said during a press briefing Wednesday.

The Senate may vote on information-sharing legislation in May, CDT officials said. CDT raised concerns about four information-sharing bills, all of which would provide legal protections for private companies that share cyberthreat information with government agencies.

via CDT: Cybersecurity bills raise major civil liberties concerns – Computerworld.

The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries.  While the rules may soon become more uniform in the EU, they are still new and uncertain in many other countries.

European Union

In January 2012, the European Commission published a proposed Regulation that would replace the 1995 EU Data Protection Directive. While national practices differ considerably under the 1995 framework directive, the Regulation would establish a much more consistent European approach to data protection rights and enforcement.

The Regulation would continue to authorize data transfers to “white-listed” jurisdictions with EU-style comprehensive data protection laws (such as Switzerland, Argentina, Israel, and, for most purposes, Canada). It would also continue to recognize data transfers to US “Safe Harbor” companies and transfers protected by EU-approved standard contract clauses (“model contracts”) or binding corporate rules (“BCRs”), as well as transfers relying on informed consent. These have been subject to divergent national interpretations and procedures, however, and the Regulation aims to eliminate these differences.

via Transborder Data Flows at Risk : Info Law Group.

Brian Shields, a former Nortel employee, led the internal investigation into the breach and told the Journal that the hackers “had access to everything.” An internal report indicated that Nortel reset the passwords that had been taken but didn’t do anything else to keep the hackers out.

0

Comments

Weigh InCorrections?

inShare

Gallery

In recent years, lawmakers and advocacy groups have made increased efforts to protects users’ privacy online. Here are some cases that helped stoke the debate about tracking and privacy on the Web.

Nortel, which filed for bankruptcy in 2009, did not immediately respond to a request for comment on the story.

The report said that Nortel discovered the hackers in 2004, after an employee noticed some unusual downloads being made in the name of an executive. Shields told the paper that he found that the hackers have been using China-based Internet addresses for the transmissions. He said that he noticed unusual transmissions every month or so, but that Nortel decided to ignore his recommendations to enhance network security.

via Report: Chinese hackers breach Nortel networks – The Washington Post.

The goal is to use the tool to keep on top of breaking events, incidents and emerging threats, the agency said in a recent Request for Information (RFI) from IT vendors.

The FBI said it’s seeking a “secure, lightweight web application portal using mashup technology.”

According to the RFI document, “The application must have the ability to rapidly assemble critical open source information and intelligence that will allow [the FBI's Strategic Information and Operations Center] to quickly vet, identity and geo-locate” potential threats to the U.S.

The FBI said the tool must have the ability to automatically search and scrape data off social networking and news sites based on specific queries. It must also be able to display alerts on geo-spatial maps and give users the ability to quickly summarize the “who, what, when, where and why” of specific threats and incidents.

via FBI seeks social media monitoring tool – Computerworld.

Concept Searching describes the Smart Content Framework as a multi-disciplinary solution—delivered through its technologies—that encompasses the entire portfolio of information assets. Underlying the Framework are functionalities to transparently tag content, classify it to organizational taxonomies, preserve and protect information through the automatic identification of records and privacy data, and act as a migration tool, Concept Searching says.

via Concept Searching’s new Smart Content Framework : KMWorld.

The publication stops short of recommending service arrangements, service agreements, service providers or deployment models, however. Departments and agencies should use NIST’s guide to analyze their specific requirements against public cloud services, write report authors.

Sign up for our FREE newsletter for more news like this sent to your inbox!

The publication emphasizes that in the end, the organization is responsible for security and privacy in the cloud, not the service provider. As such, SP 800-144 stresses a risk-based approach in analyzing how and what functions to move to the public cloud–organizations should extend to the cloud the same governance practices employed when deciding to outsource any other IT service.

via NIST issues security, privacy guidance for public cloud – FierceGovernmentIT.

A brief overview of recent changes to the Google Privacy Policy

As more legacy companies move to offer cloud computing as part of their portfolio, they have played down the concerns around security. However, even with industry heavyweights singing its security praises, customers are far from trusting the cloud model.

It is time to focus on giving customers solid answers to their security fears and removing the ‘fear, uncertainty and doubt’ from their minds, according to CIF member Simplexo.

The firm’s chief technology officer (CTO), Simon Bain, said: “I am obviously a believer in using the ‘cloud’ as a way forward for both personal and corporate life.”

“However, there are certain guidelines that I think need to be adhered to before we all start throwing our hard disks away and placing everything in to the hands of others.”

via CIF: Data security tops cloud concerns | IT PRO.

Over the last several years, user participation in social media websites has exploded. For example, Facebook claims to have more than 800 million users on its network, Twitter users post something approaching 150 million tweets a day, and YouTube claims that more video is uploaded to its site every month than the three major U.S. networks created in the last 60 years. Such statistics tend to confirm that social media websites are here to stay, and their emergence as commonplace communication platforms suggests that the law will have to take notice.

For example, websites’ privacy guidelines might not carry much weight when it comes to litigation. When a lawsuit is filed, attorneys inevitably scour the Internet for evidence relevant to the claims and parties, which frequently leads to one or more social media websites, such as Facebook and LinkedIn. Social media users (and lawyers representing them in litigation) should realize that data posted on social media websites is likely subject to review and disclosure when relevant to the issues in a lawsuit, without regard to the particular website’s privacy guidelines or the user’s privacy settings.

via In civil litigation, ‘private’ social media data isn’t private – Computerworld.

Microsoft, like rivals Google, Amazon and others, is racing to bring its cloud software into compliance with government security regulations. Earlier this year Microsoft and Google became embroiled in a dispute over whose cloud software complied with Federal Information Security Management Act (FISMA) requirements.

Meeting such requirements can be critical for winning government contracts, such as the $60 million deal to provide the U.S. Department of the Interior with e-mail and collaboration cloud software that Google (NSDQ:GOOG) and Microsoft spent much of the year fighting over in court.

Microsoft also said it has overhauled its Office 365 Trust Center, a Web site that provides detailed information about Office 365 privacy and security practices, to make it easier to use.

Microsoft said it would sign the European Union’s contractual clauses, which the vendor said would help customers comply with the EU’s stringent Data Protection Directive regulations. The contractual or “model clauses” legitimize the transfer of personal data through international networks to locations outside the European Economic Area (EEA).

via Microsoft Boosts Office 365 Security To Meet European Data Protection Requirements.