Much to the chagrin of privacy advocates, U.S. legislators have been pushing to pass a bill to improve cyberthreat intelligence sharing before discussing National Security Agency (NSA) surveillance reforms. In other recent news: Privacy proponents are also up in arms about an NSA proposal that would force tech companies to allow government access to encrypted consumer devices; and security experts warn about the increasing number of medical data thefts in recent years.
U.S. Congress hastens to pass cybersecurity bill ahead of NSA reform debate
U.S. lawmakers are rushing to pass a major cybersecurity bill before beginning the debate over reforming the National Security Agency’s surveillance programs. The NSA programs must be reauthorized by June 1. Backers of the security bill, which strives to improve companies’ cyberthreat information sharing with the government, insist that it is a separate issue from NSA surveillance. Privacy advocates, however, worry that the cybersecurity bill will allow the NSA to further collect American citizens’ sensitive data.
The cybersecurity bill is a joint effort between both the House of Representatives’ and the Senate’s intelligence committees, and appears to have garnered approval from Republicans, Democrats and the White House, The Hill reports. The Obama administration stated recently that it considers cybercrime a national emergency, and that information sharing programs are a major part of its cyberdefense strategy, according to The Wall Street Journal.
The House Intelligence Committee’s bill prohibits cyberthreat intelligence from going directly to the NSA, but privacy groups want NSA surveillance programs to be reformed before cybersecurity legislation passes to give the government more access to data, according to The Hill.
NSA director seeks front door access to encrypted devices
The debate over whether the U.S. government should have guaranteed access to encrypted data on U.S. consumer devices has reached another impasse. Adm. Michael S. Rogers, director of the NSA, is offering a “technical solution” to the problem, reported The Washington Post: legally requiring technology companies to create a digital key that can open any locked device to access the data inside, but splitting the key into pieces among multiple agencies so that not one entity could use it.
“I don’t want a back door. I want a front door. And I want the front door to have multiple locks,” Rogers said in a recent speech at Princeton University, where he outlined the proposal.
Law enforcement and intelligence officials who support the proposal warn that the growing use of data and device encryption could seriously obstruct criminal and national security investigations.
Members of the technology industry and privacy advocates, however, argue that granting government and law enforcement access to people’s private communications threatens their Constitutional right to free speech. Security experts also believe that the split-key approach creates weaknesses that hackers and foreign intelligence agencies can try to exploit. Opponents of the NSA’s proposal also argue that the scope of encryption technology usage has exceeded the reach of government control, according to the Post.
Medical data theft on the rise
The growth in the number of digital medical records has led to an increase in the theft of those records, industry experts say. This type of theft has also evolved, according to Dwayne Melancon, CTO of software company TripWire: Hackers previously stole payment card and bank information inside medical records, but now they target personal information, he told Marketplace.
Unlike payment card theft, victims of medical data theft often don’t find out that their data is for sale to the highest bidder until after a year or more has passed, healthcare information security expert Bernard Peter Robichau told Marketplace.
There’s also the risk that this stolen medical data could end up on predictive consumer scores. These scores use data collected by devices and apps to predict individuals’ likelihood to spend on healthcare, to commit fraud, to adhere to medication prescriptions and other data points highly sought after by many companies, reported Marketplace.