(by Sergey Frolov, University of Colorado Computer Science Ph.D candidate)
In the U.S., it is illegal to produce, distribute, and possess child pornography. Playpen is a now-defunct child pornography website. The FBI managed to trace the site’s operators, then obtained a warrant and seized the web server on which the site ran.
However, instead of shutting the server down immediately, the FBI continued to operate Playpen for an additional 13 days. During that time, according to the Electronic Frontier Foundation, the FBI sent malware to visitors to the site in order to identify and prosecute them for possession of child pornography.
Continue reading “Last Week in Tech Policy #48: Playpen and Government Hacking”
(By Lucas Ewing, Colorado Law 2L)
The World Wide Web Consortium (W3C) is an international organization whose goal is to set standards for the World Wide Web. Due to W3C’s highly technical subject matter, internal discussions rarely broach the public discourse, but recently, open internet advocates and some W3C members have expressed concern over plans to endorse Encrypted Media Extensions (EMEs).
Continue reading “Last Week in Tech Policy #47: W3C and EME—Is DRM Being Inserted in Your Web Browser?”
(By Connor Boe, Colorado Law 2L)
After it was first announced that President Trump would continue to use his personal Twitter account after taking office, it has become clear that social media is going to become a dominant source of information from the White House. How might social media impact the consistency and clarity of messaging that the American public has come to expect from the executive branch?
Trump first created the @realDonaldTrump account in 2009 and has tweeted roughly 34,000 tweets and accrued over 22 million followers since. Since the election Trump has used Twitter along with other social media platforms to release policy statements, personal opinions, and a surprising number of politically polarizing statements. This new form of communication from the President creates some interesting dynamics, some possible opportunities, and a multitude of challenges that need to be considered as we enter a new era of American politics.
Continue reading “Last Week in Tech Policy #42: @realDonaldTrump: How Twitter is Changing Communications from the White House”
(by Zach Goldberg and Eilif Vanderkolk, TLPC Student Attorneys)
Over the past several months, the TLPC, in collaboration with the National 911 Program, has researched problems burdening 911 call centers, with the aim of discovering solutions to improve the efficiency of emergency response throughout the country. Specifically, we have examined the negative impact of calls made from non-service-initialized devices (“NSIDs”) and high non-emergency 911 call volume upon the efficacy of public safety answering points (PSAPs). We aimed to gain deeper understanding of how 911 systems work, the difficulties they face, and how changes in law and policy, technology, and consumer awareness and behaviors might help. However, crafting effective solutions to these problems is difficult because the factors contributing to high non-emergency 911 call volume figures are complex, and reliable, precise studies and data is scarce. We explore these problems in the attached white paper.
(by Zach Goldberg, TLPC Student Attorney)
Over the past month, the TLPC has researched autonomous vehicle technology and its susceptibility to physical layer cyber attacks, with the aim of encouraging research and development efforts to counteract such threats. We sought to gain deeper understanding of the communication systems that enable autonomous vehicle technology, the vulnerabilities of these systems to jamming and spoofing attacks, and possible defenses against such attacks. We explore these issues in the attached comment, filed in the National Highway Traffic Safety Administration’s latest proceedings relating to autonomous vehicle safety and vehicular cyber security.
• Autonomous Vehicle Jamming and Spoofing Comment
(by Zachary Goldberg, Colorado Law 2L)
Apparently Yahoo waited two full months to disclose to its customers the largest consumer data breach in history, which Yahoo officials claim went undetected for two full years
On September 22, 2016, Yahoo officials announced that 500 million of its customers’ email accounts were hacked in 2014. The Yahoo security team believes that “state-sponsored hackers” somehow managed to penetrate Yahoo’s system to target its email users’ identifying information, passwords, and security question responses. At this stage in their investigation, Yahoo officials have not indicated precisely when they discovered the breach, and they know neither specific details as to who orchestrated it, nor how they gained access to Yahoo’s email system.
Continue reading “Last Week in Tech Law & Policy, Vol. 36: Another Yahoo! Data Breach? Personal Consumer Information and the U.S. Government’s Intelligence Collection Practices”
(by Kiki Council, Colorado Law 3L)
Last week’s blog post concerned the ramifications of sponsored and compelled government hacking with the use of backdoor encryption. This week’s post concerns how government hacks of computers using the Tor browser, and whether those hacks are considered a “search” under the Fourth Amendment.
Continue reading “Last Week in Tech Law & Policy, Vol. 32: Is government hacking a “search” under the Fourth Amendment?”
(by Colter Donahue, Colorado Law 3L)
Should government agencies possess, compel, or sponsor hacking and backdoors? A backdoor is a method of bypassing the normal authentication system of a website, messaging service, or other means of electronic communications.
Privacy and encryption advocates point out that the tools created or vulnerabilities exploited by backdoors pose a privacy risk. The vulnerabilities are not not limited to exploit by U.S. agencies like the FBI and NSA; bad actors and other nations can use them too. Hacking tools don’t always stay secret; once exposed, potential damage may be measured on a global scale. But what happens when law enforcement needs access for investigatory purposes? The following post will look at a recent example and the balance of competing interests.
Continue reading “Last Week in Tech Law & Policy, Vol. 31: Sponsored and Compelled Hacking, Government Edition”
The government intelligence community has long vocally advocated for so-called “backdoors” in encrypted digital communications systems. Proponents of these special modes of entry and intercept into otherwise protected databases and communications believe they are a necessary part of national security in the modern age. However, attempts to statutorily codify these ideas have met significant opposition.
Not to be deterred, the government is currently seeking alternate ways to gather information about suspected criminals and terrorists. Two weeks ago, the Senate passed the Cybersecurity Intelligence Sharing Act (CISA). This bill seeks primarily to permit information technology companies to “voluntarily” share information about security threats with the Department of Homeland Security. Companies would be given immunity both from liability and from FOIA requests regarding this information sharing. A proposed amendment that would have required the scrubbing of personally identifiable information in this information sharing failed to pass.
Continue reading “Last Week in Tech Law and Policy, Vol. 25: The CISA/CISPA See-Saw of Cybersecurity”
(by R. Kolton Ray, Colorado Law 2L)
Back to the Future Day—October 1, 2015—was celebrated this past week to commemorate the day that Marty McFly and Doc Brown traveled through time to save Marty’s future son in Back to the Future II. It’s easy to laugh at the zany fashion and technology—i.e., fax machines—but director Robert Zemeckis got a lot right about 2015. For example, Nike will release a pair of self-lacing sneakers next year, and hover boards have become close to a reality. The film even portrayed a current political candidate as a wacky villain.
While we have yet to reach the Back to the Future-style flying cars depicted in the second film, we are very close to the introduction of self-driving cars into our travel ecosystem. Google’s self-driving car has successfully completed 1 million miles and the company is planning to release a model to the general public by 2017. Automotive powerhouses like GM, Ford, Toyota, Daimler-Chrystler and Volkswagen have all partnered with Google, and Tesla CEO Elon Musk has said that manually-operated cars will be illegal once autonomous cars reach 100% penetration.
Continue reading “Last Week in Tech Law and Policy, Vol. 24: Will Your Autonomous Car be Programmed to Kill You?”