Risk
4/1/2010
08:33 AM
50%
50%

Senator Calls For Privacy Hearings

Judiciary chairman Leahy says currently laws governing electronic communications are outdated and inadequate.

Sen. Patrick Leahy, Democrat from Vermont and chairman of the Senate Judiciary Committee, said he plans to hold hearings on "much-needed updates" to the Electronic Communications Privacy Act of 1986 in the coming months.

"While the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated," Leahy said, in a statement.

Google, Microsoft and other tech companies also joined privacy advocates and academics this week in seeking tougher laws that raise the standards for government access to e-mail, instant messages and personal files stored online.

The broad Digital Due Process coalition wants Congress to rewrite the privacy act. The group argues the law is outdated and no longer provides adequate protection of personal data stored on the Internet, as it exists today.

"Technology has changed dramatically in the last 20 years, but the law has not," Jim Dempsey, VP for public policy at the Center for Democracy and Technology, said in a statement announcing the formation of the group. Dempsey is a leader of the coalition effort.

The coalition sees a number of privacy weaknesses in the act. Top on the list is changing rules that allow law enforcement agencies to access some e-mail, instant messages and other information stored online through simple subpoenas. The organization wants Congress to up the requirement, so such agencies would need court-ordered warrants, which require convincing a court that there's enough evidence of a criminal act to support a search and seize data.

While law enforcement agencies will likely oppose such a requirement, the coalition argues that private information stored online should fall under the standards imposed on government to search homes and offices, seize personal papers and read mail.

"The law needs to be clear that the same standard applies to email and documents stored with a service provider, while at the same time be flexible enough to meet law enforcement needs," Dempsey said.

The group says it is talking to politicians and law enforcement agencies to try and reach a consensus on updates to the law.

Tech companies joining Google and Microsoft in the coalition include AOL, eBay, Intel, Loopt and Salesforce.com. Other members include AT&T, the ACLU, the American Library Association, the Center for Democracy & Technology and the Computer and Communications Industry Association. More than 20 organizations have joined the group.

Dark Reading's Database Security Tech Center is your portal to all the news, reports, product information, technical data, and other information related to the topic of database security. Check it out now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.