Risk
4/1/2010
08:33 AM
50%
50%

Senator Calls For Privacy Hearings

Judiciary chairman Leahy says currently laws governing electronic communications are outdated and inadequate.

Sen. Patrick Leahy, Democrat from Vermont and chairman of the Senate Judiciary Committee, said he plans to hold hearings on "much-needed updates" to the Electronic Communications Privacy Act of 1986 in the coming months.

"While the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated," Leahy said, in a statement.

Google, Microsoft and other tech companies also joined privacy advocates and academics this week in seeking tougher laws that raise the standards for government access to e-mail, instant messages and personal files stored online.

The broad Digital Due Process coalition wants Congress to rewrite the privacy act. The group argues the law is outdated and no longer provides adequate protection of personal data stored on the Internet, as it exists today.

"Technology has changed dramatically in the last 20 years, but the law has not," Jim Dempsey, VP for public policy at the Center for Democracy and Technology, said in a statement announcing the formation of the group. Dempsey is a leader of the coalition effort.

The coalition sees a number of privacy weaknesses in the act. Top on the list is changing rules that allow law enforcement agencies to access some e-mail, instant messages and other information stored online through simple subpoenas. The organization wants Congress to up the requirement, so such agencies would need court-ordered warrants, which require convincing a court that there's enough evidence of a criminal act to support a search and seize data.

While law enforcement agencies will likely oppose such a requirement, the coalition argues that private information stored online should fall under the standards imposed on government to search homes and offices, seize personal papers and read mail.

"The law needs to be clear that the same standard applies to email and documents stored with a service provider, while at the same time be flexible enough to meet law enforcement needs," Dempsey said.

The group says it is talking to politicians and law enforcement agencies to try and reach a consensus on updates to the law.

Tech companies joining Google and Microsoft in the coalition include AOL, eBay, Intel, Loopt and Salesforce.com. Other members include AT&T, the ACLU, the American Library Association, the Center for Democracy & Technology and the Computer and Communications Industry Association. More than 20 organizations have joined the group.

Dark Reading's Database Security Tech Center is your portal to all the news, reports, product information, technical data, and other information related to the topic of database security. Check it out now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-1157
Published: 2015-05-27
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2)...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?