Risk
4/1/2010
08:33 AM
Connect Directly
RSS
E-Mail
50%
50%

Senator Calls For Privacy Hearings

Judiciary chairman Leahy says currently laws governing electronic communications are outdated and inadequate.

Sen. Patrick Leahy, Democrat from Vermont and chairman of the Senate Judiciary Committee, said he plans to hold hearings on "much-needed updates" to the Electronic Communications Privacy Act of 1986 in the coming months.

"While the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated," Leahy said, in a statement.

Google, Microsoft and other tech companies also joined privacy advocates and academics this week in seeking tougher laws that raise the standards for government access to e-mail, instant messages and personal files stored online.

The broad Digital Due Process coalition wants Congress to rewrite the privacy act. The group argues the law is outdated and no longer provides adequate protection of personal data stored on the Internet, as it exists today.

"Technology has changed dramatically in the last 20 years, but the law has not," Jim Dempsey, VP for public policy at the Center for Democracy and Technology, said in a statement announcing the formation of the group. Dempsey is a leader of the coalition effort.

The coalition sees a number of privacy weaknesses in the act. Top on the list is changing rules that allow law enforcement agencies to access some e-mail, instant messages and other information stored online through simple subpoenas. The organization wants Congress to up the requirement, so such agencies would need court-ordered warrants, which require convincing a court that there's enough evidence of a criminal act to support a search and seize data.

While law enforcement agencies will likely oppose such a requirement, the coalition argues that private information stored online should fall under the standards imposed on government to search homes and offices, seize personal papers and read mail.

"The law needs to be clear that the same standard applies to email and documents stored with a service provider, while at the same time be flexible enough to meet law enforcement needs," Dempsey said.

The group says it is talking to politicians and law enforcement agencies to try and reach a consensus on updates to the law.

Tech companies joining Google and Microsoft in the coalition include AOL, eBay, Intel, Loopt and Salesforce.com. Other members include AT&T, the ACLU, the American Library Association, the Center for Democracy & Technology and the Computer and Communications Industry Association. More than 20 organizations have joined the group.

Dark Reading's Database Security Tech Center is your portal to all the news, reports, product information, technical data, and other information related to the topic of database security. Check it out now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.