08:33 AM

Senator Calls For Privacy Hearings

Judiciary chairman Leahy says currently laws governing electronic communications are outdated and inadequate.

Sen. Patrick Leahy, Democrat from Vermont and chairman of the Senate Judiciary Committee, said he plans to hold hearings on "much-needed updates" to the Electronic Communications Privacy Act of 1986 in the coming months.

"While the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated," Leahy said, in a statement.

Google, Microsoft and other tech companies also joined privacy advocates and academics this week in seeking tougher laws that raise the standards for government access to e-mail, instant messages and personal files stored online.

The broad Digital Due Process coalition wants Congress to rewrite the privacy act. The group argues the law is outdated and no longer provides adequate protection of personal data stored on the Internet, as it exists today.

"Technology has changed dramatically in the last 20 years, but the law has not," Jim Dempsey, VP for public policy at the Center for Democracy and Technology, said in a statement announcing the formation of the group. Dempsey is a leader of the coalition effort.

The coalition sees a number of privacy weaknesses in the act. Top on the list is changing rules that allow law enforcement agencies to access some e-mail, instant messages and other information stored online through simple subpoenas. The organization wants Congress to up the requirement, so such agencies would need court-ordered warrants, which require convincing a court that there's enough evidence of a criminal act to support a search and seize data.

While law enforcement agencies will likely oppose such a requirement, the coalition argues that private information stored online should fall under the standards imposed on government to search homes and offices, seize personal papers and read mail.

"The law needs to be clear that the same standard applies to email and documents stored with a service provider, while at the same time be flexible enough to meet law enforcement needs," Dempsey said.

The group says it is talking to politicians and law enforcement agencies to try and reach a consensus on updates to the law.

Tech companies joining Google and Microsoft in the coalition include AOL, eBay, Intel, Loopt and Salesforce.com. Other members include AT&T, the ACLU, the American Library Association, the Center for Democracy & Technology and the Computer and Communications Industry Association. More than 20 organizations have joined the group.

Dark Reading's Database Security Tech Center is your portal to all the news, reports, product information, technical data, and other information related to the topic of database security. Check it out now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.