Risk

Senator Calls For Privacy Hearings

Judiciary chairman Leahy says current laws governing electronic communications are outdated and inadequate

Sen. Patrick Leahy, Democrat from Vermont and chairman of the Senate Judiciary Committee, said he plans to hold hearings on "much-needed updates" to the Electronic Communications Privacy Act of 1986 in the coming months.

"While the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated," Leahy said, in a statement.

Google, Microsoft and other tech companies also joined privacy advocates and academics this week in seeking tougher laws that raise the standards for government access to e-mail, instant messages and personal files stored online.

The broad Digital Due Process coalition wants Congress to rewrite the privacy act. The group argues the law is outdated and no longer provides adequate protection of personal data stored on the Internet, as it exists today.

"Technology has changed dramatically in the last 20 years, but the law has not," Jim Dempsey, vice president for public policy at the Center for Democracy and Technology, said in a statement announcing the formation of the group. Dempsey is a leader of the coalition effort.

The coalition sees a number of privacy weaknesses in the act. Top on the list is changing rules that allow law enforcement agencies to access some e-mail, instant messages and other information stored online through simple subpoenas. The organization wants Congress to up the requirement, so such agencies would need court-ordered warrants, which require convincing a court that there's enough evidence of a criminal act to support a search and seize data.

While law enforcement agencies will likely oppose such a requirement, the coalition argues that private information stored online should fall under the standards imposed on government to search homes and offices, seize personal papers and read mail.

"The law needs to be clear that the same standard applies to email and documents stored with a service provider, while at the same time be flexible enough to meet law enforcement needs," Dempsey said.

The group says it is talking to politicians and law enforcement agencies to try and reach a consensus on updates to the law.

Tech companies joining Google and Microsoft in the coalition include AOL, eBay, Intel, Loopt and Salesforce.com. Other members include AT&T, the ACLU, the American Library Association, the Center for Democracy & Technology and the Computer and Communications Industry Association. More than 20 organizations have joined the group.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6443
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
CVE-2019-6444
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
CVE-2019-6445
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
CVE-2019-6446
PUBLISHED: 2019-01-16
An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.
CVE-2019-6442
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.