US Intelligence Community Seal (Photo credit: Wikipedia)
from the reasons-to-be-cheerful dept
There’s been quite a lot of excitement in the press about the latest leaks that the NSA has been spying on not just one French President, but (at least) three of them. As Mike pointed out, this isn’t such a big deal, because it is precisely the kind of thing that you would expect the NSA to do — as opposed to spying on the entire US public, which isn’t. There is, though, an aspect that most people have overlooked: the fact that these NSA leaks don’t appear to originate from Snowden’s stash.
Of course, Mr Crypto himself, Bruce Schneier, did spot it, and pointed out it could be one of his “other” US intelligence community leakers, listed a couple of months ago, or even a completely new one. As that post shows, there are now a few people around that are leaking secret documents, and that’s a pretty significant trend, since you might expect enhanced security measures taken in the wake of Snowden’s leaks would have discouraged or caught anyone who attempted to follow suit. Continue reading →
As the US moves towards privacy reform, Europe enacts sweeping new spying powers.
A strange — and strangely unnoticed — trend is emerging in the evolving global response to massive 2013 leaks about US surveillance activities. While our European cousins talk privacy reform, the United States is actually moving ahead with it, albeit more slowly than many would like. As the American side of the Atlantic inches toward self-restraint, many European governments are seeking sweeping new spying powers. Europe is at risk of falling behind the US in privacy reform.
Following two post-Snowden reviews of US surveillance activities, the United States announced new limitations to its electronic surveillance activities, including additional privacy protections for Europeans and other non-US citizens, which few European countries currently afford Americans. Much-criticized US surveillance activities, including the bulk telephone metadata program, are set to expire in days unless Congress intervenes. Meanwhile, the bipartisan Law Enforcement Access to Data Stored Overseas (LEADS) Act and similar draft laws are moving through Congress and garnering broad support from technology companies, business organizations, and privacy and civil liberties advocacy groups. Continue reading →
English: WASHINGTON (Oct. 7, 2011) An advanced metering infrastructure smart meter monitors energy consumption near the Catering and Conference Center at the Washington Navy Yard. The smart meter records energy consumption data every 15 minutes and sends information to a single, secure system allowing managers to monitor and control energy systems throughout the installation. (U.S. Navy photo by Mass Communication Specialist 2nd Class Kiona Miller/Released) (Photo credit: Wikipedia)
Lose customer data and lose your licence
The government plans to place a specific obligation for data security on the suppliers of smart meters as part of its conditions for granting licences to install the technology and use it to monitor customers’ energy supplies, it has confirmed.
In its latest consultation [18-page/118KB PDF] on use of the technology, the Department for Energy and Climate Change (DECC) has set out steps suppliers will have to carry out to ensure their systems are secure to an “appropriate standard” in the period running up until the launch of its Data and Communications Company (DCC).
Suppliers will have to conduct an initial risk assessment of their end-to-end systems as well as ongoing risk assessments as new threats emerge, and will have to have annual independent security risk audits conducted by external specialists.
Suppliers will also be expected to have incident management procedures, enabling them to identify and respond to security incidents in a coordinated manner, in place along with business continuity and disaster recovery procedures. They will also be expected to install physical security controls to protect equipment that interacts with the smart metering system.
“The government is committed to ensuring security is embedded into the design process for smart meters and their communication systems from the start, and to create a framework that allows systems and processes to continue to be fit for purpose as security risks, technology and the requirements continue to evolve,” the DECC said in the document. “Given the potential for a security incident, of any nature, to undermine confidence in smart metering … the government has proposed that obligations should be placed on suppliers in advance of DCC ‘go live’.”