Budget bill heads to President Obama’s desk with CISA intact

Privacy is killed once more.

Update: As expected, President Obama has just signed the bill, enacting both the $1.1 trillion budget and CISA.

In a nutshell, CISA was meant to allow companies to share information on cyber attacks — including data from private citizens — with other companies and the Department of Homeland Security. Once DHS had all the pertinent details, they could be passed along to the FBI and NSA for further investigation and, potentially, legal action.

[A] previously held prohibition against sharing information with the NSA has been removed… More importantly, the provision that required personal information to be scrubbed from cybersecurity reports also seems to have gone missing, leaving that task up to the discretion of which ever agency gets their hands on it. While the federal government has been trying to toughen its stance on cybersecurity in the wake of massive hacks on the Office of Personnel Management and Sony, we wound up with an even more effete version of a questionable plan that will soon become law.

via Budget bill heads to President Obama's desk with CISA intact.

Ughhhh.

HT Ankur

“When Enough is Enough: Location Tracking, Mosaic Theory, and Machine L” by Steven M. Bellovin, Renée M. Hutchins et al.

This article advances the conclusion that the duration of investigations is relevant to their substantive Fourth Amendment treatment because duration affects the accuracy of the predictions. Though it was previously difficult to explain why an investigation of four weeks was substantively different from an investigation of four hours, we now have a better understanding of the value of aggregated data when viewed through a machine learning lens. In some situations, predictions of startling accuracy can be generated with remarkably few data points. Furthermore, in other situations accuracy can increase dramatically above certain thresholds. For example, a 2012 study found the ability to deduce ethnicity moved sideways through five weeks of phone data monitoring, jumped sharply to a new plateau at that point, and then increased sharply again after twenty-eight weeks. More remarkably, the accuracy of identification of a target’s significant other improved dramatically after five days’ worth of data inputs. Experiments like these support the notion of a threshold, a point at which it makes sense to draw a Fourth Amendment line.

via "When Enough is Enough: Location Tracking, Mosaic Theory, and Machine L" by Steven M. Bellovin, Renée M. Hutchins et al..

[PDF]

Study shows how easy it is to determine someone’s identity with cell phone data

While most people know that using a cell phone means that the phone’s location is being recorded, a new study has revealed just how little information is required to determine an individual’s personal identity. By analyzing 15 months of cell phone mobility data from 1.5 million people, researchers have found that only four spatio-temporal points (an individual’s approximate whereabouts at the approximate time when they’re using their cell phone) are all that’s needed to uniquely identify 95% of the individuals. The study has implications for modifying privacy law in order to keep pace with technological advances.

via Study shows how easy it is to determine someone's identity with cell phone data.