Categories
GeekWire

Virus-tracking plans raise privacy concerns

U.S. Rep. Suzan DelBene
Rep. Suzan DelBene, D-Wash.,, says privacy concerns have to be considered along with public health concerns. (DelBene.House.gov Photo)

Rep. Suzan DelBene, D-Wash., and two other members of Congress are sounding an alarm over the prospect of using location data to track the coronavirus outbreak.

In a letter to President Donald Trump and Vice President Mike Pence, who heads up the White House’s coronavirus task force, the three lawmakers take note of reports that Facebook, Google and other tech companies have been talking with administration officials about using data captured by smartphones and apps for public health purposes.

Although such applications may help public health officials limit the spread of COVID-19, they could also limit personal privacy, according to the letter, which was signed by DelBene as well as Sen. Ron Wyden, D-Ore.; and Rep. Anna Eshoo, D-Calif.

Get the full story on GeekWire.

Categories
GeekWire

How IoT could bring hackers into your kitchen

Internet of Things and the cloud
Pixabay Illustration

WASHINGTON, D.C. — Tens of billions of devices, ranging from coffee makers to cars to spacecraft, could someday be connected to global networks thanks to what’s known as the Internet of Things, or IoT, and cybersecurity experts say that could open up a whole new universe for hackers and eavesdroppers.

Consider the humble coffee maker, for example: University of North Carolina techno-sociologist Zeynep Tufekci suggested that if Chinese authorities wanted to, say, root out Muslim activists in the country’s far western Xinjiang region, they could watch for the telltale sign of coffee or tea being brewed before morning prayers.

“Your coffee maker has an IP [address], and it might be at risk of identifying these people, because if I wanted one piece of data from the region, that would be my thing. … It’s a very synchronized hour, that’s the whole point of it,” Tufekci said here last weekend during the annual meeting of the American Association for the Advancement of Science.

“Holy crap, we were just talking about coffee making, right? And now we’re talking about taking people to send to internment camps,” she said. “These lines are not as far apart from one another as one would think.”

Get the full story on GeekWire.

Categories
GeekWire

NASA reviews security after data breach

Pleiades supercomputer network
NASA’s computer servers include the Pleiades supercomputer network. (NASA Photo)

NASA says it is reviewing its network security processes and procedures after a computer break-in exposed Social Security numbers and other personal information about the space agency’s current and past employees.

The breach was discovered in October, and its full extent and impact has yet to be determined. NASA says it will provide identity protection services to all those who have potentially been affected.

NASA Watch, an independent website founded by former NASA employee Keith Cowing, first brought the incident to light in a posting on Dec. 18 that quoted an internal NASA memo. The memo suggests that agency employees who were hired, transferred or left NASA between July 2006 and October 2018 may be affected.

Get the full story on GeekWire.

Categories
GeekWire

New crypto needed for quantum computing age

Quantum computing report
A new report from the National Academies says it’ll be at least a decade before quantum computing becomes powerful enough to crack today’s public-key cryptography, but it could also take that long to develop a new data-encoding system to protect against hacking. (National Academies Illustration)

new report from computer scientists estimates that it’s likely to be at least a decade before quantum computing tools become powerful enough to compromise the current system of public-key cryptography that serves as the foundation for data security and financial transactions.

But it could also take a decade or more to replace current crypto tools with new protocols that would be resistant to quantum hacking, according to the report, published today by the National Academies of Science, Engineering and Medicine.

Therefore, the report’s authors say, it’s urgent to begin the transition toward such “post-quantum” protocols — which can range from increasing the size of encryption keys to developing new lattice-based systems such as NewHope and Frodo.

The study was sponsored by the federal Office of the Director of National Intelligence, and meshes with policy strategies laid out in September during a White House quantum information science summit. Like the White House strategy document, the National Academies study points out that the rise of quantum computing will have deep implications for national security.

Get the full story on GeekWire.

Categories
GeekWire

Battleground shifts in fight over fake news

National Guard at work
Staff Sgt. Wiggin Bernadotte, a cyber warfare operator in the Washington Air National Guard’s 262nd Cyberspace Operations Squadron, works with Capt. Benjamin Kolar, a cyberspace operations officer in the 262nd, on an electrical substation simulator. The exercise is part of the Air National Guard’s effort to help secure and protect voting systems on Election Day. (JBLM / DVIDS / DOD Photo / Paul Rider)

Facebook and Twitter have been cracking down on political disinformation during the current election cycle, but there are signs that the fight against fake news has spread to new battlefields, ranging from LinkedIn to text messages.

In Washington state, the Air National Guard has called out its cyberspace operations unit to protect the voting system. And the battle won’t end when the votes are tallied.

“Be aware of the ‘voter fraud’ debate that will inevitably follow the election — no matter the results,” University of Washington information scientist Jevin West, one of the instructors for a “Calling B.S.” class that went viral, told GeekWire in an Election Day email.

Get the full story on GeekWire.

Categories
GeekWire

Not even Congress can keep up with IoT security

IoT security panel
Moderator Mark Harris of The Economist leads a discussion about IoT security with Finite State CEO Matt Wyckhouse, U.S. Rep. Suzan DelBene and University of Washington computer scientist Franziska Roesner at the GeekWire Summit. (GeekWire Photo / Kevin Lisota)

For years, computer industry leaders have been talking about creating a seal of approval that would assure consumers that their connected devices would be safeto use on the Internet of Things, just as past generations had Underwriters Laboratories or the Good Housekeeping seal to lean on. Why is that so hard to do?

U.S. Rep. Suzan DelBene, D-Wash., says it’s because the IoT market is moving so quickly that what seems secure today may not be so tomorrow.

“There was a time when we had something more static, you could say that it’s got this particular validator on the box, and you knew that it would potentially be good for years to come,” DelBene, who co-founded the Congressional Caucus on the Internet of Things in 2015, said today at the GeekWire Summit. “How do we make sure that if something’s there, it’s really going to mean something months or years down the line, given how much things are changing?”

She and other experts on agreed that security assurances will become increasingly necessary as the number of IoT devices, ranging from webcams to smart speakers to kitchen appliances, mushrooms from an estimated 11 billion today to more than 20 billion in 2020.

Get the full story on GeekWire.

Categories
GeekWire

Online-only voting? Don’t do it, experts say

Electronic voting
Experts say electronic voting systems need to generate a voter-verifiable paper audit trail. (U.S. State Dept. Photo)

Chastened by Russian interference and hacking attempts in the 2016 election, academic experts on voting technology say electronic voting machines that don’t leave a paper trail should be phased out as soon as possible.

“Every effort should be made to use human-readable paper ballots in the 2018 federal election,” the experts write in a report issued today by the National Academies of Science, Engineering and Medicine. “All local, state and federal elections should be conducted using human-readable paper ballots by the 2020 presidential election.”

That’s already the case for Washington, Oregon and Colorado, where mail-only voting has become the norm. (The report notes that “vote-by-mail” is something of a misnomer, since most ballots are still returned by hand. “Ballot delivery by mail” comes closer to the mark.)

Washington’s election officials have implemented the report’s top recommendation for mail-voting systems: giving voters an easy way to check whether their ballot has been sent, and where their returned ballot is in the system. The “MyVote” websitelinks to online ballot trackers as well as voter registration information.

Get the full story on GeekWire.

Categories
GeekWire

Beyond bitcoin: Blockchain is on the rise

Lawrence Lerner on bitcoin
Lawrence Lerner, chief growth officer for RChain Holdings, talks about blockchain and bitcoin at an event organized by MIT Enterprise Forum of the Northwest. (GeekWire Photo / Alan Boyle)

Even bitcoin’s boosters acknowledge that cryptocurrencies aren’t a sure thing.

Just in the past month, China and South Korea signaled that they might be cracking down harder on trading in digital currencies, which caused bitcoin prices to tumble from a peak of nearly $20,000 per coin to around $12,000.

“For any of you that own cryptos, this was a rough week,” said John Utley, an IBM sales executive who focuses on blockchain and software-as-a-service verticals.

But the uptick is much steadier for blockchain — the digital technology that underlies cryptocurrencies as well as other recordkeeping applications.

Get the full story on GeekWire.

Categories
GeekWire

How evildoers could hack into DNA data

DNA data output
This output from a sequencing machine includes the University of Washington team’s exploit, which is being sequenced with a number of unrelated strands. Each dot represents one strand of DNA in a given sample. (UW Photo / Dennis Wise)

Computer scientists are turning DNA into a new frontier for data storage and information processing, but a team from the University of Washington says it could become a frontier for cybercrime as well.

To prove their point, the researchers turned a snippet of malicious computer code into a string of synthetic DNA, and then used it to take control of a computer that was programmed to search for patterns in the raw files that emerge from DNA sequencing.

They also found known security gaps in many of the open-source software programs that are used to analyze DNA sequencing data.

Get the full story on GeekWire.

Categories
GeekWire

Trump’s cybersecurity plan points to the cloud

White House Matrix
The White House cybersecurity plan is taking shape. (White House / Pho.to / GeekWire Graphic)

President Donald Trump today signed a long-awaited executive order aimed at beefing up cybersecurity at federal government agencies – with a shift of computer capabilities to the cloud as a key part of the strategy.

“We’ve got to move to the cloud and try to protect ourselves instead of fracturing our security posture,” Homeland Security Adviser Tom Bossert told reporters during a White House briefing.

The executive order gives the lead role in managing the cloud shift to the director of the White House’s newly established American Technology Council, which is due to meet for the first time next month.

Although the council’s full roster of members has not yet been announced, the director is said to be Chris Liddell, who formerly served as chief financial officer at Microsoft and General Motors.

Get the full story on GeekWire.