The Stroz Friedberg Cyber Brief


*|MC:SUBJECT|*
  FEATURED STORY            

MONDAY, JANUARY 30, 2017

MICROSOFT WINS AGAIN IN SEARCH WARRANT CASE

In a 4-4 split, a federal appeals court in Manhattan refused to reconsider a landmark decision last July that said law enforcement agencies could not compel Microsoft, or other companies, to hand over customer emails stored abroad. The ruling marked a victory for tech firms and many digital privacy advocates. Dissenting judges called on the U.S. Supreme Court to overturn the ruling.

 

In late 2013, Microsoft refused to turn over emails stored on its servers in Ireland to federal authorities investigating a narcotics case. The federal district court in the Southern District of New York held the company in contempt for failing to comply with the government warrant. But three years later, the Second Circuit Court of Appeals overturned the decision, holding that “the Stored Communications Act does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer e‐mail content that is stored exclusively on foreign server.” Many on Capitol Hill and in the Justice Department have argued that the 1986 law at hand in the case is in need of reform. (Reuters, The Hill, Lawfare)

Analysis: Congress Needs to Fix Our Outdated Email Privacy Law (Slate)

  HACKERS                                          

DC Cameras: City officials say that hackers infected 70 percent of the devices that record data from DC police surveillance cameras just days before President Trump’s inauguration. Cameras were reportedly unable to record between January 12 and 15. An investigation is ongoing. (WaPo)

 

Breach Rankings: The United States led the world in data breaches last year by a large margin, according to an analysis by Risk Based Security. Nearly half, 47.5 percent, of announced data breaches in 2016 that exposed user data came from the United States. (The Hill)

Hotel Ransom: Hackers successfully forced managers of a four-star Austrian hotel to pay more than a $1000 in bitcoin to regain control of the facility’s electronic key system. Analysts say the incident was the first reported case of cyber criminals exploiting a hotel in this way. (Newsweek)



  COURTS                                          

NSLs: Based on Twitter’s release of two national security letters last Friday, some legal analysts say the FBI may have gone beyond the scope of existing legal guidance for seeking certain kinds of internet records from the social media company. NSLs are usually issued with a temporary gag order, meaning the target is often unaware that records are being accessed. (Reuters)


  ON THE HILL                                    

Cyber Order: The Trump administration is reportedly working on an executive order calling for a large-scale review of national cybersecurity. According to a draft, Trump will ask a task force led by the secretary of defense to report within 60 days on the security of defense systems and critical infrastructure. (The Hill)

Russia: Senior Republican lawmakers are warning the Trump administration against lifting sanctions on Russia via executive order, suggesting they were poised to codify them if necessary. Sens. McCain (R-AZ) and Cardin (D-MD) have introduced legislation that would make the Obama sanctions law, and toughen them in response to Russia’s alleged meddling in the U.S. presidential election. (The Hill)


  PRIVATE SECTOR                             

Google: The tech giant is reportedly scrambling to forge ties with the new Trump administration and to strengthen its relationship with a Republican-dominated Congress. Many other Silicon Valley companies are in a similar predicament, analysts say. (NYT)

 

Microsoft: The company is expected to continue to invest over $1 billion annually on cybersecurity research and development in the coming years, a senior executive said. The amount does not include acquisitions Microsoft may make in the sector. (Reuters)

 

Blockchain: Cisco Systems, Bosch and several other companies have set up a consortium to research how blockchain can be used to secure and improve "internet of things" applications. Blockchain is a tamper-proof distributed record of transactions that is maintained by a network of computers. (Reuters)

Chipmakers: The global memory chip industry is heading into what's been called an ultra-super-cycle, as the challenge of making chips smaller yet more efficient has created supply bottlenecks. Analysts say Samsung appears best placed to benefit from the market cycle given its early and heavy investment in new technology. (Reuters)


  THE WORLD                                     

Russia: Authorities arrested a senior manager at Kaspersky Lab as part of a probe into Sergei Mikhailov, deputy head of the Information Security Center at the FSB, Russia's internal security service. The Russian government is investigating Mikhailov in connection to the receipt of money from a foreign organization. (PCWorld)

Saudi Arabia: Government officials warned organizations in the kingdom to be on the alert for the Shamoon virus, which cripples computers by wiping their disks. Former U.S. Defense Secretary Leon Panetta said the 2012 Shamoon attack on Saudi Aramco was probably the most destructive cyber attack on a private business. (Reuters)

MUST READS

Prospects for Rule of Law in Cyberspace: “This Letort Paper provides an overview of moves toward establishing international norms and the rule of law in cyberspace, and the potential for establishing further internationally accepted and enforceable standards of behavior. Completed in late 2015, it reflects the state of play in these areas at that time. It especially highlights opposing views on the nature of legality in cyberspace, and how and where those views are gaining global support,” writes Keir Giles for the Strategic Studies Institute.

 

Democracy, Hacked: “As a European living in the United States, I am prompted to ask how France and Germany could defend against politically motivated cyber operations. Promising retaliation like the Obama administration has done is only a partially effective deterrence strategy to protect the electoral process; countries must also have defenses that prevent such campaigns from succeeding in the first place,” writes Hugo Zylberberg on the Lawfare blog.

Staying Ahead on Cybersecurity: “It’s important to remember that the real day-to-day risk out there is something much more simple and basic, like phishing, which drives 80 to 90 percent of attack volumes today. And it will continue to. The attackers that are following on that still are those syndicates, or groups of attackers, and even your own employees, wittingly and unwittingly, rather than those sorts of very sophisticated nation-state actors,” says Marc Sorel on the McKinsey podcast.



 

Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.

Comment