Skip to content Skip to navigation

Friday Cyber News, July 15 2016

Cyber technology-related news and links from around the web, for the week of 7/9 - 7/15:

1. The US 9th Circuit Court of Appeals released a surprising ruling involving the CFAA, which opens itself to the interpretation that accessing someone's website when they've told you not to is a federal crime, as is sharing your password, or using your spouse's account to log into a website. A 9th Circuit en banc decision in the password sharing case decided that violating the terms of service of a website is not itself a violation of the CFAA (presumably because terms of service can be narrow and capricious, and it's not always clear whether you're violating them), which provides constraints on this issue related to the additional use of a cease and desist order. Still, the rulings raise the question of how public a free website is meant to be, and how to disentangle strict consent rules from the "everyone does it, though" mores of sharing accounts. [Washington Post; EFF]

2. Let's say you want an intelligence agency to be able to gather data about unknown targets while not infringing on the privacy of non-targets. Here are a couple of advances on protocols--contact chaining and set intersection--to preserve privacy for lawful surveillance. On the opposite side of that coin, a US appellate court ruled this week that Microsoft's email servers in Ireland are out of bounds for the US DOJ; across the pond, the UK's Home Secretary may be able to ban end-to-end encryption through the Investigatory Powers bill. [Arxiv/Yale;; CSM Passcode; The Register]

3. As Pokemon Go exploded in popularity, some questioned the ability of the app to access a Google account, prompting the app's creators to revise this permission setting. Probably no one's emails were read--this wasn't a (Cor)phishing* scam--but the oversight and the way it was fixed illustrate the problem with privacy policies that aren't clear about why they need what they ask for, and don't offer options to customize access beyond not using the app. (*There's a Pokemon named Corphish, apparently. Other cybersecurity Pokemon include Archeops-sec, Mewtwo-factor, and Haxorus...additional suggestions welcome). [Buzzfeed; iMore]

4. Policies for data release that preserve privacy and make strong claims about anonymity require new legal processes, argue NYU and Samford legal scholars. Nowadays every claim that data have been deidentified is a siren call for privacy researchers, but statistical disclosure limitation can provide more accurate claims and standards. Sometimes identification is the point, though; hacker Guccifer released more DNC documents this week, highlighting the inability of government security efforts to keep pace with hackers and continuing to raise concerns that Guccifer isn't the Romanian he claims to be, and may have ties to Russian intelligence services. Guccifer's leaks came up in Comey's testimony to Congress over Hillary Clinton's emails, as well; Senators, who are divided over whether it's pronounced "goose-ifer" or "gooch-ifer", are concerned that the State Department can't even say whether its communications were accessed. [Nellco; The Hill]

5. The military is struggling to properly target its "cyber bombs" aimed at ISIS, and cautions that this war won't be won in cyberspace. GCHQ is also struggling to outpace hackers, and private companies like Google may be better able to devote resources to a cyber arms race. [Washington Post; Telegraph]

6. The reward for mining Bitcoin was cut in half last weekend, part of a program of planned decreases in the reward as the system grows. Ignore the now-out-of-date headline; a report from UCL questions the profitability of Bitcoin mining after the "halvening"--the cost of mining a block is approximately $10k. [Techcrunch; Coindesk]

7. LED lightbulbs are upending an industry in which planned obsolescence was part of the profit model--can we apply the same frame of mind to a technology industry where constant updates and operating system releases lead to orphaned technologies that accumulate security risks? [New Yorker]

8. To make AI more useful, it needs to be democratized: making AI and computer learning technology easier to use (practically and legally) will help the tech help you. If you're worried about AI taking over, perhaps it will be comforting to know that neural networks are still quite bad at tasks like writing new Harry Potter stories. [Keras; Medium]

9. Cyber insurance has been slow to take off in Europe, but is expected to grow quickly as the German market responds to increasing cyber crime. [Reuters]

10. The Cybersecurity of Pizza Places report: because your credit card info is only as secure as the least secure place where you type it in. [Medium]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at