20.1.17

CIA Reveals New Rules on Gathering and Use of Americans' Digital Information - Trump's Top Appointees "Hacked"

In its last week of office, the Obama administration has implemented new rules governing the CIA’s authority to collect and use information on U.S. persons, including increased limitations regarding large digital datasets that could contain personal information. Also of note, all of the rules are now publically available on the CIA website, in a demonstration of transparency. The Obama Administration has spent years consolidating and redrafting the rules—an update to Executive Order 12333, known as the Attorney General Guidelines—and issued the comprehensive set, detailed across 41 pages, just before the incoming Trump administration takes power. CIA director John Brennan signed off on the rules on January 10, while Attorney General Loretta Lynch did the same just this past Tuesday; the new rules will go into effect in March.

The Cipher Take: The new rules reinforce the CIA’s requirement to focus on foreign intelligence collection and leave domestic operations to the appropriate agencies. While it is difficult to compare against the previous set of rules—which remain classified—the new rules seem to address concerns of the modern digital era where datasets can contain millions of files, raising the chance of incidental collection on Americans. Unevaluated data now must be purged after five to 25 years, depending on the sensitivity of the material. The new rules also require more stringent documentation for justifying searches on American identifiers like names, as well as periodic audits of search to ensure compliance. However, because the rule changes are the result of executive action, the incoming Trump administration could reverse the new protections upon taking office—potentially revealing the reason behind posting them online.

The UK’s Channel 4 news reported the passwords used by some of Donald Trump’s incoming cabinet members and top staff—including cybersecurity advisor Rudy Giuliani and national security advisor Michael Flynn—have been leaked online in mass hacks. The passwords, some encrypted, and personal data such as emails addresses, were exfiltrated during breaches of websites like LinkedIn, Myspace, Dropbox and others between 2012 and 2016, and are accessible either through the original datasets, or for a fee of $4 on a website providing the data on Trump’s top appointees.

The Cipher Take: While the news is certainly alarming, it is not all that surprising given that the vast majority of individuals who have used Internet services at one point or another have had information such as email addresses and passwords compromised. The way to address this problem is by using different passwords across multiple platforms as well as two-factor authentication. Security experts suggest that given the vulnerabilities plaguing Giuliani’s website, this is not unexpected. This information also comes after Anonymous, a loose collective of online activists, threated to expose information on those within the Trump administration—not to mention nation-states like Russia who have a history of releasing, or threatening to release, compromising information to undermine and manipulate individuals.

https://www.thecipherbrief.com/subscribe

No comments :