Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Tesla driver started his car using smartphone app, drove outside of cellphone range, and got stranded when he stopped to readjust dogs' beds and could not restart the car. http://www.dailymail.co.uk/news/article-4128220 I call this a product defect. If the car goes outside of cellphone range without having been started with a key, it should assume that the driver has no key. Actually, the guy had a wireless connection to the car, so the app should have been able to use that to restart the car, but that was not supported. The app required the cellphone network. One of these days, a Tesla will be found in the desert with a couple of skeletons in the front seats.
[What could go wrong with this? Let's count the ways...] Alex Davies, *WiReD*, 5 Jan 2017 https://www.wired.com/2017/01/nissans-self-driving-teleoperation/ “This is it!'' Maarten Sierhuis says. “I mean, look at this.'' He points to a photo of road construction at an intersection in Sunnyvale, California, near Nissan's Silicon Valley research center, which Sierhuis runs. A line of cones shunts traffic to the left side of the double yellow line. The light is red. A worker holds a *Slow* sign. It's the sort of seemingly unremarkable situation that can trigger convulsions in the brain of an autonomous vehicle. “There is so much cognition that you need here,'' Sierhuis says. The driver -- or the car—has to interpret the placement of the cones and the behavior of the human worker to understand that in this case, it's OK to drive through a red light on the wrong side of the road. “This is not gonna happen in the next five to ten years.'' It's a stunning admission, in its way: Nissan's R&D chief believes the truly driverless car—something many carmakers and tech giants have promised to deliver within five years or fewer—is an unreachable short-term goal. Reality: one; robots: zero. Even a system that could handle 99 percent of driving situations will cause trouble for the company trying to promote, and make money off, the technology. “We will always need the human in the loop,'' Sierhuis says. But Nissan has a solution: a call center with human meatbags ready to take command via remote control. Call for Help Now, if you've ever telephoned a cable provider, airline, or insurance company for customer service, the idea of a driverless car that relies on headset-wearing cubicle-dwellers hardly seems cutting edge. But Sierhuis says his team's idea, called Seamless Autonomous Mobility, is a simple, scalable answer to the fiendish problem of making robot drivers do everything humans can. Other players in the autonomous field aren't about to announce their tech can't match the vagaries of the real world, but they have looked into remote human backups—*teleoperation*, in the parlance of the business. It's going to be massively important,” says Karl Iagnemma, co-founder and CEO of self-driving startup nuTonomy, which is developing a remote control system. Even cars that can handle just about anything will have the occasional failure, even if that's being hit by another vehicle. And in that case, you want a human around to decide what to do. It's like an elevator, Iagnemma says: You don't need a human operator, but you've still got a button to call for help when you need it. Google's self-driving car outfit, Waymo, has studied the idea, a spokesperson says. Uber declined to comment on teleoperation, but in 2015 the company filed a patent for a system that would let an autonomous vehicle follow a human-driven car, or get help from a remote operator. Stealthy self-driving car startup Zoox has a patent for a “teleoperation system and method for trajectory modification of autonomous vehicles''; Toyota has one for “remote operation of autonomous vehicle in unexpected environment.'' Now, Nissan's cubicle-based drivers aren't emergency backups. If the car hits black ice, it's in charge of staying on the road. There's no feasible way to get the human into the loop in time to act. But they can help out when the car encounters conditions it's unsure how to handle. If a Nissan happened upon the construction scene from Sierhuis' photo, it would stop and ping its control center. A human operator would look around using the car's cameras and other sensors and issue new instructions—direct control would pose latency issues. Like: When it's safe, cross the double yellow and get back to the right side after 20 yards. Or a new instruction set could ensure packages and disabled passengers get dropped off in exactly the right spot, and help assess potentially dangerous situations on the road. But most of all, the teleoperator is there to make sure the car's doesn't just shut down when it's too dumb to know what's going on. [...]
If you've been stuck in an airport because of delays recently, you already know how bad a highly automated society will be. https://qz.com/881454/automation-is-already-here-and-its-taking-jobs-and-annoying-customers/
Banks learn from major breaches, that many of them have serious cybersecurity weaknesses in access to SWIFT and other services, but somehow are slow to implement protection from cybercrime hitting them again and again. Also many governments impose safety rules on business, which are not applied to governments. They are real good at blaming SWIFT, when it was the banks being breached by hackers that made this possible. Yes, there is bogus info communicated via SWIFT, but this was made possible by the banks being compromised first. Hackers infiltrate govt-owned bank systems to create fake trade docs The banks discovered that their SWIFT systems—the global financial messaging service banks use to move millions of dollars and documents across borders every day—have been compromised. January 16, 2017, 08:13 IST Indian banks are waking up to a new kind of cyber attack. Hackers recently infiltrated the systems of three government-owned banks—two head headquartered in Mumbai and one in Kolkata—to create fake trade documents that may have been used to raise finance abroad or facilitate dealings in banned items. The banks in question discovered that their SWIFT systems—the global financial messaging service banks use to move millions of dollars and documents across borders every day—have been compromised to create fake documents. [...] http://tech.economictimes.indiatimes.com/news/technology/hackers-infiltrate-govt-owned-bank-systems-to-create-fake-trade-docs/56583688 https://www.databreaches.net/hackers-infiltrate-indian-govt-owned-bank-systems-to-create-fake-trade-docs/ It started with 3 banks owned by the Gov of India. It did not stop there. There is more than one scam in progress, enabled by poor security banking practices in India. http://timesofindia.indiatimes.com/city/jaipur/ed-attaches-39-offices-at-world-trade-park/articleshow/56250971.cms Several nations push a cashless society, with inadequate planning, leading to a mountain of problems, of their own making. (Recently India, Venezuela). http://www.business-standard.com/article/economy-policy/govt-advised-rbi-on-note-ban-1-day-before-modi-s-announcement-report-117011000251_1.html http://swarajyamag.com/economy/how-demonetisation-choked-pakistans-fake-currency-influx-into-india
via NNSquad https://www.eff.org/deeplinks/2017/01/finally-revealed-cloudflare-has-been-fighting-nsls-years We're happy to be able to announce that Cloudflare is the second courageous client in EFF's long-running lawsuit challenging the government's unconstitutional national security letter (NSL) authority. Cloudflare, a provider of web performance and security services, just published its new transparency report announcing it has been fighting the NSL statute since 2013. Like EFF's other client, CREDO, Cloudflare took a stand against the FBI's use of unilateral, perpetual NSL gag orders that resulted in a secret court battle stretching several years and counting. The litigation—seeking a ruling that the NSL power is unconstitutional —continues, but we're pleased that we can at long last publicly applaud Cloudflare for fighting on behalf of its customers. Now more than ever we need the technology community to stand with users in the courts. We hope others will follow Cloudflare's example.
Traveler Alert via Dave Farber Knowing about the "Silent Solution," the U.K.'s emergency service for those in situations who cannot for whatever speak, could save a life. http://www.frequentbusinesstraveler.com/2017/01/traveler-alert-in-u-k-silent-emergency-assistance-can-come-to-the-rescue/
Fahmida Y. Rashid, InfoWorld, 11 Jan 2017 Admins, act now to avoid ransomware and other forms of extortion -- you won't likely get your data back even when you pay http://www.infoworld.com/article/3156573/security/pay-the-ransom-you-wont-get-your-data-back.html selected text: As ransomware attacks soared last year, opinions divided on whether victims should pay the ransom to recover their encrypted data. A year ago, it looked like there was a good chance that paying meant getting the data back, but that seems to be no longer the case. In fact, many ransom payments are going to criminals who didn't compromise the database in the first place. One attacker steals the data, wipes the database, and leaves behind the ransom note. Another attacker comes along and overwrites the ransom note with their own, and other attackers keep piggybacking on top of each other. At this point, there's no reason to pay because victims don't know who actually has their database.
Lucian Constantin, InfoWorld, 11 Jan 2017 The new ransomware program features strong offline decryption and a new payment scheme. http://www.infoworld.com/article/3156967/security/professionally-designed-ransomware-spora-might-be-the-next-big-thing.html Security researchers have found a new ransomware program dubbed Spora that can perform strong offline file encryption and brings several innovations to the ransom payment model. The malware has targeted Russian-speaking users so far, but its authors have also created an English version of their decryption portal, suggesting they will likely expand their attacks to other countries soon.
Chronicle of Higher Education, via NNSquad http://www.chronicle.com/article/Googlethe-Misinformed/238868 Digital media platforms like Google and Facebook may disavow responsibility for the results of their algorithms, but they can have tremendous—and disturbing—social effects. Racist and sexist bias, misinformation, and profiling are frequently unnoticed byproducts of those algorithms. And unlike public institutions (like the library), Google and Facebook have no transparent curation process by which the public can judge the credibility or legitimacy of the information they propagate. That misinformation can be debilitating for a democracy—and in some instances deadly for its citizens.
via NNSquad IMAGE AT: https://plus.google.com/+LaurenWeinstein/posts/VY2THHRhcio?sfc=true Here's another obvious example. In the run-up to the election a fake transcript claimed that Hillary Clinton had called Sanders supporters a "bucket of losers." The usual right-wing hate sites started spreading this immediately, and some mainstream media (including FOX News) treated it as legit, even though it was almost immediately determined to be completely faked. Yet as you can see, months later, the top Google search result for the search: bucket of losers or clinton bucket of losers still presents the fake story as real—at one of the origin sites for the fake itself. The majority of the other links on the first SRP also present the story as legit. A few links expose the story as fake, but truncation of the headline texts in the search results make this less than obvious to the casual viewer. Overall, the page gives an extremely misleading representation, and in particular the lack of labeling of the top link (which I believe has maintained that position for an extended period of time) is extremely problematic.
BBC via NNSquad http://www.bbc.com/news/business-38631847 The world's largest social network said it would enable German users to flag potentially false stories. The stories will then be passed to third-party fact-checkers and if found to be unreliable, will be marked in users' news feeds as "disputed". It is the first major rollout of the fake news features announced by Facebook in December. "Last month we announced measures to tackle the challenge of fake news on Facebook," the company said on Sunday in a German-language statement. Good. Facebook should do the same thing here, and Google needs to get on the ball and follow Facebook's lead, especially here in the USA. The exact mechanisms and flows may be different and more highly automated, but the status quo is untenable. REFERENCES: https://lauren.vortex.com/2017/01/08/my-mock-up-for-labeling-fake-news-on-google-search https://lauren.vortex.com/2016/12/06/action-items-what-google-facebook-and-others-should-be-doing-right-now-about-fake-news
Sharon Gaudin, Computerworld, 11 Jan 2017 Analysts question whether a social network can be held responsible for users' actions http://www.infoworld.com/article/3156611/social-networking/families-of-isis-victims-sue-twitter-for-being-weapon-for-terrorism.html selected text: The families of three Americans killed in ISIS terror attacks are suing Twitter for allegedly knowingly providing support for the terrorist group and acting as a "powerful weapon for terrorism." "While I certainly can sympathize with the families, it's hard for me to see how Twitter can be held responsible for the rise of ISIS and their terror activities," said Dan Olds, an analyst with OrionX. "Let's imagine the world a few decades ago, before the Internet. Would someone try to hold AT&T responsible for criminal activities that were planned over the telephone? Or is the printing press manufacturer responsible for magazines that encourage terrorism that were printed using presses they built and sold? " "There is no way of effectively policing those sites based upon affiliation or behavior," Shimmin said. "Twitter itself has gone to some extreme measures to single out and remove accounts engaged in this sort of thing. That will help, and I think such efforts are a moral responsibility for Twitter and other social networking vendors, but those actions can't rule out future misuse."
http://www.nytimes.com/2017/01/11/technology/how-netflix-is-deepening-our-cultural-echo-chambers.html There was a lot to criticize about broadcast TV, but it brought the nation together. Streaming services are doing the opposite.
Adobe released yesterday Acrobat Reader DC 15.023.20053 that included fixes for 29 security issues. Along with the security fixes, this update package also silently installs the Adobe Acrobat extension into the user's Chrome web browser. The installation process is covert, but the next time users open their Chrome browser, they'll be notified by Chrome's security systems that a new extension has been added. https://www.bleepingcomputer.com/news/software/adobe-acrobat-reader-dc-update-installs-chrome-browser-extension/ ...complete with scary permissions and monitoring.
NNSquad https://www.bleepingcomputer.com/news/software/adobe-acrobat-reader-dc-update-installs-chrome-browser-extension/ The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the user's Chrome browser. There is no mention of this "special package" on Acrobat's changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Completely unacceptable. If this isn't against Google's TOS, it should be. Adobe should be utterly ashamed of themselves. I recommend that users REFUSE to enable this extension when the Chrome popup asks to enable it. Click "Remove from Chrome" instead. And let Adobe know how you feel about this sort of behavior.
Clever study finds surprising results on Chinese government manipulation of social media. Contrary to widespread belief, manipulators are paid employees, not piecework workers (derided as "50c party" for alleged rate per posting), and they do not vociferously defend government policy. Instead, they try to distract undesirable threads onto other subjects. http://gking.harvard.edu/50c
Greg Hadley, McClatchyDC, 11 Jan 2017 Two former Microsoft employees have accused the tech giant of failing to help them after they suffered from PTSD as a result of their job. http://www.mcclatchydc.com/news/nation-world/national/article125953194.html opening text: Child abuse. Pornography. Bestiality. Murder. As part of their job, moderators for social websites have to view some of the most disturbing videos and photos on the Internet. Once the employees have determined that the images violate the company's community standards and the law, they delete the accounts of the people who posted them and report the incidents to the National Center for Missing & Exploited Children, per federal law. Unsurprisingly, having to watch upsetting content like that every day takes a toll on moderators. But two Microsoft employees say their company, one of the largest in the world, failed to provide them with proper support as their mental health deteriorated and they began showing symptoms of Post-Traumatic Stress Disorder, or PTSD.
CBC, The Canadian Press, 15 Jan 2017 NEWPORT, R.I.—In a secret telegram a century ago, Germany tried to get Mexico to join its side during World War I by offering it territory in the United States. Britain intercepted, deciphered and shared the "Zimmermann Telegram." Historians, seeing parallels to today, say there's a lot to be learned. [...] https://ca.news.yahoo.com/secret-wwi-telegram-holds-lessons-134300998.html
NNSquad https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari Your browser or password manager's autofill might be inadvertently giving away your information to unscrupulous phishers using hidden text boxes on sites. Finnish web developer and hacker Viljami Kuosmanen discovered that several web browsers, including Google's Chrome, Apple's Safari and Opera, as well as some plugins and utilities such as LastPass, can be tricked into giving away a user's personal information through their profile-based autofill systems.
Evidently the website of his company is riddled with security flaws. https://twitter.com/fienen/status/819657572483563520 Giuliani Security: - Expired SSL - Doesn't force https - Exposed CMS login - Uses Flash - Using EOL PHP version - SSL Lab grade of F http://www.theregister.co.uk/2017/01/13/giuliani_joomla_outdated_site/
The new Systems Security Engineering (SSE) web site is now live on CSRC. Check out http://csrc.nist.gov under the Hot Topics section. Or go directly to <http://csrc.nist.gov/sse>. Systems security engineering contributes to a broad-based and holistic security perspective and focus within the systems engineering effort. This ensures that stakeholder protection needs and security concerns associated with the system are properly identified and addressed in all systems engineering tasks throughout the system life cycle. Ron S. Ross, Ph.D. Project Leader FISMA Implementation Project Joint Task Force Transformation Initiative Systems Security Engineering Initiative National Institute of Standards and Technology Attn: Computer Security Division 100 Bureau Drive (Mailstop 7730) Gaithersburg, MD 20899-7730 [RISKS has from its beginning been an advocate of sound engineering, particularly as it relates to the development of trustworthy critical computer-based systems, in hardware and software. This NIST Systems Security Engineering Project seems like a worthy step in that direction. In particular, consider its first report, NIST Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. Some of that report will be particularly relevant to those of you developing trustworthy systems with safety requirements, because such systems must also be secure, and reliable, and much more. PGN]
via NNSquad https://www.engadget.com/2017/01/11/fbi-allegedly-paid-geek-squad-for-evidence/ Last May, the defense in a child pornography trial alleged that the FBI used a member of electronics retailer Best Buy's tech support team, Geek Squad, to peer into the accused's computer on the hunt for evidence of child pornography. Since then, the defense's lawyers revealed that the FBI had cultivated at least eight of the company's IT handyfolk over a four-year period to serve as confidential informants, who all received some payment for turning over data. Obviously, this raises serious questions about whether sending devices into the repair shop forfeits a person's right to privacy or unreasonable search and seizure.
...Congress has been stupid for a while: Two decades ago, Congress picked a particularly bad way to save money. Lawmakers, in a frenzy of federal budget-cutting, decided to fire their own dedicated corps of advisers on science and technology. The Office of Technology Assessment (OTA)—a group of about 140 primarily PhD experts who educated members of Congress and performed deep-dive studies to inform legislation—was disbanded in order to save taxpayers about $20 million a year. But the cut was ultimately costly. Failures ranging from an unworkable cybersecurity bill to lawmakers' ineffective oversight of NSA surveillance programs are directly attributable to Congress' inability to make sense of technology issues, and at least partially attributable to the elimination of the OTA. In its budget-cutting zeal over the past two decades, Congress also reduced funding for committee staff by roughly a third—meaning many of the economists, issue experts, and agency veterans responsible for managing fact-finding hearings and designing major legislation lost their jobs. So, too, did dozens of researchers at Congress' other leading analytical agencies, the Government Accountability Office and Congressional Research Service. Today, America's legislative research agencies have 20 percent less staff than they did in 1979. https://www.wired.com/2017/01/universities-must-help-educate-woefully-uninformed-lawmakers/
President-elect Trump's cleansing of Obama appointees continues at pace today, as /Gizmodo /reports that the head of the National Nuclear Security Administration (NNSA) will be clearing out his desk on January 20th. The NNSA is the agency in charge of the day-to-day administration of America's stockpile of nuclear weapons. It's a $12-billion-a-year organization that's a crucial component of the nuclear deterrent, and until Trump appoints and confirms replacements, it will be leaderless. As Gizmodo explains, the implications of having no director or deputy running the NNSA are worrying. In addition to the day-to-day administration of the nuclear stockpile, the execs would normally be in charge of securing the NNSA's budget in Congress, and working with the new administration on the nuclear rebuild that Trump has promised. https://www.yahoo.com/tech/trump-just-said-firing-people-charge-securing-america-180751230.html What could go wrong with THAT? Gabriel Goldberg, Computers and Publishing, Inc. gabe@gabegold.com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433
I highly recommend this documentary, and further the book it was based on. It's a chilling look at many aspects including individual heroism midst the USAF dithering and indecision.... while Rome burned err Arkansas nearly vaporized. But [spoiler alert..] the most chilling statement to me was late in the film. RISKS readers know too well about large systems' reluctance to learn from their failures. (ref: Dyson's "Make *new* mistakes...") But the weapons expert at Sandia charged with that failure analysis discovered only years into his tasking that USAF had been hiding the majority of their incidents from him....
Unilateral disarmament does not work, 20th century is a sufficient lesson. Unilateral declarations are usually not perceived as binding and thus are even less meaningful. International treaties only make sense when all sides perceive and treat them as binding. Here, again, the experience with the USSR (e.g., Krasnoyarsk radar) teaches us that our counter-parties are likely to follow the treaties only as far as we can detect and prove violations. IOW, we are in the "wild west" wrt the cyber warfare and are likely to remain there for the foreseeable future (as long as the attack source cannot be reliably verified to the complete satisfaction of laymen - like, e.g., the source of an artillery shell can be today). This is a sorry state, but the way out is not "forswearing violence". > ... But in today's bizarre political debate, hacking another nation's > systems may be deemed more reprehensible than assassination or bombing > their capitol city. In a way, it is. Direct and obvious violence forces a certain level of responsibility on the agents: we cannot deny what we did and this makes us think twice before we do that. Covert action, like computer hacking, allows for "plausible deniability" and thus lowers perceived cost of intervention. Sam Steingold (http://sds.podval.org/) on darwin http://steingoldpsychology.com http://www.childpsy.net
For those with a longer attention span, I recommend the book this show is based on: Command and Control: Nuclear Weapons, the Damascus Accident, and the Illusion of Safety by Eric Schlosser.
Why is the millisecond precise position of the sun more important than all other uses of time? As I explained in http://rmf.vc/MediumLeapSeconds, it is impossible to handle the leap-second "properly" because it requires undefining the minute. There is no reason to have a so-called leap second. Very simply we are dealing with two timescales: TAI which is similar to what is in our computers - epoch + seconds. If we want to convert to the human representation of hh:mm:ss we can do so and we can convert back. We use this notation for everyday uses such as train schedules. UTC which is about tracking the sun. We can compute UTC from TAI using additional knowledge about the rotation of the Earth but only for past values of UTC. We cannot do this conversion for the future because we don't have the knowledge. There is no reason to make UTC the standard for day to day use. We don't need millisecond accuracy when we have time zones that can be hours off from the position of the sun on earth. In 5000 years, if observers on earth really care about their mechanical clocks, we can add another daylight-style adjustment in our conversion from TAI to hh:mm:ss and be done with it. As I note in my essay the obsession with sundial compatibility creates many problems with the Cloudflare problem being only the latest. For example computer database simply don't handle it so even if we care about millisecond accuracy we don't know whether the time value takes it into account so we have an uncertainty of nearly a minute! What puzzles me is why such an effort to try to handle the leap-second when it cannot be done and is not needed for day-to-day-use. Those who care need more precision than UTC and already deal with it. The rest of us keep running into new bugs as we try to do the impossible.
https://www.schneier.com/crypto-gram/archives/2017/0115.html Bruce's 15 Jan 2017 issue includes these these items among others: Attributing the DNC Hacks to Russia Are We Becoming More Moral Faster Than We're Becoming More Dangerous? Security Risks of TSA PreCheck Law Enforcement Access to IoT Data
Winter is Coming: Why Vladimir Putin and the Enemies of the Free World Must Be Stopped http://www.publicaffairsbooks.com/book/hardcover/winter-is-coming/9781610396202 Trump, Putin and the Dangers of Fake News <https://www.the-parallax.com/2017/01/16/kasparov-trump-putin-fake-news/>
Jennifer Granick American Spies: Modern Surveillance, Why You Should Care, and What to Do About It Cambridge University Press, 2017 http://www.americanspies.com/ Jennifer Granick's book shows how surveillance law has fallen behind surveillance technology, giving American spies vast new power, and guides the reader through proposals for reining in massive surveillance with the ultimate goal of reform. U.S. intelligence agencies—the eponymous American Spies—are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance. Written for a general audience by a surveillance law expert, this book educates readers about how the reality of modern surveillance differs from popular understanding. Weaving the history of American surveillance—from J. Edgar Hoover through the tragedy of September 11th to the fusion centers and mosque infiltrators of today—the book shows that mass surveillance and democracy are fundamentally incompatible. Granick shows how surveillance law has fallen behind while surveillance technology has given American Spies vast new powers. She skillfully guides the reader through proposals for reining in massive surveillance with the ultimate goal of surveillance reform. Granick is an expert on computer crime and security, electronic surveillance, security vulnerability disclosure, encryption policy and the Fourth Amendment. In March of 2016, she received Duo Security's Women in Security Academic Award for her expertise in the field, as well as her direction and guidance for young women in the security industry. Before teaching at Stanford, Granick practiced criminal defense law in California. Facebook page: https://www.facebook.com/AmericanSpiesBook/ Also, see an item from Kathleen Gabel, Stanford news online, 10 Jan 2017: Stanford Law's Jennifer Granick winner of the Palmer Prize http://news.stanford.edu/thedish/2017/01/10/stanford-laws-jennifer-granick-wins-palmer-prize-for-new-book/ Jennifer Granick, lecturer-in-law and director of civil liberties at the Stanford Center for Internet and Society, won the 2016 IIT Chicago-Kent College of Law/Roy C. Palmer Civil Liberties Prize for her book American Spies: Modern Surveillance, Why You Should Care, and What to Do About It. The award honors scholarship exploring the tension between civil liberties and national security in contemporary American society. The IIT Chicago-Kent College of Law/Roy C. Palmer Civil Liberties Prize was established to encourage and reward public debate among scholars on current issues affecting the rights of individuals and the responsibilities of governments throughout the world. [The other co-winner of the prize is Laura K. Donohue, for her book, The Future of Foreign Intelligence: Privacy and Surveillance in the Digital Age, Oxford University Press, 2016.] [It is intriguing that these books were both published in the UK (reflecting the centuries-old British competition between Cambridge and Oxford), and written by distinguished women. However, I presume knighthood will not be forthcoming for either the Sir-Veillers, or the Sur-Veiled. In any event, it is very timely to have books seriously digging in to this particular topic.]
Please report problems with the web pages to the maintainer