The bipartisan campaign against changes to Rule 41, which would expand government hacking powers, is now bicameral...
Reps. Ted Poe (R-Texas) and John Conyers (D-Mich.) introduced H.R. 5321 the Stop Mass Hacking Act, a companion bill to the legislation introduced earlier this month by Senators Ron Wyden (D-Ore.) and Rand Paul (R-Ky.).
The changes to Rule 41 of the Federal Rules of Criminal Procedure recently approved by the U.S. Supreme Court give government and law enforcement agencies the legal authorization to hack any number of computers, located in any jurisdiction, with a single warrant from a federal magistrate. If Congress does not act before December 1, 2016, the changes to Rule 41 will go into effect.
"[The] government does not have the authority to unilaterally legalize widespread government hacking," Poe said. "Americans have rights. It is Congress' responsibility to safeguard the constitutional rights of the people they represent from a power hungry executive branch. As such, we are moving to stop this change that condones hacking the property of the very people we are entrusted to protect."
Other co-sponsors of the House bill include Blake Farenthold (R-Texas) and Zoe Lofgren (D-Calif.).
In other news:
- Google could eliminate passwords within the year, at least for Android devices, according to Dan Kaufman, director of Google ATAP. Kaufman told Google I/O 2016 attendees that "trust scores," calculated from user-specific data including location, biometrics and typing peculiarities, could soon replace passwords. Kaufman said tests are slated to begin running this June at "several very large financial institutions." If all goes well, the new Trust API should be available to Android developers by the end of the year.
- The OWASP Top 10 Project put out a call for submissions to update the Top 10 list of "the most critical Web application security flaws." Last updated in 2013, the update to the OWASP Top 10 is scheduled for release no later than 2017. The Open Web Application Security Project wrote that they "are making an open data call so anyone with application vulnerability statistics can contribute their data to the project." Data for the update must be submitted by July 20, 2016, and all contributed data will be published, "so that anyone can review it to understand what input was considered to produce this update, and for other uses as well." While the project is not interested in OS or network-level flaws, it is seeking Web application vulnerability statistics relating to flaws "in the code itself, the libraries the applications use, or in the configuration of the environment the applications run in."
- The Tor Project has developed a novel way to generate random numbers that it claims are actually random. "A 'distributed random number generator' is a system where multiple computers collaborate and generate a single random number in a way that nobody could have predicted in advance (not even themselves)," the Tor Project reported in a blog post. "Such a system will be used by next generation onion services to inject unpredictability into the system and enhance their security." The Tor developers tested the new system at their recent Montreal hidden service hackfest. "As far as we know, a distributed random generation system like this has never been deployed before on the Internet."
Learn more about whether Tor usage is an enterprise security risk.