Court Favors Challenge To Device Searches

   BOSTON, MASS — 5/10/2018 — The Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU), and the ACLU of Massachusetts won a court ruling on May 10 allowing their lawsuit challenging unconstitutional searches of electronic devices at the U.S. border to proceed—a decision described as a victory for the digital rights of all international travelers..
   EFF and ACLU represent 11 travelers—10 U.S. citizens and one lawful permanent resident—whose smartphones and laptops were searched without warrants at the U.S. border. The case, Alasaad v. Nielsen—filed in September against the Department of Homeland Security—asks the court to rule that the government must have a warrant based on probable cause before conducting searches of electronic devices, which contain highly detailed personal information about people’s lives. The case also argues that the government must have probable cause to confiscate a traveler’s device.
   A federal judge in Boston today rejected DHS’s request throw the case out, including the argument that dismissal was justified because the plaintiffs couldn’t show they faced substantial risk of having their devices searched again. Four plaintiffs already have had their devices searched multiple times.
   "This is a big win for the digital rights of all international travelers," EFF Staff Attorney Sophia Cope said. "The court has rejected the government's motion to dismiss all claims in the case, so EFF and ACLU can move ahead to prove that our plaintiffs’ Fourth and First Amendment rights were violated when their devices were seized and searched without a warrant.”
  Immigration and Customs Enforcement (ICE) policy allows border agents to search and confiscate anyone’s device for any reason or for no reason at all. Customs and Border Protection (CBP) policy allows border device searches without a warrant or probable cause, and usually without even reasonable suspicion. Last year, CBP conducted more than 30,000 border device searches, more than triple the number just two years earlier.
    “The court has rightly recognized the severity of the privacy violations that travelers face when the government conducts suspicion-less border searches of electronics,” ACLU attorney Esha Bhandari said, who argued the case last month. “We look forward to arguing this case on the merits and showing that these searches are unconstitutional.”

For the ruling:
https://www.eff.org/document/alasaad-v-nielsen-order-denying-defendants-motion-dismiss
For more on this case:
https://www.eff.org/cases/alasaad-v-duke

A full list of the plaintiffs:
  • Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.
  • Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.
  • Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.
  • Jeremy Dupin is a journalist living in Massachusetts.
  • Aaron Gach is an artist living in California.
  • Isma’il Kushkush is a journalist living in Virginia.
  • Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.
  • Zainab Merchant, from Florida, is a writer and a graduate student in international security and journalism at Harvard.
  • Akram Shibly is a filmmaker living in New York.
  • Matthew Wright is a computer programmer in Colorado
For the court ruling:
https://www.eff.org/document/alasaad-v-nielsen-order-denying-defendants-motion-dismiss

For more on border searches:
https://www.eff.org/wp/digital-privacy-us-border-2017
For more ACLU information on this case:
https://www.aclu.org/news/aclu-eff-sue-over-warrantless-phone-and-laptop-searches-us-border

Firm: Gamification May Help Fight Cybercrime

   SANTA CLARA, Calif. -- (BUSINESS WIRE) -- 4/4/2018 -- McAfee, the device-to-cloud cybersecurity company, released Winning the Game on April 4, a new report investigating key challenges facing IT security organizations in terms of threats, technology investment and skills required to win the fight against cyberthreats. The survey revealed that concerted efforts to increase job satisfaction, automation in the Security Operations Center (SOC) and gamification in the workplace are key to beating cybercriminals at their own game.
   The landscape for cyberthreats is growing, both in complexity and volume. According to the report, 46 percent of respondents believe that in the next year they will either struggle to deal with the increase of cyberthreats or that it will be impossible to defend against them. Further complicating the dynamics of the competition between security responder and cybercriminal is the cybersecurity skills crisis. Survey respondents believe they need to increase their IT staff by nearly a quarter (24 percent) in order to manage the threats their organizations are currently facing, while 84 percent admit it is difficult to attract talent and 31 percent say they do not actively do anything to attract new talent.
   “With cybersecurity breaches being the norm for organizations, we have to create a workplace that empowers cybersecurity responders to do their best work,” said Grant Bourzikas, chief information security officer at McAfee. “Consider that nearly a quarter of respondents say that to do their job well, they need to increase their teams by a quarter, keeping our workforce engaged, educated and satisfied at work is critical to ensuring organizations do not increase complexity in the already high-stakes game against cybercrime.”
Automation 
   The growing threat landscape and recruitment and retention challenges facing the cybersecurity workforce demand automation as a key ingredient in the game against cyberattackers. By pairing human intelligence with automated tasks and putting human-machine teaming in practice, automated programs handle basic security protocols while practitioners have their time freed up to proactively address unknown threats.
   -- Eighty-one percent believe their organization’s cybersecurity would be safer if it implemented greater automation
   -- A quarter say that automation frees up time to focus on innovation and value-added work
   -- Nearly a third (32 percent) of those not investing in automation say it is due to lack of in-house skills
Gamification 
   Gamification, the concept of applying elements of game-playing to non-game activities, is growing in importance as a tool to help drive a higher performing cybersecurity organization. Within organizations that hold gamification exercises, hackathons, capture-the-flag, red team-blue team or bug bounty programs are the most common, and almost all (96 percent) of those that use gamification in the workplace report seeing benefits. In fact, respondents who report they are extremely satisfied with their jobs are most likely to work for an organization that runs games or competitions multiple times per year.
  -- More than half (57 percent) report that using games increases awareness and IT staff knowledge of how breaches can occur
   -- Forty-three percent say gamification enforces a teamwork culture needed for quick and effective cybersecurity
   -- Three-quarters (77 percent) of senior managers agree that their organization would be safer if they leveraged more gamification

The Next Generation of Cyberthreat Hunters 
   To address the shortage of skilled cybersecurity workers, the report findings suggest that gamers, those engaged and immersed in online competitions, may be the logical next step to plugging the gap. Nearly all (92 percent) of respondents believe that gaming affords players experience and skills critical to cybersecurity threat hunting: logic, perseverance, an understanding of how to approach adversaries and a fresh outlook compared to traditional cybersecurity hires.
   -- Three-quarters of senior managers say they would consider hiring a gamer even if that person had no specific cybersecurity training or experience
  -- More than three quarters (78 percent) of respondents say the current generation entering the workforce, who have been raised playing video games, are stronger candidates for cybersecurity roles than traditional hires
   -- Seventy-two percent of respondents say hiring experienced video gamers into the IT department seems like a good way to plug the cybersecurity skills gap
   Methodology: McAfee commissioned market researcher Vanson Bourne to survey 300 senior security managers and 650 security professionals in public-sector and private-sector organizations with 500 or more employees in the U.S., U.K., Germany, France, Singapore, Australia and Japan. The aim of the research was to gain insight into the key challenges facing IT security organizations in terms of threats, technology investment, and skills and to identify the winning strategies and techniques for fighting back.