Security News This Week: The US Used the Patriot Act to Justify Logging Website Visitors

WIRED

Photograph: Alamy

The two stories that have dominated headlines in the US in 2020, the Covid-19 pandemic and the presidential election, were still in the news this week as virus cases and death tolls rise and the promise of a vaccine looms. New research, though, indicates that phishers have been targeting vaccine development groups and particularly organizations that work on the global cold chain, which will be crucial for storing and shipping vaccine doses worldwide. Meanwhile, President Donald Trump has continued to spread falsehoods and conspiracy theories about the validity of his loss to president-elect Joe Biden. On Tuesday, though, US attorney general William Barr went on record saying that the Justice Department has not seen fraud on a scale that could have effected a different outcome in the election, a crucial pronouncement that leaves the Trump reelection campaign with even fewer options to contest the result.

A “magical bug” in iOS, now patched, could have let an attacker take full control of any iPhones in the hacker’s Wi-Fi range and then automatically worm the infection to other nearby devices. Startups are rushing to develop tools that can vet artificial intelligence systems to find vulnerabilities and loopholes before they can be exploited. And the hackers behind the notorious botnet TrickBot have added malware capabilities to check if a target device’s firmware is vulnerable to attack and, if so, burrow deeper for long-term persistence.

In good news, a coalition of internet infrastructure groups is making progress securing the foundational internet data-routing system known as Border Gateway Protocol. And as Google looks to offer end-to-end encryption in the RCS messaging protocol, it plans to use the open source Signal Protocol, which already underpins secure messaging app Signal as well as giants like WhatsApp. Now that it may roll out to Android’s 2 billion users, we took a look at how the protocol works and what you need to know about it.

And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The US Used the Patriot Act to Justify Monitoring Who Visited Popular Websites

The US government has been using Section 215 of the Patriot Act to justify allowing law enforcement to log who visits certain popular web pages, according to documents obtained by The New York Times. The government has not gone so far as to collect users’ keyword searches in search engines, but it has felt emboldened to monitor website visitors without a warrant. Section 215 and a couple of other surveillance provisions of the Patriot Act expired in March as the US descended into pandemic social distancing and lockdown measures, and Congress has still not made headway on how to reinstate or revise it. The law allows the FBI to seek clandestine court orders to collect any data from a business that connects to national-security-related investigations.

The news about identifying visitors to certain pages was concerning to privacy and digital rights advocates. Our web-browsing records are windows into some of the most sensitive information about our lives, Patrick Toomey, a senior staff attorney with the ACLU’s National Security Project said in a statement on Thursday. The FBI should not be collecting this information without a warrant. If Congress considers reviving Section 215 at all, it must prohibit the government from abusing this surveillance law to track the web-browsing activities of people in the United States.