House Committee Report on Stingray Usage by Law Enforcement

The House Oversight and Government Reofmr Committee this week released its final report on Law Enforcement Use of Cell-Site Simulation Technologies: Privacy Concerns and Recommendations (PDF). The report reviews the use of cell phone stingray tracking devices by law enforcement agencies.

From the report’s executive summary,

While law enforcement agencies should be able to utilize technology as a tool to help officers be safe and accomplish their missions, absent proper oversight and safeguards, the domestic use of cell-site simulators may well infringe upon the constitutional rights of citizens to be free from unreasonable searches and seizures, as well as the right to free association. Transparency and accountability are therefore critical to ensuring that when domestic law enforcement decide to use these devices on American citizens, the devices are used in a manner that meets the requirements and protections of the Constitution.

. . .

At the [October 21, 2015] hearing, it became evident that prior to the Committee’s investigation, the component law enforcement entities of DHS and DOJ had different policies and procedures governing their use of this technology and the agencies were not always obtaining a probable cause based warrant prior to deploying these devices. The new policies substantially changed how the agencies obtain authorization to deploy cell-site simulation technology. The new policies also introduced a measure of uniformity to how the various component agencies of each department used cell-site simulators, and importantly, required the agencies to obtain a warrant supported by probable cause in the majority of situations.

OpenVPN 2.4 Audit Moving Forward

Private Internet Access, which is a VPN provider, announced this week that it is going to fund an audit of OpenVPN 2.4. The audit will be led by Dr. Matthew Green, assistant professor at the John Hopkins Information Security institute. According to PIA’s announcement,

Private Internet Access has contracted Dr. Green as an independent consultant to do a comprehensive evaluation of the version of OpenVPN that is currently available on GitHub and search for security vulnerabilities. Once OpenVPN 2.4 is out of beta and released, the final version will be compared and evaluated to complete the security audit.

The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect. Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.

Once the independent audit is completed, Private Internet Access will share the final report with OpenVPN prior to releasing the results to the public. Furthermore, we will work with OpenVPN to ensure that any discovered vulnerabilities are fixed before publishing.

This is excellent news. Nice to see a company that relies on these open Internet systems to put some money up to ensure their users are secure.