Mobile chipmaker ARM introduces a new security framework to increase IoT security, while congress reforms a bill that allows intelligence agents to spy on citizens. Will ARM and congress get us any closer to improving IoT security and privacy? (Photo via Getty)
The Internet of Things was supposed to make our lives easier, but lately, it’s given us nothing but headaches. It feels like every other week there’s a report of another data breach causing you to check your accounts every hour – security is a big issue blocking IoT. It’s clear IoT has some security and privacy issues, so how can they be fixed? UK mobile chip maker ARM, which created chips used by Qualcomm and Samsung, thinks they have the answer with their new security framework Platform Security Architecture (PSA).
PSA helps designers build security directly into the device’s firmware. The main component of the new framework is an open source reference “Firmware-M” that the company plans to reveal for Amrv8-M systems early next year. The PSA also gives designers IoT threat models security analyzes, and hardware and firmware architecture specifications.
So far, several tech giants like Google, Cisco, Sprint, and Softbank have signed on to support PSA. While the company wants to expand the coverage of this framework, for now, they’ll be focusing on IoT. We’ll have to wait until next year to see if the framework actually improves issues of security and privacy. We could also, you know, not have every device be smart, like smart clothing.
Before you rest easy thinking IoT issues are about to be solved, there’s another fight regarding privacy and security happening in Congress. This one involves the NSA’s internet surveillance program. Recently, new legislation was introduced to reform Section 702 of the Foreign Internet Intelligence Surveillance Act. This allows intelligence agencies to keep an eye on communications of foreign targets living outside the US. But the agencies can also get information on US citizens if they’re in contact with the non-citizens being monitored.
The section will expire at the end of the year, and the new legislation would renew the act for four years. It would also require the NSA to get a warrant before searching through a US citizens communications. People can also more easily challenge the law in court and provide the Civil Liberties Oversight Board more oversight power.
"Congress must not continue to allow our constitutional standard of 'innocent until proven guilty' to be twisted into 'If you have nothing to hide, you have nothing to fear.' The American people deserve better from their own government than to have their Internet activity swept up in warrantless, unlimited searches that ignore the Fourth Amendment," said Senator Rand Paul said in a statement.
While US intelligence officials see Section 702 as a vital tool for fighting national and cybersecurity threats, the legislation has come under fire. Privacy advocates believe the bill doesn’t have enough safeguards. Others think it might expand the US government’s surveillance powers and could ultimately be exploited. If you want to read more about the bill, check out a one-page summary here.
Have a story tip? Message me at: cabe(at)element14(dot)com