NEWS
NEWS
NEWS
Privacy concerns rise after former Microsoft Bug Bounty developer asked to decrypt laptop at French airport
Katie Moussouris, chief policy officer at HackerOne who played a major role in developing Microsoft’s Bug Bounty Program, has aired her concerns after she was not only asked to turn on her laptop (standard procedure) at France’s Charles de Gaulle airport recently, but was asked to log-in to her device. After tweeting the incident, netizens became involved in an online dispute as to what this means in terms of privacy and security.
Personnel at CDG airport took Moussouris by surprise when for the first time, she says, in countless trips abroad, she was asked to log-in to her device. While some of the comments on her Twitter account later revealed that such a request by officials is not anomalous, Moussouris felt it an invasion of her privacy. She wrote on her blog, “The security agent at the gate had me pull out my laptop, turn it on, & further asked me to type in my password, which decrypted the full disk encryption of the drive, even after she saw that it did boot up.” She added that she has never known of anyone being asked to log-in to a device, and thought the incident “very unusual”.
Twitter speculation over the incident seemed to conclude that she was targeted because she works at a company that helps organizations run vulnerability programs. Although she quickly responded by saying that none of the employees at HackerOne have “access to organizations’ confidential vulnerability reports or their sensitive data.”
Moussouris puts the incident down to sheer over-zealousness by an official, although she adds that had she been asked to start typing on her laptop then she would have certainly missed her flight in order to see the consequences when one refuses to give up data and is then forced to against their will.
While her blog post seems lighthearted she did call the entire experience “unsettling”. Respondees to her tweet were not so phlegmatic, with one comment saying that the incident was a “plain abuse of power”. While refusing to decrypt information could result in imprisonment according to 434-15-2 in the Penal Code, it would seem that there must be reasonable cause to demand the decryption and also a warrant to be issued.
Photo credit: Paurian via photopin cc
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
