Archive

Archive for the ‘privacy and security’ Category

Offshore Outsourcing of Administrative Functions by State Medicaid Agencies

April 18, 2014 Comments off

Offshore Outsourcing of Administrative Functions by State Medicaid Agencies
Source: U.S. Department of Health and Human Services, Office of Inspector General

WHY WE DID THIS STUDY
Outsourcing occurs when State Medicaid agencies enter into agreements with contractors to perform administrative functions. Outsourcing can occur inside the United States (domestic outsourcing) or outside (offshore outsourcing) and can be direct (when a Medicaid agency contracts with an offshore contractor) or indirect (when a Medicaid agency’s contractor subcontracts to an offshore contractor). There are no Federal regulations that prohibit the offshore outsourcing of Medicaid administrative functions. However, the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to have business associate agreements (BAAs) to protect personal health information (PHI).

HOW WE DID THIS STUDY
We conducted a survey of 56 Medicaid agencies, including those of the District of Columbia and the U.S. territories. We asked Medicaid agencies (1) whether they had any policies, Executive Orders, State laws, or contract requirements (collectively, “requirements”) addressing the outsourcing of administrative functions offshore and (2) whether they directly or indirectly outsourced administrative functions offshore. For Medicaid agencies with outsourcing requirements, we asked whether these requirements address PHI and whether the Medicaid agencies monitor contractors’ compliance with the requirements. We reviewed the Medicaid agencies’ requirements and BAAs. For the Medicaid agencies that outsource offshore, we asked what types of administrative functions are outsourced offshore.

WHAT WE FOUND
Only 15 of 56 Medicaid agencies have some form of State-specific requirement that addresses the outsourcing of administrative functions offshore. The remaining 41 Medicaid agencies reported no offshore outsourcing requirements and do not outsource administrative functions offshore. Among the 15 Medicaid agencies with requirements, 4 Medicaid agencies prohibit the outsourcing of administrative functions offshore and 11 Medicaid agencies allow it. The 11 Medicaid agencies that allow offshore outsourcing of administrative functions each maintain BAAs with contractors, which is a requirement under HIPAA. Among other things, BAAs are intended to safeguard PHI. These 11 Medicaid agencies do not have additional State requirements that specifically address safeguarding PHI. Seven of the eleven Medicaid agencies reported outsourcing offshore through subcontractors, but none reported sending PHI offshore. If Medicaid agencies engage in offshore outsourcing of administrative functions that involve PHI, it could present potential vulnerabilities. For example, Medicaid agencies or domestic contractors that send PHI offshore may have limited means of enforcing provisions of BAAs that are intended to safeguard PHI. Although some countries may have privacy protections greater than those in the United States, other countries may have limited or no privacy protections.

About these ads

New From the GAO

April 17, 2014 Comments off

New GAO Report
Source: Government Accountability Office

Information Security: SEC Needs to Improve Controls over Financial Systems and Data. GAO-14-419, April 17.
http://www.gao.gov/products/GAO-14-419
Highlights - http://www.gao.gov/assets/670/662614.pdf

Preliminary Opinion of the European Data Protection Supervisor — Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy

April 14, 2014 Comments off

Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy (PDF)
Source: European Data Protection Supervisor

EU approaches to data protection, competition and consumer protection share common goals, including the promotion of growth, innovation and the welfare of individual consumers. In practice, however, collaboration between policy-makers in these respective fields is limited.

Online services are driving the huge growth in the digital economy. Many of those services are marketed as ‘free’ but in effect require payment in the form of personal information from customers. An investigation into the costs and benefits of these exchanges for both consumers and businesses is now overdue.

Closer dialogue between regulators and experts across policy boundaries can not only aid enforcement of rules on competition and consumer protection, but also stimulate the market for privacy-enhancing services.

Identifying Personality Disorders that are Security Risks: Field Test Results

April 9, 2014 Comments off

Identifying Personality Disorders that are Security Risks: Field Test Results (PDF)
Source: Defense Personnel Security Research Center

Accurate identification and assessment of employees with risky personality disorders is imperative for programs that involve access to nuclear materials, weapons, and biological select agents which depend on personnel maintaining mental health and reliable behavior. Certain risky personality disorders, however, are especially difficult to diagnose with routine assessment tools that rely on the subject’s self-report. To combat this issue, PERSEREC, in collaboration with Department of Energy, initiated a field test that examined whether an improved screening tool has utility for clinicians who routinely evaluate personnel in a high-risk program. Five clinicians used the Shedler-Westen Assessment Procedure (SWAP), along with its Dispositional Indicators of Risk Exposure (DIRE) subscale developed earlier, for a period of 4 months to evaluate 26 new candidates and current employees of concern. Debriefing interviews indicated that SWAP/DIRE was more effective than clinicians’ existing tools for establishing a positive rapport with the subject, assessing personality disorders, and making legally-defensible recommendations. Findings also include recommendations for using SWAP/DIRE methodology for identifying risky personnel.

Inspector Report: DOE/IG-0904 Review of Controls Over the Department’s Classification of National Security Information

April 9, 2014 Comments off

Inspector Report: DOE/IG-0904 Review of Controls Over the Department’s Classification of National Security Information
Source: U.S. Department of Energy, Office of Inspector General

The Department of Energy handles and manages a broad spectrum of classified information, including National Security Information (NSI). The Office of Health, Safety and Security’s Office of Classification, manages the Department-wide classification program and establishes policies to conform with Federal classification requirements. Implementation of classification requirements is shared among various organizations within the Department. In addition, the Department’s Office of Intelligence and Counterintelligence is required to follow NSI policies and procedures instituted by the Office of the Director of National Intelligence. Similarly, the Department’s National Nuclear Security Administration (NNSA) separately develops and implements policies and procedures, in coordination with the Office of Classification, for the protection and security of classified information at NNSA sites.

Our inspection revealed that the Department had established and implemented critical elements of its classified NSI program. However, our review revealed that certain aspects of the NSI program could be improved. For instance, our inspection determined that a classification marking tool embedded in the classified email system at an NNSA site automatically marked emails as Secret//Restricted Data, regardless of content. The classification related issues we observed occurred, in part, because of ineffective oversight of classification activities and inadequate training and guidance.

In general, we found management’s comments and planned corrective actions to be generally responsive to our report findings and recommendations.

Cyberculture and Personnel Security

April 8, 2014 Comments off

Cyberculture and Personnel Security
Source: Defense Personnel Security Research Center
Report I — Orientation, Concerns, and Needs (PDF)

Computers and related technologies, such as smart phones and video games, are now a common part of everyday life. Many people spend a large portion of their waking hours using and socializing through these devices, forming what is known as a cyberculture. Personnel security investigative and adjudicative standards were developed before these products were widely available; however, cyberculture bears relevance to personnel security due both to the presence of existing security issues and potential effects on psychological outcomes and workplace performance. Although cyberculture has many beneficial effects, this project evaluates how participation can negatively affect personnel security and employee performance. This initial report provides context, outlines presently actionable findings and strategies, highlights some questions that cannot yet be answered, and draws on outside research to guide future research. Information from many sources was examined, including academic research journals, other federal organizations, news reports, and cyber environments, to understand cyber activities relevant to personnel security. Participation is widespread in U.S. society and popular among all age groups. Some cyber activities, such as foreign associations, can be reportable per existing investigative criteria, so procedures should be updated appropriately and promptly. Other topics require research before action is recommended. One concern is how online disinhibition, where people who become more willing to disclose personal information, deceive, or become hostile, affects personnel security. Increased willingness to disclose may amplify the counterintelligence concerns for individuals targeted by hostile parties. There are also many potential negative effects on impulse control, mental health, physical health, and workplace behavior. Future research is intended to further guide policy, workforce awareness, investigations, and adjudications.

Report II – Ethnographic Analysis of Second Life (PDF)

This report presents the results from an ethnographic examination of a popular virtual social environment, Second Life, as the second part of a larger effort to study the impact of participation in cyber activities on personnel security and safety. Research has shown that cyber participation can spill over into individuals’ offline lives, which could be of security concern to the extent that their online behavior demonstrates poor judgment and/or undermines their reliability. Several immersive ethnographic methods were used in the present study, including participation observation, group discussions, and one-on-one interviews with 148 Second Life users who resembled the demographics of clearance holders. The reported findings include a description of behaviors of potential concern, a set of case studies that outline the behaviors of actual users, and a framework of user personas that attempts to distinguish between innocuous use of no apparent security concern from problematic use that may pose risks to national security. These findings contain implications for updating personnel security policy regarding cyber involvement.

Adjudicative Desk Reference: Assisting Security Clearance Adjudicators, Investigators, and Security Managers in Implementing the U.S. Government Personnel Security Program

April 8, 2014 Comments off

Adjudicative Desk Reference: Assisting Security Clearance Adjudicators, Investigators, and Security Managers in Implementing the U.S. Government Personnel Security Program (PDF)
Source: Defense Personnel and Security Research Center

The Adjudicative Desk Reference (ADR) is a comprehensive collection of background information on the 13 categories of behavior considered when determining an individual’s eligibility for a security clearance. For each category of behavior, the ADR provides information that an adjudicator or manager might want to know about that behavior before making a decision, or that an investigator should know in order to formulate appropriate questions. This background information is not U.S. Government policy and may not be cited as authority for denial or revocation of access. The ADR recently was updated to reflect changes in the adjudicative guidelines and new academic research on the topics covered by these guidelines. It has been recommended by the Security Executive Agent Advisory Committee as a job aid to assist security clearance adjudicators, personnel security investigators, and security managers in implementing personnel security policy. It has also proven useful to appeals panels and lawyers dealing with security clearance decisions, personnel officers making suitability and trustworthiness decisions, and Employee Assistance Program counselors.

CRS — Overview of Constitutional Challenges to NSA Collection Activities and Recent Developments

April 7, 2014 Comments off

Overview of Constitutional Challenges to NSA Collection Activities and Recent Developments (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

Beginning in the summer of 2013, media reports of foreign intelligence activities conducted by the National Security Agency (NSA) have been widely published. The reports have focused on two main NSA collection activities approved by the Foreign Intelligence Surveillance Court (FISC) established under the Foreign Intelligence Surveillance Act (FISA) of 1978. The first is the bulk collection of telephony metadata for domestic and international telephone calls. The second involves the interception of Internet-based communications and is targeted at foreigners who are not within the United States, but may also inadvertently acquire the communications of U.S. persons. As public awareness of these programs grew, questions about the constitutionality of these programs were increasingly raised by Members of Congress and others. This report provides a brief overview of these two programs and the various constitutional challenges that have arisen in judicial forums with respect to each.

New From the GAO

April 2, 2014 Comments off

New GAO Report and Testimonies
Source: Government Accountability Office

Report

1. Information Technology: IRS Needs to Improve the Reliability and Transparency of Reported Investment Information. GAO-14-298, April 2.
http://www.gao.gov/products/GAO-14-298
Highlights - http://www.gao.gov/assets/670/662231.pdf

Testimonies

1. Information Security: Federal Agencies Need to Enhance Responses to Data Breaches, by Gregory C. Wilshusen, director, information security issues, before the Senate Committee on Homeland Security and Governmental Affairs. GAO-14-487T, April 2.
http://www.gao.gov/products/GAO-14-487T
Highlights - http://www.gao.gov/assets/670/662228.pdf

2. Veterans’ Health Care: Oversight of Tissue Product Safety, by Marcia Crosse, director, health care, before the Subcommittee on Oversight and Investigations, House Committee on Veterans’ Affairs. GAO-14-463T, April 2.
http://www.gao.gov/products/GAO-14-463T
Highlights - http://www.gao.gov/assets/670/662225.pdf

3. Missile Defense: Mixed Progress in Achieving Acquisition Goals and Improving Accountability, by Cristina T. Chaplain, director, acquisition and sourcing management, before the Subcommittee on Strategic Forces, Senate Committee on Armed Services. GAO-14-481T, April 2.
http://www.gao.gov/products/GAO-14-481T
Highlights - http://www.gao.gov/assets/670/662252.pdf

High Interest GAO Testimony — Information Security: Federal Agencies Need to Enhance Responses to Data Breaches

April 2, 2014 Comments off

Information Security: Federal Agencies Need to Enhance Responses to Data Breaches
Source: Government Accountability Office

The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years (see figure).

As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security program, which is essential for securing agency systems and the information they contain—including PII. Specifically, agencies have had mixed results in addressing the eight components of an information security program called for by law, and most agencies had weaknesses in implementing specific security controls. GAO and inspectors general have continued to make recommendations to strengthen agency policies and practices.

In December 2013, GAO reported on agencies’ responses to PII data breaches and found that they were inconsistent and needed improvement. Although selected agencies had generally developed breach-response policies and procedures, their implementation of key practices called for by Office of Management and Budget (OMB) and National Institute of Standards and Technology guidance was inconsistent. For example,

  • only one of seven agencies reviewed had documented both an assigned risk level and how that level was determined for PII data breaches; two agencies documented the number of affected individuals for each incident; and two agencies notified affected individuals for all high-risk breaches.
  • the seven agencies did not consistently offer credit monitoring to affected individuals; and
  • none of the seven agencies consistently documented lessons learned from their breach responses.

Incomplete guidance from OMB contributed to this inconsistent implementation. For example, OMB’s guidance does not make clear how agencies should use risk levels to determine whether affected individuals should be notified. In addition, the nature and timing of reporting requirements may be too stringent.

USPS OIG — Information Storage Security: Audit Report

April 2, 2014 Comments off

Information Storage Security: Audit Report (PDF)
Source: U.S. Postal Service, Office of Inspector General

The Data Management Services group did not manage the storage environment in accordance with Postal Service security requirements because its managers did not provide adequate oversight of the storage teams. They did not, for example, conduct periodic employee access reviews. The absence of proper security practices and training increases the likelihood of an adverse impact on Postal Service operations, such as an outage of a customerdependent system.

In addition, the Corporate Information Security Office did not provide guidance for storage environments as it has for operating systems, databases, and telecommunication security. Establishing minimum security expectations for storage environments can reduce the likelihood of critical system and application outages throughout Postal Service operations.

CRS — Reform of the Foreign Intelligence Surveillance Courts: Introducing a Public Advocate

March 31, 2014 Comments off

Reform of the Foreign Intelligence Surveillance Courts: Introducing a Public Advocate (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

Recent revelations about the size and scope of government foreign surveillance efforts have prompted some to criticize the level of scrutiny that the courts—established under the Foreign Intelligence Surveillance Act of 1978 (FISA)—currently provide with respect to the government’s applications to engage in such surveillance. In response to concerns that the ex parte nature of many of the proceedings before the FISA courts prevents an adequate review of the government’s legal positions, some have proposed establishing an office led by an attorney or “public advocate” who would represent the civil liberties interests of the general public and oppose the government’s applications for foreign surveillance. The concept of a public advocate is a novel one for the American legal system, and, consequently the proposal raises several difficult questions of constitutional law.

Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar

March 28, 2014 Comments off

Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar
Source: RAND Corporation

Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits) and take (e.g., credit card information). This report, part of a multiphase study on the future security environment, describes the fundamental characteristics of these markets and how they have grown into their current state to explain how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options to minimize the potentially harmful influence these markets impart. Experts agree that the coming years will bring more activity in darknets, more use of crypto-currencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions; that the ability to stage cyberattacks will likely outpace the ability to defend against them; that crime will increasingly have a networked or cyber component, creating a wider range of opportunities for black markets; and that there will be more hacking for hire, as-a-service offerings, and brokers. Experts disagree, however, on who will be most affected by the growth of the black market (e.g., small or large businesses, individuals), what products will be on the rise (e.g., fungible goods, such as data records and credit card information; non-fungible goods, such as intellectual property), or which types of attacks will be most prevalent (e.g., persistent, targeted attacks; opportunistic, mass “smash-and-grab” attacks).

Senate Commerce Committee — Staff Report Details Target’s Missed Opportunities to Stop Massive Data Breach

March 28, 2014 Comments off

Staff Report Details Target’s Missed Opportunities to Stop Massive Data Breach
Source: U.S. Senate Committee on Commerce, Science, and Transportation

Chairman John D. (Jay) Rockefeller IV today released a staff report titled, “A ‘Kill Chain’ Analysis of the 2013 Target Data Breach.” The report details how Target possibly failed to take advantage of several opportunities to prevent the massive data breach in 2013 when cyber criminals stole the financial and personal information of as many as 110 million consumers.

Rockefeller will formally introduce the report tomorrow when he chairs his third full Committee hearing on data security. The hearing, titled, “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches”, will explore the dangers to consumers posed by recent data breaches. The Chairman will also highlight legislation he recently introduced, the Data Security and Breach Notification Act, that would – for the first time – establish strong, federal consumer data security and breach notification standards. The hearing will begin at 2:30pm in Russell 253. The hearing will also be webcast live via the Senate Commerce Committee website.

Home Location Identification of Twitter Users

March 27, 2014 Comments off

Home Location Identification of Twitter Users
Source: arXiv.org

We present a new algorithm for inferring the home location of Twitter users at different granularities, including city, state, time zone or geographic region, using the content of users tweets and their tweeting behavior. Unlike existing approaches, our algorithm uses an ensemble of statistical and heuristic classifiers to predict locations and makes use of a geographic gazetteer dictionary to identify place-name entities. We find that a hierarchical classification approach, where time zone, state or geographic region is predicted first and city is predicted next, can improve prediction accuracy. We have also analyzed movement variations of Twitter users, built a classifier to predict whether a user was travelling in a certain period of time and use that to further improve the location detection accuracy. Experimental evidence suggests that our algorithm works well in practice and outperforms the best existing algorithms for predicting the home location of Twitter users.

Hat tip: ResearchBuzz

New From the GAO

March 26, 2014 Comments off

New GAO Reports and Testimonies
Source: Government Accountability Office

Reports

1. International Food Aid: Better Agency Collaboration Needed to Assess and Improve Emergency Food Aid Procurement System. GAO-14-22, March 26.
http://www.gao.gov/products/GAO-14-22
Highlights - http://www.gao.gov/assets/670/661963.pdf

2. Medicare: Certain Physician Feedback Reporting Practices of Private Entities Could Improve CMS’s Efforts. GAO-14-279, March 26.
http://www.gao.gov/products/GAO-14-279
Highlights - http://www.gao.gov/assets/670/661980.pdf

3. Federal Contracting: Noncompetitive Contracts Based on Urgency Need Additional Oversight. GAO-14-304, March 26.
http://www.gao.gov/products/GAO-14-304
Highlights - http://www.gao.gov/assets/670/661984.pdf

Testimonies

1. USDA Litigation: Limited Data Available on USDA Attorney Fee Claims and Payments, by Eileen R. Larence, director, homeland security and justice, before the Subcommittee on Conservation, Energy, and Forestry, House Committee on Agriculture. GAO-14-458T, March 26.
http://www.gao.gov/products/GAO-14-458T
Highlights - http://www.gao.gov/assets/670/661943.pdf

2. Critical Infrastructure Protection: Observations on Key Factors in DHS’s Implementation of Its Partnership Approach, by Stephen L. Caldwell, director, homeland security and justice, and Gregory C. Wilshusen, director, information security issues, before the Senate Committee on Homeland Security and Governmental Affairs. GAO-14-464T, March 26.
http://www.gao.gov/products/GAO-14-464T
Highlights - http://www.gao.gov/assets/670/661946.pdf

3. F-35 Joint Strike Fighter: Slower Than Expected Progress in Software Testing May Limit Initial Warfighting Capabilities, by Michael J. Sullivan, director, acquisition and sourcing management, before the Subcommittee on Tactical Air and Land Forces, House Committee on Armed Services. GAO-14-468T, March 26.
http://www.gao.gov/products/GAO-14-468T

Cost-benefit analysis of airport security: Are airports too safe?

March 26, 2014 Comments off

Cost-benefit analysis of airport security: Are airports too safe? (PDF)
Source: Journal of Air Transport Management

This paper assesses the risks and cost-effectiveness of measures designed to further protect airport terminals and associated facilities such as car parks from terrorist attack in the U.S., Europe, and the Asia-Pacific area. The analysis considers threat likelihood, the cost of security measures, hazard likelihood, risk reduction and expected losses to compare the costs and bene fi ts of security measures to decide the optimal security measures to airports. Monte-Carlo simulation methods were used to propagate hazard likelihood, risk reduction and loss uncertainties in the calculation of net benefits that also allows probability of cost-effectiveness to be calculated. It is found that attack probabilities had to be much higher than currently observed to justify additional protective measures. Overall, then, it is questionable whether special efforts to further protect airports are sensible expenditures. Indeed, some relaxation of the measures already in place may well be justified.

Defense Department Press Briefing on Implementation Plans as a Result of the Washington Navy Yard Shooting Investigations and Reviews by Secretary Hagel and Navy Secretary Mabus in the Pentagon Briefing Room

March 24, 2014 Comments off

Defense Department Press Briefing on Implementation Plans as a Result of the Washington Navy Yard Shooting Investigations and Reviews by Secretary Hagel and Navy Secretary Mabus in the Pentagon Briefing Room
Source: U.S. Department of Defense

Okay. Six months ago, the Department of Defense lost 12 members of its family in a senseless act of violence at the Washington Navy Yard. I said at the time that where there are gaps or inadequacies in the department’s security, we’ll find them and we’ll correct them.

And accordingly today, I’m announcing steps DoD is taking to enhance physical security at our installations and improve security clearance procedures responding to lessons learned from this terrible, terrible tragedy. These new measures are based on the recommendations of two reviews that I ordered in the aftermath of the shooting, including an internal review, led by Undersecretary of Defense for Intelligence Michael Vickers, and an outside review, led by former Assistant Secretary of Defense Paul Stockton, who is with us today, and retired Admiral Eric Olson.

Secretary Mabus, who joins me here this morning, also directed the Department of the Navy to conduct its own reviews of security standards, which complemented our work. I appreciate the hard work and the thorough analysis that went into all of these efforts by all of these people.

The reviews identified troubling gaps in DoD’s ability to detect, prevent, and respond to instances where someone working for us, a government employee, member of our military, or a contractor, decides to inflict harm on this institution and its people.

Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents

March 24, 2014 Comments off

Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents
Source: California Department of Justice
From press release:

Attorney General Kamala D. Harris today issued recommendations to California businesses to help protect against and respond to the increasing threat of malware, data breaches and other cyber risks.

The guide, Cybersecurity in the Golden State, provides recommendations focused on small to mid-sized businesses, which are particularly vulnerable to cybercrime and often lack the resources to hire cybersecurity personnel. In 2012, 50% of all cyber attacks were aimed at businesses with fewer than 2,500 employees and 31% were aimed at those with less than 250 employees.

New Digital Economy Task Force Report Addresses Digital Economy, Illicit Activity

March 21, 2014 Comments off

New Digital Economy Task Force Report Addresses Digital Economy, Illicit Activity
Source: Thomson Reuters and the International Centre for Missing & Exploited Children

The Digital Economy Task Force (DETF) sponsored by Thomson Reuters and the International Centre for Missing & Exploited Children (ICMEC) today released its report on the emerging digital economy and recommendations for policy makers, financial institutions, law enforcement and others to encourage its growth while preventing the sexual exploitation of children and other criminal activity.

The digital economy and anonymizing technology hold great promise and societal value, from offering financial tools to the world’s unbanked, to protecting dissidents and journalists from unjust government reprisal, said Rubley. But these benefits are clouded by those who use and exploit the digital economy to commit illegal acts. While these are all complicated issues, we believe that a regulatory framework can grow the digital economy and confront those who seek to exploit it for illicit purposes.

The recommendations offered by the DETF include: private and public sector efforts to continue research into the digital economy and illegal activities; invest in law enforcement training; rethink investigative techniques; foster cooperation between agencies; promote a national and global dialogue on policy; and more.

The central challenge is Internet anonymity. There is an emerging “dark web” that enables users to pay for their illegal transactions using digital currencies,” said Allen. “There is a difference between privacy and anonymity. We simply cannot create an environment in which traffickers and child exploiters can operate on the Internet with no risk of being identified unless they make a mistake.”

Follow

Get every new post delivered to your Inbox.

Join 776 other followers