It’s been an eventful week in Washington and, amidst the shutdown shenanigans, Congress did something significant: they renewed a law that lets intelligence agencies collect a massive trove of communication data, which includes everything from Facebook messages to Gmail accounts to browser histories.
This surveillance process—think of it as a permanent suction tube plugged into big tech companies and overseas Internet cables—first came to light with Edward Snowden’s explosive revelations in 2013, but was going on well before that. And now it’s set to continue into at least 2024.
The question for Americans is how much they should worry about all this. While the idea of massive government surveillance sounds sinister, the reality is that the U.S. (unlike China) has a robust legal system to protect the privacy of its citizens.
In the case of the powerful spying law, known as Section 702 of the FISA Amendments Act, the surveillance power is directed at foreigners, not Americans. While there have been reports of the NSA and FBI using backdoor measures to target U.S. citizens, such incidents have hardly been pervasive.
As the Lawfare blog—a site that has done stupendous work in tracking and explaining arcane Section 702 events—reported, there may have been only a single incident of the FBI using its all-powerful database for matters unrelated to national security. Meanwhile, a secret court that helps oversee the intelligence agencies appears to be doing its job, ordering the spooks to tighten up the surveillance process so as not to sweep in Americans.
Still, it’s hard to feel assured. While the surveillance system hasn’t morphed into the Orwellian nightmare that critics fear—and has served its purpose as an effective anti-terror tool—the legal safeguards penning it up still feel flimsy. And as the Senate’s privacy hawk, Ron Wyden (D-Or), has pointed out, the system is too powerful for Congress to simply sign off on for another six years.
The upshot is that Americans will have to rely on the same opaque legal procedures to keep Big Brother at bay for the foreseeable future. But one consolation is that, even as legal safeguards for privacy are stalled, technological solutions may be arriving fast.
New identity management solutions based on blockchain (more on that below) promise a world where citizens don’t generate as much sensitive data in the first place. If these solutions come to pass, the idea of giant databases stuffed with personal information may become obsolete—and so will the existential threats to privacy. This may be no more than a futuristic dream but, for now, it may be all that we’ve got.
Thanks for reading. More cyber and fin-tech tibdits below.
Jeff John Roberts
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Bad guys break up with Bitcoin. The proportion of bitcoin transactions related to sites on the dark web (home to many of the net’s biggest criminal forums) has declined from 30% to less than 1%, according to a report from forensics firm Chainalysis. But as people switch to currencies like Monero for illicit transactions, crooks haven’t totally lost interest in bitcoin—the number of hacks and scams targeting the famous cryptocurrency has shot up dramatically.
Mobile attack surface. When you hear of “attacks” on big tech companies, it typically involves trojans or malware—not “pellet guns or…rocks.” And yet that is precisely what Google and Apple staff buses are facing on Silicon Valley highways, where a wave of assaults has led to broken windows and a quiet move by the companies to reroute their shuttles.
Blockchain a blessing for ID. Vinny Lingham of the buzzy startup Civic and others made the case for blockchain as the future of identity management during an interview with Fortune at Silicon Slopes. (Shout-out to the friendly folks of Utah for the great hospitality!) This could mean that, some day soon, people will be “self-sovereign” with the help of cryptographic keys.
Cyber bubble blues. It turns out there can be such a thing as too much security: Years of venture capitalists pumping money into cyber startups has produced a glut, which has been exacerbated by a trend of firms relying on fewer vendors to keep the hackers out. The upshot is the emergence of cyber-security “zombies” that are unable to conduct an IPO or get acquired.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
“While pump-and-dump scams typically target new ICOs, more established cryptocurrencies, like bitcoin and ethereum, are also vulnerable to manipulation via misinformation … That fake McAfee tweet, which a Big Pump Signal admin linked to in Telegram with instructions to retweet, may have been shared more than 1,300 times.”
—A smart exposé from Buzzfeed pulls back the curtain on some of the crypto charlatans that prey on the public—and each other—in a never-ending series of social media scams. It also singles out James Altucher, whose ads are found on every crypto website and who has repeatedly (and wrongly) predicted Amazon’s adoption of bitcoin.
Apple Users Are Facing a New Security Flaw: The ChaiOS ‘Text Bomb’, by Lisa Marie Segarra
Is Blockchain the Answer to Sexual Consent?, by Valentina Zarya
Android Surveillance Tool Can Steal WhatsApp Messages, by David Meyer
U.S. Warns Investors to Avoid Venezuela’s ‘Petro’ Cryptocurrency, by Jonathan Vanian
Cryptocurrency ETFs Are Off the Table for Now, SEC Says, by David Meyer
ONE MORE THING
The beatings will continue until morale improve. Leak-prone Snapchat issued a memo, warning “If you leak Snap Inc. information, you will lose your job and we will pursue any and all legal remedies against you…The government can even put you in jail.” The memo, of course, was leaked.