The US Supreme Court has ruled that a police officer who obtained information from a licence database for a civilian, in exchange for money, did not violate federal hacking laws. The ruling clarifies the scope of the Computer Fraud and Abuse Act of 1986 (CFAA) and what kind of conduct can be prosecuted. The CFAA became law after the US government found cybercrimes and hacking were not sufficiently addressed by legislation at the time. The case arose after the Federal Bureau of Investigation caught former Georgia police officer, Nathan Van Buren, using his patrol-car computer to access a law enforcement database to retrieve information about a particular license plate number in exchange for money. When making the search, Van Buren used his own, valid credentials. After Van Buren was first charged, a US District Court convicted him of two charges: Violating police department policy of obtaining database information for a personal purpose and violating the CFAA by using a computer network in a way contrary to his job. Van Buren appealed those charges, however, which eventually brought the case to the US Supreme Court and its judgment. At the Supreme Court, the justices ruled 6-3 in favour of Van Buren as he had access to the database as part of his valid credentials. When making that ruling, the justices framed their judgment on whether Van Buren “exceeded his authorised access” when accessing the license plate database.

“In the computing context, ‘access’ references the act of entering a computer ‘system itself’ or a particular ‘part of a computer system,’ such as files, folders, or databases,” Justice Amy Coney Barrett said, who wrote the majority opinion. “It is thus consistent with that meaning to equate ‘exceed[ing] authorised access’ with the act of entering a part of the system to which a computer user lacks access privileges.” The three judges who dissented against the decision, Justices Clarence Thomas, Samuel Alito, and John Roberts, believed that Van Buren did breach the hacking laws as he was forbidden from using the computer to obtain the licence information. “Van Buren’s conduct was legal only if he was entitled to obtain that specific license-plate information by using his admittedly authorised access to the database. He was not. A person is entitled to do something only if he has a ‘right’ to do it,” Thomas wrote in his dissenting opinion. In making the dissent, Thomas analogised Van Buren’s conduct to an employee pulling an alarm for a self-motivated reason or a valet accessing a patron’s car and then proceeding to go on a joyride. “An employee who is entitled to pull the alarm in the event of a fire is not entitled to pull it for some other purpose, such as to delay a meeting for which he is unprepared,” Thomas wrote. With the judgment, the CFAA charge against Van Buren has been dropped, while the charge for violating department policy remains intact. Related Coverage More

Kerry Wan/ZDNETFollow ZDNET: Add us as a preferred source More

If you dabble in bitcoin or other cryptocurrencies, then you may be able to get away with storing your private keys in a software wallet. But if you are serious about crypto, are mining your own bitcoins, or have serious cash invested in crypto, then a hardware wallet is something that you need to seriously consider.

A cutting-edge hardware wallet

Here we have a compact hardware wallet that not only holds your cryptocurrency private keys but can also a device that can be used to store passwords and even be used as a U2F hardware token.The Trezor Model T is easy to use thanks to its touchscreen display. Another nice feature of the Model T is that it is quick and easy to set up; you can be up and running after going through three simple setup steps.

$179 at Amazon

Everything is protected by a PIN code

This is a hardware bitcoin wallet that looks like a USB flash drive. The Ledger Nano S supports more than 30 different cryptocurrencies (including Bitcoin, Ethereum, XRP, Bitcoin Cash, EOS, Stellar, Dogecoin, and many more), and all ERC20 tokens, and everything is protected by an 8-digit PIN code.

$51 at Amazon

For those who want high security

This is the hardware wallet for those who are ultra-paranoid or who want high security. The ColdCard Mk3 device is a high-security device that is built around high-security hardware and open-source software. It also features a brilliant OLED display and a full-sized numeric keypad.You can augment the ColdCard with a range of accessories, including an adapter that allows you to power the ColdCard from a 9V PP3 battery, protecting you from attacks that might make use of a compromised USB charger.

$120 at Coinkite

Fireproof, waterproof, shockproof, and hacker-proof

Made from indestructible 316-marine grade stainless steel, this is a cold storage cryptocurrency wallet that’s designed and built to be fireproof, waterproof, shockproof, and hacker-proof. This is the perfect tool for keeping your seed phrases secure, which would allow you to recover your private keys in the event that you lose or break your electronic hardware wallet.

$106 at Amazon

What is a bitcoin wallet?

A bitcoin wallet is a device that stores and manages the private keys you hold for your cryptocurrency. They act much like how you keep money in your wallet or purse, or how your bank details are stored on your credit or debit cards.

What are the different kinds of cryptocurrency wallets?

There are two kinds of wallets: Hardware and software. A software wallet is an app that lives on your computer or smartphone, or even on the web, while a hardware wallet is a separate physical device (much like a wallet or purse). This hardware wallet is connected to a PC or mobile device to carry out transactions.Software wallets range in price from free to, well, not free, so they are great for those starting out. Since hardware wallets cost you money, there’s a financial investment that you have to make right from the beginning.

Why do you need a hardware wallet?

It’s important to note that you don’t need a hardware wallet to buy, store, or send bitcoins or any other cryptocurrency. Some people hold many thousands of dollars in bitcoin or other cryptocurrencies and don’t use a hardware wallet.However, where hardware wallets shine is the improved security that they offer compared to an app that lives on a smartphone, computer, or in the cloud. Having a device that puts an air gap between your private keys and other apps, the internet, and the bad guys offers vastly improved security from hackers and viruses.Hardware bitcoin wallets put you in complete and total control over your private keys.

What are the pros and cons of hardware crypto wallets?

ProsImproved security: Total air gap between your private keys and everything else.Better control: You hold your keys and can keep them separate from all your other devices.Easy transportation: Bitcoin hardware wallets are small and easily transported. But they can also be stored securely in a safe or safety deposit box.No reliance on a third-party app or web service: Apps and services come and go.ConsCost: Hardware bitcoin wallet solutions aren’t free.Extra complexity: There’s always a learning curve with hardware, and some bitcoin wallets have quite advanced features that will have you reaching for the manual.Loss, destruction, theft: Hardware can break, be lost, be stolen, become obsolete, or succumb to all sorts of mishaps.Another thing to take care of: If you need to make a transaction, you’ll need your wallet!

What should you consider when buying a cryptocurrency hardware wallet?

Yes, a hardware bitcoin wallet offers greater security, but you still need to make sure that you are buying a decent device from a reputable source.You also need to decide how much security you need. For some, having the air gap of a separate wallet is good enough, while others will feel the need to beef up security, and have a device that offers higher levels of security, biometrics, and even isolating the device from possible sources of attack, such as USB chargers.You also need a backup, just in case. Maybe this is another hardware wallet, or maybe you’re going to go for a “cold storage” solution that might include having your private keys printed on paper, or even engraved, stamped, or etched into metal.Another consideration is price. Unless you’re planning to hold huge cryptocurrency investments, then it might sting a bit to spend over $100 on a wallet.

How did we choose these cryptocurrency hardware wallets?

There are a number of factors to consider here.Price: Not everyone wants to spend $200 on a wallet.Durability: A broken hardware wallet can leave you hating life (not to mention down the cost of the hardware), so choosing something that will last is a good investment.Reputable manufacturer: You could be trusting thousands of dollars of cryptocurrency to a hardware wallet, so you want to know that your wallet has been made by a reputable company with a track record in delivering secure and reliable products. Ease of use: Setting up a hardware wallet can be daunting enough, but it can be made all the more difficult if the documentation is poor (or non-existent) or the device itself is quirky and unpredictable.

ZDNet Recommends More

Congress passed a bipartisan $1 trillion infrastructure bill on Friday that included about $2 billion in cybersecurity funding. The bill — now heading to President Joe Biden’s desk — includes $1 billion in state, local, tribal and territorial cyberdefense grants, $100 million for the Department of Homeland Security, and $21 million for National Cyber Director Chris Inglis. 

The four-year, $1 billion grant fund is something state and local governments have been waiting for to help tackle their growing cybersecurity to-do list. To receive a portion of the millions of dollars in grant funding each year, states have to match a specified percentage of the federal dollars. The percentage starts at 10% and grows to 40% over the next four years. The idea is that states will get used to accounting for cyber funding in their budgets as a result.The Washington Post noted that for the cybersecurity grant program, 1% will go to each state and 0.25% will go to all four US territories. Another 3% will go to tribal governments. The rest of the funding will be split between states based on their population size and specifically their rural population numbers. States are required to devote at least 25% of the funding to cyber programs in rural areas. The bill says $200 million in grants will be handed out in 2022, $400 million will be spent in 2023, $300 million in 2024, and $100 million in 2025. The Federal Highway Administration is also required to create a tool that can help them respond to cyberattacks.  Jonathan Reiber, former chief strategy officer for cyber policy in the office of the US Secretary of Defense during the Obama administration, told ZDNet that the bill addresses some of the biggest concerns experts have about the country’s cybersecurity readiness and infrastructure. “This investment will help the country achieve a state of real cybersecurity readiness where it matters most. This bill also focuses on securing elements of our critical infrastructure that could cause national-level systemic risks if disrupted. Vulnerabilities in the energy sector present a strategic risk for the US — from our electric utilities to oil and gas distribution, as we saw with the Colonial Pipeline attack — and hostile actors have been targeting the energy sector for years,” said Reiber, who is now a senior director at AttackIQ. “This bill will not only help ensure cybersecurity capabilities are built and deployed — it also calls for continuous assessments to ensure that our cyberdefense investments work as intended. It’s not enough to have built the best defense capabilities; they need to be exercised and ready when the adversary attacks. These resources can help ensure effectiveness.” 

He added that Inglis is “one of the most talented cybersecurity leaders in the world” and that it was a positive step to see the amount of money given to support the office of the National Cyber Director. Drew Jaehnig, industry practice leader of the public sector at Bizagi, honed in on the parts of the bill that focused on securing industrial or operational technology (OT) systems. Jaehnig spent 20 years at the Department of Defense and said the increased funding for OT systems was sorely needed. He noted that it was also “well overdue” for the federal government to provide support for state, local, tribal, and territorial cyber training, recruitment, and non-profit security grants. “In the long run, however, this will also require state and local officials to respond proportionally. It is interesting to note that FEMA will be responsible for the allocation and distribution of the appropriate funds to state, local, and non-profit organizations. This needs to be a preventative process to avert cyber-disasters and FEMA will need to be judicious in fund allocation to maximize the effects. State and local governments should consider consolidated actions to maximize the investment impact,” Jaehnig said. “Congress got a good start on the training aspects of cybersecurity strategy. The continued focus on CyberSentry and the hardening of the federal space are welcome advances. A nod of encouragement was given to a new generation of emergency protocols for cybersecurity, but this will certainly require additional funding from state and local partners to be successful.”Experts online noted that the grants to states and local governments specifically say the funding cannot be used for ransom payments to hackers.  Mark Carrigan, vice president of OT cybersecurity at Hexagon, said the $50 billion dedicated to improving the resiliency of power and water systems was an important part of the bill considering it protects them from cyberattacks and natural disasters. The Environmental Protection Agency and CISA will get a significant slice of the funding in the bill to beef up the security of water systems after a spate of attacks over the last year. Implemented properly, this program could make a considerable difference by making the country’s critical infrastructure more resilient to inevitable events — hurricanes, droughts, floods, and cyber-attacks, Carrigan explained.Some questioned whether enough people were working in cybersecurity to enact some of the measures in the bill and wondered whether government organizations would use the funding for one-time projects instead of looking at it as a recurring investment. Lookout’s federal sales engineer Victoria Mosby said the additional funding dedicated to increasing cybersecurity across all levels of the government will have a ripple effect across multiple vectors, not just the procurement of new tools. “Funding will give many cybersecurity teams the funds needed to continue updating antiquated systems and procedures. Many of these changes will spread outside of infosec teams into general IT infrastructure and new policy adoption to account for moving certain systems to the cloud and allowing for increased remote working,” Mosby said. “Increased hiring to bolster existing security teams and training to beef up the skills of existing professionals, with the increasing reliance on the cloud and remote workforce professionals need to have a better understanding of cloud security and the concept of ‘zero trust’. It would be curious to see if some of those funds funnel down into K-12 and higher education to create a new degree and certificate programs to bolster the incoming cyber workforce.”Other experts said it was important that the federal government is using the bill to request new cybersecurity programs to protect the development of new and current highways, rail, and supply chain programs. James McQuiggan, a security awareness advocate at KnowBe4, said these programs focus on aspects of cybersecurity risk management, incident response, and require the use of the National Institutes of Standards and Technology (NIST) Cybersecurity Framework (CSF). McQuiggan touted the measures in the modernization of transportation (Division A) section that say that all-controlling and monitoring systems (SCADA) should contain security features for access control, prevent exploitation of the systems and comply with the new cybersecurity requirements for the federal government’s supply chain and the use of zero trust. He also said the billions provided for programs expanding broadband access would come with upsides and downsides. “Throughout the bill, there are many requirements for training. Training for cyber incident response, workforce development training, safety training, but missing is the need to increase a more robust cybersecurity culture within the government at the federal, state, and county levels,” McQuiggan explained. “Several key areas in the bill seem to focus on the symptoms of an issue and not the root cause. The broadband internet section (Division F – broadband) requests the implementation of higher internet speeds to people who don’t have within their areas. One item lacking is the need for the people benefitting from this to understand the internet’s benefits and dangers. Broadband providers should provide free email filters for phishing and malicious attachments to reduce the risk of people falling victim to identity theft and loss of finances due to online scams.” Some cybersecurity experts echoed McQuiggan’s concerns about the expansion of broadband access, noting how important it is for the country but also warning that it would introduce a host of cybersecurity issues. Perry Carpenter, chief evangelist, and strategy officer at KnowBe4, said the increased internet access for everyone would create a “richer” environment for cybercriminals. “We are about to potentially see the largest infrastructure upgrade of our lifetimes. It will impact us, our children, and potentially our grandchildren,” said KnowBe4’s Carpenter. “It’s imperative that we minimize mistakes of our past and start right. Build security in. Make it fundamental to how success is defined.” More

rob dobi/Getty Images X CEO Elon Musk announced earlier this week that he’s pulling the teeth out of X’s (formerly Twitter) blocking feature. Soon, users you’ve blocked will be able to view your posts again.  Nina Owji, a web developer, posted, “X is about to remove the current block button, meaning that if an account is public, […] More