MEXICO CITY (Reuters) – Mexican Senate committees on Wednesday approved a controversial security bill that human rights groups say risks granting excessive power to the armed forces in their already checkered role in combating organised crime in the country.
Troops take part in a military parade celebrating Independence Day at Zocalo Square in downtown Mexico City, Mexico, September 16, 2017 .
The bill, which enjoys some cross-party support between conservatives and centrists, will now pass to the floor of the upper house of Congress for discussion and possible approval late on Wednesday or on Thursday morning.
The Law of Internal Security aims to regulate the armed forces role in combating drug cartels, a conflict which has claimed well over 100,000 lives in the last decade.
Senate committees approved the bill on Wednesday, a senate spokesman said .
Lawmakers who support the bill say it will set out clear rules that limit the use of soldiers to fight crime.
Rights groups have strongly attacked the bill, saying it prioritises the military s role in fighting the gangs over improving the police, and could open the door to greater abuses and impunity by the armed forces.
The military has already been embroiled in multiple human rights scandals including extrajudicial killings of gang members and the disappearance of 43 students near one of its bases in 2014.
The United Nations, Amnesty International and Mexican human rights organizations have all criticized the bill.
This law should not be approved quickly, it puts liberties at risk by giving more power to the armed forces without designing controls and counterweights, said Santiago Aguirre from the Miguel Agustin Pro Center for Human Rights.
Last week, President Enrique Pena Nieto asked lawmakers to include civil society s views in their discussion of the bill, which sparked attempts by protesters to bar access to the upper house of Congress when it reached the Senate.
Writing by Christine MurrayEditing by Sandra Maler
Private equity giant Thoma Bravo has agreed today to buy Barracuda Networks1 in a take-private deal that s valued at $1.6 billion . The company was offered $27.55 per share, about 16% above Friday s close. Though above Barracuda s 52-week high, the price is down from the over $40 per share where the stock was trading in 2015 . Barracuda went public in 2013. Campbell, California-based Barracuda, which competes with Palo Alto Networks and Symantec, provides security for cloud-connected networks and applications .
The company touts clients like Boeing, Microsoft and the U.S . Department of Defense. 2Barracuda says it has over 150,000 customers.
We believe the proposed transaction offers an opportunity for us to accelerate our growth with our industry-leading security platform that s purpose-built for highly distributed, diverse cloud and hybrid environments, said BJ Jenkins, chief executive officer of Barracuda, in a statement . We will continue Barracuda s tradition of delivering easy-to-use, full-featured solutions that can be deployed in the way that makes sense for our customers. The deal is expected to close by the end of February. Founded in 2003, Barracuda Networks raised at least $46 million in venture funding prior to its IPO .
Sequoia Capital and Francisco Partners were amongst its largest shareholders at the time it went public. Thoma Bravo is a Chicago and San Franciso-based private equity giant with $17 billion under management . Other portfolio companies include Compuware, McAfee and SailPoint, which recently went public.3
Private equity firms began more aggressively buying up software companies last year, their apparent thinking being that they can generate reliable returns from such investments . The biggest take-private deals in the last 18 months include the sale of U.S . data analytics firm Qlik Technologies to Thoma Bravo for about $3 billion4 in June 2016; Marketo, a marketing software giant that went public in 2013 and was taken private again by Vista Equity Partners last year for $1.79 billion5 in cash; and the sale of event-management company Cvent last year to Vista Equity Partners in a $1.65 billion6 deal.
Morgan Stanley advised Barracuda on the deal . Goldman Sachs, Credit Suisse and UBS worked with Thoma Bravo. Here s a look at Barracuda s stock chart, since it went public about four years ago.
Featured Image: Dmitry Miroshnikov/Getty Images
Each of Spain’s DNIe ID cards has a chip containing two certificates, one for identification and one for electronic signing.
Each of Spain’s DNIe ID cards has a chip containing two certificates, one for identification and one for electronic signing.Image: Cuerpo Nacional de Polic a
When security researchers discovered last month that secure hardware made by Germany’s Infineon Technologies was not so secure after all1, it was clear that there would be major implications. There are a lot of smartcards and other devices out there with Infineon’s chips in them, and the ‘ROCA’ flaw2 in Infineon’s key pair-generation algorithm made it possible for someone to discover a target’s private key just by knowing what their public key was. Now, in an analogous situation to that recently experienced in Estonia3, Spain seems to be having a tough — and arguably more chaotic — time dealing with the implications for its national identity smartcards. Estonia’s big security flaw only affected around 760,000 cards, although Estonians genuinely use their cards for a great variety of public and private services. Against that figure, there are around 60 million identity smartcards in Spain . However, according to an El Pa s article4, Spaniards were only using theirs in 0.02 percent of public-service engagements when surveyed a few years back. Dan Cvrcek is the CEO at security firm Enigma Bridge, which was co-founded by researchers who identified the ROCA flaw.
He told ZDNet that exploitation of the flaw could allow attackers to revert or invalidate contracts that people have signed, in part because the Spanish don’t use timestamps for very important signatures. “I still don’t think you can do a large-scale attack that would target a lot of people,” Cvrcek said. However, he added, the cost of an individual attack has “rapidly decreased” . The assumption used to be that an attack cost between $20,000 and $40,000, but now it’s “realistically $2,000”. Each card, known as the DNIe, has a chip that contains two certificates, one for identification and one for electronically signing things. According to El Diario5, the authorities responded to Infineon’s October vulnerability disclosure by revoking, on November 6, all certificates issued since April 2015. What’s more, the authorities have stopped letting people sign things with the card at the self-service terminals found at many police stations.
That decision affects every card, not only those that have the flaw . However, people can still digitally sign documents online, using a small card reader that connects to their PCs. The readers are needed to update the affected cards . But there is as yet no indication of when the affected cards will be updated . Indeed, there doesn’t seem to be much official information out there at all, something which has not gone unnoticed in the Spanish tech press. “Neither the police nor other public bodies have given more information through their social media accounts about the impact of the vulnerability and how to act if affected,” said Xataka6. At least the Basque certificate authority Izenpe, which has revoked 30,000 certificates, has given information7 about how to replace them, the blog added. Amid all that chaos, it also seems that some people with recently issued DNIe cards are still able to use them, despite the supposed revocation of their certificates. “I would not mind if it continued like this until there are new certificates,” tweeted8 one user. Toomas Ilves, the former president of Estonia, said earlier this week that he believed millions of people in countries had been affected by the ROCA flaw, but their authorities were remaining “silent”.
Previous and related coverage
Estonia is built on secure state e-systems, so the world was watching when it hit a huge ID-card problem
A new security flaw has placed the security of RSA encryption in jeopardy.
- ^ not so secure after all (www.zdnet.com)
- ^ the ‘ROCA’ flaw (www.infineon.com)
- ^ experienced in Estonia (www.zdnet.com)
- ^ El Pa s article (cincodias.elpais.com)
- ^ El Diario (www.eldiario.es)
- ^ Xataka (www.xataka.com)
- ^ given information (www.izenpe.eus)
- ^ tweeted (twitter.com)
- ^ Estonia’s ID card crisis: How e-state’s poster child got into and out of trouble (www.zdnet.com)
- ^ As devastating as KRACK: New vulnerability undermines RSA encryption keys (www.zdnet.com)