Pete Recommends – Weekly highlights on cyber security issues March 23, 2019

Subject: Consumer consent is emphasis of senators’ new facial-recognition bill
Source: Fedscoop
https://www.fedscoop.com/facial-recognition-privacy-bill-blunt-schatz/

Sens. Roy Blunt and Brian Schatz introduced a bipartisan bill on Thursday that would regulate how tech companies use facial recognition technology, aiming to give consumers more control over their data.

The legislation would not apply to government use of facial recognition technology. A draft version made available by Schatz, D-Hawaii, explicitly states that it would not affect activities of the federal agencies, any state or local government, law enforcement agencies, national security agencies and intelligence agencies.

[so it’s OK for big brother? /pmw1]

..

In this Story

Brad Smith, facial recognition, facial recognition technology, Microsoft, Senator Brian Schatz, Senator Roy Blunt, The Commercial Facial Recognition Privacy Act of 2019

Sample RSS feed for a topic:
https://www.fedscoop.com/tag/facial-recognition/feed/


Subject: What was that P word? Ah. Privacy. Yes, we’ll think about privacy, says FCC mulling cellphone location data overhaul
Source: The Register
https://www.theregister.co.uk/2019/03/15/fcc_mobile_phone_location/

Analysis America’s comms regulator has finally pinky-promised to at least consider people’s privacy when it looks into how cellphone location data can be made more accurate.

On Friday, during a monthly meeting of commissioners, the FCC belatedly confirmed it would weigh up privacy alongside phone tracking, in a “notice of proposed rulemaking.”

The critical topic was added following an intervention from new commissioner Geoffrey Sparks, after a campaign by privacy advocates who were stunned to find not a single mention of the word “privacy” in a 32-page outline document.

The omission is particularly galling given a series of high-profile cases this past year where mobile network operators were found to be providing location data on individuals to unknown third parties for a fee, despite repeatedly promising not to and despite it being against the rules.

filed under https://www.theregister.co.uk/Tag/privacy
and its RSS feed: https://feed.theregister.co.uk/atom?q=privacy
and from Public Knowledge News blog:
https://www.publicknowledge.org/news-blog/blogs/will-the-fcc-keep-ignoring-carriers-that-sell-your-gps-data

which is filed under: FCC, Privacy, Consumer Privacy, Data Protection, E911

and a sample topic feed: https://www.publicknowledge.org/tag/Privacy


Subject: Spam Warns about Boeing 737 Max Crashes While Pushing Malware
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/spam-warns-about-boeing-737-max-crashes-while-pushing-malware/

A new malspam campaign is underway that is trying to utilize the tragic Boeing 737 Max crashes as a way to spread malware on a recipient’s computer. These spam emails pretend to be leaked documents about imminent crashes that the sender states should be reviewed and shared with loved ones to warn them.

This new campaign was discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, who posted about them on Twitter.

Other news in this category:
https://www.bleepingcomputer.com/news/security/


Subject: How to Safely Dispose of (or Sell) Smarthome Hardware
Source: How-To Geek
https://www.howtogeek.com/407192/how-to-safely-dispose-of-or-sell-smarthome-hardware/

When you decide to get rid of your smarthome gadgets, you shouldn’t just toss them in the trash, sell them, or give them away. Before you take the products out of your house, you should wipe the data off them.

Other Smart Home articles:
https://www.howtogeek.com/t/smarthome/

RSS: https://www.howtogeek.com/t/smarthome/feed/


Subject: How to Set up Your Child’s Smartphone With Qustodio Parental Control |
Source: Digital Trends
https://www.digitaltrends.com/dtdeals/qustodio-smartphone-parental-control-free-trial/

Despite its simplicity, Qustodio offers a full range of monitoring capabilities. Parents can see their kids’ internet use (such as social media activity), call history, and text message/SMS logs. The software also lets you monitor screen time, set time limits, block apps and websites from being accessed, and restrict time spent on certain games or other services. Location tracking even shows you where a particular mobile device has been recently, and filtering technology automatically blocks inappropriate content to keep your home network clean and safe. With so many features, you can really take control of what your child can and can’t do with their smartphone.


Subject: How to contact Google support for help with any Google-related issue
Source: Business Insider
https://www.businessinsider.com/how-to-contact-google-support

  • If you’re looking to contact Google for help with a Google-related issue, there are a few routes you can take.
  • Google does not offer phone support save for assistance with a few specific apps, and many of the numbers posted online claiming to be Google customer service are scams.
  • The company does offer a robust archive of information that can be helpful as you troubleshoot; most issues have likely been addressed.
  • Google will never offer help with security issues like a lost password over the phone, so make sure you write down sensitive information in hard copy and store it somewhere safe.

Don’t take this personally, but Google doesn’t want to talk to you. Part of it is they’d be crazy busy if they had to run an active customer support call center — hundreds of millions of people use some form of Google product every day.

Can you call Google?

Yes, you can call Google. Google’s customer support number is 1-855-836-1987. That will take you to a menu that will take you to a series of other menus, but most of the time, unless you have an issue with a piece of hardware like an Android phone, the end result of your call will be a recorded voice telling you which webpage to visit to try to resolve your issue.

Google staffers write tutorials on dealing with common issues, and there are also user forums addressing myriad problems. Here’s how to find the former.

1. Log into your Google account, then go to support.google.com.

Use Google help forums

On the support.google.com page, select the icon of the product at issue and click it.

1. On the next page, near the top left of the screen, click the word “Community.”

Contact Google about Drive issues

Google Drive is the only app product for which Google allows actual direct contact.

From the support.google.com page…

1. Click the “Google Drive” icon.


Subject: Advocates, businesses say ADA causes trouble for disabled in digital world
Source: UPI.com
https://www.upi.com/Top_News/US/2019/03/19/Advocates-businesses-say-ADA-causes-trouble-for-disabled-in-digital-world/1531551612839/

March 19 (UPI) — As more tasks of daily life migrate online, more advocates are getting serious about holding businesses responsible for making their websites accessible to Americans with disabilities — an issue industries say is not made clear by a 29-year-old federal law.

Recently, U.S. courts have seen an uptick in lawsuits filed by disabled Americans — and they’re winning. The suits are part of a sustained effort to force companies and organizations to come into compliance with U.S. disability law — even though it’s not clear exactly what that entails.

Chicago-based employment law firm Seyfarth Shaw said more than 2,200 suits were filed in federal court over web access last year — nearly three times the 817 recorded the year before.

But it’s a murky issue.

Federal law requires government-run websites to be accessible to the disabled, but there is no firm mandate for corporate sites. The 1990 Americans with Disabilities Act, the law that covers the issues, doesn’t specify how sites should make themselves accessible to persons with disabilities, like the visually-impaired and the deaf — largely because it was passed nearly 30 years ago, long before the emergence of today’s digital landscape.

“The general public is very unaware [of the website access issues], but it’s easy for a person to quickly feel empathy when you explain that the majority of blind users cannot do what you and I take for granted every day,” Jason Taylor, chief innovation strategist at Usablenet.com, told UPI.

The appellate court agreed and ruled Domino’s must make its site ADA-compliant.

Domino’s argued the Justice Department hasn’t given guidance on how a website becomes ADA-compliant. The 9th Circuit overruled a lower court opinion that dismissed Robles’ suit — saying the ADA doesn’t apply in this case because it would violate due process rights. The Justice Department, it ruled, hasn’t established necessary web standards or given technical assistance to enact such standards. The issue is still pending in federal court.


Subject: Michael Cohen warrants show how the FBI can unlock your phone and track your movements
Source: CNNPolitics
https://www.cnn.com/2019/03/19/politics/michael-cohen-warrants-fbi-phone/index.html

(CNN) Court documents unsealed Tuesday reveal the breadth of technical information federal investigators were permitted to collect on President Donald Trump’s former fixer Michael Cohen.

Notably, the FBI made use of Cohen’s use of Touch ID and Face ID on his Apple devices, which allow users to quickly log into iPhones and computers by scanning their face or fingerprint rather than typing in a password. Those features are marketed as faster and more secure ways to securely log into one’s devices, as it’s harder, though not impossible, to replicate someone’s fingerprint or appearance

But that gives law enforcement an additional means to access those devices. In one warrant application for Cohen, an FBI agent requested authorization “to press the fingers (including thumbs) of Cohen to the Touch ID sensors of the Subject Devices, or hold the Subject Devices in front of Cohen’s face, for the purpose of attempting to unlock the Subject Devices via Touch ID or Face ID.”

While the issue has never come before the Supreme Court, tech civil liberties experts warn that a warrant can compel a suspect to use their face or fingerprint to give up access to an otherwise locked device.


Subject: Despite 2016 hack, some Democratic candidates haven’t taken this basic step to secure emails
Source: CNNPolitics
https://www.cnn.com/2019/03/20/politics/democratic-candidates-email-security-2020/index.html

New York (CNN) The release of hacked emails helped derail Hillary Clinton’s 2016 presidential bid. But most 2020 Democratic presidential primary candidates have not taken a basic step in securing their email systems, according to a new analysis by the security advocacy group Global Cyber Alliance conducted in mid-March.

Only four of the then-14 Democratic candidates’ websites were using any form of a security protocol that helps ensure emails sent from campaign addresses are genuinely from the campaign when Global Cyber Alliance first ran the analysis last week.

The protocol — Domain-based Message Authentication, Reporting and Conformance (DMARC) — verifies that emails are from the websites they claim to be from. Records of whether a website owner is using the protocol are publicly available.

In 2017, the Department of Homeland Security directed all federal agencies to implement the protocol.

“There’s lots of things you can do to help protect email,” Phil Reitinger, president and CEO of Global Cyber Alliance, told CNN. “Use of DMARC is really table stakes for whether you’re serious about email security.”


Subject: Cummings: WH officials using personal accounts to do official work
Source: CNNPolitics https://www.cnn.com/2019/03/21/politics/elijah-cummings-jared-kushner-personal-account/index.html

(CNN) House Oversight Chairman Elijah Cummings said Thursday his committee has obtained new information that several senior White House officials have used personal email and messaging accounts to conduct government business, asserting that President Donald Trump’s son-in-law communicated with foreign leaders through a private messaging application that appears to lack adequate safeguards.

In a Thursday letter to the White House, the Maryland Democrat alleged that Jared Kushner, who is also a senior White House adviser, had been using WhatsApp, a popular messaging application, to “communicate with foreign leaders” — something he said that Kushner’s attorney had confirmed in a private meeting. He also contended that Trump’s daughter Ivanka Trump, also a senior adviser, may be in violation of the Presidential Records Act by her use of private emails.


Subject: Are Health Apps Putting Your Privacy at Risk?
Source: Consumer Reports
https://www.consumerreports.org/health-privacy/are-health-apps-putting-your-privacy-at-risk/

Health apps may help you track your prescriptions, look up sickness symptoms, and measure your mood. But they may also pose “unprecedented risk to consumers’ privacy,” according to a new study published in the journal The BMJ.

The study authors identified 24 of the most popular or highly recommended medication-related Android apps in the Google Play store and found that 79 percent of them share user data in ways that may violate your privacy.

“We’re getting more and more of a sense that there isn’t any privacy anymore,” says Quinn Grundy, Ph.D., the lead author of the study, an assistant professor in the faculty of nursing at the University of Toronto, and an honorary senior lecturer in the school of pharmacy at the University of Sydney. But many people “still hold health data as a protected category” and aren’t comfortable with health-related information being shared.

Consumers have good reason to be uncomfortable, experts say, because sharing personal health information may lead to a variety of harms, such as restrictions on access to healthcare or life insurance.

“People rely on health information being protected and do not realize that these safeguards do not apply to medical apps,” says Lori Andrews, Ph.D., a law professor and director of the Institute for Science, Law and Technology at the Chicago-Kent College of Law at the Illinois Institute of Technology.

More on Medical Privacy

Protect Yourself From a Medical Data Breach
Should You Google Your Medical Symptoms?
Protect Yourself From a Hospital Data Breach 

Posted in: Civil Liberties, Cybersecurity, Email, Email Security, Healthcare, Privacy, Search Engines