Pete Recommends – Weekly highlights on cyber security issues March 30, 2019

Subject: Privacy law scholars must address potential for nasty satellite data surprises
Source: Penn State University News

UNIVERSITY PARK, Pa. — Fitness apps and other smart devices embedded with GPS satellite chips and other sensors may use satellite data to help users stay fit and healthy, but, according to Penn State and Penn State Dickinson Law researchers, they unwittingly open a gateway to privacy-related legal and ethical headaches and are a repeated source of national security threats.

In a session at the Penn State Law Review annual symposium held today (March 22), the researchers and Dickinson Law professors said that immediate focus is needed on how vast quantities of data, collected from sensors embedded in smart devices combined with both government-owned and privately owned satellite mapping technologies, is aggregated, used, disseminated, and bought and sold. Government-owned satellite mapping technologies, including global positioning satellites provide free, worldwide access for use in GPS chip-embedded devices.

In 2018, Strava, a social fitness network that uses GPS data to track workouts for cyclists and runners who wear fitness devices, released a map of the 13 trillion GPS points collected from their users during their workouts. Unfortunately, the map included data points that blew the cover of several secret U.S. special forces bases.


Amy Gaudion, Anne Toomey McKenna, cyberlaw, cybersecurity, Jenni Evans, national security, privacy, satellite, satellite data

Subject: How to permanently delete your Google account (and save your data)
Source: Reuters via Business Insider

If you’re looking to delete your Google account, you should strongly consider downloading and saving your Google data beforehand. Reuters

  • A Google account gives you access to many free services, but it’s possible to completely and permanently delete it.
  • It’s a really good idea to save a copy of all your Google data before you delete the account.
  • Here’s how to save your data from and permanently delete your Google account.

With over 1.5 billion active Gmail users, about one person in every five on earth has a Google account. If you’re among them but want to sever your ties, Google makes it possible to permanently delete your Google account. You might want to do that because you want to change your email address, or you might have a more philosophical reason, like a desire to distance yourself from Google itself.

But what does deleting your account entail? Remember that your Google account gives you access to a wide array of free services. It includes Gmail, Google Docs, Google Drive, and Google Photos, all of which share a 15 GB cloud storage account. In addition, your Google account lets you customize your experience with a bevy of other sites and services, like Google Maps, YouTube, Google search itself, and many others.

If you delete your Google account, you’ll permanently lose access to any site that requires a Google account login, such as Gmail, Google Docs, Google Drive, and Google Photos. You’ll also lose any content you purchased through Google Play or YouTube and your saved bookmarks in Google Chrome. That said, you may continue to use any site that doesn’t require a login – like Google search, Google Maps, and YouTube.

Subject: FEMA shared 2.3 million disaster survivors’ personal information with contractor
Source: DHS I.G. via WPMT FOX43

Millions of hurricane and wildfire survivors are learning that they’re at “increased risk of identity theft and fraud” because the Federal Emergency Management Agency shared their banking and other private information.

The Department of Homeland Security inspector general said Friday that FEMA had unlawfully disclosed the private data of 2.3 million survivors with a federal contractor that was helping them find temporary housing.

The 2.3 million people include survivors of Hurricanes Harvey, Irma and Maria and the 2017 California wildfires.

NB other PR items for DHS I.G. (filterable, but not necessarily well curated):

RSS feed:

Subject: NSO Group CEO on “60 Minutes”: Hacking Lawyers, Reporters Is OK
Source: Gizmodo

The founder and CEO of NSO Group, the notorious Israeli hacking company with customers around the world, appeared on CBS’s 60 Minutes Sunday night to defend the use of his company’s tools in hacking and spying on lawyers, journalists, and minors when the country’s customers determine the ends justify the means.

Founded in 2018, NSO Group has reportedly sold hacking tools to dictators including those in Saudi Arabia, the United Arab Emirates, and across Central Asia—a group of decision-makers whose track record includes numerous examples of human rights abuses and oppression of dissent. NSO’s tools have been directly involved in the arrest of human rights activists and, in Mexico at least, spying on lawyers and journalists in an effort to catch the drug lord Joaquin “El Chapo” Guzman.

filed under

Subject: The U.S. Pledges A Harder Line In Cyberspace — And Drops Some Hints
Source: NPR

Army Gen. Paul Nakasone, who heads both the National Security Agency and the U.S. Cyber Command, usually doesn’t say much in public. But recently, he’s been on what amounts to a public relations blitz. The message he’s pushing is that the U.S. will be more aggressive in confronting and combating rivals in cyberspace.

“I have all the authorities that I need right now to conduct the full spectrum of operations, that’s defensive operations all the way to offensive operations. And when I don’t have those authorities, I will certainly ask for them,” said Nakasone, wearing short sleeves and no tie at the recent RSA Conference, a high-tech gathering in San Francisco.

He’s even offering a few select details, a rarity for the super-secretive NSA and Cyber Command.

“For the first time, we sent our cyberwarriors abroad,” Nakasone said earlier this month in Capitol Hill testimony about countering Russian attempts to meddle in last fall’s midterm elections. “We sent defensive teams forward in November to three different European countries. That’s acting outside of our borders that impose[s] costs against our adversaries.”

filed under:


Subject: Risky Business—Threats in the IT Supply Chain
Source: GAO WatchBlog

There are many vulnerable points in the IT supply chain. Unauthorized distributors, inadequate software testing, and untrustworthy suppliers can all introduce risks.

Bad actors can take advantage of these vulnerabilities by

  • installing intentionally harmful hardware or software,

  • installing counterfeit hardware or software, or

  • causing a failure or disruption in the production or distribution of products critical to federal agency operations (e.g., due to labor or political disputes)

GAO Report:

Subject: How Digital Wallets Work
Source: HowStuffWorks

The traditional leather wallet is your stalwart companion for safekeeping precious possessions of all kinds. It holds tightly your cash, credit cards, family pictures, driver’s license, insurance identification, shopping loyalty cards and more. Alas, your wallet grows thicker and more unwieldy by the day; your spine shrieks every time you sit on it the wrong way.

Oh, and it’s entirely unsecure. Any crook that gets his hot little hands on your wallet can easily blow all of your cash and possibly wring your credit accounts dry, too. In spite of that fact, 85 percent of transactions across the globe are still based on cash and checks [source: Yahoo News]. Americans alone wrote around 14 billion checks in 2009 [source: Huffington Post].

To combat theft, simplify your finances, avoid being the “check-writing guy” in line at the store and maybe even ward off trips to the chiropractor, perhaps it’s time for a wallet upgrade. For that, you might consider the digital wallet.

Before we go any further, understand that the term digital wallet is a blanket descriptor for a range of technologies that let you perform many tasks. In general, though, a digital wallet (also sometimes called an e-wallet) is a transformation in the way you pay for things.

filed under

Subject: Apple highlights privacy in new services in jab at rivals
Source: AP via Yahoo

Facebook, Google and other tech companies have come under fire for the amount of data they collect on users to sell advertising. Apple has largely escaped this backlash and has sought to set itself apart by emphasizing its privacy safeguards. Apple has been able to do so because the bulk of its business is in hardware, namely iPhones.

Apple wants to reassure customers that it’s still committed to privacy with the new push on services.

It’s a way for Apple to remind people that the company is more consumer-friendly than many of its competitors, said eMarketer analyst Paul Verna. He said the strategy is especially important because Apple is a late entrant to the streaming market.

Apple also said its TV service will not share user’s personal information with anyone.

Subject: Bipartisan bill aims to close gap in congressional cybersecurity
Source: CNNPolitics

(CNN) A bipartisan bill set to be introduced on Wednesday aims to close what is regarded as a major gap in congressional cybersecurity and extend the government’s protections to senators and their staffers’ personal phones and computers.

The fact that Senate employees, especially those with high security clearance, enjoy federal security on their work devices but not the ones they purchase themselves has long been regarded as a glaring oversight by cybersecurity experts.

“It is ludicrous to expect individual senators and their staff to defend themselves from spies and hackers,” Bruce Schneier, a security lecturer at Harvard, said in a statement on the bill. “Hostile foreign intelligence services do not respect the arbitrary line between work and personal technology.”

Subject: Data Breaches: Range of Consumer Risks Highlights Limitations of Identity Theft Services
Source: U.S. GAO

Data breaches have exposed the personal data of hundreds of millions of people and put them at risk for identity theft.

We looked at what you can do if you’re a victim of a data breach. Identity theft services can be convenient, but they don’t prevent fraud from happening in the first place.

There are also some steps you can take on your own for free—such as freezing your credit reports. A freeze prevents the opening of new credit accounts or loans in your name.

We’ve previously recommended that Congress reconsider legislation requiring federal agencies to offer high levels of identity theft insurance coverage.

View Report (PDF, 47 pages)

Also a 6m 36s podcast:

Explore our Key Issues on Information Security:

Posted in: Congress, Cybercrime, Cyberlaw, Cybersecurity, E-Government, Email, Legal Profession, Privacy, Social Media