Pete Recommends – Weekly highlights on cyber security issues, October 5, 2019

Subject: The whistleblowing process, explained
Source: CNNPolitics

(CNN) A whistleblower has alleged that President Donald Trump solicited a foreign country to help intervene in the 2020 election and that the White House sought to cover it up. Trump has attacked the whistleblower and called those who provided the individual with information “close to a spy.” But the person who made the complaint is part of a storied American tradition of concerned individuals who felt they had a duty to bring potential wrongdoing to light. Here’s what to know about the whistleblowing process…

Subject: German police shut down Dark Net servers housed in former NATO bunker

Sept. 27 (UPI) — German police stormed a “Dark Net” data center in a former NATO bunker allegedly used to host websites offering drugs, child pornography and devices to breach computers. Over 600 police personnel were involved in the raid on what they termed a “cyberbunker data center” in the western German city of Traben-Trarbach. Seven people were arrested, with 13 more sought, although none were taken into custody at the site. The arrests occurred at a local restaurant and in the town of Schwalbach, near Frankfurt. Other raids occurred simultaneously in Poland, the Netherlands and Luxembourg.

“It is the first time in Germany that [arrests are] not directed against operators of shops or marketplaces, but against those who make crime possible,” Jürgen Brauer, prosecutor in the Koblenz Attorney General’s office, said on Friday.

filed under

Subject: Researchers question Census Bureau’s new approach to privacy
Source: Reuters via WHYY

In an age of rapidly advancing computer power, the U.S. Census Bureau recently undertook an experiment to see if census answers could threaten the privacy of the people who fill out the questionnaires.

The agency went back to the last national headcount, in 2010, and reconstructed individual profiles from thousands of publicly available tables. It then matched those records against other public population data. The result: Officials were able to infer the identities of 52 million Americans.

Confronted with that discovery, the bureau announced that it would add statistical “noise” to the 2020 data, essentially tinkering with its own numbers to preserve privacy. But that idea creates its own problems, and social scientists, redistricting experts and others worry that it will make next year’s census less accurate. They say the bureau’s response is overkill.

filed under:

Politics & Policy

WHYY RSS feed;

Sample category feed:

Subject: Amazon may soon be able to track your phone’s location, activists
Source: Business Insider

  • Amazon’s new mesh network could enable the company to track your phone’s location, even if you don’t use its WiFi or products.
  • Privacy watchdogs are sounding alarm bells about what that means for the company’s ability to surveil individuals.
  • Amazon regularly partners with law enforcement, turning over insights from its network of Ring cameras to police.
  • The company has not clarified many details surrounding how the mesh network will be used.

Among the avalanche of new products unveiled at Amazon’s hardware event on Wednesday were two features that are a bit less tangible: “Sidewalk,” a new wireless protocol that links smart objects, and “eero,” a brand of WiFi router the company acquired and is selling for people to use in their homes.

With the new offerings, the number of Amazon-made routers and devices in homes and stores is set to increase nationwide. Sidewalk will use this proliferation of devices to build a “mesh network” — a wireless network where each device communicates with one another, working together to transmit data across the network — that spans broad geographical areas. According to Amazon’s announcement, the company found that placing 700 devices across Los Angeles was enough to cover the entire metropolitan area of the city.

Owners of WiFi networks can track what devices are nearby even if those devices don’t sign onto the network, just like a smartphone can detect nearby networks without signing on.

[I wonder how this differs existentially from cell towers pinging cellular phones?]

Subject: Report: U.S. to Sign Treaty Forcing Platforms Like Facebook to Share Encrypted Chats With UK Police
Source: Gizmodo

The U.S. and UK governments are expected to sign a treaty in October that will force social media platforms based in either of the countries to “disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals” to police in the other, according to the Times of London.

Police in either country have restricted ability to demand user data from a tech company based in the other. That’s more an issue for the UK than the U.S., in which the biggest platforms are headquartered. The Times reported that UK Home Secretary Priti Patel is slated to soon sign the “data access agreement,” which follows four years of “intense lobbying” by the UK to gain more direct access to data held on U.S. platforms like Facebook and its subsidiary WhatsApp.

According to the paper, Patel said UK authorities’ hands are currently tied by arrangements that keep transnational data-sharing to emergencies and a slow-moving treaty process:

More from Gizmodo:
Report: FBI Tried to Get Encrypted Phone Firm to Build Backdoor So They Could Spy on Sinaloa Cartel
You Won’t See Quantum Internet Coming
Bizarre Sponsored Talk on ‘Time AI’ Encryption Tech Mocked at Black Hat Conference
Trump White House Reportedly Debating Encryption Policy Behind Closed Doors

Article tagged:


Section Privacy & Security:

Subject: The future of privacy starts in California
Source: Axios via beSpacific

Axios – “A landmark privacy law in California, which kicks in Jan. 1, will give Golden State residents the right to find out what a company knows about them and get it deleted — and to stop the company from selling it. Why it matters: It could effectively become a national privacy law, since companies that are racing to comply with it may give these privileges to non-Californians, too. The California Consumer Privacy Act will apply to companies with at least $25 million in revenue, personal information on at least 50,000 people, or earning at least half their money by selling consumers’ personal information.

beSpacific Subjects: Civil Liberties, Legislation, Libraries, Privacy

Axios filed under:

RSS site feed:

Go deeper:
More than 50 CEOs urge Congress to pass consumer privacy law
Axios’ deep dive on data privacy
California governor signs data privacy law

Subject: National Cybersecurity Awareness Month 2019
Source: DHS via National Initiative for Cybersecurity Careers and Studies

Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.

NCSAM 2019 will emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.

The NCSAM 2019 Toolkit is a comprehensive guide to make it easy for you and your organization, regardless of size or industry, to engage and promote the core theme and critical messages leading up to and throughout October. Use the guide and the resources below to help you engage your stakeholders and promote positive, lasting cybersecurity habits.

+ infographics

Subject: How to Set Your Google Data to Self-Destruct
Source: The New York Times via beSpacific

The New York Times – “For years, Google has kept a record of our internet searches by default. The company hoards that data so it can build detailed profiles on us, which helps it make personalized recommendations for content but also lets marketers better target us with ads. While there have been tools we can use to manually purge our Google search histories, few of us remember to do so. So I’m recommending that we all try Google’s new privacy tools. In May, the company introduced an option that lets us automatically delete data related to our Google searches, requests made with its virtual assistant and our location history…

beSpacific Subjects: Internet, Knowledge Management, Search Engines, Social Media

NYT filed under


Subject: ABA Tech Report 2019
Source: Law Technology Today via beSpacific

[needless to say, these concerns can be extrapolated to other professions /pmw1]

Tech Report 2019 – Cloud Computing – Law Technology Today: “…To keep it simple, the 2019 Legal Technology Survey has focused on the basic concept of a “web-based software service or solution,” including SaaS. In practical terms, you can understand cloud computing as software or services that can be accessed and used over the internet using a browser (or, commonly now, a mobile app), where the software itself is not installed locally on the computer or phone being used by the lawyer accessing the service. Your data are also processed and stored on remote servers rather than on local computers and hard drives. Cloud applications might also be referred to as “web services” or “hosted services.” Cloud services might be hosted by a third party (most commonly Amazon or Microsoft) or, more commonly in the legal profession, by a provider running its services on Amazon, Microsoft, or another cloud data center provider. It’s also possible, though unlikely, that a law firm could host and provide its own private cloud services…The 2019 Legal Technology Survey shows that for a small, but slowly growing, majority of lawyers and firms, cloud services are now part of the IT equation. Overall, …

beSpacific Subjects: Cybercrime, Cybersecurity, E-Records, Intellectual Property, Internet, Knowledge Management, Microsoft

ABA TR Tags ABA TECH REPORT cloud computing feature

sample tab RSS feed:

Subject: EU can force Facebook and social media platforms to remove content globally
Source: ZDNet

The European Court of Justice has ruled that users of Facebook, or any other host provider, will be able to request for content to be taken down if it is considered unlawful. The effects of these blocks will not only be enforced in the individual’s country of residence, but will be applied worldwide. The court said on Thursday that host providers can be forced to block a piece of content globally if any of the European Union’s national courts come to the decision that the content in question is defamatory or unlawful.

“It also opens the door to obligations being imposed on internet companies to proactively monitor content and then interpret if it is ‘equivalent’ to content that has been found to be illegal … We hope the courts take a proportionate and measured approach, to avoid having a chilling effect on freedom of expression,” Facebook said.

filed under Topic: Legal
bonus RSS:

Posted in: Cybercrime, Cyberlaw, Cybersecurity, Gadgets/Gizmos, Government Resources, Internet Trends, Legal Research, Pornography, Privacy, WiFi