Pete Recommends – Weekly highlights on cyber security issues, June 6, 2021

Subject: Email provider says bomb threat came after Protasevich flight was diverted to Belarus
Source: UPI.com
https://www.upi.com/Top_News/World-News/2021/05/27/Belarus-email-provider-ProtonMail-bomb-threat-after-Protasevich-flight-diverted/1841622145635/

May 27 (UPI) — A Swiss email provider on Thursday said that an email Belarusian authorities said contained an in-flight bomb threat arrived after a plane carrying opposition journalist Roman Protasevich was diverted to Minsk.ProtonMail issued a statement contradicting claims from Belarusian officials that they alerted cockpit crew after receiving a bomb threat against the plain carrying Protasevich — a vocal opponent of Belarusian President Alexander Lukashenko who had been in self-exile — by the militant group Hamas, The Washington Post reported.


Subject: Two New Laws Restrict Police Use of DNA Search Method
Source: The New York Times
https://www.nytimes.com/2021/05/31/science/dna-law-maryland-genetic-genealogy.html

Maryland and Montana have passed the nation’s first laws limiting forensic genealogy, the method that found the Golden State Killer. New laws in Maryland and Montana are the first in the nation to restrict law enforcement’s use of genetic genealogy, the DNA matching technique that in 2018 identified the Golden State Killer, in an effort to ensure the genetic privacy of the accused and their relatives.

Beginning on Oct. 1, investigators working on Maryland cases will need a judge’s signoff before using the method, in which a “profile” of thousands of DNA markers from a crime scene is uploaded to genealogy websites to find relatives of the culprit. The new law, sponsored by Democratic lawmakers, also dictates that the technique be used only for serious crimes, such as murder and sexual assault. And it states that investigators may only use websites with strict policies around user consent.

Montana’s new law, sponsored by a Republican, is narrower, requiring that government investigators obtain a search warrant before using a consumer DNA database, unless the consumer has waived the right to privacy.

“This bill strikes a balance between this very important technology to identify people that do the very worst things to our Marylanders, yet it balances that against the privacy concerns and the trust that we need from the public,” John Fitzgerald, the chief of the Chevy Chase Village Police Department, testified to the Maryland House Judiciary Committee in February.

Filed https://www.nytimes.com/section/science

RSS https://www.nytimes.com/svc/collections/v1/publish/https://www.nytimes.com/section/science/rss.xml


Subject: On the Taxonomy and Evolution of Ransomware
Source: Threatpost
https://threatpost.com/taxonomy-evolution-ransomware/166462/

Not all ransomware is the same! Oliver Tavakoli, CTO at Vectra AI, discusses the different species of this growing scourge.

Given the frequency with which “ransomware” appears in news articles, it may be worthwhile to take a step back and actually consider what the term means. Any malware or attack that culminates in extorting ransom from the victim is commonly referred to as ransomware. The general idea is to encrypt the victims’ data and to promise to deliver the key needed to decrypt it in return for a paid ransom.

But there are very different types of attacks which are all called “ransomware.” Let’s start by dissecting them.

Filed https://threatpost.com/microsite/infosec-insiders-community/


Subject: Your guide to protecting your privacy online
Source: FTC Consumer Information
https://www.consumer.ftc.gov/blog/2021/06/your-guide-protecting-your-privacy-online

The things we do throughout the course of our day give businesses access to information about our habits, tastes, and activities. Some might use it to deliver targeted ads to you, or to give you content based on your location, like stores nearby or the weather forecast. Others might sell or share that information. Whether you use a computer, tablet, or mobile phone to go online, there are things you can do to protect your privacy. Check out ftc.gov/yourprivacy, your guide to protecting your privacy online…

Blog Topics:
Privacy,
Identity & Online Security,
Online Security

See also (5 pages of annotated links): https://www.consumer.ftc.gov/search-terms/consumer-privacy


Subject: Science & Tech Spotlight: Digital Vaccine Credentials
Source: US GAO
https://www.gao.gov/products/gao-21-534sp

Fast Facts – Digital vaccine credentials can confirm that a person has been vaccinated or tested negative for COVID-19. They can be a tool to reduce the disease’s spread, and allow travel and other activities to resume safely. Users of such credentials can provide their COVID-19 information on a mobile device through a secure, digital code for fast and contactless scanning. Airports and other venues could process larger numbers of people more quickly with these credentials than with paper vaccine cards. However, challenges that may limit the use of these credentials include concerns about the security and privacy of users’ health data.

Full Report – https://www.gao.gov/assets/gao-21-534sp.pdf


Subject: Amazon’s Ring Finally Discloses Police Requests
Source: Gizmodo
https://gizmodo.com/amazons-ring-will-finally-make-police-requests-public-1847024491

Amazon’s Ring—a company that is famously pretty chummy with law enforcement—will now require law enforcement officials to make their requests for security footage public, the company said in a blog post published Thursday. Starting next week, any time an officer wants to ask Ring’s customers for any recordings that their cams picked up, they’ll need to use the customer-facing Neighbors app to do so.

Up until this point, law enforcement officials across the country that work with Ring were able to make their requests for footage using a dedicated portal built for this purpose. But as the Amazon-Cop relationship keeps getting deeper, concerns from civil rights groups and lawmakers over how this tech might be abused have grown. During an Amazon shareholder meeting last week, 35% of the attendees voted for a proposal meant to analyze how technologies like Ring and Amazon Rekognition disproportionally harm communities of color.

Per Ring’s new guidelines for these sorts of posts, police departments need to specify a specific time frame (between 15 minutes and 12 hours) for a video that they’re looking for. The requests are also limited geographically—cops can’t request footage from an area exceeding half a square mile. Not only that but any requests these agencies make can’t be altered or deleted once they’re submitted, meaning that they’ll be stuck on that agency’s Neighbors profile for good.

Filed https://gizmodo.com/tech/privacy-and-security


Subject: Android 12 Feature Will Let You Opt Out of App Tracking
Source: Gizmodo
https://gizmodo.com/google-will-let-you-opt-out-of-being-tracked-by-apps-in-1847029681

With Apple’s developer conference just around the corner, Google is reportedly planning to follow in its rivals footsteps by letting Android users opt out of being tracked by the apps they download from the Google Play store. A Google support page detailing how users can opt out of third-party tracking has generated a bit of buzz. Originally surfaced by the Financial Times, Google will introduce a switch for users later this year that turns off sharing the Advertising ID, which is the device identifier that lets marketers see your activity from app to app. (It’s also one of the identifiers that manufacturers had access to during the covid-19 contact tracing privacy snafu.) Android users can already limit system-wide ad-tracking or manually reset their Advertising ID to help throw off being tracked, but this new setting will let users opt out of any alternative device identifiers that developers also use to track your activity across apps.

Google announced a Play Store policy change in an email to developers. Those who try to access advertising IDs from users who have opted out will only see a “string of zeros” rather than the explicit numerical identifier.

From the Google support page: https://support.google.com/googleplay/android-developer/answer/6048248/advertising-id

Filed https://gizmodo.com/tech/google


Subject: The Limits of Law and AI
Source: University of Cincinnati Law Review, Vol. 90, No. 3, 2022, Available at SSRN: https://ssrn.com/abstract=3805453

“For thirty years, scholars in the field of law and artificial intelligence (AI) have explored the extent to which tasks performed by lawyers and judges can be assisted by computers. This article describes the medium-term outlook for AI technologies and explains the obstacles to making legal work computable. I argue that while AI-based software is likely to improve legal research and support human decisionmaking, it is unlikely to replace traditional legal work or otherwise transform the practice of law.”


Subject: Zoom could be letting your boss spy on you
Source: CNET
https://www.cnet.com/how-to/zoom-could-be-letting-your-boss-spy-on-you-all-the-privacy-risks-to-watch-out-for/

“Zoom makes video chatting with colleagues easy, but you might be giving away more than you bargained for. Here are some of the privacy vulnerabilities in Zoom that you should watch out for while working remotely…”

Posted in: AI, Civil Liberties, Communications, Criminal Law, Cybersecurity, Email, Gadgets/Gizmos, Legal Research, Privacy