The popular security website Have I Been Pwned (HIBP) “is a database of usernames or email addresses that have been exposed in data breaches. At the time of writing, it contains 9,543,096,417 records, which happens to be more than the population of Earth, showing the extent of such breaches.”
More » The Register
Dan Sabbagh, The Guardian »
MI5’s director general has called on technology companies to find a way to allow spy agencies “exceptional access” to encrypted messages, amid fears they cannot otherwise access such communications.
Sir Andrew Parker is understood to be particularly concerned about Facebook, which announced plans to introduce powerful end-to-end encryption last March across all the social media firm’s services.
In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.
Simple question » What are they trying to hide?
Tony Romm, Washington Post »
Republican Sen. Josh Hawley (Mo.), one of TikTok’s leading critics, had invited the two tech firms to appear at a March 4 session, his office confirmed Monday. Both previously had declined to testify at a hearing last year on the same issue.
TikTok confirmed Monday that it told Hawley it would dispatch a top aide to appear at an unspecified later date, just not next week, citing a recent raft of new hires at senior ranks of the company. Apple did not respond to a request for comment about its expected absence.
With TikTok, meanwhile, Hawley and other lawmakers have been sharply critical of its Chinese-based parent company, ByteDance. Despite its repeated assurances, TikTok has struggled to convince lawmakers that the app is operating independently from Beijing, which heavily censors online content.
Chinese companies are legally not allowed to be independent of their government. So it’s not unreasonable to be concerned. And both Apple and TikTok should be forthcoming and honest.
The EU and other world governments have suffered high profile data breaches, often because they were using insecure commercial apps, or apps that were handling data in ways that were not obvious or stated.
Signal is a true end-to-end messaging app that has been verified by security experts around the world. Journalist and activists dealing in sensitive areas where their lives are often at stake, depend on Signal.
Laurens Cerulus, Pro Publica »
The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.
The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.”
Privacy experts consider that Signal’s security is superior to other apps’. “We can’t read your messages or see your calls,” its website reads, “and no one else can either.”
The Signal App is available free on several platforms (iOS, Android, etc) through the official web site.
Associated Press via CTV News »
New York Sen. Chuck Schumer sent a letter letter Saturday to TSA Administrator David Pekoske, months after news reports that the U.S. government launched a national security review of the app, which is popular with millions of U.S. teens and young adults. Schumer also cited a Department of Homeland Security policy prohibiting TikTok on agency devices.
The TSA said in a statement Sunday that a “small number of TSA employees have previously used TikTok on their personal devices to create videos for use in TSA’s social media outreach, but that practice has since been discontinued.”.
Another consequence of Brexit.
Joseph Menn, Reuters »
The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement.
The change was described to Reuters by three people familiar with its plans. Google intends to require its British users to acknowledge new terms of service including the new jurisdiction.
Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world’s most aggressive data protection rules, the General Data Protection Regulation.
More » The Register
It might startle you to learn how little privacy protection is available to Americans.
Issie Lapowsky, Protocol »
The so-called Data Protection Act of 2020 would create the country’s first data protection agency to oversee how privacy laws in America are enforced and guide Congress on the development of those laws. The agency would be empowered to impose penalties on companies that violate people’s privacy, taken them to court, field consumer complaints, and launch investigations.
The agency would enforce current privacy laws and any future laws Congress passes and have rule-making authority to determine how those laws are carried out. Specifically, the agency would be able to conduct impact assessments on companies deploying “high-risk practices” with regard to data. That includes companies using data to profile people on a large scale. The bill also gives the agency the power to regulate consumer scoring in sensitive areas like housing, employment and education.
The agency would have subpoena power and the ability to take companies to court over violations of federal privacy law. It would also closely monitor large companies — both in terms of revenue and in terms of the amount of data they collect — and ask for reports from these companies, to ensure they’re complying with the law. Meanwhile, the agency would be tasked with guiding Congress on emerging technologies and representing the United States in international deals regarding privacy.
If the headline surprises you, you haven’t been paying attention. This has been going on for years. Ask Snowden.
What I’d like to know is how much tracking is DHS doing outside it’s borders?
US Department of Homeland Security (DHS) acknowledges tracking millions of smartphone users within the USA, despite a Supreme Court order limiting it’s authority to do so. DHS will not state how the data is being used.
Byron Tau and Michelle Hackman, Wall Street Journal »
The Trump administration has bought access to a commercial database that maps the movements of millions of cellphones in America and is using it for immigration and border enforcement, according to people familiar with the matter and documents reviewed by The Wall Street Journal.
The location data is drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user has granted permission to log the phone’s location.
More » Apple Insider
Statistics Canada states British Columbia had a population of 5.071 million last year.
This is what happens when companies prioritize profit over their duty to look after customer’s personal information.
Kendra Mangione, CTV News »
The massive cyberattack targeted a laboratory testing company with locations across Canada – primarily in B.C. and Ontario.
The company’s website claims more than a million Canadians use its services, and more than 112 million tests are performed by its labs each year.
Earlier Friday, Alberta’s privacy commissioner said nearly 22,000 Albertans may have been part of the estimated 15 million Canadians that could have had their data compromised.
LifeLabs president and CEO Charles Brown called the hack a “wake-up call,” and said “We all need to up our game to protect our customer data.”
Read the whole article at CTV »
Companies and their officers have a duty of care they are not meeting. This will happen again and again until businesses do much more than just speak about security. The number of breaches shows that self-regulation and self-policing often does not work. Stronger legislation, that include public accountability, hefty fines, and perhaps even criminal penalties need to be legislated to prevent this from happening.