fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

The Police Can Probably Break Into Your Phone

At least 2,000 law enforcement agencies have tools to get into encrypted smartphones, according to new research, and they are using them far more than previously known.

At least 49 of the 50 largest U.S. police departments have the tools, according to the records, as do the police and sheriffs in small towns and counties across the country. And local law enforcement agencies that don’t have such tools can often send a locked phone to a state or federal crime lab that does.

With more tools in their arsenal, the authorities have used them in an increasing range of cases, from homicides and rapes to drugs and shoplifting, according to the records.

Source: The Police Can Probably Break Into Your Phone – The New York Times

Activists Turn Facial Recognition Tools Against the Police

Mr. Howell is a lifelong protester and self-taught coder. He had begun researching how to build a facial recognition product that could defeat officers’ attempts to shield their identity.

Mr. Howell is not alone in his pursuit. Law enforcement has used facial recognition to identify criminals, using photos from government databases or, through a company called Clearview AI, from the public internet. But now activists around the world are turning the process around and developing tools that can unmask law enforcement in cases of misconduct.

Full article: Activists Turn Facial Recognition Tools Against the Police – The New York Times

UK police get access to people told to self-isolate

People who have been told to self-isolate through NHS test and trace could have their contact details passed to police, a move some fear could deter people from being tested for coronavirus.

Police forces will be able to access information about people “on a case-by-case” basis, so they can learn whether an individual has been told to self-isolate, the Department of Health and Social Care (DHCS) said.

Source: Police get access to people told to self-isolate by NHS test and trace

The Netherlands Is Becoming a Predictive Policing Hot Spot

A report released late last month by Amnesty International revealed that Dutch law enforcement have been engaged in a number of predictive-policing pilots and referred to the Netherlands as “one of the countries at the forefront of predictive policing in practice.”

The project is not only intrusive, the report claims, but discriminatory by design, since its aim is to fight “mobile banditry” (crimes like theft, pickpocketing, and drug trafficking), a term which explicitly excludes people of Dutch nationality and assumes that the offender is either of Eastern European origin or Romani, a minority ethnic group.

‘Predictive policing projects like these are explicitly biased and prejudiced and rely on data that is explicitly biased and prejudiced, but nobody does anything about it.’ says Amnesty International.

Source: The Netherlands Is Becoming a Predictive Policing Hot Spot

CBP expands facial recognition program to international travelers at San Francisco and San Jose airports

U.S. Customs and Border Protection (CBP) announced the expansion of its Simplified Arrival program, which uses facial recognition to verify the identity of airline travelers arriving in the U.S.

According to a press release, Simplified Arrival is now in use at San Francisco International Airport and Norman Y. Mineta San Jose International Airport following recent installations in Detroit and Houston.

Source: CBP expands facial recognition program to international travelers at San Francisco and San Jose airports | VentureBeat

US Homeland Security collaring a suspected arsonist after asking Google for the IP addresses of folks who made a specific search

An unsealed warrant in a case involving alleged pedophile R&B star R. Kelly has shown how the Feds can get Google to hand over the details of people who make specific web search queries.

It raises a mild concern that if Uncle Sam’s request is too broad, and Google can’t or won’t resist the order, you could be swept up into an investigation simply by searching for the wrong thing at the wrong time. We note, though, that in this particular tale, the query was rather narrow, and Google insists it challenges overly broad warrants.

Source: Here’s US Homeland Security collaring a suspected arsonist after asking Google for the IP addresses of folks who made a specific search • The Register

Fitbit Spyware Steals Personal Data via Watch Face

Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.

A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server.

Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit devices are loaded with sensitive personal data.

“Essentially, [the developer API] could send device type, location and user information including gender, age, height, heart rate and weight,” Breen explained. “It could also access calendar information. While this doesn’t include PII profile data, the calendar invites could expose additional information such as names and locations.”

Source: Fitbit Spyware Steals Personal Data via Watch Face | Threatpost

Twitter Data-Breach Case Won’t Be Resolved Before Year’s End

European privacy regulators are unlikely to issue a final ruling on Twitter’s handling of a 2019 data breach before the end of the year, Ireland’s data commissioner said.

Under the General Data Protection Regulation, the European Union’s 2018 data privacy law, Twitter faces a fine of up to 2% of its global revenue last year, or roughly $69 million, for failing to disclose the breach within 72 hours.

Helen Dixon, head of Ireland’s Data Protection Commission, in May submitted a draft decision to more than two dozen of the bloc’s privacy regulators for review, as required under the law. Eleven regulators objected to the proposed ruling, sparking a lengthy dispute-resolution mechanism, she said. The contents of the draft decision haven’t been disclosed.

Source: Twitter Data-Breach Case Won’t Be Resolved Before Year’s End, Ireland’s Regulator Says – WSJ

No GDPR damages after data breach, says German court

In a civil action following a personal data breach affecting a credit card bonus programme, the Regional Court (Landgericht) Frankfurt am Main rejected claims by a data subject who was affected by the breach for a cease-and-desist injunction and for compensation for non-material damage under Article 82(1) GDPR.

The decision is in line with the majority of similar restrictive interpretations of Article 82(1) GDPR by other German courts, requiring evidence of objective harm. Nevertheless, there are also a few more “generous” court decisions favoring a subjective test for proof of non-material damage.

Source: Germany: No GDPR damages after data breach – Privacy Matters

ICO fines British Airways £20m for data breach affecting more than 400,000 customers

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

Source: ICO fines British Airways £20m for data breach affecting more than 400,000 customers | ICO

1 2 3 129
>