Category: Security

Websites and apps breach children’s privacy

September 10, 2015 Abby Shulman Leave a comment Government, Privacy, Security

As the usage of apps and websites by kids increases, new conversations about children’s privacy must occur. The Global Privacy Enforcement Network (GPEN) did a recent study in which it found that of the 1,494 websites and apps samples, 41 percent compromised children’s privacy.

The data, collected form 29 protection regulators worldwide, found that 67 percent of the websites collected information from kids, and only 31 percent of sites had any controls to limit collection.

Many of the websites very popular with kids did have statements in their privacy policies indicating that the website was not intended for children. However, these websites generally did not have any further controls to prevent the collection of personal data. Of the total sample, 22 percent of sites had a category for kids to input phone numbers, and 23 percent had a place to upload photos or videos.

Furthermore, children’s information isn’t always contained on the original site. Kids were given the opportunity to be redirected to another site on 58 percent of sites; 50 percent of sites shared personal information with third parties.

Despite the holes in website security found, some websites did use recommended precautions like parental dashboards, pre-set avatars and usernames, just-in-time warnings before info is submitted, and chat filters.

Adam Stevens, the head of UK’s Information Commissioner’s Office, says that the ICO will be contacting problematic websites and apps, “making clear the changes we expect them to make. We wouldn’t rule out enforcement action in this area if required.”

Article via LegalTech News, September 3, 2015

Photo: Misi with a Phone via Balazs Koren [Creative Commons Attribution-NonCommercial-NoDerivs]

Hacking Team’s clientele- corrupt governments

September 4, 2015 Abby Shulman Leave a comment Cybercrime, Economy, Government, Human Rights, Justice, News, Privacy, Security, Tech

In July of 2015, 400 gigabytes of documents outlining the dealings of spyware company Hacking Team were released. The for-profit surveillance firm was found to work with oppressive regimes across the globe, including those of Russia, Ethiopia, Azerbaijan, Kazakhstan, Vietnam, Saudi Arabia, and Sudan. Also benefiting from the company’s exploitive surveillance tools is the US Bureau of Investigation, which has spent $775,000 on Hacking Team tools since 2011.

Hacking Team’s abilities are expansive. The firm can steal pre-encrypted data and passwords typed in Web browsers, as well as activate the microphone and camera on a target device. Users of Google Play and Apple stores may also be activating surveillance malware coded by Hacking Team.

Privacy and human rights advocates are outraged by the lack of legislation regulating firms like Hacking Team and its rival Gamma International, but regulation can be tricky. Badly drafted export controls could create red tape for journalists to circumvent when trying to access communications mechanisms or antivirus software. Syrian activists, for example, have cited American export controls as one of the leading obstacles of installing anti-surveillance software on phones and computers to protect their communications from the Assad regime.

The discussion is subtle, as it must take into account the personal liberties of global citizens, the dynamic nature of the technology industry, and the diverse interests of country governments.

Article via Committee to Protect JournalistsJuly 13, 2015

Photo: On the Phone via Artform Canada [Creative Commons Attribution-NonCommercial-NoDerivs]

 

 

 

Data encryption thwarts criminal investigations

September 3, 2015 Abby Shulman Leave a comment Citizen Justice, Court, Criminal Law, Ethics, Government, Justice, Legal News, News, Privacy, Security, Tech

According to Manhattan’s District Attorney, smartphone data encryption hinders criminal investigations in state courts. Cyrus R. Vance, Jr. testified to the Senate Judiciary Committee on July 8, 2015 in an effort to advocate legislation allowing law enforcement officials to access private phone data with judicial authorization.

Vance, Jr. cites that 71% of phone evidence in his office comes from Apple or Android devices. As a result, Apple and Google’s move to fully integrate data encryption in their next devices will significantly affect prosecution processes in state courts.

State courts adjudicate over 90% of all criminal cases annually, which means over 100,000 cases for Vance’s office alone.

“To investigate these 100,000 cases without smartphone data is to fight crime with one hand tied behind our backs,” he asserts.

Vance does not support bulk data collection or surveillance without authorization. Civil liberty and privacy advocates are still wary, however, and endorse data encryption overall. This sentiment is in relative accordance with statements from Deputy Attorney General Sally Yates and FBI Director James Comey. They say that the Obama administration has no current plans to mandate companies to provide federal agents encryption keys for their products, but they also recognize that companies should not make their devices “warrant-free zones” that impede law enforcement’s authorized access to criminal evidence.

Article via Legaltech NewsAugust 10, 2015

Photo: IPhone via Jorge Quinteros [Creative Commons Attribution-NonCommercial-NoDerivs]

Using mobile devices in health care, safely

September 1, 2015 Abby Shulman Leave a comment Cybercrime, Health Justice, Privacy, Security, Tech

The National Institute of Standards and Technology (NIST) released a practice guide on how health care providers can share patient information securely through mobile devices. The guide is the first in a series dedicated to the development of advanced cybersecurity for all organizations.

Tablets and smartphones are already integrated in the health professions, as 87% of physicians report using a tablet or smartphone in the workplace. Physicians can exchange patient information, submit medical claims, access electronic records, and e-prescribe through mobile devices. In general, the use of mobile devices for these tasks is efficient and less susceptible to error.

However, the use of tablets and smart phones for secure health information carries significant risk. Vital patient information could be leaked if the device were lost or stolen, or if a patient sent data through insecure cellular networks. Without developed authentication or data encryption, patients face the threat of “medical identity theft,” disastrous for both their own health and the success of their provider.

NIST guide seeks to mitigate risks through explicit instructions and hypothetical scenarios. The guide will take comments from the public until Sept. 25, 2015.

Article via Ice Miller Strategies LLC, August 6, 2015

Photo: Man at work–physician assistant via yooperann [Creative Commons Attribution-NonCommercial-NoDerivs]

New ruling bolsters cybersecurity

August 27, 2015 Abby Shulman Leave a comment Cybercrime, Government, News, Privacy, Security

In a ruling by the US Court of Appeals on Aug. 24, the Federal Trade Commission (FTC) has the authority to prosecute corporations that have insufficient cybersecurity to protect customers against hackers.

The Third Circuit ruled in favor of the FTC, which litigated the international hotel company Wyndham Worldwide Corporation for failing to prevent the theft of 619,000 customer’s personal and financial information by hackers. The hacking resulted in over $10.6 million in counterfeit charges.

Wyndham attempted to counter the Commission’s lawsuit in the US Court of Appeals, but the recent ruling declared the FTC’s actions legal.

The FTC will be expected “to increase its regulatory activity in this area now that its authority has been upheld,” says Michael Hindelang, head of the data security/privacy litigation and e-discovery/information management practice groups at Honigman Miller Schwartz and Cohn.

 

Article via Legaltech News, August 26, 2015

Photo: statue at Federal Trade Commission via sha in LA [Creative Commons Attribution-NonCommercial-NoDerivs]

China gains more internet control after passing cyber security law

July 14, 2015 Christy Leos Leave a comment Government, Human Rights, Justice, News, Privacy, Security

China has censored the internet again after adopting a new national cyber security law that seeks to make data, IT infrastructure and systems, and the internet  in certain areas “secure and controllable,” according to the National People’s Congress website.

Reporters were told by Zheng Shuna, of the NPC’s Legislative Affairs Commission, that cyberspace sovereignty is “the embodiment and extension of national sovereignty” and an important part of national infrastructure (according to Xinhua, a state-owned news agency).

Article via Above The Law, 10 July 2015

Photo:China Flag via Bryan Jones [Creative Commons Attribution-NonCommercial-NoDerivs]