“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law.
To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn’t always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection—though this language still wasn’t explicit about what was collected and why—and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen.
In a speech delivered at the United States Naval Academy on October 10, Deputy Attorney General Rod Rosenstein waded into the public debate between data privacy and law enforcement interests. As part of a discussion moderated by former Covington cybersecurity attorney Jeff Kosseff, Rosenstein’s remarks discussed cyber issues facing law enforcement with a particular focus on the advent of “warrant-proof” encryption. In his view, warrant-proof encrypted data and devices are unable to be intercepted or unlocked by law enforcement, even with a court order.
Noting that “[p]rivate sector entities are crucial partners” in the fight against cyber threats, Rosenstein expressed concerns about the role played by tech companies in advancing warrant-proof encryption. While recognizing the need to balance important privacy interests against law enforcement priorities, Rosenstein argued that “[w]arrant-proof encryption defeats the constitutional balance by elevating privacy above public safety.”