Everybody’s doing it. Not just evil hackers.
Huawei
Frightens Europe's Data Protectors. America Does, Too
A foreign power with possible unbridled access to
Europe’s data is causing alarm in the region. No, it’s not
China. It’s the U.S.
As the U.S.
pushes ahead with the “Cloud Act” it enacted about a year ago,
Europe is scrambling to curb its reach. Under the act, all U.S.
cloud service providers from Microsoft
and IBM to Amazon
– when ordered – have to provide American authorities data stored
on their servers regardless of where it’s housed. With those
providers controlling much of the cloud market in Europe, the act
could potentially give the U.S. the right to access information on
large swaths of the region’s people and companies.
… The Cloud Act (or the “Clarifying Lawful
Overseas Use of Data Act”) addresses an issue that came up when
Microsoft in 2013 refused to provide the FBI access to a server in
Ireland in a drug-trafficking investigation, saying it couldn’t be
compelled to produce data stored outside the U.S.
The act’s extraterritoriality spooks the
European Union – an issue that’s become more acute as
trans-Atlantic relations fray and the bloc sees the U.S. under Trump
as an increasingly unreliable ally.
For my Computer Security students.
Practitioner’s
Guide for Assessing the Maturity of IoT System Security
The Industrial
Internet Consortium® (IIC™), now incorporating
OpenFog, announces the Security
Maturity Model (SMM) Practitioner’s Guide, which provides
detailed actionable guidance enabling IoT stakeholders to assess and
manage the security maturity of IoT systems.
(Related)
European
Telecommunications Standards Institute Publishes New IoT Security
Standard
On
February 19, the European Telecommunications Standards Institute
(ETSI) published the ETSI TS 103 645 V1.1.1 – or more simply, a
high-level outcome-focused standard (PDF)
for cybersecurity in the consumer-oriented Internet of Things (IoT).
… The
cybersecurity provisions are provided in section 4 of the standard.
There are thirteen in total, some being simple statements and others
comprising multiple subsections. For example, the total of provision
4.1 requires little more than its heading: "No
universal default passwords."
Too
useful to stop, so we’d best figure out how to do it correctly.
Jeffrey C. Skinner and Craig A. Newman of
Patterson Belknap write:
The
use of biometric technology is fast becoming the next big thing in
privacy litigation. There was last month’s decision
by the Illinois Supreme Court that upheld a consumer’s right to sue
companies for collecting biometric data – such as fingerprints and
iris scans – without first disclosing how such information will be
used. See our blog on that ruling here.
And
now, the debate surrounding the use and collection of biometric data
has expanded beyond challenging the biometric collection practices in
the private sector, to challenging the practices of state and local
governments including law enforcement.
In
Center for Genetics and Society v. Becera, a lawsuit
filed late last year in California state court, two nonprofit
organizations and an individual sued the state of California,
challenging its DNA
Fingerprint, Unsolved Crime and Innocence Protection Act (the
“DNA Act”). The DNA Act authorizes the retention of DNA samples
collected from people arrested on suspicion of a felony.
Read more on Data
Security Law Blog.
What would a few thousand carefully worded
discovery requests do to a small firm?
Californians
could sue companies over privacy violations
State officials proposed a new amendment to the
California Consumer Privacy Act (CCPA) on Monday that would allow
consumers to sue companies that violate the new law. Currently,
consumers can only file a lawsuit if they're victims of a data breach
and only when the state's department of justice has decided not to
sue on consumers' behalf.
… James P. Steyer, CEO of Common Sense, a
non-profit organization that promotes safe technology use, said the
amendment will take some of
the burden of enforcing and monitoring violations off the attorney
general's plate.
"Companies with endless resources will do
everything they can to make it difficult for the AG," Steyer
said in a statement. "By allowing consumers their own right to
take action to hold bad actors accountable for violating their
privacy, this law adds needed enforcement teeth to CCPA and Common
Sense is firmly in support."
The amendment would also remove
the current waiting period that gives businesses 30 days to attempt
to remedy a violation and retract any exposed data from
public view to avoid penalties.
… This new amendment follows legislation
proposed on Thursday that would require companies to notify
California residents when their passport, passport card or green card
numbers are compromised in data breaches. It would also require
customers be notified of compromised biometric information such as
fingerprints.
(Related) Some topics that need discussion?
You’re
Invited to an In-Person Event: CCPAnow: Understanding the Challenge
Ahead And What You Should Be Doing Now
A few key topics that will be addressed are:
- How should you interpret key definitions like “personal information,” “sale,” “third party,” and “business” when operationalizing the CCPA?
- How far does a business have to go to implement a consumer’s opt-out of sales to third parties?
- How will the financial incentives and anti-discrimination provisions actually work when consumers exercise their rights?
- What is happening in the California Office of the Attorney General’s rulemaking process once the March 8th deadline for written comments has passed?
(Related)
How
important is your privacy?
Axios:
“…A full 81% of consumers say that in the past year they’ve
become more concerned with how companies are using their data, and
87% say they’ve come to believe companies that manage personal data
should be more regulated, according to a survey out Monday by IBM’s
Institute for Business Value. Yes, but: They aren’t
totally convinced they should care about how their data is being
used, and many aren’t taking meaningful action after privacy
breaches, according to the survey. Despite increasing data risks,
71% say it’s worth sacrificing privacy given the benefits of
technology…”
Lawyers recommending surveillance?
Joe Cadillic writes:
Arizona State University (ASU) which spent $307 million to renovate Sun Devil Stadium has learned a lot about Smart City surveillance.
ASU used facial recognition to spy on alumni, students, faculty and families. And now they want to share what they learned by bringing it to a stadium or city near you.
An article in the Tech Republic revealed that Sun Devil Stadium and Croke Park in Ireland used facial recognition cameras to spy on fans.
Read more on MassPrivateI.
My students would never make such an assumption!
No comments:
Post a Comment