Wednesday, February 06, 2019

How fragile is Internet service?
Comcast service mostly back after gunfire damage causes outages in Charleston area
Cable and Internet giant Comcast said its telecommunications network in the Charleston region was damaged by stray gunfire Monday morning, leading to outages across parts of its local service area.
… Workers found a .45-caliber bullet lodged in a fiber-optic cable, he said.




Perspective. Acknowledged or not, this is an arms race and a cyber-Maginot line will not suffice.
France Latest Nation to Acknowledge Offensive Cyber Operations
… At the beginning of 2019, French Defense Secretary Florence Parly publicly acknowledged in a speech delivered at the Forum International de Cybersecurité in Lille, France that her nation was changing its posture from “active defense” to “offensive cyber capabilities.” This was not just a throwaway line in a speech, either: it was the public articulation of a very real change in the way that France views the global cyber threat matrix. As Parly herself pointed out, “Cyber war has begun.” And France is not about to sit around idly as other nations mobilize offensive cyberspace operations (OCO).
… In shifting from defense to offense in its cyber operations, France appears to be following the lead of the United States, which recently announced a major policy change of its own back in September 2018. At that time, the Trump Administration authorized offensive cyber operations. National Security Advisor John Bolton officially eased the rules that prevented the Department of Defense from coordinating offensive cyber attacks against the enemy.
… What’s worrisome, however, is that the U.S. specifically pointed to two of the world’s most powerful state actors – Russia and China – as its primary adversaries in cyberspace, and not a rogue nation like Iran or North Korea. In other words, the threat of a terrorist organization carrying out a cyber attack on the U.S. homeland now appears to be much less than that of a major nation-state carrying out a coordinated attack against the U.S. infrastructure.
… With the easing of the rules of engagement in cyberspace, the U.S. military would largely be free to engage in any action that falls below the important threshold known as the “use of force.” In other words, as long as the U.S. military or cyber defense team decided that a threat was imminent against the U.S, grid (or any network deemed to be critical), it could launch a cyber attack that did not result in death, destruction, or extreme financial damage.




Japan has the equivalent of the GDPR. Unlikely the US ever will.
EU and Japan Create World’s Largest Area of Safe Data Transfers
On 23 January, the European Commission announced that it had adopted an adequacy decision in relation to Japan, to enter into force immediately. The mutual agreement, which covers Japan’s 127m citizens as well as the whole of the EU, allows personal data to be transferred between Japan and the EU without the need for additional safeguards such as Standard Contractual Clauses, and creates the largest area of safe data transfers in the world.
… For the European Commission to grant an adequacy decision, a country’s data protection laws must provide adequate protection for personal data, which means an ‘essentially equivalent’ level as the EU’s GDPR. Countries are not, however, required to have exactly the same laws as the EU in place.




Is a warrant so difficult or time consuming that it is worth the risk to skip it?
Ben Spurr has an update on a privacy travesty that has been going on for about two years:
Law enforcement officers are increasingly seeking access to personal information stored on transit riders’ Presto fare cards, with requests for the data spiking by 47 per cent in 2018 compared to the year before.
And while Metrolinx, the provincial agency that controls Presto, only acceded to a minority of the requests, in 22 instances related to law enforcement investigations or suspected offences the agency divulged card users’ information without requiring a warrant or court order, a practice that has troubled rights groups since its was first exposed by the Star two years ago.
Read more on The Star.
But over on Twitter, law professor Lisa Austin offered a possible justification/explanation:
The disclosures are about crimes on their property. OCA in R v Ward said that a telecom has legitimate interests in voluntary disclosure where the investigation involves the criminal misuse of its services. Maybe that's what they are using. Not so convincing.
Tamir @tamir_i
Replying to @leahwest_nsl @Lisa_M_Austin
They claim it's not blocked by ON FIPPA or the Charter.




Think of it as a police body camera for the rest of us?
… Today, the USPTO has granted a patent that could see the S Pen also used as a camera with an optical zoom — potentially removing the need for a camera notch (or hole-punch).




Design failure? Can’t update the software even though the watch “communicates?”
EU orders recall of children's smartwatch over severe privacy concerns
For the first time, EU authorities have announced plans to recall a product from the European market because of a data privacy issue.
The product is Safe-KID-One, a children's smartwatch produced by German electronics vendor ENOX.
According to the company's website, the watch comes with a trove of features, such as a built-in GPS tracker, built-in microphone and speaker, a calling and SMS text function, and a companion Android mobile app that parents can use to keep track and contact their children.
… "The mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data," said authorities in the RAPEX alert. "As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed."
On top of this, authorities also said that "a malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS."
All of these were seen as huge privacy issues by Icelandic consumer protection authorities, which asked EU authorities for the product's recall.
… While ENOX is the first children's smartwatch vendor to have its products recalled on the EU market, more are bound to follow. Other smartwatches are most likely to exhibit similar privacy and security holes.
Some of these are listed in an October 2017 report from the European Consumer Organisation (BEUC). Back then, BEUC issued a public service announcement on the security and privacy concerns surrounding several children's smartwatch models, warning that most products are rife with security flaws and that they should not be in stores, to begin with.




Courts are not always logical.
When Jazz Was a Public Health Crisis
In 1923, the Illinois Supreme Court upheld a ruling shutting down a dance hall that featured jazz music. The opinion, shared by many in polite society, made clear that jazz was considered not just a mere nuisance, but a danger to health and public safety. The court stated that the music
is not only disagreeable but it also wears upon the nervous system and produces that feeling which we call “tired.” That the subjection of a human being to a continued hearing of loud noises tends to shorten life . . . is beyond all doubt.


No comments: