Imagine
(insert country name here)
backed companies as the lowest cost manufacturer of voting machines.
Report:
Election Vendors Are 'Prime Targets,' Need Oversight
The
private companies that make voting equipment and build and maintain
voter registration databases lack any meaningful federal oversight
despite the crucial role they play in U.S. elections, leaving the
nation's electoral process vulnerable to attack, according to a new
report.
The
Brennan Center for Justice on Tuesday issued the report, which calls
on Congress to establish a framework for federal certification of
election vendors.
(Related)
Would the response be different depending on which party is in
power?
Labour
cyber-attack: Hostile nation state could be behind hack, ex-GCHQ boss
says
A
former GCHQ boss has said nation state hackers may have been behind
the "large-scale cyber attack" on the Labour Party.
The
party's digital platforms were hit by a "sophisticated and
large-scale" cyber attack on Tuesday morning, a Labour
spokesperson admitted, although it failed because of the party's
"robust security systems" and they
were confident that no data breach occurred. [Confident
enough to risk the next election? Bob]
I
don’t think my students really believe me when I tell them this is
how it works. It’s a Catch 22. A breach is evidence of
non-compliance.
PCI
DSS Compliance Between Audits is Declining: Verizon
Companies
subject to PCI DSS security requirements are audited once per year,
yet many of these companies continue to be breached. It is not that
PCI DSS fails, but that companies fail to maintain compliance from
one audit to the next. According to Verizon's 2016-2018 dataset, at
the time of a breach, no organization was compliant across all 12 PCI
DSS requirements.
This
is the primary thrust of the Verizon
2019 Payment Security Report --
the eighth annual report (PDF
)
on the state of PCI DSS compliance: compliance sustainability from
one annual audit to the next. "Most
companies are able to achieve compliance fairly easily,"
Rodolphe Simonetti, managing director of Verizon's global security
consulting, told SecurityWeek,
"but what is important is maintaining compliance throughout the
year. This is the only way to mitigate risk and manage security
properly."
"We
can definitively state," says the Verizon report, "we have
never reviewed an environment or investigated a PCI data breach
involving an affected entity that was truly PCI DSS compliant—even
if it had a signed Attestation of Compliance (AOC)." While it
cannot confirm industry claims that no PCI DSS compliant company has
ever been breached, it does say categorically that no
covered breached company within its purview was actually compliant at
the time of the breach.
DHS
Policy can not amend the constitution. So will each port of entry
now need a judge 24X7 to issue warrants?
Federal
Court Rules Suspicionless Searches of Travelers’ Phones and Laptops
Unconstitutional
EFF
– Government
Must Have Reasonable Suspicion of Digital Contraband Before Searching
People’s Electronic Devices at the U.S. Border
– “In a major victory for privacy rights at the border, a federal
court in Boston ruled
today
that suspicionless searches of travelers’ electronic devices by
federal agents at airports and other U.S. ports of entry are
unconstitutional. The ruling came in a lawsuit, Alasaad
v. McAleenan,
filed by the American Civil Liberties Union (ACLU), Electronic
Frontier Foundation (EFF), and ACLU of Massachusetts, on behalf of 11
travelers whose smartphones and laptops were searched without
individualized suspicion at U.S. ports of entry.”
- For more on this case: https://www.eff.org/cases/alasaad-v-duke
- For more about border searches: https://www.eff.org/issues/border-searches
(Related)
The
Electronic Frontier Foundation (EFF) sued the Department of Homeland
Security (DHS) today to obtain information that will shine a light on
the agency’s use of Rapid
DNA technology on
migrant families at the border to verify biological parent-child
relationships.
In
a Freedom of Information Act (FOIA) complaint filed today in federal
court in San Francisco, EFF asked a judge to require DHS to disclose
information about the agency’s deployment of Rapid DNA systems,
including the number of individuals whose DNA has been collected, the
accuracy of DNA matches, and the exact gene processing used to
identify parent-child relationships. The lawsuit also seeks training
materials, consent forms and privacy statements given to families,
and locations of DHS’s Rapid DNA pilot programs.
According
to media
reports,
DHS, and its component Immigration and Customs Enforcement (ICE),
began a pilot program in May to conduct Rapid DNA testing on adults
and children presenting themselves at the U.S. border. The purpose
of the testing was to
find individuals who were not related through a biological
parent-child relationship and prosecute them for fraud.
The pilot program then grew,
with testing at seven locations at the U.S.-Mexico border. In June,
DHS indicated that Rapid DNA testing is now part of the agency’s
policy.
- For the complaint: https://www.eff.org/document/eff-v-dhs-migrant-dna-foia
- For more about Rapid DNA: https://www.eff.org/deeplinks/2012/12/rapid-dna-analysis
It’s
the tools you don’t control that cause concern.
Facebook
is secretly using your iPhone’s camera as you scroll your feed
… The problem becomes evident due to a bug
that shows the camera feed in a tiny sliver on the left side of your
screen, when you open a photo in the app and swipe down. TNW has
since been able to independently reproduce the issue.
Maddux adds he found the same issue on five iPhone
devices running iOS 13.2.2, but was unable to reproduce it on iOS 12.
“I will note that iPhones running iOS 12 don’t show the camera
(not to say that it’s not being used),” he said.
… Update
November 13, 7:20AM UTC: Facebook
has confirmed the issue, calling it a bug (who would’ve guessed,
right?).
The pendulum swings further to the consumers
favor?
EU adopts
New Deal for Consumers
On
November 8, 2019, the European Union adopted the “Directive
Modernizing Consumer Law”.
This directive is part of the so-called “New Deal for Consumer”
(see here
),
a package of legislative reforms designed to revise existing EU
consumer laws. The main objective of these reforms is to adapt EU
consumer protection legislation to the realities of the digital era,
as well as to foster transparency and ensure effective enforcement of
consumer protection laws.
The
directive amends the following existing EU consumer laws:
No comments:
Post a Comment