Saturday, September 01, 2018

If my job was to identify potential spies, I certainly would. After all, spying is a job.
U.S. Government Thinks China Is Using LinkedIn to Enlist American Spies
The U.S. government believes China is using fake LinkedIn accounts to recruit American spies with government intel and is calling on the company to help shut them down.
According to Reuters, which broke the story Friday morning, intelligence and law enforcement have placed pressure on LinkedIn, owned by Microsoft, to thwart the budding espionage network. U.S. counter-intelligence chief, William Evanina, is the source of the allegations and claims to have warned the networking platform about China’s “super aggressive” tactics on the site, including their mass-messaging of thousands of users at a time.




...and if I wanted to sneak a spy into the US, I’d do it through Canada.
Air Canada admits app data breach included customers’ passport details
All 1.7 million users of Air Canada’s mobile app have had their passwords reset by the company following a security breach which saw hackers compromise up to 20,000 accounts last week.
A security notice published by the company explains that it detected “unusual login behaviour” related to the smartphone Air Canada app between August 22-24 2018, that may have seen 20,000 profiles “improperly accessed.”
… The company says that credit and payment card information was encrypted, and was not compromised in the security breach.
However, victims who have had their passport details stolen may face serious consequences, as fraudsters could use the details to set up accounts with insurance firms, mobile phone operators, banks and the like if they do not require sight of the physical passport.
… There is also a risk that a fraudster could use the stolen information to request a new physical passport. However, Air Canada says that the Canadian government describes that risk as “low” provided the genuine passport holder still has physical ownership of the document.
BBC News, however, raises the issue that Air Canada required account passwords to merely be between 6 and 10 characters, and could not contain symbols. That, in itself, goes against the Canadian government’s own password advice.




Just nailing down a small part of the remaining fraction they don’t already know about us?
Mark Bergen and Jennifer Surane report:
For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.
But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement.
Read more on Bloomberg.




Seems too simple to work. Assumes WhatsApp users listen to radio. Is that based on their e-dossier?
WhatsApp kicks off radio campaigns in India to tackle fake news
In a bid to crackdown on spread of fake news on its platform, WhatsApp on Wednesday said it is rolling out radio campaigns across various Indian states, asking people to check the veracity of information received as a forward before they share it with others.




“We want to tell the voters that we did something. We don’t care if you can actually enforce the law.”
Becerra Rips Lawmakers for 'Unworkable' Provisions in New Data Privacy Law
California Attorney General Xavier Becerra lashed out at lawmakers for imposing “unworkable obligations and serious operational challenges” on his office by effectively making him the chief enforcer of the state’s sweeping new data privacy law.
In an Aug. 22 letter to legislators who helped get the law passed in June, Becerra complained that his office is not equipped to handle all the related duties, including quickly drafting regulations and advising businesses about compliance with the California Consumer Privacy Act, or CCPA.
… Becerra also questioned the legality of the civil penalties included in the new law, which he said improperly modified the state’s Unfair Competition Law, or UCL.
“The UCL’s civil penalty laws were enacted by the voters through Proposition 64 in 2004 and cannot be amended through legislation,” Becerra wrote.




An interesting move. Will Apple “approve” each policy?
… The tech giant announced to developers on Thursday that all new apps as well as app updates are required to have a privacy policy beginning October 3 of this year. This applies to apps submitted both through Apple’s App Store as well as TestFlight, a mobile app testing service owned by Apple. Apple’s announcement notes that the privacy policy link or text an [sic]only be edited when a developer submits the latest version of their app.
… In the guidelines, Apple states that developers must “clearly and explicitly” inform users what data apps collect and how that data is used in their privacy policies, confirming if there are third parties that can access that data. Apple also states that apps that do collect data must ask for consent, and that apps “should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task.”




For those of us who are serious about Privacy?
FPF Launches Virtual Privacy Book Club
We are pleased to announce the launch of our Privacy Book Club! The FPF Privacy Book Club will provide members with the opportunity to read a wide range of books — privacy, data, ethics, academic works, and other important data relevant issues — and have an open discussion of the selected literature.
The FPF Privacy Book Club will be held on the last Wednesday of each month. A virtual conference dial-in will be sent to book club members, which will include a video chat, phone line, and an online chat. You can join the Privacy Book Club by registering here. Please feel free to share the sign up link with your friends and colleagues who may be interested in participating.
The first FPF Privacy Book Club will be held Wednesday, September 26, 2018, at 2:00 pm (EST). We are excited to share that FPF Advisory Board member and author, Professor Woodrow Hartzog, will be joining the discussion to introduce his book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies, and to answer a few questions. After hearing from Woody, we will host an open discussion of the book for the remainder of the meeting.
To learn more about FPF’s Privacy Book Club or to provide suggestions for future readings, please contact Michelle Bae, FPF Berkower Memorial Fellow, at mbae@fpf.org.




Another ‘future’ for my students to consider.
Going Cashless: What Can We Learn from Sweden’s Experience?
Sweden is regarded as the poster child of cashless countries and is expected to become the world’s first cashless society by March 2023. This means that cash will not be a generally accepted means of payment in Sweden. This journey has been powered by various factors such as a robust card payment system, strong internet infrastructure, a popular mobile payment app, supportive legal framework and a cultural mistrust of cash.
… We found that when cash transactions fall below 7% of the total payment transactions, it becomes more costly to manage cash than the marginal profit on cash sales. When this happens, an economically rational retail management should stop accepting cash.
This is possible in Sweden because even though cash is a legal tender, contract laws have a higher precedence than banking and payment laws here. If a store puts up a sign that it does not accept cash, then you, as a customer, have entered a contract or an agreement with that store that they don’t accept cash.


No comments: