Thursday, May 30, 2019


A problem my Computer Security students must address.
New Zealand Says Budget Leak Was Bungled, Not Hacked
The Treasury department called in police this week after the opposition National Party released parts of the government's annual budget, which was not due for release until Thursday.
At the time, Treasury Secretary Gabriel Makhlouf said his department had fallen victim to a "systematic" and "deliberate" hack, rejecting "absolutely" any suggestion the information had been accidentally posted online.
He was forced into an embarrassing backdown Thursday after police found no evidence that illegal activity was behind the leak.
"On the available information, an unknown person or persons appear to have exploited a feature in the website search tool but... this does not appear to be unlawful," Makhlouf said in a statement.
He said Treasury prepared a "clone" website ahead of the Budget's release but did not realise that entering specific search terms on it revealed embargoed information. [Did they test it? Bob]




Interesting question. Do you want an employee who can’t learn? I am a fan, but I suspect some lawyers might not be?
Should Failing Phish Tests Be a Fireable Offense?
Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach).




Another Computer Security resource. If you misidentify it, you probably won’t secure it properly.
FPF and IAF Release “A Taxonomy of Definitions for the Health Data Ecosystem”
Healthcare technologies are rapidly evolving, producing new data sources, data types, and data uses, which precipitate more rapid and complex data sharing. Novel technologies—such as artificial intelligence tools and new internet of things (IOT) devices and services—are providing benefits to patients, doctors, and researchers.
… Understanding the evolving health data ecosystem presents new challenges for policymakers and industry. There is an increasing need to better understand and document the stakeholders, the emerging data types and their uses.
The Future of Privacy Forum (FPF) and the Information Accountability Foundation (IAF) partnered to form the FPF-IAF Joint Health Initiative in 2018. Today, the Initiative is releasing A Taxonomy of Definitions for the Health Data Ecosystem; the publication is intended to enable a more nuanced, accurate, and common understanding of the current state of the health data ecosystem.
[Read the taxonomy here:




Not a backdoor, it simply removes the wall.
Apple, Google and WhatsApp condemn UK proposal to eavesdrop on encrypted messages
In practice, the proposal suggests a technique which would require encrypted messaging services — such as WhatsApp — to direct a message to a third recipient, at the same time as sending it to its intended user.
In an open letter to GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp have jointly urged the U.K. cybersecurity agency to abandon its plans for a so-called “ghost protocol.”
It comes after intelligence officials at GCHQ proposed a way in which they believed law enforcement could access end-to-end encrypted communications without undermining the privacy, security or confidence of other users.
The pair said it would be “relatively easy for a service provider to silently add a law enforcement participant to a group chat or call.”
In practice, the proposal suggests a technique which would require encrypted messaging services — such as WhatsApp — to direct a message to a third recipient, at the same time as sending it to its intended user.




You can tell they’ve been following this topic.
GDPR – The Year in Review
Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared a compilation of key GDPR-related developments of the past 12 months. The compilation covers regulatory guidance, enforcement actions, court proceedings, and various reports and materials.


(Related) When will we hit the tipping point, where the EU goes after these people?
One Year Into GDPR, Most Apps Still Harvest Data Without Permission
While good-acting companies knock themselves out trying to comply with data protection and privacy laws, and regulators debate the minutiae of cookie consent policies, bad actors simply couldn’t care less.
Apps often presented users with a consent notice screen and then ignored the user’s choice, transmitting the data regardless of the user’s preference.
The regulation exists, but is there a body in Belgium looking at the mobile ecosystem to try and determine which calls from a device are legitimate or not – hell no, that’s not happening,” said Grant Simmons, head of client analytics at Kochava.
But even if there was, this stuff is hard to catch by design, Simmons said. Around 30% of the data calls transmitted to and from devices are encrypted and when fraudsters enter the picture, they usually use transitory domains to obscure their actions, including data harvesting.




Hey, it’s a start!
10 things we should all demand from Big Tech right now
We need an algorithmic bill of rights. AI experts helped us write one.
I Transparency: We have the right to know when an algorithm is making a decision about us, which factors are being considered by the algorithm, and how those factors are being weighted.
VII Redress: We have the right to seek redress if we believe an algorithmic system has unfairly penalized or harmed us.


(Related) A Canadian version?
Canada's Digital Charter: Trust in a digital world
See Canada's Digital Charter and how the Government of Canada is building this foundation of trust and encouraging continued growth across our economy. It relies on governments, citizens and businesses working together to ensure that privacy is protected, data is kept safe, and Canadian companies can lead the world in innovations that fully embrace the benefits of the digital economy.




Will Google become liable for ‘encouraging’ drivers to speed?
Google Maps adds ability to see speed limits and speed traps in 40+ countries



No comments: