This shakes my (not very substantial) faith in government security.
Multiple break ins, physical devices installed on computers, massive
data copying after hours and NO ONE NOTICED?
Luke
Rosiak reports:
A former IT aide to New Hampshire Democratic Sen. Maggie Hassan mounted an “extraordinarily extensive data-theft scheme” against the office, the culprit’s plea agreement states.
The plot included the installation of tiny “keylogging” devices that picked up every keystroke. Between July and October 2018, former IT aide Jackson Cosko worked with an unnamed accomplice, a then-current Hassan employee, who repeatedly lent him a key that he used to enter the office at night and who allegedly tried to destroy evidence for him.
Read
more on The
Daily Caller .
[From
the article:
The
theft occurred after Cosko was fired from Hassan’s office in May
2018 for undisclosed reasons, then hired by Democratic Texas Rep.
Sheila Jackson Lee, giving
him access to the House computer network.
I
suspect many accounts had to be redirected. The process for
confirming their authenticity might need a bit of work.
Karl Etters reports:
Almost half a million dollars was diverted out of the city of Tallahassee’s employee payroll Wednesday after a suspected foreign cyber-attack of its human resources management application.
Hackers attempt every day to breach the city’s security, officials say, but this week’s operation netted about $498,000.
[From
the article:
The out-of-state, third-party vendor that hosts
the city's payroll services was hacked and as a result the direct
deposit paychecks were redirected. Employees throughout the city’s
workforce were affected.
Attention Computer Security students: Poor
security is a factor in deceptive trade practices.
Anne Bolamperti and Patrick X. Fowler of Snell &
Wilmer write:
The Federal Trade Commission (“FTC”) has described itself as “Your cop on the privacy beat” and a top federal regulator of consumer-facing data security practices. An example of how the FTC asserts itself when it comes to data security and privacy associated with Internet of Things (“IoT”) devices can be found in the case of Federal Trade Commission v. D-Link Systems Inc., currently pending in federal court in California.
FTC Stance: Poor IoT Security +/or Misleading Ads = Deceptive/Unfair Trade Practice
The D-Link case stems from the FTC’s January 5, 2017 complaint against Taiwanese IoT hardware device manufacturer D-Link Corporation and its U.S. subsidiary D-Link Systems Inc. The FTC seeks to stop D-Link from engaging in allegedly unfair or deceptive acts in violation of Section 5(a) of the Federal Trade Commission Act (“FTC Act”). The FTC claims that the defendants failed to reasonably secure IoT network routers and Internet-accessible cameras that they sold in the U.S. and made deceptive statements about the degree of data security of those products.
Read
more on Cybersecurity
& Data Law Privacy Blog
There was a recent settlement conference in this case, but it doesn’t
seem like there was any settlement and the case is still scheduled to
go to trial in June, it seems.
Interesting
because inevitable? I can get a body cam on Amazon, would the
hospital even suspect? Perhaps a bit of geofencing for honest
manufacturers?
Emily Berris of SmithAmundsen LLC writes:
Imagine a police officer escorting a drunk driver through the emergency room with his body camera still on—not only is the officer recording the driver, the officer is simultaneously recording every individual and every patient that officer comes into contact with. In an era of attempted police reform, where law enforcement is ramping up their use of body cameras, hospitals must be increasingly aware of violations to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the implications of police body cameras within the confines of its medical center.
Read
more on JDSupra
Insurance companies could use this (like their
“safe-driving” plug-ins) to deny coverage for bad behavior.
Joseph J. Lazzarotti, Mary T. Costigan and Ashley
Solowan of JacksonLewis write:
As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg ). NFL teams insert tiny chips into players shoulder pads to track different metrics of their game. During the 2018-2019 NFL season, data was released that Ezekiel Elliot ran 21.27 miles per hour for a 44-yard run, his fastest of the season. The Dallas Cowboys are not alone as all 32 teams throughout the league can access this chip data which is collected via RFID tracking devices. Sports statistics geeks don’t stand a chance as this technology will track completion rates, double-team percentages, catches over expectation, and a myriad of other data points.
I’m sure these are all good ideas, but we
probably need an independent AI Ethics organization. Anyone want to
start one? (Let’s ask Siri, Alexa, etc.)
Hey
Google, sorry you lost your ethics council, so we made one for you
… How did things go so wrong? And can Google
put them right? We got a dozen experts in AI, technology, and ethics
to tell us where the company lost its way and what it might do next.
If these people had been on ATEAC, the story might have had a
different outcome.