‘ToSDR’ Ramps Up Efforts to End ‘Gotcha’ Privacy Policies, Terms

By Sue Treiman

A grassroots website is reigniting its campaign against the so-called “biggest lie on the internet” — the assumption that people actually read and agree to the “terms of service” and the privacy policies they accept.

The ToSDR site — “Terms of Service; Didn’t Read” — was conceived at a 2011 European open software conference to warn consumers that what they didn’t know (and didn’t read) could hurt them.

Grassroots activists wanted to educate consumers about the policy “traps” frequently hidden within provisions they tended to overlook.

Continue reading “‘ToSDR’ Ramps Up Efforts to End ‘Gotcha’ Privacy Policies, Terms”

Q&A: Emsisoft Threat Analyst Brett Callow

Healthcare Firms Ripe for Ransomware Attacks During COVID

By Patrick W. Dunne

Healthcare companies long have been a prime target for hackers and scammers.

Last year’s Verizon Data Breach Investigations Report found that healthcare companies comprised 15% of breaches. The coronavirus now has only made such companies even more vulnerable to malicious outsiders.

Emsisoft threat analyst Brett Callow said that as many as 764 healthcare providers were affected by ransomware attacks last year.

Continue reading “Q&A: Emsisoft Threat Analyst Brett Callow”
Filed under:

Brain-Computer Interface: Evolving Tech Begs Many Privacy Issues

By Rifki Aria Nugraha

Brain-Computer Interface (BCI) technology could bring challenges to individual privacy, cybersecurity expert Pablo Ballarin Usieto told Digital Privacy News.

“If this data is not properly processed, the malicious can retrieve very valuable information about the person,” Usieto, co-founder of the Balusian cybersecurity firm in Spain, said of the technology.

It relies on devices that read a user’s brain activities, retrieving information from them.

The technology is premature, Usieto explained, and any mishandling could lead to abuse of confidential data regarding an individual’s health, personal preferences and emotions.

Continue reading “Brain-Computer Interface: Evolving Tech Begs Many Privacy Issues”

Daily Digest (7/7)

House Antitrust Panel Says Tech Chiefs to Testify July 27

The CEOs of Amazon.com, Apple, Alphabet’s Google and Facebook will appear before a U.S. House of Representatives panel on July 27, the committee said Monday.

Amazon’s Jeff Bezos, Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Tim Cook of Apple will appear before the House Judiciary Antitrust Subcommittee as part of its investigation into the companies, the panel said in a statement.

The CEOs can appear virtually.

“As we have said from the start, their testimony is essential for us to complete this investigation,” New York Democratic Rep. Jerrold Nadler, the House judiciary panel chairman, and Democratic Rep. David Cicilline, R.I., the House antitrust subcommittee chairman, said in the statement.

Lawmakers are expected to release a report on their antitrust investigation in the coming weeks.

The U.S. Justice Department is also probing the four tech platforms. Facebook and Amazon also are facing inquiries by the Federal Trade Commission, while U.S. states attorneys general are looking at Facebook and Google. 

Source (external link):

No Jail Time for Yahoo Engineer for Hacking 6,000 Accounts to Find Porn

A former Yahoo engineer was sentenced to five years of probation and home confinement for hacking into the personal accounts of more than 6,000 Yahoo Mail users to search for sexually explicit images and videos.

Reyes Daniel Ruiz, 34, of Tracy, Calif., can only leave his home for work, religious activities, medical appointments or court-related obligations.

The judge also ordered Ruiz to pay a $5,000 fine and $118,456 in restitution to Yahoo, according to court documents obtained by ZDNet.

Ruiz committed his crimes while working at Yahoo as a reliability engineer and in other roles between 2009 and July 2019.

According to court documents, Reyes used his access to the Yahoo backend to obtain access to hashed passwords. He then proceeded to crack the password strings to access Yahoo Mail accounts of younger women, including personal friends and work colleagues.

Once he gained access to the accounts, Ruiz searched for sexually explicit images and videos, which he then downloaded and stored on a personal hard drive at home.

Investigators also said that Ruiz also used the hacked Yahoo email accounts to compromise victim profiles at other third-party services, where victims used their Yahoo email addresses to register accounts and store personal files.

He is believed to have hacked an additional 100 accounts at services like Apple iCloud, Gmail, Hotmail, Dropbox and Photobucket, according to the report.

Other Yahoo engineers detected Ruiz’s scheme in June 2018 and later reported it to authorities. He became aware that his intrusions were discovered by Yahoo staff that same day — and Ruiz destroyed his personal hard drive, according to court documents.

Ruiz stopped working at Yahoo in July 2018, and the FBI searched his home a month later. Ruiz admitted to agents that he destroyed the hard drive, ZDNet reports.

He was formally charged a year later, in April 2019, pleaded guilty in September and was scheduled for sentencing in February, but the hearing was delayed because of COVID-19.

Source (external link):

In Israel, Chaotic Start to Shin Bet Coronavirus Surveillance

The reinstatement of Shin Bet’s (Israel Security Agency) surveillance of coronavirus-infected citizens since Thursday has been chaotic, The Jerusalem Post reports.

Reports contain stories of tens of thousands of citizens receiving text messages warning them to quarantine because of their alleged close contact with someone with coronavirus, but many of the messages seem to be demonstrable mistakes.

In addition, the Israeli Health Ministry not only has been inadequately staffed to field the calls from citizens to verify or dispute the text they received.

Rather, critics say the Health Ministry did not plan to have staffing to receive calls during night hours or weekends, with the weekend being when almost all of the messages went out.

Many citizens have complained that they spent hours waiting on hold to try to clarify their situations, but to no avail, the Post reports.

The Shin Bet directed The Jerusalem Post’s questions to the Health Ministry.

Source (external link) :

Google’s $2.1B Fitbit Deal Needs Closer Scrutiny, Privacy Groups Warn

The takeover of fitness tracker Fitbit Inc. by Alphabet Inc.’s Google should get closer scrutiny from global regulators because it would allow Google to strengthen its already dominant position in digital markets and privacy, consumer groups said.

Twenty organizations raised their concerns last Thursday in a statement sent to antitrust authorities in seven jurisdictions, including the U.S. and the European Union, which is to set a rule later this month or extend its review.

“This will be a test case for how regulators address the immense power the tech giants exert over the digital economy and their ability to expand their ecosystems unchecked,” the groups said in the statement.

The EU has a July 20 deadline to rule on the $2.1 billion deal, which it can extend by four months if it sees antitrust issues that need more scrutiny.

The Justice Department also is investigating, while Australia’s merger authority flagged preliminary concerns last month over Google’s access to health data.

Google said in a statement last Wednesday that “this deal is about devices, not data.

“The wearables space is highly crowded, and we believe the combination of Google and Fitbit’s hardware efforts will increase competition in the sector, benefiting consumers and making the next generation of devices better and more affordable,” the company said.

In their statement Thursday, the consumer groups warned that Google’s acquisition of Fitbit, which has about 30 million users, could allow it to extend its existing power in digital markets to health care and potentially undermine new competition.

The groups joining the statement included the Omidyar Network, the Open Society European Policy Institute, Privacy International, and the Australian Privacy Foundation.

They also sent the statement to regulators in the U.K., Canada, Australia, Mexico and Brazil.

Source (external link):

By DPN Staff

Facebook ‘Blocklists’ Raise First Amendment Issues at Public Colleges

By Jason Collins

Public universities are using Facebook filters to censor and block student speech, raising critical First Amendment questions, experts tell Digital Privacy News.

The “blocklists” limit student comments on Facebook when accounts are accessed via university networks. The institutions’ filters flag certain words, automatically hiding the comments that contain them.

“State universities are preemptively censoring large swaths of protected speech and altering the public discourse with just a few clicks of the mouse — and Facebook gives them all the tools they need to do it,” Robert Shibley, director of the Foundation for Individual Rights in Education (FIRE), told Digital Privacy News.

Continue reading “Facebook ‘Blocklists’ Raise First Amendment Issues at Public Colleges”

Sun, STEM, Security: Summer Camps Go Virtual and Deal with Privacy Issues

By Samantha Cleaver

Ellen Zavian’s 14-year-old son was interested in the University of Maryland engineering Seaperch camp, but instead of being on campus, it was moved online.

Campers use materials at home and work through experiments led through Zoom calls.

Zavian, a member of the Safe Tech Committee in Montgomery County, Md., outside Washington, read the fine print and saw that campers had the option to use cameras for recordings. She liked that.

For Zavian and her family, the ability to opt out of audio and video recording helped them think through how her son would attend camp securely.

She is one of many parents who find themselves preparing for online summer camp for the first time. On the other side, many camps are moving into the uncharted territory of online programming.

Continue reading “Sun, STEM, Security: Summer Camps Go Virtual and Deal with Privacy Issues”