Daily Digest (7/13)

Amazon: Email Banning TikTok From Employee Phones ‘Sent in Error’; New German Law Would Force ISPs to Let Secret Service Install Trojans on User Devices; US Court Rules Data-Breach Claims Against Equifax Can Move Forward; FPF Releases Visual Guide on Encryption. Click “Continue reading” below.

Amazon: Email Banning TikTok From Employee Phones ‘Sent in Error’ 

Amazon told employees Friday to delete TikTok from their cellphones because of potential “security risks” — but the company later said the directive was a mistake.

“This morning’s email to some of our employees was sent in error,” an Amazon spokesman told Variety. “There is no change to our policies right now with regard to TikTok.”

In the earlier message, Amazon said that TikTok, the embattled short-form video app owned by Chinese internet company ByteDance, should not be used on any employee device that can access Amazon’s email system.

The email was first reported by The New York Times.

“Due to security risks, the TikTok app is no longer permitted on mobile devices that access Amazon email,” the initial email said. Amazon had about 840,000 employees worldwide as of the end of the first quarter.

Earlier, a TikTok spokesperson told Variety in a statement: “While Amazon did not communicate to us before sending their email, and we still do not understand their concerns, we welcome a dialogue so we can address any issues they may have and enable their team to continue participating in our community.

“We’re proud that tens of millions of Americans turn to TikTok for entertainment, inspiration and connection, including many of the Amazon employees and contractors who have been on the frontlines of this pandemic.

“User security is of the utmost importance to TikTok,” the statement added. “We are fully committed to respecting the privacy of our users.”

Secretary of State Mike Pompeo said last week that the U.S. government was looking at somehow banning TikTok, as well as other apps from Chinese companies, over concerns that the Chinese government could possibly have access to private user info.

Sources (external links):

New German Law Would Force ISPs to Let Secret Service Install Trojans on User Devices

A new law being proposed in Germany would give the country’s 19 federal-state intelligence agencies the power to spy on citizens through trojans.

The proposal would force internet service providers to install government hardware at their data centers that would reroute data to law enforcement, and then on to its intended destination, Privacy News Online reports.

As such, targets would be unaware that their communications — software updates, even — were being proxied.

“The redirected data should remain intended for forwarding to the addressee after the measure has been carried out,” the Netzpolitik privacy blog noted about the proposed legislation.

The state-sponsored trojans would most likely utilize software called FinFly ISP, developed by a company called FinFisher, which has been used by German law enforcement in the past, Privacy News Online reports.

FinFisher’s website claims its software injects trojans on target devices from the ISP level with ease: “FinFly ISP is able to patch files that are downloaded from the destination on-the-fly or to send fake software updates for popular software.”

FinFly ISP has been around for almost a decade, Privacy News Online reports, and a 2011 advertising brochure available via WikiLeaks emphasized that their software already has been used.

“A secret service used FinFly ISP in the network of the most important national Internet service provider,” the brochure said. “It was sufficient that the system only knew the target person’s log-in information into the provider network in order to install a remote monitoring solution on their computer and monitor them from there.”

Germany has a long history of government malware use, according to the report.

The Society for Freedom Rights and other advocacy groups already have filed lawsuits against the government, and they plan to bring a constitutional challenge if the proposal passes, Privacy News Online reports.

Sources (external links):

US Court Rules Data-Breach Claims Against Equifax Can Move Forward

A federal district court last week rejected Equifax Inc.’s request to dismiss claims that it violated New York’s consumer protection law in failing to protect consumer data, resulting in a 2017 breach that affected more than 145 million consumers.

U.S. District Judge Brian Cogan on Wednesday rejected the company’s dismissal bid in the Eastern District of New York, saying plaintiff Matthew Weiss’ claim was plausible under the state’s deceptive acts and practices law, Bloomberg Law reports.

But the court sided with Equifax on claims that the credit-reporting company did not violate the federal Fair Credit Reporting Act, finding Weiss’ allegations “inadequate.”

Personal data stolen in a breach does not fall under that law, Cogan ruled.

An Equifax representative didn’t immediately respond to a request for comment, Bloomberg Law reports.

The case stems from the breach that exposed information of more than 145 million American consumers.

In January, Equifax reached a $380.5 million settlement with consumers. It reached a separate $575 million deal last July with the Federal Trade Commission, the Consumer Financial Protection Bureau, and state attorneys general.

Source (external link):

FPF Releases Visual Guide on Encryption

The Future of Privacy Forum last week released “Strong Data Encryption Protects Everyone,” a visual guide to data encryption.

The interactive tool outlines how encryption works, where it is used and potential risks.

“The infographic illustrates how strong encryption protects individuals, enterprises, and the government,” the Washington-based group said in a blog post.

“FPF’s guide also highlights key risks that arise when crypto safeguards are undermined — risks that can expose sensitive health and financial records, undermine the security of critical infrastructure, and enable interception of officials’ confidential communications.”

Source (external link):

— By DPN Staff