Daily Digest (7/28)

Election Officials Vulnerable to Email Attacks, Report Says; Australian Watchdog Sues Google for Collecting Data Without Informed Consent; Consumer Reports Study Calls for Greater Privacy and Security Protections in Genetic Testing; Apple Sued for Inaction Over iTunes Gift-Card Scams. Click “Continue reading” below.

Election Officials Vulnerable to Email Attacks, Report Says

Many of the thousands of county and local election officials who will be administering November’s presidential election are running email systems that could leave them vulnerable to online attacks, The Wall Street Journal reports.

More than 12,000 local officials were tracked by Area 1 Security Inc., a cybersecurity vendor based in Redwood City, Calif., according to the report.

The company found that over 1,600 officials used free or nonstandard email software that often lacked the configuration and management protection found with large cloud-service providers.

In addition, more than half of the officials used email systems with limited protection from phishing attacks, Area 1 said.

“When you run your own service, and you don’t partner with someone to professionally manage it, it means you have to be perfect every single day,” Oren Falkowitz, Area 1’s CEO, told the Journal. “That’s really hard.”

For instance, the company found that officials in six small jurisdictions in Michigan, Missouri, Maine and New Hampshire, were using a buggy version of a free software product called Exim.

The software has been linked to online attacks conducted by the Russian intelligence service known as the GRU.

In May, the National Security Agency warned that this version of Exim had been targeted since 2019 in online attacks by the GRU.

An NSA spokesman declined to comment, the Journal reports.

Sources (all sources external links):

Australian Watchdog Sues Google for Collecting Data Without Informed Consent

Australia’s consumer-rights watchdog has sued Google for collecting the “potentially sensitive and private” browsing history of its users, allegedly without informed consent.

The Australian Competition and Consumer Commission alleged that Google misled consumers by not properly informing them about technology that tracked internet browsing on non-Google sites, combining it with the personal information from their Google accounts.

The agency filed suit in Australia’s federal court over the alleged breach of the Australian Consumer Law, The Guardian reports.

Rod Sims, the commission’s chairman, said Google’s actions included “potentially very sensitive and private information,” which the company used to make a profit by delivering more targeted advertising.

“The reach of this is enormous,” Sims told the Guardian. “Millions of Australians have been affected.”

The commission alleged that Google misled consumers in 2016 when it changed its data-collection technology to combine the personal information in individual Google accounts with browsing data from other sites and apps.

Between June 2016 and at least December 2018, users were prompted to click an “I agree” button to consent to the changes, the Guardian reports.

The prompt said Google had “introduced some optional features for your account, giving you more control over the data Google collects and how it’s used, while allowing Google to show you more relevant ads.”

But “Google significantly increased the scope of information it collected” under the change, Sims said.

A Google spokesman said it “strongly disagreed” with the commission’s accusations and would defend its position in court.

“The changes we made were optional and we asked users to consent via prominent and easy-to-understand notifications,” Google said in a statement. “If a user did not consent, their experience of our products and services remained unchanged.”


Consumer Reports Study Calls for Greater Privacy and Security Protections in Genetic Testing

A new Consumer Reports study released Monday called for tougher regulation of the direct-to-consumer genetic-testing industry to enhance privacy and security protections.

The study pointed out legal gaps in federal and state regulations that leave the privacy and security of sensitive health data at risk. 

“Direct-to-consumer” (DTC) genetic testing is a booming industry with insufficient safeguards for consumers,” said Justin Brookman, the report’s author and director for privacy and technology policy at Consumer Reports.

He said that on “Amazon Prime Day” last year, “millions of Amazon shoppers purchased discounted DTC testing kits for sale, likely without fully understanding what they were signing up for — including that there is little to restrict what DTC genetic-testing companies can do with their data.

“Unauthorized disclosure of this information could be harmful for consumers, especially as there is no federal prohibition on the use of genetic data in life, disability and long-term care insurance underwriting,” Brookman said. “While genetic testing has been around for some time, the DTC model presents new legal and ethical challenges.”

No federal law directly addresses consumer-privacy issues resulting from DTC genetic testing — and state-based privacy protections are only present in a few states, Brookman said.

The California legislature, however, is considering a DTC genetic-testing bill backed by Consumer Reports that could provide millions of consumers with new protections to safeguard their genetic data.


Apple Sued for Inaction Over iTunes Gift-Card Scams

Apple has been sued in a California court for not doing enough to combat iTunes gift-card scams.

According to court documents disclosed by ZDNet.com, plaintiffs in a class-action lawsuit filed earlier this month claimed that Apple was aware of and knowingly permitted iTunes card scams to perpetuate, as they allowed the company to profit from the scammed funds.

The iTunes scam has been around since the mid-2000s, the lawsuit alleged, when Apple introduced gift cards to the iTunes store, which it later expanded to all its stores under its current official name of “App Store & iTunes Gift Cards.”

Most of the scam’s targets are seniors, the suit alleged, as they might not be aware that iTunes and Apple Store gift cards can only be used on Apple stores and nowhere else — including for paying bills or taxes in the real world.

The lawsuit alleged that despite knowing of this problem for years, Apple had not done anything to prevent it, besides putting up a page on its website with a simple warning.

“Apple is incentivized to allow the scam to continue because it reaps a 30% commission on all scammed proceeds,” the suit says. “Knowingly or recklessly, Apple plays a vital role in the scheme by failing to prevent payouts to the scammers.”


— By DPN Staff