Daily Digest (11/3)

Twitter to Label Posts Claiming Early Election Victory; Air Force Buys Chinese Drones, Raising Security Concerns; Washington State AG: Data Breaches Nearly Doubled in Last Year; Chrome ‘Bug’ Exempts Google Sites From User Data Settings.

Click “Continue reading” below.

Twitter to Label Posts Claiming Early Election Victory

Twitter said Monday that it would place warning labels on tweets from U.S. election candidates and campaigns that claim victory in advance of official results.

The move comes as the social network braces for what it has called an unusual election because of a high number of mail-in ballots that may cause a delay in final results, Reuters reports.

Beginning Tuesday and through the Jan. 20 inauguration, Twitter said it would place warning labels such as “official sources called this election differently,” or “official sources may not have called the race when this was tweeted.”

U.S.-based accounts with more than 100,000 followers and a significant engagement also will be considered for labeling, Twitter said.

Social media companies are under pressure to combat election-related misinformation and prepare for the possibility of violence or poll place intimidation around Tuesday’s vote, according to Reuters.

In an updated blog, the company said it would consider state election officials and national news outlets such as ABC News, Associated Press, CNN and Fox News that have independent election-decision desks as official sources for results.

Their official Twitter accounts will be exempted from labeling, the company said in the blog post.

Source (all links external):

Air Force Buys Chinese Drones, Raising Security Concerns

The U.S. Air Force recently bought dozens of Chinese-made drones to use for testing and training, The Wall Street Journal reported Monday, fueling concerns about continued Defense Department use of technology that lawmakers consider a threat to national security.

The Air Force Special Operations Command, the service’s highly trained commando division, bought 57 drones in September from Da-Jiang Innovations (DJI), the Journal reports, citing top officials and records of the purchase.

DJI, based in Shenzhen, China, is the world’s largest maker of unmanned aerial systems. They will be used to train airmen on how they could be used against the U.S. or its allies and how to defeat them, officials said.

Air Force officials said the drones were cost-effective and useful, and a DJI spokesman told the Journal that they don’t pose a risk of data loss or theft.

But critics have said the drones could be used to gather information about the U.S. military and critical infrastructure, or in other instances of espionage and data-collection, sending the information back to Beijing.

“Why would we allow the U.S. government to purchase drones from China?” posed Sen. Chris Murphy, D-Conn. “Doing so allows Beijing to gather sensitive data from us and rewards an adversary at the expense of our own American manufacturers.”

Navy Cmdr. Tim Hawkins, a special operations command spokesman, told the Journal that the military employed cybersecurity software and strict guidelines when using such drones.

“We ensure the commercial, off-the-shelf unmanned aerial systems our special operations forces use do not compromise national security,” he said.

He said that the Air Force could cover a drone’s cameras for certain operations and that the military didn’t use the drones in instances where they could capture imagery that might undermine the U.S. or its allies.

They may not be connected to any military computer network or used near “sensitive sites,” Hawkins said.

A DJI spokesman said the drones were designed to safeguard information.

“Our drone technology is safe and secure for customers who have sensitive data,” said Adam Lisberg, the DJI spokesman. “DJI drones include validated data protections to make sure your data stays only with you.”


Washington State AG: Data Breaches Nearly Doubled in Last Year

The number of Washington residents affected by data breaches nearly doubled in the last year and ransomware attacks tripled, according to the Attorney General Bob Ferguson’s fifth annual “Data Breach Report.”

The report is the first since new state legislation proposed by Ferguson took effect in March strengthening the state’s data-breach notification law, his office said in a news release.

The new laws require agencies and companies to provide earlier and more detailed notices to consumers. The report also comes amid the COVID-19 pandemic, where more people are storing personal information online.

The total number of Washingtonians affected by a data breach increased significantly, to 651,000 so far this year, from 351,000 in 2019.

Overall, however, fewer breaches were reported to the Attorney General’s Office this year, decreasing from 60 reported breaches last year to 51 this year.

The state saw a tripling of the amount of ransomware incidents in the last year, to six from two.

During these attacks, a person inserts malicious code into a network then encrypts its data, which renders it inaccessible to the breached organization.

Hackers then seek payment to release the data back to the organization.

Ransomware attacks affected nearly 106,000 Washingtonians — about one in six hit by a breach in the last year, the report said.

“Data breaches remain a serious threat to our privacy and that danger is increasing during a pandemic where everyone is spending more time and money online,” Ferguson said in the report.

“If companies fail to do their part protecting Washingtonians’ data, my office will take action.”


Chrome ‘Bug’ Exempts Google Sites From User Data Settings

A Google Chrome bug apparently caused the search giant to exempt its own websites from the browser’s cookie-clearing feature.

Jeff Johnson, a Michigan programmer, noticed the issue when he discovered that the setting — “Clear cookies and site data when you quit Chrome” — in Chrome’s desktop browser did not clear data for YouTube and Google Search, The Independent reports.

Cookies are used by websites to quickly identify users and remember their online preferences. They also are used to let users log back into websites faster, at the expense of less privacy.

Site data, meanwhile, could include personal information that gets stored on the computer to be accessed during the users’ next visit.

After visiting YouTube, Google Chrome saved database storage, local storage and “service workers.”

“Service workers” are scripts that operate features that are separate from the web page, such as push notifications and background syncing.

Although information for other sites, such as Twitter or the Apple website, was removed, Google’s first-party products were not, the Independent reports.

“Perhaps this is just a Google Chrome bug, not intentional behavior, but the question is why it only affects Google sites, not non-Google sites,” Johnson wrote in an Oct. 7 blog post.

A Google spokesperson told the Independent in a statement: “We are aware of a bug in Chrome that is impacting how cookies are cleared on some first-party Google websites.

“We are investigating the issue, and plan to roll out a fix in the coming days,” the spokesperson said.


— By DPN Staff