Daily Digest (11/10)

Zoom to Implement New Security Measures Under FTC Settlement; EU Under Fire for Plan to Access Encrypted Chats; Critics: French Bill on Police IDs Pose ‘Danger to Press Freedom’; 10M Hotel Guest Files Leaked in Misconfigured Data Bucket.

Click “Continue reading” below.

Zoom to Implement New Security Measures Under FTC Settlement

The Federal Trade Commission (FTC) said Monday that Zoom Video Communications Inc. must update its security measures as part of a proposed settlement with federal regulators.

The video-conference program was accused of providing misleading claims, giving users a false sense of security with little protection in securing private communication channels, Reuters reports.

“Zoom’s security practices didn’t line up with its promises,” Andrew Smith, director of the FTC’s Bureau of Consumer Protection, told Reuters.

The settlement requires Zoom to secure its network, with the possibility of being fined as much as $43,000 for each future security violation.

A Zoom spokeswoman said that its security was of top priority for users, even though the company had come under fire for not disclosing the service’s lack of end-to-end encryption, according to Reuters.

“We have already addressed the issues identified by the FTC,” the spokeswomen said.

Source (all links external):

EU Under Fire for Plan to Access Encrypted Chats

U.K. digital-rights activists on Monday criticized the European Union for proposing that communication companies give authorities access to encrypted messages.

Currently, European police and intelligence agencies cannot easily access encrypted messages from apps like Signal and WhatsApp, The Associated Press reports.

“Competent authorities must be able to access data in a lawful and targeted manner, in full respect of fundamental rights and the data-protection regime, while upholding cybersecurity,” a draft of the law says.

The draft added that the technical solutions in obtaining the encrypted data must be legal, transparent, necessary and proportionate, according to AP.

EU officials said they hoped the proposal would create a better balance between privacy and online crime-fighting.

Source:

Critics: French Bill on Police IDs Pose ‘Danger to Press Freedom’

A proposed bill in France that would make it illegal to disseminate photos or videos identifying police has critics attacking it as a “danger to press freedom.”

The proposal, to be presented to the French Assemblée Nationale, carries a year in prison and a $53,950 fine for spreading videos or photos with intent to harm a law enforcement officer, The Guardian Reports.

Critics say identifying an intent to harm is difficult to prove in the case of journalists covering demonstrations.

“A scathing social media post about police violence or criticism of the police in emails could be exploited in an attempt to demonstrate an intent to harm,” Reporters Without Borders told the Guardian in a statement.

“It is impossible to know the degree to which such evidence might influence individual judges and convince them that there was a clear intent to harm,” the group said.

Source:

10M Hotel Guest Files Leaked in Misconfigured Data Bucket

A Spain-based hotel software provider accidentally leaked 10 million individual guest logs after misconfiguring a data bucket, according to a Website Planet report.

The company, Prestige Software, based in Barcelona, serves such sites as Hotels.com, Booking.com and Expedia, Endgadget.com reports.

The exposed data was on an Amazon Web Services S3 bucket. The log files dated as far back as 2013 and included full names, email addresses, national ID numbers and phone numbers of hotel guests, Infosecurity reports.

“Millions of people were potentially exposed in the data breach, from all over the world,” Mark Holden, a Website Planet researcher, told Infosecurity. “We can’t guarantee that somebody hasn’t already accessed the S3 bucket and stolen the data before we found it.”

The open data bucket was fixed the day after its leak, but the company could face questioning from investigators, Infosecurity reports.

Sources:

— By DPN Staff