Pete Recommends – Weekly highlights on cyber security issues May 20 2018

Subject: New rule eliminates state regs on VA telehealth
Source: FCW

Medical practitioners in the Veterans Health Administration system will be able to conduct telehealth appointments regardless of location under the new “anywhere-to-anywhere” rule published May 11 and taking effect in June. The long-sought rule frees VA clinicians from a patchwork of state licensing and insurance rules that hampered the delivery of telehealth, and it introduces the possibility that the agency can drive new efficiencies by making more clinicians available for appointments with beneficiaries around the country.

“I think this is going to be the killer app for us,” said acting VHA Chief Carolyn Clancy at a May 9 Senate hearing. The emphasis on telehealth will not only improve care but also improve recruiting because the VA is “so far ahead of the rest of the health care system” when it comes to telehealth technology, infrastructure and experience.

The VA was an early adopter of telehealth, seeing it as a way to reach a far-flung and aging patient population. The agency also announced a of its VA Video Connect application at a White House event last August.

Subject: Senator freezes DHS cyber nominee over Stingray info
Source: FCW

Oregon Democrat Ron Wyden wants DHS to make public a report on the use of rogue cell-site simulators in Washington, D.C.

Sen. Ron Wyden (D-Ore.) wants details on rogue use of cell-tracking Stingray devices before he’ll confirm a new cybersecurity leader at the Department of Homeland Security.

Wyden notified Congress on May 9 that he is objecting to the confirmation of Christopher Krebs as undersecretary of the National Protection and Programs Directorate until DHS makes public the details of a presentation given to Congress in February on the use of unauthorized cell-site simulators found in the nation’s capital.

In April, the Associated Press reported on the discovery of an unknown number of cellphone tracking devices located throughout the Washington, D.C., area. The devices, also referred to Stingrays, are designed to mimic cellphone tower signals to trick phones within range into responding with their location and other identifying metadata. In response to a March inquiry sent by Wyden, DHS confirmed that it had observed “anomalous activity” consistent with the use of Stingray trackers but had not validated or attributed the activity to a specific organization and lacks the specific technology and funding to locate the specific devices themselves.

Subject: Robocalls are out of control. Here’s how to keep from getting scammed
Source: Detroit Free Press Personal Finance via USA Today

[though this article itself doesn’t talk about apps, I think the video does /pmw1]

Most of those calls were from debt collectors, according to YouMail. But robocalls are being sent by fraudsters to make it look like the call is coming directly from the Internal Revenue Service, the FBI, your electric company, a bank or Microsoft.

On Thursday, the Federal Communications Commission approved a $120 million fine against Adrian Abramovich, who was doing business as Marketing Strategy Leaders, which initiated 96.8 million fraudulent robocalls for vacation deals. Abramovich, who lives in Miami, Fla., has denied wrongdoing.

The firm used “neighborhood spoofing” technology to make it seem like calls were from local area codes, even using the first three numbers of the recipient’s own phone number to encourage people to answer robocalls, according to the FCC.

The robocall revolt is building.

Subject: Right to Repair Advocate Has iPhone Screens Seized by Border Patrol
Source: Gizmodo

“Customs and Border Protection Regulations provide that any article imported into the United States bearing a counterfeit trademark shall be seized and, in the absence of the written consent of the trademark owner, forfeited for violation of the Customs laws,” the letter from the agency read. Jones, the owner of iPad Rehab in Mendon, New York, has made a successful career out of serving as a third-party repair expert. She operates a YouTube channel with more than 65,000 subscribers and has become a go-to voice in the right to repair movement. Just last week, prior to the seizure of the iPhone screens, Jones spoke at a press conference at the New York state capitol, where she advocated for a right to repair law in the state.

Subject: Recreational ancestry DNA testing may reveal more than consumers bargained for
Source: The Conversation

2017 was the year commercial direct-to-consumer testing exploded. 2018 may be the year users rethink the value of this gift, or at least how to use it. Once the genie is out of the bottle, it isn’t going back. The Golden State Killer arrest is only highlighting that the ramifications of genetic genealogy and widespread use of third-party DNA sites are broader than consumers could have ever anticipated.


Subject: Lawsuit Against Glossier Highlights How the Web Is Broken for Millions
Source: Racked via Gizmodo

A woman who is legally blind has filed a class-action lawsuit against beauty brand Glossier for failing to create an accessible website. The woman, Kathleen Sypert, claims that she “encountered multiple access barriers” when visiting the website, denying her and other visually impaired and legally blind users equal access to Glossier’s amenities.

Sypert’s complaint is far from unprecedented—there has been a rise in federal and class-action lawsuits filed against companies for not maintaining accessible websites. These types of lawsuits typically demand that the company stops discriminating against the plaintiffs and fix its website so that it is fully accessible to people with disabilities. Sypert filed similar complaints against a number of other companies based in New York on the same day, Racked reports.

Sypert’s complaint demands that Glossier train its developers on Web Content Accessibility Guidelines (WCAG) 2.0 as well as routinely check its website to make sure it’s following the aforementioned guidelines. Also, the complaint states that Glossier should have legally blind or visually-impaired people test the accessibility of its site regularly as well as create and clearly disclose an accessibility policy on its site that allows users to report any issues.

Subject: 20 years of the Laws of Cyberspace
Source: Harvard Law Today via Berkman Klein Center via beSpacific

What if an architecture emerges that permits constant monitoring; an architecture that facilitates the constant tracking of behavior and movement. What if an architecture emerged that would costlessly collect data about individuals, about their behavior, about who they wanted to become. And what if the architecture could do that invisibly, without interfering with an individual’s daily life at all? … This architecture is the world that the net is becoming. This is the picture of control it is growing into. As in real space, we will have passports in cyberspace. As in real space, these passports can be used to track our behavior. But in cyberspace, unlike real space, this monitoring, this tracking, this control of behavior, will all be much less expensive. This control will occur in the background, effectively and invisibly. Lawrence Lessig, “The Laws of Cyberspace,” 1998.

Attachments area
Posted in: Cybersecurity, Health, Intellectual Property, Privacy