Pete Recommends – Weekly highlights on cyber security issues February 8, 2020

Subject: DoD says it will require some contractors to prove they’re safe from hackers
Source: UPI Defense News

Jan. 31 (UPI) – The Department of Defense announced Friday that by the end of September it will require at least some contractors bidding on defense contracts to certify that they meet “at least a basic level of cybersecurity standards” in their proposals. In a press release issued Friday said the DoD had released its new Cybersecurity Maturity Model Certification and will begin adding the requirements to requests for information and requests for proposals incrementally throughout this year.

The new CMMC includes five levels of certification in cybersecurity practices and processes, starting with what Katie Arrington, the DoD’s chief information security officer for acquisition described as “the basic cyber hygiene skills we should be doing every day”: antivirus software, /updated passwords.


Subject: On Eve of Iowa Caucuses, a Major Snafu
Source: Politico via Newser

What apparently happened: one pollster enlarged the font on their monitor, cutting off some randomized candidate names, including Buttigieg’s in the one reported.

Subject: EPIC – FCC Announces Enforcement Action on Location Privacy
Source: FCC via EPIC

FCC Chairman Pai has announced upcoming enforcement actions against wireless carriers that disclosed subscribers’ location data. Last year Members of Congress called an emergency briefing with the FCC and urged the agency to investigate companies that were selling subscribers’ location data. EPIC has long advocated for protection of location data. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users’ location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed a amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information. EPIC maintains detailed webpages on location privacy.filed under Carpenter v. United States FCC amicus location privacy

Subject: IRS Launches “Identity Theft Central” Webpage
Source: IRS via US-CERT

The Internal Revenue Service (IRS) has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud.The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, tax professionals, and businesses to review the IRS news release and CISA’s Tip on Preventing and Responding to Identity Theft for more information.

Subject: The California Consumer Privacy Act explained

Public opinion toward Silicon Valley has shifted drastically in the past few years. Now, in a bid to reflect that shift, state legislatures across the country are considering laws to better protect consumer data.

Passed unanimously by the state’s legislature in June 2018, the California Consumer Privacy Act (CCPA) took effect on Jan. 1. Aimed at giving consumers in California more control over their personal data, the law could extend far beyond the Golden State’s borders.

“If we do this right in California,” said the attorney general, Xavier Becerra, in a November press conference, the state will “put the capital P back into privacy for all Americans.”

Critics of the law, which runs more than 10,000 words, say that it places unreasonable restrictions on businesses, and that it may impact California’s economy far more than what its advocates bargained for.

The law requires businesses to tell consumers what information they are collecting about them, why they are collecting it, and who they are sharing it with. It grants customers the right to opt out of having their data collected and to have their information deleted, and it prohibits companies from reducing the quality of service for those who do so. It also makes it more difficult to gather data on people under 16. The legislation also makes it easier for consumers to sue companies for a data breach.

Why did the law come about now?

Since 2016, public animosity toward Silicon Valley has intensified, particularly in the wake of the Cambridge Analytica scandal, in which a U.K. political consulting firm working for the Trump campaign collected raw data from up to 87 million Facebook profiles.

“It’s impossible for consumers to ignore the constant flow of coverage of the missteps made by technology companies,” Professor Goldman says. “Consumers have lost trust in some of the major internet companies across all facets of their businesses.”

That said, while the law seems to be aimed directly at Facebook, it will have indirect effects on a wide range of businesses across the state, and, because so many global technology companies are based in California, the world.

Related stories

Posted in: Civil Liberties, Congress, Cybercrime, Cybersecurity, Election Law, Government Resources, Legal Research, Mobile Tech, Privacy, Technology Trends, Travel