Pete Recommends Weekly highlights on cyber security issues July 12, 2020

Subject: Home Security Cameras Lack Security Measures
Source: Consumer Reports

Many models don’t offer two-factor authentication or robust privacy policies, Consumer Reports finds

After six weeks of testing that included evaluating more than 70 privacy and security criteria on 26 cameras, our experts found that nine security-camera brands—Blue by ADT, Canary, D-Link, Eufy, Honeywell Home, Logitech, Toucan, TP-Link, and Zmodo—still lack two-factor authentication, a more stringent security measure than using just a single password to log in.

For data privacy, we examine privacy policies and other documentation to see whether manufacturers disclose how they collect your data, who they share your data with, whether they attempt to minimize data collection, and whether consumers have a way to request copies of their data or ask for it to be deleted.

“Our evaluation for data privacy leans heavily on companies explicitly stating how they are using, storing, and sharing consumers’ data,” says Rerecich. “Since wireless security cameras capture and transmit sensitive data from inside a consumer’s home, we have adjusted our scoring methodology to more accurately reflect the shortcomings of these privacy policies.”

There are two standouts: Arlo and, again, Samsung SmartThings. Models from both brands receive an Excellent rating for digital security. Google Nest cameras earn a Very Good rating, a drop from their Excellent rating last year, due to CR’s tougher data security scoring.

Subject: How Infrared Images Could Be Part of Your Daily Life
Source: The New York Times

“The road to hell is paved in good intentions, and the mass rollout of cameras should be seen for what it is: the mass rollout and further normalization of cameras,” said Ed Geraghty, a technologist at Privacy International, a British nongovernmental organization focused on privacy rights.

“We already see police repurposing streetlight cameras, put in place to monitor traffic and environmental data, in order to form criminal cases against those accused of vandalism — it would be naïve to believe the same will not be the case with these cameras,” he added.

All of this being said, could this technology work if used correctly? Yes. Is it better than nothing? It depends who you ask. But while we wait for a vaccine to be made, many see the benefits.

… filed in Technology


Subject: Google Maps Launches New Features To Help People Navigate Coronavirus Hotspots
Source: The CNN Wire via CBS Pittsburgh

“As cities and countries across the globe adapt, we’re committed to bringing the most pertinent information right to your fingertips. So when you’re ready and able to, you can safely venture out,” Nagarajan said.

To assist travelers, Google Maps is collecting data from local and national agencies and governments and alerting users to pertinent information.

Here’s what users can expect:

Filed Under: Coronavirus, COVID-19, Google Maps

Subject: How Google Docs became the social media of the resistance
Source: MIT Technology Review via beSpacific

MIT Technology Review – “Facebook and Twitter might have the bells and whistles, but the word processing software’s simplicity and accessibility have made it a winning tool… In just the last week, Google Docs has emerged as a way to share everything from lists of books on racism to templates for letters to family members and representatives to lists of funds and resources that are accepting donations. Shared Google Docs that anyone can view and anyone can edit, anonymously, have become a valuable tool for grassroots organizing during both the coronavirus pandemic and the police brutality protests sweeping the US. It’s not the first time. In fact, activists and campaigners have been using the word processing software for years as a more efficient and accessible protest tool than either Facebook or Twitter…”NB from the article:

“What’s special about a Google Doc versus a newsfeed is its persistence and editability,” says Clay Shirky, the vice provost for educational technology at New York University. In 2008, Shirky wrote Here Comes Everybody: The Power of Organizing Without Organizations, detailing how the internet and social media helped shape modern protest movements.


Subject: The U.S. is ‘looking at’ banning TikTok, cites Chinese surveillance
Source: USA Tech

The government is considering banning TikTok in the U.S. due to concerns surrounding Chinese surveillance, Secretary of State Mike Pompeo said in an interview on Monday.Pompeo told Fox News host Laura Ingraham that the Trump administration is aware of the potential threat and “have worked on this issue for a long time.””We are taking this very seriously and we are certainly looking at it,” Pompeo said. He warned that Americans should be cautious of downloading the video entertainment app or risk giving their information to the Chinese government.

“With respect to Chinese apps on people’s cell phones, I can assure you the United States will get this one right,” he added.

TikTok, which is owned by Beijing-based ByteDance, has previously said it doesn’t send any user-collected data to China. 


Subject: New Report on “Regulating Electronic Means to Fight the Spread of COVID-19”
Source: Custodia Legis: Law Librarians of Congress

It appears that COVID-19 will not go away any time soon. As there is currently no known cure or vaccine against it, countries have to find other ways to prevent and mitigate the spread of this infectious disease. Many countries have turned to electronic measures to provide general information and advice on COVID-19, allow people to check symptoms, trace contacts and alert people who have been in proximity to an infected person, identify “hot spots,” and track compliance with confinement measures and stay-at-home orders. The Global Legal Research Directorate (GLRD) of the Law Library of Congress recently completed research on the kind of electronic measures countries around the globe are employing to fight the spread of COVID-19 and their potential privacy and data protection implications. We are excited to share with you the report that resulted from this research, Regulating Electronic Means to Fight the Spread of COVID-19. The report covers 23 selected jurisdictions, namely Argentina, Australia, Brazil, China, England, France, Iceland, India, Iran, Israel, Italy, Japan, Mexico, Norway, Portugal, the Russian Federation, South Africa, South Korea, Spain, Taiwan, Turkey, the United Arab Emirates, and the European Union (EU).

The surveys found that dedicated coronavirus apps that are downloaded to an individual’s mobile phone (particularly contact tracing apps), the use of anonymized mobility data, and creating electronic databases were the most common electronic measures. Whereas the EU recommends the use of voluntary apps because of the “high degree of intrusiveness” of mandatory apps, some countries take a different approach and require installing an app for people who enter the country from abroad, people who return to work, or people who are ordered to quarantine.

However, these electronic measures also raise privacy and data protection concerns, in particular as they relate to sensitive health data. The surveys discuss the different approaches countries have taken to ensure compliance with privacy and data protection regulations, such as conducting rights impact assessments before the measures were deployed or having data protection agencies conduct an assessment after deployment.

Posted in: Law Library, Global Law, In the News

Sample RSS

Subject: Police buying hacked data, bypassing legal processes
Source: Business Insider

  • A company called SpyCloud is selling personal data originally obtained by hackers to law enforcement agencies, Vice reported Wednesday.
  • Experts told Vice that, while the practice isn’t illegal, it effectively lets police bypass processes they normally must go through to obtain private information.
  • SpyCloud’s chief product officer told Business Insider that the data is already public and that selling the data to law enforcement helps them track down cybercriminals and terrorists faster.
  • Tech companies have found a lucrative business working with law enforcement, and while they argue their tools help catch criminals, critics are increasingly raising concerns about civil rights violations and innocent people being swept up in the process.

SpyCloud’s primary business is selling software that helps companies and individuals prevent online fraud and account takeovers. The company’s website says that software is powered by a massive database of “stolen credentials and [personally identifiable information]” that allows it to more quickly warn customers about exposed accounts.

[maybe they should be un-indicted co-conspirators? /pmw1]

Subject: People are buying used body cameras on eBay and finding police footage
Source: Business Insider

  • People are buying used cameras on eBay and extracting unencrypted video footage filmed while being worn by military police.
  • A customer used a dated US Air Force forensics tool to hack a device and discover video of officers in people’s homes and conducting traffic stops.
  • Another user on Twitter said the process is “stupid easy” to pull data from used devices bought online.//

eBay did not immediately respond to Business Insider’s request for comment, but the company had directed the Mirror to its policy that outlines how used cameras can be sold on the site as long as sellers clear data from the device. The policy also points out that most of the devices that were previously used for surveillance are not allowed in the online marketplace.

[how about FAX / copy machines’ memories? /pmw1]

Subject: Report: “International Probe Launched into Facial Recognition Firm That Scrapes Images From the Internet”
Source: CNBC via LJ infoDOCKET

From CNBC: Privacy regulators in the U.K. and Australia have announced a joint probe into Clearview AI’s “data scraping” practices.

The New York-headquartered company has built a facial recognition database by taking images from social media platforms and other websites without the consent of the people featured. It is reported that Clearview has “scraped” more than 3 billion images from the internet to build its database, which law enforcement agencies use to try and identify criminals.

Subject: Your Smart Speaker Is Listening When It Shouldn’t
Source: Consumer Reports

The researchers analyzed the language that caused the speakers to start recording. And, as you might expect, many of the false positives sounded a lot like the actual wake words.

  • The Google Home Mini mistook the phrase “okay to go” for “Hey, Google.”
  • The Apple HomePod heard “Hey, Missy” as “Hey, Siri.”
  • The Harmon-Kardon Invoke misheard “quartet” as “Cortana.”

But in other instances, the researchers found no clear explanation for why the speaker was triggered.

“There were a whole bunch of cases where what was being spoken didn’t sound at all like the wake word,” says Choffnes. “So we need to get a better understanding of that.”

When the team tried to replicate the “false positives,” the devices often were not triggered on subsequent trials. And some of that change may actually be attributable to the self improvement of the device.

“We saw evidence that the Amazon devices were learning,” Choffnes explains, while adding that other devices may have been learning as well, but not at a level revealed in the testing.

Posted in: AI, Civil Liberties, Comparative/Foreign Law, Cybercrime, Cybersecurity, Health, KM, Legal Research, Privacy, Search Engines, Technology Trends