Pete Recommends – Weekly highlights on cyber security issues, August 23, 2020

Subject: CBP Shifts to Enterprise Approach to Manage Phone Searches at U.S. Borders
Source: Nextgov

More U.S. Border Patrol agents may have access to personal information collected from electronic devices searched at U.S. borders—even if it is immaterial to their work—due to a shift in how Customs and Border Protection manages digital forensic data across the enterprise. A July 30 privacy impact assessment clarified the Border Patrol can conduct device searches under a CBP directive, and spelled out risks from using a software called PLX to create an agencywide system of record for all digital searches conducted at U.S. borders and ports of entry.“By using PLX, [Border Patrol] will standardize the way it collects, retains, and uses information derived from digital forensic cases and data obtained from telecommunications providers pursuant to subpoenas or warrants,” the report reads. PenLink, a technology company based in Lincoln, Nebraska that works with law enforcement agencies across the U.S., provides the software.

PLX doesn’t store the data from device searches, it allows agents to manage and analyze the metadata from such searches. Data is collected during border crossings using a variety of extraction tools to create a “mirror copy” of the data on the device. That data is then sent to a local network for storage. Information from the analysis of the data is transferred on a thumb drive to PLX. The assessment highlights that a Border Patrol agent could potentially access the metadata, even if the agent has no connection with the investigation. The assessment states the agency will mitigate this by limiting access to trained forensics experts.

filed in:

Subject: Instagram requires government ID to verify suspicious accounts
Source: Business Insider
  • Instagram will begin requiring accounts it deems suspicious to verify their identities using a government-issued ID.
  • In its blog post, Instagram says this move is meant to help the company understand when accounts are “attempting to mislead their followers” and keep the Instagram community safe.
  • “This includes accounts potentially engaged in coordinated inauthentic behavior, or when we see the majority of someone’s followers are in a different country to their location, or if we find signs of automation, such as bot accounts,” the Instagram blog said.
  • It’s unclear what this policy means for Instagram accounts not associated with a name, or those in which revealing their name could cause harm.

Other TECH articles:

Subject: Cybersecurity: DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring Program
Source: U.S. GAO

DHS gives agencies cybersecurity tools that identify the hardware and software on their networks and check for vulnerabilities and insecure configurations.We reviewed how 3 agencies—the Federal Aviation Administration, Indian Health Service, and the Small Business Administration—used these tools. These agencies’ hardware inventories were missing information and contained duplicates. For example, one agency’s tools provided at least 2 identifiers for about 40% of the hardware on its network—leading to inventory duplicates. Our recommendations include one for DHS to ensure that contractors configure tools to provide unique hardware identifiers.

Subject: Amazon shares your private info unless you do these steps
Source: KimKomando via beSpacific

KimKomando: “As an Amazon shopper, you have a username and a password. That’s standard for any site. You may not realize that as an Amazon customer, you also have a profile visible to other Amazon users. Your public profile is created automatically, whether you want it or not, and it contains your comments and any ratings that you have left on products purchased on the site. If you reviewed any food delivered through Amazon Restaurants, those reviews are also visible even though they shut down this service last year. Your biographical information and other site interactions are also posted to your profile. Thankfully, your public profile doesn’t include your purchases or browsing history, but it’s still very informative…”

Subject: How to Clean Up Your Social Media Accounts Without Deleting Them
Source: Gizmodo via beSpacific

Gizmodo: “There are many reasons to avoid wanting a social media digital paper trail of your entire life. Maybe there are posts there you think your new employer won’t like, or that your new partner’s parents won’t like, or even ones that you don’t believe in anymore. But wiping the slate clean and starting again is only one of your options—you can still tidy up your existing accounts without deleting them. Take a glance back at your social media missives from last year, or five years ago, or 10 years ago, to see some reasons why you might want to cut certain posts from the record. Bad takes, painful memories, embarrassing moments…if Snapchat has taught us anything, it’s perhaps that social media should never have been a permanent, fixed record of our thoughts and actions in the first place. If you’re ready to let the past die, Kylo Ren-style—or at least have it lightly edited—then these are your options on three of the biggest social networks…”

Subject: How to Rid Your Phone of Those Default Apps You Never Use
Source: Wired via beSpacific

Wired – Even the best phones come with bloatware, preinstalled apps that take up precious storage space. Here’s how to remove them and speed up your device. “…While the vast majority of bloatware won’t actually do anything harmful, these unwanted apps take up storage space and system resources that could be used by apps that you actually do want to use. They can also be confusing, leaving you with multiple apps on your phone that all do the same job. From a security and privacy standpoint, it’s a good idea to remove bloatware apps that you’re not using. How you go about this will depend on the phone you’re using…”

Posted in: Cybercrime, Cybersecurity, Information Management, Legal Research, Privacy, Social Media