Subject: CBP Shifts to Enterprise Approach to Manage Phone Searches at U.S. Borders
More U.S. Border Patrol agents may have access to personal information collected from electronic devices searched at U.S. borders—even if it is immaterial to their work—due to a shift in how Customs and Border Protection manages digital forensic data across the enterprise. A July 30 privacy impact assessment clarified the Border Patrol can conduct device searches under a CBP directive, and spelled out risks from using a software called PLX to create an agencywide system of record for all digital searches conducted at U.S. borders and ports of entry.“By using PLX, [Border Patrol] will standardize the way it collects, retains, and uses information derived from digital forensic cases and data obtained from telecommunications providers pursuant to subpoenas or warrants,” the report reads. PenLink, a technology company based in Lincoln, Nebraska that works with law enforcement agencies across the U.S., provides the software.
PLX doesn’t store the data from device searches, it allows agents to manage and analyze the metadata from such searches. Data is collected during border crossings using a variety of extraction tools to create a “mirror copy” of the data on the device. That data is then sent to a local network for storage. Information from the analysis of the data is transferred on a thumb drive to PLX. The assessment highlights that a Border Patrol agent could potentially access the metadata, even if the agent has no connection with the investigation. The assessment states the agency will mitigate this by limiting access to trained forensics experts.
Source: Business Insider
- Instagram will begin requiring accounts it deems suspicious to verify their identities using a government-issued ID.
- In its blog post, Instagram says this move is meant to help the company understand when accounts are “attempting to mislead their followers” and keep the Instagram community safe.
- “This includes accounts potentially engaged in coordinated inauthentic behavior, or when we see the majority of someone’s followers are in a different country to their location, or if we find signs of automation, such as bot accounts,” the Instagram blog said.
- It’s unclear what this policy means for Instagram accounts not associated with a name, or those in which revealing their name could cause harm.
Other TECH articles: https://www.businessinsider.com/sai
Subject: Cybersecurity: DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring Program
Source: U.S. GAO
DHS gives agencies cybersecurity tools that identify the hardware and software on their networks and check for vulnerabilities and insecure configurations.We reviewed how 3 agencies—the Federal Aviation Administration, Indian Health Service, and the Small Business Administration—used these tools. These agencies’ hardware inventories were missing information and contained duplicates. For example, one agency’s tools provided at least 2 identifiers for about 40% of the hardware on its network—leading to inventory duplicates. Our recommendations include one for DHS to ensure that contractors configure tools to provide unique hardware identifiers.
Subject: Amazon shares your private info unless you do these steps
Source: KimKomando via beSpacific