Pete Recommends – Weekly highlights on cyber security issues, June 18, 2022

Subject: [Security] Scam call posing as Comcast – Comcast XFINITY
Source: DSLReports Forums
https://www.dslreports.com/forum/r33425681-Security-Scam-call-posing-as-Comcast

Over the weekend I have been getting several calls from the same 508 area code with the name Comcast on the caller ID (which I didn’t answer) on my Comcast Digital Voice home phone (which is listed as the primary contact number on my Xfinity account). I don’t answer any calls that claim they are from banks, utilities, ISPs, etc because of caller ID spoofing. Also as a supermarket cashier part of my job is fraud protection so I know better. So instead of answering these calls I called Comcast from their known Customer service number 1-800-Comcast and after getting through their impossible IVR system I actually got a human on the line and they said there was no account notes that would generate an outbound call (billing, equipment, etc). So I guessing these calls I’m receiving are likely scam calls. Has anyone noticed anything similar.

I know better that Comcast does not accept iTunes gift cards for payment of past due bills

Subject: Guess What? HIPAA Isn’t a Medical Privacy Law
Source: Consumer Reports
https://www.consumerreports.org/health-privacy/guess-what-hipaa-isnt-a-medical-privacy-law-a2469399940/

CR’s guide to common situations when HIPAA protects you—and when it doesn’t. Because health data has fewer safeguards than people think.You hear about HIPAA all the time. The Health Insurance Portability and Accountability Act is described on forms at the doctor; it’s referenced in privacy policies; it’s even mentioned on the news. Unfortunately, one of the most common things you hear is a misconception. Many people believe that HIPAA creates special protections for any information related to your health, but that is not the case.

“HIPAA doesn’t actually protect medical data” in all circumstances, says Anna Slomovic, a data management and policy consultant whose specialties include health privacy. “People think that it’s sensitive data, and therefore it’s protected, but that’s just not true.”

The law, which was enacted in 1996, was largely concerned with issues like helping people maintain health insurance when they change jobs. It does lay out privacy rules for health care providers and insurance companies to follow when they handle personally identifiable medical data. However, the same piece of information that’s protected at a doctor’s office can be totally unregulated in other settings.

“It’s a failure of policy-making that people’s expectations about health data don’t match the actual regulations,” says Justin Brookman, director of privacy and technology policy at Consumer Reports. “We should have strong protections for all sensitive health data, but the law hasn’t caught up.”

Below are a number of scenarios involving consumers’ health information, with guidance on whether HIPAA protects their privacy in each case. This should help you make informed choices about seeking healthcare and medical advice.

You can use these links to jump to any section: web searches, smartwatches, drugstores, vaccination status, period trackers and other health apps, doctor visits, health insurers, miscarriages, phone location data, and court orders.

Subject: Why You Should Delete (All) Your Tweets
Source: New York Times Wirecutter
https://www.nytimes.com/wirecutter/blog/why-you-should-delete-your-tweets/?utm_source=rss&utm_medium=feed&utm_campaign=RSS%20Feed

Whether you’re a recent college graduate looking for a new job or you’re just a person who’s been online for too long, there’s a strong case to be made to delete your tweets. Not just the bad, dumb, or ignorant ones. All the tweets. If Twitter is supposed to be a town square as some would argue, then a permanent record of everything most people say or do isn’t needed, just as a permanent record of the conversations people have in coffee shops or at bars isn’t needed. Privacy tools can make it easier to treat Twitter more like Snapchat: a dumping ground for fleeting thoughts that don’t need to be codified into the public record.

Deleting old tweets makes sense for practical reasons, too. For one, it’s easy for other people to pull an old and poorly aged tweet out of context (which everyone has seen happen plenty of times).

Twitter doesn’t have any sort of tool to bulk-delete tweets, but plenty of third-party services do. After using a few, I’ve found that Semiphemeral is the best option. The process is pretty straightforward:

One privacy tip: Use LinkedIn as privately as possible. I’ve tended not to think of LinkedIn as having the same level of surveillance as social media platforms like Twitter or Facebook—but boy, was I wrong. It turns out the Microsoft-owned employment-networking site loves sharing all sorts of data. Here are a few settings to tweak right away:

Filed: https://www.nytimes.com/wirecutter/blog/

Subject: EU Is Pushing Big Tech to Crackdown on Deepfakes, Disinformation
Source: Gizmodo
https://gizmodo.com/deepfakes-eu-disinformation-meta-twitter-social-me-1849061256

Big tech companies are getting a kick in the keister to start sorting out the mess of disinformation on their online platforms or else face a financial spanking with a pretty massive paddle. Reuters reported that the European Commission plans to release new rules on Thursday that will require big tech companies to deal with both deepfakes and fake information on their platforms. The new rules will require companies to hand over information that could help combat falsities online. Fines could be as big as 6% of their global turnover, according to a leaked document from the European Union seen by Reuters reporters. That could mean a hefty financial hit for those who don’t play ball.

It’s all part of the EU’s efforts to constrain tech giants like Meta, Microsoft, and Twitter through the Digital Services Act, which is already in the process of becoming law. In a piece of the document provided by reporters, signatories will need to implement “clear policies regarding impermissible manipulative behaviours [sic] and practices on their services.” The new rules are co-regulatory, meaning responsibility is shared between the regulators (AKA individual EU countries) and the companies themselves.

Commission VP Věra Jourová told reporters the new regulations will also help countries be better prepared to counter disinfo coming from Russia.

 

Subject: NYC Fire Department Calls for Help to Prevent Doxing
Source: Route Fifty
https://www.route-fifty.com/public-safety/2022/06/nyfd-calls-help-doxing/368174/

The department is looking for cybersecurity services to help it protect its employees from having personally identifiable information exposed.The New York City Fire Department is looking for consultants to help it prevent doxing of its 16,000 firefighters, emergency medical technicians and administrative support personnel across the five boroughs.

Doxing—or the weaponizing of an individual’s personal information to punish, harass or encourage threats—is a growing problem, potentially affecting anyone on the wrong end of a grudge, including police, poll workers and school officials.

FDNY spokesman Frank Dwyer told the Post the RFI was not triggered by a doxing incident, but rather “part of the FDNY’s ongoing cybersecurity preparedness measures to protect the department’s data.”


Filed:

Subject: Genetic paparazzi are right around the corner, and courts aren’t ready to confront the legal quagmire of DNA theft
Source: The Conversation via LLRX
https://www.llrx.com/2022/06/genetic-paparazzi-courts-arent-ready-to-confront-the-legal-quagmire-of-dna-theft/

Every so often stories of genetic theft, or extreme precautions taken to avoid it, make headline news. So it was with a picture of French President Emmanuel Macron and Russian President Vladimir Putin sitting at opposite ends of a very long table after Macron declined to take a Russian PCR COVID-19 test. Many speculated that Macron refused due to security concerns that the Russians would take and use his DNA for nefarious purposes. German Chancellor Olaf Scholz similarly refused to take a Russian PCR COVID-19 test. While these concerns may seem relatively new, pop star celebrity Madonna has been raising alarm bells about the potential for nonconsensual, surreptitious collection and testing of DNA for over a decade. She has hired cleaning crews to sterilize her dressing rooms after concerts and requires her own new toilet seats at each stop of her tours.

At first, Madonna was ridiculed for having DNA paranoia. But as more advanced, faster and cheaper genetic technologies have reached the consumer realm, these concerns seem not only reasonable, but justified.

We are law professors who study how emerging technologies like genetic sequencing are regulated. We believe that growing public interest in genetics has increased the likelihood that genetic paparazzi with DNA collection kits may soon become as ubiquitous as ones with cameras.

Posted in: Courts & Technology, Criminal Law, Discovery, Ethics, Legal Research, Privacy

Topics:

Sample RSS feed: https://theconversation.com/us/topics/genetic-privacy-63852/articles.atom

Subject: Deepfakes on Trial: a Call to Expand the Trial Judge’s Gatekeeping Role to Protect Legal Proceedings from Technological Fakery
Source: SSRN via beSpacific
https://www.bespacific.com/deepfakes-on-trial-a-call-to-expand-the-trial-judges-gatekeeping-role-2/Delfino, Rebecca, Deepfakes on Trial: a Call to Expand the Trial Judge’s Gatekeeping Role to Protect

Legal Proceedings from Technological Fakery (February 10, 2022). Loyola Law School, Los Angeles Legal Studies Research Paper No. 2022-02, Available at SSRN: https://ssrn.com/abstract=4032094 or http://dx.doi.org/10.2139/ssrn.4032094

“Picture this: You are arrested and accused of a serious crime, like carjacking, assault with a deadly weapon, or child abuse. The only evidence against you is a cellphone video showing the act of violence. To the naked eye, the perpetrator on the video is you. But you are innocent. The video is a “deepfake” – an audiovisual recording created using readily available Artificial Intelligence technology that allows anyone with a smartphone to believably map one person’s movements and words onto another person’s face. How will you prove the video is deepfake in court? And, who—the judge or the jury–gets to decide if it’s fake? The law does not provide clear answers. But this much is certain–deepfake evidence is an emerging threat to our justice system’s truth-seeking function. Deepfakes will invade court proceedings from several directions—parties may fabricate evidence to win a civil action, governmental actors may rely on deepfakes to secure criminal convictions, or lawyers may purposely exploit juror bias and skepticism about what is real. Currently, no evidentiary procedure explicitly governs the presentation of deepfake evidence in court. The existing legal standards governing the authentication of evidence are inadequate …

Abstracted from beSpacific
Copyright © 2022 beSpacific, All rights reserved.

Subject: Interpol Nabs $50 Million, Alleged Social Engineering Scammers
Source: Gizmodo
https://gizmodo.com/interpol-50-million-first-light-social-engineering-scam-1849067588

Alleged scammers from all over the world were caught up in Interpol’s anti-fraud dragnet this week.A sweeping Interpol operation led to the seizure of $50 million in illicit funds and the arrests of 2,000 alleged scammers from a number of different countries earlier this week.

Interpol, or the International Criminal Police Organization, carried out a large-scale investigation into “social engineering” scams—the ubiquitous online schemes wherein cybercriminals trick web users into divulging confidential information and then defraud them.

The two-month operation, codenamed “First Light 2022,” was coordinated between Interpol and local police agencies in countries all around the world, according to a press release distributed Wednesday…

Filed: TechPrivacy and Security

Subject: Your connected car could be putting your privacy at risk
Source: Popular Science via beSpacific
https://www.bespacific.com/your-connected-car-could-be-putting-your-privacy-at-risk/

Popular Science – “As the U.S. enters a new era of lawmaking, connected cars could become the new front of legal battles. Most modern cars know their locations better than their owners do. As suites of connected-car apps become mainstream for both emergency functionality (such as General Motors’ OnStar) or for owner conveniences such as remote start or parking guidance, new vehicles are overflowing with data needed to support always-on connectivity. While most owner concerns (and popular attention) have been fixed on unallowed hacks into such systems by bad actors, there are still massive troves of automatically generated data open to anyone with the knowledge to access it, and even the “proper” use of this data can be a risk to consumers who seek privacy. Your home, your work, every trip you’ve taken …

Subject: Your connected car could be putting your privacy at risk
Source: Popular Science via beSpacific
https://www.bespacific.com/your-connected-car-could-be-putting-your-privacy-at-risk/

Popular Science – “As the U.S. enters a new era of lawmaking, connected cars could become the new front of legal battles. Most modern cars know their locations better than their owners do. As suites of connected-car apps become mainstream for both emergency functionality (such as General Motors’ OnStar) or for owner conveniences such as remote start or parking guidance, new vehicles are overflowing with data needed to support always-on connectivity. While most owner concerns (and popular attention) have been fixed on unallowed hacks into such systems by bad actors, there are still massive troves of automatically generated data open to anyone with the knowledge to access it, and even the “proper” use of this data can be a risk to consumers who seek privacy. Your home, your work, every trip you’ve taken …
Subject: Your Deleted TikTok Content Can Still Be Used Against You By The FBI
Source: Forbes
https://www.forbes.com/sites/thomasbrewster/2022/06/15/your-deleted-tiktok-content-can-still-be-used-against-you-by-the-fbi/

The FBI said it used cell-tower data earlier this year to link seven bank robberies in five states to a phone number used by a suspect named Fernando Enriquez and possible associates. According to a search warrant discovered by Forbes, by crosschecking the phone number and the name with other police databases, the agency used that information to retrieve email addresses and Google, Instagram and TikTok accounts belonging to Enriquez. That unearthed a photo on TikTok of Enriquez standing in front of a Chevrolet SUV that resembled the getaway vehicle, the FBI said. Photographs also showed tattoos that appeared to match those from bank surveillance footage, according to investigators. Later, the FBI sought to get more information direct from TikTok, including any deleted information on his account.While the warrant shows just how surveillance beginning with a so-called “cell tower dump” can lead cops to targeting all manner of other social media accounts, the FBI’s search warrant also showed confusion over how long TikTok retains information and what can be accessed by police once a user has chosen to delete it.

Filed: https://www.forbes.com/sites/thomasbrewster/ ; https://www.forbes.com/cybersecurity/

LinkedIn
Posted in: Courts & Technology, Cybercrime, Cybersecurity, Ethics, Healthcare, KM, Legal Research, Privacy, Search Engines, Social Media, Technology Trends