Pete Recommends – Weekly highlights on cyber security issues, September 17, 2022

Subject: States Have Work to do Making Identity Verification User Friendly
Source: Route Fifty

COMMENTARY | New survey findings highlight the difficulties and concerns that emerge as people try to sign up for state benefits. The poll also found people are more inclined to trust industry than government when it comes to enrolling in services and programs. A prime example of the anxiety that people feel over new technologies and perceived threats to privacy is captured in a new poll of 2,400 likely voters in four swing states—Arizona, Ohio, Georgia and Michigan. The poll shows that an overwhelming majority, around 70%, are very or somewhat concerned that their identities could be stolen online. In fact, about one in three polled said that they themselves, or someone they know, has already been a victim of identity theft.

The challenges don’t stop there. Approximately three-quarters of those surveyed across the four states expressed deep concern about the sale of personal information to third parties, about two-thirds are concerned about the risk of identity theft, and more than half are concerned about the accuracy and effectiveness of government digital identity verification programs.

Here’s the bottom line: state governments have significant work to do to make the system of verifying identity online simpler and easier to use. Right now, there is frustration with the current system and the friction that people experience when trying to access public services. But, importantly, voters in at least four states feel that improvement is possible.


Subject: Federal officials remain on guard against foreign meddling in U.S. elections, as CISA and other agencies work to strengthen partnerships and intelligence sharing efforts with state and local election administrators.
Source: Nextgov

Federal officials remain on guard against foreign meddling in U.S. elections, as CISA and other agencies work to strengthen partnerships and intelligence sharing efforts with state and local election administrators. The threat of foreign interference in U.S. elections remains a top concern, an election official from the Cybersecurity and Infrastructure Security Agency said on Thursday, with nation state actors potentially weaponizing misinformation to further stoke distrust in the voting process.

Kim Wyman, senior election security advisor for CISA, said during a panel discussion on election security at the Billington CyberSecurity Summit that previous U.S. elections have included a combination of foreign influence campaigns and cyber attacks “from domestic and foreign actors trying to get into our systems.” But she said that these ongoing interference efforts could also be weaponized to amplify threats of physical violence against election officials and conspiracies about the accuracy of the electoral process.“These can be inflated claims of being able to breach a system or getting data,” Wyman said. “They can also be actual successful attempts. And it all sort of feeds into itself, because you have the narrative and the influence campaign, you have the actual cyber activity, and now I think what we’re starting to see is potentially physical security issues that come around that.”

Given today’s political environment, where large portions of the electorate still doubt the results of the 2020 presidential election, even attempted election interference or inflated claims of intrusion into voting systems can still wreak havoc. Last month, Wyman told the Senate Judiciary Committee how threats of physical violence directed against election administrators and the spread of election-related misinformation made it more difficult for officials to do their jobs.

Wyman said that CISA is currently focused on working with state and local election officials to beef up their physical and digital security efforts, including offering them the opportunity to work with a protective security advisor who can go out to polling places or election offices on request to provide officials with feedback on securing their facilities.


Subject: You should know that most websites share your in-site search queries with third parties
Source: Help Net Security

They tested 512,701 of the top 1 million sites that had internal site search, and discovered that on 81.3% of them, search terms are not kept “private”. And, what’s more, most of those sites’ privacy policies will not explicitly say that these search terms will be shared with (i.e., leaked to) third parties.

The research – By using a headless browser and finding a way to interact with sites’ search component (where present), the researchers crawled the top 1 million sites and searched for a specific term (“jellybeans”), then captured all web traffic after the search to see where the search terms were sent.

In each instance, they analyzed the URL, the Referer Request Header, and the payload, and found that 81.3% of these websites were leaking search terms to third parties either via the URL (71%), the Referer Header (75.8%), the payload (21.2%), or via more than one vector.

Then they crawled for privacy policies on those websites, collected and analyzed them, and found that only 13% of privacy policies mentioned the handling of user search terms explicitly, and 75% of them mentioning the sharing of “user information” with third parties using generic wording.

While it’s true that not that many people read privacy policies and terms of service before using websites, I believe that while many people know that Google searches are not private, they expect that the information they search for on, for example, healthcare or adult sites is somehow kept between them and the site’s owner.

Posted in: Civil Liberties, Congress, Cybercrime, Cybersecurity, Data Mining, Government Resources, Legal Research, Privacy, Search Engines, Social Media, Travel, United States Law