Privacy Roundup #0163 • February 2020
February 2020 was dominated by leaky databases, government purchases of location data and a reckoning over facial recognition, as Clearview AI lost its own client list.
1. Twitter suspended a large network of fake accounts that matched phone numbers to users
Twitter said attackers had used a flaw in a contacts feature to link account names to phone numbers across many countries. The company suspected some of the requests came from state backed actors in Iran, Israel and Malaysia.
2. Ireland opened a formal inquiry into Google's location data processing
The Irish Data Protection Commission began a statutory inquiry into whether Google has a lawful basis for processing user location data. The watchdog also questioned whether Google was transparent enough about the practice under the GDPR.
→ cnbc.com
3. Google, YouTube and Twitter ordered Clearview AI to stop scraping their content
Google, YouTube and Twitter sent cease and desist letters demanding that Clearview AI stop harvesting photographs from their platforms. They also told the firm to delete every image it had already taken in breach of their terms of service.
4. The Department of Homeland Security was buying commercial cellphone location data
The Wall Street Journal reported that immigration and border agencies had bought access to a database tracking millions of phones drawn from ordinary apps. Officials used the data for immigration and border enforcement without obtaining warrants.
5. The United States charged four Chinese military hackers over the Equifax breach
The Justice Department indicted four members of the People's Liberation Army for the 2017 attack on Equifax. Prosecutors said the intrusion exposed personal data on roughly 145 million Americans.
6. The CIA secretly owned the Swiss encryption firm Crypto AG for decades
A joint investigation revealed that Crypto AG, which sold cipher machines to more than a hundred governments, was covertly owned by the CIA and West German intelligence. The spy agencies rigged the equipment so they could read the supposedly secret messages of their customers.
7. An exposed database leaked more than 440 million Estee Lauder records
A researcher found an unsecured Estee Lauder database holding over 440 million records, including email addresses and internal logs. The data sat on the open internet with no password protecting it.
8. Israel's entire voter registry was exposed through a flawed campaign app
A coding flaw in the Likud party's Elector app left the personal details of about 6.5 million Israeli voters open to anyone. The exposed records included names, identity card numbers, addresses and phone numbers.
9. Senators proposed a moratorium on federal use of facial recognition
Senators Cory Booker and Jeff Merkley introduced the Ethical Use of Facial Recognition Act to halt government deployments of the technology. The bill would have blocked federal funds for the systems until Congress set clear rules.
10. The PhotoSquared app exposed customer photos and shipping labels
A misconfigured cloud bucket left hundreds of thousands of PhotoSquared users' photos, orders and shipping labels open to the public. The exposed labels gave away names and home addresses that could be used for fraud or stalking.
11. EFF said Ring's security updates ignored the bigger surveillance problem
The Electronic Frontier Foundation welcomed Ring's move to add two factor authentication and pause third party trackers. It argued, however, that these fixes did nothing about Ring's growing partnerships handing neighbourhood footage to the police.
12. The European Commission published its white paper on artificial intelligence
The Commission released a long awaited white paper setting out a risk based approach to regulating artificial intelligence. A proposed temporary ban on remote facial recognition was dropped in favour of a broad public debate.
13. MGM Resorts data on more than ten million guests surfaced online
Details of roughly 10.6 million former MGM Resorts hotel guests appeared on a hacking forum. The records included names, addresses, phone numbers and dates of birth, sweeping up celebrities and government officials.
14. A Defence Department agency disclosed a breach affecting 200,000 people
The Defense Information Systems Agency told staff that a breach may have exposed Social Security numbers and other personal details. DISA provides communications support for the president and other senior officials.
15. New Mexico sued Google over collecting children's data through school Chromebooks
New Mexico's attorney general accused Google of harvesting location data, browsing histories and other information from children using its education tools. The suit alleged the practices broke the federal children's privacy law.
16. The retailer Decathlon leaked 123 million customer and employee records
Researchers found an unsecured Decathlon database holding more than 123 million records from its Spanish operations. The leak included unencrypted passwords, social security numbers and contact details.
→ www.infosecurity-magazine.com
17. Firefox turned on encrypted DNS by default for users in the United States
Mozilla began enabling DNS over HTTPS by default for Firefox users in the United States. The change encrypts the requests that map web addresses, making it harder for networks to spy on browsing.
18. Clearview AI lost its entire client list in a data breach
The facial recognition firm Clearview AI told customers that an intruder had stolen its full client list. The roster reportedly named hundreds of police forces and private companies that had searched its scraped database of billions of faces.
19. Documents showed ICE and other agencies running thousands of Clearview searches
Records reviewed by BuzzFeed News revealed that immigration agents and federal investigators had run thousands of searches through Clearview AI. The reporting showed how far the secretive tool had spread across government before any oversight.
20. The FCC proposed about 200 million dollars in fines for selling location data
The Federal Communications Commission proposed fines against the four largest carriers for selling access to customers' real time location data. Critics called the penalties weak given how the data ended up with bounty hunters and others.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: