Apple News has a section to help people register to vote, how to become a poll worker in your state, and more.
Max Eddy writes an examination of election engineering and how the U.S. can ensure voting security. The part I think is fascinating is the work of Sam Curry, CSO of cybersecurity company Cybereason. His team has been simulating election attacks to figure out how best to protect our elections.
He’s observed numerous strategies and has advice on how best to protect an election. The people playing the role of defenders, usually given the role of law enforcement, “must create open lines of communication between government departments and also media sources and social media companies,” said Curry. Knowing who to call and when to call them and having a reliable back-up system in case one fails (or is intentionally sabotaged) are all critical.
According to the Cybersecurity and Infrastructure Security Agency, Chinese-affiliated hackers have compromised U.S. government computer systems.
“This beaconing is a result of cyber threat actors successfully completing cyber operations that are often designed around emergent vulnerabilities and reliant on existing exploitation tools,” the advisory states. “CISA observed activity from a Federal Government IP address beaconing out to the threat actors’ [command and control] server.”
Get we just get it together for 10 seconds, please?
A U.S. government contractor called Anomaly Six used its SDK embedded in over 500 apps to track people. Which apps have this SDK is unknown.
Rep. Stephen Lynch, chairman of the House subcommittee on national security, sent separate letters to Apple and Google, wanting assurances these companies could warn users about apps with foreign ties.
At a minimum, Apple and Google should take steps to ensure that users are aware of the potential privacy and national security risks of sharing sensitive information with applications that store data in countries adversarial to the United States, or whose developers are subsidiaries of foreign companies.
Apple can only do so much. They probably can’t check the source code of every app to see if it contains Chinese spying code. And what about U.S. spying code?
The U.S. Supreme Court has upheld a federal ban on robocalls and eliminated an exception that was made for government debt collectors.
Today the Senate Judiciary Committee passed the EARN IT act, a bill that weakens Section 230 protections for social media companies in an attempt to fight online child abuse.
Today a group of Republican senators announced plans to introduce the COVID-19 Consumer Data Protection Act.
The legislation would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data. The bill would also hold businesses accountable to consumers if they use personal data to fight the COVID-19 pandemic.
A good move, I think. We need thoughtful legislation passed to preempt the contact tracing train.
Joe Biden’s presidential campaign announced that Apple executive Cynthia Hogan will join their team as an adviser to search for a running mate.
Several Democratic senators had sent a letter to Tim Cook, questioning the privacy and security of Apple’s COVID-19 app. Today we have Apple’s response.
So right away, the answer to my headline is “probably not.” The article I’m linking to says language of digital dollars was removed from the final version of the stimulus package. But I think it’s worthwhile to think about.
The bill establishes a digital dollar, which it defines as ‘a balance expressed as a dollar value consisting of digital ledger entries that are recorded as liabilities in the accounts of any Federal Reserve Bank or … an electronic unit of value, redeemable by an eligible financial institution (as determined by the Board of Governors of the Federal Reserve System).’
Now may not be the time to introduce entirely new technologies, especially if they slow the release of the package. But I personally like the idea, although I don’t advocate for a completely cashless society as I’ve mentioned before.
The U.S. government is in talks with Facebook, Google, and others to use location data to track the spread of the coronavirus.
Public-health experts are interested in the possibility that private-sector companies could compile the data in anonymous, aggregated form, which they could then use to map the spread of the infection, according to three people familiar with the effort, who requested anonymity because the project is in its early stages.
On the surface, it’s for good intentions (They always seem good on the surface). But we know that in certain situations, data can be de-anonymized. Some questions: How will they use this data? How effective would this be? Will the government keep the database afterward? My initial thought is that I have no problem with medical experts and scientists doing this. But I have no faith in this current administration, or faith in companies like Facebook and Google. What if they created an app to collect this data? That way it’s optional. And please password–protect the server.
Attorney General William Barr wants tech companies like Apple to fight online child sexual abuse even more with “voluntary standards.”
These voluntary principles are built on existing industry efforts to combat these crimes. Some leading companies have dedicated significant resources to develop and deploy tools in the fight to protect children online and to detect, disrupt and identify offenders. Although significant progress has been made, there is much more to be done to strengthen existing efforts and enhance collective action.
First, as I discovered last year Apple started to scan online iCloud content for child sexual abuse material (CSAM). Many other companies do the same. Second, although encryption wasn’t explicitly mentioned, this is undoubtedly (in my opinion) a new development in the war on encryption. Child predators are one of the scary boogeymen used by the government to erode our privacy even further. I of course do support Apple scanning for this content, but it’s not a black and white issue.
Form 2015 to 2019 the National Security Agency (NSA) collected Americans’ domestic phone calls and texts. The program cost US$100 million but only one investigation was able to make use of that data.
Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.
“Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted,” the report said. “The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation.”
A court order is forcing the FCC to once again ask the public’s opinion on whether gutting net neutrality was a good idea. And just like last time, the agency is doing everything possible to distract, deflect, and defend.
In a reminder of just how petty federal telecoms regulation has become, the FCC can’t even take this implicit rebuke professionally. And so it attempted to hide the reality of the situation by flooding its announcements website on Wednesday with suddenly important news and describing the public comment period in the most obscure terms possible.
Between May and July 2019 sensitive data like Social Security Numbers were stolen from servers belonging to the Defense Information Systems Agency (DISA), a U.S. defense agency. Earlier this month it notified victims.
The Defense Information Systems Agency has begun issuing letters to people whose personally identifiable information may have been compromised in a data breach on a system hosted by the agency. While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised.
Sen. Kirsten Gillibrand (D-NY) proposed a bill called the Data Protection Act that would create a federal U.S. data protection agency.
Although the U.S. hasn’t shared it publicly, it claims to have found actual evidence of Huawei backdoors.
The United States has long claimed that Huawei can secretly access networks through the networking gear it sells to telcos, but the goverment previously argued that it doesn’t need to show any proof. US officials still are not providing such evidence publicly but have begun sharing their intelligence with other countries.
The best part is that, according to The Wall Street Journal, the origin of this report, these backdoors were intentionally put into place for law enforcement. And yet, the DoJ wants Apple to put backdoors in iOS that they swear can only be accessed by law enforcement, and definitely not foreign state hacking groups.
At the China Initiative Conference, government officials from the FBI and DoJ spent four hours talking about theft of U.S. intellectual property by China.
“The threat from China is real, it’s persistent, it’s well-orchestrated, it’s well-resourced, and it’s not going away anytime soon,” John Demers, Assistant Attorney General for National Security, opened the conference.
“This one to me really stands out as the greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality,” said FBI Director Christopher Wray.
An investigation revealed that the Trump admin bought access to a commercial database that contains location data from millions of Americans.