At a glance.
- US lawmakers consider bill prohibiting police purchases of phone data.
- Australian cybersecurity coordinator warns against paying ransoms.
- California to investigate handling of HR data.
- Florida to establish Cyber Fraud Enforcement Unit.
US lawmakers consider bill prohibiting police purchases of phone data.
Director of National Intelligence Avril Haines last month declassified a report revealing that the intelligence community has purchased a “large amount” of “sensitive and intimate information” from digital data brokers, including data protected by the Fourth amendment. In the wake of this discovery, members of the House Judiciary Committee are scheduled to meet tomorrow to discuss legislation addressing this issue.
Representative Jim Jordan, a Republican from Ohio, will lead a markup meeting to consider the Fourth Amendment Is Not For Sale Act, a bill that would make such data purchases illegal without a subpoena, court order, or warrant. Warren Davidson, Republican congressman from Ohio, stated, “This unconstitutional mass government surveillance must end.” First introduced in 2021, the bill covers user data obtained from a hacked device and even if disclosure is referenced by a company's terms of service. In other words, Wired explains, the legislation would prevent government agencies and police departments from doing business with companies like Clearview AI, which is under scrutiny for scraping public social media images to populate facial recognition software the company has been offering to law enforcement.
Australian cybersecurity coordinator warns against paying ransoms.
In the wake of a wave of cyberattacks targeting high-profile companies, Australia’s first cybersecurity coordinator, Air Marshal Darren Goldie, is urging victims not to give into hackers’ ransom demands. "Paying a ransom neither guarantees that your data won't be released, nor guarantees that they won't be back next week asking for another ransom," Goldie stated in his first interview since being appointed to the new role. "I think it is a mistake. I think it feeds that criminal model and we'll see Australia become a rich target."
Following far-reaching attacks at Optus, Medibank and Latitude Financial, the cybersecurity coordinator role was established to lead the creation of a new cybersecurity strategy that would afford the federal government more opportunities for intervention. Home Affairs and Cyber Security Minister Clare O'Neil has indicated one change possibly in the works: labeling customer data and systems as critical infrastructure, which would give the government more sway in preventing and reacting to data breaches. ABC adds that during the interview Goldie also warned of the new challenges presented by recent advances in artificial intelligence, and confirmed that 1.4 terabytes of stolen data linked to the recent breach of law firm HWL Ebsworth had been uploaded on the dark web.
California to investigate handling of HR data.
Last week the attorney general (AG) of the US state of California announced he was launching an investigation into large California employers’ compliance with the California Consumer Privacy Act (CCPA). Focused on the handling of data received from employees and job applicants, the probe is a signal that the AG’s office is expecting full compliance with the CCPA with respect to human resources (HR) data, following the expiration of a temporary exemption. As cyber/data/privacy insights notes, covered businesses are required to provide employees and job hopefuls with a notice of the business’s privacy practices, give individuals the right to access, delete, and correct their personal information, and ensure vendors that handle HR data also uphold contractual rules.
Florida to establish Cyber Fraud Enforcement Unit.
FOX 13 Tampa Bay reports that the US state of Florida is standing up its first Cyber Fraud Enforcement Unit in an effort to crack down on digital scams. At a press conference yesterday, Florida Attorney General Ashley Moody explained, "As online crime increases, the enforcement gap continues to grow as federal agencies often focus attention on cases involving multimillion-dollar losses. Noticing this gap in enforcement, I worked with legislative leaders and our law enforcement partners to build a team of expert attorneys to help fill that void and protect Floridians from emerging high-tech schemes."
The unit will be composed of local police, members of the Florida Department of Law Enforcement, state prosecutors, civil attorneys, and analysts. The Federal Bureau of Investigation’s Internet Crime Complaint Center reports that last year alone over 42,000 Floridians lost a total of over $844 million to cyber crime, and Moody notes that often federal agencies must focus only on the larger data breaches (like the recent ZooTampa attack), leaving smaller incidents overlooked. "The federal government was taking on a bulk of those complex cybersecurity investigations,” Moody stated. “And oftentimes because of the demand for resources, the larger cases got a lot of the attention, leaving many folks of small businesses or individuals going and trying to seek help from those agencies. And we needed a specialized trained force here in the state to supplement those federal efforts."