At a glance.
- Privacy risk rises during remote work.
- Steps to protect privacy even during a state of emergency (like the pandemic).
- YouTube faces privacy suit.
- Iranian threat actors pursue information in US agencies and companies.
- iOS 14 seeks to embed informed consent.
- An update on Zhenhua Data.
Risks are near when workers are far.
A new Trend Micro survey of remote workers in twenty-seven countries found that thirty-nine percent access company data on their personal computers, thirty-six percent don’t password protect all of their devices, seventy percent connect company property to their home network, and fifty-two percent have vulnerable networked Internet of Things gadgets. A cyberpsychology expert recommends “tailored cybersecurity training.”
Pandemic privacy matters.
The Forbes Technology Council maintains that rights to privacy and data protection persist in times of global panic, and should be promoted by curtailing unnecessary data collection, educating the public about data control options, employing two-factor authentication, installing apps judiciously, and using strong passwords, writing, “Neglecting to factor in big data security and shoving it down till later is a dicey decision.”
UK families subscribe to YouTube youth privacy suit.
The first of its kind, a UK “class action style lawsuit” brought by a “tech justice nonprofit” seeks over $3 billion in damages for 5 million families following allegations that Google-owned YouTube collected minors’ data for sponsors in violation of the UK Data Protection Act and EU General Data Protection Regulation, Android Central reports. The representative claimant said, “There's a massive power imbalance between us and them, and it needs to be fixed.” The lawsuit comes one year after a $170 million Federal Trade Commission fine for violating the US Children’s Online Privacy Protection Act.
Tehran claws its way into Washington.
An Iran-based cybercriminal linked to the Pioneer Kitten group has gained and maintained access to US networks and federal agencies via VPN, Citrix NetScaler, and F5 vulnerabilities, according to a Cybersecurity and Infrastructure Security Agency alert. “Information technology, government, healthcare, financial, insurance, and media” industries are the primary mark. The threat actor, a Tehran-tied contractor with commercial interests in the activity, is peddling entrée to exposed networks online, and likely intends to commence ransomware attacks.
“iOS unEviling” drops gauntlet in privacy duel.
Apple says its iOS 14 operating system will compel apps to obtain consent before harvesting user data at the beginning of 2021. Publishers dependent on behavioral marketing are apoplectic about their ad earnings, with some threatening to pull their wares from the App Store, but others are keen to adapt to a shifting privacy landscape and take back the power from Facebook and Google intermediaries, The Conversation reports. The iOS “uneviling” (a Freudian typo?) positions Apple as a champion of consumer rights without damaging their hardware and software-heavy revenue streams.
Update on that Zhenhua database.
Investigations into the database leaked from Zhenhua Data continue. The Guardian describes how Canberra-based Internet 2.0 was able to extract information from the (corrupted) files. Zhenhua maintains that there’s nothing particularly sinister about the database: essentially, the information in the database is marketing data. The Register summarizes reasons for thinking the purpose is espionage. Their conclusion is based on the results reported in an academic paper by the Fulbright University of Vietnam's Christopher Balding, "Chinese Open Source Data Collection, Big Data, And Private Enterprise Work For State Intelligence and Security: The Case of Shenzhen Zhenhua."
The Australian government’s reaction to the incident has been subdued, but the Labor Party has called upon the Information Commissioner to open an investigation. Reaction from India’s government has been similarly low-key. Since the information was publicly available, the Economic Times reports, the government’s view is that there’s no question of either surveillance or espionage.