At a glance.
- The UK's ICO receives scrutiny over its treatment of the adtech industry.
- Update on University of Vermont Health Network incident.
- Zoom and the Federal Trade Commission reach an agreement.
ICO under fire for ending investigation of RTB advertising.
The UK Information Commissioner’s Office (ICO) is being challenged after closing a complaint raised against the adtech industry’s real-time-bidding (RTB) procedures, reports TechCrunch. The complaint, filed in 2018 by the executive director of the Open Rights Group and a University College London digital rights lecturer, claimed that the use of personal data in RTB without clear consent inherently goes against the General Data Protection Regulation (GDPR). The ICO itself supported this claim in a report last year, a deputy commissioner stating that they were concerned about how special category data was being handled. The ICO then put the investigation on hold earlier this year due to the pandemic, and now has completely closed the complaint, claiming that they have explored the issue “to the extent appropriate.” The complainants are challenging the decision, stating that the ICO is simply trying to avoid regulating the complex issue.
Malware interrupts University of Vermont Health Network services.
As the CyberWire previously reported, US hospitals have been experiencing a wave of targeted ransomware campaigns. Yet another healthcare institution has been crippled by a cyberattack, reports AP News, though it is unclear if ransomware is to blame. The University of Vermont (UVM) Health Network’s main computer server was breached by malware last month, affecting the entire system that serves UVM’s six hospitals and one thousand physicians. Scheduling for various procedures has been impacted by the attack, and up to three hundred employees have been furloughed or re-assigned. Threatpost reports that the Federal Bureau of Investigation and the Vermont National Guard have been working with UVM to inspect end-user devices for signs of malware.
FTC and Zoom reach settlement over alleged security deception.
As an earlier business generation did with the corporate name "Xerox," which came to be both a noun for photocopier and a verb for the action of photocopying, today's workforce has done with "Zoom."
Ever since the pandemic compelled many businesses to go remote, “Zoom” has become virtually synonymous with the word “meeting.” The main reason Zoom became a go-to for video calling was of course its availability, but there was also its business-friendliness, and its eventual promise of end-to-end encryption so impenetrable, even Zoom itself could not access the content.
Unfortunately, this promise was flawed, and the US Federal Trade Commission (FTC) took Zoom to task for what it considers deliberate deception of users, reports TechCrunch. According to the FTC, Zoom’s encryption was far less secure than asserted, and the company was saving cryptographic keys that would allow Zoom to access users’ meeting content. The FTC also found that Zoom was installing a web server on user computers without permission and storing unencrypted meeting content for weeks. After the FTC filed its complaint, Zoom worked to improve security; last month it fulfilled its promise of end-to-end encryption and removed the secret web server. SecurityWeek reports that the FTC’s settlement would require that Zoom also create a program to resolve its privacy issues and regularly check software for security flaws.