MENTIS

Week of October 12, 2018

MENTIS
news

Week of October 12, 2018

The Incredible Unpopularity of Google+ May Be It’s Saving Grace*:

Around the time that Mark Zuckerberg was dealing with the beginnings of the massive headache that would become known as the Cambridge Analytica data scandal—a data-privacy leak that precipitated months of public-relations hell for Facebook—Google was facing down a privacy issue of its own.

From 2015 to March 2018, The Wall Street Journal reported Monday, a software glitch potentially exposed the personal data of hundreds of thousands of users on Google+, the company’s long-suffering social network, to outside developers.

Fearing a comparison to Facebook, however, Google’s legal and policy staff warned that it was inadvisable for the company to reveal the incident to the public.

Doing so, they argued in a memo to senior executives, would trigger “immediate regulatory interest” and cause “reputational damage.” An internal committee at Google decided not to notify Google+ users. C.E.O. Sundar Pichai was made aware of the plan.

Google, it seems, was attempting to avoid the scrutiny—from watchdog groups and lawmakers alike—that has so plagued its social-media cohorts.

But in the wake of the breach, the company seems to have given up on its largely failed, seven-year-old social network altogether.

In a blog post on Monday, after the Journal story was published, the company informed users that it had immediately “patched” the bug, and that it could not find evidence that any data was misused, but that Google+ would nonetheless shutter in the next 10 months, leaving only an enterprise version operational for select users.

Moreover, after years of trying to dissuade the tech press from writing about Google+’s abysmal metrics—even in 2015, a few years after its launch, only 9 percent of Google+’s 2.2 billion users were estimated to be actively posting public content—Google is now leaning in to the site’s unpopularity.

Google+ has low usage and engagement, with 90 percent of Google+ user sessions coming in at less than five seconds

Despite what seems like myriad attempts to distract from the data breach, the company’s choice to obfuscate may yet carry consequences.

In March 2011, the F.T.C. cracked down on the first iteration of Google+, then called Google Buzz, charging the company with “deceptive tactics” and violating its own privacy policies.

In a settlement with the agency, Google agreed to implement a privacy program to protect user data.

This new report could very well give regulators an opening to go after the tech giant.

*Source: Vanity Fair, October 08, 2018

https://www.vanityfair.com/news/2018/10/google-finally-kills-off-google-plus-after-masking-a-security-breach


Twitter in Trouble Due to Non-Compliance With GDPR Guidelines*:

According to recent reports by Fortune, Irish authorities have pulled Twitter to task for not responding to a user request, which calls for non-compliance of the General Data Protection Regulation (GDPR).

Apparently, a researcher requested more detailed information from Twitter regarding what data it collects when users click an auto-shortened link in a tweet.

Initially, the sole purpose of link shortening tool was to save characters in a limited space provided for a tweet.

However, these services also posed significant risks when used in private messages.

The social media company refused to comply with such request, leading to the intervention of European Privacy authorities.

Under the European Union’s General Data Protection Regulation (GDPR), European citizens have the right to ask data companies of how much data they collect and what is done with it.

The researcher alleges that Twitter sought to escape on grounds of the “disproportionate effort” it would take to gather the data he requested.

Although GDPR has a provision concerning “disproportionate effort.” Veale argues that this provision acts like a safe cover for not being transparent enough.

Veale drafted a complaint to the Irish Data Protection Commission (DPC), which finally, agreed to take the investigation of Twitter further, where the European Data Protection Board will handle it.

According to the GDPR, maximum fines per violation are 4 percent of the company’s turnover or $20 million, whichever accounts to be more.

With Twitter’s 2017 revenues subsuming up to $2.4 billion, a GDPR fine, if imposed now, can hit the company at $96 million.

*Source: Daze Info, October 15, 2018

https://dazeinfo.com/2018/10/15/twitter-in-trouble-non-compliance-gdpr-guidelines/


Nearly All of the New US Weapons Systems Vulnerable to Cyber Attacks*:

"Nearly all" the weapons systems that were being developed by the US military from 2012 to 2017 are vulnerable to cyber-attack, according to a new report by the Government Accountability Office.

The watchdog's report says the GAO "found that from 2012 to 2017, (Department of Defense) testers routinely found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development."

During some of the tests, testers were able to hack into some of these complex weapons systems and take control over them "using relatively simple tools and techniques."

In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing

In some cases, the "weapon systems used commercial or open source software but did not change the default password when the software was installed, which allowed test teams to look up the password on the internet and gain administrator privileges."

One of the reasons that the weapons systems are so vulnerable to cyber-attack is their connectivity to other systems, something long seen by the Pentagon as an advantage.

Weapons like the F-35 Joint Strike Fighter have been celebrated for their ability to connect to a range of other systems, allowing critical military information to be more easily shared.

But the GAO's reports say that connectivity makes weapons systems vulnerable as potential hackers would only need to penetrate one of the connected systems to potentially gain access to the others.

The revelation that so many Pentagon weapons systems are vulnerable to cyber-attacks raises questions about the billions of dollars the US has invested in its various programs.

The report said that part of the problem was the fact that cyber-security has only recently been emphasized when developing requirements for these systems.

The report did say the Pentagon "is taking steps to improve its understanding of its weapon systems' vulnerabilities, determine how to mitigate risks from those vulnerabilities, and inform future development of more secure systems."

The Department of Defense recently released its cyber strategy which said the Pentagon is seeking to incorporate cyber-security awareness throughout the institutional culture of the department.

*Source: CNN Politics, October 09, 2018

https://edition.cnn.com/2018/10/09/politics/us-weapons-report-vulnerable-cyber-attacks/index.html


Study Finds That DNA Databases Can Send the Police or Hackers to Your Door*:

More than 60 percent of Americans who have some European ancestry can be identified using DNA databases — even if they have not submitted their own DNA.

Enough people have done some kind of DNA test to make it possible to match much of the population

So even if you don’t submit your own DNA, if a cousin does, it could lead people to you.

Not only could police use this information, but so could other people be seeking personal information about someone.

Earlier this year, police said they used DNA from a public database to catch former California police officer Joseph DeAngelo, suspected of being the “Golden State Killer”.

A distant cousin had taken a commercial DNA sequencing test, and those sequences were used to narrow the suspect list down to DeAngelo.

DeAngelo was caught when police got DNA off a tissue he threw into a trash can; it matched samples taken from the scenes of dozens of rapes and murders across California.

Police are making use of this tool, the team at genealogy website MyHeritage and at Columbia University in New York said.

Between April and August 2018, at least 13 cases were reportedly solved by long range familial searches.

Genetic genealogy databases act like a GPS system for anonymous DNA – the family trees set a coordinate system, in which the DNA of each individual in these databases is like a beacon that illuminates hundreds of the individual’s relatives who are not in the database.

Therefore, even if a specific individual is not in these databases, a relative of theirs could be, which is enough to identify them.

Once a genetic database covers roughly 2 percent of the adult population, a match of a third cousin or closer is expected for almost all persons of interest

As of April 2018, more than 15 million people have undergone direct-to-consumer autosomal genetic tests, with about 7 million kits sold in 2017 alone.

*Source: NBC News, October 12, 2018

https://www.nbcnews.com/health/health-news/dna-databases-can-send-police-or-hackers-your-door-study-n919236


US Credit Card Giants Flout India’s New Law on Personal Data*:

When the clock struck midnight in Delhi at the end of Monday, Visa, Mastercard and American Express were suddenly in violation of the law every time an Indian swiped a credit or debit card.

They also became unwilling warriors in a budding conflict between America’s technology giants and the Indian government, which wants more control over the data they collect on India’s 1.3 billion residents.

The spark for the current fight is a new regulation, issued in April and in effect starting Tuesday, that requires payments companies to store all information about transactions involving Indians solely on computers in the country.

The rule and the hubbub over it are part of a debate over a concept known as “data localization,” in which a country places restrictions on data as a way to gain better control over it and potentially curb the power of international companies.

American firms have lobbied hard against data localization rules around the world.

In India, Visa, Mastercard and American Express, as well as other financial players like Amazon and PayPal, said they needed more time to comply with the order by the country’s banking regulator, the Reserve Bank of India.

The companies told the R.B.I. that their fraud detection and other data processing systems were distributed on machines across the world and could not be quickly redesigned to work in India alone.

As an alternative, they offered to store copies of the Indian data in the country for easy access by regulators, tax authorities and law enforcement.

In recent phone calls to the top Indian executives of the major payment companies and in letters to the companies last week, the banking regulator warned that it would take action, including imposing fines, if they missed the Monday night deadline.

Spokesmen for Visa and American Express declined to comment on their response to the local storage rule. Representatives of Mastercard and the R.B.I. did not respond to multiple requests for comment.

*Source: New York Times, October 15, 2018

https://www.nytimes.com/2018/10/15/technology/visa-mastercard-amex-india-data-law.htm

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top