The niner noteworthy stories of 2017 (week 31)

These are the noteworthy stories, in no particular order, that peaked my interest for this week.

Corporate profits to take more hits from Ukraine cyber attack

I partially disagree on the fact that hackers are getting more and more sophisticated as being the cause to seeing more breaches. Specifically the not-etta breach this article is referring to was certainly not a targeted attack, at least not outside of Ukraine, and certainly not meant to get enormous amounts of money as it’s result. This last fact is strengthened by the fact that even if keys would have been provided, the data would not have been recoverable at all.
Also the mail-address for communication with the supposed ransom holders was down pretty quickly after the attack went global.
Maybe that wasn’t the entire intended result, it has been the outcome for sure.
The fact that shareholders need to expect more breach notifications and other security problems in earnings calls may finally also yield that information security also finally is going to be taken seriously on C-level as well. More then just claiming their company has everything in order or is taking security and privacy of their customers very seriously, the last one mostly claimed just after a massive breach.
source: Reuters (external link)

New Anthem data breach by contractor affects more than 18,000 enrollees

Yep, Anthem again indeed.
Second one in 2 years and it seems even the third one in four years where the first and third at least exposed medical related information.
Two things that stand out however: firstly it was a contractor which means that apparently either this person wasn’t screened well enough or had too much access rights without any oversight. Which leads to the second point, why was somebody able to send a file containing this much personal sensitive data to his/her private e-mail address in the first place?
As earlier this year the Swedish government extremely painfully found out, although more a mistake apparently on that one, E-mail is not suitable for transmitting personal data in any case. Is it that difficult to setup protection mechanisms to prevent or at least detect the misuse of this medium for something it was clearly not designed for?
source: CNBC (external link)

Steve Bannon wants Facebook, Google ‘regulated like utilities’

Some people simply don’t get it, not vthat much news with the current administration in the US I admit. Although comparing Google and Facebook to utilities must be music in the ears of those companies as they have been trying very hard to effectively become “the Internet” for us all. A the cost of our entire privacy obviously.
I wonder how the book 1984 would have changed if Orwell knew about those companies and what they are doing to erode our notion and view towards privacy in the digital world (which obviously has impact to the offline world as well).
That some regulations are required to push back is certainly true. Maybe the European Union has put the right foot forwards with the GDPR. Let’s see if the other foot will follow when the final text of the E-Privacy regulation (following the E-Privacy directive) will be known either next year or maybe even in 2019, you never know with those bureaucrats in Brussels.
source: The Register (external link)

Cnil issues first fine for data protection violations (possible paywall)

It seems the French as well as the British data protection authorities are doing what they should do, fine companies for violations. Although I doubt the car rental company here fined 40000 euro’s are really shocked by the amount.
The Dutch DPA, Autoriteit persoonsgegevens, has fining power since the first of January 2016 and in the almost 2 years it could has never exercised this power itself. Although I believe there were enough opportunities available to put those powers to good usage.
All spa’s in the European Union member states will obtain fining power as per the 25th of May 2018 under the GDPR, it will greatly depend on how they are willing to use it what the impact and enforcement of the rules will mean for our privacy.
source: Telecompaper (external link)

‘Anonymous’ browsing data can be easily exposed, researchers reveal | Technology

I would suggest to read this article and think back to this the next time any company claims they will anonymise your personal data. Also be extremely careful with those browser plugins that say they will protect you from targeted advertising, some of them simply sell your data whilst others sneakily allow certain advertisers that pay the plugin authors to not being blocked.
This is another example of why the Internet must become more privacy-centric as opposed to the data ripping and personal data brokers goldmine it is today.
And yes, that may mean we will have to pay for certain services. What’s wrong with paying for a quality service?
source: The Guardian (external link)

EU privacy watchdog: Privacy shield should be temporary

Interestingly almost 5 months later and apparently a resounding success review of the framework by the EU commission (wonder how they came to that conclusion), the privacyshield framework is as distorted and non-protecting as it’s predecessor.
The EDPS, at least in this article, didn’t want to say if they thought the ECJ would knock it down, I will predict it will do so together with all or some of the standard contractual clauses.
Will this make any difference? Well if we are really serious in Europe to uphold our fundamental right to privacy and the accompanying changing in the GDPR plus the picture unfolding in rewriting the E-Privacy regulation, then privacyshield will indeed be temporary.
The main reason for this is the extra-geographical reach of the GDPR, which by virtue also covers all US based companies that process data from within the European Union either as processor or as controller.
The fact that the current US government leaves all those privacy related positions open maybe part of their “America First” strategy or maybe nobody in their right mind wants to take the possission under this administration, you decide for yourself.
source: (external link)

Amber Rudd claims “real people” don’t care about end-to-end encryption

She has also claimed she doesn’t need to understand encryption to ban it. What Amber doesn’t want to get is that backdoors in encryption won’t work as they won’t be there for just the happy view (GCHQ and NSA) to exploit, but for everybody else who finds what the backdoor is or gets the information because it leaks somewhere.
It is interesting to see that the British government apparently thinks that if criminals and terrorist (and generally everybody who wants to protect their privacy for legitimate reasons) will not move to another platform if WahtsApp helps the government with spying on it’s users (products). Besides that this may be the reason exactly for them to move in the first place, the hole idea of weakening encryption is idiotic.
Although Amber is right in one thing: users use WhatsApp because everybody else does and not because it’s a secure messaging service. If they did, they would all have moved to the Threema platform instead. See Threema’s website (external link) for more details.
source: Ars Technica (external link)

Can cellphones handle vehicle-to-vehicle comms better than radio networks?

First of all: the title is deceaving as smartphones also use radio communication. Secondly, solutions as described to warn drivers for impending collisions already exist all be it in more premium cars from e.v. Volvo.
Okay it doesn’t have the v2v communication aspect nor the municipality mapping and surveillance tech attached either. It also does not come with the privacy issues related to all those cloudy services and surveillance usage of all that camera footage. It also doesn’t tie-up your mobile phone to constant battery draining usage.
As for the insurance rebates, not sure you really want those in exchange for all that personal data on where and how you drive your car either.
source: Ars Technica (external link)

Once-Rejected FAA Software Upgrade May Prevent Planes From Landing on Taxiways

Was it really not possible? or is the response given in 2011 a pure bit of arrogance within the FAA and maybe subsequent evidence of the two “rival” factions within he aviation organisation (one of which is air traffic control)?
If you don’t review and properly evaluate you can’t know what the impact would be either in improved safety or degraded performance.
Ofcourse pilots as well as ATC staff are primarily responsible to the safety of the planes and their pax and fellow crew respectively. Automation, whilst helpful, is certainly not the silver bullet of aviation safety.
What happened in July with the Air Canada incident on SFO exactly will never be truly known though. Because of stupidity the flight data recorder as well as the cockpit voice recorder were long overwritten with new data the moment the data for the incident was requested. Let’s hope the FAA gets it’s act together in this one, all be it six to seven years late.
source: Skift (external link)