Category: USA

Google – “sharing location” option

24. March 2017

On the 22nd of March 2017 Google Maps, came up with a real time sharing location (the newest “share location” option), which now gives its users an opportunity of sharing their whereabouts with each other. It`s range is said to be from 15 minutes till around three days.

Since now on your friends can follow your location (if you will make it visible for them), for example when you attempt to navigate the city’s bus system or while you are stuck in traffic. Its aim is to make the social life like meetings and hang-outs easier by giving your friend an updated information on your localization.

Furthermore, via this new option, it is also possible to create itineraries, see the most popular local businesses hours, track parking spots or special traffic-destroying events around the area.

All of these facilities have their price to be paid though. Namely, if you will activate this option Google is going to get all the information about your daily habits and rituals (on what you are doing, when, where and which is your favorite coffee shop), which could later be sold for instance to advertisers.

However, Erik Gordon, a student of the University of Michigan’s Ross School of Business´ (entrepreneurship and strategy) says: “If you can couch it in social, it’s your friends that can track you—not that Big Brother can track you, not that an ad server can track you, not that Travis Kalanick can track you”.

Google itself stresses the interface makes it clear that the option to share will be entirely and only in the hands of the individual users when it comes to sharing locations.

Category: Personal Data · USA
Tags:

CIA´s circumvention methods on Wikileaks

10. March 2017

Tuesday, 7th March on Wikileaks there was a release of around 9,000 pages of documents on the U.S. Central Intelligence Agency hacking methods, called “Year Zero”, which revealed CIA´s hardware and software world´s top technology products circumvention methods (including smartphone operating systems exploitation). These methods are believed to allow agents to circumvent encryption apps.

According to a Reuters report U.S. government contractors are suspected by the law enforcement and U.S. intelligence to have likely handed over the information to Wikileaks.

However, after it has already occurred in government contractor employees´ cases (Harold Thomas Martin´s and Edward Snowden´s), sensitive government information leak nowadays remains no wonder anymore.

Google Director, Apple, Microsoft and Samsung believe that they are continuously and accurately looking into any identified vulnerabilities in order to implement necessary protections.

Even though the authenticity of the leaks still awaits the confirmation, the CIA has expressed its concern about the topic.

Open Whisper Systems confirm that there was no Signal protocol encryption break, even though the New York Times originally reported that the CIA could break the encryption of WhatsApp, Signal and Telegram apps.

Category: Cyber Security · Encryption · USA
Tags: ,

European Union’s justice commissioner Jourová threatens to suspend Privacy Shield

6. March 2017

Vera Jourová, the European Union’s justice commissioner, is willing to suspend Privacy Shield in case the Trump administration budges from the result of the negotiation between the Obama administration and the European Union.

The Privacy Shield pact was meant to replace the Safe Harbor decision of the European Commission that was overturned in October 2015 by the European Court of Justice (ECJ). The pact’s purpose is to enable the transfer of EU citizens’ personal data to the US while ensuring the protection of those data.

Concerns about the effectiveness of the Privacy Shield came up as President Trump passed an executive order in January 2017 saying “agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

Although the US Department of Justice already affirmed the US’s commitment to the Privacy Shield, Jourová stays sceptical and wants to keep an eye on the US government’s stance. In case EU citizens’ personal data are not safe in the US Jourová will not hesitate to suspend the pact.

House of Representatives passes Email Privacy Act

22. February 2017

On February 6, 2017 the House of Representatives in the United States of America passed the Email Privacy Act by voice vote, which amends the existing online communications law, in particular the Electronic Communications Privacy Act (ECPA) of 1986.

Within the ECPA, emails stored on a third party’s server for over 180 days are considered to be abandoned. Due to this justification it was enough for law enforcement agencies to provide a written statement certifying that the requested information is relevant to an investigation in order to obtain the content of stored emails. The Email Privacy Act requires authorities to obtain a warrant in order to access emails, data in cloud storage and other digital communications, which are more than 180 days old.

Meanwhile it is the third try for a new law in this field. The last proposal for a regulation also passed the House in the last Congress, but it could not pass the Senate. The first try has already failed in the House. It remains to be seen whether the current proposal of the Email Privacy Act will pass the Senate.

The Email Privacy Act has won the backing of Google, Microsoft and other big players based in the USA.

University of Pittsburgh Medical Center found not responsible for employee data securance

14. February 2017

Last month, the Pennsylvania Superior Court dismissed a class action lawsuit, which was filed against the University of Pittsburg Medical Center and ruled that the University has no responsibility in protecting employee data.

In this incident, the following data was compromised: dates of birth, names, social security numbers, addresses, salary, tax and bank information.

According to the court documents, the University had a breach in 2014, which finally resulted in approximately 788 tax fraud victims by compromising the information of nearly 62,000 UMPC employees.

Even though the University of Pittsburg Medical Center has been ruled not to have any legal duty to protect the personal and financial information of its employees under state law, the ruling is contradictory to a similar case of Texas hospital, which was penalized $3.2 million after a breach of data.

Category: Data Breach · Personal Data · USA

US court: Google must give foreign e-mails to FBI

9. February 2017

Lately, Google has lost a court case (in Philadelphia) on e-mail data storage on foreign server, so that, according to the judgement, from now on the data should be sent to the US FBI security service.

The Court diverges from the existing case-law since, in a recent case, Microsoft has successfully denied the publication of data stored on servers in the European Union, and referred to the legal requirements in the EU.
As a reason for Google’s publishing obligation, the judge argued that Google is constantly copying data between its data centers, so that it should be only needed a further transfer of the data requested by the FBI to the US, in order for the FBI to access it. Although this could be a violation of the rights of the user, this violation would take place in the USA and because of that again covered by the law. According to the court, the data transfer therefore does not represent any access to foreign data anyway.

Following the proclamation of the judgment, Google has already commented on the procedure and announced to appeal against the decision, and continue to oppose to all official demands that go too far. Google has also explained that data is distributed on the servers around the world for technical reasons and in some cases it is not at all clear where the data is being stored. The verdict shows that each year Google receives from the US investigators somewhat 25,000 information requests.

Trump’s Executive Order Impact on the Privacy Shield

8. February 2017

Background

The Court of Justice of the European Union has invalidated the U.S.-EU Safe Harbor framework (October 2015), which was replaced by the Privacy Shield on 12 July 2016.

Enhancing Public Safety in the Interior of the United States” (Executive Order) was issued by the US President Donald Trump on 25th January 2017. This act’s main aim was the immigration laws enforcement in the U.S.

In its Section 14 we may read: “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

The so-called “Umbrella Agreement” (signed on 2nd December 2016) between the U.S. and EU, ensured the personal data transfers for law enforcement purposes. This agreement applies also to the pre-existing agreements between the U.S. and EU along with the various Mutual Legal Assistance Treaties (“MLATs”), Passenger Name Records Agreement, and Safe Harbor framework.

Part 19 of the Umbrella Agreement enables every European citizen to seek judicial review in case of an unlawfully disclosure individual’s personal data or denial of the right to access or amend the personal data in agency’s possession.

Before the Umbrella Agreement, there was no such legal possibility, although the Privacy Act of 1974 extended those rights to permanent residents of the U.S. and its citizens. EU would only agree with the Umbrella Agreement once U.S. extends protections to the European citizens under the Privacy Act, so that the U.S. is expected to comply with the Umbrellas Agreement Art. 19.

Moreover, in February 2016 the Judicial Redress Act was passed as the U.S. and EU got along with each other, which extended protections of the Privacy Act (disclosure, access, amendment) to citizens of “covered countries’’ (as named in the Judicial Redress Act).

On 17th of January 2017 Loretta Lynch (new former U.S. Attorney General) designated “covered jurisdictions’’ (as named in the Judicial Redress act) to include in the Judicial Redress Act all the EU Members apart from Denmark and the UK, which has become effective on 1st February.

The Attorneys General designation however, is not subject to administrative or judicial review (within the Judicial Redress Act).

Conclusion

Donald Trump’s Executive Order is believed not to affect the Judicial Redress Act (which is applicable law in the context of data transfers for law enforcement purposes) in terms of the Privacy Act rights to the European citizens extension, so as to say that the Executive Order should not impact Privacy Shield Framework’s legal viability.

Unresolved is still an aspect of “covered countries’’ designation, as the Judicial Redress Act includes a “covered countries’’ designations removal process, which is still subject of a dispute.

News on federal data breach notification law in the U.S.

18. January 2017

The United States breach notification law is not an uniformed one. There exist separate laws in each 47 states plus District Columbia.

Nowadays, this conglomerate makes law enforcement in the U.S. somewhat complicated, as it has led to tokenization among the White House, consumer groups, retailers and others („Tokenization – when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value“ – source: Wikipedia).

This way card data is being protected while transmitted from one place to another – by storage in point-to-point encryption, retailers´ computer anti-hacking systems and tokanization.

Due to the fact that any business affected by a data breach suffers reputational and financial losses, the idea of obliging every business to publicly report data breaches has raised.

For instance, to diminish the stealing of card data by thieves, retailers have called on banks to replace the U.S. antiquated magnetic stripe credit card system with chip-and-PIN cards commonly used in other parts of the world. It is believed that such a chip is difficult to counterfeit.

Even though so far there have already been taken some steps in favour of solving the data breach problem, there was still no radical step on the legal level taken.

Having it lately noticed, Mallory Duncan – general counsel of the National Retail Federation – states: „Our nation badly needs a federal data breach notification law requiring everyone to disclose their own breaches“ (…) „But a national law needs to be uniform and comprehensive, covering not just retail but telecom companies, banks, credit card companies, card processors and all other entities that handle sensitive consumer data“.

Therefore there is a thorough need for the U.S. of enacting a federal law, which would notify consumers about data breach and help to keep data from being used improperly in order to keep it unbreached. The solution is now being worked on.

The viability of the EU-U.S. Privacy Shield under Trump is questioned

8. December 2016

What happened?

As Bloomberg Law Privacy & Data Security just reported, officials of the European Union stated that they will watch carefully for any signs of U.S. President-elect Donald Trump turning around the EU-U.S. Privacy Shield agreement.

Vera Jourova, EU Justice Commissioner, can be quoted that the European Union would “closely monitor the respect of protection standards and the correct implementation” of the EU-U.S. Privacy Shield “under the new U.S. leadership”.

Why are the concerns raised?

The questions are asked is due to the fact that under the EU-U.S. Privacy Shield data transfers are based on respect for European privacy rights in case European personal data is transferred to the USA for commercial purposes. However, as Trump made comments that can be interpreted so that such privacy rights might be disregarded, during the U.S. presidential campaig, concerns are raised.

Adina-Ioana Valean, Member of the European Parliament, gave a speech at the European Data Protection and Privacy Conference in Brussels and explained that “a lot of things were said” during the U.S. presidential campaign. Therefore, she concluded that “we should sit and wait for the next move and then we can judge”.

 

 

Use of encryption App increases after US election

6. December 2016

BuzzFeed News reported, that after electing Donald Trump the App called Signal has been faced with a 400 percent rise in daily downloads.

This App is a secure communications tool and therefore well-known in terms of technology, journalism and politics. When using this App people are able to text and speak with one another by encrypting end-to-end, so that only the sender and the intended recipient can read or hear the respective message.

The founder of the App called Signal, Moxie Marlinspike, released a statement saying that “There has never been a single event that has resulted in this kind of sustained, day-over-day increase.” Marlinspike explained that “Trump is about to be put in control of the most pervasive, largest, and least accountable surveillance infrastructure in the world (…) People are maybe a bit uncomfortable with him.”

 

Pages: Prev 1 2 3 4 5 6 7 8 9 10 ... 13 14 15 Next
1 7 8 9 10 11 15