NIST released guidelines on cybersecurity for internet-connected devices

18. November 2016

The National Institute of Standards and Technology, NIST, just released guidelines on cybersecurity for internet-connected devices. These guidelines are called Systems Security Engineering: Considerations for A Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. The Guidance “addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems.”

One of the main topics is the fact that the guidelines imply the importance of engineering Internet-connected devices in a way that security systems are directly built into the design and manufacturing processes. Furthermore, the guidelines describe the whole engineering process in order to improve cybersecurity, and reduce risk by implementing “trustworthy secure systems capable of protecting stakeholder assets.”

On top of this the guidelines state that the “objective is to address security issues from a stakeholder protection needs, concerns, and requirements perspective and to use established engineering processes to ensure that such needs, concerns, and requirements are addressed with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of the system.”

Category: General

Reuters: U.S. companies ask Trump to support encryption

17. November 2016

This week, Reuters reported that U.S. internet companies, such as Facebook and Amazon have sent a detailied letter including a list of their policiy priorities to President-elect Donald Trump. Among the topics of these policies are encryption, immigration reform and maintaining liability protections from user’s content.

The mentioned letter was sent by the so called Internet Association, which is a group of 40 members, also including Alphabet’s Google, Uber and Twitter. The letter tries to repair the relationship between the internet giants and Trump due to the fact that he was almost universally disliked during the presidential campaign.

The president of the Internet Association, Michael Beckermann signed the letter talking about “The internet industry looks forward to engaging in an open and productive dialogue”. Furthermore, Beckerman issued a statement  syaing that the internet industry looked forward to working closely with Trump and lawmakers in Congress in order to “cement the internet’s role as a driver of economic and social progress for future generations.”

The letter describes some of the policies which go along with Trump’s prior statements, for example easing the regulation on the sharing economy and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market.

However, other topics are likely to be opposed with Trump’s campaign as he offered numerous broadsides against the tech sector.

 

 

FBI statistic: 87% of the needed data could be accessed in 2016

15. November 2016

Motherboard online just published numbers that were disclosed by the FBI concerning whether the FBI is able to unlock most devices they need to get into.

According to General Counsel Jim Baker the FBI is able to unlock or/and access data stored on both smartphones and computers. This statement is supported by the numbers that were released.

In 2016 the FBI

  • has encountered passwords or passcodes in 2,095 out of 6,814 – 31%,
  • with regard to the 2,095 devices that were locked, the investigators were able to get access in 1,210 cases and
  • couldn’t unlock around 880 devices.
  • In conclusion, in the vast majority of cases, namely 87%, the FBI was able to access the data that was needed.

Concidering that the FBI and Apple fought in court earlier this year regarding the FBI’s request to help breaking into the iPhone of an alleged terrorist who killed 14 people in a shooting and that this case led to a battle on encryption in which the FBI argued that encryption, which cannot be broken, supports criminal investigations rather than making them harder due to the fact that access to the data can sometimes lead to important evidence on a suspect or on a victim’s phone or computer.

However, the mentioned numbers, that have so far never been published, “demonstrate that even with encryption turned on by default on all newer iPhones and some Android phones, it is posing a problem in a relatively small number of cases – while that same encryption is presumably preventing a wide range of crimes”, according to Kevin Bankston, the director of the New America.

 

INTERPOL suggests that governments share terrorists’ biometric data

11. November 2016

The IAPP just published an article saying that INTERPOL calls on governments around the world to share terrorists’ biometric data in order to increase global security.

This statement was issued by INTERPOL’s General Assembly saying that it currently possesses information about 9,000 terrorists. However, only 10 percent of these files include biometric information. INTERPOL’s Secretary General, Jürgen Stock, explaines that this can be seen as “a weak link” in the prevention of terrorism.

On one side, some countries – among these are multiple ASEAN countries – have taken big steps with regard to data sharing as they have recently agreed to share biometric data for the purposes of counter-terrorism. On the other side, many governments are still discussing how to handle biometric data domestically. So the sharing of data would be one step ahead.

However, governments worldwide becoming more and more interested in biometric security which might help to fight terrorism. The mentioned suggestion of INTERPOL might also increase this kind of cooperation.

 

“We need to have a wide discussion about data in Germany”

10. November 2016

Reuters online reported that Telefonica Deutschland’s chief executive, Thorsten Dirks, said in an interview “People are right to scrutinize any attempt to make money off their data. At the same time they are a handing over data voluntarily to companies such as Google and Facebook”. He concludes that there is a double standard among consumers.

At the moment Telefonica Deutschland holds anonymized data of 44 million mobile customers. These information could be used to track the movements of crowds and traffic, as well as “many other areas that we at the moment cannot think of”, according to Dirks.

Dirks explained that Telefonica aims to be a platform for all devices connected to the internet and therefore processing all sorts of data gathered from sensors in cars, electronic devices and household apparel.

German Office for Information Security declares: sensitive data is very low protected on smartphones

9. November 2016

The German Office for Information Security (BSI) published a survey concerning the security of personal data on smartphones.

  • 20,7 % of smartphone users do not have any security measures implemented against unauthorized access.
  • However, 74,6 % of smartphone users store sensitive data on their mobile device. This data includes for example pictures, videos, contact inforamtion, passwords and health data.
  • Not even 46,3% of smartphone users have basic protection measures implemented, such as software updates.

Arne Schönbohm, chairman of the BSI, commented in the respective press release that although smartphones can be seen as a computers in your pocket, the necessary security measures have not yet been established on these as on your computer at home.

 

Category: German Law · Personal Data
Tags:

ICO announces that Facebook agrees to suspend disclosures of personal data from WhatsApp’s users

8. November 2016

After WhatsApp announced in August changes in its privacy policy, several EU DPAs announced monitoring activities in order to ensure the proper use of WhatsApp user’s data. One of these changes on the privacy policy, involved disclosure of personal data of WhatsApp users to Facebook in order to fight spam and improve both, WhatsApp and Facebook’s services.

The EU DPAs had requested WhatsApp not to carry out such disclosures until an adequate level of data protection could be ensured.

On Monday, ICO announced that Facebook agreed to suspend these disclosures. ICO already remarked that consumers were not adequately protected and in most cases a valid consent was not in place. Moreover, it has requested both companies to undertake in writing to inform users about the purposes for which their data will be used. Until now, none of the companies has signed such committment.

If enforcement action takes place, huge fines may be imposed. This is especially relevant upon the applicability of the GDPR from May 2018.

Other EU DPAs, such as Spain, will contact Facebook regarding WhatsApp’s privacy policy.

On the other side, Facebook stated that it only collects the data necessary to offer their services and only a part of this data is shared with Facebook. A Facebook spokeswoman confirmed that WhatsApp’s update complies with applicable law, including UK law and that they will continue the conversations with the ICO regarding the questions raised on the Privacy Policy.

Mass Audit in Germany concerning 500 firms’ cloud transfers

As the IAPP just published online, 10 of the 16 German Data Protection Authorities, have begun to assess firms’ transfer of personal data to cloud services based outside of the EU.

According to a joint statement of the respective Data Protection Authorities this is due to the fact that cross-border personal data transfers are growing massively, because of globalization and the rise of software-as-a-service.

Therefore, a mass audit is conducted, which takes about 500 randomly selected companies of various sizes into account. This audit is based on questionnaires asking about their transfers of employee and customer personal data to third countries, in particular to the U.S. while using services such as:

  • office apps,
  • cloud storage,
  • email and other communications platforms,
  • customer service ticketing,
  • support systems and
  • risk management and compliance systems.

In case a company transfers personal data to third countries, it has to show the legal grounds they are using, for example Standard Contractual Clauses or the EU-U.S. Privacy Shield.

The Article 29 Working Party talks about the EU-U.S. Umbrella Agreement

2. November 2016

The Article 29 Working Party published a statement on the EU-U.S. Umbrella agreement at the end of October.

On one side, the statement shows signs of support for the EU-U.S. Umbrella Agreement. However on the other side, it delivers recommendations in order to make sure that the agreement is compliant with European data protection law.

In general, the Article 29 Working Party supports the creaction of a general data protection framework in order for international data transfers to be compliant with national, European and international data protection laws.  Therefore, the Article 29 Working Party elaborates that the respective agreement “considerably strengthens the safeguards in existing law enforcement bilateral treaties with the U.S., some of which were concluded before the development of the EU data protection framework”. 

However, it is also mentioned that clarification is needed in terms of definitions, for example how to define personal data and data processing, due to the fact that European and U.S law have different opinions on what is meant by these terms.

The Article 29 Working Party put a bad light on Yahoo and WhatsApp

31. October 2016

The IAPP reported, that the Article 29 Working Party issued a warning concerning possible violations of European data protection regulations in form of a letter to both Yahoo and Whatsapp.

Both companies have been topic of public debate due to the way they handle the personal data of users. The concerns of the Article 29 Working Party regarding WhatsApp are that the company shares data with Facebook. Whereas, the objections towards Yahoo are raised due to both data breaches in 2014 and due to the allegation that the company scans incoming user emails for U.S. law enforcement agencies.

Therefore, the Article 29 Working Party requests that both companies provide more information on the problems. It can not be ruled out that investigations are launched and fines are imposed.

Pages: Prev 1 2 3 ... 7 8 9 10 11 12 13 ... 22 23 24 Next
1 8 9 10 11 12 24