By Byron V. Acohido
In the news this week, U.S. citizens boarding international flights might have to submit to a face scan. The Department of Homeland Security says it’s the only way to successfully expand a program that tracks nonimmigrant foreigners. They have been required by law since 2004 to submit to biometric identity scans—but to date have only had their fingerprints and photos collected prior to entry. Now, DHS says it’s ready to implement face scans on departure—aimed mainly at better tracking visa overstays but also at tightening security. But, the agency says, U.S. citizens also must be scanned for the program to work. Privacy advocates say that oversteps Congress’ mandate. “Congress authorized scans of foreign nationals. DHS heard that and decided to scan everyone. That’s not how a democracy is supposed to work,” said Alvaro Bedoya, executive director of the Center on Privacy and Technology at Georgetown University. Trials are underway at six U.S. airports—Boston, Chicago, Houston, Atlanta, Kennedy Airport in New York City and Dulles in the Washington, D.C., area. DHS aims to have high-volume U.S. international airports engaged beginning next year. During the trials, passengers will be able to opt out. But a DHS assessment of the privacy impact indicates that won’t always be the case. Source: ABC News
Amazon, WhatsApp chided for poor privacy practices
Privacy group the Electronic Frontier Foundation scolded Amazon and WhatsApp over their “disappointing” privacy practices. The Who Has Your Back privacy report analyzed the policies and public actions of 26 companies, rating them on industry best practices, privacy policies and their dealing with governments—including “promises not to sell out users” and “stands up to National Security Letter gag orders”. Nine companies earned top ratings, including Adobe, Dropbox, Lyft and Uber. Amazon and WhatsApp were singled out for low scores. Source: The Guardian
Trump hotel guests’ personal information exposed
Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, British Columbia, have had their credit card information exposed, marking the third time in as many years that a monthslong security breach has affected customers of the chain of luxury hotels. The latest instance occurred from August 2016 to March 2017, according to the company’s website, and included names, addresses and phone numbers, as well as credit card numbers and expiration dates. The breach took place on the systems of Sabre Hospitality Solutions, a reservation booking service. Source: The Washington Post
European rules could boost cybersecurity insurance sales
The European Union’s General Data Protection Regulation, to be rolled out in May 2018, will require mandatory notification of serious data breaches. That likely will create a marked growth in cyber insurance revenues and “a shot in the arm” for the non-U.S. cyber market, according to A.M. Best. The ratings agency report says stricter reporting of data breaches will increase transparency and spread risk awareness from major corporations to small-l and medium-size businesses, which will create higher demand for insurance protection. Source: Insurance Journal
Heavy hitters participate in net neutrality protests
More than 80,000 websites, including Facebook, Amazon and Google, participated in an online protest this week against an FCC plan to roll back net neutrality rules. In 2015, rules were enacted that required internet service providers such as Comcast, Charter and AT&T, to treat all internet content equally; they can’t block content or speed up or slow down data from certain websites. The FCC says dropping these rules will boost investment in new technology. Source: CNBC
Russian hackers suspected of targeting U.S. nuclear plants
Russian government-sponsored hackers are suspected of being behind the penetration of computer systems at several U.S. nuclear power plants. The hackers accessed computer systems at at least a dozen nuclear power stations. Techniques used by the hackers mimicked those used by Russian hacking group Energetic Bear, which is believed to have been responsible for attacks on the global energy sector since 2012. Source: Newsweek
Voter fraud commission backs off request for citizens’ data
President Trump’s commission on identifying voter fraud has halted its request for sensitive voter information after multiple legal challenges complicated the mandate. An official from the commission asked states not to give up the information, which includes party registration and partial Social Security numbers, until a judge makes a decision on a lawsuit that claims the data request violates privacy laws. The commission originally asked election officials in all 50 states and the District of Columbia to hand over sensitive information about voters, including their voting history. Dozens of states refused to comply. Source: The Hill
Apple plans facility in China to comply with cybersecurity laws
Apple is setting up its first data center in China, in partnership with a local internet services company, to comply with tougher cybersecurity laws. The tech company said it will build the center in the southern province of Guizhou with data management firm Guizhou-Cloud Big Data Industry. The center is part of a planned $1 billion investment in the province. “The addition of this data center will allow us to improve the speed and reliability of our products and services while also complying with newly passed regulations,” Apple said. Source: Reuters
Verizon customers’ data exposed on unprotected server
A technology company exposed millions of Verizon customer records, ZDNet has learned. As many as 14 million records of subscribers who called the phone giant’s customer services in the past six months were found on an unprotected Amazon S3 storage server controlled by an employee of Nice Systems. The data was downloadable by anyone with the easy-to-guess web address. Chris Vickery, director of cyber risk research at security firm UpGuard, who found the data, privately told Verizon of the exposure shortly after it was discovered in late June. It took over a week before the data was secured. Source: ZDNet
Kaspersky Lab falls from favor with administration
The Trump administration has moved to restrict government agencies from using products produced by the Russian cybersecurity firm Kaspersky Lab. A spokesman for the General Services Administration said it had “made the decision to remove Kaspersky Lab-manufactured products” from a list of outside products approved for use by government agencies that is maintained by the GSA. As such, agencies will not be able to procure the technologies using GSA contracts. Source: The Hill
This column originally appeared on ThirdCertainty.com
