FCC Teams with States to Monitor ISPs on Consumer Privacy

The Federal Communications Commission has set its sights on Internet service providers, formalizing an understanding with state attorneys general to protect consumer data and police privacy abuses. Initially, the memoranda of understanding (MOU) with the FCC’s Privacy and Data Protection Task Force includes the attorneys general of Connecticut, Illinois, New York and Pennsylvania, but could expand. As per the MOU, the entities will “share close and common legal interests in working cooperatively to investigate and, where appropriate, prosecute or otherwise take enforcement action” in relation to privacy, data protection and cybersecurity issues. Continue reading FCC Teams with States to Monitor ISPs on Consumer Privacy

U.S. Agencies Join Global Coalition in Secure Software Push

The U.S. and a coalition of international government agencies have issued joint guidance that aims to get software companies to heighten security for their products. “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” takes the position that today’s software is insecure by default and it is the customer’s burden to take steps to make it safe. Manufacturers should make their products safe before they ship by taking steps including deprecating the “default password,” writing their programs using only secure coding languages, providing free patches and setting up vulnerability reporting programs. Continue reading U.S. Agencies Join Global Coalition in Secure Software Push

Biden Advocates Tougher Cybersecurity for Private Enterprise

The Biden administration has issued rules requiring key U.S. companies to meet minimum cybersecurity standards. The new National Cybersecurity Strategy (NCS) calls on software makers and American industry to be more active in the fight to repel hackers and ransomware groups even as the FBI accelerates global efforts to disrupt bad actors. Although the strategy is a policy document rather than an executive order, it represents a major policy shift, escalating participation by both the public and private sectors, while anticipating legislative changes required to give teeth to the plan. Continue reading Biden Advocates Tougher Cybersecurity for Private Enterprise

Federal Government Creates Strike Force to Fight Tech Theft

The U.S. is increasing efforts to thwart technology theft, launching what some are calling a “hack back” attack against adversaries who use illegal means in attempts to steal developmental secrets or strike at supply chains. Operating from 12 metropolitan regions, the new Disruptive Technology Strike Force (DTSF) will enforce laws protecting U.S. advanced technologies from illegal acquisition and use by nation-states. The goal of the DTSF — a joint venture of the Department of Justice and the Commerce Department — is “to strike back against adversaries trying to siphon off our best technology,” deputy attorney general Lisa Monaco said. Continue reading Federal Government Creates Strike Force to Fight Tech Theft

Apple Introduces New iCloud Encryption to Prevent Hacking

Apple is adding a new end-to-end encryption option for iCloud data that will further protect backups, photos and notes. Called Advanced Data Protection, it will shield even Apple from seeing some of the most sensitive data users store on its servers. The change reportedly makes it impossible for Apple to provide law enforcement with the contents of encrypted files. The company says the security enhancements will help protect its customers from the most sophisticated hackers. The feature rolls out this week for those participating in Apple’s Beta Software Program. Continue reading Apple Introduces New iCloud Encryption to Prevent Hacking

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

Social Media Rapid Response Tested in the Wake of Violence

In the wake of criticism for its response time with regard to takedowns of videos of the mass shooting in Buffalo, New York, Meta Platforms has released metrics that show it removed 21.7 million pieces of violent or incitement content from Facebook in Q1 2022, nearly doubling the number from the previous quarter. The Buffalo gunman used a helmet-mounted camera to live-stream his killing spree to Twitch, owned by Amazon, and recordings circulated on platforms including Facebook, Twitter, Reddit and Google’s YouTube. Platforms were challenged by the speed of downloads and reposts even after the footage was removed. Continue reading Social Media Rapid Response Tested in the Wake of Violence

Clearview to Limit Sales After Settling Illinois Privacy Lawsuit

Facial recognition software company Clearview AI has agreed to limit U.S. sales of its identity database to businesses and other private actors as part of a lawsuit settlement. The case, brought by the American Civil Liberties Union (ACLU) and other groups, was filed in state court in Illinois, where the Biometric Information Privacy Act (BIPA) is considered the nation’s strongest data privacy law. The lawsuit alleged that Clearview routinely scraped images of state residents from the Internet without obtaining their permission or making them aware of the practice. Continue reading Clearview to Limit Sales After Settling Illinois Privacy Lawsuit

Agencies Warn That Hackers Are Targeting Control Systems

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

SMART Copyright Act Updates DMCA in Fight Against Piracy

Senators Thom Tillis (R-North Carolina) and Patrick Leahy (D-Vermont) introduced the SMART Copyright Act of 2022, bipartisan legislation they say will “hold tech accountable by developing effective, widely-available measures to combat copyright theft.” While intellectual property owners see the proposal as a positive step to protect creators, critics view it as a potential threat to free speech. Essentially an update to 1998’s Digital Millennium Copyright Act, SMART allows the U.S. Copyright Office to create standard technical measures (STMs) to protect rightsholders through a filtering system implemented by online hosting platforms. Continue reading SMART Copyright Act Updates DMCA in Fight Against Piracy

Clearview Facial Recognition Adds Deblur and Mask Removal

Undeterred by lawsuits and demands to stop scraping social media, facial recognition firm Clearview AI is plowing ahead with efforts to expand its database and introduce new tools. Company co-founder and CEO Hoan Ton-That said Clearview has collected more than 10 billion images from social media and the Internet, while the company is adding new tools to help users, often law enforcement, obtain matches. Most recently, the company developed a deblur tool in addition to mask removal, which uses machine learning to recreate the covered part of a person’s face. However, use of such tools raises concerns that individuals could be wrongly identified or biases could result. Continue reading Clearview Facial Recognition Adds Deblur and Mask Removal

Government Reveals U.S. Agencies Using Facial Recognition

The federal Government Accountability Office (GAO) revealed that, out of 24 U.S. government agencies surveyed, 19 of them are using facial recognition, including the Department of Defense, the Department of Homeland Security (DHS) and numerous other smaller agencies. The GAO report added that as use of facial recognition “continues to expand … members of Congress, academics, and advocacy organizations have highlighted the importance of developing a comprehensive understanding of how it is used by federal agencies.” Continue reading Government Reveals U.S. Agencies Using Facial Recognition

U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

Massive Ransomware Attack Affects Hundreds of Businesses

Software company Kaseya was targeted by a cyberattack starting Friday that has since spread to hundreds of mainly small and medium-size businesses. On Monday, Kaseya chief executive Fred Voccola reported to Anne Neuberger, the deputy national security advisor for cyber and emerging technology, that the attackers demanded a $70 million ransomware payment and that his company wasn’t aware of any breach of critical infrastructure impacting national security. According to experts, the attackers may be members of REvil, a Russian cybercriminal group. Continue reading Massive Ransomware Attack Affects Hundreds of Businesses

Bitcoin Ransom Recovery May Impact Cryptocurrency Status

Bitcoin is touted as a secure, decentralized and anonymous way to conduct financial transactions, one reason why cybercriminals use it or some other cryptocurrency when conducting illegal business, whether it’s drug trafficking or ransomware. But this week the Justice Department revealed that it traced and recovered 63.7 of the 75 Bitcoins ($2.3 million of the total $4.3 million) that Colonial Pipeline paid in ransom to release its computer systems. The feds declined to detail how they recouped the Bitcoin. Meanwhile, El Salvador has become the first nation to formally adopt Bitcoin as legal tender. Continue reading Bitcoin Ransom Recovery May Impact Cryptocurrency Status