The latest change to California data breach notification law, Edward Snowden advocates for encryption, and Pokemon Go privacy concerns round out this week's news.
The Guardian: Without Encryption, We Will Lose All Privacy. This is Our New Battleground
By: Edward Snowden
"In every country of the world, the security of computers keeps the lights on, the shelves stocked, the dams closed, and transportation running. For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the US Intelligence Community’s Worldwide Threat Assessment – that’s higher than terrorism, higher than war. Your bank balance, the local hospital’s equipment, and the 2020 US presidential election, among many, many other things, all depend on computer safety."
Business Insider: Google Exec Says Nest Owners Should Probably Warn Their Guests that Their Conversations are Being Recorded
By: Aaron Holmes
"Google's Nest smart devices are always listening — their microphones detect loud noises and cameras track sudden movements in a home, and can start automatically recording at any time. Because of that, Nest owners should probably warn their house guests that they're on camera, according to Google devices chief Rick Osterloh.
When asked by a BBC reporter whether homeowners with Nest have such an obligation, Osterloh first said he hadn't considered it. 'Gosh, I haven't thought about this before in quite this way,' Osterloh said. 'It's quite important for all these technologies to think about all users... we have to consider all stakeholders that might be in proximity.'"
Bloomberg: Amazon Workers May Be Watching Your Cloud Cam Home Footage
By: Natalia Drozdiak, Giles Turner, & Matt Day
"In a promotional video, Amazon.com Inc. says its Cloud Cam home security camera provides 'everything you need to monitor your home, day or night.' In fact, the artificially intelligent device requires help from a squad of invisible employees. Dozens of Amazon workers based in India and Romania review select clips captured by Cloud Cam, according to five people who have worked on the program or have direct knowledge of it. Those video snippets are then used to train the AI algorithms to do a better job distinguishing between a real threat (a home invader) and a false alarm (the cat jumping on the sofa)."
Motherboard: Malware That Spits Cash Out of ATMs Has Spread Across the World
By: Joseph Cox
"At 10am on a late November morning in Freiburg, Germany, a bank employee noticed something was wrong with a bank ATM. It had been hacked with a piece of malware called "Cutlet Maker" that is designed to make ATMs eject all of the money inside them, according to a law enforcement official familiar with the case. 'Ho-ho-ho! Let's make some cutlets today!' Cutlet Maker's control panel reads, alongside cartoon images of a chef and a cheering piece of meat. In an apparent Russian play-on-words, a cutlet not only means a cut of meat, but a bundle of cash, too."
ZDNet: Most Americans Can't Recognize 2FA, HTTPS, or Private Browsing
By: Joseph Cox
"Two-factor authentication (2FA), HTTPS, or private browsing, are concepts that are too complex for most Americans, new research published today reveals. Answers from a survey of 4,272 US adults conducted in June by the Pew Research Center found that most Americans aren't as tech-savvy as you'd normally expect from the country that houses most of today's web tech innovation. This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets. Users were asked about phishing, 2FA, HTTPS, browser cookies, privacy policies, net neutrality, private browsing, if they knew who owns Instagram or WhatsApp, and if they could identify Jack Dorsey as the Twitter CEO by looking at a photo."
Kotaku: The Creators Of Pokémon Go Mapped The World. Now They're Mapping You
By: Cecilia D'Anastasio & Dhruv Mehrotra
"Harry Potter: Wizards Unite, the latest game from the company behind Pokémon Go, lets players harness the magic of their childhood to combat monsters and collect shimmering digital artifacts across their local neighborhoods. Niantic’s apps certainly encourage gamers to get outdoors and get active, but behind the scenes, Wizards Unite is quietly casting another spell: collecting a surprising amount of data about where you go."
The Daily Swig: California Expands Data Breach Notification Law to Include Passport and Biometric Data
By: James Walker
"Lawmakers in California have approved new legislation that serves to expand the state’s data breach notification law by requiring businesses to notify consumers of compromised passport numbers and biometric information. Championed by State Assemblymember Marc Levine, the bill (AB 1130) is said to have been promoted by the Starwood Hotels data breach in 2018, in which more than 25 million passport numbers were taken over a four-year period. Although the hotelier notified customers of the breach in this instance, Levine said the incident revealed a potential “loophole” in the legislation, where companies would not be required to report a breach if only passport numbers had been accessed. In addition to requiring organizations to report a passport data breach, the bill also brings California’s breach notification law up-to-date with modern authentication technology, which makes increasing use of biometric data.
Under AB 1130, organizations will also be required to notify consumers if their unique biometric information – such as fingerprint, retina, or iris image – has been compromised."
Reuters: U.S. Carried Out Secret Cyber Strike on Iran in Wake of Saudi Oil Attack
By: Idrees Ali & Phil Stewart
"The United States carried out a secret cyber operation against Iran in the wake of the Sept. 14 attacks on Saudi Arabia’s oil facilities, which Washington and Riyadh blame on Tehran, two U.S. officials have told Reuters. The officials, who spoke on condition of anonymity, said the operation took place in late September and took aim at Tehran’s ability to spread 'propaganda.' One of the officials said the strike affected physical hardware, but did not provide further details. The attack highlights how President Donald Trump’s administration has been trying to counter what it sees as Iranian aggression without spiraling into a broader conflict."
Reuters: How Amazon.com Moved Into the Business of U.S. Elections
By: Nandita Bose
"Amazon.com Inc’s cloud computing arm is making an aggressive push into one of the most sensitive technology sectors: U.S. elections. The expansion by Amazon Web Services into state and local elections has quietly gathered pace since the 2016 U.S. presidential vote. More than 40 states now use one or more of Amazon’s election offerings, according to a presentation given by an Amazon executive this year and seen by Reuters."
Business Insider: Amazon's Massive Investment in Food Delivery Startup Deliveroo Faces Further Delays Thanks to a Formal Antitrust Probe
By: Shona Ghosh
"The Competition and Markets Authority (CMA) first mooted an investigation in July, after Amazon led a $575 million funding round into Deliveroo, which is a major rival to Uber Eats outside the US. At the time, the CMA said it was concerned Amazon might effectively acquire Deliveroo through the investment, potentially reducing competition. The watchdog also put the investment on ice, and asked Amazon and Deliveroo to keep their operations separate."