CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Tech community backs Apple in encryption dispute with FBI

Tech community backs Apple in encryption dispute with FBI
February 19, 2016

sh_iPhone hack_750

As tech giant Apple and the FBI head for a confrontation after Apple pledged to fight federal demands to help mine data from an iPhone used by a shooter in terrorist attacks in San Bernardino, Calif., the tech community voiced strong support for Apple. Electronic Frontier Foundation deputy executive director and general counsel Kurt Opsahl said that should Apple be compelled to create a “master key” for this one device, the government will ask for it for other devices. “The U.S. government wants us to trust that it won’t misuse this power. But we can all imagine the myriad ways this new authority could be abused,” Opsahl said. “Even if you trust the U.S. government, once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens.”

Google boss Sundar Pichai and Jan Koum, CEO of messaging service WhatsApp, also backed Apple’s decision. Pichai defended Apple CEO Tim Cook in a series of tweets, including one saying, “Could be a troubling precedent.” Koum, a Facebook board member, wrote on the social media site, “I have always admired Tim Cook for his stance on privacy and Apple’s efforts to protect user data. … We must not allow this dangerous precedent to be set. Today our freedom and our liberty are at stake.”

The clash reflects wider debates about security measures used by companies to protect users of devices such as smartphones—and how much leverage authorities should have to gain special access. “We have great respect for the professionals at the FBI, and we believe their intentions are good,” Cook said in a letter on the company’s website. “Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”

The Justice Department seeks evidence about the Dec. 2 shooting rampage, which killed 14 people and injured 22. The order does not ask Apple to break the phone’s encryption but to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password. Apple says it can’t unlock newer iPhones for law enforcement, even with a warrant, because they are engineered in such a way that Apple does not hold the decryption key. Only the phone’s user—or someone who knew the password—would be able to unlock the phone. Sources: Threatpost; The Washington Post; CNBC

Don’t let your money just fly away

Scammers can use a discarded paper flight-boarding pass to steal your identity. “These paper boarding passes, you really need to think of like a second photo ID,” warned Gaelan Adams, who leads the National Champion Cyber Defense Club at the University of Central Florida. “There’s your first name, last name, frequent flier number, as well as other identifying information.” Adams suggests shredding passes, and warns against posting photos of your boarding pass to social media, a common occurrence. Source: WTVT, Orlando

A painless checkup is the best kind

Those who use Facebook’s official app on their smartphones might soon receive a reminder to do a “Privacy Checkup.” Opt into the checkup, and you’ll go through a simple, three-step process that will help you understand how you’re sharing information on the social network. Privacy Checkup was first introduced on the desktop version of Facebook in 2014, but the mobile edition is new. Users started to receive the notification earlier this month. The entire process takes probably a minute to complete, and it might help you discover that you’re sharing things to people you’d rather keep out of your private life. Source: The Huffington Post

The long arm of the law reaches out and touches down

 Five people were sentenced to federal prison for their roles in a $7.5 million identity theft and income tax refund fraud case, prosecutors in Florida said. The fraudsters used the identities of homeless people and recovering alcoholics and drug addicts to seek fraudulent income tax returns, according to court records. The returns were illegally filed in the names of living and dead people from 2007 to 2011. The fraudsters sought more than $12.5 million from the IRS, which approved and paid out more than $7.5 million in fraudulent refunds, records show. Source: The Sun Sentinel of South Florida

We’ll really keep your financial business private; count on it

The creators of the new digital currency Zcash say that mathematical algorithms will ensure that its users keep their transactions, counterparties and amounts encrypted, and identification of users will be virtually impossible to detect. Now in its prerelease alpha testing stage, Zcash will rely on cryptographic algorithms, which are known as zero-knowledge proofs, to give users the opportunity to prove they have the money without revealing their identities or the amounts they intend to use in a transaction. Source: Bitcoin magazine

Leading the IRS’ ‘Dirty Dozen’ list

sh_tax scams_280Each year at the beginning of tax season, the IRS releases the “Dirty Dozen,” a list of 12 tax scams to be mindful of when individuals are filing their taxes. At the top of the list is identity theft, as when someone uses a stolen Social Security number to file a return to get a fraudulent refund. Recent phishing scams have included false emails to tax preparers that link to a fake website that tell the tax preparers to update their Electronic Filing Identification Numbers. The scammer collects the tax preparers’ user names entered into the false website. Tax preparers are advised to disregard these types of emails that appear to be from the IRS. Phishing scams also have targeted taxpayers by directing consumers to fake websites that look like the IRS website. Source: National Law Review

Apparently, privacy is only worth what you pay for it

A Wyoming legislative committee has recommended against passing a bill that could allow state voters to decide whether to amend the state constitution to recognize an individual right to privacy. The Senate Appropriations Committee voted against the bill after hearing a briefing that it would cost the Wyoming Secretary of State’s office $45,000 to publish the proposed amendment around the state. The Legislature’s Joint Corporations, Elections & Political Subdivisions Interim Committee had sponsored the proposed joint resolution. If the measure passes in this legislative session, voters would decide the question this fall. Supporters of the measure have said they’re concerned new technologies such as automated license plate readers that track motorists threaten to erode individual privacy. Source: The Billings (Mont.) Gazette

From the tool box

sh_android marshmallow_280The latest Samsung Galaxy devices are getting Android Marshmallow, which includes a number of enhancements plus new features. With the mobile OS update, Samsung’s native Internet browser also receives new functionality, improved privacy, and better security. Android 6.0 Marshmallow also brings enhanced protection so no one can view your browser’s history. Use the Secret Mode on the Samsung Internet 4.0 browser so you won’t leave any cookies or trail behind. If the Secret Mode is enabled, an Internet browser won’t remember any data, passwords or information. It works with the phone’s fingerprint scanner system for future authorization as made possible by the Secure Web Auto Login feature. Source: Android Community

I say, that’s a bit of a sticky wicket

Personal details about hundreds of London-based research students were posted online in an apparent breach of data privacy laws. The University of Greenwich apologized and said it is contacting those affected. Students’ names, addresses, dates of birth, mobile phone numbers and signatures were all uploaded to the university’s website. They were posted alongside minutes from the university’s Faculty Research Degrees Committee, which oversees the registrations and progress of its research students. In some cases, mental health and other medical problems were referenced to explain why students had fallen behind with their work. The Information Commissioner’s Office has confirmed that an investigation is underway. Source: BBC

Forced to go back to pen and paper

sh_pen and paper_280

Hollywood Presbyterian Medical Center was the target of a ransomware extortion plot in which hackers seized control of the hospital’s computer systems, then demanded that directors pay in bitcoin to regain access, according to law enforcement sources. Hackers prevented hospital staff from accessing patient information, according to law enforcement sources, who were not authorized to discuss the details of the investigation. The hospital paid $17,000 in bitcoin to regain access to its data. It’s believed the hackers had originally demanded $3.4 million from the Hollywood Presbyterian Medical Center in Los Angeles, but the hospital said that any reports suggesting it paid that amount are false. Commenting on the decision to hand over $17,000, Allen Stefanek, president of the medical center, said in a release, “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.” Laura Eimiller, an FBI spokeswoman, said the bureau has taken control of the hacking investigation. The attack has forced the hospital to return to pen-and-paper for its recordkeeping, and cybersecurity experts are addressing system weaknesses, according to sources. Sources: The Los Angeles Times; Digital Trends

New services for soaring security issues

CyberScout has enhanced its DataRiskStages data breach mitigation and remediation service for insurance companies and their commercial policyholders. The DataRiskStages platform has been enriched with three new features: to help avoid and manage a breach; CyberClaims911 for more efficient claims handling; and new analytics for more accurate cyber underwriting. CyberScout is a provider of services that help businesses and their customers defend against data breaches and identity theft. Source: Insurance Journal

There’s a new cyber sheriff—make that two—in town

sh_sheriff_280Former White House national security adviser Tom Donilon and former IBM chief executive Sam Palmisano will lead a new commission to strengthen U.S. cyber defenses in the next decade, the White House said. President Obama set up the Commission on Enhancing National Cybersecurity this month and sought $19 billion for cybersecurity across government in his annual budget proposal, a boost of $5 billion over the previous year. Federal agencies have worked to upgrade their security since the Office of Personnel Management announced last year that roughly 22 million personnel files had been stolen in a massive hack. Source: Reuters

This data breach case is a class act

A proposed class of federal employees can continue with third-party beneficiary claims alleging breach of contract by the Blue Cross Blue Shield Association stemming from Anthem’s 2015 data breach, the U.S. District Court for the Northern District of California ruled. Judge Lucy Koh ruled that since patient privacy and data security weren’t listed as plan benefits, the proposed class’s breach-of-contract claims didn’t constitute a proper “health-benefits claim” under the Federal Employee Health Benefits Act, and as such weren’t pre-empted by the statute. Koh further ruled that the federal employees’ state-law claims weren’t pre-empted either. The proposed class action stems from Anthem’s announcement in February 2015 that cyber attackers gained unauthorized access to its data systems, compromising the personal health information of 80 million of its individual members nationwide. Source: Bloomberg BNA






The post Tech community backs Apple in encryption dispute with FBI appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started