The Data Drop News for Friday, April 8, 2022
Updated: Apr 12
Over Half of Data Security Incidents Caused by Insiders. New campaign in UK to rename cookies as 'data collectors' to highlight kids' privacy online. Some Russian oligarchs are using U.K. data privacy law to sue. Ukraine has started using Clearview AI’s facial recognition during the war. Ukraine war: Mobile networks being weaponized to target troops on both sides of conflict. Plus the latest in PrivTech news!
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Over Half of Data Security Incidents Caused by Insiders
The findings of a new study conducted by analyst firm Forrestor have revealed that 70% of EMEA organizations have no insider risk strategy despite employees directly or indirectly causing most data security incidents over the past year.
The researchers interviewed 150 security and IT professionals in Europe as part of a wider study entitled "Insider Threats Drive Data Protection Improvements".
Researchers found that insider threats caused 59% of incidents impacting sensitive data in the past 12 months.
This follows a previous analysis of the most significant breaches of the past five years, which revealed a quarter were caused by human error or compromised credentials.
The largest number of respondents to the Forrester study cited a lack of budget and internal expertise as their reason for not prioritizing insider risk. However, nearly a third claimed they don’t see employees as a major threat, and a similar number cited internal roadblocks such as a lack of executive sponsorship.
New campaign in UK to rename cookies as 'data collectors' to highlight kids' privacy online
Cookies have long been criticized as invasive tracking devices, collecting data on people’s internet behavior without their consent. So if you're asked to "accept cookies" online, as an adult you might think twice. But as a kid, nothing could seem more appealing. That's the insight behind a new browser plug-in developed by London agency Forever Beta, that renames digital "cookies" as "data collectors" in order to highlight concerns over kids' online data. Forever Beta is approaching websites that target children to push them to make the switch and is also petitioning the U.K. government to stop the use of the word "cookies" in data capture.
Some Russian oligarchs are using U.K. data privacy law to sue
Russian oligarchs and other powerful individuals are turning to an unusual method to protect their online images: data privacy laws.
Those laws, which were intended to prevent ads from tracking consumers too closely around the Internet, are now being used in the United Kingdom to sue anyone holding undesirable information on their devices.
That could include a journalist‘s notes from an interview typed into a computer or a private investigator’s compromising photos stored on a phone.
“The way the law is being used by oligarchs to silence journalists is expressly not what Parliament’s intention was,” said Liam Byrne, a member of Parliament. “It’s all part of trying to murder the truth.”
Ukraine has started using Clearview AI’s facial recognition during war
Ukraine's defense ministry on Saturday began using Clearview AI’s facial recognition technology, the company's chief executive told Reuters after the U.S. startup offered to uncover Russian assailants, combat misinformation, and identify the dead. Clearview said it had not offered the technology to Russia, which calls its actions in Ukraine a "special operation." Ukraine's Ministry of Defense did not reply to requests for comment.
Ukraine war: Mobile networks being weaponized to target troops on both sides of conflict
New evidence suggests that mobile networks are now being weaponized as an instrument of war in the conflict in Ukraine, as each side tracks soldiers' phones.
It is known that the Russians are using the Leer-3 electronic warfare system - comprised of two drones and a command truck - as a means to locate Ukrainian forces.
This system can pick up more than 2,000 phones within a 3.7-mile range, potentially enabling enemy positions to be found.
The Ukrainian forces are believed to be using similar technology.
In mid-March, US officials told the New York Times that at least one Russian general was killed after a mobile phone call he made was picked up by Ukrainian intelligence.
Post Office Cops Used Social Media Surveillance Program Illegally
The United States Postal Inspection Service, the law enforcement arm of the post office, was “not legally authorized” to conduct blanket keyword searches of social media for terms such as “protest,” “attack,” and “destroy,” an inspector general investigation found, because it is only supposed to investigate cases with some connection to the post office or the mail. Yahoo reported the agency’s Internet Covert Operations Program, better and somehow not satirically known as iCOP, was monitoring social media for “inflammatory” postings associated with protest movements on both the Left and the Right.
Amazon's Alexa Collects More of Your Data Than Any Other Smart Assistant
A survey on smart assistant usage conducted by Reviews.org showed that 56% of respondents are concerned about data collection.
Analysis by Reviews.org found that Alexa collects 37 of the 48 possible data points, the most data out of any other.
All five services analyzed collect names, phone numbers, device location, IP address; the names and numbers of contacts; interaction history; and app usage.
Google's smart assistant collects only 28, making them the least invasive.
CCPA having a definite impact as Californians assert digital privacy rights
The 2022 Data Privacy Trends Report from privacy management platform DataGrail has revealed new findings related to the ongoing impact of the California Consumer Privacy Act (CCPA) and found that consumers are taking full advantage of these expanded rights to protect their privacy. For example, the total number of data subject requests increased from 137 to 266 per one million identities in 2021. There was also a corresponding increase in deletion and Do Not Sell/Share (DNS) requests, with each of those categories also nearly doubling on the year. At the same time, the cost of processing Data Subject Requests has soared to over $400,000 USD per 1 million identities.
Swiss privacy technology tackles rampant online intrusion
Nym Technologies and HOPR have developed separate versions of mix network technology (mixnet) to churn together the metadata that people leave behind when they surf the internet, making it impossible to link the scrambled digital footprints to any individual.
Nym and HOPR are part of a small band of international companies who are attempting to fight back against the erosion of privacy online. Other companies include xxnetwork, which was founded by Cryptographer David Chaum who first introduced the mixnet concept in 1981.
Google Workspace's new security feature scrambles your data before it's uploaded
Google has introduced a Beta test for a client-side encryption for Google Workspace. The feature is now available to several Workspace services and supports multiple file formats. The move is part of the company's plan to enable client-side encryption across their Workspace product suite, including Google Drive, Docs, Sheets, and Slides. Google says client-side encryption for Meet will leave the beta phase and become widely available in May and optional end-to-end encryption for all meetings should be available later this year.