‘Hack back’ powers to repel cyber attack under proposed laws | UK court rules facial recognition violated human rights | TikTok tracker user data using tactic banned by Google
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Proposed national security laws in Australia will allow a “national emergency” to be declared during an extreme cyber attack against critical infrastructure, giving security agencies, for the first time, the power to counter-attack through commercial networks. The Australian
A British police force violated human rights by unlawfully using facial recognition technology, the Court of Appeal has ruled in a landmark case. The Independent
TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.
ASPI ICPC
Australia
‘Hack back’ powers to repel cyber attack under proposed national security laws
The Australian
Proposed national security laws will allow a “national emergency” to be declared during an extreme cyber attack against critical infrastructure, giving security agencies, for the first time, the power to counter-attack through commercial networks. As private sector assets deemed critical to the national interest come under increased attack, an alert system based on the terrorism threat level advisory is also being flagged for cyber threats. A Department of Home Affairs discussion paper, obtained by The Australian, outlines proposed changes to the Security of Critical Infrastructure Act imposing obligations on companies to employ encrypted cyber defences under a three-tiered system ranking the national significance of commercial assets and systems.
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras
IPVM
Dahua is effectively taunting the Australian government by continuing to sell fever cameras on its website and to its distributors despite not having the required government medical device approval. Now, the government tells IPVM it is "investigating this matter" and reminded that these devices can "only be lawfully advertised to consumers" if they are included in the country's official medical device database, something Dahua tried and failed to do. Dahua is running a legal risk for both itself and its partners. In this post, we examine this latest incident in detail.
HaveIBeenPwned set to go open source
Infosecurity magazine
Popular breach notification site HaveIBeenPwned (HIBP) is going open source to ensure the long-term viability of the project, according to founder Troy Hunt. The Australian Microsoft regional director and MVP made the announcement in a blog post on Friday, saying that the decision came as a result of his failed attempt to find a buyer for the site earlier this year.
ACCC ramps up focus on tech giants’ data use -
Which-50
Australia’s consumer regulator has suggested tougher regulation is on the way for online platforms as it sharpens its focus on the collection and use of people’s data by Google and other tech giants. The ACCC is currently in two legal battles with Google over the collection of consumer data, is conducting an inquiry into online advertising services – an industry dominated by Google and Facebook – and is establishing a dedicated Digital Platforms Branch to “systematically” monitor a wide range of digital platforms’ operations for the next five years at least.
USA
TikTok Tracked User Data Using Tactic Banned by Google
The Wall Street Journal
TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.
China already has your data. Trump’s TikTok and WeChat bans can’t stop that.
The Washington Post
@AynneKokas
These executive orders have a fundamental flaw in their reasoning: Data exfiltration by Chinese firms from the United States is so pervasive that targeting a few big names merely distracts from the severity of the problem. Large numbers of firms serving U.S. consumers — whether they’re physically based in China or in the United States — are under pressure by the Chinese government to exfiltrate data. Combined with data gathered through hacks of Equifax, Marriott, Anthem and the Office of Personal Management, the Chinese government has a treasure trove of information to support intelligence-gathering activities for decades to come, regardless of last week’s bans. Without comprehensive data security regulation, the executive orders are merely window dressing.
Big tech makes inroads with the Biden campaign
The New York Times
While Joe Biden has criticized the largest tech companies, his campaign and transition teams have welcomed allies of Facebook, Google, Amazon and Apple onto its staff and policy groups.
Tech giants back lawsuit against US guest worker ban
Yahoo
Apple, Facebook, Microsoft and 49 other tech companies are fighting against the administration’s guest worker visa ban. They’ve filed an amicus brief supporting a lawsuit against acting Homeland Security Secretary Chad Wolf and Secretary of State Mike Pompeo over the new rules, which suspend H-1B and other guest worker visas until the end of the year.
A Bible Burning, a Russian News Agency and a Story Too Good to Check Out
The New York Times
Yet in the rush to paint all the protesters as Bible-burning zealots, few of the politicians or commentators who weighed in on the incident took the time to look into the story’s veracity, or to figure out that it had originated with a Kremlin-backed video news agency. And now, days later, the Portland Bible burnings appear to be one of the first viral Russian disinformation hits of the 2020 presidential campaign.
Facial Recognition Start-Up Mounts a First Amendment Defense in Privacy Suits
The New York Times
Clearview AI has hired Floyd Abrams, a top lawyer, to help fight claims that selling its data to law enforcement agencies violates privacy laws.
The American blog pushing Xinjiang denialism
Axios
@BethanyAllenEbr
A website called The Grayzone has made a name for itself by denying China's campaign of cultural and demographic genocide in Xinjiang. Chinese government officials and state media outlets are citing The Grayzone and its contributors with growing frequency as Beijing attempts to cast doubt on accusations of atrocities in its far Northwest region. It's not just the Chinese government that is amplifying Grayzone articles. Gabby Stern, the World Health Organization communications director, retweeted a quote from a Grayzone article in July casting doubt on Taiwan's early transparency regarding the coronavirus.
Facebook cracks down on political content disguised as local news
Axios
Facebook is rolling out a new policy that will prevent U.S. news publishers with "direct, meaningful ties" to political groups from claiming the news exemption within its political ads authorization process, executives tell Axios.
Pentagon Requests More Time to Review JEDI Cloud Contract Bids
Nextgov
In a court filing Monday, the Defense Department requested a 30-day extension to issue an award decision in its multibillion-dollar Joint Enterprise Defense Infrastructure cloud contract.
2020 is misinformation's tipping point
Cyberscoop
Millions of Americans who already struggle to keep pace with the daily barrage of news are now becoming accustomed to another challenge that’s only becoming more complicated: weaponized misinformation.
Southeast Asia
Singapore Is putting trackers on some incoming travelers. Should other countries do the same?
Vice
To monitor incoming travelers required to quarantine at home amid the pandemic, Singapore and other Asian countries have turned to monitoring devices. Experts don't think it'll work elsewhere.
NZ and Pacific Islands
The Kiwi media mogul challenging online giants
Yahoo
Boucher is also a big fan of Australian plans to make Facebook and Google pay news media for their content. “Both of them have made huge businesses out of, one way or another, collecting other people's content," she said, urging the New Zealand government to consider similar action.
Debt-trap diplomacy: PNG wants Huawei loan cancelled
Australian Financial Review
@Angus Grigg
Papua New Guinea should not have to repay a $US53 million ($74 million) loan to China, according to the Pacific nation's Communications Minister, after being sold a faulty Huawei data centre that exposed its government files to being stolen. Timothy Masiu, whose portfolio also includes information technology, said the National Data Centre, funded via a loan from China's Exim Bank, had not delivered what was promised.
South Asia
India data-curb plan 'anathema', US tech giants plan pushback
ITNews
India's plan to regulate "non-personal" data has jolted US tech giants Amazon, Facebook and Google, and a group representing them is preparing to push back against the proposals.
WhatsApp is a step closer to disrupting India’s fintech space
Quartz
Facebook-owned social messaging service WhatsApp is all set to take India’s fintech space by storm.
UK
Facial recognition has been used unlawfully and violated human rights, Court of Appeal rules in landmark case
The Independent
A British police force violated human rights by unlawfully using facial recognition technology, the Court of Appeal has ruled in a landmark case.
Europe
Belarus Has Shut Down the Internet Amid a Controversial Election
Wired
Internet connectivity and cellular service in Belarus have been down since Sunday evening, after sporadic outages early that morning and throughout the day. The connectivity blackout, which also includes landline phones, appears to be a government-imposed outage that comes amid widespread protests and increasing social unrest over Belarus' presidential election Sunday.
Facebook bans racist depictions of Jews and Black people
Politico
The social media company said it took action against 22.5 million pieces of content containing hate speech between April and June.
Americas
Rules to protect Canadian WeChat users are overdue. Here’s how Trump’s TikTok ban could spark change here
The Star
@joannachiu
Should Canada follow suit after US President Donald Trump ordered a sweeping ban on dealings with the Chinese owners of popular apps TikTok and WeChat on security grounds?
Canada’s Scattered and Uncoordinated Cyber Foreign Policy: A Call for Clarity
Just Security
In mid-July, Canada joined the United States and U.K. in attributing COVID-19 vaccine-related hacking to the Russian government. In response, Canadian Defence Minister Harjit Sajjan called for reinforcing a “common understanding of rules-based norms,” and for deterrence against foreign actors. Yet despite Canada’s attempts to play a leading role in upholding global peace and security – as illustrated by its (failed) June 2020 bid for a U.N. Security Council seat – Canada lacks a clear and holistic international cyber strategy.
Misc
When Private Security Cameras Are Police Surveillance Tools
Wired
Civil rights activists warn of "mission creep," as cameras installed to prevent break-ins are increasingly used to monitor protesters and communities of color.
A scammer told us he cashed in selling millions of fake views for Instagram Reels just hours after it launched
Business Insider
Alongside websites offering 100 likes on a Reel for 75 cents, managers of large botnets were offering artificial engagement for a price to their followers on protected encrypted apps, Business Insider has learned.
Get Ready For Deepfakes To Be Used In Financial Scams
Techdirt
Last month, scammers hijacked the Twitter accounts of former President Barack Obama and dozens of other public figures to trick victims into sending money. Thankfully, this brazen act of digital impersonation only fooled a few hundred people. But artificial intelligence (AI) is enabling new, more sophisticated forms of digital impersonation. The next big financial crime might involve deepfakes—video or audio clips that use AI to create false depictions of real people.
Research
The Internet of Bodies Is Here: Tackling new challenges of technology governance
World Economic Forum
In the wake of the COVID-19 pandemic, wearable technologies such as health and location trackers have been thrust into the public spotlight – spurring not only excitement about their potential benefits but also debate over their potential risks. Could these devices help public health authorities better predict, manage and avert future outbreaks? How might employers use data from wearable devices to safely reopen businesses? What are the implications for privacy and equity? How might this data be abused or used for other intended purposes such as public surveillance?
Exposure to social engagement metrics increases vulnerability to misinformation
Misinformation Review
News feeds in virtually all social media platforms include engagement metrics, such as the number of times each post is liked and shared. We find that exposure to these signals increases the vulnerability of users to low-credibility information in a simulated social media feed.