Displaying items by tag: privacy
The founder of Chinese tech giant Huawei said that he would “shut the company down” if the Chinese government asked them to eavesdrop on phone call conversations, according to a senior executive.
Facebook has hired a new lawyer, Jennifer Newstead, a high-ranking US State Department Lawyer, who will oversee Facebook’s global legal functions amid pressure from regulators regarding its privacy policies.
On Thursday, WikiLeaks founder Julian Assange was arrested by British Police at the embassy of Ecuador in London.
Facebook revealed that it has kept a record of hundreds of millions of user passwords in plain text.
The social media giant’s Vice President of Engineering, Security and Privacy, Pedro Canahuati, wrote in a blog post that hundreds of millions of Facebook Lite users will be notified about this and so will the millions of Facebook and Instagram users.
Facebook Lite is a version of Facebook which is used in areas with weak connectivity.
According to Canahuati the mistake they made was noticed in January but did failed to comment on why an announcement wasn’t made about the issue at the time. Instead, the announcement came over two months later.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” said Canahuati.
He also stated that the passwords which were stored were never visible to anyone outside Facebook and that they were not abused or improperly used by any of the staff.
“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable.
We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
Security researcher Victor Gevers has uncovered a database of 1.8 million women in China who have their names, addresses, marital status, education levels, and phone numbers listed however the most troubling part of this database is the fact that women of a certain age group were also categorized as “breed ready”.
Gevers has said that anyone with an IP address has access to this database. This comes after his discovery of the Chinese database that leaked 300 million private messages last week.
“We don’t know who is behind this database and what the intention was… that is the part that worries us the most,” said Gevers. Most of the women in the database were located in Beijing.
Gevers reported the database on Twitter and had it closed down by 4am ET on Monday.
Some of the women are linked to their Facebook profiles and as Facebook is banned in China, they must have accessed it through the use of a VPN.
“In China, they have a shortage of women. So an organization started to build a database to start registering over 1.8 million women with all kinds of details like phone numbers, addresses, education, location, ID number, marital status, and a “BreedReady” status?” he tweeted.
Also, around 90 per cent of the women on that list were listed as single and were between the ages of 15 and 95. The “BreedReady” women were categorized, the youngest status was given to 18 year olds and the oldest with the status was 39.
The purpose of this database still remains uncertain however, many internet users said that it may have been the Chinese government’s effort to track the fertility of Chinese women as China’s birth rate has hit an all-time low.
China’s National Statistics Bureau found that only 15 million children were born in 2018 which was 2 million less than the previous year.
The House of Lords has called for a new central digital super-regulator to be created in order to inspect the different bodies protecting the internet and to replace the ‘clearly failing’ system of self regulation in place.
The Lords’ communications committee report has recommended a new Digital Authority. The report warns that the contribution of several regulators for the digital realm can be more problematic than helpful as it creates overlaps and gaps.
The report also states that large tech companies have failed to tackle cybersecurity issues and Ofcom should, in the future, expand their services to involve implementing a duty of care on those companies.
Lord Gilbert of Panteg, Chair of the committee, stated: “The government should not just be responding to news headlines but looking ahead so that the services that constitute the digital world can be held accountable to an agreed set of principles.”
He continued: “Self-regulation by online platforms is clearly failing and the current regulatory framework is out of date. The evidence we heard made a compelling and urgent case for a new approach to regulation. Without intervention, the largest tech companies are likely to gain ever more control of technologies which extract personal data and make decisions affecting people’s lives.”
The Lords said that the new Digital Authority should be guided by 10 guiding principles pertaining to online regulation. Some of these basic principles include: transparency, parity, recognition of childhood, accountability, privacy and human rights.
Last month, a Digital Culture, Media and Sport committee held Facebook responsible for being run by “digital gangsters” and as a result, recommending that tech and social media companies could regulate themselves independently under a ‘code of ethics’ which could be overseen by Ofcom.
The report by the Lords echoed this sentiment. It stated that self-regulation from internet behemoths from the likes of Google and Facebook were “clearly failing”.
Lord Panteg wrote: “Policy makers across different sectors have not responded adequately to changes in the digital world.”
He added: "The Digital Authority should be empowered to instruct regulators to address specific problems or areas. In cases where this is not possible because problems are not within the remit of any regulator, the Digital Authority should advise the Government and Parliament that new or strengthened legal powers are needed.”
The report recommends many changes to already existing regulations whether the Digital Authority is created or not. An example of these proposed changes is the public interest test for mergers and acquisitions which would protect peoples’ data from being bought and sold with no prior consent from the individual.
Additionally, the report recognizes the power which this new Digital Authority would hold and justified it by stating: “This is necessary because of the magnitude of urgent social and political problems caused by regulatory fragmentation in the digital world. These problems are less likely to become more complex as technology develops.”
Internet giants such as Google, Amazon and Facebook were not held in high regard amongst the Lords, especially in the report.
It concluded, “Major platforms have failed to invest in their moderation systems, leaving moderators overstretched and inadequately trained. Online platforms should make community standards clearer through a new classification framework akin to that of the British Board of Film Classification.”
The profiles and personal messages of 364 million users of Chinese social media sites were leaked online, exposing private records such as photos and identity card numbers which were being gathered by the Chinese government through a surveillance program.
Cybersecurity researcher for the NGO GDI Foundation, Victor Gevers, revealed in a series of tweets that the Chinese government was using a social media surveillance program which was “retrieving messages per province from 6 social platforms and extracts named, ID numbers, ID photos, GPS locations, network information, and all the conversations an file transfers get imported into a large online database.”
He continued “Around 364 million online profiles and their chats & file transfers get processed daily. Then these accounts get linked to a real ID/person. The date is then distributed over police stations per city/province to separate operators’ databases with the same surveillance network name.”
Gevers went on to say that the program used to retrieve all the private and sensitive information looked “like a jerry-rigged PRISM clone of the NSA.” NSA was the US government’s surveillance system that Edward Snowden revealed back in 2013.
In a direct message on Twitter, Gevers voiced some of his concerns regarding the situation.
“These surveillance systems are dangerous when they are open and fully accessible to anyone, which increases the risk of remote data manipulation. We have seen databases get ‘ransomed’ in the past.”
A great deal of the leaked data included information about cybercafés, which Gevers pointed out in a screenshot and said that those cafes may have been used as a potential tool to gather data on users.
QQ and WeChat were among the six Chinese messaging services which are both operated by Tencent.
In the past, WeChat denied their monitoring of user chat logs for government surveillance, however according to the Chinese legal system, all internet companies operating in China are expected to collect and store user data locally in case of an official inspection.
Security researcher Jane Manchun Wong said: “If sensitive information was exchanged in some of those conversations, it could have been sold to black markets, the same way how stolen credit card info from compromised databases work.”
She continued, “Except this one, it’s effortless to hackers. They could essentially just walk in and everything seems to be in plain text and accessible without any login information.”
The database was allegedly secured after Gevers exposed the issue.
There have been a few major leaks in China over the past few years.
Just last month Gevers reported a case regarding a Chinese tech company, SenseNets, which stored the data of 2.6 million people in the region of Xinjiang which is of Muslim majority and is under heavy police surveillance. The data included the ID numbers and addresses of the residents.
New York regulators are investigating Facebook’s gathering of intimate data about consumers’ menstrual cycles and body weight through smartphone applications.
Facebook has confirmed that New York’s Department of Financial Services set them a letter about the data sharing issue.
The New York based regulator asked the social media giant to provide a list of all the companies that were involved in sending them the data over the past three years.
According to the source, requests to provide information on agreements with Facebook were sent to a number of application developers.
A Wall Street Journal report from February 22 showed that after testing over 70 smartphone apps, approximately 11 were disclosing ‘highly sensitive’ information to Facebook to use for target ads. These ads would be able to reach users who are not Facebook members.
The intimate data that was collected by the apps showed personal information with regards to body weight, height, ovulation cycles, heart rate, pregnancy status and home shopping.
It was found that around 6 of the 15 most popular health and fitness apps shared personal information with Facebook.
A Facebook spokesperson stated:
"It's common for developers to share information with a wide range of platforms for advertising and analytics.
"We require the other app developers to be clear with their users about the information they are sharing with us, and we prohibit app developers from sending us sensitive data. We also take steps to detect and remove data that should not be shared with us."
The investigation comes at the peak of the debate over online privacy and at a time when Facebook is still attempting to regain the trust of the masses following the Cambridge Analytica scandal.
According to the Journal, the ‘highly sensitive information’ is sent to Facebook immediately after it is entered into the app.
Facebook is able to collect data through the Software Development Kit (SDK), which is a set of programs used to create apps and it often includes a set of open software tools.
These apps have used Facebook’s SDK to build their software in exchange for data which Facebook uses for advertising purposes.
A Facebook spokesperson has said that the data transmission does violate the company’s business agreement and that Facebook has taken measures to stop the apps from disclosing such personal information.
US technology behemoth Apple is under-fire following the stunning revelation that its FaceTime app was allowing users to listen to audio from the phone of the person they’re calling even if the recipient hadn’t picked it up.
The European Union and Japan finalized common rules to protect personal information, and launched what they called the “world's largest areas of safe data flows”. Firms can transfer data now that the executive European Commission finds that Japanese law offers “a comparable level of protection of personal data,” the commission said.
“This adequacy decision creates the world's largest area of safe data flows,” EU justice commissioner Vera Jourova said, referring to an area of more than 600 million people. “Europeans' data will benefit from high privacy standards when their data is transferred to Japan,” the Czech commissioner said. “Our companies will also benefit from a privileged access to a 127 million consumers' market,” she added.
Jourova said the arrangement "will serve as an example for future partnerships" on data flows and set global standards.
The two sides cleared the final hurdle by agreeing on supplementary rules. These cover the protection of sensitive data, the exercise of individual rights and the conditions under which EU data can be further transferred from Japan to another third country.
Japan's independent data protection authority (PPC) and courts can enforce these rules covering Japanese firms that import data from EU.
Tokyo gave Brussels assurances that any use of personal data for law enforcement and national security purposes would be “limited to what is necessary and proportionate.” Access by public authorities for these reasons would be “subject to independent oversight and effective redress mechanisms,” the EU executive said.
The two sides agreed to a mechanism to investigate and resolve complaints from Europeans over data access that Japan's independent data protection authority will run and supervise. The decision complements the EU-Japan Economic Partnership Agreement, which takes effect in February to become the world's biggest trade deal.