A New Privacy Bill, Safer White Hat Hacking, and More Security News This Week
Credit to Author: Brian Barrett| Date: Sat, 03 Nov 2018 13:00:00 +0000
This week, Apple introduced new iPad Pros and a MacBook Air and a Mac Mini. It also, though, quietly enhanced the capabilities of the T2 security chip that lives inside recent Mac computers. And that's about it as far as the good news goes. Well, OK, Signal got a handy upgrade, too.
Elsewhere, the week was customarily bleak. Fortnite scams are even worse than you thought, spread across thousands of bogus websites and promoted by YouTube videos with a cumulative millions of views. Voting misinformation is already rampant, and we're still days away from the midterm elections. The Pittsburgh synagogue shooting suspect appeared to have left behind a trail of incendiary posts on Gab, the social media platform preferred by the far right. And China has recruited spies at an alarming rate; we broke down the country's methodology step by step.
We also talked to over a dozen current and former privacy-focused Google employees—and the company's critics—to get a better sense of how the company approaches an issue that's seemingly antithetical to its business goals.
And there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
While the European Union now has the GDPR omnibus privacy law protecting consumers, the US has no equivalent, or really anything close—unless you live in California. A new bill from Oregon senator Ron Wyden hopes to change that, though, offering a sweeping vision of what US privacy law could look like. The so-called Consumer Data Protection Act would require large companies to submit annual reports detailing how they protect user data, and suggests jail time and hefty fees for any executives caught lying in them. Consumers would also have more choice in whether and how companies sold their data, and would add nearly 200 staffers to the Federal Trade Commission to police data-related abuses.
The bill seems unlikely to pass, given how aggressively the industry will line up behind it and how low a legislative priority this issue seems to be. (There's still no real legal oversight even of Facebook ads, which contributed to hostile foreign interference in the democratic process.) But if you're looking for a blueprint of how much better US privacy and data protections could be—the kind you deserve—Wyden has created one.
In August, Foreign Policy released a damning report about how a compromised CIA communications system may have led to the deaths of dozens of US spies in China. Now, a new Yahoo News report goes into gripping detail about how that system apparently first fell apart in Iran. The agency reportedly used an internet-based system that was not nearly secure enough to use for covert communications; Iran apparently even used Google to identify the website that the CIA used to route communications through. The entire thing appears to have been a debacle, one that cost both valuable intelligence networks and human lives.
Move over, Meltdown! Step aside, Spectre! There's a new Intel-focused side channel attack in town, and this one has a fun name, too: PortSmash. Identified by researchers at Finland's Tampere University of Technology and the Technical University of Havana in Cuba, the new attack affects processors that use simultaneous multithreading, specifically Intel's Skylake and Kaby Lake processors. While it works differently from previous high-profile side channel attacks, the end result is the same: hackers getting access to your encrypted data. and it's not clear if or when a fix could come.
The Library of Congress actually renewed several critical copyright exemptions over a week ago, but Motherboard this week took a closer look at the ways in which some of those have now been expanded. Every little bit helps, given that security researchers rely on these exceptions to poke and prod systems without winding up in jail. It's still not perfect, but it's a welcome development for a community that needs as many as it can get.