Friday Five: 11/8 Edition
Ex-Twitter employees charged with spying, a new federal agency to enforce privacy rights, and a DNA testing firm breach. Catch up on the week's news with the Friday Five!
1. Whatever You Think of Facebook, the NSO Group Is Worse by Josephine Wolff
A follow up to last week’s big WhatsApp-NSO Group story in the form of an editorial. It's a nice recap of the story - the lawsuit, what NSO Group is, etc. - and highlights the importance of bringing the case against the Israeli firm. It's of course important for Facebook, WhatsApp's owner, to look good in the eyes of the public for defending users' privacy. But as Josephine Wolff, a cybersecurity policy professor at the Fletcher School of International Affairs at Tufts, notes, it's an important and necessary step to drawn attention to what NSO Group is and does. It can be argued only a small percentage of the world's population is aware of the full scope of what spyware can do, let alone what NSO Group is. By shining a spotlight on NSO Group, ideally Facebook can boost public awareness and potentially ensnare the attention of regulators and other companies who help NSO Group facilitate its services.
2. Former Twitter employees charged with spying for Saudi Arabia by digging into the accounts of kingdom critics By Ellen Nakashima and Greg Bensinger
Safe to say this might be the biggest news story of the week - big news, via the Washington Post, that the Department of Justice has charged two former Twitter employees with spying on users for the Saudi Arabian government. The charges, which were unsealed on Wednesday, claim the since-fired employees abused their positions and access to Twitter’s systems as early as 2014 to access personal data belonging to thousands of dissidents, including e-mail addresses, phone numbers, and IP addresses that could go on to be used to determine a user’s location. The case raises a lot of questions about the ability of technology companies to protect the personal data of users from harsh governments.
3. Two Silicon Valley congresswomen propose a new federal agency to enforce online privacy rights by Lauren Feiner
Yet another new online privacy law was introduced this week but unlike many of those recently brought to the floor this one, The Online Privacy Act - introduced by Anna Eshoo and Zoe Lofgren, two representatives from California, isn't based on imposing new regulations or stipulations. It wants to form the foundation of a new federal agency to help Congress iron out the specifics of privacy rights for users. The entity, dubbed the Digital Privacy Agency, could be funded for up to 1,600 employees and could impose damages up to the same maximum amount as the FTC’s, $42,530 per incident, according to CNBC News, which reported on the bill this week.
4. Apple updates privacy website to highlight data protection tools by Alfred Ng
We tweeted this on Wednesday but it’s worth pointing out again here that Apple has really stepped up the privacy section on its website. A new update includes a slew of information for users, including Apple's privacy settings on all of its products, in addition to how features like Sign In With Apple and Location Services work and protect users' data. It seems Apple is keen on backing up its claims made in billboards first seen in Las Vegas, at CES, earlier this year intent on calling out its focus on user privacy.
5. Breach at DNA-Test Firm Veritas Exposed Customer Information by Kristen Brown
A Massachusetts-based DNA testing startup was hacked but the company is downplaying the incident and claiming that generic data, DNA-test results, and health records weren't exposed. Instead, according to this Bloomberg piece, it sounds as if a more customer-facing portal was compromised. The firm, Veritas, which sells whole-genome sequencing told the publication that only a "handful" of customers were affected; it didn't specify what type of data may have been accessed. DNA testing sites have been a target of attackers of late. MyHeritage, one such site suffered a breach last year that exposed 92 million of its users emails and hashed passwords. Both MyHeritage and Veritas were wise enough to keep DNA and users’ generic information locked down, cordoned off from the rest of the company’s systems.