Friday Five: 6/7 Edition
The latest trade secret case, a more strict privacy bill for New York State, and the European Data Protection Supervisor's warning - catch up on the week's news with this recap!
1. New York State Is Pushing ‘One of the Strictest’ Privacy Bills in the Nation by Patrick Howell O'Neill
News via Gizmodo here on legislation known as the New York Privacy Act (NYPA) that's posed to become one of the strongest privacy laws in the nation. Under the law, "New Yorkers would have the right to sue companies that violate privacy, all companies will be subject to the law no matter the size, and businesses would be deemed “data fiduciaries” and therefore barred from using consumer data in a way that harms users but benefits the company," according to the blog. The bill was introduced almost a month ago - on May 9 - by state senator Kevin Thomas, but it’s in the news this week (it was also covered by Wired) because the New York State Senate held a public hearing on Tuesday about how exactly state legislature should play a role in online privacy.
2. Behind the Scenes with the Hacktivists Who Took On Microsoft and the FBI by Emma Best
An excellent piece here via The Outline on the hacking group Cult of Dead Cow -- of which a book, you've no doubt heard a lot about this week if you're in infosec, was written about. This piece thankfully isn't a review of the book nor does it appear to heavily borrow from it; it instead combs through FBI documents obtained via a Freedom of Information Act request to highlight the law enforcement agency's concerns around BackOrifice 2000, or BO2. While the whole piece is a snazzy primer on cDc, it's also a great springboard to footage released this week, in tandem with the book's release, of the group releasing BO2k at DEF CON 7, way back in 1999. It’s a fun time warp, especially if you’re familiar with cDc’s cast of characters.
3. US education provider accuses rival of trade secrets theft by World IP Review
The World Intellectual Property Review has a line on an interesting trade secret theft case that eluded us this week. The case involves two companies from the certified financial planning (CFP) industry: DF Institute, doing business as Kaplan Professional, is alleging that Dalton Education recruited one of its employees with the aim of acquiring confidential information about Kaplan’s business strategy, revenues and 2018 product lines. Kaplan is claiming that wo of its former employees forwarded confidential documents containing company trade secrets to their personal email addresses. It of course is far too early to know how this will pan out but according to WIPR, Kaplan is seeking injunctive relief against Dalton prohibitingthe theft of its trade secrets, and the return of all documents containing confidential information about their business.
4. EU Data protection watchdog flags institution websites for GDPR issues by Irene Kostaki
The week started off with a warning shot of sorts by the European Data Protection Supervisor, which on Monday, said that some of the most important websites in the EU, those belonging to major institutions and bodies, are lacking in the data protection department. Seven out of 10 websites the EDPS looked at had a data security issue. While the office of the supervisor didn’t explicitly say which institution was at fault, it confirmed it did inspect the following sites: The European Parliament, the shared website of the Council and the Council of the European Union, the Commission, the Court of Justice, Europol, and the European Banking Authority, the European Data Protection Board (EDPB), the 2018 International Conference of Data Protection and Privacy Commissioners (ICDPPC 2018), and the EDPS website itself. One of the biggest issues the EDPS had with the sites? Third-party tracking without prior consent. Using trackers for web analytics without acquiring a user's prior consent was also an issue.
5. Overlooked No More: Alan Turing, Condemned Code Breaker and Computer Visionary by Alan Cowell
Not necessarily an infosec or privacy article but a neat inclusion this week: Alan Turing, the legendary British mathematician who cracked the ‘Enigma’ code and is largely regarded as the father of computer science, never received a New York Times obituary. The Times is rectifying that as part of a project it started last year called Overlooked. This week’s, on Turing, is a just tribute. It's a great read, tracing his history at King's College to his publishing of the paper "On Computable Numbers, With an Application to the Entscheidungsproblem” to his time at Bletchley Park, in Buckinghamshire, where he proved instrumental in top secret work done to decipher military codes used by Germany et al.