For many, after-work drinks are a common way of relaxing after a busy week. But one worker in Japan could be nursing a protracted hangover after he lost a USB memory stick following a night out with colleagues. Why? It contained the personal details of nearly half a million people. The unnamed man placed the memory stick in his bag before an evening of drinking in the city of Amagasaki, north-west of Osaka. He spent several hours drinking in a local restaurant before eventually passing out on the street, local media reported. When he eventually came around, he realised that both his bag and the memory stick were missing. The Japanese broadcaster NHK reports that the man, said to be in his 40s, works for a company tasked with providing benefits to tax-exempt households.
Four Democratic US senators today asked the Federal Trade Commission to “investigate Apple and Google for engaging in unfair and deceptive practices by enabling the collection and sale of hundreds of millions of mobile phone users’ personal data.” “The FTC should investigate Apple and Google’s role in transforming online advertising into an intense system of surveillance that incentivizes and facilitates the unrestrained collection and constant sale of Americans’ personal data,” they wrote. “These companies have failed to inform consumers of the privacy and security dangers involved in using those products. It is beyond time to bring an end to the privacy harms forced on consumers by these companies.” The letter cited the Supreme Court decision overturning Roe v. Wade, saying that women “seeking abortions and other reproductive healthcare will become particularly vulnerable to privacy harms, including through the collection and sharing of their location data.”
Following the footsteps of Austria and France, the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release published last week, called out a local web publisher for using the widely used analytics tool in a manner that allowed key bits of users’ personal data to be illegally transferred to the U.S. without necessary safeguards. This includes interactions of users with the websites, the individual pages visited, IP addresses of the devices used to access the websites, browser specifics, details related to the device’s operating system, screen resolution, and the selected language, as well as the date and time of the visits.
The old hacker stereotype—the antisocial lone wolf with coding skills—has been eclipsed by something far stranger: the cybercrime enterprise. This mutant business model has grown exponentially, with annual cybercrime revenues reaching $1.5 trillion, according to a 2018 study by endpoint security provider Bromium. The sophistication of cybercrime operations underpins this scale of damage. The only explanation is that profit motive is fueling an engine that has driven the creation of effective organizations. But these organizations are curiously subject to many of the vicissitudes of normal business. Perhaps the oddest outcome of this state of affairs is watching global cybercrime syndicates suffer under conventional business problems like PR difficulties.
Rights groups are celebrating after winning a “landmark” legal case against the UK government over its controversial Investigatory Powers Bill. The 2016 law, also known as the Snoopers’ Charter, introduced one of the most draconian surveillance regimes of any Western democracy, despite strong public opposition. Among other things, it required telecoms and internet service providers to store every citizens’ web browsing records for 12 months and provide access to police and intelligence agencies on request. It also empowered police and security services to hack into computers and phones and collect communications data in bulk. However, on Friday, the High Court ruled in favor of Liberty on a key point, saying that it is illegal for the security services to obtain individuals’ communications data from telecom providers without having prior independent authorization.