Pages Navigation Menu

The blog of DataDiggers

Categories Navigation Menu

California to close data breach notification loopholes under new law

Posted by on Feb 21, 2019 in Alabama, California, computer security, data breach, data security, driver, Florida, Government, Identity Theft, Iowa, Marriott, Nebraska, Oregon, Prevention, Privacy, Safety, San Francisco, Security, security breaches, starwood, United States | 0 comments

California, which has some of the strongest data breach notification laws in the U.S., thinks it can do even better.

The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the requirements for companies to notify users or customers if their passport and government ID numbers, along with biometric data, such as fingerprints, and iris and facial recognition scans, have been stolen.

The updated draft legislation lands a few months after the Starwood hack, which Becerra and Democratic state assembly member Marc Levine, who introduced the bill, said prompted the law change.

Marriott-owned hotel chain Starwood said data on fewer than 383 million unique guests was stolen in the data breach, revealed in September, including guest names, postal addresses, phone numbers, dates of birth, genders, email addresses, some encrypted payment card data and other reservation information. Starwood also disclosed that five million passport numbers were stolen.

Although Starwood came clean and revealed the data breach, companies are not currently legally obligated to disclose that passport numbers or biometric data have been stolen. Under California state law, only Social Security numbers, driver’s license numbers, banking information, passwords, medical and health insurance information and data collected through automatic license plate recognition systems must be reported.

That’s set to change, under the new California assembly bill 1130, the state attorney general said.

“We have an opportunity today to make our data breach law stronger and that’s why we’re moving today to make it more difficult for hackers and cybercriminals to get your private information,” said Becerra at a press conference in San Francisco. “AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection,” he said.

Several other states, like Alabama, Florida and Oregon, already require data breach notifications in the event of passport number breaches, and also biometric data in the case of Iowa and Nebraska, among others.

California remains, however, one of only a handful of states that require the provision of credit monitoring or identity theft protection after certain kinds of breaches.

Thursday’s bill comes less than a year after state lawmakers passed the California Privacy Act into law, greatly expanding privacy rights for consumers — similar to provisions provided to Europeans under the newly instituted General Data Protection Regulation. The state privacy law, passed in June and set to go into effect in 2020, was met with hostility by tech companies headquartered in the state, prompting a lobbying effort to push for a superseding but weaker federal privacy law.

Source: The Tech Crunch

Read More

What business leaders can learn from Jeff Bezos’ leaked texts

Posted by on Feb 17, 2019 in Column, computing, cryptography, data protection, data security, European Union, Facebook, General Data Protection Regulation, Google, human rights, jeff bezos, Microsoft, national security, online security, Oregon, Privacy, Ron Wyden, terms of service, United States, Wickr | 0 comments

The ‘below the belt selfie’ media circus surrounding Jeff Bezos has made encrypted communications top of mind among nervous executive handlers. Their assumption is that a product with serious cryptography like Wickr – where I work – or Signal could have helped help Mr. Bezos and Amazon avoid this drama.

It’s a good assumption, but a troubling conclusion.

I worry that moments like these will drag serious cryptography down to the level of the National Enquirer. I’m concerned that this media cycle may lead people to view privacy and cryptography as a safety net for billionaires rather than a transformative solution for data minimization and privacy.

We live in the chapter of computing when data is mostly unprotected because of corporate indifference. The leaders of our new economy – like the vast majority of society – value convenience and short-term gratification over the security and privacy of consumer, employee and corporate data.  

We cannot let this media cycle pass without recognizing that when corporate executives take a laissez-faire approach to digital privacy, their employees and organizations will follow suit.

Two recent examples illustrate the privacy indifference of our leaders…

  • The most powerful executive in the world is either indifferent to, or unaware that, unencrypted online flirtations would be accessed by nation states and competitors.
  • 2016 presidential campaigns were either indifferent to, or unaware that, unencrypted online communications detailing “off-the-record” correspondence with media and payments to adult actor(s) would be accessed by nation states and competitors.

If our leaders do not respect and understand online security and privacy, then their organizations will not make data protection a priority. It’s no surprise that we see a constant stream of large corporations and federal agencies breached by nation states and competitors. Who then can we look to for leadership?

GDPR is an early attempt by regulators to lead. The European Union enacted GDPR to ensure individuals own their data and enforce penalties on companies who do not protect personal data. It applies to all data processors, but the EU is clearly focused on sending a message to the large US based data processors – Amazon, Facebook, Google, Microsoft, etc. In January, France’s National Data Protection Commission sent a message by fining Google $57 million for breaching GDPR rules. It was an unprecedented fine that garnered international attention. However, we must remember that in 2018 Google’s revenues were greater than $300 million … per day! GPDR is, at best, an annoying speed-bump in the monetization strategy of large data processors.

It is through this lens that Senator Ron Wyden’s (Oregon) idealistic call for billions of dollars in corporate fines and jail time for executives who enable privacy breaches can be seen as reasonable. When record financial penalties are inconsequential it is logical to pursue other avenues to protect our data.

Real change will come when our leaders understand that data privacy and security can increase profitability and reliability. For example, the Compliance, Governance and Oversight Council reports that an enterprise will spend as much as $50 million to protect 10 petabytes of data, and that $34.5 million of this is spent on protecting data that should be deleted. Serious efficiencies are waiting to be realized and serious cryptography can help.  

So, thank you Mr. Bezos for igniting corporate interest in secure communications. Let’s hope this news cycle convinces our corporate leaders and elected officials to embrace data privacy, protection and minimization because it responsible, profitable and efficient. We need leaders and elected officials to set an example and respect their own data and privacy if we have any hope of their organizations to protect ours.

Source: The Tech Crunch

Read More

A popular genealogy website just helped solve a serial killer cold case in Oregon

Posted by on Jan 31, 2019 in DNA, forensics, GEDMatch, Genetics, Oregon, Science, TC | 0 comments

On Thursday, detectives in Portland, Ore. announced that a long-cold local murder case finally came to a resolution, 40 years after the fact.

In 1979, 20-year-old Anna Marie Hlavka was found dead in the Portland apartment she shared with her fiance and sister. According to police, she was strangled to death and sexually assaulted. Police followed a number of leads and kept tabs on the case for decades without a breakthrough.

Last May, detectives with Portland’s Cold Case Homicide Detail dug back into the case using the methodology made famous when investigators last year tracked down the man believed to be the Golden State Killer.

Around that time, detectives working the Hlavka case reached out to a company called Parabon NanoLabs to determine if their case could be solved the same way, by cross-referencing the suspect’s DNA with public DNA profiles uploaded to GEDmatch, a popular free ancestry and genealogy database.

“Most of our cases are cold cases, many of which are decades old like Anna Marie’s case,” Parabon Chief Genetic Genealogist CeCe Moore told TechCrunch in an email interview.

Many law enforcement agencies are already familiar with a Parabon service called Snapshot Phenotype, which allows the company to predict aspects of a person’s physical appearance using only DNA. At Parabon, Moore’s team has successfully identified 33 individuals for law enforcement since its launch in May 2018. The team works both cold cases and active investigations.

Moore explained how her team takes a suspect’s DNA and uploads it into GEDmatch . There, the team can identify potential relatives, usually distant cousins and not-close relatives.

“We build their family trees and then try to determine who might be related to all of these different people and their ancestors,” Moore said. “When we are successful, we reverse engineer the family tree of the unknown suspect based on the trees of the people who share DNA with him in GEDMatch.”

According to the police bureau’s report, the breakthrough led them to Texas:

The forensic genealogist was able to map three of the four familial lines of the killer and identified the killer as Jerry Walter McFadden, born March 21, 1948. McFadden was a convicted murderer and was executed by the State of Texas in October 1999. Due to McFadden’s execution date, his DNA profile was never entered into the FBI CODIS database for comparison.

Detectives travelled to Texas to interview McFadden’s family members and obtain a confirmatory DNA standard to compare with the DNA evidence in the Hlavka murder. Detectives obtained DNA standards with their consent from members of McFadden’s family. Detectives also learned McFadden traveled to the Pacific Northwest in 1979 with an acquaintance from their home town. The woman reported dropping him off in Portland and having no further contact with him.

The case is the latest example of how the popularity of at-home DNA test kits — and the data they yield, often uploaded into open online genealogy databases — is a windfall for investigators. In the instance of McFadden, the DNA trail led to some surprising connections.

“In an earlier case I worked on [the 1981 murder of Ginny Freeman of Brazos, Texas], genetic genealogy analysis also led to a man who had been executed in 1999 in Texas, James Otto Earhart,” Moore told TechCrunch.

“It is really strange to think that these two serial killers that we identified through genetic genealogy a few months apart decades after their crimes, were on Texas death row together and executed the same year.

Source: The Tech Crunch

Read More

Apple plans major US expansion including a new $1 billion campus in Austin

Posted by on Dec 13, 2018 in Apple, apple inc, apple store, austin, boston, boulder, Colorado, computing, cupertino, Electronic Arts, Energy, Governor, iPhone, Los Angeles, Louisiana, New York, Oregon, pittsburgh, Portland, san diego, Seattle, Steve Jobs, TC, Technology, texas, United States | 0 comments

Apple has announced a major expansion that will see it open a new campus in North Austin and open new offices in Seattle, San Diego and Los Angeles as it bids to increase its workforce in the U.S. The firm said it intends also to significantly expand its presence in Pittsburgh, New York and Boulder, Colorado over the next three years.

The Austin campus alone will cost the company $1 billion, but Apple said that the 133-acre space will generate an initial 5,000 jobs across a broad range of roles with the potential to add 10,000 more. The company claims to have 6,200 employees in Austin — its largest enclave outside of Cupertino — and it said that the addition of these new roles will make it the largest private employer in the city.

Beyond a lot of new faces, the new campus will include more than 50 acres of open space and — as is standard with Apple’s operations these days — it will run entirely on renewable energy.

Apple already has 6,200 employees in Austin, but its new campus could add up to 15,000 more

The investment was lauded by Texas Governor Greg Abbott.

“Their decision to expand operations in our state is a testament to the high-quality workforce and unmatched economic environment that Texas offers. I thank Apple for this tremendous investment in Texas, and I look forward to building upon our strong partnership to create an even brighter future for the Lone Star State,” he said in a statement shared by Apple.

But Austin isn’t the only focal point for Apple growth in the U.S.

Outside of the Austin development, the iPhone-maker plans to expand to over 1,000 staff Seattle, San Diego and LA over the next three years, while adding “hundreds” of staff in Pittsburgh, New York, Boulder, Boston and Portland, Oregon.

More broadly, Apple said it added 6,000 jobs to its U.S. workforce this year to take its total in the country to 90,000. It said it remains on track to create 20,000 new jobs in the U.S. by 2023.

Source: The Tech Crunch

Read More

Political Year of the Woman? Been There, Done That, Oregon Says

Posted by on Sep 2, 2018 in Oregon, Salem (Ore), State Legislatures, United States Politics and Government, Women and Girls, Women's Rights | 0 comments

Women already control the governor’s office in Oregon and more top state legislative posts than in any other state, and now have track records to defend at the ballot box.
Source: New York Times

Read More

They Bonded as the Pacific Crest Trail Burned. Now They Heal It.

Posted by on Jul 17, 2018 in Columbia River Gorge National Scenic Area, Fires and Firefighters, Hikes and Hiking, Oregon, Pacific Crest Trail, Washington (State), Wildfires | 0 comments

Mark Beebe and Tara Prevo met over online conversations about hiking the famed trail. A year later, they’re together, and out fixing the wildfire-charred path.
Source: New York Times

Read More

How a Tycoon and Pence Friend Helped 2 Ranchers Get Pardons

Posted by on Jul 12, 2018 in Amnesties, Commutations and Pardons, Forrest Lucas, Hammond, Dwight L (1942- ), Hammond, Steven D (1969- ), Oregon, Pence, Mike, Ranches, Trump, Donald J, United States Politics and Government | 0 comments

The case of the two ranchers, Dwight and Steven Hammond, attracted the attention of Forrest Lucas, who has the ear of Vice President Mike Pence.
Source: New York Times

Read More