Home Tags Data Protection

Tag: Data Protection

Information privacy, or data privacy (or data protection), is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.

The challenge of data privacy is to utilize data while protecting individual’s privacy preferences and their personally identifiable information. The fields of data security and information security design and utilize software, hardware and human resources to address this issue. As the laws and regulations related to Privacy and Data Protection are constantly changing, it is important to keep abreast of any changes in the law and continually reassess compliance with data privacy and security regulations.

The ability to control the information one reveals about oneself over the Internet, and who can access that information, has become a growing concern. These concerns include whether email can be stored or read by third parties without consent, or whether third parties can continue to track the web sites someone has visited. Another concern is web sites which are visited collect, store, and possibly share personally identifiable information about users.

Security Researchers Challenge Claims Data Breaches Increasing

While industry reports cite a rise in data breach incidents, academic researchers find few signs that the threat is getting significantly worse. In April 2015, the U.S.

Department of Energy responded to Freedom of Information Act (FOIA) request from USA Today by releasing information on more than 1,100 cyber-security incidents that occurred over four years.While the data was not detailed—only consisting of seven variables, two of which had been redacted—there was enough information for researchers from Stanford University to come to a surprising conclusion: The rate of security incidents decreased over time.
In other words, while breaches have regularly made headlines, the DOE as a whole was seeing fewer attacks."People have the perception that cyber-attacks have increased in frequency and magnitude dramatically," Marshall Kuypers, a Ph.D. candidate in the School of Management Science and Engineering at Stanford University, told eWEEK. "But when we run the numbers, we see this seems to be the result of media attention, not an actual trend."Kuypers revealed the analysis in a working paper focused on the Department of Energy data.

The rate of incidents due to a various attack types neither increased nor decreased over time in the government agency's data set. However, malware incidents dominated the data, accounting for much of the observed trend.

Because malware incidents fell, so did the overall trend. The DOE is not the first organization studied by Kuypers to see a decline in incidents.

An ongoing study of a large organization—which Kuypers cannot name but which has between 5,000 and 50,000 workers, he said—has experienced more than 60,000 incidents over a six-year period. Most types of attacks held relatively constant over the six-year period, according to the data. Once again, however, malware incidents slowed over time.Another study by the University of New Mexico released at the Workshop on the Economics of Information Security analyzed 10 years of breach data from the Privacy Rights Clearinghouse and found that "neither size nor frequency of data breaches has increased over the past decade."If it sounds like companies have less to worry about, data from the security industry tells a different story.

The company that collects the most breach data, Verizon, saw a significant spike in 2014. While the company has not yet released its annual Data Breach Investigations Report this year, the report will show another marked increase, according to Bryan Sartin, executive director of the Verizon RISK Team."If you filter the data on computer-based intrusions, hackers, Internet attacks and data theft … that has climbed like a rocket," he said.But even Verizon noted in its 2015 report that the media had latched on to breach reports as well, with the New York Times, for example, covering data breaches 700 times in the previous year, compared with less than 125 in 2013.

Google says it won’t Google jurors in upcoming Oracle API copyright...

Shawn Collins It was just days ago when the federal judge presiding over the upcoming Oracle v.

Google API copyright trial said he was concerned that the tech giants were already preparing for a mistrial—despite the fact that the San Francisco jury hasn't even been picked yet. US District Judge William Alsup said he was suspicious that, during the trial, the two might perform intensive Internet searches on the chosen jurors in hopes of finding some "lie" or "omission" that could be used in a mistrial bid. To placate the judge's fears, Google said (PDF) it won't do Internet research on jurors after a panel is picked for the closely watched trial, set to begin on May 9."The Court stated that it is considering imposing on both sides a ban on any and all Internet research on the jury members prior to verdict. Provided the ban applies equally to both parties, Google has no objection to imposition of such a ban in this case," Google attorney Robert Van Nest wrote to the judge in a Tuesday filing. Enlarge Peter Kaminski Google was referring solely to Internet searches of the jury once jurors were picked. Oracle didn't go so far in its response Tuesday and said the dueling companies should be able to investigate jurors both before and after they are chosen. "...the parties should be permitted to conduct passive Internet searches for public information, including searches for publicly available demographic information, blogs, biographies, articles, announcements, public Twitter and other social media posts, and other such public information," Oracle attorney Peter Bicks wrote (PDF) Alsup on Tuesday. However, Oracle was concerned that Google might tap its vast database of "proprietary" information connected to jurors' Google accounts and said such research should be off-limits. "Neither party should access any proprietary databases, services, or other such sources of information, including by way of example information related to jurors', prospective jurors', or their acquaintances' use of Google accounts, Google search history information, or any information regarding jurors' or prospective jurors' Gmail accounts, browsing history, or viewing of Google served ads..." Oracle wrote. Google has never suggested it would violate its customers' privacy in such a way. Oracle is seeking $1 billion in damages after successfully suing the search giant for infringing Oracle's Java APIs that were once used in the Android operating system.

A federal appeals court has ruled that the "declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection." The decision reversed the outcome of the first Oracle-Google federal trial before Alsup in 2012.

APIs are essential and allow different programs to work with one another. The new jury will be tasked with deciding solely whether Google has a rightful fair-use defense to that infringement.

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

CryptoWall most prevalent nasty – survey File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per cent share.

According to FBI statistics released last June, CryptoWall managed to generate more than $18m for its creators in a little over a year. These revenues – traced by monitoring BitCoin wallets and similar techniques – provide evidence that a growing percentage of organisations affected by ransomware attacks are paying up. Healthcare is the most affected sector when it comes to cyber-attacks more generally, according to other findings from the 2015 edition of Trend Micro’s Annual Security Roundup Report.

Throughout 2015, almost 30 per cent of all data breaches happened in the healthcare sector, followed by education and government sectors (17 per cent and 16 per cent, respectively). Elsewhere, businesses at increased risk from the Internet of Things (IoT) attacks which are moving on from becoming something only consumers need to think about as wearables and the like enter the workplace, Trend warns. Given their susceptibly to attacks, IoT devices within the enterprise ecosystem can become liabilities. Unlike Android devices, which already have fragmentation problems of their own, IoT devices run on several different platforms, making device and system updates as well as data protection more complex than ever. More from Trend’s study, published on Tuesday, can be found here. ® Sponsored: Network monitoring and troubleshooting for Dummies

Using GPS tracker, armed robbers follow casino-goer home and steal $6,000

Surrey County Council Last fall, a Maryland man’s frequent activities at a local casino resulted in robbers using a GPS tracker to follow him home.

Days later, they bound and gagged his two children, then stole $6,000 in cash plus an iPhone 6. If that wasn't crazy enough, Mario Guzman (a pseudonym) was also followed by someone else less than a week earlier. His wife, Alicia Guzman (another pseudonym), had hired a private investigator to keep tabs on her husband, according to a Montgomery County Police report. (Ars has changed the names of this feuding couple to protect their privacy interests.)Mario Guzman regularly drove 50 miles, six days a week, from his home in Germantown to a casino in Baltimore, according to a recently-released police report that Ars obtained Tuesday from the Montgomery County Police Department.

The report notes that Alicia Guzman suspected her husband of adultery and "gambling with large sums of money." On November 11, 2015, Greg Townsend of Montgomery Investigative Services, Inc., followed Guzman as he made his way from home to the Horseshoe Casino as per his routine.

After watching Guzman enter the casino, Townsend returned back to Guzman’s car so that he could place his own GPS tracker on the Audi. (Weeks earlier, Mario Guzman had even hired his own private investigator to check for such devices that he suspected would be put on his car at his wife’s behest, which had not yet occurred.) However, Townsend noticed two people in an Acura parked next to Guzman’s Audi.

They "were watching Townsend." After a few minutes, the Acura drove away, but not before Townsend wrote down the license plate.

Townsend then resumed his mission to put his own GPS tracker on the Audi, but found that there was already a GPS tracker there, near the rear passenger side tire.

The PI then moved this tracker towards the driver’s side of Guzman’s car and put his own underneath the undercarriage between the front and rear doors.

Townsend then returned to his own car nearby. After a short period, a different-colored Acura drove up, and Townsend watched as two people got out and began examining the underside of Guzman’s car along the passenger side.

Townsend managed to take a video of this pair, but was unable to note the new Acura's plate. Montgomery County Police Detective Thomas Thompson wrote in the police report that he "believes this suspect was trying to retrieve the GPS tracker that he or someone in his organization placed under [Mario Guzman]’s vehicle.

The suspect obviously couldn’t find the GPS tracker because Townsend placed [the tracker] in a different location on the vehicle." Before departing, the suspect briefly opened and closed his own trunk. Townsend resumed physical surveillance on Guzman’s Audi, and after an unspecified period of time, Guzman returned with a woman.

Both Guzman and the woman got into the Audi, and they drove off. The investigator then began to follow the Audi as it drove into a "wooded area of Baltimore." The police report flatly notes "[Mario Guzman] eventually went home for the evening." A terrifying scene Six days later, on November 17, Guzman’s two children, aged 21 and 14, were at home. (The police report makes no mention of Mario or Alicia Guzman being at home, suggesting that they weren't there.) The 21-year-old man and his younger sister went out to get something to eat in the evening. Upon their return at 8:10pm, they opened the garage door.

Two masked suspects suddenly appeared, drew guns, and ordered them to the ground. The Guzman children complied and were promptly bound and gagged with zip ties and duct tape. One of the suspects kept an eye on the girl while the man was ordered into the house at gunpoint. "Where is the money?" the gunman barked. The 21-year-old showed him the various locations where the family stored cash, and the first gunman eventually gathered up $6,000 in cash belonging to Mario Guzman.

They also took the 14-year-old’s iPhone 6. Within minutes, the two suspects fled the scene.

The Guzman children managed to escape from the zip ties and called 911. The police report does not specify whether the cash came from Mario Guzman's casino winnings. When Alicia Guzman learned of the incident, she told Detective Thompson that she had hired Townsend to put a GPS tracker on her husband’s car.

Detective Thompson, along with a forensic specialist, verified that Townsend’s GPS tracker was indeed still there. (The Supreme Court famously ruled in 2012 that the police cannot put such a GPS tracker on a suspect without a warrant, but that ruling has no bearing on individuals, be they private investigators or robbers.) Authorities then ran DNA swabs from the duct tape used to gag the children and found one match in the FBI’s Combined DNA Index System (CODIS).

The match belonged to Kevin Darnell Carroll, a convicted felon with an "extensive criminal history." According to The Washington Post, Carroll was arrested last week on charges of armed robbery, first degree burglary, and many others.

Carroll’s accomplice, described by police as a "black male," remains at large. The future of crime? Law professors who specialize in privacy and surveillance told Ars that they had never heard of a case like this. "This mundane surveillance warfare, if you like, among the perpetrators, the suspicious spouses, and ultimately the police (DNA swabs) nicely sums up the world we live in today," Elizabeth Joh, a professor at the University of California, Davis, said in an e-mail. Neil Richards, a professor at Washington University in St. Louis, said that this is a good reminder that technological innovation can be used for good as well as for ill. "As technologies become more widely available, we shouldn’t be surprised that they are put to illegal uses," he said in an e-mail. "Criminals have always been on the leading edge of tech adoption, from telephones to pagers to mobile burners, and we shouldn’t be surprised to see more of these stories in the coming years." Mario Guzman, Alicia Guzman, and the hired PIs immediately did not respond to Ars’ request for comment.

Thompson was not available to respond to Ars’ further questions. "Members of the police department cannot comment on any additional details of this case until it has been adjudicated," Officer Rick Goodale, a Montgomery County Police Department spokesman, told Ars by e-mail.

Encryption project issues 1 million free digital certificates in three months

Let's Encrypt, an organization set up to encourage broader use of encryption on the Web, has distributed 1 million free digital certificates in just three months. The digital certificates cover 2.5 million domains, most of which had never implemented SSL/TLS (Secure Sockets Layer/Transport Layer Security), which encrypts content exchanged between a system and a user.

An encrypted connection is signified in most browsers by "https" and a padlock appearing in the URL bar. "Much more work remains to be done before the Internet is free from insecure protocols, but this is substantial and rapid progress," according to a blog post by the Electronic Frontier Foundation, one of Let's Encrypt's supporters. The organization is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, Cisco, Akamai, Facebook and others. There's been a push in recent years to encourage websites to implement SSL/TLS, driven in part by a rise in cybercrime, data breaches and government surveillance. Google, Yahoo, and Facebook have all taken steps to secure their services. SSL/TLS certificates are sold by major players such as Verisign and Comodo, with certain types of certificates costing hundreds of dollars and needing periodic renewal.

Critics contend the cost puts off some website operators, which is in part why Let's Encrypt launched a free project. "It is clear that the cost and bureaucracy of obtaining certificates was forcing many websites to continue with the insecure HTTP protocol, long after we've known that HTTPS needs to be the default," the EFF wrote.

Google Offers Tool to Help Evaluate Vendor Security

The vendor security evaluation framework provides questions that organizations need to ask to accurately assess a third-party's security and privacy readiness, Google said. Google has released a framework to open source that it implements internally to...

ThreatTrack Vipre Antivirus 2016

ByNeil J. Rubenking Vipre has been a name to conjure with in the antivirus business for quite some time.

The product has changed over the years, bouncing from company to company and, at one point, incorporating spyware protection from the well-regarded CounterSpy. Perhaps all that moving around wasn't the best for its health.

The current incarnation, ThreatTrack Vipre Antivirus 2016, isn't your best choice for comprehensive protection.
It did improve its antiphishing and malicious URL blocking scores significantly over the tests we ran on last year's edition, but it fared poorly in tests by independent antivirus labs. You have plenty of purchase options with Vipre. You can pick one, three, five, or 10 licenses and subscribe for one, two, three, or four years.

There's a discount for more licenses and longer subscriptions, of course. Protecting a single PC for one year costs $39.99, while a 10-license four-year subscription goes for $269.99, quite a bit less than what you'd pay for 40 single licenses (almost $1,600!). Installation is simple, if not precisely quick. You fire up the installer, copy and paste your license key, and click a button labeled Agree & Continue.

That's it.

The installer checks for program updates, performs the installation, downloads the latest virus definitions, and runs a scan for active malware. You don't have to do a thing, except perhaps get some coffee or a snack.
I found the full installation process took about 10 minutes. Vipre's main window retains the look introduced with the previous edition.

Buttons let you launch or schedule a scan.

A status panel reports on the latest scans and updates.

A couple of links let you manage your account or the program's settings.
It's very slick and simple. So-So Malware BlockingA full system scan with Vipre took 46 minutes, just a little longer than the current average.

Clearly the program performs some kind of optimization during that first scan, as a repeat scan completed in just five minutes.

AVG AntiVirus Free (2016) took 27 minutes for an initial scan on this system and two minutes for a repeat scan.

F-Secure Anti-Virus 2016 cut the time even more, with a 15-minute first scan and just over one minute to repeat the scan. Of course, speed means little unless it's coupled with accuracy. My hands-on malware blocking test starts when I open a folder that contains a few dozen known malware samples.
Vipre immediately leapt into the fray, eliminating 79 percent of the samples on sight. When I launched the surviving samples, it detected a few, but didn't completely prevent installation of executable files.
It managed 86 percent detection and an overall score of 8.1 points in this test. Two products share the top overall score.

Avast Pro Antivirus 2016 detected 100 percent of these same samples, and Bitdefender Antivirus Plus 2016 detected 93 percent.

Because Avast didn't completely prevent installation of malware traces, it earned 9.3 points, the same as Bitdefender.
Vipre's score puts it well below the median for this test. Of necessity, my samples in that hands-on test get used for many months. However, in my malicious URL blocking test the samples (provided by MRG-Effitas) are as new as I can manage, typically no more than a day or two old.

The test is simple enough.
I take the sample URLs and launch each in a browser protected by the product under testing.
I note whether it steers the browser away from the dangerous URL, eliminates the executable payload during download, or sits idly, doing nothing to prevent the download.
I continue until I have data for 100 malware-hosting URLs. When I tested Vipre's previous edition, it blocked just 38 percent, all of them during the download process.

This time around, Vipre's Search Guard and new Edge Protection components stepped up to raise the protection level impressively.

Between the two components, Vipre blocked access to 84 percent of the malware-hosting URLs.

Edge Protection did most of the work, though Search Guard (the one place you can still see Vipre's old snake icon) lent a hand. Vipre's 84 percent protection rate is pretty darn good; only five products have done better.

At the top of the heap are McAfee AntiVirus Plus (2016) and Symantec Norton Security Premium, each of which managed 91 percent protection. See How We Test Malware Blocking Improved Phishing Detection Malware-hosting websites are definitely dangerous, but you can also get into serious trouble by voluntarily entering your login credentials on a fraudulent website.
Imagine if a phishing site snagged your Amazon password, or the credentials for your online banking! Last year Vipre tanked this test.

This year's results are much, much better. To start my antiphishing test, I visit a number of sites that track these frauds.
Specifically, I scrape URLs that have been reported as fraudulent but not yet classified and blacklisted.
I open each URL simultaneously in a browser protected by the product under test and by antiphishing veteran Norton.
I also try each URL against the native protection of Chrome, Firefox, and Internet Explorer.

There's a lot of variation in the types of phishing URLs, and in their cleverness, so I report the difference between the detection rate of the various products, rather than hard numbers. Vipre's detection rate was just 6 percentage points behind Norton's, the same score managed by BullGuard Antivirus (2016).
Vipre also handily beat all three browsers. Roughly two-thirds of current products failed to beat at least one of the browsers, and half of those performed worse than all three browsers. See How We Test Antiphishing Sad Lab Results Vipre's scores in my own tests ranged from so-so malware blocking to excellent phishing protection.
It didn't fare as well with the independent testing labs.
ICSA Labs does certify Vipre for malware detection and cleaning, and West Coast Labs certifies it for detection.
It managed VB100 certification in eight of the last 10 tests by Virus Bulletin.

But the scores go downhill from there. In the latest three-part test by AV-Test Institute, Vipre earned 3 points for protection, 3 for performance, and 6 points for usability.

This last figure means that Vipre avoided screwing up by identifying valid apps and URLs as malicious.

But with 6 points possible in the important protection category, a score of 3 points is pretty bad.

Avira Antivirus 2015, Bitdefender, and Kaspersky Anti-Virus (2016) all managed a perfect 18 points in this same test. Vipre's one success with AV-Test involved avoiding false positives, but in tests by AV-Comparatives false positives proved problematic.

This lab tags products with Standard certification as long as they meet all essential capabilities.

Better products can earn Advanced or Advanced+ certification, while those that don't make the grade just rank as Tested.

And whatever the basic rating, enough false positives can drag it down. I follow five tests out of the many performed by this lab.
In latest instances of those tests, Vipre earned Advanced once and Standard twice, but failed the other two tests, both times due to false positives.

That looks especially bad compared with Bitdefender and Kaspersky, which took Advanced+ ratings in all five. See How We Interpret Antivirus Lab Tests Bonus FeaturesThe Email and Privacy settings pages demonstrate that Vipre offers a number of features above and beyond the basics of antivirus.
It checks your incoming and outgoing email for malware, quarantining any problems it finds.

And it quarantines phishing messages—but not spam; antispam is reserved for the Vipre suite.

The email protection works with desktop clients only, not Web-based email, and if your email client uses non-default ports you'll need some technical skills to make it work. Vipre's Social Watch component scans your Facebook page for malicious links. Naturally you have to log in to Facebook in order for it to work. You can stay logged in and set it to scan every so often, or log out for privacy.  When you enable the secure file eraser feature, it adds an item to the right-click menu for files and folders.

After you confirm that you want a particular file or folder gone forever, it overwrites the file's data before deletion, to prevent forensic recovery of sensitive data.
I'm just as happy that it doesn't let you configure this feature, since most users aren't remotely qualified to select between the available algorithms. As you browse the Web and use your computer, you leave behind a trail of clues that a nosy person could use to reconstruct your activities.
If that bothers you, the history cleaner component can help.
It will wipe out browsing traces for many popular browsers, recent file lists for popular applications, and a number of Windows-based traces.

There's a checkbox to show only programs that you actually have installed, but in my testing it did not seem to work.
I definitely don't have Safari, Opera, or ICQ in the test system, yet they remained visible even when I checked the box. Some Ups, Some Downs ThreatTrack Vipre Antivirus 2016 performed significantly better than the 2015 edition in some areas.
It scored quite a bit better in my antiphishing and malicious URL blocking tests, probably thanks to the new Edge Protection.
Its score in my hands-on malware-blocking test was so-so, much the same as last year, but if I see top scores from the labs, I give them more weight than my own test. Unfortunately, Vipre's labs scores aren't good at all. Antivirus is a big field, and I've identified a number of Editors' Choice products.

Bitdefender Antivirus Plus and Kaspersky Anti-Virus routinely take top honors from all of the independent labs. McAfee AntiVirus Plus does well in lab tests and my own tests, and one subscription protects all of your Windows, Mac OS, and mobile devices.

And Webroot SecureAnywhere Antivirus remains the tiniest antivirus around, with an especial focus on ransomware.

Any one of these will be a better choice for your system's antivirus protection.

Secret court approves classified rule change on how FBI can use...

On Tuesday, The Guardian reported that the Federal Bureau of Investigation (FBI) has changed its rules regarding how it redacts Americans’ information when it takes international communications from the National Security Agency’s (NSA) database.

The paper confirmed the classified rule change with unnamed US officials, but details on the new rules remain murky. The new rules, which were approved by the secret US Foreign Intelligence Surveillance Court (FISC), deal with how the FBI handles information it gleans from the National Security Agency (NSA).

Although the NSA is technically tasked with surveillance of communications involving foreigners, information on US citizens is inevitably sucked up, too.

The FBI is then allowed to search through that data without any “minimization” from the NSA—a term that refers to redacting Americans’ identifiable information unless there is a warrant to justify surveillance on that person. The FBI enjoys privileged access to this information trove that includes e-mails, texts, and phone call metadata that are sent or received internationally. Recently, the Obama administration said it was working on new rules to allow other US government agencies similar access to the NSA’s database. But The Guardian notes that the Privacy and Civil Liberties Oversight Group (PCLOB), which was organized by the Obama administration in the wake of the Edward Snowden leaks, took issue with how the FBI accessed and stored NSA data in 2014. "As of 2014, the FBI was not even required to make note of when it searched the metadata, which includes the ‘to' or ‘from' lines of an e-mail,” The Guardian wrote. "Nor does it record how many of its data searches involve Americans’ identifying details." However, a recent report from PCLOB suggested that the new rules approved by FISC for the FBI involve a revision of the FBI's minimization procedures.
Spokespeople from both the FBI and PCLOB declined to comment on that apparent procedure change, saying it was classified, but PCLOB’s spokesperson, Sharon Bradford Franklin, told The Guardian that the new rules "do apply additional limits.” A spokesperson for the Office of the Director of National Intelligence said that the new procedures may be publicly released at some point.

Privacy groups want rules for how ISPs can track their customers

Some Internet service providers are building powerful tools to track customers, and the U.S.

Federal Communications Commission needs to step in, privacy advocates say. Some privacy advocates are calling on the FCC to create new regulations that limit how ISPs can track their customers across the Internet.

The agency could release a proposal for ISP privacy rules as soon as this month, FCC Chairman Tom Wheeler said last week. Some ISPs are deploying "invasive and ubiquitous" tracking practices as a way to deliver targeted advertising to customers, 12 privacy groups said in a letter to the FCC this week.
In recent years, large ISPs like Comcast and Verizon have entered into advertising partnerships or launched their own advertising services that take advantage of ISP customer data, the letter said. Because U.S. lacks a comprehensive privacy law, "there are very few legal constraints on business practices that impact the privacy of American consumers," said the letter, signed by the American Civil Liberties Union, the Electronic Privacy Information Center and other groups. "The FCC has the opportunity to fill this void." Calls for FCC privacy regulation from privacy groups are setting up a showdown with ISPs and their trade groups, which have resisted agency action on privacy.

For years, the Federal Trade Commission has taken enforcement action against companies, including ISPs, that violate their own privacy policies, critics of FCC action note. "Rather than advocating for a comprehensive privacy policy that applies to all entities in the Internet ecosystem," those privacy groups want the FCC to create new rules applying only to ISPs, said Anne Veigle, senior vice president of communications at USTelecom, a telecom and ISP trade group. "This effort will not give consumers the clear and consistent protections they should have and will only harm competition and innovation on the Internet." USTelecom, CTIA, and three other ISP trade groups sent their own letter to the FCC on March 1, with the groups calling for the agency to keep the rules "flexible" and targeted on unfair or deceptive conduct, as the FTC does, instead of creating extensive new regulations. "Consumer information should be protected based upon the sensitivity of the information to the consumer and how the information is used -- not the type ofbusiness keeping it, how that business obtains it, or what regulatory agency has authority over it," the trade groups' letter said. The move of the FCC toward new privacy rules for ISPs is related in part to the agency's reclassification of broadband as a regulated, common carrier service as part of new Net neutrality rules passed in February 2015.

The FCC had other avenues for passing new privacy regulations, but reclassification of broadband moved the authority for policing broadband privacy from the FTC to the FCC, said Harold Feld, senior vice president at Public Knowledge, one of the privacy groups calling for strong new rules. While the privacy groups haven't proposed many specific rules for the FCC to adopt, they want the FCC to go farther than the FTC practice of filing complaints only after the agency saw a privacy violation. The ISPs "have an obligation" to disclose more details about the information they collect and their uses of it, Feld said.

The groups want the FCC to look at how ISPs are coming cable data from customer set-top boxes with other sources to "create very detailed user profiles for marketing purposes," he added. The privacy groups also want ISPs to get opt-in permission to use customer data for most purposes. "We want ISPs to secure clear permission from subscribers before using the data collected for any purpose other than to provide broadband service," he said.   But extensive new rules may not be necessary with more customers using encryption to protect their data, some critics said. Even the privacy groups recognize that "the use of encryption only continues to grow," said Debbie Matties, vice president for privacy at CTIA. "While many other companies providing services on the Internet have the ability to see and monetize this encrypted data, ISPs cannot.

Different rules for ISPs would only confuse consumers and is not supported by the facts."

DOJ: Overturn iPhone Unlocking Decision

The government argues the iPhone 5s in question runs an older operating system that has been cracked before. The U.S. Justice Department has asked a New York federal court to overturn a recent ruling that protects Apple from having to unlock an iPhone involved in a drug case. Last week, a Brooklyn judge rejected the government's request to compel Cupertino to crack an iPhone 5s seized in 2014 from accused drug trafficker Jun Feng, who eventually pleaded guilty to conspiracy.

Despite the guilty plea, however, the government claimed access to his phone was still necessary, because it might lead to criminal accomplices. "Ultimately, the question to be answered in this matter, and in others like it across the country, is not whether the government should be able to force Apple to help it unlock a specific device," Magistrate Judge James Orenstein said at the time. "It is instead whether the All Writs Act resolves that issue and many others like it yet to come.
I conclude that it does not." The move was welcomed by the tech titan, which is also fighting a very public battle against the FBI over its request to access an iPhone 5c used by a terrorist in the San Bernardino attack. In the New York case, prosecutors filed a 45-page brief on Monday, arguing that Feng's iPhone 5s runs an older operating system—iOS 7—that Apple has agreed to breach in the past. "This case in no way upends the balance between privacy and security," prosecutors wrote in the new filing, as reported by The Wall Street Journal. Judge Orenstein's ruling "goes far afield of the circumstances of this case and sets forth an unprecedented limitation on federal courts' authority," the brief said. Apple disagrees. "Judge Orenstein ruled the FBI's request would 'thoroughly undermine fundamental principles of the Constitution' and we agree," a company spokesman said in a statement. "We share the judge's concern that misuse of the All Writs Act would start us down a slippery slope that threatens everyone's safety and privacy." Cupertino boss Tim Cook has referenced that same slippery slope in the tech titan's fight with the FBI, claiming that the requested iOS backdoor will inevitably end up in the wrong hands.

Apple is even willing to take its fight to the Supreme Court, where it would have the support of numerous industry heavyweights. Apple is due back in court on the San Bernardino case on March 22. The DOJ did not immediately respond to PCMag's request for comment.

FireLayers chooses activereach to bring its cloud application security solutions to...

and offers free assessment of cloud application security to customersHigh Wycombe, UK and HERZLIYA, Israel – 8 March 2016: Today’s organizations are increasingly reliant upon SaaS and cloud applications to conduct their daily operations, from managing the sales funnel to contacting their customers.

But these commercial applications also expose the organization to a myriad of threats, including: Exfiltration of sensitive data such as customer records, sales prospects and personal data Account/Identity theft Compliance violations FireLayers protects enterprise cloud applications by integrating context and risk factoring into security policies and triggering user-facing mitigations to prevent data breaches.

FireLayers proactively identifies file sharing related actions, in real time, in any application.

This includes homegrown applications running on Azure, AWS and Google Cloud, among other IaaS (infrastructure-as-a-service) customized applications and off-the-shelf SaaS tools like Box, Google Apps, Office 365 and ServiceNow. FireLayers GUI The FireLayers Cloud Application Security Platform is the industry's first platform capable of providing organizations full control over popular cloud apps which they use to drive their business. With FireLayers, organizations have the security, visibility and control they need to make the move to the cloud and maximize the value of their cloud applications. In appointing and welcoming activereach, Ofer Smadari, Firelayers VP of Global Sales & BD said, "We are impressed with activereach’s expertise and track record and we are proud to be partnering with an organization that shows a clear understanding of the issues facing cloud users.” FireLayers services are ideal and timely for UK enterprises that are considering moving to cloud-based applications. Mike Revell, Managing Director at activereach comments:“We are pleased to bring this solution to the UK market and anticipate strong interest from our customers that are embracing the cloud. Until now, CISOs were forced to choose between blocking or allowing cloud apps. Now, with FireLayers, they can define and enforce adaptive security policies to prevent data breaches of cloud apps like Google Apps, Office365, Salesforce, Dropbox and countless others.

This service is a great addition to our cloud-based security solutions portfolio.” For a limited time only, activereach, in association with FireLayers, is offering free assessment of customers’ cloud application security.

Deployed within minutes, it delivers actionable insights regarding application security within days. - ENDS - FOR MORE INFORMATION PLEASE CONTACT:Lorna Fimia, Marketing Manager, activereach LtdEmail: lorna.fimia@activereach.net Tel: 0845 625 9025 NOTES TO EDITOR:About FireLayersFireLayers enables responsible cloud adoption, delivering the security, compliance and governance organizations can rely on to safely enable any user to use any device to access any cloud application.

For additional information please visit www.firelayers.com About activereachactivereach is a leading integrator of Internet, networking, voice and security solutions delivered through the cloud, managed services, software and appliances.

For organizations faced with today’s complex IT challenges, activereach provides a unique consultative approach with solutions based on best of breed products and services. activereach has helped hundreds of businesses across the UK, Europe & Middle East – ranging from FTSE 500 enterprises and financial institutions to retailers and SMEs – manage and secure their network infrastructures, voice & data communications and critical information assets. Operating across activeNETWORKS and activeDEFENCE technology divisions, activereach is headquartered near London, UK.

For additional information please visit www.activereach.net

Multi-factor authentication goes mainstream

Fingerprints, rather than passwords, are what more than a million financial services customers at USAA use to get online. Part of a trend toward multi-factor authentication (MFA), there is no stored list of passwords for hackers to steal. REUTERS/Fabri...