Category: Surveillance & Privacy

As information started to leak out from the… everywhere about NSO Group’s secondhand contribution to surveillance abuses all over the world, the world (except for the worst of NSO’s customers) began taking action. Even the government that facilitated many of NSO’s sales to human rights violators decided it might be time to toss a few restrictions on the Israel-based malware merchant founded by former Israeli intelligence officers. The same thing happened in the United States. NSO was joined by lesser…

Intellexa (AKA Intellexa Anonymi Etaireia), an alliance of digital intelligence firms in Greece run by an ex-Israeli intel officer, and Cytrox AD (AKA Sytrox), which produces their Predator spyware, added to U.S. ‘entity list’ which already includes Israel’s NSO and Candiru. Late last year, Citizen Lab uncovered the hacking of an Egyptian dissident’s phone. The affected device was host to two forms of malware, one created by NSO Group and the other by Cytrox. According to the Citizen Lab investigation, these infections were…

NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec. The COI Cooperation Portal (dnbl.ncia.nato.int) is the military alliance’s unclassified information-sharing and collaboration environment, dedicated to supporting NATO organizations and member nations. Yesterday, the hacking group ‘SiegedSec’ posted on Telegram what they claimed to be hundreds of documents stolen from the COI Cooperation Portal. SiegedSec post on Telegram Cybersecurity company CloudSEK analyzed…

The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents. According to the Wall Street watchdog, material incidents are those that a public company’s shareholders would consider important. The SEC also adopted new regulations mandating foreign private issuers to provide equivalent disclosures following cybersecurity breaches. “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident —…

The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children’s privacy laws violations related to the company’s Alexa voice assistant service. Amazon has offered Alexa voice-activated products and services targeted at children under 13 years old since May 2018. In May 2023, the Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) filed charges against Amazon, accusing the company of violating children’s privacy laws,…

Nearly 70 IT security and privacy academics have added to the clamour of alarm over the damage the UK’s Online Safety Bill could wreak to, er, online safety unless it’s amended to ensure it does not undermine strong encryption. Writing in an open letter, 68 UK-affiliated security and privacy researchers have warned the draft legislation poses a stark risk to essential security technologies that are routinely used to keep digital communications safe. “As independent information security and cryptography researchers, we…

The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice. In a decision published yesterday, the agency explains that by using Google Analytics to generate web statistics the firms were breaching European Union’s General Data Protection Regulation (GDPR). Specifically, the companies were in violation of the GDPR Article 46(1), which forbids the transfer of personal data to countries or…

Monday, 03 July 2023 5:02 PM Turkish authorities say they have uncovered and disrupted a vast “ghost” Mossad spy network centered in Istanbul, following months of surveillance. The substantial efforts by Turkey’s National Intelligence Organization (MIT) exposed 56 operatives allegedly spying on non-Turkish citizens in Turkey in the service of the Israeli spy agency Mossad, Turkey’s Daily Sabah newspaper reported on Monday. MIT and the Anti-Terrorism Branch of the Istanbul Police Department also managed to arrest seven of the suspected…

Steve Li Kwai-wah, Hong Kong’s national security department superintendent, speaks during a press conference to issue arrest warrants for eight activists, in Hong Kong on Monday. Joyce Zhou/Reuters TAIPEI, Taiwan — Hong Kong has issued arrest warrants for eight exiled activists and lawyers, accusing them of violating China’s national security law — and offering a hefty bounty for their capture. Among the eight people Hong Kong’s national security police say are wanted for “collusion with foreign forces” are activist and…

Sweden’s data protection watchdog has issued a couple of fines in relation to exports of European users’ data via Google Analytics which it found breach the bloc’s privacy rulebook owing to risks posed by US government surveillance. It has also warned other companies against use of Google’s tool. The fines — just over $1.1 million for Swedish telco Tele2 and less than $30k for local online retailer CDON — are notable as they are the first such fines following a…

Most of us just want to live our lives in peace without excessive governmental interference, but unfortunately the control freaks that are running things just can’t help themselves.  Ultimately, they aren’t going to be happy until they are able to watch, track, monitor and control virtually everything that we write, say and do.  This is one of the big reasons why they are gearing up to introduce “central bank digital currencies” all over the western world.  Such digital currencies will…

The State of Louisiana has experienced an extensive data breach, with six million public records being exposed. The breach was a part of a global attack on the third-party file transfer application, MOVEit. The breach is likely to raise further concerns as the state recently introduced a new law that is increasing the uptake of digital ID – a law that forces adult websites to check the age of all users, with many wanting it rolled out to all social media platforms. The personal details of every…

  The European Commission has signalled it could be preparing to break up Google’s adtech business. Speaking during a press conference this afternoon, EU EVP Margrethe Vestager, the bloc’s competition chief and head of digital strategy, announced it has sent a formal statement of objections to Google for suspected anti-competitive conduct in its adtech business. If the Commission confirms its suspicions she said it is looking at breaking up Google’s adtech as the only viable solution to resolve what she…

Meta has been dragged kicking and screaming into another notable privacy concession in Europe: The German Federal Cartel Office (FCO) has announced a new account center incoming which will see the tech giant provide users of its social networking services with a greater degree of choice over whether they allow it to combine data on their activity across its services or not. It will be the first time Meta has provided such a degree of choice over its cross-site tracking…

We’ve written a lot about AB 2273, California’s Age Appropriate Design Code (AADC) that requires websites with users in California to try to determine the ages of all their visitors, write up dozens of reports on potential harms, and then seek to mitigate those harms. I’ve written about why it’s literally impossible to comply with the law. We’ve had posts on how it conflicts with privacy laws and how it’s a radical experimentation on children (ironically, the drafters of the…

CorruptionLedger commentary in red.   Twitter has pulled out of the European Union’s voluntary code to fight disinformation, the EU has said. Thierry Breton, who is the EU’s internal market commissioner, announced the news on Twitter – but warned the firm new laws would force compliance. “Obligations remain. You can run but you can’t hide,” he said. Twitter will be legally required to fight disinformation in the EU from 25 August, he said, adding: “Our teams will be ready for…