Category: Surveillance & Privacy

There’s growing evidence that passing a comprehensive privacy law at the state level is a multiyear endeavor. There are anomalies among existing laws on the books, but most legislatures take two years or more to pass a bill.

Indiana is the latest example of how the process plays out, as it’s on the verge of adding to the pile of comprehensive state privacy laws. The Indiana House took a unanimous 98-0 vote to grant final passage to Senate Bill 5 on consumer data protection a year after the bill stalled in the same chamber.

The Indiana Senate, which already voted 49-0 to approve SB 5 on 9 Feb., will vote on concurrence, a perceived formality before the bill heads to Gov. Eric Holcomb, R-Ind., for a final signature. Holcomb has seven days upon transmission to act on the bill, with a definitive veto the only way it will not become a law.

Western media seems to be actively trying to create an “information tsunami” about the topic, according to Pushilin, who suggested it could mean the leaks may have been deliberate.

“Who knows, this could be the preparation of the global community for a possible reduction in support for Ukraine on the eve of the highly publicized counteroffensive by the Ukrainian Armed Forces,” Pushilin wrote. He also said, however, that regardless of the content of the leaked documents or the true intentions of the West, Russia’s task is to continue working and not respond to provocations.

A California-based owner of a Tesla vehicle has sued the electric carmaker in a prospective class action lawsuit accusing it of violating the privacy of customers. The lawsuit was filed in the United States District Court for the Northern District of California on Friday. It came after reports on Thursday that groups of Tesla employees privately shared via an internal…

According to nine former workers who talked to the agency, groups of employees shared private footage of customers in Tesla’s internal one-on-one chats between 2019 and 2022. One of the clips in question captured a man approaching his electric car while he was completely naked, one of the sources said.

New rules and obligations under the California Consumer Privacy Act have reached the finish line. The California Privacy Protection Agency announced its first California Privacy Rights Act rulemaking package was approved by the California Office of Administrative Law following a review.
The finalized rules contain no substantive changes to the final draft submitted by the CPPA to the OAL in February. The first rulemaking package addresses regulations concerning data processing agreements, consumer opt-out mechanisms, mandatory recognition of opt-out preference signals, dark patterns and consumer request handling.
“I’m incredibly impressed with the team and thankful for the Board’s thoughtful guidance,” CPPA Executive Director Ashkan Soltani said in a statement. “With the regulations in place, we can now redouble our efforts to promote public awareness of consumers’ rights and businesses’ responsibilities under the law to better ensure that these privacy rights are secured.”
In its press release, the agency indicated the regulations “provide clarity and specificity to implement” changes to the CCPA regulations necessitated by the CPRA. It added the final rules “place the consumer in a position where they can knowingly and freely negotiate with a business over the business’s use of the consumer’s personal information.”
More CPPA insights into the final regulations will come to light at the IAPP Global Privacy Summit 2023 in Washington, D.C., 5 April, as Soltani joins California Supervising Deputy Attorney General Stacey Schesser, CIPP/US, for a discussion on CCPA enforcement.
The finalization is a culmination of a rulemaking process the CPPA commenced 8 July 2022, after originally scheduling its completion for 1 July 2022. The agency formally announced an extended delay to its process 23 Feb. 2022, citing insufficient staff and resources would slow its work.
The CPPA Board had its first-ever meeting 14 June 2021, while Soltani was appointed executive director 4 Oct. 2021. The agency added relevant personnel on a rolling basis — and lost a board member — while executing its rulemaking procedure.
“This is a major accomplishment, and a significant step forward for Californians’ consumer privacy. I’m deeply grateful to the Agency Board and staff for their tireless work on the regulations, and to the public for their robust engagement in the rulemaking process,” CPPA Board Chair Jennifer Urban said in a statement.
Industry stakeholders criticized the agency’s drawn-out rulemaking procedure despite the short-staffing acknowledgements. Concerns stemmed from the lack of time for companies to sufficiently implement final regulations ahead of CPRA enforcement becoming effective 1 July.
The agency partially addressed the enforcement concerns with a rule allowing the CPPA to “consider all facts it determines to be relevant, including the amount of time between the effective date of the statutory or regulatory requirement(s) and the possible or alleged violation(s) of those requirements, and good faith efforts to comply with those requirements.”
Upon submission of the first rulemaking package to the OAL, the CPPA announced preliminary activities on its next rulemaking package. The second set of CPRA rules will address cybersecurity audits, risk assessments and automated decision-making.

Israel launch a new spy satellite on Wednesday, the first the country has sent to space in nearly three years as it seeks to enhance its defense capabilities and prepare for a possible escalation with Iran.

An Israeli Shavit rocket delivered the Ofek-13 satellite to space, blasting off from the Palmachim Airbase on the Mediterranean coast at 7:10 p.m. ET, according to the Israeli Ministry of Defense. The ministry confirmed that the satellite entered its designated orbit and began transmitting data after completing an initial series of inspections. Ofek-13 still has to undergo a few more inspections before beginning its full operations “in the near future,” the defense ministry wrote.

Israel’s Ofek-13 satellite is the latest to join a series of reconnaissance satellites, the first of which launched in 1988. Its latest predecessor was the Ofek-16, which launched in July 2020. Israel’s defense ministry is claiming that Ofek-13 has the most advanced capabilities of the entire series with “unique radar observation capabilities, and will enable intelligence collection in any weather and conditions of visibility thus enhancing strategic intelligence,” Boaz Levy, CEO of state-owned Israel Aerospace Industries, said in the ministry statement.

The U.S. state of Iowa is no stranger to privacy bills. Since its first attempt in 2020, the state’s legislature has repeatedly proposed and considered comprehensive consumer data privacy legislation. But 2023 is the year privacy took root in Iowa. On 28 March 28, Iowa became the sixth state to pass a comprehensive privacy law, joining Connecticut, Utah, Virginia, Colorado and California. The law will go into effect on 1 Jan. 2025, giving organizations 21 months to comply with the new requirements from this state with over 3 million residents. Though the new law includes many familiar elements from other state laws, organizations should note a handful of differences as they expand their U.S. compliance efforts. 

A new lawsuit accuses Mark Zuckerberg and other Meta Platforms Inc executives and directors of failing to do enough to stop sex trafficking and child sexual exploitation on Facebook and Instagram. The complaint made public late Monday by several pension and investment funds that own Meta stock said Meta’s leadership and board have failed to protect the company’s and shareholders’ interests by turning a blind eye to “systemic evidence” of criminal activity.

Given the board’s failure to explain how it tries to root out the problem, “the only logical inference is that the board has consciously decided to permit Meta’s platforms to promote and facilitate sex/human trafficking,” the complaint said. Meta rejected the basis for the lawsuit, which was filed in Delaware Chancery Court.

Meta, based in Menlo Park, California, has long faced accusations that its platforms are a haven for sexual misconduct.

German and US authorities, supported by Europol, have targeted ChipMixer, a cryptocurrency mixer used to keep crypto transactions private. The investigation was also supported by Belgium, Poland and Switzerland. On 15 March, national authorities took down the infrastructure of the platform, seizing 4 servers, and also seizing about 1909 Bitcoins in 55 transactions (approx. EUR 44.2 million) and 7 TB of data.

Latitude Financial has revealed it has been hit by a sophisticated and malicious cyberattack that has compromised a total of 328,000 separate pieces of data that it had sourced from its customers. The loans, credit card and insurance provider said it had detected unusual activity on its systems over the last few days that was believed to have originated from a major vendor used by Latitude.

The company said the attacker appeared to have used employee login credentials to steal personal information that was being held by two other of Latitude’s service providers. In a statement to the ASX on Thursday morning, Latitude said approximately 103,000 identifications documents – 97% of which were drivers’ licences – were stolen from the first service provider, while 225,000 customer records were stolen from a second service provider.

The ban will be imposed next week and reevaluated after six months, De Croo said in a statement. Government employees will be allowed to use the app on their personal devices, but not on any devices “whose purchase, subscription or use are partly or fully paid for by the federal government.” Citing reports by the Belgian State Security Service and Centre for Cybersecurity, De Croo claimed that TikTok collects large amounts of user data, manipulates the information users are exposed to, and cooperates with Chinese spy agencies. “We must not be naive,” De Croo said. “TikTok is a Chinese company that today is obliged to cooperate with the Chinese intelligence services.”

Police in Canada said on Thursday they are investigating allegations that two Montreal-area centers are being used as Chinese state-backed “police stations” to intimidate or harass Canadians of Chinese origin. The investigation adds to mounting allegations of Chinese interference in Canada’s internal affairs, including accusations by Ottawa that Beijing tried to influence the last two Canadian elections. China has denied those accusations. “We are carrying out police actions aimed at detecting and disrupting these foreign state-backed criminal activities, which may threaten the safety of persons living in Canada,” the Royal Canadian Mounted Police (RCMP) in Quebec said in a statement. Countries including the United States and the Netherlands have carried out similar probes following a report in September by Safeguard Defenders, a Europe-based human rights organization, detailing the presence of dozens of Chinese police “service stations” in major cities globally. In November, the RCMP in Ontario, Canada’s most populous province, also launched an investigation into similar reports of Chinese “police service stations” in the Toronto area. The Ontario RCMP did not respond to a request for information on that probe.

Matt Taibbi presented the US Congress with evidence of corporate, NGO and government collusion: Social media platforms colluded with non-governmental organizations and the US government to suppress information they did not like. During the hearing, multiple Democrats tried to pressure Taibbi into revealing his sources, insinuating Twitter’s new owner, Elon Musk, was behind the disclosures.

House Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries also learned from the agency that the data is now being offered for sale on the dark web.   Leading lawmakers were informed of a “significant data breach” at the DC Health Link marketplace potentially affecting all members of the House and their families in a letter from the Chief Administrative Office of the House on Wednesday. CAO Catherine Szpindor promised a full list of the individuals affected but advised members to secure their finances “out of an abundance of caution” as their data may have been compromised.  

There is no evidence that China is spying on telecom equipment suppliers’ technology. Nevertheless, they are to be banned from the 5G network for fear of dependencies.

The “Overt Human Intelligence Collection Program” (OHIC) has been in existence since at least 2016, according to Politico, which did not disclose how it obtained the documents.  Run by the DHS Office of Intelligence and Analysis (I&A), OHIC is intended to gather information about threats such as organized crime and transnational drug trafficking.