Author: Zack Whittaker

Watchdog says 2020 Census systems are riddled with security flaws

With a census just two years away, the Census Bureau has a cybersecurity problem. That’s a key takeaway from the congressional watchdog, the Government Accountability Office, which oversees the government’s spending. In a new report published Thursday, the non-partisan agency said that the government’s Census Bureau has only a few months to fix thousands of security vulnerabilities that may put personal citizen data at risk. The census, conducted by the federal government decennially, provides the government data on the population. Ahead of the 2020 census, the Bureau began testing all 44 key systems necessary to support the new option...

Read More

This is Google’s Titan security key

Google isn’t one to shy away from bold claims. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a spokesperson told TechCrunch. And it’s probably true. Think of a security key as like a two-factor authentication code that’s sent to your phone — but instead a USB stick in your pocket. Two-factor authentication is stronger than just a username and password, but text message codes can be intercepted and many sites and services don’t yet support the stronger authenticator codes. Security keys are one of the strongest lines of defense against account breaches. That’s because a...

Read More

Google, Facebook, Twitter chiefs called back to Senate Intelligence committee

Twitter chief executive Jack Dorsey and Facebook chief operations officer Sheryl Sandberg will testify in an open hearing at the Senate Intelligence Committee next week, the committee’s chairman has confirmed. Larry Page, chief executive of Google parent company Alphabet, was also invited but has not confirmed his attendance, a committee spokesperson confirmed to TechCrunch. Sen. Richard Burr (R-NC) said in a release that the social media giants will be asked about their responses to foreign influence operations on their platforms in an open hearing on September 5. It will be the second time the Senate Intelligence Committee, which oversees...

Read More

Privacy groups ask senators to confirm US surveillance oversight nominees

A coalition of privacy groups are calling on lawmakers to fill the vacant positions on the government’s surveillance oversight board, which hasn’t fully functioned in almost two years. The Privacy and Civil Liberties Oversight Board, known as PCLOB, is a little-known but important group that helps to ensure that intelligence agencies and executive branch policies are falling within the law. The board’s work allows them to have access to classified programs run by the dozen-plus intelligence agencies and determine if they’re legal and effective, while balancing Americans’ privacy and civil liberties rights. In its most recent unclassified major report in...

Read More

Air Canada confirms mobile app data breach

Air Canada has confirmed a data breach on its mobile app, which the airline said may affect 20,000 people — or 1 percent — of its 1.7 million app users. The company said it had “detected unusual log-in behavior” occurring between August 22-24. According to an email to customers, attackers may have accessed basic profile data, including names, email addresses and phone numbers — but also more sensitive data that users may have added to their profiles, including passport numbers and expiry date, passport country of issuance, NEXUS numbers for trusted travelers, gender, dates of birth, nationality and country of residence. But credit card data was not accessed, the airline said. It’s not known if there was a direct breach of Air Canada’s systems or if hackers attempted to reuse passwords from other sites that may have also been used on Air Canada’s mobile app. When reached, an Air Canada spokesperson did not comment on the breach, referring only to a FAQ on the airline’s website. Air Canada joins the ranks of other airlines that have admitted data breaches in recent months. Delta said earlier this year that customer data was stolen after a security lapse at one of its third-party customer support service vendors. And, last year Virgin admitted it a hacker broke into its internal network, prompting the company to force-reset staff...

Read More

Yahoo still scans your emails for ads — even if its rivals won’t

You’re not the only one reading your emails. A deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email scanning program analyzes over 200 million AOL and Yahoo inboxes for data that can be sold to advertisers. (Disclosure: TechCrunch is owned by Verizon by way of Oath.) The logic goes that by learning about its users, the internet giant can hone its ad targeting effort to display the most relevant ads. But where other major email providers have bailed from email scanning amid privacy scandals and security issues, Oath remains the outlier. Google ended its ad-targeting email scanning operation across its consumer Gmail service last year — a decision lauded after facing criticism for years over the practice — though the company still uses machine learning to help you reply to emails. Meanwhile, Microsoft told TechCrunch in a statement that it does “not use email content for ad targeting in any way, anywhere in Microsoft.” And Apple has never scanned its customers’ inboxes for advertising, though its privacy policy says it can access your data for law enforcement purposes or for more vague reasons like “issues of public importance.” So it’s basically just Oath, then. Scanning the inboxes of its hundreds of millions of email...

Read More

UK data protection complaints more than double under new GDPR rules

The number of complaints filed with the UK data protection watchdog has more than doubled since the introduction of new European regulations. There were 6,281 complaints filed with the Information Commissioner’s Office between May 25 when the new GDPR rules went into effect and July 3, a rise of more than double from the 2,417 complaints during the same period a year earlier. The ICO, which enforces the new rules in the UK, did not say if the bulk of the new cases are GDPR related as the watchdog doesn’t separate out its complaints by type, but said that the agency expects the figures will continue to climb. “Generally, as anticipated, we have seen a rise in personal data breach reports from organizations,” said an ICO spokesperson. “Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.” It follows a similar reported rise in figures from neighboring Ireland, with over half of new complaints falling under the GDPR umbrella since the law was introduced. The new EU-wide rules replace long overdue and fragmented data protection and privacy rules across the 28 member state bloc from two decades ago. Under the new regulations, European citizens can request their data from companies, and can ask for their data to...

Read More

Stingray cell phone surveillance devices may interfere with 911 calls, senator says

A senator has confirmed that the use of cell site simulators for conducting real-time surveillance on cell phones may interfere with 911 calls. In a letter to the attorney general, Sen. Ron Wyden said that devices, widely known as “stingrays,” can jam cell phones from sending or receiving phone calls and text messages, which may limit a phone from contacting the emergency services. Wyden said officials at Harris, which develops the surveillance device, told his office that a feature designed to prevent interference with 911 calls was neither tested nor confirmed to work. Wyden said that not only do stingrays disrupt the communications of a targeted cell phone, other people’s devices nearby might also “experience a temporary disruption of service.” Stingrays are controversial bits of tech — largely in part because almost nobody outside law enforcement has seen one or knows exactly how they work. These devices are held as a closely guarded secret by police and federal agencies who are bound by non-disclosure agreements — so much so that prosecutors have dropped court cases that might reveal confidential information about the devices. What we do know is that police across the US use these suitcase-sized devices to mimic cell towers, which trick nearby cell phones into connecting to the device. Police can then identify someone’s real-time location and log all the phones within its range. Some advanced devices are believed to be...

Read More

Right Now in Politics and Business