As tech giants face Congressional investigation, states must step up regulatory oversight too

Tiffany Olson Kleemann Contributor

Tiffany Olson Kleemann is the chief executive officer of Distil Networks. She formerly served in executive roles at Symantec and FireEye and was deputy chief of staff for cybersecurity operations under President George W. Bush.

More posts by this contributor

• Bots distorted the 2016 Election. Will the midterms be a sequel?

Congress has begun investigations into the power wielded by tech giants Amazon, Apple, Facebook, and Google – from their effect on the news media, to their impact on retail markets, to their handling of data. Unusual for these divided times, the concerns are bipartisan, with members of both parties suggesting that new legislation and regulation may be needed.

A number of big challenges are hurting consumers, including “serious breaches of privacy” and “loss of control of data,” Rep. David Cicilline, D-R.I., chairman of the House Antitrust Subcommittee, told CNBC.

This discussion of what Cicilline has called a “monopoly moment” is healthy and overdue. However, while Congress examines whether we should trust the tech titans with so much of our data and other assets, it would be great to see more urgency on another question: Can we trust the government itself with our data?

Federal and state government databases hold a treasure trove of sensitive, personal information that is used to collect taxes, administer benefits, register vehicles, or run elections. Not to mention the 434.2 million phone records on Americans that the National Security Agency collected last year, according to a government report.

Hackers, naturally, know that government sites are a rich target, and some of the largest cybersecurity breaches of recent years have taken place in the public sector.

WASHINGTON, DC – MARCH 24: A Department of Justice employee put up a poster of the seven indicted hackers prior to a news conference for announcing a law enforcement action March 24, 2016 in Washington, DC. A grand jury in the Southern District of New York has indicted seven Iranian who were employed by two Iran-based computer companies that performed work on behalf of the Iranian Government, on computer hacking charges related to their involvement in an extensive campaign of over 176 days of distributed denial of service (DDoS) attacks. (Photo by Alex Wong/Getty Images)

In two separate incidents in June 2015, the U.S. Office of Personnel Management discovered that attackers had stolen the Social Security numbers and other confidential information of 25.7 million current and former federal employees and contractors. The hackers’ haul even included 5.6 million fingerprints of job applicants who has undergone background investigations.

In 2016, the IRS said that 700,000 Social Security numbers were taken in a hack the year before.

In 2018, a “SamSam” ransomware attack shut down the city of Atlanta’s online systems, forcing the cancellation of court proceedings and preventing the collection of water bills and traffic fines. Last month, a ransomware assault has affected services in Baltimore and cost the city at least $18.2 million in lost or delayed revenue and direct restoration costs.

And then there are the foreign attempts to interfere with elections. U.S. officials have testified that Russian hackers targeted voting systems in 21 states in 2016, though no actual votes are believed to have been affected.

Since free and fair elections are a core tenet of our democracy, voter registration pages and election systems are the most sensitive areas of state and municipal web infrastructure. Election databases also contain personally identifiable information such as names, ages, and addresses. As my company’s experience with various state governments show, these systems are constantly under attack.

In fact, we’ve seen up to two-thirds of state election agencies’ website traffic consist of malicious bots searching for data to steal or scrape. Even more disturbingly, we have also seen spikes in automated traffic attacking the websites as registration deadlines approach. These spikes slow down the performance of back-end databases, compromising the agencies’ overall ability to effectively conduct elections.

This evidence shows that the existential threat to government data is every bit as important as the security and privacy concerns driving the congressional investigation of Amazon, Apple, Facebook, and Google. But is enough being done?

Voting booths in polling place. Image courtesy Getty Images

More than three years after the devastating attack on the U.S. Office of Personnel Management, a report by the General Accounting Office in November found that the agency had not implemented 29 of the 80 recommendations the government’s in-house auditor had made to shore up its cyber defenses.

In Atlanta, an audit determined that leading up to the ransomware attack, the city had ignored repeated warnings about flaws in its security posture, including a failure to address 1,500 to 2,000 severe vulnerabilities that the city’s Information Management and the Office of Information Security had identified.

Where control of data is concerned, it’s vital that the federal and state governments look themselves in the mirror just as hard as Congress is now assessing the tech giants. A few specific recommendations:

• Government agencies at all levels should conduct an exhaustive review of their cyber security capabilities and hold leaders personally responsible for ensuring they are up to snuff for constantly evolving threats.

• Beyond investigating the practices of a few companies, Congress also should focus energy on a long-overdue update of the Computer Fraud and Abuse Act, a 33-year-old law that makes it unlawful to break into a computer to access or alter information and, astoundingly, still serves as a legal guidepost in today’s new landscape of bots, malware, ransomware and other malicious attacks.

• The Trump administration should make sure to follow through with its May 2 executive order on cyber defense that promised to “grow the cybersecurity capability of the United States Government, increase integration of the federal cybersecurity workforce, and strengthen the skills of federal information technology and cybersecurity practitioners.” It also called for a “cybersecurity rotational assignment program” within the federal government that “will serve as a mechanism for knowledge transfer and a development program for cybersecurity practitioners.”

An important discussion is happening on Capitol Hill about the influence of Amazon, Apple, Facebook, and Google in our lives and society. It would be hypocritical, however, to lose sight of how much of our data sits in government computer systems and that it also faces serious threat.

from Apple – TechCrunch https://ift.tt/2JYEMj1

Apple’s latest Tesla hire specializes in car interiors

Another high-level Tesla engineering executive has hopped over to Apple. Steve MacManus, who was vice president of engineering at Tesla, is now a senior director at Apple, according to an update on his LinkedIn profile.

Bloomberg was the first to report MacManus had taken the position at Apple. MacManus, whose was in charge of interior and exterior engineering, is the third Tesla executive to leave and take a position at Apple this year. He had been at Tesla since 2015.

His hiring follows two other high-profile moves from Tesla to Apple, including former chief engineer Doug Field and Michael Schwekutsch, who worked on drive systems at the electric automaker.

MacManus has a deep background in industrial design, specifically vehicle interiors and exteriors. Prior to Tesla, MacManus was chief engineer of body interior and exterior of trim and hardware at Aston Martin Lagonda. He was functional manager seating and restraints at Bentley Motors and also once worked at Jaguar Land Rover.

This latest hire, and the ones before, suggest that Apple’s Project Titan, the company’s not-so-secretive effort to build a self-driving car, might be in the midst of a revival. In January, news emerged that Apple had reassigned 200 employees previously involved in its development.

At the time, an Apple spokesperson said the company had an “incredibly talented team working on autonomous systems and associated technologies at Apple” and explained that some groups were being moved to projects in other parts of the company to support machine learning and other initiatives.

Apple could not be reached for comment. TechCrunch will update the article with any new information.

from Apple – TechCrunch https://ift.tt/2Ynn8yF

Apple reportedly in talks to acquire Intel’s modem business for $1B+

Apple may have wrote a check and signed a deal with Qualcomm in order to ensure a 5G iPhone wasn’t late to market, but it’s clear the Cupertino hardware giant wasn’t interested in burying the hatchet too deep.

Apple is in “advanced talks” to buy Intel’s smartphone modem business for “$1 billion or more” according the a new report in The Wall Street Journal. Last month, The Information detailed that Apple was in talks to buy part of Intel’s modem business.

This latest report details that an agreement “could be reached in the next week” if the talks don’t fall apart.

This deal could potentially bring Apple hundreds of engineers and key patents from Intel that would allow them to build out technologies that they are currently licensing from Qualcomm for their cell network-connected mobile devices.

Any deal wouldn’t affect the near-term nature of Apple’s relationship with Qualcomm, as part of the companies’ settlement included a six-year licensing agreement, though full details of that agreement were not disclosed.

Apple has worked with Intel’s modem team closely, especially during their legal skirmishes with Qualcomm though Intel’s team was reported to be falling behind in scaling its 5G modem development.

We’ve reached out to Apple for comment.

Apple and Qualcomm are ending their legal battles

from Apple – TechCrunch https://ift.tt/2XYgEH3

Apple releases iOS 12.4 with software support for Apple Card

While iOS 13 is right around the corner with a ton of new features, it isn’t quite ready just yet. Apple has just released iOS 12.4, a new stable update. There aren’t many radical changes, but this is the first version that supports the Apple Card.

Apple has been testing its credit card for a few weeks now. According to Bloomberg, Apple’s retail employees have been able to sign up to the Apple Card.

As a reminder, Apple has partnered with Goldman Sachs on a credit card for U.S. customers. When you sign up, you receive a Mastercard credit card that you control from the Wallet app.

In addition to a list of your most recent transactions, you can see a breakdown of your purchases by category. You get 1% back when you pay with your card, 2% if you pay using Apple Pay and 3% if it’s an Apple purchase.

Cash back is credited directly on your Apple Cash card. You can pay for things using Apple Pay, make a payment on your Apple Card or transfer it to your bank account.

The Apple Card was originally announced back in March. The company said that it would be available this summer. Now that iOS 12.4 is available, the release date shouldn’t be too far off.

iOS 12.4 also features a new migration tool so that you can wirelessly transfer data from one iPhone to another. It should make it easier to switch to a new iPhone, especially if you don’t use iCloud.

With this update, you can also control your Apple News+ content more granularly. For instance, you can clear downloaded magazines, check your downloaded issues and more.

Today’s update also re-enables Walkie Talkie on the Apple Watch. The company had to temporarily disable the feature due to a vulnerability.

Don’t forget to backup your iPhone to iCloud or iTunes before updating. Then head over to the Settings app, tap General and Software Update.

from Apple – TechCrunch https://ift.tt/32Lv9wA

Apple fixes Walkie Talkie app vulnerability in watchOS update

If you are, for some reason, an avid Walkie Talkie user on the Apple Watch, you will be pleased to learn that the functionality is back in the latest watchOS update today. The watchOS 5.3 release notes specify that the update “[p]rovides important security updates including a fix for the Walkie-Talkie app.”

The feature was notably disabled nearly two weeks ago after Apple discovered a vulnerability, one which was unspecified but was clearly serious enough for them to quickly pull one of the hallmark updates of watchOS 5.

Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping

If you’re not familiar, the Walkie Talkie app allows two users to send short push-to-talk chat messages to one another. It’s a nice way to reduce the complexity of using the Apple Watch as a full-features communications tool, speeding up the process of sending messages, rather than using voice transcription.

The update is available now.

from Apple – TechCrunch https://ift.tt/2GoK7z7

Google is adding Find My Device and battery features to Fast Pair headphones

Introduced a few I/Os back, Fast Pair is Google’s attempt to make its own mark on the post-AirPod headphone landscape. Many of the features are similar to Apple’s offerings, but Google’s got a leg up in one key way: third-party hardware. Like Android, the company’s focused on bringing Fast Pair to as many manufacturers as possible.

That list now includes Libratone, Jaybird, JBL (four models), Cleer, LG (four models), Anker (one pair of headphones and speaker) and, of course, Google’s own Pixel Buds. This week, the company announced a number of key features coming to Fast Pair headphones.

A disappointing debut for Google’s Pixel Buds

New this time around is Find My Device functionality, aimed at helping owners locate missing headsets. The app will show the time and location they were last in use, and will send out a chime from buds that are still in Bluetooth range.

Also new is individual battery life for buds and case. Opening the case near a paired handset will pop up that information. All of the above features will arrive on the 15 or so headphones that currently sport the feature.

from Android – TechCrunch https://ift.tt/2GkSP1o
via IFTTT

iOS 13: Here are the new security and privacy features you might’ve missed

In just a few weeks Apple’s new iOS 13, the thirteenth major iteration of its popular iPhone software, will be out — along with new iPhones and a new iPad version, the aptly named iPadOS. We’ve taken iOS 13 for a spin over the past few weeks — with a focus on the new security and privacy features — to see what’s new and how it all works.

Here’s what you need to know.

You’ll start to see reminders about apps that track your location

Ever wonder which apps track your location? Wonder no more. iOS 13 will periodically remind you about apps that are tracking your location in the background. Every so often it will tell you how many times an app has tracked where you’ve been in a recent period of time, along with a small map of the location points. From this screen you can “always allow” the app to track your location or have the option to limit the tracking.

You can grant an app your location just once

To give you more control over what data have access to, iOS 13 now lets you give apps access to your location just once. Previously there was “always,” “never” or “while using,” meaning an app could be collecting your real-time location as you’re using it. Now you can grant an app access on a per use basis — particularly helpful for the privacy-minded folks.

And apps wanting access to Bluetooth can be declined access

Apps wanting to access Bluetooth will also ask for your consent. Although apps can use Bluetooth to connect to gadgets, like fitness bands and watches, Bluetooth-enabled tracking devices known as beacons can be used to monitor your whereabouts. These beacons are found everywhere — from stores to shopping malls. They can grab your device’s unique Bluetooth identifier and track your physical location between places, building up a picture of where you go and what you do — often for targeting you with ads. Blocking Bluetooth connections from apps that clearly don’t need it will help protect your privacy.

Find My gets a new name — and offline tracking

Find My, the new app name for locating your friends and lost devices, now comes with offline tracking. If you lost your laptop, you’d rely on its last Wi-Fi connected location. Now it broadcasts its location using Bluetooth, which is securely uploaded to Apple’s servers using nearby cellular-connected iPhones and other Apple devices. The location data is cryptographically scrambled and anonymized to prevent anyone other than the device owner — including Apple — from tracking your lost devices.

Your apps will no longer be able to snoop on your contacts’ notes

Another area that Apple is trying to button down is your contacts. Apps have to ask for your permission before they can access to your contacts. But in doing so they were also able to access the personal notes you wrote on each contact, like their home alarm code or a PIN number for phone banking, for example. Now, apps will no longer be able to see what’s in each “notes” field in a user’s contacts.

Sign In With Apple lets you use a fake relay email address

This is one of the cooler features coming soon — Apple’s new sign-in option allows users to sign in to apps and services with one tap, and without having to turn over any sensitive or private information. Any app that requires a sign-in option must use Sign In With Apple as an option. In doing so users can choose to share their email with the app maker, or choose a private “relay” email, which hides a user’s real email address so the app only sees a unique Apple-generated email instead. Apple says it doesn’t collect users’ data, making it a more privacy-minded solution. It works across all devices, including Android devices and websites.

You can silence unknown callers

Here’s one way you can cut down on disruptive spam calls: iOS 13 will let you send unknown callers straight to voicemail. This catches anyone who’s not in your contacts list will be considered an unknown caller.

You can strip location metadata from your photos

Every time you take a photo your iPhone stores the precise location of where the photo was taken as metadata in the photo file. But that can reveal sensitive or private locations — such as your home or office — if you share those photos on social media or other platforms, many of which don’t strip the data when they’re uploaded. Now you can. With a few taps, you can remove the location data from a photo before sharing it.

And Safari gets better anti-tracking features

Apple continues to advance its new anti-tracking technologies in its native Safari browser, like preventing cross-site tracking and browser fingerprinting. These features make it far more difficult for ads to track users across the web. iOS 13 has its cross-site tracking technology enabled by default so users are protected from the very beginning.

Read more:

• iOS 13 will let you limit app location access to ‘just once’
• Apple may combine ‘Find My iPhone’ & ‘Find My Friends’ apps, launch a Tile-like tracking device
• With iOS 13, Apple locks out apps from accessing users’ private notes in Contacts
• Apple introduces ‘Sign in with Apple’ to help protect your privacy
• Answers to your burning questions about how ‘Sign In with Apple’ works
• How to stop robocalls spamming your phone
• Apple has a plan to make online ads more private

from iPhone – TechCrunch https://ift.tt/2SnsTXy