The big techs are all coming into the privacy spotlight with four of the big techs each making the headlines this week.
Facebook has come under the media glare after a pressure group called for it to be broken up. A vulnerability has been found in a Microsoft product, a bug has been found in Google Chrome and Apple has written to Congress saying that it is different. Meanwhile, Google has also been in the news over suggestions that it is tracking us even when we think we have told it not to. The NHS has been in the news this week as well.
The vulnerability with Microsoft relates to a finding by an engineer at identity management company Okta Rex. The vulnerability was with a Microsoft MFA multi factor identification system in which a user’s identity can be ascertained by asking various questions. According to Okta Rex, the vulnerability means that hackers can access all information in the system just by having details of two individuals. Microsoft has produced a patch for the vulnerability.
The bug with Google Chrome relates to when uses are searching via the Microsoft Bing search engine. Unless they have the latest version of Chrome, it is possible for a bad actor to ask simple yes or no questions and from that reveal detailed information about users, including age gender and indeed likes. It may also be possible for them to correlate this information with email addresses.
Google is also under the cosh thanks an investigation by Associated Press. Researchers found that Google stores a snapshot of where you are; this information is then kept and even maintained when users think they may have disabled it by deleting location history. Instead data can only be deleted by going to the web and app activity functions. A Google spokesman said: “We provide clear descriptions of these tools and robust controls so people can turn them on or off and delete their histories any time.”
As for Facebook, a pressure group called Freedom from Facebook has called for the break up of the company. It says “Facebook tracks us almost everywhere we go on the web and through our smart phones even where we go in the real world. It uses this internet data horde to figure out how to addict us and our children to use its services.”
Meanwhile, the apparent halo at Apple grows brighter, following a letter sent to both Tim Cook the CEO at Apple and Larry Page CEO of Google, detailing concerns about the way the two companies can track our whereabouts possibly against our will. Apple’s director of federal government affairs, Tim Powderly said: “We believe privacy is a fundamental human right and purposely design our products and services to minimise the collection of data services of customer data.”
He said: “We are radically different. The customer is not our product and our business model does not depend on collecting vast amounts of personally identifiable information to enrich targeted profiles marketed to advertising.”
And finally, from the big techs to the NHS. The Telegraph has revealed a 2016 breach at online training business in Embrace Learning, a supplier to the NHS. It has exposed the email addresses and unencrypted passwords for 10,000 public sector healthcare workers. A statement from Embrace Learning said: “There was a data breach on our service in 2016. On reflection, our security measures at that time were clearly not sophisticated enough to prevent data being stolen.”
European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.