Gift Givers, Check Your Lists Twice
The digital era has brought with it a huge number of exciting gift ideas. DNA kits, smart home devices, wearables, digital personal assistants -- the list goes on. But, before you unknowingly saddle a loved one with a personal data siphon, read those privacy policies closely.
If you're unsure what they mean, ask questions of the providers. If they don't respond, move on. Yes, it's a busy time of year, but every technology company needs to prioritize inquiries about data security and privacy. Those that don't either have something to hide or don't understand the importance and need a wake-up call.
Read on for even more ideas for limiting your exposure to data security and privacy risks this holiday season.
|
|
|
I hope you enjoy the photos from my trip to Luxembourg in October. |
|
Data Security & Privacy Beacons
|
People and places making a difference**
Have you seen an organization or individual taking actions to improve privacy? Send me a note to nominate a privacy beacon of your own!
Regional ATM network operator SHAZAM has developed an app to give more U.S. debit cardholders an easier way to monitor their financial transactions. Called SHAZAM BOLT$, the app's functionality mirrors that of apps developed by some of the largest global megabanks (e.g. receive fraud alerts, set spending controls, pause card transactions if card is lost). SHAZAM's clients, on the other hand, are local and regional financial institutions. So, with the advent of SHAZAM BOLT$, debit card users can get the same or similar level of protection regardless the size of their bank.
DuckDuckGo is a search engine that just added an exciting new feature called Smarter Encryption. It automatically upgrades encryption for sites its users visit. The real cool part is that Smarter Encryption gets more robust the more its used. Whereas similar tools offer the protection on fewer than 150,000 sites, DuckDuckGo already works on 12 million sites. The company gets extra "beacon" points for creating this feature with open-source code so other developers can integrate it with their own sites and platforms.
The New Jersey Attorney General has launched a new initiative to teach kids and teens how to protect themselves and their data while online. To kickoff the Cyber Savvy Youth Initiative, the AG Office acting director visited an elementary school in Jersey City where he spoke to students about internet safety and shared tips on how to spot potential dangers online. With upwards of 1 million children each year becoming victims of identity theft, it's great to see leaders take a more active role in arming kids with the knowledge to stay cyber safe.
**P
rivacy beacon shout-outs do not necessarily indicate an organization or person is addressing every privacy protection perfectly throughout their organization (no one is). It simply highlights a noteworthy example that is, in most cases, worth emulating.
|
|
|
Old Luxembourg view from my landing plane. |
|
Is Your DNA Profile Private?
|
|
A Florida judge's decision says no
A warrant for DNA, granted in Florida, has set a massively important (and scary) precedent. A
judge's decision to support that warrant is one that may open up all consumer DNA sites to law enforcement agencies across the country.
According to the New York Times, the DNA profiles of some 20 million people could be subject to scrutiny now that the door has been opened.
Sites like 23andme, Ancestry.com and GEDmatch are enticing to law enforcement looking to close new and cold cases. Although these sites may say a person's genetic information is private, the warrant granted in Florida allowed access to the
full database. That gave detectives access to the personal data of people who had NOT opted in to making their genetic information accessible to law enforcement.
Of course I believe the solving of cold-case crimes is a wonderful byproduct of DNA research. And, in a perfect world, the innocent would have nothing to worry about. Unfortunately, we don't live in a perfect world.
This horrible invasion of privacy for all who use these sites could lead to a very wide range of other uses of the DNA. The possible resulting harms of misusing the data are virtually unlimited.
The scary facts are that 1) DNA profiles are not 100-percent accurate; 2) samples can be accidentally combined; and 3) the data involves relatives, as well. A recent JSTOR Daily article points to an incident in which a DNA profile led to a child far too young to have committed the murder detectives were investigating. Turns out, the child's uncle, who did later confess, was the real killer.
As you weigh the benefits of participating in DNA collection sites with the potential downside, consider that you're making this decision for more than just yourself. When you share your DNA, you effectively share the DNA of every one of your blood relatives, too.
If you are thinking about giving the gift of DNA exploration for the holidays, I want you to be aware of what else you may be giving away in the process.
|
|
Fresh Phish: Wanted Dead or Alive
|
'FedEx Manager' wants to confirm I'm still among the living
We hear often about celebrities falsely proclaimed to be dead, but this was a first for me.
The email I received recently (below) originated from a domain in Ireland. It's clearly a phishing attempt and not a very good one at that. Could it have been written by a robot? Quite possibly. Notice the many red flags:
- The sender's name and the domain name are a mismatch.
- The "DO NOT IGNORE THIS TEXT," is immediately suspicious, particularly given this was an email, not a text.
- The sender claims my doctor has informed him I'm dead. That's not only false, it would be a HIPAA violation.
- The signature, which contains the mispelling of "Sincere" vs. "Sincerely" seems to indicate that Dr. Jan Robert doubles as a FedEx Manager.
Phishing emails like this can be somewhat comical. But, the sinister intent is no laughing matter.
-----Original Message-----
From: JAN ROBERT <[email protected]>
Sent: Thursday, October 17, 2019 7:23 PM
Subject: Attention!!
DO NOT IGNORE THIS TEXT
I've been informed by Dr. Johnson Hale claiming to be your doctor that you are dead and have asked him to come to my office and claim your funds tomorrow morning.
Please reply ASAP and do not ignore else your funds will be sent to his provided account.
get back to us now with this information below
Full Name, Home Address,Cellphone Number.
Sincere,
Dr. Jan Robert
FedEx Manager
|
|
Is faithful fitness tracking worth the data security and privacy risk?
On November 1st,
Google bought Fitbit in a $2.1 billion acquisition. The deal has prompted some who don't trust Google to get rid of their Fitbit devices.
Upon acquisition of the wearable device company, Google will also obtain knowledge of every step, heartbeat and health metric of Fitbit users. That's put several people on the market for alternatives, like Apple Watch.
(Although Apple has been stepping up its "Privacy. That's iPhone."
messaging in advertisements, just as many questions loom about their own privacy policies and practices.)
Google has said it will not sell any personal or health data and that users will be able to
review, move or delete their data. However, the company doesn'
t have the best reputation around data security and privacy, so trust is not where they'd likely want it to be.
Consumers are willing to share some data to access relevant information and products. But, should that willingness extend to health data... health data that not only reveals some of the most intimate details of a person's private life but is also highly valuable on the dark web? It's a question every person needs to answer for him or herself.
|
|
|
Grand Ducal Palace in Luxembourg. |
|
The Other Side of Background Checks
|
Data from job applicant investigations must be protected
| | | |