Press Room – Information Security and Data Privacy – w2#0816

1. Automated Processing: GDPR’s Right to Explanation of Algorithmic Decisions Pose Challenges for Industry

Use of automated profiling is inherently discriminatory (decisions are made on the basis of data subjects falling within defined groups); simply removing certain variables does not ensure predictions will be uncorrelated to those variables, and correlations between sensitive and non-sensitive data become increasingly complex and difficult to detect as data sets become larger.

2. EDPS Recommends New Rules To Protect All Functionally Equivalent Services and WiFi Communications

New ePrivacy rules should provide the same protection for all functionally equivalent services (e.g. traditional telephony, VoIP or messaging apps), and protect the confidentiality of communications on public WiFi; prior consent should be required for all unsolicited electronic communications, and consent should be required for all tracking and monitoring (e.g. cookies, device-fingerprinting) beyond clear exceptions (e.g. first party analytics). Users should be able to use end-to-end encryption (encryption, reverse engineering and monitoring of communications protected by encryption should be prohibited); transparency requirements should be imposed on providers regarding law enforcement requests for both inside and outside the EU.

3. New key hack exposes 100 million Volkswagen cars

Back in the day, people had to walk into a bank in order to rob it. They also had to walk into a car in order to steal it. Nowadays, people rob banks from the comfort of their home (or their parents’ basements), and it’s only a matter of time before they start hijacking cars the same way.

According to a couple of researchers, whose work has been covered by Wired recently, we’re already halfway there — a new vulnerability has been found which allows hackers to remotely unlock 100 million Volkswagen cars.

Yeah, you read that correctly — 100 million vehicles from the Volkswagen group, including Golf 7, various Audis, and Škodas, built in the last two decades.

4. SMS-based Two-Factor Authentication declared as Insecure

MS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past.
Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection.
For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account.
But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns.

5. If you get caught using a VPN in the UAE, you will face fines of up to $545,000

The President of the United Arab Emirates (UAE) has issued a series of new federal laws relating to IT crimes, including a regulation that forbids anyone in the UAE from making use of virtual private networks (VPN) to secure their web traffic from prying eyes.

The new law states that anyone who uses a VPN or proxy server can be imprisoned and fined between Dh500,000-Dh2,000,000 ($136,000-$545,000, £415,000, €495,000) if they are found to use VPNs fraudently.

Be the first to comment

Leave a Reply

Your email address will not be published.