National Consumers League

The #DataInsecurity Digest | Issue 85

Shutdown puts data security at risk while Big Tech's 'grand bargain' lands with a thud

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: As the longest shutdown in U.S. history continues, cyber experts are beginning to sound the alarm that our nation’s data security is needlessly being put at risk. The shutdown wasn’t bad news for everyone, as the lapse in federal funding provided some relief for FCC Chairman Ajit Pai, who used the shutdown as an excuse to avoid appearing before Congress to explain his agency’s inaction on telecom companies selling users’ location data. Also in the news, Big Tech’s “grand bargain” on privacy seems to have landed with a resounding thud on the Hill.

And now, on to the clips!

-----------------

Government cyber workers warn that shutdown is making government and personal data more vulnerable to hackers. @Joseph_Marks_ reports that the government's cybersecurity professionals are growing concerned that “hackers will take advantage of the partial shutdown to tamper with sensitive government data or steal citizens' information -- and that the bare-bones staff won't be able to fend them off... .” (Source: Washington Post) 

Senator Wyden asks IRS how it plans to combat taxpayer identity theft during shutdown. @RonWyden tweets: "If IRS is working with a skeleton staff as a result of the shutdown, is there an elevated risk that cybercriminals filing fraudulent returns with stolen taxpayer identities will be able to steal taxpayers' refunds?" (Source: Twitter)

Chairman Pallone requests emergency hearing to discuss why FCC did not stop carriers from selling user location data. In the wake of revelations that every major carrier was violating consumer privacy, the Energy and Commerce Chair wrote, “The FCC once again appears to have dragged its feet in protecting consumers...,” in his request that FCC Chairman Ajit Pai appear before the committee. (Source: CNET)

Quick hit: FCC Chairman Pai to Chairman Pallone’s invite to testify: Thanks, but no thanks... (Source: The Hill)

FTC considers record-setting fine against Facebook for violating consent order. While not confirmed, @TonyRomm and @lizzadwoskin report that “U.S. regulators have met to discuss imposing a record-setting fine against Facebook for violating a legally binding agreement with the government to protect the privacy of its users' personal data, according to three people familiar with the deliberations but not authorized to speak on the record.” (Source: Washington Post)

Breach du jour: 26+ million text messages with reset links and passwords. When you use two-factor authentication, or are texted a password form a company, you probably assume that the text message is secure. However, “a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more,” was found “easily readable, browsable and searchable for names, cell numbers and the contents of the text messages themselves,” on an unsecured server. (Source: Tech Crunch)

Big Tech proposes ‘grand bargain,’ privacy law. The “grand bargain” would preempt states and eliminate previously won protections like HIPPA and COPPA. Senator Blumenthal (D-CT) commented: “If Big Tech thinks this is a reasonable framework for privacy legislation, they should be embarrassed... . This proposal would protect no one – it is only a grand bargain for the companies who regularly exploit consumer data for private gain and seek to evade transparency and accountability.” (Source: The Verge)

Events

January 28, 2019: National Cyber Security Alliance’s Data Privacy Day – San Francisco, CA and online 
Each year on January 28, the National Cyber Security Alliance convenes privacy leaders from the private, government, and non-profit sectors to discuss opportunities and challenges for the road ahead. (Source: National Cyber Security Alliance) 

June 27, 2019: Federal Trade Commission’s PrivacyCon - Washington, DC
Each year, the FTC convenes a group of privacy experts, academics, policy makers, and regulators to discuss the latest research surrounding consumer privacy and data security. Researchers are encouraged to apply to present at the conference by March 15, 2019. (Source: Federal Trade Commission)

National Consumers League
Published January 24, 2019