CS Nov-Dec 2020

More documents

Recommendations

Info

contact tracing smartphones in mind: These users can print out a personal QR code to be scanned by restaurants and other places they visit. KEEPING WATCH Human Rights Watch is equally concerned about proposals for the use of mobile location data in the Covid-19 response, because the data usually contains sensitive and revealing insights about people's identity, location, behaviour, associations and activities. Indeed, mobile location data programs to combat Covid-19 may not be scientifically necessary and could lead to human rights abuses, if they are not equipped with effective safeguards to protect privacy. The long history of emergency actions, such as surveillance measures put in place to counter terrorism, shows that they often go too far, fail to have their desired effect and, once approved, often outlast their justification, according to the international watchdog body. Contact tracing’s goal is, of course, to interrupt transmission by rapidly identifying individuals who have been in close contact of someone who is infected, defined by the United States Centers for Disease Control and Prevention (CDC) as within six feet of someone for approximately 10 or more minutes. The idea is to encourage such individuals to isolate themselves from others, and seek testing and treatment. Because the coronavirus is primarily transmitted through person-to-person contact via respiratory droplets when an infected person coughs, sneezes or talks, mobile location data has been advocated in many quarters as an essential method to identify potentially exposed individuals. Companies and governments are also examining location data in aggregate form to better understand general patterns of people's movements and behaviours, and how these have changed over time. Such analysis aims to forecast how the virus might be spreading and the effectiveness of public health interventions, particularly social distancing measures, and identify ways to better allocate testing and medical resources. RIGHTS & FREEDOMS Even in times of emergency, when States restrict human rights for public health reasons, international human rights law says that measures taken that limit people's rights and freedoms must be lawful, necessary and proportionate. States of emergency need to be limited in duration and any curtailment of rights needs to take into consideration the disproportionate impact on specific populations or marginalised groups. These rules apply to efforts to track and manage Covid-19 using mobile location data. The collection and analysis of such data could reveal users' identities, movements, and associations in a manner that interferes with the right to privacy. Article 17 of the International Covenant on Civil and Political Rights (ICCPR), which is derived from Article 12 of the Universal Declaration of Human Rights (UDHR), establishes "the protection of the law" against "arbitrary or unlawful interference" with an individual's "privacy, family, home, or correspondence." The United Nations Human Rights Committee has found that restrictions on the right to privacy must take place only "in cases envisaged by the law." Restrictions must also be "proportionate to the end sought, and ... necessary in the circumstances of any given case". In the EU, eight major telcos agreed earlier this year to share anonymised metadata with the EC for modelling and predicting the propagation of the coronavirus. An official from the commission advised that the data would be aggregated and anonymised, and that the commission will delete it when the pandemic is over. However, and worryingly, the European Data Protection Supervisor has previously warned about the possibility of such measures becoming permanent. 24 computing security Nov/Dec 2020 @CSMagAndAwards www.computingsecurity.co.uk
data disasters BRAKING BAD! CAR OWNERS COULD BE PUTTING THEIR PERSONAL DATA AT RISK BY NOT CLEARING THIS BEFORE SELLING THEIR CARS, ACCORDING TO CONSUMER WATCHDOG WHICH? AWhich? survey has revealed that car owners could be putting their personal information seriously at risk by failing to clear their data before selling their cars. In a survey of over 14,000 drivers who sold cars in the last two years, four in five failed to wipe information transferred from their phone, such as contact numbers, home address and even WiFi passwords, to their cars before they sold them. Chris Harris, EMEA technical director at Thales, has been looking at the clear dangers of this behaviour, and what drivers and car manufacturers can do to stop sensitive data falling into the wrong hands. "When selling a car, we're usually quick to remove our possessions - whether that's CDs, a roof rack, or personalised seat covers. However, many of us are failing to remove our more 'invisible' possessions, and with cars becoming increasingly connected, they are swiftly becoming a hotbed for potentially lucrative sensitive data, including addresses, recent calls and birthdays. "The majority of us wouldn't be comfortable sharing this kind of information with complete strangers, so it's concerning to see consumers unwittingly hand this data across," adds Harris. "Whether you're selling a car, taking a ride with a friend or even returning a rental car, it's essential to practice good data hygiene and protect your personal data. However, manufacturers need to be doing more to ensure data hygiene is easy to practice and drivers know how to remove this data." He offers what he describes as "three quick tips" for keeping such data safe when selling your car: 1. When you come to sell your car, consider all the places where your personal information may be stored and find out from the car's manual how to delete or erase it. Most of us wouldn't be comfortable sharing our address, contacts and recent messages with a complete stranger, but that's effectively what we're doing by not clearing sensitive data from our cars. 2. Go through any accounts or apps that you may have connected to the vehicle, and ensure you've logged out and removed any saved data. You won't want the new owner benefiting from services you've subscribed to - and, just as importantly, the new owner probably won't be too grateful when your app unknowingly starts to control their new vehicle. 3. Finally, check for old-school methods of storing data. Did you have a USB stick or CD in the glovebox with music you were playing in the car? What else might that memory stick have had on it? Even files you thought you had deleted can often be recovered from hard drives and USB sticks. www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2020 computing security 25
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment TIME TO TAKE GDPR UP A GEAR
Page 5 and 6: Pragmatic and experienced risk mana
Page 7 and 8: editor's focus "Well trained staff
Page 9 and 10: health monitoring within the compan
Page 12 and 13: smishing SMISH, SMASH, BASH! A RELA
Page 14 and 15: smishing scams, while the Associati
Page 16 and 17: industry insights THE NEW ORDER IS
Page 18 and 19: mergers & acquisitions HITTING THE
Page 20 and 21: Data privacy BEYOND THE EU-US PRIVA
Page 22 and 23: contact tracing WE HAVE CONTACT THE
Page 26 and 27: hacking surge HACKERS FOR HIRE HACK
Page 28 and 29: hacking surge Adrian Rowley, Gigamo
Page 30 and 31: threat intelligence APTS AND COVID-
Page 32 and 33: gender inequality TIME TO REBALANCE
Page 34 and 35: gender inequality equates to - and
Page 36: NEW Sensitive Data Discovery and Re

CS Nov-Dec 2020

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?