February 3, 2017
UNM4SK3D: Executive Order, Take-Two, and Facebook
February 3, 2017
You've heard of the 12 days of Christmas, now post- holiday we're looking at 60 days of cyber. An Executive Order draft reveals the White House will be calling for swift review of “national security systems” within 60 days of the order being signed. During this time, President Trump says he will "ask for an assessment based on current threats and vulnerabilities and will call for recommendations on how to incentivize the private sector to adopt effective cyber security measures."
The document, only 6 pages long, was released by the Washington Post and is one we highly encourage you read. Many acknowledge that this draft mirrors some of former President Obama's plans for cyber security. One White House official commented, “The changes are in management philosophy, in enterprise risk management, and modernizing federal IT." At a high level, President Trump indicates that it will be federal government's mission to protect not just government interests, but also the private sector.
If you're wondering what hasn't been included in the draft? Just a few topics, but keep in mind, it's a 'draft' for a reason. Still, among the unmentioned were the FBI's role in cyber security, whether or not election systems are considered critical infrastructure, whether or not the federal government will attempt to regulate private internet companies on cyber security issues, and net neutrality. Groups like the Electronic Privacy Information Center and the Electronic Frontier Foundation have expressed their concerns that cyber security policy lacks public participation and public oversight.
I will hold my cabinet secretaries and agency heads accountable, totally accountable for the cybersecurity of their organization -President Trump
Policies are important, be it at an organizational level or otherwise. This video provides an Introduction to Security Policies and Procedures.
#biometricsIf I asked you if you own the rights to your face, you'd say yes, right? Think again. In a recent ruling surrounding face scanning technology, Federal judge John Koeltl of the Southern District of New York dismissed a case that's been pending for years between siblings Ricardo and Vanessa Vigil and Gamemaker Take-Two Interactive. Take-Two’s MyPlayer feature of its NBA 2K15 and NBA 2K16 games allows your mug to be plastered onto the body of a famous athlete as you play, which you have to admit is pretty cool. So what's the problem? Take-Two makes their images available, unencrypted, online, stored indefinitely and shared. What's more so, there's no a court injunction that would force them to stop storing your face print biometric data forever, privacy laws or no. (Face in palm, and not because you're suddenly camera shy).The siblings admitted in their lawsuit to giving consent to have their faces scanned in the game’s terms and conditions, but now state the company failed to meet several provisions of the Illinois Biometric Information Privacy Act. As far as we can tell, Take-Two isn't doing anything questionable with our faceprints. And who knew faceprints was even a word. But it’s worth questioning whether we want any prints of ours, face or otherwise, floating around in cyber space for anyone to use.
42% said they worry about not being able to access online accounts through biometric authentication in case of a malfunction -recent study by market research firm, Yougov
Maybe we can suggest a re-branding from Take-Two to Two-Faced? In the mean time, read up on biometrics, as one blogger explores 'Biometrics: Not the Promised Silver Bullet.'
Facebook recently rolled out a new 'Discover Friends' feature. Essentially, it suggests you become friends with strangers. Eerily familiar of dating apps like Tinder and Bumble. So, as if you needed another reminder that you're single, now you have it.
The idea behind the concept is somewhat harmless, as it is meant to help people network and is a move from the 'Big F' to extend into the 'dating' scene. It works by prompting users to craft a short bio and then when you click on an event you’ve been invited to, you’ll be shown the profiles of others who are also attending. It's a bit creepy because you can't choose which events your profile will show up in. You also cannot edit that bio per event. Essentially, anyone from the general public can see what events you're attending if those events are public. (If you listen closely enough, you can hear the sound of stalkers around the world rejoicing).
In a related, but opposite spirit of security to 'Discover Friends,' Facebook launched an account recovery feature for other websites called Delegated Recovery, "a protocol that helps applications delegate account recovery permissions to third-party accounts controlled by the same user." Delegated Recovery is available now to GitHub users, allowing them to set up encrypted recovery tokens for their Github accounts in advance and save it with their Facebook accounts. The process works through encrypted HTTPS Web links, so even Facebook can not read the personal data stored in that token.