This is the Shared Security Weekly Blaze for June 4, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here!
Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated!
This is your Shared Security Weekly Blaze for June 4th 2018 with your host, Tom Eston. In this week’s episode: Telegram Messenger in Russia, Amazon’s Facial Recognition Technology and Digital License Plates.
The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.
Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
In the spirit of good GDPR compliance you can now opt-in to our brand new email list for the podcast! Stay up-to-date on the latest episodes, receive exclusive offers from our sponsors, participate in contests and gain access to content just for our email subscribers! Sign-up at sharedsecurity.net today.
The Russian communications agency has given an ultimatum to Apple if they do not remove Telegram, which is a secure messaging app, from the Apple App Store in Russia. Several months ago the Russian government banned the Telegram app because Telegram refused to give them the private encryption keys to access messages being sent through the app. Russia claims that terrorists are using the Telegram app and are demanding what is essentially backdoor access to chats for government investigations and surveillance. Apple now has a month to comply with this request or face regulatory action from the Russian government. It’s also being reported that the same request also went out to Google to ban Telegram from the Google Play app store as well. Now despite this request Telegram is still being actively used by Russian citizens through the use of VPN’s which allow circumvention of any blocking of Telegram servers that the Russian government is actively doing.
This news reminds me of the controversy back in 2016 here in the US regarding the iPhone of the San Bernardino shooter in which the FBI asked Apple to unlock the shooter’s iPhone for their investigation. Like the Telegram situation it’s a very dangerous proposal when governments begin asking for companies to install backdoors or to do things that circumvent built in security and privacy controls. This is a debate that will be continuing for sure, in the meantime it’s important that we all support the need to protect our own privacy by keeping encryption and other security technologies built into the devices and apps that we use.
Are you a CISO or Information Security Manager challenged with tracking and managing information security incidents within your organization? If you are, you need to take a look at CISOBox which is a software appliance built for NIST-compliant management of all types of information security incidents. CISOBox secures and protects sensitive incident data using technology accredited by US Federal Intelligence Agencies and gives your organization an efficient and streamlined process for incident handling. No matter if your business is large or small, we highly recommend the CISOBox solution as it’s extremely easy to use, scalable, and a secure way to implement incident handling within your organization. For more information on the CISOBox solution and to schedule a demo visit cisobox.com/sharedsecurity. That’s cisobox.com/sharedsecurity.
Amazon is in the news recently about a cloud based facial recognition technology they’ve developed called “Rekognition”. Rekognition can identify approximately 100 people in a single image leveraging databases containing the faces of millions of people. The controversy is that Amazon has been offering this service to law enforcement agencies and its already being used by the Orlando Police Department and a Sheriff’s office in Oregon which adds to the growing list of surveillance technology now in the hands of local government. In the case of the Orlando Police Department, Amazon actually gave this technology to them for free as a proof-of-concept.
In a blog post written by the American Civil Liberties Union, they express great concern since this is a case of the government partnering up with a large tech company to provide the latest surveillance technology. The ACLU states:
“With Rekognition, a government can now build a system to automate the identification and tracking of anyone. If police body cameras, for example, were outfitted with facial recognition, devices intended for officer transparency and accountability would further transform into surveillance machines aimed at the public. With this technology, police would be able to determine who attends protests. ICE could seek to continuously monitor immigrants as they embark on new lives. Cities might routinely track their own residents, whether they have reason to suspect criminal activity or not.”
We’re clearly on a slippery slope when it comes to using this type of advanced surveillance technology. While one can clearly see the good that can be done to track known terrorists or criminals about to commit a crime, we all know that technology like this will have problems and innocent people may get caught up in crimes that they didn’t commit. There is also the large possibly of this technology being abused with little or no oversight and accountability. I’m sure this is not the last we’re going to hear about this story and it’s just the tip of the iceberg when it comes to ensuring a balance between providing law enforcement with what they need to stop criminals but to also keep our freedoms intact.
How would you feel about installing an Internet enabled digital license plate on your car that gave you the ability to electronically register your vehicle or display personal messages on your license plate? Have you thought about the side effect of allowing the government to not only track if your vehicle is stolen but to know where your vehicle is located at all times? Well even if you were interested this technology is not cheap. The state of California is considering allowing these plates to be purchased by vehicle owners but you’re looking at around $699 not including installation fees to have this technology installed on your vehicle. Now these plates are only being tested in a limited capacity in Sacramento California but if all goes well digital license plate technology will no doubt be adopted by other states as well.
As we’ve discussed in previous episodes, we already have police using license plate recognition technology to scan cars in parking lots. This technology alone has caused many privacy concerns and further given the government more surveillance capability. However, now that Internet enabled license plates have started to come out, what level of privacy should we expect and how will this technology be secured? If the current insecurity of IoT devices gives any indication of what the future looks like, the future doesn’t look so bright. Let’s hope that privacy advocacy groups push governments and the device manufactures to consider our privacy and security first before they are installed and being used on all our vehicles.
That’s a wrap for this week’s show. Please be sure to follow the Shared Security Podcast on all the regular social media channels like Facebook, Twitter and Instagram for frequent posts, commentary and updates. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe on iTunes, Google Play, Stitcher, TuneIn, Spotify or iHeartRadio. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.