This is the Shared Security Weekly Blaze for February 26, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston.
Show Transcript
This is your Shared Security Weekly Blaze for February 26th 2018…with your host…Tom Eston
In this week’s episode: AI Enabled Privacy Policies, New Android Updates and Hotel Room Inspections
Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Before we jump into the news I wanted to give some shout outs this week to several of our listeners for commenting, liking and sharing our posts on social media @Yohun, @borderless_i, @securid and @b0dach on Twitter as well as @cyberspacearmor and @silentpocket on Instagram and Andrew, Shawn and Jason on Facebook. Thank you for your support of the show!
Do you ever read the privacy notices that are found linked in super tiny text at the bottom of a web page or the “privacy notice” emails you receive for the many different services and websites that you use? If you answered no, well you’re not alone. According to studies noted by security firm Sophos, 98% of us don’t read privacy notices. According to another study, it would take a person 30 full working days to read all the privacy notices for services the average person uses. While no one has time for that, let’s not forget that most privacy notices are filled with legal language and typically very difficult to understand. We really need a better way to understand how websites and services are using our personal information.
Enter AI to the rescue! A new AI based technology called (POL-IS-IS) “Polisis” aims to visualize privacy notices through machine learning. This tool can create visual flow charts based on what is written in the notice giving users a visual idea of what type of information is being collected and what options are available to users of these services.
What I really like about Polisis is that they have thousands of privacy notices on their site that have already been analyzed. For example, you can type in Facebook.com to get analysis of their privacy notice as well as many other sites that you may frequently use. You can even submit links to other policies on the web to have them analyzed as well. Check out the show notes for the link to Polisis and if you’re interested in learning more about privacy notices be sure to check out the interview with did with Rebecca Herold, also known as the Privacy Professor, in Episode 71 of the podcast.
Have an Android phone? If you do you’ll want upgrade to the soon to be released Android 9.0 operating system (or currently known as “Android P”) for two new privacy features that are being added. According to several news sources, the new Android operating system will prevent an app from using the camera or microphone when the app is idling in the background. Once the app becomes active, the camera and microphone are available to the app again. This feature fixes a large privacy concern about the ability of malicious apps being able to monitor you via the camera or microphone on your device.
Regarding how Android updates are handled, updates are rolled out by the manufacturer of your phone and sometimes in conjunction with your network provider so the updates can be customized to work with any features that your network provider has added. If you happen to own a newer Google device like the Pixel, you’ll get the update immediately, which is similar to how Apple releases updates to its iOS operating system.
It’s important to note that almost all Android devices have an issue with what is called “device fragmentation”. This means that if your device manufacturer and/or network provider decides to stop updating and supporting your device, you’ll never get future updates and most of these updates have patches to fix serious security vulnerabilities. Our advice is that with all the different versions of Android out there it’s important that you update your hardware, as well as your Android operating system, to keep up with security and privacy updates. Sounds like a good excuse to buy that brand new Google Pixel 2 you’ve always wanted.
How would you feel if hotel security inspected your hotel room every 24 hours, regardless if you have a “do not disturb” sign on your doorknob? Well Caesars Entertainment told the associated press last week that this new policy will be implemented soon in all of their properties in to address guest security concerns due to the mass shooting at the Mandalay Bay in Las Vegas which killed 58 people last October, as well as other incidents at properties in Atlantic City where a sexual assault occurred as well as a fire at the Tropicana that was started when a guest set up an illegal meth lab in their room.
We should note that this is not a new policy for some other hotel chains. Disney, Hilton, and others have policies to check all rooms periodically for guest safety. However, it’s unclear if it’s hotel security or the room cleaning service, as part of their normal duties, doing these checks. In regards to the new policy at Caesars Entertainment properties, hotel security guards will be doing the checks.
One can debate the legal aspects of implementing a hotel policy like this and what your rights are to privacy if you’re staying in a hotel room. I’m not a lawyer nor do I play one on the podcast, but logically I go back to defining how real the threat is and what the rate of occurrence of events like, mass shootings at hotels and rooms being used as illegal meth labs, really are. I don’t know, perhaps meth labs are a real problem for some hotel chains. But much like airport security measures here in the US, we continue to see privacy-invading policies being implemented because it seems like the right thing to do to prevent a bad incident from happening again. Time will tell if this new policy is effective but let’s all give some thought to the necessity of these policies and the privacy we may not want to give up for the sake of security.
That’s a wrap for this week’s show. Be sure to follow the Shared Security Podcast on all the regular social media channels like Facebook, Twitter and Instagram for frequent posts, commentary and updates. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First-time listener to the podcast? Please subscribe on iTunes, Google Play, Stitcher, TuneIn and now on Spotify. If you like our podcast we would really appreciate you leaving a review in iTunes or whatever app that you use to listen to the podcast with. Reviews really help move us up the podcast ratings list and attract more great listeners like you. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.
