Supreme Court Rules on Internet Privacy - Access to cell phone data requires court warrants!

The NY Times reported that the Supreme Court ruled in a “5-to-4 decision has implications for all kinds of personal information held by third parties, including email and text messages, internet searches, and bank and credit card records.”  The June 22, 2018 ruling in the case of  Carpenter v. US was reported in the June 22, 2018 NY Times article entitled “Supreme Court Rules that Warrants Generally Are Required to Collect Cellphone Data” and included these comments about the case:

The question for the justices was whether prosecutors violated the Fourth Amendment, which bars unreasonable searches, by collecting vast amounts of data from cellphone companies showing Mr. Carpenter’s movements.

In a pair of recent decisions, the Supreme Court expressed discomfort with allowing unlimited government access to digital data.

It limited the ability of the police to use GPS devices to track suspects’ movements, and it required a warrant to search cellphones.

My blog November 27, 2017 provides more background on the case “Will the Supreme Court rely on a 1979 case (think 18,134 Internet years) for Internet/cellphone privacy in 2017?

This is an import ruling since cell phone data privacy is very significant given that the Supreme Court stated that there…”are 396 million cell phone service accounts in the United States—for a Nation of 326 million people.”

Apple’s App Store a monopoly?

The Washington Post reported a 7 year old case will be considered by the US Supreme Court as to whether “Apple has “monopolized” the market for iPhone apps because it has total control over the games, utilities and other offerings that appear in its App Store.”  The June 18, 2018 article entitled “The Supreme Court will wade into a fight over Apple’s tightly controlled App Store” included these comments:

The lawsuit could force Apple to rethink the way it manages its App Store, long considered one of the most highly curated platforms in the business.

For one thing, Apple generally takes a 30 percent cut of all third-party apps sold through its portal.

In the eyes of the plaintiffs, that fee ultimately hurts consumers, because developers pass those added costs on to iPhone and iPad users who purchase the paid apps.

This case could also impact Google’s Android store and impact millions of users around the world!

WOW! Cyber theft of $1.1 billion of cryptocurrencies in the past 6 months!

Bankinfosecurity.com reported that to “steal cryptocurrency, attackers continue to leverage malware, phishing attacks and fake advertising campaigns.”  The June 12, 2018 article entitled “Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months” included the comments from endpoint security firm Carbon Black “which analyzes cryptocurrency attacks that have been seen over the past six months”:

 

There are currently an estimated 12,000 dark web marketplaces selling approximately 34,000 offerings related to crypto theft,…which says the tools cost anywhere from $1 to $1,000, with an average cost of $224.

….also identified a sweet spot in malware pricing for cryptocurrency-related attacks at around $10.

 

So maybe cryptocurrencies are not all that safe from cyber criminals!

74 arrested for Spearphishing (cyber fraud aka Business Email Compromise - BEC) for theft of +$16m!

The US Department of Justice announced the arrest of 74 criminals, including 42 in the US, who made millions “targeting employees with access to company finances and businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” The June 11, 2018 Press Release entitled “74 Arrested in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes” included a description of these most popular Spearphishing schemes:

”Romance scams,” which lull victims to believe that their online paramour needs funds for an international business transaction, a U.S. visit or some other purpose;

“Employment opportunities scams,” which recruits prospective employees for work-from-home employment opportunities where employees are required to provide their PII as new “hires” and then are significantly overpaid by check whereby the employees wire the overpayment to the employers’ bank;

“Fraudulent online vehicle sales scams,” which convinces intended buyers to purchase prepaid gift cards in the amount of the agreed upon sale price and are instructed to share the prepaid card codes with the “sellers” who ignore future communications and do not deliver the goods;

“Rental scams” occur when renters forward a check in excess of the agreed upon deposit for the rental property to the victims and request the remainder be returned via wire or check and back out of the rental agreements and ask for a refund; and

“Lottery scams,” which involves persons randomly contacting email addresses advising them they have been selected as the winner of an international lottery.

Given the great success for Spearphising criminals it is unlikely to they will ever leave this space!

Wow, 30 day notice of cyber breach in new Colorado law trumps HIPAA!

Darkreading.com reported “Under the new law, if an individual’s personal information is part of a breach, he must be notified within 30 days after discovery — no exceptions.” The June 7, 2018 article entitled “New Colorado Breach Notification Rules Signed Into Law” included these comments about the new law signed by Gov. John Hickenlooper last week:

The new notification requirement will have a special impact on organizations that must notify individuals of a HIPAA breach because it takes precedence over the federal 60-day notification window.

Notification requirements include telling affected individuals which data was released and the estimated data of the breach.

Of course the biggest problem with the the new Colorado law is how little we know within 30 days of a cyber breach!