Lots to cover since our last privacy report. First up…
Outdated encryption tech leaves millions of devices, websites vulnerable
A decision made decades ago to use a weak form of encryption on devices exported to other countries is having present-day consequences.
During the Clinton administration, the federal government mandated that export-eligible devices use what’s known as 512-bit encryption. Today, that standard is quite weak – the New York Times notes that it can be cracked by Amazon’s powerful cloud computing service in fewer than 8 hours.
More than a third of web servers still use 512-bit encryption, security researchers found. It remains to be seen how long internet companies will take to update their servers to a stronger standard. In the meantime, be smart about the information you share online – consider masking your email and credit card instead of using your real info.
Georgetown and MIT team up to educate future lawyers on digital privacy
Today’s attorneys know too little about privacy issues in the digital age, Georgetown Law and MIT say. That’s why the two schools are partnering on a joint course that will encourage collaboration between future lawyers and future technologists.
A project of MIT’s new Cybersecurity Policy Initiative and Georgetown Law’s new Center on Privacy and Technology, the course – which will be conducted over videoconference – requires students to draft state laws related to real policy issues.
The two schools’ announcement comes as the federal government is taking a new, harder look at protecting internet users’ privacy. The Obama administration has proposed giving consumers more control of their personal data.
Mandarin Oriental hotel chain plagued by privacy breach
Certain Mandarin Oriental point-of-sale systems were infected with malware that attempted to steal guests’ payment information, the hotel chain has revealed.
The Krebs on Security blog quotes cybersecurity experts as saying that the breach probably started before Christmas 2014. It most likely affected all of the Mandarin Oriental’s U.S. hotels, Krebs on Security adds.
The breach is but the latest in a string of recent point-of-sale system attacks. Tokenization options like Apple Pay can help protect your payment information at brick-and-mortar checkouts – and for online purchases, Blur Premium’s Masked Cards will do the same.
IRS to collect device identifiers from tax-filing websites
Starting this year, the Internal Revenue Service will ask tax-filing companies like TurboTax to provide individual filers’ device identifiers.
The move, NextGov reports, aims to prevent tax fraud. If the IRS sees multiple returns filed from the same device, it can flag those returns for potential fraud.
If you’re concerned that the IRS is invading filers’ privacy, filing a paper return may be your only recourse. The ID-collection program will become mandatory in 2016.
Uber receives security plaudits
We’ve reported in this space before on the heat Uber has taken for perceived invasions of riders’ privacy. But a news item we missed in January appears to show that the company is taking privacy protection seriously.
Law firm Hogan Lovells, which Uber retained to audit its privacy practices, determined that the ridesharing company is doing more than many of its peers to protect customers’ privacy.
“Uber has dedicated significantly more resources to privacy than we have observed of other companies of its age, sector, and size,” Engadget quotes Hogan Lovells as saying.
Still, even robust protections aren’t always enough to fight hackers – which is why we recommend masking your personal info as often as you can.