"bloody useless" | The Cat Herder, Volume 5, Issue 38

TikTok may be fined in the UK. The HSE may eventually get around to informing people it lost their pe   October 2 · Issue #200 · View online TikTok may be fined in the UK. The HSE may eventually get around to informing people it lost their personal data eighteen months ago. The ban on public authorities in one Danish region purchasing Hikvision equipment may spread further. 😼 Inti De Ceukelaire @intidc 🔥PRIVACY SCOOP: How ANYONE can track your car using only your license plate: a thread! 🧵👇 #osint #privacy (1/X) https://t.co/YQGzbq6RCT 6:05 AM - 26 Sep 2022 The briefing states that the Capital Region’s Steering Group for IT and Information Security “has decided that the purchase of video cameras from the manufacturer Hikvision must be discontinued” … The briefing details how the Capital Region came to this conclusion, with the main driver being in February, when Denmark’s top intelligence agency and cyber authority issued a “security recommendation” stating that “video cameras from the manufacturer Hikvision constitutes a critical threat to security” Danish Capital Region Bans Hikvision Purchases, Calls "Critical Threat To Security" ipvm.com – Share The most populous region of Denmark,which includes the nation’s capital of Copenhagen, has banned Hikvision camera purchases. — Deals and takeovers were only part of Palantir’s approach, however, the messages seen by Bloomberg show. At the same time as the Babylon partnership, Palantir urged industry lobby group TechUK to encourage government agencies to buy commercial off-the-shelf products, such as Foundry, instead of building their own bespoke tools.  A spokeswoman from TechUK declined to comment. Peter Thiel's Palantir Had Plan to Crack NHS: ‘Buying Our Way In’ - Bloomberg www.bloomberg.com – Share Palantir Technologies had a secret plan to deepen its relationship with the UK’s National Health Service without public scrutiny. The Optus data breach: a brief timeline in Reuters headlines: September 24 (Reuters), ‘Australia’s Optus contacts customers caught in cyber attack’ MELBOURNE, Oct 1 (Reuters), ‘Australia’s Optus says 'deeply sorry’ for cyberattack’ MELBOURNE, Oct 2 (Reuters), ‘Australian government slams Optus for cybersecurity breach’ The first of these stories leads off with “Australia’s number two telecommunications company, Optus, said on Saturday it was contacting customers about a cyberattack that accessed personal details of up to 10 million customers, in one of Australia’s biggest cybersecurity breaches.” In an interesting contrast, the following paragraph appeared in a story on the RTÉ website during the week. The HSE says that no legal actions have been taken against it to date by individual patients but as of last month patients, clients and staff whose personal information was stolen as part of the cyber attack had yet to be informed. The cyberattack on the HSE and resulting personal data breach happened in May of 2021. As is frequently the case, it looks as if the Optus breach will result in some after-the-horse-has-bolted action from legislators. O’Neil is considering compelling companies to report data breaches and reconnect services after a hack as part of changes to cybersecurity legislation, declaring current laws were “bloody useless” in dealing with the Optus attack. “We are five years behind in cybersecurity laws. Well in the digital years, years are like dog years. We are way off the mark at the moment.” ‘Drawbridge needs to come down’: Government says Optus must show more transparency www.theage.com.au – Share The federal government says Optus still has not provided government agencies with the full details of all customers who had Medicare or Centrelink details exposed by the data breach. The ICO announced it “could” impose a fine on TikTok. Which seems a strange way to go about things unless you’re more interested in headlines in the papers than regulating. — The ICO also issued reprimands to seven public sector organisations for repeatedly failing to meet the deadlines for responding to Subject Access Requests. “There is no shortage of opinions in the public domain on the costs and benefits of data minimization and its broad-based effects on innovation and competition, among other things, but as a defining principle to underpin the FTC’s rulemaking, I agree with Bryson, who gets to the heart of the matter: the only reason to collect more data than is necessary is manipulation and surveillance.” From ‘Data Anonymization Doesn’t Work’ by Tim O'Brien. “The EU Commission’s draft pays lip service to the importance of end-to-end encryption. However, service providers may only choose between technologies that allow them to detect illegal content in private communications, it states. In other words, service providers who offer end-to-end encryption without backdoors will not be able to implement any detection orders they may receive from authorities and thus come into conflict with the law. This attack on end-to-end encryption increases the intensity of the restriction of fundamental rights caused by indiscriminate mass surveillance.” From ‘Chat control incompatible with fundamental rights’ published by the Gesellschaft für Freiheitsrechte. “Residents in Balakliia told the Observer that Moscow had been carefully plotting the “referendum” for some time. With little in the shops, and no way of withdrawing cash, the town’s 15,000-strong population was forced to rely on Russian handouts. Humanitarian aid was available. But there was a catch: to receive it, locals had to give their address, and to hand over their passports and Ukrainian identification number. “They photocopied everything. It was a ploy to get hold of your personal data,” Valery explained. “In return you got a packet of spaghetti and some tinned beef.” From ‘Russians occupying Kharkiv region demanded personal data in return for food’ by Luke Harding for the Observer. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

TikTok may be fined in the UK. The HSE may eventually get around to informing people it lost their personal data eighteen months ago. The ban on public authorities in one Danish region purchasing Hikvision equipment may spread further.

😼

The most populous region of Denmark,which includes the nation’s capital of Copenhagen, has banned Hikvision camera purchases.

—

Palantir Technologies had a secret plan to deepen its relationship with the UK’s National Health Service without public scrutiny.

The Optus data breach: a brief timeline in Reuters headlines:

September 24 (Reuters), ‘Australia’s Optus contacts customers caught in cyber attack’

MELBOURNE, Oct 1 (Reuters), ‘Australia’s Optus says 'deeply sorry’ for cyberattack’

MELBOURNE, Oct 2 (Reuters), ‘Australian government slams Optus for cybersecurity breach’

The first of these stories leads off with “Australia’s number two telecommunications company, Optus, said on Saturday it was contacting customers about a cyberattack that accessed personal details of up to 10 million customers, in one of Australia’s biggest cybersecurity breaches.”

In an interesting contrast, the following paragraph appeared in a story on the RTÉ website during the week.

The cyberattack on the HSE and resulting personal data breach happened in May of 2021.

As is frequently the case, it looks as if the Optus breach will result in some after-the-horse-has-bolted action from legislators.

The federal government says Optus still has not provided government agencies with the full details of all customers who had Medicare or Centrelink details exposed by the data breach.

The ICO announced it “could” impose a fine on TikTok. Which seems a strange way to go about things unless you’re more interested in headlines in the papers than regulating.

—

The ICO also issued reprimands to seven public sector organisations for repeatedly failing to meet the deadlines for responding to Subject Access Requests.

• “There is no shortage of opinions in the public domain on the costs and benefits of data minimization and its broad-based effects on innovation and competition, among other things, but as a defining principle to underpin the FTC’s rulemaking, I agree with Bryson, who gets to the heart of the matter: the only reason to collect more data than is necessary is manipulation and surveillance.” From ‘Data Anonymization Doesn’t Work’ by Tim O'Brien.
• “The EU Commission’s draft pays lip service to the importance of end-to-end encryption. However, service providers may only choose between technologies that allow them to detect illegal content in private communications, it states. In other words, service providers who offer end-to-end encryption without backdoors will not be able to implement any detection orders they may receive from authorities and thus come into conflict with the law. This attack on end-to-end encryption increases the intensity of the restriction of fundamental rights caused by indiscriminate mass surveillance.” From ‘Chat control incompatible with fundamental rights’ published by the Gesellschaft für Freiheitsrechte.
• “Residents in Balakliia told the Observer that Moscow had been carefully plotting the “referendum” for some time. With little in the shops, and no way of withdrawing cash, the town’s 15,000-strong population was forced to rely on Russian handouts. Humanitarian aid was available. But there was a catch: to receive it, locals had to give their address, and to hand over their passports and Ukrainian identification number. “They photocopied everything. It was a ploy to get hold of your personal data,” Valery explained. “In return you got a packet of spaghetti and some tinned beef.” From ‘Russians occupying Kharkiv region demanded personal data in return for food’ by Luke Harding for the Observer.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.