Tag: data

New Montana Law Blocks the State From Buying Private Data To Skirt the Fourth Amendment

The Fourth Amendment to the U.S. Constitution is not long—only 54 words, in total. But its core premise can be summed up with a simple phrase: Come back with a warrant.

The Fourth Amendment protects people “against unreasonable searches and seizures.” Any law enforcement operative hoping to search or seize your “persons, houses, papers, [or] effects” must get a warrant, showing “probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

But in recent years, as Americans began storing larger portions of their personal information online, governments started buying this data, circumventing the Fourth Amendment’s guarantees of protection. This week, Montana became the first state to restrict the practice.

In 2018, the U.S. Supreme Court affirmed in Carpenter v. United States that the government cannot search a suspect’s cell phone without a warrant.

“A person does not surrender all Fourth Amendment protection by venturing into the public sphere,” including by storing personal information on their phone, Chief Justice John Roberts wrote for the majority. “Although such records are generated for commercial purposes,” that does not “negate” one’s “anticipation of privacy.”

But in the years since, governments have gotten around that pesky constitutional prohibition by simply buying people’s data, with the public’s money.

Companies have access to reams of information about their users, and they often sell that data—anonymized—to firms called data brokers, who then bundle it and sell it to other companies, like advertisers. “A large portion of data brokerage is used for identity verification or fraud prevention,” Paul Boutin wrote in Newsweek. “Much of it is used for traditional marketing.”

But governments got in on the action, too. Federal agencies like the IRS and Immigration and Customs Enforcement spent millions of dollars buying access to data that would otherwise require a warrant. In 2022, the Associated Press reported that police departments across the country had purchased and used “an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time.”

Keep reading

Coinbase Customers’ Personal Data Stolen in Hack, Stock Drops

The cryptocurrency exchange Coinbase was recently targeted in a hacking incident that led to the personal data of thousands of customers being stolen, the company said in a May 15 statement.

According to a March 31 filing with the Securities and Exchange Commission (SEC), Coinbase had 9.7 million monthly transaction users (MTU) by the end of that month.

Since the company claims that less than 1 percent of MTUs have been impacted by the hack, the number of affected individuals could be around 97,000.

Hackers got access to names, addresses, phone numbers, emails, last four digits of Social Security numbers, masked bank account numbers and identifiers, government ID images such as driver’s licenses and passports, and account data such as balance snapshots and transaction history.

Hackers did not get access to login credentials or 2FA codes, private keys, customer funds and the ability to move these funds, Coinbase Prime accounts, Coinbase or Coinbase customer hot or cold wallets.

Following the revelation, Coinbase shares crashed by 7.2 percent on Thursday.

Keep reading

Gun Owners Group Calls for Inquiry into Firearms Industry’s Secret Sharing of Customer Data

A coalition of firearm owners is pressing federal regulators to investigate whether the National Shooting Sports Foundation (NSSF), the gun industry’s chief lobbying group, covertly exploited consumer data for political purposes, despite publicly promoting itself as a defender of privacy.

In a formal appeal submitted to three federal agencies, Gun Owners for Safety is demanding accountability over a long-running data-sharing operation first exposed by a ProPublica report.

That investigation revealed that for years, the NSSF quietly received personal details from gun buyers, collected by manufacturers, without informing those individuals that their information would be funneled into a political targeting effort.

The group’s letter, sent to the FBI, Federal Trade Commission (FTC), and the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), described the practice as “underhanded” and deceptive.

Malcolm Smith, a longtime gun owner and member of the group, underscored the nonpartisan stakes of the issue. “Gun owners’ privacy is not a partisan or ideological issue,” he wrote. “No matter the industry, exploiting customers’ private data like their underwear size and children’s ages in a secret scheme is reprehensible and cannot be permitted.”

Gun Owners for Safety, backed by the gun violence prevention group Giffords, operates across nine states and is composed of firearm owners who support tighter safeguards around gun ownership, including safety measures and enhanced background checks. The organization was launched in 2019 under the leadership of former Congresswoman Gabby Giffords, a gun violence survivor.

Regulatory responses to the complaint have been minimal so far. The ATF confirmed receipt of the letter but offered no additional comment. The FBI, FTC, and NSSF remained silent when approached by ProPublica for statements.

Though the NSSF is less widely known than the National Rifle Association, its influence spans the firearms business ecosystem, representing manufacturers, shooting ranges, ammunition retailers, and industry publishers.

Keep reading

Israeli Intelligence Is Now In Charge of Your Google Data

Google recently announced it would acquire Israeli-American cloud security firm Wiz for $32 billion. The price tag — 65 times Wiz’s annual revenue — has raised eyebrows and further solidified the close relationship between Google and the Israeli military.

In its press release, the Silicon Valley giant claimed that the purchase will “vastly improve how security is designed, operated and automated—providing an end-to-end security platform for customers, of all types and sizes, in the AI era.”

Yet it has also raised fears about the security of user data, particularly of those who oppose Israeli actions against its neighbors, given Unit 8200’s long history of using tech to spy on opponents, gather intelligence, and use that knowledge for extortion and blackmail.

Israel’s Global Spy Network

Wiz was established only five years ago, and all four co-founders — Yinon Costica, Assaf Rappaport, Ami Luttwak, and Roy Reznik — were leaders in Israel’s elite military intelligence unit, Unit 8200. Like many Israeli tech companies, Wiz is a direct outgrowth of the military intelligence outfit. A recent study found that almost fifty of its current employees are Unit 8200 veterans.

“That experience showed me the impact you can make when you combine great talent with amazing technology,” Rappaport said of his time in the military.

Former Unit 8200 agents, working hand-in-glove with the Israeli national security state, have gone on to produce many of the world’s most infamous malware and hacking tools.

Perhaps the most well-known of these is Pegasus, spyware used by governments around the world to surveil and harass political opponents. These include India, Kazakhstan, the UAE, and Saudi Arabia, the latter of which used the tool to spy on Washington Post journalist Jamal Khashoggi before he was assassinated by Saudi agents in Türkiye.

In total, more than 50,000 journalists, human rights defenders, diplomats, business leaders and politicians are known to have been secretly surveilled. That includes heads of state such as French President Emmanuel Macron, Pakistani Prime Minister Imran Khan and Iraqi President Barham Salih. All Pegasus sales had to be approved by the Israeli government, which reportedly had access to the data Pegasus’ foreign customers were accruing.

Unit 8200 also spies on Americans. Whistleblower Edward Snowden revealed that the National Security Agency regularly shared the data and communications of U.S. citizens with the Israeli intelligence group. “I think that’s amazing…It’s one of the biggest abuses we’ve seen,” he said.

For the Israeli government, the utility of these private spying firms filled with former IDF intelligence figures is that it allows it some measure of plausible deniability when confronted with spying attacks. As Haaretz explained: “Who owns [these spying companies] isn’t clear, but their employees aren’t soldiers. Consequently, they may solve the army’s problem, even if the solution they provide is imperfect.”

Today, former Unit 8200 agents not only create much of the world’s spyware, but also the security features that claim to protect against unwanted surveillance. A MintPress investigation found that three of the six largest VPN companies in the world are owned and controlled by an Israeli company co-founded by a Unit 8200 veteran.

Keep reading

Data of thousands of Israel soldiers leaked

A security breach on an external Israeli ticketing website led to sensitive data belonging to soldiers in the Israeli occupation army, including Chief of Staff Eyal Zamir and high-ranking officers, being made available online, Haaretz reported yesterday.

According to the report, the breach allowed access to personal information, including their full names, ID numbers and phone numbers, through the TickChak website, which is used by army units to offer recreational benefits to their employees.

The breach, coupled with the weak security of the website, allows anyone to access soldiers’ data simply by entering their ID number, without going through any additional verification. This allowed for the extraction and collection of personal information belonging to tens of thousands of soldiers.

The breach occurred using simple software tools created by an anonymous user identifying themselves as the “Persian Prince”. The user was able to run a programme that tested potential ID numbers and extracted the details of their owners.

Keep reading

House Republicans launch group for comprehensive data privacy legislation

Republican leaders on the House Committee on Energy and Commerce are forming a working group designed to help write a comprehensive data privacy bill.

John Joyce of Pennsylvania, the committee’s vice chairman and a physician, will lead the group, according to a press release issued on Wednesday. The working group currently includes nine Republicans and no Democrats.

The committee is inviting “stakeholders” to work with members to draft legislation that can “get across the finish line,” the press release said, quoting Joyce and committee Chairman Brett Guthrie of Kentucky.

Congressional leaders have worked on comprehensive data privacy legislation in the past, but have never succeeded in getting a floor vote due to sharp dissent over what protections and consumer rights should be included. In that vacuum, 13 states have enacted their own.

“We strongly believe that a national data privacy standard is necessary to protect Americans’ rights online and maintain our country’s global leadership in digital technologies, including artificial intelligence,” the Republicans’ announcement says. “We are hopeful that we can start building a strong coalition to address this important issue.”

In January, more than three dozen industry groups sent a letter to Republican and Democratic leaders of the Commerce Committee on each side of Congress, imploring them to pass data privacy legislation that would preempt the state laws.

The provisions proposed by the industry groups are similar to laws in states like Texas and Kentucky, which experts say are weaker than those in other states.

Data privacy legislation had been scheduled for a House Energy and Commerce markup last June but it was cancelled due to controversy over its text. 

Keep reading

Data Centers Are Eating the Grid Alive

The future of data centers is about to make a huge draw on the power grid. According to a DOE-backed report from Lawrence Berkeley National Lab, U.S. data center energy use could nearly triple by 2028, eating up as much as 12% of the country’s electricity. Why? Blame AI and its insatiable hunger for powerful chips and energy-guzzling cooling systems.

Currently, data centers are responsible for a modest 4% of U.S. power demand. But with AI servers becoming the star of the show, the power draw has already doubled since 2017. The GPU chips that are needed to run complex machine learning algorithms are pushing the limits of what the grid can handle. And then there is the heat they generate, causing cooling systems to work overtime.

The report warns that this growth could strain electrical grids, spike energy prices, and raise a few eyebrows about the climate impact. Researchers are calling for better transparency around energy use and efficiency improvements, but Big Tech isn’t exactly eager to spill the tea on their proprietary power habits.

And don’t count on renewables to ride to the rescue just yet. A study last month highlighted that scaling up solar and wind power isn’t happening fast enough to keep up with this demand surge. Plus, when the sun doesn’t shine or the wind doesn’t blow, the grid still needs fossil fuels to back it up.

Keep reading

Privacy in Pieces: States Scramble to Protect Data as Congress Dithers

As Congress struggles to catch up to the European Union’s comprehensive data privacy regulations, some US states have begun to forge their own robust legislation to increase user protection. But this system only protects the data of some Americans, leaving more than half the country without guaranteed data protection or privacy rights.

And it may take years before a national solution is created, if at all.

The EU took its first step towards providing sweeping privacy protection years ago, with the creation of the region’s General Data Protection Regulation (GDPR).

The GDPR, which took effect in 2018 and gives individuals ownership over their personal information and the right to control who can use it, is often marked as the first major, multinational step towards comprehensive data protection and privacy.

Traditionally, the EU’s approach to data privacy stems from a human rights standpoint and has its roots in World War II, when the Nazi party collected personal data to commit numerous atrocities and, later, when the East German secret police, the Stasi, carried out invasive state surveillance.

After the war ended, the right to privacy was enshrined in the European Convention on Human Rights and later in the EU Charter of Fundamental Rights, becoming the ideological foundation on which data privacy laws have been built in the EU today.

Across the Atlantic, the US Constitution does not explicitly provide a right to privacy.

Rather than enacting a comprehensive federal law, the US federal government has taken a reactive approach, passing legislation only after issues arise in a few specific business sectors, which has resulted in a series of data protection laws addressing specific types of data. For example, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) have protected medical and financial data respectively since the 1990s.

“The US is very much an innovation, capital-first society,” said Jodi Daniels, founder and CEO of privacy consultancy firm Red Clover Advisors. “And they do want to protect the people, but it has to all get balanced.”

But in recent years, some lawmakers have begun to push back against this system by introducing comprehensive data privacy bills, like the bipartisan American Privacy Rights Act (APRA).

Introduced in April by Sen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rodgers (R-WA), APRA is like GDPR in that it is not limited to specific business sectors and aims to minimize the amount and types of data companies can collect, give consumers control over their information, and allow them to opt out of targeted advertising.

While the legislation didn’t get very far, stalling in the House Committee on Energy and Commerce, it’s the furthest any comprehensive privacy bill has gone in Congress yet. To become law, however, it would have to be reintroduced next year when Republicans control both chambers. 

Some lawmakers, like Sen. Ted Cruz (R-TX), contend that APRA is more concerned with “controlling the internet” than creating a balance between innovation and privacy protection, and argue that the current right to private action present in the act, which allows individuals to pursue legal action if their privacy is violated, will give overwhelming power to trial lawyers.

Keep reading

Data Centers Are Sending Global Electricity Demand Soaring

The global electricity demand is expected to grow exponentially in the coming decades, largely due to an increased demand from tech companies for new data centers to support the rollout of high-energy-consuming advanced technologies, such as artificial intelligence (AI). As governments worldwide introduce new climate policies and pump billions into alternative energy sources and clean tech, these efforts may be quashed by the increased electricity demand from data centers unless greater international regulatory action is taken to ensure that tech companies invest in clean energy sources and do not use fossil fuels for power.

The International Energy Agency (IEA) released a report in October entitled “What the data centre and AI boom could mean for the energy sector”. It showed that with investment in new data centers surging over the past two years, particularly in the U.S., the electricity demand is increasing rapidly – a trend that is set to continue. 

The report states that in the U.S., annual investment in data center construction has doubled in the past two years alone. China and the European Union are also seeing investment in data centers increase rapidly. In 2023, the overall capital investment by tech leaders Google, Microsoft, and Amazon was greater than that of the U.S. oil and gas industry, at approximately 0.5 percent of the U.S. GDP.

The tech sector expects to deploy AI technologies more widely in the coming decades as the technology is improved and becomes more ingrained in everyday life. This is just one of several advanced technologies expected to contribute to the rise in demand for power worldwide in the coming decades. 

Global aggregate electricity demand is set to increase by 6,750 terawatt-hours (TWh) by 2030, per the IEA’s Stated Policies Scenario. This is spurred by several factors including digitalization, economic growth, electric vehicles, air conditioners, and the rising importance of electricity-intensive manufacturing. In large economies such as the U.S., China, and the EU, data centers contribute around 2 to 4 percent of total electricity consumption at present. However, the sector has already surpassed 10 percent of electricity consumption in at least five U.S. states. Meanwhile, in Ireland, it contributes more than 20 percent of all electricity consumption.

Keep reading

Massive DATA LEAK at background check company exposes private information of over 100 million Americans

The private information of almost one-third of the population of the United States has been leaked following a security lapse within a major corporation responsible for conducting background checks.

The affected company, MC2 Data, provides background check services. The company collects, organizes and analyzes data from a vast range of public sources, such as criminal records, employment histories, family data and contact details. (Related: Massive DATA BREACH exposes personal data of 700 million users of Microsoft-owned LinkedIn.)

MC2 Data and similar companies use the gathered information to make complete profiles that are used by employers, landlords and other entities who depend on them for decision-making and risk management.

MC2 Data owns multiple background check websites, including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers and PeopleSearchUSA.

Cyber News reported that the total number of people affected by the data breach is 106,316,633. MC2 is being accused of leaving a database with 2.2 terabytes worth of information without a password and readily accessible on the open web, raising serious concerns regarding the ability of MC2 Data to protect the privacy and safety of people it conducts background searches on.

Keep reading