5# Innovating with Integrity: Technological Triumphs and the Privacy Imperative

?????Privacy in Politics

"Eurojust and U.S. Department of Justice co-host meeting aimed at ensuring sensitive technologies stay out of the wrong hands"— European Union Agency for Criminal Justice Cooperation

• Joint Meeting: Senior officials, prosecutors, and law enforcement from the EU and U.S. convened to address the unlawful transfer of sensitive technology to foreign adversaries.
• Focus on Russia: The meeting emphasized the urgent need to prevent illicit technology exports to Russia due to its ongoing war against Ukraine.
• Threat Assessment: Unlawful acquisition of technologies like semiconductors, quantum computing, biosciences, and AI poses a significant threat to free societies and can be used for military, surveillance, and oppressive purposes.
• Information Exchange: Participants discussed threats, shared information on relevant authorities, enforcement tools, and best practices, and explored collaborative opportunities.
• Disruptive Technology Strike Force: The U.S. highlighted its inter-agency program launched in 2023 to prevent the unlawful acquisition of critical technologies.
• Key Speakers: European Commissioner for Justice, Eurojust President, U.S. Department of Justice Assistant Attorney General for National Security, and Prosecutor General of Ukraine.
• Shared Commitment: Participants expressed a united front against the national security threat posed by technology misuse, emphasizing the importance of international partnerships.
• Recent Actions: Examples of coordinated law enforcement efforts to counter illegal technology exports were shared.
• Future Collaboration: Participants pledged to continue their efforts and protect critical technologies from falling into the wrong hands.
• The meeting signifies a strong commitment from both the EU and U.S. to address the growing threat of illicit technology transfer.

??Link to the full story??

"NATO Set to Build New Cyber Defense Center"— Infosecurity Magazine

• NATO’s members have agreed to the construction of a new cyber-defense facility designed to help the military alliance build resilience and better respond to digital threats.
• As the alliance celebrated its 75th anniversary with a summit in Washington DC from 9 to 11 July, it revealed plans for a new NATO Integrated Cyber Defence Centre (NICC), to be based at the Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium.
• The center will comprise civilian and military experts from across member states and feature advanced technology designed to enhance situational awareness and boost collective cyber-resilience and defense, NATO said.
• The details will be thrashed out over the coming months, with NICC’s main role to inform NATO’s military commanders about offense cyber-threats and vulnerabilities which could impact the alliance, including privately owned civilian critical infrastructure.
• Since officially declaring cyberspace a legitimate domain for war several years ago, NATO has been enhancing its capabilities in the space.
• It regularly conducts cyber-defense exercises, involving non-NATO members like Japan and South Korea, and in 2022 announced plans to develop rapid response capabilities “to respond to significant malicious cyber activities.”
• Also that year, NATO successfully completed a trial of new “quantum safe” technology, designed to mitigate the future risks posed by quantum computers cracking asymmetric cryptography.
• Activities like these and the NICC are being executed against a backdrop of growing concern about the possibility of a Trump presidency undermining the alliance, as well as a response to increasingly aggressive moves by Russia, China, and other hostile states.
• In October 2023, Microsoft warned that Chinese actors had pre-positioned themselves into critical infrastructure networks, with a view to potentially launching destructive attacks in the event of a conflict.
• Russia regularly conducts cyber-espionage campaigns against the alliance and has tried to use false narratives to undermine it in various countries. The Kremlin still asserts that NATO ‘aggression’ was the reason for its invasion of Ukraine.
• The NICC will be able to draw on the expertise of new members Sweden and Finland.

??Link to the full story??

?????? Privacy in Technological Innovation

"Musk's Neuralink eyes more test subjects for its brain tech"— France 24

• Second Test Patient: Neuralink is progressing to its second human trial participant, with the goal of reaching "high single digits" by the end of the year.
• Success with First Patient: Noland Arbaugh, paralyzed from a diving accident, can now control a computer cursor and engage in various activities using his thoughts.
• Technical Improvements: Neuralink addressed issues with implant threads retracting and causing reduced functionality. Future implants will be placed deeper and at varying depths for better signal capture.
• Increased Bandwidth: The company aims to enhance communication speed between brain and computer for better human-AI symbiosis.
• Superhuman Abilities: Musk envisions Neuralink implants enabling superhuman capabilities like infrared vision and telepathic communication.
• Automated Surgery: Musk aims to develop a robotic process for quick and efficient implantation of Neuralink devices.
• Integration with Robotics: The long-term goal includes combining Neuralink with Tesla's humanoid robot, Optimus, for "cybernetic superpowers."

??Link to the full story??

"PROTON launches DOCS, a competitor for Google Docs focused on Data Privacy"— McPro

• Open-source and end-to-end encrypted: Proton Docs, a new word processor developed by Proton, prioritizes user privacy and data security through open-source code and end-to-end encryption.
• Seamless integration with Proton Drive: The new tool is integrated into Proton's cloud storage service, Proton Drive, providing a unified platform for document creation, storage, and collaboration.
• Targets privacy-conscious industries: Proton Docs is specifically designed to meet the needs of sectors like healthcare, media, finance, and legal firms, where data privacy and confidentiality are paramount.
• No data collection for external use: Proton is committed to protecting user data and does not collect or utilize user information for any purposes beyond facilitating user activities within the platform.
• Advanced formatting and collaboration features: Proton Docs offers a range of formatting options, image integration, and support for various document formats, including .docx. Additionally, it includes collaborative features similar to Google Docs, enabling real-time editing, commenting, and user tracking.
• Free plan available: Proton Docs offers a free plan with essential document creation and editing functions, catering to users with basic needs.
• Simple and secure solution: Proton aims to provide a user-friendly and secure alternative to existing document editing and collaboration tools, emphasizing privacy and data protection.
• Future expansion possibilities: While the current focus is on Proton Docs, there is potential for Proton to expand its suite of office tools to compete with platforms like Google Workspace in the future.

??Link to the full story??

????Privacy & Infosec

"NIST’s Latest FRTE Report Shows State of the Art"—Find Biometrics

• State-of-the-Art Performance: The report reveals significant advancements in face recognition accuracy, primarily due to deep convolutional neural networks (CNNs).
• Top Performers: Vendors like NEC, SenseTime, Cognitec, Idemia, Innovatrics, and Neurotechnology showcased exceptional accuracy and reliability in various scenarios.
• The comprehensive evaluation includes data on some of the best-performing algorithms from various vendors, showcasing their accuracy in face recognition technology.
• Notably, vendors such as NEC, SenseTime, Cognitec, Idemia, Innovatrics, and Neurotechnology stood out with exceptional performances.
• NEC’s algorithms were among the top performers, achieving a False Negative Identification Rate (FNIR) of 0.15 percent at a False Positive Identification Rate (FPIR) of 0.001. This indicates a 99.85 percent accuracy in identifying individuals.
• SenseTime demonstrated strong accuracy with a FNIR of 0.10 percent at the same FPIR, excelling at recognizing faces with significant pose variations, maintaining a 95 percent success rate.
• Cognitec Systems GmbH achieved a rank-one identification rate of 98.7 percent in the visa-like immigration application photos dataset and maintained over 97 percent accuracy in identifying individuals with images taken several years apart.
• Idemia’s algorithms achieved a FNIR of 0.12 percent at an FPIR of 0.001, efficiently processing large datasets with an average accuracy of 99.8 percent across multiple datasets.
• Innovatrics demonstrated strong performance with a FNIR of 0.11 percent at an FPIR of 0.001, maintaining an accuracy rate of 98.5 percent across various datasets.
• Neurotechnology’s algorithms achieved a rank-one identification rate of 98.9 percent in the mugshot dataset and maintained a 98 percent accuracy rate with an increasing population size over 10 million individuals.
• The NIST report also discusses significant accuracy gains achieved over recent years, attributing progress to the adoption of deep convolutional neural networks (CNNs).
• The report highlights that the most accurate algorithm reported is substantially more accurate than those reported in previous years, demonstrating continuous improvement.
• A detailed analysis in the report examines the impact of ageing and population size on algorithm performance, including the challenges of identifying twins and lookalikes.
• The report emphasizes the importance of human review in investigational applications and includes performance figures for prototype algorithms from a substantial majority of the face recognition industry.
• NIST emphasizes that its report is continuously updated with new algorithms and datasets, ensuring up-to-date information on the latest advancements in face recognition technology.

??Link to the full story??

"AT&T Confirms Data Breach Affecting Nearly All Wireless Customers"— The Hacker News

• The AT&T data breach highlights the vulnerabilities of third-party cloud platforms and the potential for widespread data exposure.
• The stolen data could be used for malicious purposes, such as identity theft and targeted attacks.
• Scope: Data breach affected nearly all AT&T wireless customers and MVNO customers using AT&T's network.
• Data Exposed: Records of call and text interactions, including phone numbers, interaction counts, and call durations. Some records also contained cell site identification numbers.
• Timeline: Threat actors unlawfully accessed AT&T's workspace on a third-party cloud platform between April 14 and April 25, 2024. The exposed data covers interactions from May 1 to October 31, 2022, and January 2, 2023.
• Impact: Threat actors could potentially use the stolen data to identify individuals and understand their communication patterns.
• Third-Party Cloud Provider: While not officially disclosed by AT&T, Snowflake confirmed the breach is connected to the hack that impacted other customers.
• Law Enforcement Involvement: AT&T is working with law enforcement, and at least one suspect has been apprehended.
• John Binns Connection: Reports suggest that John Binns, previously arrested for a T-Mobile data breach, is connected to this incident.
• Customer Alert: AT&T will notify affected customers and urges them to be vigilant against phishing and online fraud.
• Snowflake Hack: The breach is part of a broader campaign targeting Snowflake customers, with threat actors demanding ransom payments.
• Snowflake Response: Snowflake has implemented mandatory multi-factor authentication (MFA) for new accounts and will soon require it for all users to enhance security.

??Link to the full story??

"Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool"— The Hacker News

• Critical Authentication Bypass Flaw (CVE-2024-5910): Discovered in the Expedition migration tool, allowing unauthorized admin account takeover.
• Impact: Compromise of configuration secrets, credentials, and data imported into the tool.
• Affected Versions: All Expedition versions prior to 1.2.92.
• Mitigation: Update to the latest version and restrict network access to authorized users.
• BlastRADIUS Flaw (CVE-2024-3596): Impacts the RADIUS protocol, enabling potential authentication bypass and privilege escalation.
• Attack Vector: Adversary-in-the-middle (AitM) attacks between PAN-OS firewall and RADIUS server.
• Affected Products: PAN-OS versions 9.1 to 11.1 and Prisma Access.
• Mitigation: Avoid using CHAP or PAP unless encapsulated in an encrypted tunnel, update PAN-OS, and apply Prisma Access fix (expected July 30).
• Other Fixes: Palo Alto Networks also addressed other vulnerabilities in various products.
• Urgency: Promptly update affected Palo Alto Networks products to mitigate the risks posed by these vulnerabilities.
• Security Best Practices: Follow recommended workarounds and security configurations to minimize potential attack vectors.
• Vigilance: Stay informed about security advisories and patches to ensure continued protection against evolving threats.

??Link to the full story??

"Tourism companies warn of impact on data privacy due to mandatory traveler registration system in Spain"— Dimensión Turista

• Growing concern: Travel agencies express concerns about regulations that could overstep boundaries in collecting traveler data.
• Traveler registry: Mechanism designed for increased border control, but raises questions about privacy and individual freedom.
• Challenge for agencies: Balancing registry requirements with protecting customer data.
• Data collection: Concerns about the quantity and sensitivity of information gathered.
• Trust at stake: Travelers question if they are willing to sacrifice privacy for travel security.
• Complex debate: Balancing security, a non-negotiable issue, with the protection of personal data, a pillar of digital identity.
• Call for dialogue: Travel agencies advocate for policies that harmonize security and privacy, seeking intelligent and respectful measures.
• Traveler's role: Staying informed, asking questions, and demanding that their voice be heard in the conversation about security and privacy in travel.
• Key balance: Finding a middle ground where security and data protection coexist, allowing for travel enjoyment without sacrificing privacy.

??Link to the full story??

* The information in this newsletter is for informational purposes only and does not constitute legal or professional advice.

While we strive for accuracy, we do not guarantee the completeness or accuracy of the content. The views and opinions expressed in linked articles and resources are those of the authors and do not necessarily reflect the views of The Privacy HawkEye and / or its authors.

#AIethics #AIBias #Cybercrime #dataprivacylaw #surveillance #databreach #spyware #privacyinpolitics #digitalprivacynews #techpolicy #privacyadvocacy #cyberlaw #privacynewsletter