Australian government, Apple and Instagram intrude on your privacy while Microsoft risk is exposed. Talk Liberation - Your Worldwide INTERNET REPORT (Issue 6, 2021)

State protection or state surveillance - how much personal freedom are we prepared to hand over "for our own good"?

Australian government passes unprecedented surveillance bill

Australian police now have the authority to hack citizens’ devices, collect or delete their data and take control of their social media accounts.

Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.

In just 24 hours, a surveillance bill passed through the Australian parliament, which grants significant power to two of Australia’s law enforcement agencies, the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC). The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 gives the AFP and ACIC three additional powers when combating online crime. The agencies can issue a “data disruption warrant,” which gives the police the authority to collect or delete data from a citizen’s device, a “network activity warrant,” which allows the police to extract intelligence from a device, and an “account takeover warrant,” which allows police to take over a social media account to acquire information during an investigation.

Advocates of the bill claim that it is intended to prevent child exploitation and terrorism online. Yet the bill has been met with significant criticism from human rights and privacy organizations. The Human Rights Law Centre criticized the bill for not including sufficient safeguards to protect Australians’ privacy. Angus Murray, Chair of Electronic Frontiers Australia, says the hacking powers given to police pose a serious threat to civil liberties. In a statement to Information Age, Murray said:

“Australia doesn’t have constitutionally enshrined rights to political speech and other human rights, but if we’re going to give law enforcement these powers, that should be checked and balanced against a human rights instrument at Federal level.”

Apple Wallet app to scan your government IDs

Apple and US state governments are teaming up to allow for the Wallet App to collect user IDs and driver’s licenses. Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma and Utah are the first eight states to roll out this new feature. Users will be asked to upload their ID to the Wallet App and the ID will then be approved by the issuing state.

This is all part of Apple’s vision to replace our physical wallets with a digital wallet. According to its website, Jennifer Bailey, Apple’s Vice President of Apple Pay and Apple Wallet, says “The addition of driver’s licenses and state IDs to Apple Wallet is an important step in our vision of replacing the physical wallet…”

Additionally, the new feature uses biometric and facial recognition technology. Apple claims that, as an additional security step, users will be required to do a series of head and facial movements during the identity confirmation process.

But the mega-corporation is not only collaborating with state governments. During air travel, passengers will be enabled to show their IDs to the Transportation Security Administration (TSA) using their iPhone. David Pekoske, TSA Administrator, said in the release that the new feature will make air travel more convenient for passengers.

Covid-19 tracking app data breach

Indonesia is investigating a possible leak of personal health data stored on a Covid-19 contact tracing application. According to the Health Ministry, the government believes a partner, which was not disclosed, is the possible source of the data leak from the electronic Health Alert Card (eHAC) app. The eHAC app was mandatory for foreign and domestic travelers and collected contact information and Covid-19 test results.

According to vpnMentor, the eHAC app did not include the proper data privacy features and as a result, the data of more than one million people was placed on an open server. Not only did the leak expose the data of app users and private hospital records, it revealed the architecture of the app itself. 

Since July 2, it has been replaced with the PeduliLindungi app. This is the second data breach involving the Indonesian government in the last several months.

Instagram requiring more user information 

Instagram says it is requiring all users to provide their birthday in order to protect younger app users. According to its website, Instagram is implementing this new feature in order to create a safer online environment while using the app. Instagram will continuously ask users to voluntarily provide their date of birth, however if a user does not provide this information they will be prevented from continuing to use the social media site.

In addition, in order for a user to view a post that includes a warning label, the user will be required to provide their birth date. Instagram already includes warnings on what it deems to be sensitive content but does not currently ask for the user’s birth date.

The photo and video sharing platform acknowledges that users may be deceptive when providing their date of birth. However, Instagram is developing systems to ensure that users provide the correct information. In Instagram’s announcement of the new feature, it states:

“We’re using artificial intelligence to estimate how old people are based on things like ‘Happy Birthday’ posts. In the future, if someone tells us they’re above a certain age, and our technology tells us otherwise, we’ll show them a menu of options to verify their age.”

The announcement of this latest Instagram safety feature, which requires more of your personal data to access content, comes at a time when the app is censoring well-known comedians including Sam Tripoli who was suspended from the platform for 30 days and Tim Dillon, whose tour poster was uploaded to the platform but subsequently removed by the app.

According to Instagram, Dillon’s post went against community guidelines and was “coordinating harm or promoting crime.” The censoring of both comedians on Instagram was not well received by Twitter users who reacted to the posts. Some users even congratulated the comedians for being kicked off the photo sharing platform.

White House Teams up with Big Tech

The Biden Administration and several big tech CEOs joined forces to tackle cybersecurity during a White House summit. The Washington Post reports that President Joe Biden encouraged the heads of Apple, Google and JP Morgan Chase to take a more active role in response to cybersecurity threats.

President Biden claims that a shortage of cybersecurity professionals makes this task more difficult. The president announced that it will work with the tech industry to establish clear guidelines and protocol for creating secure technology and assessing security risks.

According to the report, this is part of a broader effort on behalf of the White House to manage cybersecurity attacks as a threat to national security and the economy.

Palantir software gave FBI unauthorized access to data

Private intelligence company Palantir gave the FBI unauthorized access to data for more than a year. It is reported that a “glitch” in its software system inadvertently gave the FBI access to the data.

The incident became public when it was revealed in court documents in the New York federal court case against Virgil Griffith, an accused hacker. Griffith is accused of “allegedly providing North Korea with information” related to cryptocurrency that would allow the country to bypass US sanctions. Griffith was arrested in 2019 and a search warrant for his social media data was granted in March 2020. According to TechCrunch, “the Twitter and Facebook information was uploaded to Palantir’s program through the default settings, effectively allowing unauthorized FBI employees to access it.” 

The data was accessed four times by four FBI employees between May 2020 and August 2021. Palantir has since distanced itself from the matter and denies any wrongdoing.

Microsoft vulnerability puts thousands at risk

Microsoft is warning cloud computing customers that hackers may have the ability to read, alter or delete customer information, Reuters reports. The vulnerability in the Microsoft Azure's flagship Cosmos DB database puts some of the world’s largest companies at risk of having their information viewed and altered by third parties. 

Researchers at the security company Wiz, discovered they were able to access keys that “control access” to databases owned by thousands of businesses.

However, Microsoft does not have the ability to change the access keys. In an email to its customers, Microsoft encouraged those companies to create new keys. Additionally, it reassured that there is no evidence that the vulnerability in the software had been exploited.

Wiz Chief Technology Officer Ami Luttwak told Reuters that customers who were not notified could have had their keys swiped and databases overtaken by hackers.

Microsoft claims the issue is resolved and has agreed to pay Wiz $40,000 for discovering the vulnerability.

Panquake updates donors on development progress

Next-generation social media application Panquake held its seventh public delivery meeting for the month of August. CPO Suzie Dawson and CSO Sean O’Brien presented updates on the new crowdfunded social platform’s progress and development. Since the launch of panquake.com in January 2021, Panquake has received financial backing from more than 3,000 donors and now employs nine full-time staff. Panquake is 83% funded in Phase Two of its campaign to complete its BETA development.

During the month of August, Panquake achieved significant progress in its development, announcing the design of the eight microservices, which will compartmentalize, secure and make scalable the delivery of different forms of Panquake system and blockchain data to its users.

Further elaborating on the development of Panquake during the delivery meeting Dawson said:

“The extent to which we go in our architecture and planning and our coding to provide people with anonymity services if required, the ability to be forgotten if required, the ability to minimize the traces left on the device from the use of Panquake, which is a big discussion that we’ve been having — this is stuff that sets us completely apart from any other existing social media service of which I’m aware.”

In July, panquake.com launched its BETA on-boarding process, calling for applications to join a “Team of 5,000” BETA users. You can sign up to join by visiting this link: https://panquake.me/5000/. The next panquake.com delivery meeting will be held on September 25, 2021.

That concludes Your Worldwide INTERNET REPORT for this week! 

Remember to SUBSCRIBE and spread the word about this amazing news service.

This issue of Your Worldwide INTERNET REPORT was written by Taylor Hudak; Edited by Suzie Dawson and Sean O’Brien; Graphics by Kimber Maddox; with production support by David Sutton.

Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by panquake.com. We Don’t Hope, We Build! 

© Talk Liberation CIC Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com