Cybersecurity in the News – Summer 2019
Notable events occur at a rapid pace in the field of cybersecurity, as threats to individuals, businesses, and even government entities are continuously evolving. Moreover, the sheer number of data breaches along with new regulations and lawsuits have a major impact on the field. Here are just a few recent examples:
Banks and Cybersecurity
It was recently reported that banks and other financial institutions have begun to invest more money into cybersecurity with the two largest U.S banks (i.e., J.P. Morgan and Bank of America) having a combined cybersecurity budget allowance of $1.4 million per year. Additionally, as part of their increased focus on cybersecurity, banks have begun to implement both simple protective measures such as reminders about office passwords, and larger-scale projects like data analytics and risk management programs. They are also working to cooperate with government agencies such as the FBI, to enhance prevention by encouraging joint efforts in detecting and sharing information about security threats. Expect more of this to continue and grow in the future.
FaceApp
FaceApp (owned by a Russian company) allows users to upload their photos, which are then edited by using AI. One of then app’s offerings, which was recently in the news, artificially aged the subjects in photos submitted by Facebook users. Although it’s a fun pastime for people to see how they might look as they age, users of FaceApp (and other photo-sharing apps) should consider the potential security risks of uploading personal photos – especially when the app’s Terms of Service provide that the company that owns the app has right to use all uploaded photos in perpetuity. With respect to FaceApp, there was a claim that when users uploaded a photo for aging purposes, it enabled the app to upload all of their photos and store them in the cloud. Research confirmed that this was not the case. However, it is still not clear whether user’s photos submitted for aging are actually deleted within the 48-hour time frame, as the app’s owner claims.
To best protect yourself, you may want to consider requesting that FaceApp remove your data. This can be done within the app (Settings>Support>Report a bug – Type the word “privacy” in the subject line) and requests will, according to FaceApp, be given security priority. While much of this information applies directly to FaceApp, you should keep security in mind when using any photo sharing app. Not surprisingly, downloading fewer of these apps can help decrease your risks.
Facebook and the FTC Settlement
In 2012 the FTC sued Facebook for making what were deemed to be misleading promises about protecting users’ privacy and data. This suit ended with an order that prohibited Facebook from making deceptive promises about users’ privacy controls in the future. Facebook was recently found to have violated this order when it shared user data with certain companies despite the fact that users had said that they that they did not wish to have their data shared. Additional violations by Facebook included misleading users about how the company uses facial recognition along with cell phone numbers and other personal data. These recent violations were resolved with a settlement that required Facebook to pay $5 billion, which is the largest civil penalty ever in a privacy case. Also part of the settlement was the stipulation that Mark Zuckerberg would no longer be the sole decision maker with respect to privacy. Instead, privacy decisions will be made by a committee on the company’s Board of Directors. Additionally, the settlement provides that a third party will now be responsible for assessing Facebook’s privacy standards. Moreover, Facebook is now required to certify compliance with its privacy requirements every quarter or face civil and criminal charges.
In light of the increased focus on privacy, if you are a user of Facebook, it’s advisable to check your privacy settings now to ensure they’re at the right level for you.
The information presented here is for general educational purposes only. It does not constitute legal advice and does not create an attorney-client relationship.