Whistleblower tells Guardian of growing alarm over secret transfer of medical history data, which can be accessed by Google staff
A whistleblower who works in Project Nightingale, the secret transfer of the personal medical data of up to 50 million Americans from one of the largest healthcare providers in the US to Google, has expressed anger to the Guardian that patients are being kept in the dark about the massive deal.
The data protection laws introduced last year are failing us – and our children
Who owns your data? This is one of the toughest questions facing governments, companies and regulators today and no one has answered it to anyone’s satisfaction. Not what we were promised last year, when the European Union’s General Data Protection Regulation, commonly known as the GDPR, came into effect.
The GDPR was billed as the gold standard of data protection, offering the strongest data rights in the world. It has forced companies everywhere to modify their operating models, often at great cost. It inspired the state of California to pass a similar law and where California leads, the rest of the US often follows; there have been calls for a federal version of the GDPR.
Most websites nudge us into clicking 'I consent' by making it harder for us not to
Advances in computing processing power and AI will allow those who have our data to do much more with it, and so with us
App users were able to see other customers’ data, including names, dates of birth and mobile numbers
The popular petrol-buying app run by 7-Eleven has suffered a data breach that allowed customers to view the names, email addresses, mobile numbers and dates of birth of other users.
The 7-Eleven fuel app, which the company said this week has been downloaded two million times, was taken offline for a matter of hours on Thursday after a customer alerted the company to the fact that he was able to access the personal information of several other customers via the app.
Reports were quarantined by software designed to protect fraud bureau’s computer system, watchdog told
Thousands of reports of cybercrime were quarantined on a police database instead of being investigated because software designed to protect the computer system labelled them a security risk.
The backlog at one point stretched to about 9,000 reports of cybercrime and fraud, some of them dating back to October last year. The reports had been made to Action Fraud and handed to the National Fraud Intelligence Bureau (NFIB), run by the City of London police.
Without greater access to our online habits, politicians cannot frame laws for the digital age
The UK government’s porn block was a dead man walking for months, if not years. It is long overdue that this attempt to curb children’s access to online pornography is scrapped. Almost two years ago, a close colleague and I sat in a meeting with one of the policymakers who had recently been asked to implement the proposal. The pained look on his face when we queried his progress confirmed our suspicions that it was an impossible task. It was clear to many that the block could – and would – never come to pass.
The plan did not have just one achilles heel – it had many.
Scientists and other stakeholders cannot access information about what the population is actually doing online
Chinese use state-owned enterprises, local tech companies and foreign partnerships, ASPI report says
The Chinese government is sweeping up vast amounts of data from all around the world to bulwark the nation’s security, but most critically to secure the political future of the Communist party, a new report argues.
Engineering Global Consent, a policy brief by the Australian Strategic Policy Institute’s Dr Samantha Hoffman, argues that the Chinese party-state seeks to influence – and where possible control – global online and political environments so that public sentiment around the world is more favourable towards its interests. China has expanded its operations of influence into organisations such as universities in the UK, the US and Australia.
Describing a documented database as ‘secret’ risks causing unjustified distrust in a multi-agency programme that seeks to protect those vulnerable to all forms of radicalisation and keep our communities safe, writes Chief Constable Simon Cole
Your front-page lead (7 October) talks of a “secret” police Prevent database. It is not a very well kept “secret”; a quick online search brings up numerous references to its existence in public documents – and it is where the published annual referral statistics are sourced from. The Prevent pages on the National Police Chiefs’ Council website also refer to the fact Prevent officers keep records.
We do this for exactly the same purpose we document other forms of supportive safeguarding activity such as for child sexual exploitation, domestic abuse or human trafficking. It means we can be – and are – subject to oversight and accountability.
Messages can only be seen under UV light and can be erased using a hairdryer
Forget lemon juice and hot irons, there is a new way to write and read invisible messages – and it can be used again and again.
The approach, developed by researchers in China, involves using water to print messages on paper coated with manganese-containing chemicals. The message, invisible to the naked eye, can be read by shining UV light on the paper.
Fining YouTube for targeting adverts at children as if they were adults shows progress is being made on both sides of the Atlantic, writes Steve Wood of the Information Commissioner’s Office
The conclusion of the Federal Trade Commission investigation into YouTube’s gathering of young people’s personal information (‘Woeful’ YouTube fine for child data breach, 5 September) shows progress is being made on both sides of the Atlantic towards a more children-friendly internet. The company was accused of treating younger users’ data in the same way it treats adult users’ data.
YouTube’s journey sounds similar to many other online services: it began targeting adults, found more and more children were using its service, and so continued to take commercial advantage of that. But the allegation is it didn’t treat those young people differently, gathering their data and using it to target content and adverts at them as though they were adult users.
Students using events app Get, previously known as Qnect, may have had their personal data exposed online
The personal details of an estimated 50,000 students involved in university clubs and societies around Australia may have been exposed online, in the second breach of its kind for the company holding the data.
Get, previously known as Qnect, is an app built for university societies and clubs to facilitate payments for events and merchandise. The app operates in four countries with 159,000 active student users, and 453 clubs using it.
Our head of investigations explains how a new IT system, Giant, has the power to find needles in journalistic haystacks
There aren’t too many places to hide at the Guardian. The offices are open-plan and most of the meeting rooms have glass walls.
There is one room, however, that has a special status. In recent years, when we have been involved in big investigations, this is the place where reporters and editors have relocated for months on end.
Users of Zao can now add themselves into the scenes of their favourite movies. But is our desire to insert ourselves into everything putting our privacy at risk?
‘You oughta be in pictures,” goes the 1934 Rudy Vallée song. And, as of last week, pretty much anyone can be. The entry requirements for being a star fell dramatically thanks to the launch, in China, of a face-swapping app that can decant users into film and TV clips.
Zao, which has quickly become China’s most downloaded free app, fuses the face in the original clip with your features. All that is required is a single selfie and the man or woman in the street is transformed into a star of the mobile screen, if not quite the silver one. In other words, anyone who yearns to be part of Titanic or Game of Thrones, The Big Bang Theory or the latest J-Pop sensation can now bypass the audition and go straight to the limelight without all that pesky hard work, talent and dedication. A whole new generation of synthetic movie idols could be unleashed upon the world: a Humphrey Bogus, a Phony Curtis, a Fake Dunaway.
Android and Windows devices also targeted in campaign believed to be state-backed
Chinese Uighurs were the target of an iOS malware attack lasting more than two years that was revealed last week, according to multiple reports.
Android and Windows devices were also targeted in the campaign, which took the form of “watering hole attacks”: taking over commonly visited websites or redirecting their visitors to clones in order to indiscriminately attack each member of a community.
Exclusive: Hannah Fry says ethical pledge needed in tech fields that will shape future
Mathematicians, computer engineers and scientists in related fields should take a Hippocratic oath to protect the public from powerful new technologies under development in laboratories and tech firms, a leading researcher has said.
The ethical pledge would commit scientists to think deeply about the possible applications of their work and compel them to pursue only those that, at the least, do no harm to society.
Despite being invisible, maths has a dramatic impact on our lives
Researchers able to identify MP Anthony Carbines’s travel history using tweets and Public Transport Victoria dataset
The three-year travel history of a Victorian politician was able to be identified after the state government released the supposedly “de-identified” data of more than 15m myki public transport users in a breach of privacy laws.
In July 2018, Public Transport Victoria (now the Department of Transport) released a dataset containing 1.8bn travel records for 15.1m myki public transport users for the period between June 2015 and June 2018.
See you about 05.24AM tomorrow at Rosanna to catch the first train to town. Well done all. Thanks for hanging in there. Massive construction effort. Single track gone. Two level crossings gone. The trains! The trains! The trains are coming! pic.twitter.com/kk2Cj3ey9T
Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database
The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.
Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.
Web security firm Cloudflare’s decision to terminate 8chan as a customer is welcome, but risks setting a dangerous precedent
Last Saturday morning, a gunman armed with an assault rifle walked into a Walmart store in El Paso, Texas, and shot 22 people dead and injured 24 more. Shortly before he did so, a post by him appeared on the /pol/ [politically incorrect] message board of the far-right website 8chan. Attached to it was a four-page “manifesto”. The 8chan thread was quickly deleted by a site moderator (it was news to me that 8chan had moderators), but archived copies of it rapidly circulated on the internet.
“There is nothing new in this killer’s ramblings,” wrote one analyst who had read it. “He expresses fears of the same ‘replacement’ of white people that motivated the Christchurch shooter and notes that he was deeply motivated by that shooter’s manifesto.”
Cybersecurity firm FireEye says ‘aggressive’ APT41 group working for Beijing is also hacking video games to make money
A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for the Chinese government in 14 different countries, the cybersecurity firm FireEye has said.
In a report released on Thursday, the company said the hacking group APT41 was different to other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.