Listen: Facebook, Federal Trade Commission, F._T._C. discussed on The CyberWire
"And quote the largest U._S. voting system vendor yes an s say they've got arguably more secure windows ten based systems coming soon and that they're working with Microsoft to provide windows seven security upgrades until all systems came to be converted to the latest version of the O._S. U._S.. This is not an unfamiliar problem with Internet of things generally vendors modify operating systems in ways that tend to prolong their life beyond the intended limits. There may also be a standards issue here county election officials tend to take certifications as solid evidence that their systems are secure but the A._p.. Story goes on to say that citizens for better elections and advocacy group says that many county election officials seemed to be unaware that many of the systems they intend to use these were certified under two thousand five standards in any event vulnerabilities in systems that count and report votes would open the possibility of direct manipulation of elections a step beyond the kind of influence operations foreign actors have deployed in the past avast follows up the trend toward cross site request forgery attacks against routers with a report on the exploit kits used the attacks had been noted earlier by Rad wear and Net lab victims victims continue to be concentrated in Brazil coin desk reports. The Japanese Alt- Coin Exchange bit point has halted all activity while it investigates the theft of some thirty two million dollars in crypto currency the exchange notice there was a problem when it observed anomalous behavior in hot wallet. The Wall Street Journal reported late Friday that the U._S. Federal Trade Commission has approved a five billion dollar settlement in the matter of facebook privacy missteps in connection with the Cambridge Analytical Data Scandal. The commission divided along partisan lines in their vote. The three Republicans approve the F._T._C.'s proposed settlement while the two Democrats saw things to dislike in it the agreement which now goes to to the Department of Justice Civil Division for final review is expected to include provisions for closer privacy oversight of the social network but those details weren't immediately available. It's thought the partisan divide may have been over the character of the oversight measures us as heavy a burden as five billion dollars may be congressional critics of the fine point to facebook's very high revenues which were Washington Post notes fifteen billion dollars for the last quarter alone facebook had had expected heavy fine and in that same quarterly reports said that it had put aside funds to cover that eventuality another way of looking at the matter is in terms of profit per employee at facebook. That's over six hundred thirty four thousand per employee three per year a record for the tech sector according to Silicon Valley Business Journal nonetheless. It's hard to regard five billion dollars as chump change even around Menlo Park. The settlement easily sets a record for penalties. is imposed for violating and F._T._C. order. The previous record was a twenty two point five million dollar fine against Google in two thousand twelve which in relative terms is chicken feed. The F._T._C. has greater latitude in punishing repeat offenders and we're facebook not a privacy recidivist might have gotten off easier on the other hand a number of observers including some members of Congress think the penalty amounts to a slap on the wrist and opinion piece in the verge agrees arguing that facebook has behaved badly since its foundation and that it has consistently escaped accountability for such missteps as those on display in the Cambridge analytica affair the G._A._O.. Recently published a report federal title agencies need to strengthen online identity verification processes urging federal agencies to up their game when it comes to user authentication Patrick Cox is founder of trust I._D.. A company that specializes in call authentication Haitian the traditional way I- traditional meaning. Maybe the last ten or fifteen years the way authentication has worked in these channels primarily asking questions right. We all know the drill. What's your mother's maiden name? What your date of birth which your social security number things things like that and and that's broken? That's really what led us here. Today is that that information is totally broken and so what are the alternatives then well three ways to authenticate somebody one obviously is asking questions and that's called knowledge wjr face identity <hes> proving the second one would be ownership so you think about a credit card physical unique device right that would be ownership authentication having a device a key for example Kita safety deposit box would be an ownership token and the final one is what we call inherent something you inherently are so a fingerprint a retinal scan. You know DNA things like that would indicate who you are. Those are the only three tools we have in the in the authentication arsenal so so questioning you know is really easy to understand why you do that especially over a phone call because it's hard to if not impossible to get a fingerprint or something over a phone call right so it becomes more challenging. I know one of the concerns here is that if you move move to a digital method if you do something that requires something like a mobile device well not everybody has a mobile device absolutely true and so what we've what we've been advocating for in fact we do this. Millions and millions of sometimes each day for some of the largest financial institutions in the country is relying far less on the asking of questions right the knowledge information that whole approach frankly broken because criminals know your data birthright us on social media it's been shared the sad news with all the data breaches and hacks and so on out there late they have your social security number. They have your."