Only 1 / 67 antivirus engines list SUNBURST backdoor as malicious - SolarWinds.Orion.Core.BusinessLayer.dll https://t.co/taaiUtSJzR #SUNBURST #UNC2452
(just like the report said). Thus far all analysis has held up (no real surprise there).
More from Internet
Well, this should be a depressing read -- notably because the UK and the US are both terrible when it comes to data protection, but the UK appears to be getting a pass. So much for 'adequacy'.
A few initial thoughts on the Draft Decision on UK Adequacy: https://t.co/ncAqc93UFm
The decision goes into great detail about the state of the UK surveillance system, and notably, "bulk acquisition" of data, and I think I get their argument. /1
For one, while the UK allows similar "bulk powers," it differs from the US regime both in terms of proportionality, oversight, and even notice. Some of this came about after the Privacy International case in 2019 (Privacy International) v Investigatory
Powers Tribunal [2019]) /2
Whereas, other bits were already baked in by virtue of the fact that the Human Rights Act is a thing (This concept doesn't exist in the US; rather we hand-wave about the Constitution and Bill of Rights, and then selectively apply it) /3
For example, UK bulk surveillance (I'm keeping this broad, but the draft policy breaksk it down), substantially limits collection to three agencies: MI5, MI6, and GHCQ). By contrast, it's a bit of a free-for-all in the US, where varying policies /4
At least we have a draft of the adequacy decision. I haven't read it yet, mostly because I'm afraid I'll be disappointed that it doesn't address the UK's penchant for surveillance. https://t.co/puJiVET2SJ
— Don Edwards (@DMEdwards) February 20, 2021
A few initial thoughts on the Draft Decision on UK Adequacy: https://t.co/ncAqc93UFm
The decision goes into great detail about the state of the UK surveillance system, and notably, "bulk acquisition" of data, and I think I get their argument. /1
For one, while the UK allows similar "bulk powers," it differs from the US regime both in terms of proportionality, oversight, and even notice. Some of this came about after the Privacy International case in 2019 (Privacy International) v Investigatory
Powers Tribunal [2019]) /2
Whereas, other bits were already baked in by virtue of the fact that the Human Rights Act is a thing (This concept doesn't exist in the US; rather we hand-wave about the Constitution and Bill of Rights, and then selectively apply it) /3
For example, UK bulk surveillance (I'm keeping this broad, but the draft policy breaksk it down), substantially limits collection to three agencies: MI5, MI6, and GHCQ). By contrast, it's a bit of a free-for-all in the US, where varying policies /4
You May Also Like
Recently, the @CNIL issued a decision regarding the GDPR compliance of an unknown French adtech company named "Vectaury". It may seem like small fry, but the decision has potential wide-ranging impacts for Google, the IAB framework, and today's adtech. It's thread time! 👇
It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details): https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha
I've read it so you needn't!
Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.
The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.
Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.
It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details): https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha
I've read it so you needn't!
Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.
The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.
Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.
