Mosaic Security Research

Cyber Security News & Research

Identity Mgt & Web Fraud

Identity Mgt & Web Fraud – The Week’s Best News – 2019.10.10

by

A Review of the Best News of the Week on Identity Management & Web Fraud

Twitter Took Phone Numbers for Security and Used Them for Advertising (VICE, Oct 08 2019)
This could make people think twice about using a phone number to secure their account at all.

2019 Global Password Security Report (LastPass, Oct 08 2019)
57% of businesses globally are using multifactor authentication, compared to 45% last year.
13x is how often an employee reuses a password, on average.
23% of employees access their password vault on a smartphone.

FBI’s Use of Surveillance Database Violated Americans’ Privacy Rights, Court Found (WSJ, Oct 09 2019)
Some of the FBI’s electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program, a surveillance court has ruled.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Legacy Systems Held DHS’ Biometrics Programs Back. Not Anymore. (Nextgov, Oct 05 2019)
The cloud-based HART system, which will house data on hundreds of millions of people, promises to significantly expand the department’s use of facial recognition and other biometric software, as well as its partnerships with external agencies.

Microsoft: Any form of MFA takes users out of reach of most attacks (Help Net Security, Oct 04 2019)
“Use of anything beyond the password significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population,” Alex Weinert, Group Program Manager for the Identity Security and Protection team at Microsoft, explained.

Egypt Is Using Apps to Track and Target Its Citizens, Report Says (NYTimes, Oct 03 2019)
Egypt Is Using Apps to Track and Target Its Citizens, Report Says  The New York Times

JFK Airport’s Terminal 1 launches facial recognition boarding (New York Post, Oct 08 2019)
A biometric self-boarding gate has officially been launched at John F. Kennedy International Airport’s Terminal 1, officials said Tuesday. Lufthansa has deployed the paperless, high-tech boarding p…

Passport facial checks fail to work with dark skin (BBC News, Oct 09 2019)
The UK government admits it knew its facial mapping tech struggled to work with some skin tones.

Insider threats are security’s new reality: Prevention solutions aren’t working (Help Net Security, Oct 07 2019)
Today, 79% of information security leaders believe that employees are an effective frontline of defense against data breaches. However, this year’s report disputes that notion.

Amex Employee Suspected of Wrongfully Accessing Customer Data to Commit Fraud (Infosecurity Magazine, Oct 04 2019)
Amex warns customers to be vigilant for fraudulent activity on their accounts after data breach

New York City Lawmakers Look to Regulate Facial-Recognition Tools (WSJ, Oct 08 2019)
Legislation would establish guidelines for landlords and businesses using biometric data systems

Wi-Fi signals let researchers ID people through walls from their gait (Naked Security – Sophos, Oct 07 2019)
Police could set up transceivers outside a building and compare spectrograms of suspects walking vs. crime scene footage.

£3 billion Safari iPhone privacy lawsuit given go-ahead (Naked Security – Sophos, Oct 04 2019)
A UK class action lawsuit against Google, that represents around 5 million iPhone users, can go ahead, according to the UK Court of Appeal.

Instagram is helping users avoid phishing scams (Engadget, Oct 08 2019)
A new feature lets Instagram users confirm security emails are genuine.

Nationwide facial recognition ID program underway in France (Naked Security – Sophos, Oct 08 2019)
It’s coming next month, in spite of a lawsuit and the data regulator’s protests about lack of consent, data security and privacy.

2020 Presidential Candidate Campaign Websites Fail On User Privacy (SecurityWeek, Oct 08 2019)
Despite everything that has happened over the last four years, the security posture of the 2020 presidential candidates’ campaign websites is little better and often worse than it was in 2016.

How the Software-Defined Perimeter Is Redefining Access Control (Dark Reading, Oct 09 2019)
In a world where traditional network boundaries no longer exist, VPNs are showing their age.

2FA, HTTPS and private browsing still a mystery to most Americans (Help Net Security, Oct 10 2019)
Most US adults know what phishing scams are and where they occur, what browser cookies do, and that advertising is the largest source of revenue for most social media platforms, a recent Pew Research Center survey aimed at testing American’s digital knowledge has revealed.

Impact and prevalence of cyberattacks that use stolen hashed administrator credentials (Help Net Security, Oct 10 2019)
There’s a significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses today, according to a survey from One Identity.

California outlaws facial recognition in police bodycams (Naked Security – Sophos, Oct 10 2019)
The bill was introduced by Phil Ting: one of 26 state lawmakers misidentified as suspects in an ACLU test of the technology.

Identity Mgt & Web Fraud – The Week’s Best News – 2019.10.03

by

A Review of the Best News of the Week on Identity Management & Web Fraud

Government to Begin DNA Testing on Detained Immigrants (New York Times, Oct 03 2019)
The Department of Homeland Security said it would begin testing on hundreds of thousands of immigrants in federal detention facilities.

Disinformation campaigns cheap and easy to launch: Recorded Future (SC Magazine, Sep 30 2019)
Researchers conducted an experiment to see what it would take for malicious actors to either boost a company’s online stature or tear it down and found both could be accomplished in about 30 days and cost just a few thousand dollars.

MyPayrollHR CEO Arrested, Admits to $70M Fraud (Krebs on Security, Sep 27 2019)
“Earlier this month, employees at more than 1,000 companies saw one or two paycheck’s worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers. On Monday, the CEO was arrested and allegedly confessed that the diversion was the last desperate gasp of a financial shell game that earned him $70 million over several years.”

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Driver’s License Thefts Spur ADOT to Boost Online Safeguards (SecurityWeek, Sep 28 2019)
Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver’s licenses.

Privacy Regulation Stays Local – For Now (Gartner Blog Network, Sep 25 2019)
In a much watched and contested case, EU regulators side with those who see privacy and the ‘right to be forgotten’ as a local, country or regional consideration. On Tuesday, the European Court of Justice decided that firms like Google don’t have to apply the EU’s ‘right to be forgotten’ to versions of its search engine accessed outside the EU.

Former Yahoo engineer admits using his access to steal users’ sexual images (Ars Technica, Oct 01 2019)
The 34-year-old man targeted accounts of younger women, including friends and colleagues.

Zendesk Breach Hits 10,000 Corporate Accounts (Infosecurity Magazine, Oct 03 2019)
Personal info and passwords were accessed in 2016 incident

Google Expands Use of Password Checkup Tool, Unveils New Privacy Features (SecurityWeek, Oct 02 2019)
Google on Wednesday announced that its Password Checkup tool has been added to the Account password manager, and the company has unveiled some new security and privacy features for YouTube, Maps and Assistant.

China’s 500 megapixel camera is capable of mega-facial-recognition (Naked Security – Sophos, Oct 01 2019)
The ‘super camera’ can identify people dozens of meters away using facial recognition.

The Etiquette of Respecting Privacy in the Age of IoT (Dark Reading, Sep 28 2019)
Is it rude to ask someone to shut off their Alexa? Ask the family who’s written the book on etiquette for nearly 100 years – the descendants of Emily Post herself.

Security by Sector: Bad Bots Targeting the E-Commerce Industry (Infosecurity Magazine, Sep 27 2019)
Research finds e-commerce bot activity is becoming more sophisticated and harder to detect

Global Consumers Reject Government-Mandated Encryption Backdoors (Infosecurity Magazine, Sep 27 2019)
Venafi reveals low levels of trust in governments’ data protection promises

Match knowingly puts people at risk from scammers, FTC charges (Naked Security – Sophos, Sep 27 2019)
Match.com allegedly put users on its free version at risk – by not filtering out communications that it knew were from fake accounts.

Ring Camera Surveillance Is Transforming Suburban Life (Wired, Sep 26 2019)
Consumer surveillance cameras are everywhere now, and they’re capturing moments we otherwise would never have known happened.

Father of Identity Theft’ Convicted on 13 Federal Counts (Dark Reading, Oct 01 2019)
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.

Stalkerware on the Rise Globally (Dark Reading, Oct 02 2019)
Stalkware is being installed on more and more victims’ devices, and the trend is only accelerating, according to a new report.

Massive uptick in eCrime campaigns, retail among top targeted industries (Help Net Security, Oct 02 2019)
This is in stark difference from last year, but does not indicate a reduction in state-sponsored activity overall. Rather, it reflects a continued shift in eCrime adversary behavior to focus more on leveraging nation-state style intrusions versus targeted spray and pray attacks in pursuit of more and larger payouts.

Over 20 Million Russian Tax Records Exposed in Privacy Snafu (Infosecurity Magazine, Oct 03 2019)
Ukrainian company fails to secure AWS Elasticsearch cluster

How Incognito Google Maps Protects You—and How It Doesn’t (Wired, Oct 02 2019)
Turning on the new Incognito Mode in Google Maps won’t make you as invisible as it might sound.

Identity Mgt & Web Fraud – The Week’s Best News – 2019.09.26

by

A Review of the Best News of the Week on Identity Management & Web Fraud

Russian national confesses to biggest bank hack in US history (Ars Technica, Sep 23 2019)
In all, defendant stole more than 100 million records stole, prosecutors say.

Google Wins EU Fight Against Worldwide ‘Right to be Forgotten’ (SecurityWeek, Sep 24 2019)
Google is not required to apply an EU “right to be forgotten” to its search engine domains outside Europe, the EU’s top court ruled Tuesday in a landmark decision.

Millions of YouTube accounts hijacked through phishing and compromised 2FA (SC Magazine, Sep 24 2019)
Cybersecurity executives blamed YouTube’s continued use of multifactor authentication and relying on user credentials instead of more advanced forms authentication as the reasons behind why millions of accounts were hijacked over the last few days.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Payment card thieves hack Click2Gov bill paying portals in 8 cities (Ars Technica, Sep 20 2019)
New wave of attacks comes after previous Click2Gov hack compromised 300k payment cards.

Could EarEcho change the way we authenticate our phones? (Naked Security – Sophos, Sep 23 2019)
Researchers have discovered a way to use wireless earbuds as a biometric authentication system.

The Private Surveillance System That Tracks Cars Nationwide (VICE, Sep 19 2019)
It’s not just the NSA with all of the surveillance power in America, there’s a booming corporate-owned surveillance industry used by private investigators.

A Feminist Take on Information Privacy (Schneier on Security, Sep 20 2019)
“Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us confused and blaming ourselves. Here are some of the ways our unequal relationship with our smartphones is like an abusive relationship:”

New surveillance tech means you’ll never be anonymous again (Wired, Sep 23 2019)
Forget facial recognition. Researchers around the world are creating new ways to monitor you. Lasers detecting your heartbeat and microbiome are already being developed

Passwordless authentication is here ​now​, and it is vastly superior to using a password (Help Net Security, Sep 24 2019)
“Mirko Zorz, Help Net Security’s Editor in Chief, recently published ​an article about the state of passwordless authentication​ that predicted a long journey before this technology is viable. We would like to share that passwordless multi-factor authentication is a reality today.”

Tackling biometric breaches, the decentralized dilemma (Help Net Security, Sep 26 2019)
Tech giants are bought in on distributed biometrics protocols WebAuthn and FIDO2. In fact, decentralized biometrics solutions based on these protocols are available at a number of big name tech companies. By moving to decentralized biometrics solutions, companies are not buying into a false sense of security provided with centralized biometrics. Centralized biometrics stores are not more secure. They are not more reliable.

Vimeo sued for storing faceprints of people without their say-so (Naked Security – Sophos, Sep 26 2019)
The suit was filed under BIPA, the Illinois law that requires written consent to grab people’s faceprints – the same law Facebook’s battling.

Researchers analyzed 16.4 billion requests to see how bots affect e-commerce (Help Net Security, Sep 20 2019)
E-commerce companies suffer from a continual barrage of bad bots that criminals, competitors, resellers and investment companies use to carry out unauthorized price scraping, inventory checking, denial of inventory, scalping, customer account takeover, gift card abuse, spam comments, transaction fraud and more.

Facebook Disrupts Misinformation Campaigns in Ukraine and Iraq (Infosecurity Magazine, Sep 19 2019)
Social network removes hundreds of accounts after coordinated inauthentic behavior

Twitter Culls 10,000 More State-Sponsored Accounts (Infosecurity Magazine, Sep 23 2019)
Social network spots wide-ranging attempts to spread misinformation

Two charged with tech-support scamming the elderly for $10m (Naked Security – Sophos, Sep 23 2019)
The tech-support scammers were allegedly part of a network of crooks in the US and India who conned about 7,500 victims.

Google Tightens Its Voice Assistant Rules Amid Privacy Backlash (Wired, Sep 23 2019)
Following Apple, Amazon, and others, Google will put in new safeguards against accidental voice assistant collection and transcription.

Facebook has booted tens of thousands of data-grabbing apps (Naked Security – Sophos, Sep 24 2019)
400 developers have been naughty with user data, noncompliant with policy, and/or have ignored Facebook’s audit, it says.

Teenage TalkTalk hacker accused of $800,000 cryptocurrency theft in the United States (Graham Cluley, Sep 25 2019)
Elliott Gunton – aka “Glubz” – is charged in relation to the December 2017 security breach of cryptocurrency exchange EtherDelta.

Ineffective Package Tracking Facilitates Fraud (Schneier on Security, Sep 25 2019)
“This article discusses an e-commerce fraud technique in the UK. Because the Royal Mail only tracks packages to the postcode — and not to the address – it’s possible to commit a variety of different frauds. Tracking systems that rely on signature are not similarly vulnerable.”

Employees are mistakenly confident that they can spot phishing emails (Help Net Security, Sep 26 2019)
While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work

Identity Mgt & Web Fraud – The Week’s Best News – 2019.09.19

by

A Review of the Best News of the Week on Identity Management & Web Fraud

Banks, Arbitrary Password Restrictions and Why They Don’t Matter (Troy Hunt, Sep 17 2019)
Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don’t matter. Also, allow me to argue with myself for a moment: banks shouldn’t have these restrictions in place anyway.

Barclaycard: So Far, So Good for Strong Customer Authentication (Infosecurity Magazine, Sep 18 2019)
Barclaycard has reported no negative impact from introducing Strong Customer Authentication (SCA) last weekend. The new user authentication rules mandated by the European Union’s revised Payment Services Directive (PSD2) were introduced by the UK’s leading acquirer on Saturday, September 14.

Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek (ProPublica, Sep 19 2019)
Hundreds of computer servers worldwide that store patient X-rays and MRIs are so insecure that anyone with a web browser or a few lines of computer code can view patient records. One expert warned about it for years.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

NIST Privacy Framework Draft Released (Lexology, Sep 13 2019)
NIST is accepting public comments on the draft Privacy Framework until 5 p.m. EST on October 24, 2019.

Chase sent me a fraud alert over an unauthorized phone number (The Points Guy, Sep 17 2019)
“Just 32 minutes after the fraudster called Chase, my (apparently stolen) card number was cancelled, all because Chase’s system flagged an unknown phone number from someone that was in possession of my 16-digit account number.”

CFPB probes fake credit card accounts at Bank of America (SC Magazine, Sep 18 2019)
The Consumer Financial Protection Bureau (CFPB) has been probing of Bank of America (BoA) for allegedly opening customer credit card accounts with authorization a la Wells Fargo. The BoA investigation emerged after the bureau posted documents to its site showing the back and forth regarding turning over emails and other records with the bank’s attorneys, one of whom acknowledged a “vanishingly small” number of “potentially unauthorized credit card accounts.”

Cracking Forgotten Passwords (Schneier on Security, Sep 18 2019)
Expandpass is a string expansion program. It’s “useful for cracking passwords you kinda-remember.” You tell the program what you remember about the password and it tries related passwords.

Marketer Exposes 198 Million Car Buyer Records (Infosecurity Magazine, Sep 13 2019)
Dealer Leads leaves 413GB of data publicly accessible

Mozilla Private Network VPN gives Firefox another privacy boost (Naked Security – Sophos, Sep 13 2019)
Is this week’s test pilot launch of Mozilla Private Network the moment browser VPNs finally become a must-have privacy feature?

Five ways to manage authorization in the cloud (Help Net Security, Sep 17 2019)
These approaches take into account the growing number of security blind spots and weak points in the cloud environment. Instead of being connected by wire within the confines of a corporate network, most of these new services are open to the internet, expanding the attack surface of the company’s infrastructure. Here are five key developments to consider for managing authorization in the cloud.

Former hacker warns against password reuse (Naked Security – Sophos, Sep 17 2019)
Kyle Milliken is back from jail, and he has some advice for you: Do. Not. Reuse. Your. Passwords.

Cybercriminal’s Black Market Pricing Guide (Dark Reading, Sep 17 2019)
Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem.

Impersonation Fraud Still Effective in Obtaining Code Signatures (Dark Reading, Sep 17 2019)
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.

US Companies Unprepared for Privacy Regulations (Dark Reading, Sep 17 2019)
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.

Facebook boots multiple inauthentic accounts created in Iraq and Ukraine (SC Magazine, Sep 17 2019)
Facebook excised from its platform hundreds of inauthentic pages, groups and accounts that were created by actors in Iraq and Ukraine. The social media giant removed 76 accounts, 120 Facebook pages, one group, two events and…

This Software Will Give You a Fake Face to Protect Your Privacy (VICE, Sep 17 2019)
DeepPrivacy masks your real face with a flurry of a million other faces.

On Roku and Amazon Fire TV, Channels Are Watching You (Wired, Sep 18 2019)
New research shows that over 2,000 streaming apps track information about your devices—even when you tell them not to.

Before He Spammed You, this Sly Prince Stalked Your Mailbox (Krebs on Security, Sep 18 2019)
It’s easy to laugh at this letter, because it’s sometimes funny when scammers try so hard. But then again, maybe the joke’s on us because sending these scams via USPS makes them even more appealing to the people most vulnerable: Older individuals with access to cash but maybe not all their marbles. Sure, the lure costs $.55 up front. But a handful of successful responses to thousands of mailers could net fortunes for these guys phishing it old school.

Identity Mgt & Web Fraud – The Week’s Best News – 2019.09.12

by

A Review of the Best News of the Week on Identity Management & Web Fraud

DMVs Are Selling Your Data to Private Investigators (VICE, Sep 06 2019) You gave them your data in exchange for a driver’s license. DMVs are making tens of millions of dollars selling it, documents obtained by Motherboard show.

Google’s differential privacy library can now be used by anyone (Help Net Security, Sep 06 2019) Google has open-sourced a differential privacy library that helps power some of its core products. What it differential privacy? Differential privacy is a method for analyzing data contained in a database and providing helpful insight from it, without disclosing the actual information contained in the data to the analysts. It’s meant to keep sensitive information usable but thoroughly anonymized.

NY Payroll Company Vanishes With $35 Million (Krebs on Security, Sep 11 2019) “MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.”

One of My Favorite Things Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy. Thanks! – Lucas Samaras Share today’s post on TwitterFacebookLinkedIn

Toyota Subsidiary Suffers $37m BEC Loss (Infosecurity Magazine, Sep 10 2019) Car parts maker was tricked into wiring four billion yen

281 Alleged Email Scammers Arrested in Massive Global Sweep (Wired, Sep 10 2019) The most sweeping takedown yet of so-called BEC scammers involved arrests in nearly a dozen countries.

#GartnerSEC: Reuse Procedures From IAM in PAM Implementations (Infosecurity Magazine, Sep 11 2019) How reusing procedures for PAM in IAM implementation can save time and effort

Lufthansa Offers Biometric Boarding at Fourth US Airport (Infosecurity Magazine, Sep 09 2019) Biometric boarding is now available to Lufthansa’s JFK passengers

BigID raises $50M to help enterprises comply with global privacy regulation (Help Net Security, Sep 08 2019) Most enterprises do not know all the data they collect or where it’s stored, increasing their risk of privacy violations, regulatory action, security incidents, and customer backlash. Companies across the world are increasing their investment in data compliance, privacy, and governance. As a result, the data privacy market is estimated to reach $158 billion by 2024, according to Market Research Engine.

Google to pay $170 million for violating children’s privacy on YouTube (Help Net Security, Sep 05 2019) Google and its subsidiary YouTube will pay a record $170 million to settle allegations by the Federal Trade Commission (FTC) and the New York Attorney General that the YouTube video sharing service illegally collected personal information from children without their parents’ consent.

Man Pleads Guilty for Trying to Access Trump’s Tax Returns (SecurityWeek, Sep 09 2019) A Philadelphia man has pleaded guilty to trying to hack the IRS to obtain President Donald Trump’s tax returns. Andrew Harris pleaded guilty Thursday to two computer fraud counts in federal court. The 23-year-old faces up to two years in prison and $200,000 fine.

New Privacy Features in iOS 13 Let Users Limit Location Tracking (Dark Reading, Sep 10 2019) Apple will introduce other features that allow more secure use of iPhones in workplace settings as well.

Regulations are driving innovation toward an identity layer on the Internet (Help Net Security, Sep 11 2019) The scale of the identity problem was well demonstrated in a presentation given by Nat Sakimura of the OpenID Foundation at a recent identity-themed security event held in Tokyo. He described the virtual world as being the “8th Continent” populated by several countries such as the People’s Republic of WeChat, State of Apple Church, Republic of Google, and the GSMA Federation.

Fraudsters no longer operate in silos, they are attacking across industries and organizations (Help Net Security, Sep 11 2019) From January 2019 through June 2019, LexisNexis Risk Solutions recorded 16.4 billion transactions, of which 277 million were human-initiated attacks, a 13% increase over the second half of 2018.

More on Law Enforcement Backdoor Demands (Schneier on Security, Sep 11 2019) “The Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the “going dark” debate. They have released their report: “Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn’t also backdoor communications systems”

The Fight Against Synthetic Identity Fraud (Dark Reading, Sep 12 2019) Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from “fake” ones.