Tag Archives: Germany

News Bites for the Week Ending January 4, 2019

Vietnam’s New Cybersecurity Law in Effect

Vietnam’s new “cybersecurity” law which requires companies to remove any content from the Internet that the government finds offensive went into effect on January 1.

It also requires some companies like Facebook and Google to open offices in Vietnam if they want to continue to do business there.

The law prohibits individuals from spreading anti-government information.  The Vietnam Association of Journalists announced a new code of conduct prohibiting reporters from posting anything on the Internet that “runs counter” to the state.

Google has apparently agreed to open an office there, although they are being somewhat sly about it;  Facebook does not seem to have committed to that.

Companies will need to decide if the income from Vietnam is worth the risk.  Source: South China Morning Post.


Android Apps Send Data to Facebook without User Permission

Apparently the Facebook software development kit did not even give app developers the option not to send data to Facebook until a month after GDPR went into effect.

Apps that have not updated their software are likely still sending data, probably without user consent, to Facebook, even if the user does not have a Facebook account.

Some apps send data to Facebook the second they are opened; others, like travel apps, send data to Facebook every time you search for a flight.

Integrating the data from various apps, Facebook could determine your religion (prayer app), gender (period app), employment status (job search app) and travel plans including number of children traveling (travel app).

Example apps are prayer apps, MyFitnessPal, Kayak, Indeed, Spotify, TripAdvisor and others.  The test was against Android apps, so it is not clear if the Apple Facebook library does the same thing.

Facebook admitted that they have a problem. Source: Android Police.

Both Facebook and the app developers could be on the hook for fines of $20 million Euros or more for violating GDPR.

Hackers Leak Private Info on 100s of German Politicians

Hackers leaked sensitive data on German Chancellor Angela Merkel and Brandenburg’s prime minister Dietmar Woidke, along with other politicians, artists and journalists.

Leaked information includes private conversations, photo IDs, credit card information,bills and other personal info.

Germany’s Federal Office of Information Security, who is investigating this said that government computers were not affected.  Other than covering their own butts, it is not clear why they would say that since no one suggested that government computers were being attacked.

This does point out that protecting your phones and tablets by making sure they are patched (many older phones do not have patches available and are therefore vulnerable if people use them to log on to web sites that contain email and other personal info), that applications on them are patched and unneeded applications are removed is very important.  Unfortunately, older devices for which there are no patches should be replaced.  Details here.


Lloyd’s of London Denies THEY Were Hacked; Throws Partner Hiscox Under the Bus

As a follow up to a blog post from earlier this week, hackers have now posted a sample of docs related to 9/11 lawsuits reportedly hacked from Lloyds and Hiscox.

Lloyd’s claims that they were not hacked but rather their business partner Hiscox was hacked.

Nice of them proclaim themselves innocent while throwing their partner under the bus.  No doubt this was an effort to divert lawsuits from them to Hiscox.  I will point out that this likely won’t work since a client of Lloyd’s has no agreement with or ability to select or control Lloyd’s vendors.  This is yet another reason why we are so adamant about companies implementing robust vendor cyber risk management programs.  Read details here.

Germany Allows Police To Hack Phones, PCs To Get Around Encryption

Last week the German Parliament passed a law that allows hack your computer or phone when investigating anything from murder to betting fraud and many other crimes.

How would this work?  It would allow police to covertly install software on your computer or phone that allows police to siphon data off your phone.  Whether that breaks your phone or steals data that they are not supposed to have – well, that is up in the air.

This is a way to get around the encryption of data and it if done right, is very effective.  Instead of putting a back door in the encryption algorithms, which experts say will weaken protection for everyone, this solution targets on the suspects of crimes.  Of course, it means that the police have to figure out how to hack your phone.

When this law goes into effect, the protections for privacy that German citizens have will be much lower because the bar for allowing the police to hack your phone are relatively low.

Germany has had, until now, a pretty high standard for individual privacy after a 2008 decision by the German Federal Constitutional Court .  What is not clear is whether this law will be in conflict with that ruling and how the high court would rule if asked to.

Similar to the U.S. Congress, the German Parliament sneaked the rules into seemingly unrelated bills and amendments and fast tracked those bills through the legislature.

While we have not seen this technique in the U.S. Congress yet, don’t be surprised if that happens.  Look at the current attempt at a new health care bill.  Draft it in secret – even from your own party – and then try to shove it down the throats of the rank and file very quickly.  While that has not worked so far with the health care bill, that is because Senators have gotten more than an ear full from the constituents.  Absent public interest, these types of bills sail through Congress and then it is up to the courts to sort out the mess.

Information for this post came from the law firm of Morrison Foerster.