Black Hat USA 2019, James Pavur's 'GDPArrrrr: Using Privacy Laws To Steal Identities' →
tremendous conference videos on their YouTube Channel
tremendous conference videos on their YouTube Channel
Perhaps understanding the former East German Stasi can also help non-European countries in their effort to understand GDPR - at least, that's what Rob Pegoraro - writing at The Parallax would suggest, whilst cautioning us on government overreach.
"East Germany’s Ministerium für Staatssicherheit—”Ministry for State Security” in English, “Stasi” for short—employed a network of civilian informers to spy on the communications and even inside the residences of its subjects, to enforce conformity with that communist regime. The Stasi Museum, housed in the agency’s former headquarters in the onetime East Berlin, reveals its methods to anyone willing to pay that admission fee." - via Rob Pegoraro - writing at **The Parallax
via Wikipedia: :The Ministry for State Security (German: Ministerium für Staatssicherheit, MfS) or State Security Service (Staatssicherheitsdienst, SSD), commonly known as the Stasi was the official state security service of the German Democratic Republic (East Germany). It has been described as one of the most effective and repressive intelligence and secret police agencies to have ever existed.
And, of course, via Wikipedia, defining the GDPR: The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.5
via Rebecca Hill, crafting superlative reportage at our favorite security related news outlet - El Reg - comes the latest evidence that Facebookery is still alive and well: A non-Facebook user in the Republic of Ireland requested his data... Here's what happened:
"Facebook's refusal to hand over the data it holds on users' web activity is to be probed by the Irish Data Protection Commissioner after a complaint from a UK-based academic. Under the General Data Protection Regulation, which came into force on 25 May, people can demand that organisations hand over the data they hold on them." - via Rebecca Hill, writing at The Register
In one of the more amusing (El Reg is more often than not, amusing...) article titles to date: Kieren McCarthy's 'ICANN't get no respect: Europe throws Whois privacy plan in the trash' let's us know - whilst mincing few words - of the apparent ineptitude of current ICANN efforts to align WHOIS with European privacy concerns (via a correspondence from the European Data Protection Board (EDPB)). I Say, it's timee to create another study ICANN! ICANN's repsonse? See ICANN 's General Counsel and Secretary John O. Jeffrey's blog post. Perhaps it's time for an ICANNexit...
'Despite existing solely to develop rules for the internet's underlying infrastructure and possessing a $100m annual budget, ICANN has put itself in the position where it has effectively outsourced decisions over the critical Whois service to a group of bureaucrats in Brussels.' - via Kieren McCarthy, writing at El Reg
Predictable news via ZDNet's David Meyer, of the big tech players (Google, Facebook) fall from privacy-grace has appeared, with word of Apple, Amazon and let's not forget LinkedIn added to the privacy-perp-walk now de rigueur on sur lé continent. Certainement le jour doit lire!
Pending Evidence to the Contrary, the end of Planet WHOIS is slated for 2018/05/25 ostensibly due to nonsensical GPDR legislation, crafted by those Braniacs in Brussels. Better find that copy of Doug Adam's mantra to mankind - The Hitchhikers Guide to the Galaxy, your towel, and perhaps some stout as it shall be a bumptious ride when traveling with Arthur Dent, Esq. ICANN attempted with amusing futility to fix things rightup, but failed to acquire consensus on WHOIS usage in the Wacky Age of EU Mandated Privacy. Via the outstanding reportage of Kieren McCarthy writing at El Reg. Discombobulated? You and me both, Pal!
Brian Krebs, writing at his eponymous KrebsOnSecurity, reiterates the debacle of the new EU data privacy regulations, and the affect on legitmate utility in the information security space. Today's MustRead.
❊With Apologies to Neal Stephenson!