Tuesday, October 5, 2021

Security Smörgåsbord, vol. 13 no. 6

Google report: Government Geofence warrants up ten times in the last year:

POLICE AROUND THE country have drastically increased their use of geofence warrants, a widely criticized investigative technique that collects data from any user's device that was in a specified area within a certain time range, according to new figures shared by Google. Law enforcement has served geofence warrants to Google since 2016, but the company has detailed for the first time exactly how many it receives.

The report shows that requests have spiked dramatically in the past three years, rising as much as tenfold in some states. In California, law enforcement made 1,909 requests in 2020, compared to 209 in 2018. Similarly, geofence warrants in Florida leaped from 81 requests in 2018 to more than 800 last year. In Ohio, requests rose from seven to 400 in that same time.

Across all 50 states, geofence requests to Google increased from 941 in 2018 to 11,033 in 2020 and now make up more than 25 percent of all data requests the company receives from law enforcement.

This is bad juju from a privacy perspective.  Here's advice on how to avoid getting caught up in this.

New report on cyber security recommendations for K-12 systems.  This all seems pretty sensitive.  If you have kids in school, you might want to bring this to the School Board's attention.

IPv6 will give us better security!  IPv6 seems to be something - like fusion power - that's always "5 years away" ...

Google introduces auto-reset of permissions granted to unused apps.  This is an excellent idea, and one that Google seems to have implemented in a very user-friendly manner.  If you have apps that you never use, then it makes sense not to allow them to poke around on your device.  Well done, Google.  I'd like to see Apple do this for iOS as well.


Old NFO said...

The time is coming where the phone will be left at home... just sayin...

Richard said...

The whole 3.0 section on schools seems problematic to me. The last point seems another front in the ongoing effort to prevent parents from knowing what is going on. The first two points are security theater that will make actual security worse by forcing people to write down passwords. I am very tired of password roulette what with different protocols as to what combos are acceptable and then forcing changes in passwords that complicate things inordinately. All the IT people behave as if their password rules are the only one that people have to deal with. I have dozens. So I write it down. I have a code but it could probably be broken if someone technically skilled got the cheat sheet.