Archive: July 2019

1
Who have you been giving your name and number to? A cautionary tale
2
Facing up to privacy risks
3
The battle against phishing
4
Not just for jilted ex-lovers: The criminalisation of the non-consensual distribution of intimate images in WA
5
Facial Recognition Technology – Good or Bad?
6
Cyber diligence: Study reveals cybersecurity concerns are becoming a critical factor in M&A due diligence

Who have you been giving your name and number to? A cautionary tale

By Cameron Abbott and Allison Wallace

Have you inadvertently given the owners of global, searchable databases of phone numbers and associated names access to your entire contact list?

We suspect that you cannot confidently answer “no”.

In yet another tale of why you should read the terms of use and service of apps and other online products you download or sign-up to use, we’ve recently been exposed to the shock of having your name appear on a complete stranger’s phone, after they’re given your number (but not your name) to call you. We asked the question of how this could happen – and found the answer to be quite alarming.

The Samsung Smart Call function, which is powered by Hiya, boasts that it allows you to “deal with spam the easy way”, by letting you know who is calling you, even if their number is not saved in your contact list. In theory, this is a handy tool, and in the context of robocalls or other unsolicited marketing calls, doesn’t create any privacy issues. But when the database which powers the function contains the names and numbers of (we suspect) millions of private citizens, this becomes quite concerning.

So, how do private numbers (and the names of their associated users) come to be listed in databases such as Hiya? Well, for one, anyone who downloads the Hiya app is given the option to share their contacts. If they do, and your number is saved to their phone, your details will become part of the database. We have no doubt that many who download and use the Hiya app didn’t realise what they were signing up for (or what they were signing up their entire contact list for) – because they didn’t read the terms of use. This also begs the question – are companies like Hiya properly satisfying their privacy obligations merely by asking users to “opt in” to share their contacts?

Hiya is of course not the only “caller ID” app on the market – a quick search of the Apple App store reveals numerous other options for download – including Truecaller, Caller-ID, Sync.ME and CallHelp. In 2018, Hiya reached 50 million active users worldwide, while Truecaller’s website says it has over 130 million daily active users. Those figures of course would barely scrape the surface of the number of names and phone numbers held in their collective databases.

In case you’re wondering how much damage could really be done by a third party having access to your name and phone number – think about all of the things your number is linked to. Your Facebook, your Gmail, maybe even your bank account and credit cards. Information is power – and this is the kind of information that could easily allow hackers to wreak a reasonable amount of havoc. So before you sign-up to a new app, take the time to read the terms of service, because your use could not only be exposing your personal information, but that of your entire contact list.

Facing up to privacy risks

By Cameron Abbott and Karla Hodgson

Images of dramatically aged friends and family members have been flooding social media feeds over the last week, courtesy of FaceApp, an app that uses AI to digitally age a user’s photo. While many have been asking themselves “why would I make myself look older?” others have been discussing the risks of allowing an app to access and store personal data.

The app’s privacy policy allows FaceApp to retrieve information such as IP addresses and location data from users, in addition to the photo the user has selected for editing. When users agree to FaceApp’s terms of service, they agree to grant FaceApp a perpetual and irrevocable licence to use this data, including their name and likeness, which can be used for any purposes, including commercial purposes.

Read More

The battle against phishing

By Cameron Abbott, Michelle Aggromito and Jacqueline Patishman

All over the world, organisations and individuals battle phishing. Even in systems with a high degree of security, phishing is still a risk and human failures to spot and deal with phishing can cause the best of security policies and procedures to become undone.

To fight phishing at the source, the UK’s National Cyber Security Centre (NCSC) recently achieved some success in this space through its use of email verification technology to fight phishing attacks. This technology, called ‘Synthetic DMARC’, works by assigning a DMARC record for all domains attempting to pass-off as gov.uk domains, by analysing and vetting non-existing subdomains against DNS records and building on authentication systems of the past.

Read More

Not just for jilted ex-lovers: The criminalisation of the non-consensual distribution of intimate images in WA

By Cathryn Palfrey and Esther Power

This week marked the conclusion of the first prosecution under the Criminal Law Amendment (Intimate Images) Act 2018 (WA). Mitchell Joseph Brindley, 24 years old, pleaded guilty to posting ten intimate images of the woman he dated. The images were taken with the woman’s consent whilst they were in a relationship. When it ended, Mr Brindley created fake Instagram accounts under her name and posted the images without her consent.

Non-consensual intimate image dissemination is colloquially known as ‘revenge porn’. A study in 2017 found that 20% of Australians between the ages of 16-49 years had a picture or video of themselves shared without their consent.

A global movement has emerged to counter the surge of ‘revenge porn’.

Read More

Facial Recognition Technology – Good or Bad?

By Cameron Abbott, Michelle Aggromito and Jacqueline Patishman

As of June 2019, law enforcement agencies are working with the city of Perth in running a 12-month trial in the use of facial recognition software. The trial involves the installation of the software in 30 CCTV cameras and is part of the Federal Government’s Smart Cities plan, which was created with the aim of increasing interconnectivity and building intelligent, technology-enabled infrastructure throughout Australia.

Read More

Cyber diligence: Study reveals cybersecurity concerns are becoming a critical factor in M&A due diligence

By Cameron Abbott and Rebecca Gill

Unreported data breaches have disrupted several major M&A deals in recent years, such as Marriott International’s merger with the Starwood hotel chain. The growing list of cautionary (and costly) tales appears to be making an impression in the M&A space, as a recent study of IT professionals and business executives by Forescout Technologies has found.

The study queried a total of 2,779 respondents from all over the world, and found that 93% of the respondents viewed cybersecurity evaluations as important to their companies’ M&A decision-making processes. Respondents also ranked a target company’s history of cybersecurity incidents as the second most important factor when performing due diligence on the business, following the company’s financial statements.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.