Hackers put data policies between tech firms and law enforcement in the spotlight

What’s happening? Apple and Meta fell for fake emergency data request orders from hackers in mid-2021, handing over user information including IP addresses, phone numbers and home addresses, Bloomberg has reported. Hackers obtain access to email systems usually used by law enforcement to make emergency requests for data, often in relation to life-threatening situations, according to a recent Krebs on Security report. (The Verge)

Why does this matter? Granting data access to authorities is a fine line for companies to tread. There are obviously instances when it is crucial for technology firms to supply law enforcement with data, but there could be the need for stronger policy on the issue to limit the unauthorised obtaining of this information.

A change in policy — A central talking point relates to emergency data requests (EDRs). Tech firms usually require a warrant before disclosing personal data to law enforcement. Any jurisdiction, however, can submit an EDR for immediate access.

There is no easy method for companies to verify EDRs, an issue hackers have exploited and one that is further complicated by the varying number of police organisations in the US.

Meta claims to use “advanced systems and processes” to validate EDRs, while Apple states it may contact a supervisor for law enforcement to confirm the request. It’s clear now these methods are flawed but finding a solution for verifying emergency requests in a secure and fast way could be difficult. If anyone should be able to do this, however, it’s the tech giants.

The reach of the law — This event also prompts questions over the extent to which law enforcement can obtain data on the general public. US police practices have recently raised concerns – such as the LAPD’s directive to officers to gather social media information on citizens they interview even if no arrest or crime accusation has been made.

Evidence of US police surveilling individuals who are not accused of a crime has also been uncovered by an MIT Technology Review investigation into Minnesota law enforcement agencies. It discovered a secretive surveillance operation launched in the aftermath of the murder of George Floyd in which tools were deployed to track mobile phones and build a portfolio of facial images to monitor social activists.

Final thought — There may be some trepidation from companies when it comes to altering their policies regarding sharing data with law enforcement – even with pressure from stakeholders to alter these. Looking at the above security breaches, however, it could be argued that stricter policies could therefore not only offer more assurance to stakeholders but also protect them from threat actors.

Read more articles

Sign up to newsletter

Share This Post

You might also like

Wind Turbines

Chinese wind turbine manufacturing at all time high amid global supply chain constraints

What’s happening? In 2023, Chinese wind turbine orders soared to a record high, reaching approximately 100 GW, according to Wood ...

Read more

Dillon Creedon
February 29, 2024

ASPI

Hinkley Point and Sizewell’s spiralling costs raise questions about the UK’s nuclear future

What’s happening? French Finance Minister Bruno Le Maire has urged the British government to increase its financial contribution to new ...

Read more

Tom Rejwan
February 23, 2024

Wheat

Wheat disease could cut production by 13% per year: study

What’s happening? The fungal disease wheat blast could reduce global production of the staple crop by 13% per year by ...

Read more

Claire Pickard
February 16, 2024