Hackers put data policies between tech firms and law enforcement in the spotlight

What’s happening? Apple and Meta fell for fake emergency data request orders from hackers in mid-2021, handing over user information including IP addresses, phone numbers and home addresses, Bloomberg has reported. Hackers obtain access to email systems usually used by law enforcement to make emergency requests for data, often in relation to life-threatening situations, according to a recent Krebs on Security report. (The Verge)

Why does this matter? Granting data access to authorities is a fine line for companies to tread. There are obviously instances when it is crucial for technology firms to supply law enforcement with data, but there could be the need for stronger policy on the issue to limit the unauthorised obtaining of this information.

A change in policy — A central talking point relates to emergency data requests (EDRs). Tech firms usually require a warrant before disclosing personal data to law enforcement. Any jurisdiction, however, can submit an EDR for immediate access.

There is no easy method for companies to verify EDRs, an issue hackers have exploited and one that is further complicated by the varying number of police organisations in the US.

Meta claims to use “advanced systems and processes” to validate EDRs, while Apple states it may contact a supervisor for law enforcement to confirm the request. It’s clear now these methods are flawed but finding a solution for verifying emergency requests in a secure and fast way could be difficult. If anyone should be able to do this, however, it’s the tech giants.

The reach of the law — This event also prompts questions over the extent to which law enforcement can obtain data on the general public. US police practices have recently raised concerns – such as the LAPD’s directive to officers to gather social media information on citizens they interview even if no arrest or crime accusation has been made.

Evidence of US police surveilling individuals who are not accused of a crime has also been uncovered by an MIT Technology Review investigation into Minnesota law enforcement agencies. It discovered a secretive surveillance operation launched in the aftermath of the murder of George Floyd in which tools were deployed to track mobile phones and build a portfolio of facial images to monitor social activists.

Final thought — There may be some trepidation from companies when it comes to altering their policies regarding sharing data with law enforcement – even with pressure from stakeholders to alter these. Looking at the above security breaches, however, it could be argued that stricter policies could therefore not only offer more assurance to stakeholders but also protect them from threat actors.

Read more articles

Sign up to newsletter

Share This Post

You might also like

COP27 is over – what were its successes, shortcomings, and what’s next?

What’s happening? Developing countries have celebrated a “historic” deal at the COP27 UN climate talks in Egypt for establishing a ...

Read more

Dillon Creedon
November 25, 2022

Countries are over-relying on planting trees to meet climate goals

What’s happening? Countries' current climate pledges rely too much on tree planting as a means of offsetting carbon emissions, according to ...

Read more

Katie Chan
November 14, 2022

Avatar photo

COP27 is around the corner – what’s the state of play for climate action?

What’s happening? The UN Environment Programme (UNEP) has calculated that countries’ current emissions reduction pledges will result in global warming ...

Read more

Anja Pries
November 4, 2022

Avatar photo