Hackers put data policies between tech firms and law enforcement in the spotlight

What’s happening? Apple and Meta fell for fake emergency data request orders from hackers in mid-2021, handing over user information including IP addresses, phone numbers and home addresses, Bloomberg has reported. Hackers obtain access to email systems usually used by law enforcement to make emergency requests for data, often in relation to life-threatening situations, according to a recent Krebs on Security report. (The Verge)

Why does this matter? Granting data access to authorities is a fine line for companies to tread. There are obviously instances when it is crucial for technology firms to supply law enforcement with data, but there could be the need for stronger policy on the issue to limit the unauthorised obtaining of this information.

A change in policy — A central talking point relates to emergency data requests (EDRs). Tech firms usually require a warrant before disclosing personal data to law enforcement. Any jurisdiction, however, can submit an EDR for immediate access.

There is no easy method for companies to verify EDRs, an issue hackers have exploited and one that is further complicated by the varying number of police organisations in the US.

Meta claims to use “advanced systems and processes” to validate EDRs, while Apple states it may contact a supervisor for law enforcement to confirm the request. It’s clear now these methods are flawed but finding a solution for verifying emergency requests in a secure and fast way could be difficult. If anyone should be able to do this, however, it’s the tech giants.

The reach of the law — This event also prompts questions over the extent to which law enforcement can obtain data on the general public. US police practices have recently raised concerns – such as the LAPD’s directive to officers to gather social media information on citizens they interview even if no arrest or crime accusation has been made.

Evidence of US police surveilling individuals who are not accused of a crime has also been uncovered by an MIT Technology Review investigation into Minnesota law enforcement agencies. It discovered a secretive surveillance operation launched in the aftermath of the murder of George Floyd in which tools were deployed to track mobile phones and build a portfolio of facial images to monitor social activists.

Final thought — There may be some trepidation from companies when it comes to altering their policies regarding sharing data with law enforcement – even with pressure from stakeholders to alter these. Looking at the above security breaches, however, it could be argued that stricter policies could therefore not only offer more assurance to stakeholders but also protect them from threat actors.

Read more articles

Sign up to newsletter

Share This Post

You might also like

Oil and gas

Billions of tonnes of carbon to be emitted by 20 nations’ proposed oil and gas projects by 2050: report

What’s happening? The top 20 global oil and gas producers are poised to release 173 billion tonnes of carbon emissions ...

Read more

Sam Robinson
September 19, 2023

Avatar photo
Plastic

UNEP issues first draft of global treaty to cut plastic pollution

What’s happening? The UN Environment Programme (UNEP) has published its first draft of a global treaty to end plastic pollution by ...

Read more

Nicola Watts
September 14, 2023

Avatar photo
Iceberg in water

As the ice melts in the Arctic, concerns grow over its exploitation

What’s happening? As the Arctic's drifting sea ice steadily diminishes, the area becomes more vulnerable to fishing, shipping, mining, and pollution. ...

Read more

Dillon Creedon
September 8, 2023