Hackers put data policies between tech firms and law enforcement in the spotlight

What’s happening? Apple and Meta fell for fake emergency data request orders from hackers in mid-2021, handing over user information including IP addresses, phone numbers and home addresses, Bloomberg has reported. Hackers obtain access to email systems usually used by law enforcement to make emergency requests for data, often in relation to life-threatening situations, according to a recent Krebs on Security report. (The Verge)

Why does this matter? Granting data access to authorities is a fine line for companies to tread. There are obviously instances when it is crucial for technology firms to supply law enforcement with data, but there could be the need for stronger policy on the issue to limit the unauthorised obtaining of this information.

A change in policy — A central talking point relates to emergency data requests (EDRs). Tech firms usually require a warrant before disclosing personal data to law enforcement. Any jurisdiction, however, can submit an EDR for immediate access.

There is no easy method for companies to verify EDRs, an issue hackers have exploited and one that is further complicated by the varying number of police organisations in the US.

Meta claims to use “advanced systems and processes” to validate EDRs, while Apple states it may contact a supervisor for law enforcement to confirm the request. It’s clear now these methods are flawed but finding a solution for verifying emergency requests in a secure and fast way could be difficult. If anyone should be able to do this, however, it’s the tech giants.

The reach of the law — This event also prompts questions over the extent to which law enforcement can obtain data on the general public. US police practices have recently raised concerns – such as the LAPD’s directive to officers to gather social media information on citizens they interview even if no arrest or crime accusation has been made.

Evidence of US police surveilling individuals who are not accused of a crime has also been uncovered by an MIT Technology Review investigation into Minnesota law enforcement agencies. It discovered a secretive surveillance operation launched in the aftermath of the murder of George Floyd in which tools were deployed to track mobile phones and build a portfolio of facial images to monitor social activists.

Final thought — There may be some trepidation from companies when it comes to altering their policies regarding sharing data with law enforcement – even with pressure from stakeholders to alter these. Looking at the above security breaches, however, it could be argued that stricter policies could therefore not only offer more assurance to stakeholders but also protect them from threat actors.

Share This Post

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_39710400_12	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_lr_hb_-trmgqt%2Fcuration-website	1 day
_lr_tabs_-trmgqt%2Fcuration-website	1 day
_lr_uf_-trmgqt	session
ajs_anonymous_id	1 year	This cookie is set by Segment.io to check the number of new and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
AMP_TOKEN		This cookie is set by Google Analytics - This cookie contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
AnalyticsSyncHistory	1 month
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.a
li_gc	2 years

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
UserMatchHistory	1 month

Hackers put data policies between tech firms and law enforcement in the spotlight

You might also like

IBAT launches new DLE lithium extraction technology in commercialisation move

Microsoft and Occidental Petroleum sign record carbon credit deal to offset data centre and AI-driven emissions

Shell faces $2bn impairment charge over biofuel backtrack