Hackers put data policies between tech firms and law enforcement in the spotlight

What’s happening? Apple and Meta fell for fake emergency data request orders from hackers in mid-2021, handing over user information including IP addresses, phone numbers and home addresses, Bloomberg has reported. Hackers obtain access to email systems usually used by law enforcement to make emergency requests for data, often in relation to life-threatening situations, according to a recent Krebs on Security report. (The Verge)

Why does this matter? Granting data access to authorities is a fine line for companies to tread. There are obviously instances when it is crucial for technology firms to supply law enforcement with data, but there could be the need for stronger policy on the issue to limit the unauthorised obtaining of this information.

A change in policy — A central talking point relates to emergency data requests (EDRs). Tech firms usually require a warrant before disclosing personal data to law enforcement. Any jurisdiction, however, can submit an EDR for immediate access.

There is no easy method for companies to verify EDRs, an issue hackers have exploited and one that is further complicated by the varying number of police organisations in the US.

Meta claims to use “advanced systems and processes” to validate EDRs, while Apple states it may contact a supervisor for law enforcement to confirm the request. It’s clear now these methods are flawed but finding a solution for verifying emergency requests in a secure and fast way could be difficult. If anyone should be able to do this, however, it’s the tech giants.

The reach of the law — This event also prompts questions over the extent to which law enforcement can obtain data on the general public. US police practices have recently raised concerns – such as the LAPD’s directive to officers to gather social media information on citizens they interview even if no arrest or crime accusation has been made.

Evidence of US police surveilling individuals who are not accused of a crime has also been uncovered by an MIT Technology Review investigation into Minnesota law enforcement agencies. It discovered a secretive surveillance operation launched in the aftermath of the murder of George Floyd in which tools were deployed to track mobile phones and build a portfolio of facial images to monitor social activists.

Final thought — There may be some trepidation from companies when it comes to altering their policies regarding sharing data with law enforcement – even with pressure from stakeholders to alter these. Looking at the above security breaches, however, it could be argued that stricter policies could therefore not only offer more assurance to stakeholders but also protect them from threat actors.

Read more articles

Sign up to newsletter

Share This Post

You might also like

Non-profits call for carbon credits to be excluded from transition plans

What's happening? A group of more than 80 non-profits, including Greenpeace, Client Earth and ShareAction, have issued a statement urging ...

Read more

Nicola Watts
July 10, 2024

Avatar photo

Geothermal power presents opportunity for tech giants to decarbonise spiralling AI energy demand

What's happening? Google’s climate goals are threatened as data centres powering its AI products drive up emissions. Over the past ...

Read more

Dillon Creedon
July 9, 2024

Geoengineering to reduce US heat could worsen European heatwaves: study

What’s happening? The use of the geoengineering technique of marine cloud brightening (MCB) to reduce high temperatures in California could ...

Read more

Claire Pickard
July 2, 2024