No. 36: Bringing you the news that matters in video privacy and security

A note from our Editor

Hi all,

CCTV and other forms of video surveillance have long been deployed to help keep members of the public, buildings and valued objects safe - but the risks associated with their deployment and data management are changing. The rapid roll-out of cameras for public, private and domestic use paired with the rapid adoption of complimentary AI and biometric technologies - is raising critical privacy concerns.

The UK Biometrics and Surveillance Commissioner, Fraser Sampson, picked up on this in his speech at the NPCC CCTV Conference. He highlighted the importance of ethical considerations as core criteria needed to underpin any public acceptance of biometric technologies used with surveillance video, especially when used for law enforcement.

In the US, Utah has become the latest state to unanimously vote for its own data privacy legislation - the Utah Consumer Privacy Act - moving them one step closer to becoming the 4th state to enact privacy laws in the US.

The Lapsus$ hacking group seems to have laid a very concerning trail of breadcrumbs in their recent endeavours: hacking some of the biggest tech companies and stealing sensitive information: such as employee credentials, and source code. We are also seeing web security companies pulling out of Russia as the war with Ukraine continues, which could open up wider vulnerabilities for everyday Russians as they use the internet.

As always, please let me know if you have any feedback on this newsletter or want to see any other topics covered.

Emma

News

Ubisoft, Nvidia, Samsung: big companies, bigger hacks

Samsung, Ubisoft and Nvidia have all suffered major breaches - allegedly by the same hacking group: Lapsus$. Whilst Ubisoft has had a company-wide password reset, Nvidia lost sensitive data such as employee credentials and Samsung lost valuable internal source code for various technologies including how to unlock biometric operations.

Tech Crunch: Samsung confirms data breach after hackers leak internal source code

The Verge: Ubisoft says it experienced a ‘cyber security incident’, and the purported Nvidia hackers are taking credit

How would Banksy depict your CCTV surveillance practices?

A question asked by the UK Biometrics and Surveillance Commissioner, Fraser Sampson, at the NPCC CCTV Conference 2022. He goes on to address the idea that biometric surveillance incites a whole series of questions about ethics and public acceptance, that go far beyond data protection and existing laws.

GOV.UK: Biometrics and Surveillance Camera Commissioner speech at NPCC CCTV Conference March 2022

Biometric Update: UK Biometrics and Surveillance Commissioner asks pointed questions of vendors

Two big web security firms quit Russia

Avast, a $6 billion antivirus provider based in the Czech Republic, and Utah-based website-certification firm DigiCert are two major web-security companies that have stopped selling to Russia, making Russians’ internet use more vulnerable to Kremlin snooping, hacking and other cybercrimes.

Forbes: Big Web Security Firms Ditch Russia, Leaving Internet Users Open To More Kremlin Snooping

Facebook faces €17m data privacy fine

Facebook's privacy lawsuits in Ireland have finally come to a head - with the Irish Data Protection Commissioner handing out a fine of €17million to their parent company, Meta. This is over various security lapses, which appear to have affected up to 30 million Facebook users, and dating back to 2018.

Tech Crunch: Facebook fined $18.6M over string of 2018 breaches of EU’s GDPR

BBC News: Facebook fined €17m for breaching EU data privacy laws

All East Yorkshire taxis to install CCTV cameras

All taxis in East Yorkshire will now be fitted with compulsory CCTV cameras, as a way to keep both drivers and passengers safe. According to councillors, in-taxi CCTV footage had been used 53 times in police and County Hall investigations.

BBC News: All East Yorkshire taxis to be fitted with CCTV cameras

AI Snippet of the Week

Huge AI company gets fined by Italy: "all data on Italians must be deleted"

Clearview AI comes under fire again - this time by Italian regulators, who have fined them €20 million penalty and ordered them to delete any data on Italians it holds; banning it from any further processing of citizens’ facial biometrics.

Tech Crunch: Italy fines Clearview AI €20M and orders data deleted

Policy Updates

Utah: 4th US state to pass privacy legislation

Last week, the Utah House of Representatives unanimously passed a consumer privacy bill - the Utah Consumer Privacy Act - moving it one step closer to becoming the fourth state to enact privacy legislation in the US.

National Law Review: Preparing for the Tidal Wave and Bracing for the Tsunami: Utah Becomes the Fourth State to Pass Privacy Legislation

WIRED: Utah Just Became a Leader in Digital Privacy

To subscribe to our fortnightly newsletter, please click here

Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk