Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.
Google Hires New Global Policy Head
Google on Thursday announced that it has hired Karan Bhatia to be its Global Head of Policy, as first reported by Axios. In the role, Bhatia will help to shape the company’s public policy positions on matters such as artificial intelligence, job creation, and infrastructure. Bhatia comes to Google from General Electric, where he was president of the government affairs and policy function. Prior to that, he served as a deputy U.S. trade representative in the Bush administration, and has also held senior positions in the Departments of Commerce and Transportation. Google has been without a global policy head since last September, and has faced increased scrutiny over its AI decisions, having opened an AI Center in China and recently releasing a set of guiding principles around how it intends to use the technology.
Survey: Americans Want SLGs to Spend on Cyber Defense
A new survey released Thursday by cybersecurity solutions provider SecurityFirst finds that “71 percent of Americans feel their state and local governments should spend now on cybersecurity and data protection before an attack occurs,” and 74 percent said “politicians need to take protection of personal data more seriously.” Sixty percent of respondents are concerned cyberattacks “can impact their local government’s ability to provide critical services, including first responders (77 percent), municipal utilities (74 percent), courts (68 percent) and public schools (68 percent),” SecurityFirst also noted. A press release for the survey highlights the recent pervasive ransomware attack on the City of Atlanta – in which the city lost years of sensitive data – and notes that only 25 percent of respondents were even familiar with the situation.
Pew Study: Half of Americans Think Tech Firms Need More Regulation
A study from Pew Research released on June 28 finds that 51 percent of U.S. adults surveyed believe that major technology companies should be regulated more than they are now, with 38 percent believing that current levels of regulation are appropriate, and 9 percent feeling that major technology companies should be regulated less. The study found that 69 percent of U.S. adults surveyed believe that major tech companies are no more or less ethical than companies in other industries.
NIST Publishes Update PIV Credential Guidance
The National Institute of Standards and Technology today published Special Publication (SP) 800-116 Revision 1, Guidelines for the Use of PIV Credentials in Facility Access, which “provides best practice guidelines for integrating the Personal Identity Verification (PIV) Card with the physical access control systems (PACS) that authenticate cardholders in Federal facilities,” NIST said. The update includes a number of new changes and recommendations for agencies looking to implement new authentication mechanisms to manage access to Federal facilities.
NSA Fixes Call Record Collections Glitch
The National Security Agency said on June 28 that it has remedied a previously flawed process through which it receives call data records from telecom service providers under Title V of the Foreign Intelligence Surveillance Act. The agency said its analysts several months ago noticed “technical irregularities” in some of the data received from service providers, resulting in the production of call records that NSA was not authorized to receive. “The root cause of the problem has since been addressed” for future call records acquisitions, NSA said, and the agency has “reviewed and revalidated its intelligence reporting to ensure that the reports were based on properly received” call records. NSA said it has begun deleting all call records acquired since 2015 that may have been compiled under the previously flawed process.
Healthcare Groups Weigh in on Congress’ RFI
Healthcare groups across the country weighed in on the House Energy and Commerce Committee’s solicitation on cyber challenges affecting medical devices. Specifically, the groups asked for clarity on cybersecurity standards for Internet-connected medical devices, Federal funding for cybersecurity upgrades, and help avoiding anti-kickback laws that the groups said make cyber upkeep for the devices difficult. “The economics of healthcare, declining reimbursements, and inflation acts against support for cyber security funding,” wrote Matthew Werder, chief technology officer, Hennepin Healthcare. “Government assistance is needed to ensure the protection of our citizen’s patient records and the healthcare technology infrastructure. We must agree that our healthcare technology is a national asset.” Tech companies, including Symantec, VMware, Treada, and Zebra, also weighed in with their perspectives.
Resold Memory Cards Contain Personal Data
More than half of resold memory cards still contain personal data from their original owner, according to a study conducted by the University of Hertfordshire and commissioned by Comparitech. In the study, researchers purchased and analyzed 100 used Secure Digital (SD) and micro SD memory cards. Most of the cards came from smartphones and tablets, but some came from satellite navigation systems, cameras, and drones. The SD cards were purchased from eBay, secondhand shops, auctions, and other sources. Researchers created a forensics image of each card and used publicly available and free software to recover data. On 65 percent of the resold cards, researchers found personal data, including contacts, browser histories, personal photos, copies of passport information, resumes, and business documents. Of the 100 SD cards, only twenty-five cards were properly wiped, meaning no information was recoverable. On the other side, 36 cards weren’t wiped at all. Researchers reported that 29 cards had been formatted, which means their owners attempted to erase all information, but data was easily recoverable.