Privacy and data protection Archives | Page 289 of 328

CUDIS to integrate World ID for enhanced biometric security

CUDIS announced the integration of the World App, enabling users to securely verify and manage their biometric data through World ID, a system that utilises iris scans for identity verification. The innovative feature enhances the functionality of the CUDIS smart ring, which tracks important health metrics such as heart rate and sleep patterns and allows it to interact with decentralised physical infrastructure networks (DePIN).

Moreover, users are incentivised to engage with various features, including an AI fitness coach, and they receive WRD tokens for submitting their biometric data. Consequently, the integration significantly bolsters privacy and security by allowing users to store their data on-chain using the decentralised InterPlanetary File System (IPFS). Additionally, World ID, part of the World Network (formerly known as Worldcoin), aims to combat digital identity threats like deepfakes while preserving user privacy.

In the near future, CUDIS plans to release a limited-edition smart ring specifically for World ID holders, emphasising the importance of encrypting biometric data to ensure transparency and trust among users. Since its launch in May, the company has sold 10,000 smart rings and is preparing to airdrop a Solana-based token by the end of the year.

Furthermore, CUDIS introduced an NFT series called ‘Edamame’ and successfully raised $5 million in seed funding, indicating strong investor confidence in the company’s innovative digital identity and health-tracking approach.

Buenos Aires introduces pioneering blockchain-based digital identity for 3.6 million residents

Argentina launched QuarkID, an innovative blockchain-based digital identity system designed to enhance privacy and security for its 3.6 million citizens in Buenos Aires. The pioneering initiative marks a significant milestone as the world’s first government-backed decentralised identity system.

By utilising advanced zero-knowledge (ZK) cryptography through the ZKsync-powered Era layer 2 blockchain, QuarkID enables users to verify their identities without exposing sensitive personal data. Moreover, the system is integrated into the existing MiBa digital platform, allowing residents to securely manage and share verified documents such as birth certificates and tax records.

Starting on 1 October, all MiBa users received decentralised digital identities (DIDs), which empower them to confirm their identity without disclosing unnecessary personal details. Furthermore, with plans for future expansion to include additional documents like driver’s licenses and public permits, QuarkID demonstrates the Argentine government’s commitment to improving public services and setting a new standard for personal data ownership.

Why does it matter?

Argentina launched this initiative to enhance privacy and security and position itself as a model for global initiatives aimed at modernising identity verification processes. Consequently, the success of QuarkID could provide valuable insights and frameworks for other countries exploring the benefits of blockchain technology in digital identity management. By prioritising privacy, security, and user control, Argentina is thus setting a precedent for how digital identities can be effectively managed in the future, ultimately empowering citizens and revolutionising how personal data is handled.

CFPB introduces new regulations to enhance open banking and consumer data control in the US

The US Consumer Financial Protection Bureau (CFPB) introduced new rules to boost open banking by giving consumers more control over their financial data. These regulations will allow people to share their information more freely when seeking services, promoting competition between financial technology companies and traditional banks, which have been slow to grant access to customer data. CFPB Director Rohit Chopra likened the move to the system that lets mobile phone users switch providers while keeping their numbers, noting that it could modernise US payment systems.

The rules include strong privacy protections, ensuring companies can only use consumer data for specific services requested and preventing unauthorised use. They will also enable consumers to transfer their financial data between institutions at no cost, borrow on better terms by sharing data with lenders, and make direct payments from bank accounts. Consumers will also be able to revoke access to their data at any time.

The rules were part of the 2010 Wall Street reforms following the 2008 financial crisis. Smaller banks are exempt, while larger fintech firms have until 2026 to comply, and smaller ones have until 2030. These adjustments were made after feedback from industry stakeholders and the public.

Australia’s digital identity systems in danger of fregmentation

Australia is making strides in digital identity implementation yet faces challenges in interoperability and inclusivity among government levels and the private sector. As Australia’s ConnectID celebrates its first anniversary, Managing Director Andrew Black reflected on significant progress, highlighted by the adoption of mobile driver licences and the Digital ID Act.

These developments symbolise the country’s dedication to enhancing its digital ID infrastructure. However, Black warns of fragmentation risks as various systems develop in isolation, raising concerns about potential inefficiencies and user frustration due to lack of cohesion.

ConnectID aims to bridge these interconnectivity gaps by fostering collaboration between public and private initiatives, exemplified through their service expansion to over 10 million customers and the creation of the Japan–Australia Cross-Border Interoperability Working Group. Black emphasised the importance of continuous strategic interaction to prevent system conflicts and ensure technically compatible, user-focused solutions. The initiative underlines the need for a unified approach to avoid diverging systems that could hinder innovation and user satisfaction.

Meanwhile, New South Wales’ newly appointed digital minister Jihad Dib advocates for an inclusive approach to digital identity, viewing it as a ‘people strategy’. Dib stressed the importance of seamless, equitable digital access for all, aiming for comprehensive digital service availability by 2030. He noted the goal of continuing his predecessor’s efforts while aligning with federal standards to prevent digital congestion akin to traffic gridlock.

Why does it matter?

Challenges faced by the Australian digital ID stress the importance of a collaborative digital identity system that prioritises interoperability and inclusivity. The key features are crucial for public trust and widespread adoption.

The broader understanding is that digital identity should be seen as more than a technical or legislative issue. It is a social challenge warranting a balance between innovation and accessibility.

AI in waste management raises privacy concerns

Citi es are increasingly turning to AI to enhance waste management and reduce contamination in recycling and composting efforts. In East Lansing, Michigan, where a significant student population often contributes to recycling contamination, city officials have launched a pilot program using AI to address the issue. The initiative includes equipping recycling trucks with AI-powered cameras that identify non-recyclable items and sending personalised postcards to residents to inform them of their mistakes. This approach has reportedly led to a 20% reduction in recycling contamination.

Despite these promising results, privacy concerns have arisen regarding the collection of personal data through these AI systems. Experts warn that the information gathered from residents’ trash could expose sensitive details about their lives, potentially leading to identity theft or misuse by authorities. For instance, a discarded pregnancy test could be used against a woman in states with strict abortion laws. This phenomenon, referred to as ‘mission creep,’ raises alarms about how technologies designed for one purpose can evolve into surveillance tools.

City officials, like East Lansing’s environmental sustainability manager Cliff Walls and Leduc’s environmental manager Michael Hancharyk, acknowledge these privacy issues and are taking steps to mitigate risks. They emphasise working with vendors to ensure data protection and transparency with residents. Hancharyk noted that his city had to comply with Alberta’s privacy regulations before implementing its program.

While acknowledging the importance of improving waste management, cybersecurity experts stress the need for municipalities to carefully weigh the benefits of AI against the potential risks to residents’ privacy. They advocate for thorough assessments of new technologies and their implications, particularly for sensitive populations. As cities continue to innovate in waste management, striking a balance between efficiency and privacy will be crucial.

Vedomosti reports increased iPhone purchases by Russian government amid security concerns

Russian government spending on iPhones between January and September was four times higher than during the same period last year, according to Vedomosti. Security warnings and restrictions on some officials have not prevented these purchases.

The Federal Security Service (FSB) last year accused the US of using spyware to compromise thousands of iPhones. Although Apple rejected the claim, officials preparing for the 2024 presidential election were instructed to avoid iPhones over espionage concerns.

Contracts for iPhones totalled 6.9 million roubles for the first nine months of 2024, compared to 1.6 million the previous year. Despite the digital ministry banning iPhones for work purposes, officials and institutions continue to procure them.

Demand for the latest iPhone 16 remains strong, with consumers relying on grey-market imports after Apple halted direct exports due to the conflict in Ukraine. Even with higher prices, interest in Apple products across Russia shows no signs of slowing.

Vodafone pushes for cybersecurity reforms in Greece

Vodafone Greece, in collaboration with the Hellenic Foundation for European and Foreign Policy (ELIAMEP), presented a set of proposed cybersecurity policies to Michalis Bletsas, Governor of the National Cybersecurity Authority. The initiative stems from public opinion surveys conducted by Metron Analysis on the views of Greek citizens and businesses on digital security, and a roundtable discussion at the Delphi Economic Forum’s Center for Cybersecurity.

The project identifies key issues in Greece’s cybersecurity landscape, such as fragmented policies, weak public-private sector collaboration, and a lack of a cybersecurity culture among workers. The proposals aim to improve anticipation, prevention, resilience, and response to cyber threats by reforming Greece’s legislative framework and raising awareness about digital security. Bletsas noted that these proposals align with the European NIS2 Directive, which is currently under public consultation.

Maria Skagou, Vodafone Greece’s Director of Legal and Regulatory Affairs, emphasised the importance of cybersecurity in today’s digital age, stressing the need for risk prevention, staff training, and public awareness to address evolving threats.

Qatar CRA launches pioneering consumer protection policy in telecommunications sector

The Communications Regulatory Authority (CRA) has introduced a comprehensive Communications Consumer Protection Policy and Regulation to enhance consumer rights and ensure fair practices within Qatar’s telecommunications sector. The policy establishes clear rules that service providers must follow and covers crucial areas such as advertising standards, billing transparency, contract fairness, data privacy, and protection from unsolicited marketing and spam.

Additionally, it guarantees uninterrupted access to emergency services while setting clear procedures for handling consumer complaints and disputes. Moreover, by modernising the regulatory framework, the new policy replaces outdated regulations, including the 2014 Telecommunications Consumer Protection Policy, thus ensuring a more robust protection system. It is also aligned with Qatar’s Vision 2030 and Digital Agenda 2030, ensuring that consumer protection is improved and supports broader national goals.

Furthermore, the CRA’s initiative reflects its proactive approach to safeguarding consumer rights and maintaining a competitive telecommunications environment in Qatar. The CRA significantly strengthens its leadership in consumer protection and innovation by holding service providers to higher standards and ensuring that consumers have access to clear information and reliable services. As a result, this policy not only addresses consumers’ immediate needs but also ensures that Qatar’s telecommunications sector remains at the forefront of technological advancement and regulatory best practices.

Internet Archive faces major cybersecurity breach amid targeted attacks

The Internet Archive, the world’s largest digital library, is facing new security troubles after recently recovering from a series of cyber-attacks. On 20 October, users and media outlets reported receiving an email that appeared to come from the Internet Archive Team, revealing a stolen access token for the library’s Zendesk account, a customer service platform. The email claimed the Internet Archive had failed to rotate several exposed API keys, including one that allowed access to over 800,000 support tickets since 2018.

The email, although unauthorised, seemed legitimate as it passed security checks, indicating it might have come from an official Zendesk server. Security experts, including the group Vx-underground, believe the hackers still have persistent access to the Archive’s systems, sending a clear message about unresolved vulnerabilities. Jake Moore, a cybersecurity advisor at ESET, stressed the importance of swift audits after such attacks, warning that attackers often return to test new defences.

The recent cyber-attacks on the Internet Archive included distributed denial-of-service (DDoS) attacks, website defacement, and a data breach. While the pro-Palestinian hacktivist group BlackMeta claimed responsibility for the DDoS attacks, the data breach involved a separate threat actor. According to reports, the breach was caused by an exposed GitLab configuration file, allowing the hacker to download source code and access sensitive information, including the Zendesk API tokens.

Experts warn that the attack may have compromised over 800 support tickets. Despite criticism for not rotating API keys, Internet Archive faces significant challenges in fully understanding the extent of the breach and preventing further exploitation. Ev Kontsevoy, CEO of Teleport, emphasised the importance of having a clear view of access relationships to manage incidents without widespread disruption.

The Internet Archive and its founder, Brewster Kahle, have not publicly commented on the issue. Both Internet Archive and GitLab have also yet to respond to requests for more information.

The situation remains ongoing as the digital library works to address the security flaws that continue to leave it vulnerable.

News Corp sues AI firm Perplexity over copyright violations

News Corp, the media giant behind outlets like The Wall Street Journal and the New York Post, has filed a lawsuit against the AI search engine Perplexity, accusing the company of infringing on its copyrighted content. According to the lawsuit, Perplexity allegedly copies and summarises large quantities of News Corp’s articles, analyses, and opinions without permission, potentially diverting revenue from the original publishers. The AI startup, which positions itself as a tool to help users ‘skip the links’ to full articles, is claimed to have harmed the financial interests of news outlets by discouraging users from visiting the sources.

The lawsuit goes beyond accusations of content scraping, stating that Perplexity has sometimes reproduced material verbatim and falsely attributed facts or even invented news stories under News Corp’s name. News Corp claims it sent a cease-and-desist letter to Perplexity in July but received no response, prompting the legal action. Perplexity has also faced similar accusations from other major publications like Wired, Forbes, and The New York Times, with concerns over scraping content, bypassing paywalls, and plagiarism.

In the lawsuit, News Corp asks the court to order Perplexity to stop using its content without authorisation and destroy any databases containing its works. CEO Robert Thomson condemned Perplexity’s practices as abusing intellectual property that harms journalists and content creators. Thomson did, however, commend other companies like OpenAI, which have made deals with News Corp and other outlets to use their content for AI training legally.

Perplexity has yet to comment on the lawsuit, though it has started paying some publishers, including Time and Fortune, for the use of their content. As the legal battle unfolds, the case highlights growing tensions between traditional media companies and AI platforms over the use of copyrighted material.