|
|
 |
We can’t be naïve as previous generations were with technologies.
— Emilio Ferrara, USC professor of computer science
|
|
Welcome back to Snippets 👋 Somehow, it's already September? Here's what's happening this week in privacy.
- The Dutch DPA levied a €30.5 fine against Clearview AI, following fast on last week's €290 million fine for Uber.
- Plus, CrowdStrike's senior leadership was called to testify in front of Congress following the global outage in July.
- There's more: North Korean hackers exploited a Chrome bug to steal cryptocurrency, Elon Musk posted fake pictures of Kamala Harris on X, and Samsung's new phone takes a quantum approach to security.
|
|
|
|
|
|
Clearview AI fined €30.5 million in the Netherlands
|
 |
|
Alex Castro / The Verge
|
The Dutch Data Protection Authority (DPA) levied a €30.5 million ($33.7M) fine against Clearview AI, the largest penalty the facial recognition company has ever received in Europe.
|
- According to the DPA, Clearview created an illegal database that linked users' photos to "unique biometric codes" and didn't inform people about how their images were being used.
- It also claims that Clearview's alleged violations continued during the investigation, which could result in an additional fine of up to €5.1 million.
- Clearview's Chief Legal Officer, Jack Mulcaire, stated that, as Clearview doesn’t have a base of operations or customers in the Netherlands, the DPA’s decision is “unlawful" and "unenforceable.”
|
|
|
|
|
|
|
Understanding California’s latest wave of privacy and AI bills
|
|
In a marathon finish for the California Legislature, lawmakers sent nine bills to Governor Gavin Newsom’s desk for signature—most revolving around the handling of consumer data and regulating artificial intelligence.
In a legislative livestream on September 4, Runway Strategies co-founder Dave Barmore and Transcend Field CPO Ron De Jesus reviewed the bills and explored the implications for privacy teams. Find the recording and recap below!
|
|
|
|
|
|
|
|
CrowdStrike leadership to appear before Congress
|
 |
|
Sarah Grillo/Axios
|
On September 24, leaders from cybersecurity firm CrowdStrike will appear before Congress to answer questions in an initial hearing about the global internet outage that affected 8.5 million Microsoft devices in July.
|
- The outage, which disrupted flights, banking operations, and shut down a TV station, led members of Congress to emphasize the urgent need to reassess the resilience and readiness of cybersecurity infrastructure in response to growing threats.
- Congressional leaders originally called on Crowdstrike CEO George Kurtz to testify, but Adam Meyers, Senior VP of Counter Adversary Operations, is the one who will appear before the House Homeland Security Cybersecurity Subcommittee on September 24.
- The hearing will serve as a litmus test for the goodwill CrowdStrike has earned with lawmakers and likely reveal the extent to which customer trust was eroded by the incident.
|
|
|
|
|
|
|
|
North Korean hackers exploited Chrome bug to steal cryptocurrency
|
 |
|
Contributor / Getty Images
|
A new Microsoft report has revealed that a previously unknown bug in Google Chrome was exploited by North Korean hackers to steal cryptocurrency.
|
- According to Microsoft’s research team, the bug was a zero-day vulnerability in Chromium, the codebase for Chrome and Microsoft’s Edge browser.
- The researchers determined the hackers were linked to a group called Citrine Sleet, which is known for creating fake trading websites to trick victims into downloading malicious wallets.
- North Korean government hackers have targeted cryptocurrencies extensively, stealing an estimated $3 billion between 2017 and 2023 and using the funds to bankroll the country's nuclear weapons program.
|
|
|
|
|
|
|
|
- A controversial finding on privacy in AI models.
- Are privacy and self-expression mutually exclusive?
- Elon Musk posts AI image of Kamala Harris in communist attire.
- Dissecting the implications of France’s AI Surveillance Law.
- Analyzing the revoked appeal around healthcare web tracking.
|
|
|
|
|
|
A new solution to identify online bot accounts
|
 |
|
Stephanie Arnett/MIT Technology Review | Adobe Stock
|
With smarter AI models making it increasingly hard to distinguish between humans and bots online, researchers are exploring the idea of “personhood credentials.”
|
- In theory, these credentials could be used to prove that someone is a real person while still protecting their identity.
- To obtain the credential, a user would need to visit an issuing organization in person and present their ID or biometrics. The credential would then be stored on their device.
- The credential could be verified by a third-party digital service provider using zero-knowledge proof—a cryptographic protocol used to corroborate statements without sharing additional data.
- Though the system could help identify fake accounts and AI-generated content, experts are skeptical about its feasibility—expecting resistance from third parties who might not want to adopt it without standardized controls.
|
|
|
|
|
|
|
|
Samsung takes novel approach to device security
|
 |
|
|
Samsung has released a new smartphone, the Galaxy Quantum5, which will protect consumer data using encryption techniques based in quantum physics.
|
- Using a quantum computing chip, the Quantum Random Number Generator (QRNG), the phone generates random numbers to encrypt sensitive data and make it less vulnerable to digital attacks.
- As the phone's security operates on a separate chip, it would be difficult to access through other components—blocking external attempts at interference, spying, and manipulation.
- As the model is partially built by SK Telecom, the phone is unique to that network and cannot be purchased outside of South Korea.
|
|
|
|
|
|
|
Explore the ultimate guide to consent and preference management
|
|
Effective consent and preference management are crucial for navigating the data privacy landscape, but it's important for businesses to understand the differences between the two concepts.
Our latest guide breaks down the differences between consent and preference management, offers tips for deploying compliant consent management interfaces, and explains how to build preference centers that foster customer delight and trust.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
