fbpx
Connect with us

Cybersecurity

Tunisian government efforts to contain Covid-19 raises privacy concerns

Ranine Awwad

Published

 on

Tunisian government efforts to contain Covid-19 raises privacy concerns

Governments are relying on data-driven technology to help contain the Covid-19 spread. The Tunisian government has been using SIM cards for tracking purposes. Cell site location information is one of the various methods used to trace individuals. Smartphones send signals to cell towers operated by telecommunications operators. This process generates information about a citizen’s precise location. The measures implemented by the Tunisian government opens a new debate about privacy. In fact, international human rights frameworks apply to measures implemented to track and manage Covid-19 using mobile location data.

On May 18, 2020, following measures to slow down the spread, the Tunisian health minister announced a plan to utilize an application to track those infected with COVID-19. The new adopted application is called “Ihmi” or Protect was developed by a Tunisian startup company. The ministry said that this App does not invade personal data in ways that undermine the law. However, Akil Nagati, head of the Wizz Labs start-up behind the app, avowed that personal data would be archived for 14 days under the control of the National Personal Data Protection Authority and will only be used by “L’Observatoire des maladies émergentes” (ONME) for contacting people about the pandemic, according to the New Arab.

On June 14, 2020, during an interview with Altessia TV, Tunisian PM Elyes Fakhfakh indicated that monitoring citizens through their SIM card enabled the government to detect overcrowded places and the extent of commitment to the procedures. Fakhfakh confirmed the existence of an operating room working around the clock to follow the movements through mobile phone chipsets.

Fakhfakh confirmed that the authority has already approved a procedure to monitor the whereabouts of Tunisians via mobile phone SIM card during the period of comprehensive quarantine. “We do not monitor citizens and their personal data, and all monitoring activities were done in cooperation with the Personal Data Protection Authority”.

According to Mozaique Fm, Minister of Telecommunications Technologies and Digital transformation Mohamed Fadhel Kraiem said that the application used to track the extent of commitment to the quarantine “Manara” was used in conjunction with other applications. The process was done in full coordination with the Personal Data Protection Authority. Chawki Kaddas, Head of the Authority already denied knowledge of such application. “We are completely unaware of this project, despite our advice on the rest of the projects that concern personal data”, Kaddas told Mozaique Fm.

Minister of Telecommunications and Digital Transformation Mohamed Fadhel Kraiem avowed that there is an email on the subject dated April 4, 2020. This email includes a list of all the applications launched to counter Covid-19. “I suspect that there is a misunderstanding from the Personal Data Protection Authority Chairman,” said Kraiem.

The National Authority for the protection of Personal Data (INPDP) issued a notice regarding the issue on June 15, 2020. “The head of INPDP was consulted by the ministry in charge by email regarding the usage of a number of applications (Wikaya, StopCorona) including “Manara” that turns out to be the application explicitly mentioned by PM Fakhfakh” states the notice. The document issued by INPDP referred to an email sent by Kaddas on April 4, 2020, through which he evaluated the “Manara” application. Back then, Kaddas pointed out that if this procedure was used without identifying phone number owners, then it doesn’t violate the provisions related to the protection of personal data”. Kaddas emphasized that every observation of individuals while revealing their identities requires legal permission.

On June 15, 2020, the Ministry Of Communication And Digital Transformation Technologies published a notice on Facebook saying that this application relies on general data on the mobility of mobile phone use in a given area without relying on the personal data of citizens. “The Ministry confirms that is it is keen to respect the legal framework regarding the protection of personal data, in consultation with the National Authority for the Protection of Personal Data”.

The Ministry’s statement seems ironic as tracking the mobility of mobile phone usage means knowing the number’s movement. Thus, the ministry tracks a citizen’s movement, which violates their rights to privacy. In fact, Tunisia introduced mandatory SIM card registration in 2014.  Since then, mobile phone customers in Tunisia are required to present documentary evidence to prove their identity upon purchase of a SIM card.

“Governments must be transparent about the measures they are taking. Any claims that data is anonymous must be based on evidence and supported with sufficient information regarding how it has been anonymized” said Amnesty International in a joint civil society statement about State use of digital surveillance technology released on April 2, 2020.

The Tunisian constitution adopted in January 2014 contains explicit protection of the right to privacy. On March 9, 2018, the Minister of Justice Ghazi Jeribi announced that Tunisia would become the first country outside of the European Union to have a law on personal data protection. This law was approved in March 2018 and came into force on March 25, 2018.  However, there is a risk that many of these technology capabilities may become the norm of every Tunisian life in the future, as well as other countries in the world today.

Tracking applications are used as part of emergency measures but governments may retain the power of these tools for future use- tracking protestors for example. Samuel Woodhams, Top10VPN’s Digital Rights Lead, has commented on tracking tools used by the government saying that these measures will become the norm around the world. “Although some applications may appear entirely legitimate, many pose risk to citizens’ right to privacy and freedom of expression,” he told Business Insider.

Advertisement

Ranine joined Inside Telecom as an Investigative Journalist. Her extensive fieldwork and investigations shed light on many socio-economic issues. Over the past few years, she has transformed her key findings into in-depth analytical reports. She earned a Bachelor’s Degree in Journalism and Communication.

Cybersecurity

Google funds Linux kernel developers to focus exclusively on security

Inside Telecom Staff

Published

 on

Linux kernel

Google and the Linux Foundation said Wednesday they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva, and Nathan Chancellor.

Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives to ensure the world’s most pervasive open-source software project is sustainable for decades to come, a statement from Linux said.

The Linux Foundation’s Open Source Securing Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently published an open-source contributor survey report that identified a need for additional work on security in open-source software, which includes the massively pervasive Linus operating system.

Linux is fueled by more than 20,000 contributors and, as of August 2020, one million commits. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software.

“At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open-source software,” said Dan Lorenc, Staff Software Engineer,

Chancellor’s work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing.

Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies. Chancellor has been working on the Linux kernel for four and a half years.

Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools.

“I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone,” said Chancellor, Linux maintainer.

Gustavo Silva’s full-time Linux security work is currently dedicated to eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types.

Additionally, he is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities. Silva sent his first kernel patch in 2010 and today is an active member of the Kernel Self Protection (KSPP). He is consistently one of the top five most active kernel developers since 2017 with more than 2,000 commits in mainline. Silva’s work has impacted 27 different stable trees, going all the way down to Linux v3.16.

“We are working towards building a high-quality kernel that is reliable, robust and more resistant to attack every time,” said Silva, Linux maintainer. “Through these efforts, we hope people, maintainers in particular, will recognize the importance of adopting changes that will make their code less prone to common errors.”

“Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure,” said David A. Wheeler, the Linux Foundation. “We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success.”

Funding Linux kernel security and development is a collaborative effort, supported by the world’s largest companies that depend on the Linux operating system. To support work like this, discussions are taking place in the Securing Critical Projects Working Group inside the OpenSFF.

——————————

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open-source software, open standards, open data, and open hardware.

Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration.

Continue Reading

Cybersecurity

UAE Central Bank bolsters cybersecurity with attack simulation

Inside Telecom Staff

Published

 on

attack simulation

The Central Bank of the UAE (CBUAE) conducted on Sunday a first-of-its-kind cyberattack simulation exercise designed to test the resilience of the country’s banking sector against cyber threats.

“The exercise affirms CBUAE’s preparedness to prevent or mitigate cyber threats that may cause disruptions to the UAE’s economy and financial stability,” a statement by CBUAE explained.

The exercise was conducted – in collaboration with the UAE Banks Federation (UBF) – under the Central Bank’s mandate to ensure the stability and resilience of the UAE’s financial system through the implementation of sophisticated processes and techniques that can combat the threat of advanced cyberattacks and protect the soundness of the banking system.

During the cyberattack simulation drill, participating banks were exposed to real-time scenarios to assess and apply sector level crisis management strategies.

CBUAE urged banks to bolster their defenses against such attacks and confirmed its commitment to continue the development of its Information technology infrastructure and cybersecurity capabilities in line with the international standard and best practices.

Attacks on financial institutions spiked by a massive 238 percent from the beginning of February to the end of April 2020, as cyber-criminals took advantage of peaks in the COVID-19 news cycle, according to VMware Carbon Black.

According to Accenture, the cost to address and contain cyber-attacks is higher for financial services than any other sector.

CBUAE is responsible for supporting monetary and financial stability and sustaining economic growth in the UAE. It achieves this through supervision, prudent reserve management and the development of a robust financial infrastructure and policies in line with international best practices.

Continue Reading

Cybersecurity

Cybersecurity trends in 2021: Learning from a harsh year

Yehia El Amine

Published

 on

cybersecurity trends

This year has been unlike any other in living memory, barely any aspects of our lives have been spared by the impact of the worst public health crisis in decades.

The worldwide COVID-19 pandemic shifted the way we lead our day-to-day, laying bare to our collective fragility, while greatly heightening our sense of uncertainty. The effects of which will have a long-lasting aftertaste of how our reality has changed, as well as in the unforeseeable future.

The seismic shift caused by the pandemic, also fueled our embrace of technology by increasing our reliance on connectivity and pushing digital transformation into overdrive. Yet, with this reliance on the digital realm, comes risks and potential threats looking to take advantage of the situation.

Reports and breaking news stories throughout the year proved that cybercriminals were quick to adapt to this new norm, exploiting the pandemic and remote working circumstances to profit.

While most of the cybersecurity trends that emerged throughout the year will likely spill over into 2021, there is no definitive way to pinpoint how the cybersecurity landscape will look like a year from now.

However, by monitoring the current events that shaped this year, experts can foresee the areas that will be affected by cyberattacks, as well as the practices that will persist.

Let’s jump right in.

1- Remote workers will remain targeted

Remote workers are the golden nugget of cybercriminals far and wide, which is why they’ll continue being the prime targets for hackers. The reason behind this is due to them operating and using their own devices and Wi-Fi connection to conduct their work.

Home networks aren’t as fortified as their corporate counterparts, at the end of the day, no one has an IT team hanging about in their closet. In parallel, a large number of businesses weren’t properly prepared for the shift to remote work, making homebound workers easier to target.

According to a report published by VMware, a U.S.-based cybersecurity software company, global organizations saw a 148 percent spike in ransomware attacks in March of 2020, just when businesses began to make the shift to remote work.

“Attackers have been using COVID-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, crypto miners, botnets and ransomware,” the report explained.

2- Automation for all the wrong reasons

To deal with the slash in profits, companies have been scrambling to find ways to put security solutions and their remote staff on the same table, signaling the use of hyper automation.

Hyper automation consists of integrating artificial intelligence (AI), machine learning (ML), and robot process automation (RPA) to automate their processes or any other task.

According to market estimates, artificial intelligence in the cybersecurity market is projected to grow from USD 8.8 billion in 2019 to USD 38.2 billion by 2026 at a CAGR of 23.3 percent.

Hackers have taken note of this and have started to develop their very own software disguised as an AI-automation software. Tricking remote workers to install this fake software will allow cybercriminals to pinpoint areas of defense, while marking vulnerabilities.

Using the data gathered by the software, it gives hackers the know-how to slip past or attack similar defensive software.

This is dangerous in every sense of the word since it allows attackers to subtly slip through the cracks faster and at a much stealthier rate; they’ll know before they attack what they are looking for, what to avoid, and how to escape unnoticed.

3- The rise of 5G

Our online behavior changes each year, with every new emergence of technologies that heavily impact our lives. And as the fifth generation of mobile networks begins to softly rollout internationally, our reliance on cloud-based systems grows.

Both B2B and B2C sectors will soon have the opportunity, and later be mandated, to shift toward 5G data management technology. According to Leftronic, 5G is expected to cover almost 40 percent of the world by 2024 with data transfer speeds of up to 10GB/s.

While there exists a plethora of reasons as to how 5G will better our lives, the same could be said about the potential risks that may accompany it.

High-speed data transfers will equip hackers with the ability to infect data packets and conduct corporate espionage at a much faster and subtle rate. Companies will need to revamp and beef up their cybersecurity teams to maintain a high level of security and surveillance for their sensitive data.

According to Cybersecurity Ventures, the cybersecurity talent crunch is expected to create 3.5 million unfilled cybersecurity jobs by 2021, up by 350 percent from 1 million positions in 2014.

4- Cloud attacks

While businesses across the globe were slowly migrating their work to the cloud in pre-COVID times, the pandemic acted as a catalyst for the same, as it acted as a notable ally to ensure business continuity across the board.

According to IDC, the global cloud services market spending is projected to reach USD 1 trillion in 2024, at a CAGR of 15.7 percent during the forecast period 2020-24.

Cloud-based security threats, including misconfigured cloud storage, reduced visibility and control, incomplete data deletion, and vulnerable cloud-apps, will continue to disrupt businesses in the future ahead.

5- IoT security concerns

With 5G’s slow ascension to power brings with it a myriad of technological advancements within its entourage, and the hardest hitter among them is the Internet of Things (IoT).

IoT is on the rise not only for commercial use, but also on the B2B end, most notably in the industrial sector which has laid the ground for transformations in critical infrastructures such as healthcare, automotive, maritime, shipping, and much more.

While this will help shape and fuel the digital revolution, in parallel, it opens the door for many risks and breaches on the cybersecurity level.

“Not only is more data being shared through the IoT, among many more participants, but more sensitive data is being shared. As a result, the risks are exponentially greater,” a report by Deloitte highlighted.

According to American research and advisory firm Gartner, there will be 25 billion Internet-connected things by 2020, and close to $2 trillion of economic benefit globally. That’s a lot of IoT devices and the biggest question is, can tech companies secure all these objects from threats?

A single compromised node can be leveraged to break into corporate networks with severe consequences. Insecure designs and architectures will result in non-encrypted personal data, hardcoded passwords, software, and firmware updates from unverified sources.

This means every IoT design should start with security. Giant tech firms as well as startups should incorporate security into the initial design process, while adding layers of security to protect people from the cyberattacks vis-à-vis giving them more control over the devices themselves.

6- Data, the new oil

Every single click, swipe, visit, and view is the creation of data, a digital footprint that gets bigger and bigger year-in and year-out translating into a company’s most prized possession; and as they broaden this footprint, hackers will remain resolute in their attempt to breach that data.

Thus, the easiest way to access this sensitive data is through the remote workers operating on weakly-protected home networks. From there, experts foresee the increase in VPN usage as well as additional security measures to protect company data while they work from home.

According to Cisco, since the beginning of the pandemic one of the top policy changes made in organizations has been to increase VPN capacity (59 percent) for remote workers.

7- FinTech under fire

The financial industry is considered one of the most threatened sectors in terms of cybersecurity for obvious reasons. Just take a moment and think back to how many data breaches has happened this year solely on financial institutions.

The reasons behind these breaches are always different, from the rogue employee, to the vigilante hacker, only one person is enough to cause significant damage to a financial corporation’s business.

According to Fortunly, cybersecurity investments in Fintech have grown to $646.2 million in 2020, more than double of what businesses spent on IT in 2019.

Thus, companies need to be wearier regarding their assessment of risks, while putting in place air-tight security reforms that protect not only their business models, but their customers’ sensitive data as well.

Hence, a balanced innovation is needed that promotes the growth of the fintech industry and mitigates the hidden risks of its services.

As the COVID-19 battle seems to be at its end with the creation of several vaccines, the experience of the pandemic should serve as a harsh lesson for decision-makers to make the necessary changes going forward.

Continue Reading

Trending