News

On Tinder? Russia may swipe right on your personal data

Russian intelligence agencies are asking Tinder, one of the most popular dating and hookup apps worldwide, to hand over user data so they can monitor citizens, purportedly in the interest of national security.  

This is unquestionably scary for Russian citizens — this is a country with a long history of prosecuting gay people, for one thing, so for individuals to have their sexual preferences and habits on display at a national level is disturbing to say the least.  

If the aim of Russian spy agencies is to find ways to compromise individuals for state interests, then dating data could be some of the most damning info about people out there. 

What data does a dating app collect on you?

Tons! You may not “super like” it, but Tinder acquires info including (but not limited to): your Facebook likes; links to your Instagram photos; your education; your age; the age range of people you’re interested in; how many Facebook friends you have; your locations; when and where every conversation happened with every single user you’ve ever messaged on the app — and those conversations in their entirety. It’s tough to access your own data, and even tougher to delete it.  

Not limited to Russia

The reverberations of this can be felt internationally: it’s not just Russian citizens’ data the app could be compelled to surrender.  

Tinder is one of 145 apps and sites from which Russia’s internet and censorship authorities can demand data. By Russian law, Tinder could be pressured to relinquish the private information of any of the 50 million users across the planet. 

Swiping left on privacy

It remains to be seen whether Tinder will comply, but if Russia is a big enough part of Tinder’s business, there’s no reason to assume the app will uphold user privacy agreements.  

This is a concern for anyone who’s ever used Tinder, not just Russian citizens or people who may want to visit the country, but anyone involved in politics or corporations; if the Russian government can find something on you, they could conceivably use it against you.  

Our own government has similar power

Western democracies aren’t innocent of this kind of behaviour — and Canadian or U.S. authorities could use existing laws to the same ends. Our governments at home could request private info from social media sites and there would be very little that an individual could do about it.  

In theory, though, accountability and due process are embedded into our laws, whereas in Russia, human rights are beside the point.  

As if you needed another reason to ditch the dating apps…

As always, be careful about what you do and say online, because there’s no way to guarantee that private message to your match is truly private. 

Here are a few steps to make dating online safer: 

  • Only share what you need to, even in supposedly private messages 

  • Move off the platform as soon as you’re comfortable; consider talking to your crush using a more secure method 

  • Check the terms of service of apps you’re using, and choose apps that limit data retention. If you can delete your own data, do that too! 

  • If you stop using an app, contact the company to have your profile removed 

  • Lobby for better privacy protections from your government — if you don’t make it an issue, they won’t either! 

To get the right information at the right time, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245. 

Toronto cops using facial recognition to nab lawbreakers

Facial recognition may have been banned for agencies this month in San Francisco, but in the bustling Canadian city of Toronto, police are using the technology to generate leads in investigations as more and more crimes are caught on video.  

Officers have conducted more than 2,500 facial recognition searches since the half-million-dollar system was purchased in March of last year.  

How does it work?

Toronto police use artificial intelligence to compare any photo or video evidence they gather against a mugshot database. That evidence can include anything from government surveillance, to public or private enterprises’ footage captured on security cameras.  

This is a controlled use of facial recognition that has obvious benefits for the public. In fact, in the case of the Toronto police, they had 80% accurate matches against their mugshot database; 60% of the time they were able to rely on these matches to further investigations. Though it’s far from perfect, it’s much more accurate than other jurisdictions using this method of identification.  

Extreme uses of facial recognition A.I.

Not all police forces are using facial recognition in appropriate ways. The U.K. police are notorious for their Minority Report-esque way of fighting crime before it happens — using software that has a shocking 98% error rate, and that wrongly targets women and people of ethnic minorities.  

Beyond the Western world, China has some of the most extreme uses of facial recognition on the planet. An entire city — particularly the Muslim minority population living there — is monitored 24/7 for facial recognition as well as gait recognition (the unique way people walk).

This city had a database breach where all this biometric data leaked out, which illustrates one of the worst aspects of these types of A.I.-driven recognition tools: the fact that once it’s out there, anyone could copy that pattern and abuse it. You can’t change inherent aspects about yourself the way you can easily change a password. 

Part of the investigative tool set

Toronto police are describing the way they use facial recognition as “part of the investigative tool set” but not as conclusive evidence on its own — and this is a good approach. It’s not foolproof and involves more error than DNA testing, for example, but because it’s regulated and part of a holistic way of identifying culprits, the risk is limited. 

Public consent needed

Canadian politicians are finally waking up to the importance of controlling any technology that has the potential to infringe on citizens’ privacy rights. Democrat MP Charlie Angus is sounding the alarm on Capitol Hill about the perils of tech that tracks people, saying that as a country we need to discuss guidelines for the legitimate uses of surveillance.  

Ask the right questions

Privacy is all about control and consent. We need to ask the important questions about facial recognition: what level of civilian oversight is provided, how long will the photos and videos be stored, and when investigations are closed, when does the data go away? Being informed and asking the right questions can prevent dangerous uses and abuses of emerging technologies.  

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245. 

Protecting your digital identity in the era of mass surveillance – before it’s too late

San Francisco has just become the first U.S. city to ban facial recognition technology, to prevent discrimination and the inevitable curtailing of civil liberties that attends this type of artificial intelligence used by municipal agencies. Other cities are following suit, but despite this progress, the tech’s use is growing.   

If you frequent airports, sports stadiums, malls or grocery stores, facial recognition technology may soon be a big part of your life — whether you like it or not.   

Rather than check individual tickets, some airports are now using A.I. to scan faces as people pass the gates; if you’re paid up and your identity checks out, you’re allowed to board your flight.  Convenient, right?  

However, when the private sector uses our biometric data to discriminate their marketing tactics, we enter dangerous territory when it comes to the protection of your digital identity.  

Malls have been caught using facial recognition cameras to guess your age, gender and even mood to advertise accordingly, luring you to certain stores or kiosks where you’re likely to spend money.   

Even grocery stores can identify you in the aisles by your age and gender, displaying products on screens based on your marketing demographic. 

What is biometric data?

Biometric data — fingerprints, retinal scans, gait recognition (the way you walk), voice recognition, DNA, facial scans — are unique to the person, and aim to quickly confirm your identity.   

For individuals, the main benefits of using biometric data such as facial recognition are speed and convenience. You can avoid rummaging in your pockets for your concert or game tickets at a stadium. You can skip the lines, and just walk past scanning tech that can do the work instantly.   

For corporations, the benefits are more to do with the ability to sway purchasing behaviour. And for governments, they get to monitor and control populations by combining biometric and other surveillance data with artificial intelligence. 

Privacy concerns amid surveillance

The convenience of these technologies comes at a steep cost, especially regarding privacy. The most extreme example is China, where the government is known for abusing biometric data collection: they publicly shame people who jaywalk; they can capture facial scans and recognize citizens’ gaits to prevent those with a low social score from flying or from purchasing real estate; they can track anyone’s location at any time, often unfairly targeting ethnic or religious minorities.   

Closer to home, Toronto has been piloting the Sidewalk Labs project, a data-driven smart city initiative that facilitates things like snow removal and traffic planning, and can curb crime by way of sophisticated security cameras. But because Sidewalk Labs have refused to de-identify people, privacy expert Dr. Ann Cavoukian and others have denounced it as little more than a data mine that could cause harm if that data is leaked or abused.  

Glaring flaws in biometrics

Beyond surveillance, biometric identification has a major flaw: you can replace a compromised credit card, but if there’s a breach of your biometric data, you can’t change your face. Not easily, anyway!   

There’s a big possibility of false positives, too. In London last year, the Metropolitan Police misidentified and fingerprinted a 14-year-old black boy, and figures reveal this kind of mistake is no anomaly; in fact, facial recognition software wrongly identified members of the public as criminals 96% of the time.  

In its current iteration, facial scanning can also be racist and sexist; these technologies are prone to error when it comes to recognizing women and people of colour.  

Yet another issue: It can be used to advertise to you without your permission in malls and grocery stores, even in taxis. And with all facial recognition in the public sphere, the individual can never be sure when or how their sensitive data is being used, or whether or where it’s being stored.

The cost of convenience

While there are obvious pros to facial recognition — such as increasing border security and facilitating police efforts to track down dangerous criminals — as a society we need to ask how much of our personal data we’re willing to sacrifice in the name of safety and convenience. If it’s becoming too much, we need to call on legislators to stand up for citizens’ privacy before we become even more accepting of surveillance tech and all the risks that go along with it.   

Awareness training is the first step towards protecting your digital identity. Reach out to the Beauceron team to get informed on how our learning content can support your organization, info@beauceronsecurity.com

Five ways your organization can reduce burnout across your IT team

Beauceron Security ‘s mission is to empower people.

When we do that well, people help their organizations proactively reduce their cyber risk while also improving their ability to respond and recover from cyber incidents.  

Part of that mission involves helping people manage ever-increasing workloads and corresponding stress.

Competing priorities, constant change and financial constraints can create stress in the workplace. When left unaddressed, burnout — long-term, unsolvable job stress — can take over, and that’s bad news for your people and your bottom line.  

Information technology (IT) professionals are no strangers to workplace stress. Small teams of experts are facing increased security risks. In that context, it’s easy to see why so many organizations around the world struggle to build and maintain traditional security awareness programs - they just take too much time in an already too-busy workday.

That’s why we’ve designed a platform that leverages the best aspects of technology to do what computers do best - automate routine tasks and calculate data into meaningful metrics - while letting people focus on what they do best - connecting with other people.

When an organization becomes human-centric, it focuses on connecting and empowering its people and becomes more proactive, reducing the number of incidents and reactive issues teams have to deal with.

That results in less stress for leaders and employees.

Here are some of our tips on how to move to a human-centric approach.

1. Recognize it’s an issue

You can’t solve a problem until you acknowledge it. A  2019 study  that delved into Chief Information Security Officer (CISO) stress levels found that, across 408 CISOs in the United Kingdom and United States, 91 per cent reported to suffer from moderate or high levels of stress. In Canada, the inability to unplug after work hours is reaching pandemic proportions.   

Putting in place the right plan, maximizing the effectiveness of your human and technology resources and prioritizing risk areas are all ways to manage security stress.

When we designed the Beauceron platform, we looked for ways to help security leaders do all of those things through our powerful dashboards, metrics and through engaging every one in an organization to play a greater role in security.

2. Educate and empower your entire team

An educated team throughout your organization will stop security threats before they escalate to your IT department. Beauceron’s library of multilingual courses teaches employees about the important role they play in protecting their organizations.

Employees learn how to identify and report potential attacks, such as phishing e-mails. They also learn steps they can take to protect themselves including account hygiene practices such as using multi-factor authentication and password managers.

If a would-be threat never has the chance to materialize, the potential stressors on already overworked IT professionals can be minimized.  

3. Determine where your risks are

Many CISOs struggle to keep up with ever-changing risks. This can make it tough to pinpoint and address problems.

Beauceron identifies the risky people in your organization and helps them overcome weak points in knowledge and training to better the company’s overall risk score. Assessments are visual and easy-to-understand, helping high-risk employees change their behaviour quickly.  

Beauceron's pioneering approach goes far beyond employee training.

It’s unique scoring system and risk advisor feature helps identify risks not just in people, but in culture, process and technology, providing the world’s most comprehensive human-centric approach to managing cyber risk.

4. Rewarding and recognizing employees

The Beauceron platform comes with built-in rewards and a gamification system designed to get everyone engaged in managing their cyber risk. When education is gamified, people are more motivated to learn, their risk scores are lowered — and your stress is reduced!

Of course, a technology can only do so much. When you’re not spending time doing routine, repetitive tasks, you have time to think about additional proactive ways to help your team.

At Beauceron, we leverage our own technology and others that enable automation so that we can focus on additional ways to reward and recognize our team. That includes professional development opportunities and implementing improved benefits programs such as employee assistance programs (EAPs) that provide counselling and advice on legal, financial and mental health matters.

5. Promote flexibility and fun

 Recognize that individuals within your company have distinct personalities and need different tools in order to succeed.

Some may do their best work remotely, while others need more face-time and collaboration with co-workers.

Some may feel recharged after playing with a furry friend, (did we mention we’re supporting a “Canine Comfort Zone” run by St. John Ambulance?) Therapy dogs are on-site at Atlantic Security Conference in Halifax this month! Show your employees that their uniqueness is valued, and they’ll work harder for you.  

Stress is contagious.

If employees have their needs met, they’ll be more productive and won’t be passing stress along to the higher-ups whose jobs are demanding enough as is.   

Let Beauceron help you educate and empower your team — and reduce stress and burnout!  

Visit our booth at Atlantic Security Conference on April 24 and 25 or reach out to our team to learn more: info@beauceronsecurity.com or 1-877-516-9245. 

 

Beauceron lands more than $500,000 in equity investment

Beauceron lands more than $500,000 in equity investment

Beauceron Security Inc. a startup founded at the University of New Brunswick, has secured more than $500,000 in equity funding from private and public investors.

“We are thrilled to launch New Brunswick’s newest fully funded cybersecurity firm and extraordinarily grateful for the tremendous support we’ve received from the university, our investors and our early adopter clients,” says David Shipley, CEO of Beauceron Security.

Beauceron CEO talks about McDonald's Canada Hack

Beauceron CEO talks about McDonald's Canada Hack

Beauceron CEO David Shipley was recently interviewed on TorontoAM 640's The John Oakley Show about the breach of McDonald's Canada online job application website. 

Shipley talked about the deluge of online threats companies face today, what McDonald's did right in how it dealt with the incident and what others can learn from it.

What's going on with global cybersecurity? Beauceron CEO chats with CTV Atlantic

What's going on with global cybersecurity? Beauceron CEO chats with CTV Atlantic

From government websites being taken down due to a new vulnerability to a Canadian implicated in a conspiracy to hack Yahoo! to Russian interference in the US election, Beauceron CEO David Shipley and CTV Atlantic Anchor Steve Murphy discuss a wild month in cybersecurity.