Smart Solar Power Savings From Google

Google, in partnership with energy supplier Eon, with help from German software firm Tetraeder, has released an online tool called ‘Project Sunroof’ that uses Google’s Earth and Maps apps to estimate how much money homeowners could by switching to solar power.

How?

Smart ‘machine learning’ is at the heart of the tool, and it is able to examine factors like its roof area and angle, and weather data, and sun positioning to help it arrive at an estimate of the ‘solar potential’ of a house, and the total amount of sunlight that falls on a particular rooftop every year.

7 Million Rooftops

The partnership with E.On covers seven million rooftops across Germany. It uses E.On’s solar power and battery product offerings to calculate how much a specific household could save by installing solar panels and a battery pack.

Renewable Energy

The idea is part of a move towards countries, including the UK, adopting more renewable energy ideas, and is clearly a way to help inform and convince homeowners to cut energy bills, and help the environment by installing solar panels on their roofs.
International Energy Agency figures show that, even back in 2016, renewable energy accounted for two-thirds of new power added to the world’s grids. Solar power was the fastest-growing source of new energy worldwide that year, and is still growing in popularity now.

In the EU, the Renewable Energy Directive set out for all member countries to reach a 20% renewables target before 2020. Google’s shared project, therefore, helps to feed into that goal.

In recent years, many UK homeowners have taken advantage of grants and tariffs e.g. the Feed-in Tariff and Generation Tariff schemes to install and get money back / save money on the green energy they help produce and feed / sell into the grid.

Fears

Some fears have been expressed that the spread of renewables such as solar and wind across the US (for example) could suffer if the US International Trade Commission imposes tariffs on imports of Chinese solar panels.

What Does This Mean For Your Business?

There is wide agreement that sustainable, renewable, green energy sources are needed to meet world demand while minimising the impact on the environment, and not contributing to climate change. Many businesses, some of which are big polluters, are coming to accept the many benefits that renewables and involvement with green projects have to offer.

Google’s involvement with this scheme is consistent with its recent, public commitment to green energy, and having the Google brand name involved in the project is a positive association that could help to convince customers to adopt solar. For example, back in December 2016, Google announced that all of its data centres and the offices for its 60,000 staff would be powered entirely by renewable energy from 2017, a formidable target that it now claims to have met. Even when the announcement was made, Google was already the world’s biggest corporate buyer of renewable electricity.

Google’s image and brand can only benefit from its public commitment to renewable energy, as it will from ‘Project Sunroof’, although Google’s commitment is also based on reducing costs in the longer term, and being seen to pave the way for other corporations.

1 – 0 In England Vs World Cup Hackers

It has been reported that the England football team will be briefed before flying out to their World Cup base in St Petersburg about how they and UK fans can avoid falling victim to Russian hackers.

NCSC Advice

The briefing is being delivered by The National Cyber Security Centre (NCSC), which is part of GCHQ. The advice will focus upon cyber security e.g. for mobile devices and using Wi-Fi connections safely while in Russia.

The same advice has been included in an NCSC blog post that is aimed at anyone travelling to Russia to watch any of the World Cup game, and is entitled ‘Avoid scoring a cyber security own goal this summer”.

The NCSC suggests that is it should be read alongside other UK government online advice pages such as the “FCO Travel Advice” page relating to Russia (https://www.gov.uk/foreign-travel-advice/russia), and the “Be on the Ball: World Cup 2018” pages (https://www.gov.uk/guidance/be-on-the-ball-world-cup-2018).

Why?

Many security experts and commentators have noted that sporting events have become a real target for cyber criminals in Russia in recent times. Russia-based security company, Kaspersky, reported seeing spikes in the number of phishing pages during match ticket sales for this year’s World Cup. Kaspersky reported that every time tickets went on sale, fraudsters mailed out spam and activated clones of official FIFA pages and sites offering fake giveaways, all claiming to be from partner companies.

Kaspersky says that criminals register domain names combining the words e.g. ‘world,’ ‘worldcup,’ ‘FIFA,’ ‘Russia,’ etc, and that if fans look closely they can see that the domains look unnatural and have a non-standard domain extension. The Security Company advises that fans should take a close look at the link in the email or the URL after opening the site to avoid falling victim to scammers.

The general advice from Kaspersky is to give cheap tickets a wide berth, not to buy goods from spammers in the run-up to kickoff (because the goods may not even exist), not to fall for spam about lotteries and giveaways because they may be used for phishing, not to visit dubious sites offering cheap accommodations or plane tickets, and only to watch broadcasts on official FIFA partner websites.

Kaspersky also advises visitors to use a VPN to connect to the Internet, because, in the aftermath of the government’s attempt to block Telegram, popular sites in Russia are either unavailable or unstable.

England Team’s Briefing

England team Manager, Gareth Southgate, has noted that the England team players are young people who will look for things to occupy their time while in hotel rooms e.g. playing video games, and using multiple devices such as smartphones, tablets and gaming devices. The fact that technology will play a big part in the England team’s downtime throughout the tournament is the main reason why the FA is taking cyber security so seriously.

It is understood, therefore, that the NCSC will be advising the players on the rules to follow on e.g. which devices they can safely use and where. Also, the devices belonging to players and staff will be thoroughly screened to make sure they have the right security software installed.

What Does This Mean For Your Business?

Anyone travelling abroad for business or pleasure, particularly to countries where certain cyber security threat levels are known to be high should read the UK government’s advice pages relating to cyber security while travelling.

In the case of travelling to Russia for the World Cup, some of the measures people can take before travelling are to check which network you will be using and what the costs are, to make sure all software and apps are up to date and antivirus is turned on, to turn on the ability to wipe your phone should it be lost, and to make sure all devices are password protected and use other security features e.g. fingerprint recognition.

On arriving in Russia, the advice is to remember that public and hotel Wi-Fi connections may not be safe and to be very careful about what information you share over these connections e.g. banking. Also, don’t share phones, laptops or USBs with anyone and be cautious with any IT related gifts e.g. USB sticks, and to keep your devices with you at all times if possible rather than leave them unattended.

The full UK government advice can be found here https://www.ncsc.gov.uk/blog-post/avoid-scoring-cyber-security-own-goal-summer.

Two More Security Holes In Voice Assistants

Researchers from Indiana University, the Chinese Academy of Science, and the University of Virginia have discovered 2 new security vulnerabilities in voice-powered assistants, like Amazon Alexa or Google Assistant, that could lead to the theft of personal information.

Voice Squatting

The first vulnerability, outlined in a recent white paper by researchers has been dubbed ‘voice squatting’ i.e. a method which exploits the way a skill or action is invoked. This method takes advantage of the way that VPAs like smart speakers work. The services used in smart speakers operate using apps called “skills” (by Amazon) or “actions” (by Google). A skill or an action is what gives a VPA additional features, so that a user can interact with a smart assistant via a virtual user interface (VUI), and can run that skill or action using just their voice.

The ‘voice squatting’ method essentially involves tricking VPAs by using simple homophones – words that sound the same but have different meanings. Using an example from the white paper, if a user gives the command “Alexa, open Capital One” to run the Capital One skill / action a cyber criminal could create a malicious app with a similarly pronounced name e.g. “Capital Won”. This could mean that a voice command for Capital One skill is then hijacked to run the malicious Capital Won skill instead.

Voice Masquerading

The second vulnerability identified by the research has been dubbed ‘voice masquerading’. This method of exploiting how VPAs operate involves using a malicious skill / action to impersonate a legitimate skill / action, with the intended result of tricking a user into reading out personal information / account credentials, or to listen-in on private conversations.

For example, the researchers were able to register 5 new fake skills with Amazon, which passed Amazon’s vetting process, used similar invocation names, and were found to have been invoked by a high proportion of users.

Private Conversation Sent To Phone Contact

These latest revelations come hot on the heels of recent reports of how a recording the private conversation of a woman in Portland (US) was sent to one of her phone contacts without her authorisation after her Amazon Echo misinterpreted what she was saying.

What Does This Mean For Your Business?

VPAs are popular but are still relatively new, and one positive aspect of this story is that at least these vulnerabilities have been identified now by researchers so that changes can (hopefully) be made to counter the threats. Amazon has said that it conducts security reviews as part of its skill certification process, and it is hoped that the researchers’ abilities to pass-off fake skills successfully may make Amazon, Alexa and others look more carefully at their vetting processes.

VPA’s are now destined for use in the workplace e.g. business-focused versions of popular models and bespoke versions. In this young market, there are however, genuine fears about the security of IoT devices, and businesses may be particularly nervous about VPAs being used by malicious players to listen-in on sensitive business information which could be used against them e.g. for fraud or extortion. The big producers of VPAs will need to reassure businesses that they have installed enough security features and safeguards in order for businesses to fully trust their use in sensitive areas of the workplace.

Fined For Using a Smart Watch At Traffic Lights

In a recent court case in Canada, an Apple smartwatch was classified as being the same kind of distraction as a mobile phone as a student was handed a fine for being observed looking at her Apple watch while waiting at traffic lights.

Distraction Law in Ontario

Student Victoria Ambrose is reported to have fallen foul of Ontario’s strict ‘distracted driving’ law.

In Ontario, the law states that using a phone to talk, text, check maps or choose a playlist while you’re behind the wheel all count as distracted driving, as do other activities like eating, reading or typing a destination into a GPS.

In the case of Victoria Ambrose, the judge likened the Apple smartwatch to being as much of a distraction as a “cell phone taped to someone’s wrist”.

Defence

In her defence, the student said that she had looked at the watch to tell the time, and that, because the watch was securely fastened to her wrist, it should be subject to an exemption in the Ontario law which covers devices that are “securely mounted”.
The Judge rejected both arguments, and said that the amount of time she was observed looking at the watch meant that she was distracted while driving, rather than simply glancing at her watch to find out the time.

According to Ontario’s Ministry of Transport data, deaths from collisions there, caused by distracted driving have doubled since 2000, and 2013 data shows that one person is injured in a distracted-driving collision every half hour, and a driver using a phone is four times more likely to crash than a driver focusing on the road

Fine

In this case, the student was fined Canadian $400 (£230).

Warning In The UK

Back in 2014, the UK Department for Transport (DfT) issued a warning about looking at smartwatches while driving, saying that smartwatches are covered by existing laws designed to stop people checking gadgets while on the move, and that drivers caught texting from a smartwatch will have given police enough material to be able to charge them.

What Does This Mean For Your Business?

This story illustrates that while technology can be helpful, it can also be potentially dangerous and / or costly distraction.

In the workplace, for example, studies show that smartphone-users touch their device somewhere between twice a minute to once every seven minutes, and that conducting tasks while receiving e-mails and phone calls can reduce a worker’s IQ by approximately ten points relative to working in uninterrupted quiet.

In an age where 85% of UK citizens use smartphones (Deloitte figures, Oct 2017), there are arguments as to whether they, and other gadgets e.g. with BOYD policies, are helping or hindering productivity.

For companies with employees who drive as part of their work, this story should illustrate the need to warn employees of the current law and safety recommendations regarding distraction, and if possible, to ensure that they have appropriate hands-free equipment to use while handling work calls.

Facebook Losing the Battle For Teenage Attention

A study by Pew in the US has found that Facebook is now lagging behind YouTube, Instagram and Snapchat, as a platform where teenagers spend their time.

Down To 4th Place

The study, which involved 750 teens in one month earlier this year, found that Facebook has experienced a 20% point drop since 2015 in its usage by teenagers. Even though 51% use Facebook, this is still a long way behind the 85% preferring YouTube (Google-owned), 72% preferring Instagram (which is owned by Facebook anyway), and the 69% preferring Snapchat.

What’s Been Happening?

An eMarketer report illustrates what’s been happening. The report predicts that in 2018, 2.2 million 12 to 17-year-olds and 4.5 million 18 to 24-year-olds will regularly use Facebook in the UK, but this is 700,000 fewer than in 2017. Most of the young defectors appear to be going instead to Snapchat.

The same report shows that there has been a surge in older users of Facebook, and over-55s will become the second-biggest demographic of Facebook users this year. For example, 500,000 new over-55s are expected to join Facebook in 2018, and this will bring the number of 55- to 65-year-old-plus regular Facebook users this year to 6.4 million.

Passing Over Instagram For Snapchat

One of the reasons why Facebook bought Instagram was so that it could at least keep some of the young people who were deserting Facebook as customers as of one of its services.

Unfortunately, what’s been happening is that young people appear to have been leaving Facebook, and going to Snapchat instead of Instagram. For example, in the last 3 years Snapchat has more than doubled its take-up rate among UK users of social networking sites and apps to 43%.

Why?

It is an age-old feature of teenagers and young people, because of a need for independence and privacy, they would prefer not to go to the same places as their parents, and this is what has been happening on Facebook to some extent.

Also, many more young people have smartphones, and they use them to go where other members of their age / peer group go i.e. on Snapchat. It doesn’t help also that Facebook has received a lot of bad publicity recently over its involvement with the sharing of user data with Cambridge Analytica, and the part it played in allegedly being used by representatives of certain foreign powers to help sway the election result towards Trump.

Facebook has also proved particularly attractive in recent years to older people who have found that its video and photo features are easy to use, and enable them to keep up with the social lives of their older children, and grandchildren,

Facebook For Kids

Facebook has long known that it has been attracting an older demographic, and that young people have been leaving the platform in pursuit of a new experience, and to stay in touch with other members of their peer group.

Attracting a new, young group of Facebook users looks likely, therefore, to be one of the main reasons why, back in December 2017, Facebook announced that it was launching a kind of Facebook for children the form of ‘Messenger Kids’. Some commentators said at the time that it appeared to be a way for Facebook to recruit its next generation of users, and to capture the attention of 6 to 12-year-olds before Snapchat or a similar social network competitor

What Does This Mean For Your Business?

For Facebook, even though it recognises (and is trying to solve) the problem that it faces in attracting teenage users, it still remains the most popular social networking sites in the UK by a long way, boasting 32.6 million total regular users this year. Also, Facebook’s Instagram is looks likely to grow its user base from 15.7 million to 18.4 million this year, although it also appears to be losing young users to Snapchat.

For businesses wishing to advertise, Facebook is likely, therefore, to be a way to advertise to older age groups e.g. those in their 40,s, 50s, and above. In fact, Facebook has also announced an overhaul of its news feed algorithm to prioritise what friends and family share, and to reduce the amount of non-advertising content from publishers and brands.

Businesses with older customer demographics may also want to keep making the most of their company Facebook business page.

Google Accused of Being ‘Unethical’ Over Cryptocurrency Ad Ban

Some industry commentators have suggested that Google’s motives for introducing a blanket ban on cryptocurrency ads may not be all they seem, and could make the company appear unethical.

What Ban?

Back in March, Google followed Facebook’s lead (from January) and imposed a blanket ban on all cryptocurrency adverts on its platforms. The ban, which starts from this month, was announced following reports of scammers using adverts on popular platforms to fraudulently take money from people who believed they could cash in on the massive rise in the value of cryptocurrencies such as Bitcoin.

A popular con has been to use scam ad campaigns to sell units of a cryptocurrency ahead of its launch – known as initial coin offerings (ICO). Research has found that 80 per cent of ICOs have been fraudulent.

Also, the cryptocurrency value bubble led to the rise of ‘crypto-jacking’, where devices are taken over by people trying to mine crypto-currencies e.g. using Android phone-wrecking Trojan malware ‘Loapi’.

Why Unethical?

Online tech commentators have been quick to point out that even though Google has said that it made the move to ban cryptocurrency ads to confront criminality, protect web users, and to regulate what their users are reading, Google is also believed to have an interest in cryptocurrencies itself.

For example, back in May, Google is reported to have approached the founder of the world’s second most popular cryptocurrency, Ethereum, to explore possible market opportunities for the two companies. In fact, some commentators believe that Google may be acting unethically by banning cryptocurrency adverts because it is planning to launch its own cryptocurrency and, therefore, wants to give its own product the best chance in the marketplace.

This idea has been strengthened by the fact that Google continues to show adverts with links to gambling websites and other services which some would describe as unethical. It has been suggested that Google appears willing to ban cryptocurrency adverts, but still allows job postings, and adverts for anti-virus software or charities, all of which can also be known entry points for scammers.

Blockchain Ambitions

Google is also thought to have ambitions to make use of blockchain, which is among other things, the underlying technology behind the bitcoin currency. It is interesting that this interest follows Facebook, which is reported to be setting up a blockchain group that will report directly to the company’s CTO, Mike Schroepfer.

Circumvented

Putting a blanket ban on cryptocurrency adverts does not appear to have been an entirely successful strategy for others i.e. Facebook. For example, some advertisers have been able to circumvent Facebook’s cryptocurrency ad ban by abbreviating words like cryptocurrency to c-currency, and by simply switching the letter ‘o’ in the word bitcoin to a zero.

What Does This Mean For Your Business?

Google is a powerful private company, and with other big players in the market, it is looking to make the most of market opportunities e.g. Facebook, and it is only natural that Google is likely to also want to explore the potential of those opportunities, even if it has made an ethical stand in public about cryptocurrency adverts.

This story does illustrate, however, that ethics play an important part in business, and can play an important role in supporting the value of a brand, particularly in a digital world where inconsistencies can be spotted and widely reported immediately.
When you think about it, Google has a trusted brand and is well placed in the market to perhaps get involved in, or even produce its own cryptocurrency, particularly where there are profits to be made and when cryptocurrencies appear to have an important future beyond the initial bubble of bitcoin-mania. The important thing for Google is that it, along with Facebook, was seen to be doing the right thing when cryptocurrency scam adverts began making the news, and there is still no real, firm proof that Google will commit itself to its own cryptocurrency yet.

It is also not surprising that companies such as Google and Facebook would want to explore the huge potential opportunities that blockchain offers. It is worth remembering that blockchain has shown itself to have many great uses beyond just cryptocurrecies e.g. enabling students to share their qualifications with employers, recording the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates, as a ledger to record data about wine certification, as a ledger for ownership and storage history, as a system for tracking consignments that addresses visibility and efficiency, and for sharing information between energy suppliers to speed the supplier switching process. Dubai has also invested in using blockchain to put all its documents on blockchain’s shared open database system by 2020 in order to help to cut through Middle Eastern bureaucracy, speed up civic transactions and processes, and bring a positive transformation to the whole region.

Both cryptocurrencies and blockchain have a long way to run yet, and Google and Facebook will certainly not be the only web giants exploring their potential.

834% Rise in TSB Customer Attacks

Following the IT ‘meltdown’ at TSB last month which led to chaos for customers who were locked out of their own accounts, research has found that the number of phishing attacks targeting TSB customers leapt by 843% in May compared with April.

Fraudsters Taking Advantage

The statistics, reported recently in Computer Weekly, appear to indicate that fraudsters may have been quick to take advantage of the bank’s IT meltdown.

For example, an investigation by Wandera security found that in May, TSB was the second most used bank brand by scammers attempting to obtain customer details. In April, for 100,000 UK devices using Wandera security, there were only 28 TSB-themed phishing attacks. In May, the number jumped to 236 such attacks.

According to Wandera’s figures, in April TSB appeared in the top five financial services apps to be impersonated for attacks for the first time this year, and this may be an indication that TSB wasn’t a major target for phishers prior to the systems meltdown incident.

All of this information has led security commentators to conclude that the rise in fraud against TSB customers is likely to be linked to the systems problem that the banks experienced May.

What Happened?

Back in May, 1.9 million TSB customers were affected when a migration to a new system didn’t go to plan and resulted in what some commentators have described as a ‘meltdown’ of its banking systems.

Some of the problems experienced by customers included : not being able to access their own money, having no access to any mobile and online services, problems with direct debits, and amounts of money appearing and disappearing. It was even reported that one customer was mistakenly credited with £13,000.

What Does This Mean For Your Business?

This information should give businesses some idea of the ruthless and opportunistic nature of cyber criminals, and how quickly they can focus their efforts when vulnerabilities are spotted. Weaknesses in banking systems would, of course, have been a particularly attractive target.

In the case of TSB, as in the aftermath of many IT system problems, scammers were quick to use the bank’s IT problems as an opportunity to target its desperate customers with mobile phishing attacks. Customers would have been hoping / expecting to hear from the bank at the time, and so would have let their guard down when emails and any communication that looked as though it was from the bank, asking them for personal details / login details.

Visa Crash In Europe Causes ‘Cash Only’ Chaos

On Friday 1st from 2.30pm, a Europe-wide system failure at Visa that left shoppers embarrassed as their card payments were declined and stores switched to ‘cash only’.

Not Just Visa Customers

To make matters worse, because a range of different banks and other financial institutions use Visa’s payment system, even those making transactions using non-Visa branded cards were affected and were unable to make purchases.

The problem was compounded by the fact that it happened at a time when many people were leaving work on a Friday. There have also been reports circulating that even if some card purchases were declined, the money may still have been taken from accounts, and customers have been urged to check.

What Happened?

There are no precise details as to the reason for the system crash other than Visa’s explanation as a “hardware failure”.
Visa has also been quick to announce that it has no reason to believe that the system crash was associated with any unauthorised access or malicious events.

ATMs Still Working in UK

In the UK, although many customers found themselves in extremely awkward situations e.g. unable to pay for meals or petrol, customers were still able to take cash out of ATMs (if there was one nearby). This led to large queues forming at ATMs in towns and cities across the country.

Queues

Whereas many customers faced the embarrassment and inconvenience of having their cards declined in shops across Europe, others found themselves being forced to wait in queues because of the disruption. For example, in Berlin’s Alexanderplatz, it was reported that Primark customers had to queue for 20 minutes to pay, and staff were unable to note the reasons why transactions were failing. Also, it was reported that the Visa system failure caused a 45 minute wait for those trying to use the Severn Bridge as drivers were unable to pay the toll by card.

Anger

Not surprisingly, many people took to social media to vent their anger at Visa for the embarrassment and inconvenience caused. In Spain, the Guardia Civil tried to calm and re-assure people by sending a tweet urging everyone to stay calm, and used a picture of Captain Jack Sparrow to help explain that if they couldn’t pay, it wasn’t because they had been robbed or hacked.
Visa has apologised, and has stated that its payment system is operating at “full capacity”.

What Does This Mean For Your Business?

Even though the problems only lasted a day, it is only a matter of weeks since TSB’s catastrophic computer meltdown caused misery to customers after the bank tried to migrate its computer systems from its old Lloyds Bank systems to its new core banking system, Proteo4UK.

We are now a society that is moving away from cash, in favour of cards and particularly contactless payments. Also, this move away from cash has meant the closing of many ATMs. Both of these factors mean that system failures of this kind can be particularly disruptive.

For businesses, customers not being able to pay meant that profits were hit, their premises experienced disruption with some staff being left to face angry customers, and unable to offer a clear explanation.

The incident has, no doubt, also illustrated to any potential hackers how interconnected payment systems are across Europe and how many countries could be brought to a virtual standstill if they were able to breach the systems of major payment processing companies such as Visa.

7-Fold Rise in Mobile Fraud

It seems that as we spend more time using mobile devices, the fraudsters are following us as a new RSA Security report shows a massive rise in mobile fraud over the last 3 years.

Up Nearly 700%!

The latest quarterly report by fraud and risk intelligence experts at RSA Security shows that as the volume of mobile app transactions has risen by 200% since 2015, accordingly the growth rate for fraudulent transactions has increased to a massive 680%.

New Accounts and ‘Burner Phones’

One of the key trends at the heart of the rise in mobile fraud is the apparent rise of the use of fake new accounts and ‘burner / burn phones’ to commit fraud.

A burner / burn phone is a mobile phone handset that is acquired for temporary use, is usually prepaid / without a contract in order to retain the user’s anonymity, and can be discarded if necessary.

Alongside the burner phone, fraudsters are also known to use stolen identities to set up fake ‘money mule’ accounts, purely for the purpose of collecting the cash from their fraudulent activities.

The RSA report shows that new accounts and new devices have been used in this way in 32% of all the fraudulent transactions in the last quarter.

Phishing Still Top

The report shows that phishing is still the top fraudulent activity accounting for 48% of all fraud attacks in Q1 of 2018.

Trojan Malware & Payment Card Compromise

Other popular frauds involve the use of Trojan malware to steal financial credentials. This method was used in one in four fraud attacks in Q1 2018.

Also, using details from compromised cards is still a very common activity among fraudsters, and the RSA researchers who compiled the report claim to have recovered more than 3.1 million unique compromised cards and card details (which included verification numbers) on offer from online sources in Q1.

Mobile App Security

It is believed that poor security in mobile apps is allowing many criminals to hijack mobile applications and siphon off credentials and funds from many unwitting users.

What Does This Mean For Your Business?

These figures show that our increasing use of mobile devices and apps has opened the door to even more channels for fraudsters. There is clearly a responsibility among mobile app developers and those commissioning mobile apps to deliver their services to ensure that security is built-in from the ground up. This should mean making sure that all source code is secure and known bug-free, all data exchanged over app should be encrypted, caution should be exercised when using third-party libraries for code, and only authorised APIs should be used. Also, developers should be building-in high levels of authentication, using tamper-detection technologies, using tokens instead of device identifiers to identify a session, using the best cryptography practices e.g. store keys in secure containers, and conducting regular, thorough testing.

As users of mobile devices and apps, we also need to pay attention to our own levels of security. For example, we can take precautions to stop ourselves from falling victim to mobile fraud by using mobile security and antivirus scan apps, only using trusted apps / trusted app sources, uninstalling old apps and turning off connections when not using them, locking our phones when not in use, using 2-factor authentication, and using a VPN rather than just the free Wi-Fi when out and about.

Instant GDPR Complaints For Web Giants

In an almost inevitable turn of events, the social media and tech giants Facebook, Google, Instagram and WhatsApp faced a barrage of accusations that they were not compliant within hours of GDPR being introduced on May 25th.

What’s Wrong?

The complaints, spearheaded by Privacy group noyb.eu led by Max Schrems centred around the idea that the tech and social media giants may be breaking the new data protection and privacy guidelines by forcing users to consent to targeted advertising in order to use their services i.e. by bundling a service with the requirement to consent (Article 7(4) GDPR).

Not Necessary?

It has been reported that the crux of the privacy group’s argument is that, according to GDPR, any data processing that is strictly necessary to use a service is allowed and doesn’t require opting in. If a company then decides to adopt a “take it or leave it approach” by forcing customers to agree to have additional, more wide-reaching data collected, shared and used for targeted advertising, or delete their accounts, the argument is that this goes against GDPR which requires opt-in consent for anything other than any data processing that is strictly necessary for the service.

Austria, Belgium, France and Germany

It is alleged in this case that the four tech giants may be doing just that, and, therefore, could be in breach of the Regulation, and possibly liable to fines if the accusations are upheld after investigation by data protection authorities in Austria, Belgium, France and Germany.

A breakdown of the four complaints over “forced consent” made by noybe.eu shows that in France the complaint has been made to CNIL about Google (Android), in Belgium the complaint has been made to the DPA about Instagram (Facebook), in Germany the complaint has been made to the HmbBfDI about WhatsApp, and in Austria the complaint has been made to DSB about Facebook. Under GDPR, the maximum penalties for this issue could be billions of Euros.

What Does This Mean For Your Business?

Many commentators had predicted that popular tech and social media giants would be among the first organisations to be targeted by complaints upon the introduction of GDPR, and some see these complaints as being the first crucial test of the new law.

GDPR should prohibit companies from forcing customers to accept the bundling of a service with the requirement to consent to giving / sharing more data than is necessary, but it remains to be seen and proven whether these companies are guilty.

As noyb.eu pointed out in their statement, GDPR does not mean that companies can no longer use customer data because GDPR explicitly allows any data processing that is strictly necessary for a service. The complaint, in this case, is that using the data additionally for advertisements or to sell it on, needs the users’ free opt-in consent.

Noybe.eu has also pointed out that, if successfully upheld, their complaints could also mean an end to the kind of annoying and obtrusive pop-ups which are used to claim a person’s consent, but don’t actually lead to valid consent.

Another benefit (if the complaints are upheld) against the tech giants could be that corporations can’t force users to consent, meaning that monopolies should have no advantage over small businesses in this area.

Noybe.eu seem set to keep the pressure on the tech giants, and has stated that its next round of complaints will centre around the alleged illegal use of user data for advertising purposes or "fictitious consent’ e.g. such as when companies recognise "consent" to other types of data processing by solely using their web page.