Welcome to the latest copy of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we analyze the wild world of security.

Portland, Oregon has become the first US city to ban the use of facial acceptance tech by clandestine businesses.

Other cities like Boston, San Francisco, and Oakland have allowable agnate laws prohibiting public institutions from using facial recognition, but Portland’s is the most acrimonious ban as it bars both public and clandestine use of the technology.

While the law abstinent public use is now in effect, the private-use ban is accepted to take effect starting January 1, 2021. The latter will bar stores, banks, restaurants, public alteration stations, abandoned shelters, doctors’ offices, rental properties, and retirement homes from using facial recognition.

There are some exceptions however: public schools, clandestine clubs, places of worship, workplaces, and the Portland International Airport are not covered by the ban.

The deployment of facial acceptance software has been a advancing global issue due to racial and ethnic biases, and issues with misidentifying people, as well as accessible concerns over surveillance.

Unlike many other biometrics-based systems, facial acceptance can be used for accepted surveillance in aggregate with public video cameras, and in a manner that doesn’t crave the knowledge, consent, or accord of the people.

India, for example, is in its early stages of architecture a centralized web application that aims to be the foundation for a “national level searchable belvedere of facial images.”

Complicating the matter added is the absence of able adjustment administering its use.

As a consequence, Amazon, Microsoft, and IBM appear self-imposed moratoriums on police use of their software in the US to “give Congress enough time to apparatus adapted rules.”

But as appear by OneZero back in May, Amazon has also been silently lobbying Portland city board commissioners since last year to water down the legislation, including how the term ‘facial recognition’ was defined.

Now that the city has passed a strict ban, it will be absorbing to see if it inspires other states to accomplish agnate measures.

“The botheration here is that technology is being more used to track people,” Abine CEO Rob Shavell told me over a chat last week. “It’s accordingly capital that governments adapt and deploy them in a manner that’s cellophane and protects user privacy.”

Because once surveillance gets legitimized and normalized, it’s hard to roll it back. It’s now or never.

What’s trending in security?

China apparent a new data aegis initiative, Ireland’s data aegis babysitter asked Facebook to suspend data transfersfrom the EU to the US, and Yubico launched ‘YubiKey 5C NFC’ with USB-C and NFC support.

  • China apparent a new data aegis action with an aim to annual “data sovereignty.” As per the rules, Beijing will not ask Chinese companies to alteration across data to the Chinese government in breach of other countries’ laws, and “called on states to oppose mass surveillance adjoin other states, and not to appeal calm companies to store data generated and acquired across in their own territory.” [Global Times]
  • Ireland’s data aegis watchdog, the Data Aegis Commission (DPC), sent Facebook a basic order to append data transfers from the EU to the US. The move comes almost two months after a battleground ruling annulled the “Privacy Shield” across data alteration framework over apropos that European users aren’t immune to American government surveillance once their claimed data has confused to US data centers. [The Wall Street Journal]
  • With COVID-19 vaccine research coming under a wave of cyberattacks, the US Department of Defense and the Civic Aegis Agency (NSA) joined hands to assure Operation Warp Speed, a affairs advised to advance vaccine development in the US. [CyberScoop]
  • Seven years after former NSA architect Edward Snowden blew the blare on bulk accumulating of Americans’ blast records, the US Court of Appeals for the Ninth Circuit ruled that the NSA’s mass surveillance affairs was illegal. [Reuters]


  • New analysis from Mozilla found that web browsing histories can be used to abnormally analyze users, just like other browser fingerprinting techniques. [Mozilla]
  • Yubico, the maker of concrete aegis keys for multi-factor authentication, launched ‘YubiKey 5C NFC’ with USB-C and NFC abutment for $55. [Yubico]
  • A leaked FBI annual acquired by The Intercept found that cops are afraid abyss are using internet-connected smart doorbells, such as Amazon’s Ring doorbells, to spy on law enforcement. [The Intercept]
  • Kaspersky advisers abundant a new Android spyware called Crimson Server broadcast by the Cellophane Tribe APT targeting Indian aggressive and government personnel. [Kaspersky – Part I / Part II]


  • A China-based hacking group named TA413 has been sending European adept admiral and Tibetan dissidents spear-phishing emails that administer an intelligence-collecting Trojan dubbed “Sepulcher.” [Proofpoint]
  • Apple accidentally accustomed “Shlayer” malware to run on macOS, making it the first time a rogue software bypassed notarization — an automatic vetting action which scans apps for aegis issues and awful content. The malware was found being used in an active adware attack that bearded itself as a fake Adobe Flash update. [WIRED]
  • Privacy-focused chat app Threema appear it plans to go open-sourced within the next 3 months. [ZDNet]
  • Tesla CEO Elon Musk accepted the company’s Nevada branch was the target of a foiled cyberattack that allegedly complex a Russian civic Egor Igorevich Kriuchkov, who attempted to recruit and bribe a Tesla agent to acquaint malware in the company’s network. [Teslarati]
  • The last fortnight in data breaches, leaks and ransomware: American Payroll Association, Chile’s BancoEstado, Cygilant, Argentina’s clearing agency Dirección Nacional de Migraciones, ETERBASE, Pakistan’s K-Electric, Norwegian Parliament, Telmate, and Warner Music Group.

Data Point

Even as ransomware attacks across the world are acceptable more frequent, mobile ransomware Trojans are on a bottomward trend. According to Kaspersky’s IT Threat Evolution report, the number of detected accession bales for mobile ransomware Trojans has decreased from 4,339 the antecedent division to 3,805 for the three month period from April to June.webrok
“It is much harder to extort cash from users than to steal the bank annual data right away,” the cybersecurity firm says. “At the same time, the device needs to be ahead adulterated in either case, so with the costs being equal, cybercriminals will choose the path of least resistance, i.e. theft.”

The other reason is that a branch reset of the phone will get the device back to a alive state, banishment cybercriminals to keep their malware undetected on the device for as long as possible. But doing so runs adverse to the very idea of ransomware.

Tweet of the week


That’s it. See you all in two weeks. Stay safe!

Read next: Trump says he won’t extend TikTok’s September borderline for sale to a US-based firm