This week the Linux Foundation announced a new organization for decentralized systems and technologies, with an aim of "fostering innovation and collaboration" in both their development and deployment.

It will build on existing Linux Foundation blockchain and digital identity projects, according to the announcement, while supporting "a rapidly growing decentralized technology landscape." To foster this broader ecosystem, LF Decentralized Trust will encompass the growing portfolio of Hyperledger projects and host new open source software, communities, standards, and specifications that are critical to the macro shift toward decentralized systems of distributed trust....

LF Decentralized Trust's expanded project and member ecosystem will be both essential to emerging tokenized assets classes and networks, as well as to modernizing the core infrastructure for finance, trade, government, healthcare, and more. LF Decentralized Trust will serve as a neutral home for the open development of a broad range of ledger, identity, security, interoperability, scale, implementation, and related technologies... LF Decentralized Trust will also include new directed funding models that will drive strategic investments by members into individual projects and project resources.

"With LF Decentralized Trust, we're expanding our commitment to open source innovation by embracing a wider array of decentralized technologies," said Jim Zemlin, Executive Director of the Linux Foundation. "This new, elevated foundation will enable the community to build a more robust ecosystem that drives forward transparency, security, and efficiency in global infrastructure."

"After eight years of advancing the development of blockchain, decentralized identity and related technologies via the Hyperledger community, the time has come to broaden our effort and impact," said Daniela Barbosa, General Manager, Blockchain and Identity, the Linux Foundation. "Ledgers and ledger technologies are but one component of the decentralized systems that will underpin a digital-first global economy. LF Decentralized Trust is where we will gather and grow an expanded community and portfolio of technologies to deliver the transparency, reliability, security and efficiency needed to successfully upgrade critical systems around the world."
The announcement includes quotes of support from numerous companies including Oracle, Siemens, Visa, Accenture, Citi, and Hitachi. Some highlights:

• "The formation of the LF Decentralized Trust reflects the growing demand for open source resources that are critical to the management and functionality of decentralized systems." — CEO of Digital Asset

• "The adoption of decentralized infrastructure is at an inflection point, reflecting the increasing demand from both enterprises and consumers for more secure and transparent digital transactions. As the industry leader for onchain data, blockchain abstraction, and interoperability, we're excited to see the formation of the LF Decentralized Trust and to expand our collaboration with leading financial institutions on advancing tokenized assets and the onchain economy at large." — CMO at Chainlink Labs.

• "As a founding member of the Hyperledger Foundation, and given our unique position in the financial markets, we recognize the vast potential for open-source innovation and decentralized technologies when it comes to reducing risk, increasing resiliency and improving security. The expansion of Hyperledger Foundation into LF Decentralized Trust represents an exciting opportunity to continue expanding these groundbreaking technologies." — a managing director at DTCC

Parks Kugle reports via the Daily Dot: A mechanic went viral when he posted a TikTok about technicians being locked out of computer systems in a new Dodge Ram. TikTok user Shorty of Shorty's Speed Shop (@shortysspeedshop) garnered over 301,000 views when he showed viewers what mechanics had to do to be able to repair newer car models. "It has officially happened. 2024 Ram 3500, authorization denied," Shorty said as he showed viewers the computer screen. "Cannot get into anything on this except generic OBD2 Software."

Shorty went on to explain that this update made his "manufacturer software 100 percent irrelevant." Then, Shorty showed viewers the Vehicle Security Professional (VSP) Registry on the National Automaker Service Task Force (NASTF) website. According to NASTF, automakers require mechanics to become credentialed VSPs if they want to purchase key and immobilizer codes, PIN numbers, and special tool access from Automaker websites. A VSP is required to "verify proof of ownership/authority prior to performing any security operation." "It's all part of the NASTF Security Professional Registery," Shorty explained.

Shorty believes that this rule allows manufacturers to lock mechanics out of anything they "deem security sensitive." Shorty then broke down the "requirements to gain VSP access." According to him, these include a $325 fee "every two years" and a $100 fee for every subsequent two-year license renewal. He says mechanics also need "commercial liability insurance of $1 million" and a "fidelity or employee dishonesty bond of $100,000." The VSP application page on NASTF's website confirms that there is a $100 Application Fee that covers a "Two Year Renewal" and a $325 Primary Account fee that covers a "Two Year License." It also confirms his claims about the required commercial liability insurance and fidelity or employee dishonesty bond. "There's a lot of people that don't know that this is going on, and it's going to affect everybody getting their cars fixed," Shorty remarked.

Google is severing its trust in Entrust after what it describes as a protracted period of failures around compliance and general improvements. From a report: Entrust is one of the many certificate authorities (CA) used by Chrome to verify that the websites end users visit are trustworthy. From November 1 in Chrome 127, which recently entered beta, TLS server authentication certificates validating to Entrust or AffirmTrust roots won't be trusted by default.

Google pointed to a series of incident reports over the past few years concerning Entrust, saying they "highlighted a pattern of concerning behaviors" that have ultimately seen the security company fall down in Google's estimations. The incidents have "eroded confidence in [Entrust's] competence, reliability, and integrity as a publicly trusted CA owner," Google stated in a blog. The move follows a May publication by Mozilla, which compiled a sprawling list of Entrust's certificate issues between March and May this year. Entrust -- after an initial PR disaster -- acknowledged its procedural failures and said it was treating the feedback as a learning opportunity.

Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country's vulnerability to such attacks. From a report: Last week's cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports. The government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay an $8 million ransom demanded to retrieve the encrypted data.

Responding to the cyberattack, Indonesia's state auditor said the president instructed it to examine the country's data centres. The audit would cover "governance and the financial aspect", said Muhammad Yusuf Ateh, who heads Indonesia's Development and Finance Controller, after attending a cabinet meeting led by Widodo on Friday. Hinsa Siburian, an official who chairs Indonesia's cyber security agency known by its acronym BSSN, has said 98% of the government data stored in one of the two compromised data centres had not been backed up.

Russian hackers who broke into Microsoft's systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. Reuters: The disclosure underscores the breadth of the breach as Microsoft faces increasing regulatory scrutiny over the security of its software and systems against foreign threats. An allegedly Chinese hacking group that separately breached Microsoft last year stole thousands of U.S. government emails. Microsoft said it was also sharing the compromised emails with its customers, but did not say how many customers had been impacted, nor how many emails may have been stolen.

TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network. TechCrunch: In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). The Germany-based company said its investigation so far points to an initial intrusion on June 26 "tied to credentials of a standard employee account within our corporate IT environment."

TeamViewer said that the cyberattack "was contained" to its corporate network and that the company keeps its internal network and customer systems separate. The company added that it has "no evidence that the threat actor gained access to our product environment or customer data." Martina Dier, a spokesperson for TeamViewer, declined to answer a series of questions from TechCrunch, including whether the company has the technical ability, such as logs, to determine what, if any, data was accessed or exfiltrated from its network.

An anonymous reader quotes a report from Ars Technica: Temu -- the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it -- is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit (PDF) filed Tuesday. Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." Griffin fears that Temu is capable of accessing virtually all data on a person's phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin's suit claimed, which Temu then allegedly monetizes by selling it to third parties, "profiting at the direct expense" of users' privacy rights. "Compounding" risks is the possibility that Temu's Chinese owners, PDD Holdings, are legally obligated to share data with the Chinese government, the lawsuit said, due to Chinese "laws that mandate secret cooperation with China's intelligence apparatus regardless of any data protection guarantees existing in the United States."

Griffin's suit cited an extensive forensic investigation into Temu by Grizzly Research -- which analyzes publicly traded companies to inform investors -- last September. In their report, Grizzly Research alleged that PDD Holdings is a "fraudulent company" and that "Temu is cleverly hidden spyware that poses an urgent security threat to United States national interests." As Griffin sees it, Temu baits users with misleading promises of discounted, quality goods, angling to get access to as much user data as possible by adding addictive features that keep users logged in, like spinning a wheel for deals. Meanwhile hundreds of complaints to the Better Business Bureau showed that Temu's goods are actually low-quality, Griffin alleged, apparently supporting his claim that Temu's end goal isn't to be the world's biggest shopping platform but to steal data. Investigators agreed, the lawsuit said, concluding "we strongly suspect that Temu is already, or intends to, illegally sell stolen data from Western country customers to sustain a business model that is otherwise doomed for failure." Seeking an injunction to stop Temu from allegedly spying on users, Griffin is hoping a jury will find that Temu's alleged practices violated the Arkansas Deceptive Trade Practices Act (ADTPA) and the Arkansas Personal Information Protection Act. If Temu loses, it could be on the hook for $10,000 per violation of the ADTPA and ordered to disgorge profits from data sales and deceptive sales on the app. In a statement to Ars, a Temu spokesperson discredited Grizzly Research's investigation and said that the company was "surprised and disappointed by the Arkansas Attorney General's Office for filing the lawsuit without any independent fact-finding."

"The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded," Temu's spokesperson said. "We categorically deny the allegations and will vigorously defend ourselves."

"We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us. We are committed to the long-term and believe that scrutiny will ultimately benefit our development. We are confident that our actions and contributions to the community will speak for themselves over time." Last year, Temu was the most downloaded app in the U.S. and has only become more popular as reports of security and privacy risks have come out.

Publicly traded crypto exchange Coinbase, in connection with History Associates Incorporated, has filed two civil lawsuits against the Securities and Exchange Commission and Federal Deposit Insurance Corporation for their failure to comply with FOIA requests. From a report: The Freedom of Information Act, or FOIA, grants the full or partial disclosure of previously unreleased information that's controlled by the U.S. government. Generally speaking, agencies have 20 days to respond -- not necessarily satisfy -- these requests. And even when government agencies do furnish documents, they can redact anything that falls under certain exemptions: Information related to national security, internal personnel, trade secrets, law enforcement, or financial institution records.

Late last year, Coinbase hired History Associates Incorporated, a private historical research firm, to submit a FOIA request on its behalf. The San Francisco crypto exchange was seeking copies of "Pause Letters" sent to financial institutions asking them to indefinitely cease all "crypto-related activities," according to the complaint. The letters were described in a report from the FDIC's Office of Inspector General (OIG), but never shared publicly. The OIG said the letters presented a "risk that the FDIC would inadvertently limit financial institution innovation and growth in the crypto space." The FDIC refused to provide History Associates or Coinbase with the letters.

Brandon Vigliarolo reports via The Register: American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen -- and claimed a former employee at a Microsoft subsidiary is the likely culprit. Geisinger on Monday announced the results of a probe into a November computer security breach, placing the blame on Microsoft-owned Nuance Communications for not cutting off one of its employees' access to corporate files after that person was fired. The Pennsylvania-based healthcare giant uses Nuance as an IT provider. We're told that after the Microsoft-owned entity terminated one of its workers, that staffer two days later may have accessed and taken copies of sensitive records on a huge number of Geisinger patients -- for reasons as yet unknown.

Geisinger -- which says it operates 13 hospitals and has more than 600,000 members -- said it discovered the improper access on November 29, informed Nuance, and the IT supplier immediately cut off the former employee from the healthcare group's data before involving police. "Because it could have impeded their investigation, law enforcement investigators asked Nuance to delay notifying patients of this incident until now," Geisinger claimed, explaining why only now this is coming to light. "The former Nuance employee has been arrested and is facing federal charges." It's not immediately clear if or what charges have been laid -- we've asked Geisinger for details.

Speech recognition firm Nuance performed its own probe, according to Geisinger, and determined that the former employee may have stolen information on a million-plus people. That info would include birth dates, addresses, hospital admission and discharge records, demographic information, and other medical data. The ex-employee didn't swipe insurance or other financial information, the multi-billion-dollar healthcare group stated. "We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges," Geisinger chief privacy officer Jonathan Friesen alleged, adding: "I am sorry that this happened."

National Australia Bank seems to think that monitoring the angle customers hold their phones will offer extra protection against scammers. "Speaking during the Australian Banking Association Conference in Melbourne Wednesday (June 26), CEO Andrew Irvine said the lender introduced more 'friction' to payments processes and new predictive protection tools to spot scammers," reports PYMNTS.com, citing a (paywalled) Bloomberg report. From the report: "We've added tooling that looks at biometrics and the way you actually interact with your devices and how you think about keystrokes," said Irvine, per the report. "If these things are different to how you've used your phone in the past, our intelligence will kick in." Irvine, who called fraudsters the "scourge of our times," also noted that Australia is one of the few countries where bank fraud has declined, the report said.

Still, he said that as scammers have embraced new technology like artificial intelligence, banks have had to shift from making payments fast and simple to adding more steps to protect against fraudulent transactions, per the report. "These threat actors go where the money is," Irvine said, according to the report. "You want to be the best alarm system in the street and right now Australia's leading the way."

Security researchers claim to have discovered exposed API keys in the code of Rabbit's R1 AI device, potentially allowing access to all user responses and company services. The group, known as Rabbitude, says they could send emails from internal Rabbit addresses to demonstrate the vulnerability. 404 Media adds: In a statement, Rabbit said, "Today we were made aware of an alleged data breach. Our security team immediately began investigating it. As of right now, we are not aware of any customer data being leaked or any compromise to our systems. If we learn of any other relevant information, we will provide an update once we have more details."

BrianFagioli writes: Canonical has introduced a new service enabling the creation of custom distroless Docker images under its "Everything LTS" program. This initiative allows customers to include any open-source software in their Docker images, regardless of whether it is packaged in Ubuntu, with a security maintenance commitment of up to 12 years. [...] This expansion of the Ubuntu Pro offering incorporates numerous new open-source components, especially current AI/ML tools, maintained directly from the source rather than as traditional 'deb' packages. This approach aims to minimize the attack surface of containers, thereby enhancing security and aiding compliance with various regulatory standards such as FIPS, FedRAMP, EU Cyber Resilience Act, FCC U.S. Cyber Trust Mark, and DISA-STIG.

The U.S. government last week announced an unprecedented ban on selling Russian cybersecurity firm Kaspersky's software, citing national security concerns. The move, effective July 20, has left American resellers confused and worried about its impact. Kaspersky can provide updates to existing customers until September 29, after which the software's effectiveness will diminish. From a report: Avi Fleischer, the founder of Technical Difficulties, told TechCrunch that not only does he sell Kaspersky to his customers, he also uses its products on his phone and personal computer. He added that the ban is "annoying, to say the least," because he will now have to find another antivirus company and migrate all his customers to the new product, which will cost him time and money. "It's just a lot of time lost for nothing. And I don't see how I can even really charge end users for this," Fleischer said in a phone call. "It was my suggestion that they use Kaspersky and now Kaspersky is being banned by the United States government. What am I supposed to do?"

An anonymous reader quotes a report from TorrentFreak: Last week, an in-depth investigative report from JBTC revealed that Korean Internet provider KT, formerly known as Korea Telecom, distributed malware onto subscribers' computers to interfere with and block torrent traffic. File-sharing continues to be very popular in South Korea, but operates differently than in most other countries. "Webhard" services, short for Web Hard Drive, are particularly popular. These are paid BitTorrent-assisted services, which also offer dedicated web seeds, to ensure that files remain available.

Webhard services rely on the BitTorrent-enabled 'Grid System', which became so popular in Korea that ISPs started to notice it. Since these torrent transfers use a lot of bandwidth, which is very costly in the country, providers would rather not have this file-sharing activity on their networks. KT, one of South Korea's largest ISPs with over 16 million subscribers, was previously caught meddling with the Grid System. In 2020, their throttling activities resulted in a court case, where the ISP cited 'network management' costs as the prime reason to interfere. The Court eventually sided with KT, ending the case in its favor, but that wasn't the end of the matter. An investigation launched by the police at the time remains ongoing. New reports now show that the raid on KT's datacenter found that dozens of devices were used in the 'throttling process' and they were doing more than just limiting bandwidth.

When Webhard users started reporting problems four years ago, they didn't simply complain about slow downloads. In fact, the main concern was that several Grid-based Webhard services went offline or reported seemingly unexplainable errors. Since all complaining users were KT subscribers, fingers were pointed in that direction. According to an investigation by Korean news outlet JBTC, the Internet provider actively installed malware on computers of Webhard services. This activity was widespread and effected an estimated 600,000 KT subscribers. The Gyeonggi Southern Police Agency, which carried out the raid and investigation, believes this was an organized hacking attempt. A dedicated KT team allegedly planted malware to eavesdrop on subscribers and interfere with their private file transfers. [...] Why KT allegedly distributed the malware and what it precisely intended to do is unclear. The police believe there were internal KT discussions about network-related costs, suggesting that financial reasons played a role.

An anonymous reader shares a report: Over the weekend, a clip from a recent interview with Telegram's founder Pavel Durov went semi-viral on X (previously Twitter). In the video, Durov tells right-wing personality Tucker Carlson that he is the only product manager at the company, and that he only employs "about 30 engineers." Security experts say that while Durov was bragging about his Dubai-based company being "super efficient," what he said was actually a red flag for users.

"Without end-to-end encryption, huge numbers of vulnerable targets, and servers located in the UAE? Seems like that would be a security nightmare," Matthew Green, a cryptography expert at Johns Hopkins University, told TechCrunch. (Telegram spokesperson Remi Vaughn disputed this, saying it has no data centers in the UAE.) Green was referring to the fact that -- by default -- chats on Telegram are not end-to-end encrypted like they are on Signal or WhatsApp. A Telegram user has to start a "Secret Chat" to switch on end-to-end encryption, making the messages unreadable to Telegram or anyone other than the intended recipient.

Also, over the years, many people have cast doubt over the quality of Telegram's encryption, given that the company uses its own proprietary encryption algorithm, created by Durov's brother, as he said in an extended version of the Carlson interview. Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation and a longtime expert in the security of at-risk users, said that it's important to remember that Telegram, unlike Signal, is a lot more than just a messaging app.

The Biden administration is investigating China Mobile, China Telecom and China Unicom over concerns the firms could exploit access to American data through their U.S. cloud and internet businesses by providing it to Beijing, Reuters reported Tuesday, citing sources familiar with the matter. From the report: The companies still have a small presence in the United States, for example, providing cloud services and routing wholesale U.S. internet traffic. That gives them access to Americans' data even after telecom regulators barred them from providing telephone and retail internet services in the United States.

Reuters found no evidence the companies intentionally provided sensitive U.S. data to the Chinese government or committed any other type of wrongdoing. The investigation is the latest effort by Washington to prevent Beijing from exploiting Chinese firms' access to U.S. data to harm companies, Americans or national security, as part of a deepening tech war between the geopolitical rivals. It shows the administration is trying to shut down all remaining avenues for Chinese companies already targeted by Washington to obtain U.S. data.

WikiLeaks founder Julian Assange has agreed to a plea deal with the U.S. Justice Department over his alleged role in one of the largest U.S. government breaches of classified material. As a result, he will avoid imprisonment in the United States. CNN reports: Under the terms of the new agreement (PDF), Justice Department prosecutors will seek a 62-month sentence -- which is equal to the amount of time Assange has served in a high-security prison in London while he fought extradition to the US. The plea deal would credit that time served, allowing Assange to immediately return to Australia, his native country. The plea deal must still be approved by a federal judge.

Assange had faced 18 counts from a 2019 indictment for his alleged role in the breach that carried a max of up to 175 years in prison, though he was unlikely to be sentenced to that time in full. Assange was being pursued by US authorities for publishing confidential military records supplied by former Army intelligence analyst Chelsea Manning in 2010 and 2011. US officials alleged that Assange goaded Manning into obtaining thousands of pages of unfiltered US diplomatic cables that potentially endangered confidential sources, Iraq war-related significant activity reports and information related to Guantanamo Bay detainees.

An anonymous reader quotes a report from the Associated Press: Car dealerships in North America continue to wrestle with major disruptions that started last week with cyberattacks on a software company used widely in the auto retail sales sector. CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations. For prospective car buyers, that's meant delays at dealerships or vehicle orders written up by hand. There's no immediate end in sight, with CDK saying it expects the restoration process to take "several days" to complete. On Monday, Group 1 Automotive Inc., a $4 billion automotive retailer, said that it continued to use "alternative processes" to sell cars to its customers. Lithia Motors and AutoNation, two other dealership chains, also disclosed that they implemented workarounds to keep their operations going. [...]

Several major auto companies -- including Stellantis, Ford and BMW -- confirmed to The Associated Press last week that the CDK outage had impacted some of their dealers, but that sales operations continue. In light of the ongoing situation, a spokesperson for Stellantis said Friday that many dealerships had switched to manual processes to serve customers. That includes writing up orders by hand. A Ford spokesperson added that the outage may cause "some delays and inconveniences at some dealers and for some customers." However, many Ford and Lincoln customers are still getting sales and service support through alternative routes being used at dealerships.

Group 1 Automotive Inc., which owns 202 automotive dealerships, 264 franchises, and 42 collision centers in the U.S. and the United Kingdom, said Monday that the incident has disrupted its business applications and processes in its U.S. operations that rely on CDK's dealers' systems. The company said that it took measures to protect and isolate its systems from CDK's platform. All Group 1 U.S. dealerships will continue to conduct business using alternative processes until CDK's dealers' systems are available, the company said Monday. Group 1's dealerships in the U.K. don't use CDK's dealers' systems and are not impacted by the incident. In regulatory filings, Lithia Motors and AutoNation disclosed that last week's incident at CDK had disrupted their operations as well. Lithia said it activated cyber incident response procedures, which included "severing business service connections between the company's systems and CDK's." AutoNation said it also took steps to protect its systems and data -- adding that all of its locations remain open "albeit with lower productivity," as many are served manually or through alternative processes.

Microsoft has quietly erased instructions for switching to a local account on Windows 11 from its official support website. The move took place between June 12 and June 17, 2024, according to Tom's Hardware. The tech giant has been increasingly pushing users towards Microsoft Account logins, citing benefits like enhanced security and cross-device syncing. While the option to use a local account still exists, this latest development suggests Microsoft is steering users away from it.

Automated license plate readers "pose risks to public safety," argues the EFF, "that may outweigh the crimes they are attempting to address in the first place." When law enforcement uses automated license plate readers (ALPRs) to document the comings and goings of every driver on the road, regardless of a nexus to a crime, it results in gargantuan databases of sensitive information, and few agencies are equipped, staffed, or trained to harden their systems against quickly evolving cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security, released an advisory last week that should be a wake up call to the thousands of local government agencies around the country that use ALPRs to surveil the travel patterns of their residents by scanning their license plates and "fingerprinting" their vehicles. The bulletin outlines seven vulnerabilities in Motorola Solutions' Vigilant ALPRs, including missing encryption and insufficiently protected credentials...

Unlike location data a person shares with, say, GPS-based navigation app Waze, ALPRs collect and store this information without consent and there is very little a person can do to have this information purged from these systems... Because drivers don't have control over ALPR data, the onus for protecting the data lies with the police and sheriffs who operate the surveillance and the vendors that provide the technology. It's a general tenet of cybersecurity that you should not collect and retain more personal data than you are capable of protecting. Perhaps ironically, a Motorola Solutions cybersecurity specialist wrote an article in Police Chief magazine this month that public safety agencies "are often challenged when it comes to recruiting and retaining experienced cybersecurity personnel," even though "the potential for harm from external factors is substantial." That partially explains why, more than 125 law enforcement agencies reported a data breach or cyberattacks between 2012 and 2020, according to research by former EFF intern Madison Vialpando. The Motorola Solutions article claims that ransomware attacks "targeting U.S. public safety organizations increased by 142 percent" in 2023.

Yet, the temptation to "collect it all" continues to overshadow the responsibility to "protect it all." What makes the latest CISA disclosure even more outrageous is it is at least the third time in the last decade that major security vulnerabilities have been found in ALPRs... If there's one positive thing we can say about the latest Vigilant vulnerability disclosures, it's that for once a government agency identified and reported the vulnerabilities before they could do damage... The Michigan Cyber Command center found a total of seven vulnerabilities in Vigilant devices; two of which were medium severity and 5 of which were high severity vulnerabilities...

But a data breach isn't the only way that ALPR data can be leaked or abused. In 2022, an officer in the Kechi (Kansas) Police Department accessed ALPR data shared with his department by the Wichita Police Department to stalk his wife.
The article concludes that public safety agencies should "collect only the data they need for actual criminal investigations.

"They must never store more data than they adequately protect within their limited resources-or they must keep the public safe from data breaches by not collecting the data at all."