Freezenet’s Official Podcast: June 2019: 19 Lawsuits and Counting Drew Wilson | July 11, 2019 In this eighth episode of the Freezenet official podcast, “19 Lawsuits and Counting”, we check out the news and reviews for the month of June. Welcome to the public version of the eighth episode of the Freezenet official podcast for June 2019. This month’s episode is entitled “19 Lawsuits and Counting”. The title is inspired by the AMCA privacy nuclear meltdown. This months episode also covers the latest in the ongoing case against Wikilekas co-founder Julian Assange, Germany and the UK joining the war on encryption, Facebooks controversial decision to leave a fake Nancy Pelosi video up on their platform, all the latest in music and video game reviews, and more. You can check out our official podcast on Soundcloud or take a listen below: This episode is publicly available on Patreon. A transcript of the podcast follows: Intro 19 Lawsuits and Counting Hi, I’m your host, Drew Wilson. Welcome to the eighth episode of the Freezenet official podcast for June, 2019. Here are your top 3 headlines: The Top 3 Data Breach at AMCA goes from 200,000 to a nuclear mess in the span of 2 weeks Coming in at Number 2: Germany and the UK join the war on encryption, but civil society fights back Finally at number 3: US files 17 additional charges against Julian Assange, torpedoing the talking point that this case is only about a hacking charge. Top Stories It started out as an isolated data breach affecting 200,000 patients. Then, the story ballooned to epic proportions. Subsequently, an investigation turned up the fact that the breach took place from August 1st, 2018 to March 30th, 2019. That’s a total of about 8 months the completely undetected intrusion took place. We were able to pick up on the story when Quest Diagnostics, one of the medical labs affected, admitted that their information had been breached. In all, 12 million patients had their personal information compromised. From there, we learned about LabCorp also suffering from the data breach. In all, 7.7 million patients were also compromised. As more labs stepped forward, we learned that the source of the breach came from AMCA. AMCA is a medical debt collecting company. While we still don’t know the extent of how big the breach wound up being, the number of patients compromised topped 20 million – one hundred times the initial estimate. Other labs impacted by the breach include: BioReference Laboratories (an Opko Health subsidiary), Carecentrix, and Sunrise Laboratories. Financial information is among the compromised data. Naturally, it didn’t take long for litigation to be filed. Morgan and Morgan filed a class action lawsuit against AMCA and the affected labs. The lawsuit is seeking $5 million in damages. Shortly after we learned of the lawsuit, AMCA made another move. The debt collecting company at the centre of the breach declared chapter 11 bankruptcy. They cite a cascade of events leading up to the decision. Not only did they get hit with the breach and subsequent litigation, but also suffered the loss of their business as labs quickly began terminating their contracts. In light of all of this, they said that they are no longer confident in their ability to stay afloat. As such, they filed for creditor protection in a New York court. While we were reporting on all those fast moving developments, it seems that lawyers got busy. The number of class action lawsuits against AMCA, and the various connected labs, climbed to a whopping 19. This over top of US government lawmakers probing and contemplating investigations of their own. Certainly not that often we see a story spiral that far out of control. While it sounds like all this probably took place over the course of several months, this story clocked in at a mere two weeks. Incredible stuff there. Meanwhile, the war on encryption has been ramping up this month. After Australia passed anti-encryption laws last year, it seems that other countries are jumping on board as well. Germany is mulling laws that would require encrypted messaging apps, like WhatsApp, to provide plaintext logs of all communications to authorities. Of course, messaging apps like WhatsApp feature end-to-end encryption. As such, it would require backdoor access to be implemented. This weakens the services encryption as a result. Meanwhile, the UK is proposing their own anti-encryption laws. The proposal is coming from notorious spy organization, the GCHQ. British top spooks are proposing a so-called “Ghost Protocol“. The idea is that spies would be able to access all encrypted communications as a silent third party. The proposal was blasted across civil society. In an open letter signed by more than 50 companies, civil organizations, and security experts, they demand that GCHQ abandon this idea. Instead, the organizations and experts are calling on the GCHQ to focus on strengthening privacy rights and security. The letter further says, “The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process” Back in Germany, FireFox developer, Mozilla, is calling on Germany to abandon its attack on security. The letter says, “In the cornerstones of German crypto politics in 1999, the then federal government agreed on a principle that became known under the maxim ‘security through encryption and security despite encryption” The letter further says, “The BMI (Federal Ministry of the Interior) proposal counteracts 20 years of successful crypto policy in Germany” Wikileaks co-founder Julian Assange is once again in the news this month. As you already know, Assange was arrested at the Ecuador embassy. That was the result of a regime change in Ecuador who took a massive loan from the US. Critics say that the loan was made in exchange for revoking Assange’s political assylum. As a result of the apparent American action, Assange was hauled in front of a British judge. According to Wikileaks, the judge exceeded the courts authority and handed down a 50 week prison sentence for the comparatively small crime of skipping bail. American authorities then applied to have Assange extradited. Those authorities used the cover of simply saying that this is about Assange encouraging the failed hacking attempt. Now, that talking point has been completely destroyed after US authorities filed an additional 17 charges. Among the new charges are: conspiracy to obtain information, unauthorized obtaining of State Department cables, and unauthorized disclosure of various state documents. The Electronic Frontier Foundation blasted the development. The organization states, “Make no mistake, this not just about Assange or Wikileaks—this is a threat to all journalism, and the public interest.” The organization further said, “The century-old tradition that the Espionage Act not be used against journalistic activities has now been broken. Seventeen new charges were filed yesterday against Wikileaks founder Julian Assange. These new charges make clear that he is being prosecuted for basic journalistic tasks, including being openly available to receive leaked information, expressing interest in publishing information regarding certain otherwise secret operations of government, and then disseminating newsworthy information to the public.” Quite the dramatic month this month here on Freezenet. Here are some of the other stories making news this month. Other Stories Making News Facebook is facing even further controversy this month. A fake video appeared on the social networking site. The video features US Speaker of the House, Nancy Pelosi, appearing drunk and slurring her words. The video was quickly debunked after comparing it to the verified footage. As it turned out, the people behind the video slowed the video down and raised the pitch to make the video sound authentic. The video was subsequently shared by high profile members of the Trump administration. Facebook was then notified of the issue amidst growing calls for the network to take the video down. In response, Facebook simply flagged the video and decreased its visibility on the network. Critics blasted the network for profiting off of the fake video instead of removing it. US ISPs faced some controversy over their handling of personal information. Bounty hunter, Matthew Marre, allegedly contacted ISPs and politely asked for the live GPS coordinates of various people. The ISPs, in response, simply handed it to him after he told them that he is working for authorities. Eventually, someone did catch on to the fact that he was obtaining such sensitive information with a single phone call, no questions asked. Marre has since been hauled into court and is facing a number of charges including obtaining “confidential phone record information […] by making false and fraudulent statements and representations.” Either way, the news is no doubt unnerving to anyone who has dealt with stalking and harassment. Europe’s General Data Protection Regulation is continuing to pay dividends to users. In the UK, data breach notifications have quadrupled in the country. The information was released by the UK’s Information Commissioner’s Office. From April of 2017 to April 2018, they received 3,311 reports. Then, from May 2018 to June 2019, they received 14,072 breach notifications. Security experts were asked if they are seeing any change in the breaches going around lately. They responded by saying that they aren’t seeing anything out of the ordinary. As such, this suggests that there is a dramatic increase in awareness over security incidences. Staying in the UK, the British spy agency, the GCHQ, has made news this month in another way. Maker of FireFox, Mozilla, is building a more encrypted web browsing experience. The effort is known as DOH. It is also known as DNS over HTTPS encryption. The GCHQ has issued a warning against developers, saying that such encryption would interfere in their spying operations. They said that the added layer of privacy would have “unintended consequences” for future investigations. The Electronic Frontier Foundation has referred the Ola Bini case to the United Nations High Commissioner for Human Rights. Bini was arrested for the crimes of possessing instruction manuals and USB sticks in Ecuadore. He was subsequently accused of attempting to undermine democracy as a Russian Hacker. The EFF points out that Bini is neither Russian, nor a hacker. In a submission, the EFF tells the United Nations that the Bini case is a big example of how vague so-called “cybersecurty” laws can throw innocent people in jail. Bini has now spent more than two months in prison without charge. Australia’s anti-encryption laws have made news this month as well. The laws are known as the Assistance and Access act. Education institutes are now fearing that budding computer scientists will start steering clear of higher levels of computer science education. They blame the Assistance and Access act because students could rightfully fear government could figuratively be peering over their shoulders as they work on new and innovative projects. Europe’s data retention laws have once again made news. With so much legal uncertainty surrounding the laws, lawmakers aren’t indicating which way they are taking the laws next for the time being. For those who are less familiar with this long-standing controversy, here’s a quick primer. The data retention law story has been around since 2006. The idea is that ISPs on the continent would be legally obliged to store all logs for a period of up to 24 months. That way, law enforcement can access the data to investigate people as they see fit. By 2010, legal pushback started to become overwhelming as some started suggesting that these laws violate Europe’s right for reasonable expectation to privacy. Digital Rights Ireland launched a lawsuit to show that these laws are, in fact, illegal. By 2014, Digital Rights Ireland won in the European Court of Justice and the laws were effectively deemed unlawful. Europe responded by saying that they would “monitor” different states. European Digital Rights points out that not a single case was brought forward against a member state. Still, they point out that this activity is probably illegal at this stage. This latest delay means that legal uncertainty will continue to persist. Large data breaches and leaks outside of the AMCA meltdown also made news this month here on Freezenet. Digital design website Canva was hit with a data breach. Over 139 million accounts were compromised. For 61 million users, the data was hashed using bCrypt. Users are urged to change their login credentials. News aggregator service, Flipboard, has suffered two separate data breaches. In all, 150 million accounts have been potentially compromised. Users who have had their password changed since 2012 had their information hashed by bcrypt. However, users passwords that haven’t been changed before that year have had their information stored in the weaker SHA-1 encryption. Either way, users are encouraged to change their login credentials. Fortune 500 real-estate company, First American, has suffered from a data leak. In all, 885 million records have been exposed. The data included social security numbers, bank account numbers, statements, and other pieces of personal information. The information was available to anyone with a web browser and no authentication was required to access the data. A Washington-based security researcher contacted the company, but got little to no response. The researcher then contacted Krebs On Security who confirmed the leaking of information. After someone from the website contacted the firm, the site was taken offline for a so-called “design defect”. That defect likely involving the ability to change numbers on a URL to access other files. Marriott Hotels is making the news on this front again. This time, their parent company suffered from a data leak. In all, 85.4GB of security information was exposed. The US Customs and Border Protection was hit with a data breach. License plate information, facial recognition, and other pieces of information was exposed. While the governmental organization said that fewer than 100,000 travellers were impacted, earlier reports suggest that 65,000 files were compromised. This includes Excel spreadsheets, compressed archives, and video. The archive reportedly weighed in at hundreds of gigabytes. Emulation website Emuparadise also got hit with a data breach. In all, 1.1 million forum accounts were compromised. The information was encrypted, but users are encouraged to change their login credentials. In 2018, Emuparadise stopped offering ROMs following a legal threat from Nintendo. Finally, Citrix is facing a class action lawsuit after the company suffered from a data breach. Employee information was exposed after hackers obtained intermittent access between October 2018 to March 2019. Among other things, the lawsuit “seeks to recover damages, equitable relief, including injunctive relief, to prevent a reoccurrence of the Data Breach and resulting injury, restitution, disgorgement, reasonable costs and attorneys’ fees, and all other remedies this Court deems proper.” Certainly another busy month here on Freezenet. Video Game Reviews Now, let’s turn to entertainment. Here are the video games we’ve reviewed this month: First, we tried Desert Falcon for the Atari 7800. A half decent game, though elevation can be difficult to work with. Generous amount of free lives, though graphics are hit and miss. In the end, this game gets a 70%. Next up, we tried Space Dungeon for the Atari 5200. Good interface, level and reward systems. Unfortunately, clunky controls and enemy spawn systems holds this game back. Still, this game gets a solid 72%. After that, we tried Duke Nukem: Zero Hour for the Nintendo 64. Nice arsenal of weapons, variety, and level size. Jumping, however, is a bit awkward and the lack of a checkpoint system does hamper play somewhat. Still, this game gets a great 80%. Finally, we tried Gremlins for the Atari 5200. Good difficulty curve and nicely done animation sequences for players and enemies. Sadly, a clunky primary attack system and very primitive level design does hamper the quality of this game. This game gets a solid 70%. Music Reviews As for music we’ve listened to, we’ve got… DJ Khaled – I’m The One (ft. Justin Bieber, Quavo, Chance The Rapper, Lil Wayne) New Kids on the Block – Never Let You Go Lange Ft Tracey Carmen – Happiness Happening (Lange 2009 Mix) Mike Shiver vs Matias Lehtola – Nana (Original Mix) Pearl Jam – Jeremy E-Dancer – Pump The Move Le Mystere – Opus 303 … and finally, Mental Generation – Slam (Shake’s Revenge) Picks of the Month So, that leads us to our pick of the month. This month, our pick of the month belongs to Duke Nukem: Zero Hour for the Nintendo 64. Oddities And in other news… It was thought that it would remain a mystery forever. A hotel safe sitting in a museum has stumped locksmiths and former employees. No one knew how to get into it for the better part of 40 years. The mystery came to a surprise end when a machinist from Alberta just randomly spun the dial and happened to guess the combination. The surprised tour guide wedged the door open in the event this was a one time fluke. The contents of the safe, unfortunately, were less than thrilling. Just documents about the final days of the hotel as well as a forgotten 1977 pay slip showing an employee earning a whopping nine dollars and change for four and a half hours of work. Either way, quite the lucky guess! EA wound up in the news once again discussing loot boxes in video games. The controversial practice of buying things with random in-game items have been likened to gambling to both gamers and regulators alike. EA Vice President of legal and government affairs, Kerry Hopkins, said that the company isn’t selling “loot boxes”. Instead, they are selling “surprise mechanics” instead. Hopkins said that the surprise mechanics are more like “Kinder Eggs, or Hatchimals, or LOL Surprise.” There! That makes this controversy all better now! There is a rather interesting legal issue in King County. Government lawyers have racked up $27,604.93 spread across 176 billable hours. The menace they are trying to put behind bars? A cat named Miska. Apparently, the feline has been doing cat things like trespassing and eating other peoples tiny pets. Commenting on the case, Miska’s attorney, Jon Zimmerman, said, “It is quite amazing that even trespassing humans don’t get as much prosecution in King County as Miska”. One can only imagine what prosecutors are saying: “I spent 5 years pressing all kinds of charges against it. One day, I’ll get a charge to stick on that cat!” Some Utah police officers were left red-faced after they got stuck in an elevator. So, one officer called 911. Of course, that 911 call didn’t have to go very far because the elevator they were stuck in was located at the 911 call centre that would receive their call. The transcript of the call pretty much speaks for its amusing self: 911 what’s your emergency? -“This is the police” Yes sir, this is the police, what’s the nature of your emergency? -“No, this is the police” Correct again sir, how can we help you? -“No, this is literally the police. We’re calling you from an elevator. We seem to have put too many humans onto this thrill ride and now we’re stuck!” Sir, did I hear that right? You are stuck in the elevator and you need help getting out? -“That’s correct ma’am.” Copy, what’s the address of the building? -“Uh…that’s the thing, see, it’s THIS building. The one you’re currently in ma’am.” SIR, did I copy you’re stuck in the elevator of our own public safety building? -“Yes ma’am. And we need help getting out. This is not a drill, I repeat, this is not a drill.” Copy that sir, we are sending the fire department over to rescue you. As it turns out, a video shot by the fire department made it onto Facebook as the officers were ushered out one at a time. All involved appear to find the situation quite hilarious. Outro Before we close out today’s show, we’ve got a sizable announcement to make. We’ve published an 8 part beginners guide on Adobe Illustrator. After the guide, you’ll be able to produce basic graphics and logo’s for whatever project you want to work on. Among other things, we discuss calligraphy, clipping masks, outlines, strokes, and even the difference between raster and vector images. We hope you find the information in that guide useful! Also, shout out to Nolan for providing mixing and recording services. His efforts really do help me out a lot! If you’d like to get your hands on some behind the scenes stuff, exclusive content, and early access material, you can check out our Patreon page at Patreon.com/freezenet. Through this, you can help make Freezenet just that much better all the while getting some pretty cool stuff in the process. That’s Patreon.com/freezenet! …and that’s this months episode for June, 2019, I’m Drew Wilson for Freezenet. Be sure to check out our website at freezenet.ca for all the latest in news and reviews. You can also like us on Facebook and follow us on Twitter @freezenetca. Thank you for listening and see you next month. Drew Wilson on Twitter: @icecube85 and Facebook.