Connect with us

Tech

Ignore Chinas New Data Privacy Law at Your Peril

Published

on

The unavoidable flaw in Chinas personal data law is that it doesnt stop the state itself from being able to access its citizens personal information. People living in China will still be some of the most surveilled and censored on the planet. The Chinese government is the greater threat to individual privacy, and I don’t know that they will be affected by this, says Omer Tene, a partner specializing in data, privacy, and cybersecurity at law firm Goodwin.

The PIPL does differ from other data regulations in how it mirrors the broader political aims of the country enforcing it. If European data protection laws are grounded in fundamental rights and US privacy laws are grounded in consumer protection, Chinese privacy law is closely aligned with, and I would even say grounded in, national security, says Tene.

In fact, PIPL expands on a requirement in Chinas cybersecurity law that companies store personal data within China. Telecoms, transport, finance firms, and other entities deemed to be critical information infrastructure already had to do so. But that requirement now applies to any company that collects a certain, still undefined amount of peoples data. Following the departure of Yahoo and LinkedIn, Apple is now one of a small number of high-profile international tech companies with a presence in China. To keep its place in the hugely lucrative market, Apple has previously made serious concessions to the Chinese government. At this stage, its unclear how much of an impact the PIPL will have on Apples business in China.

Companies wanting to share data outside of China must also now go through a national security review, says James Gong, a China-based partner at law firm Bird & Bird. Separate guidance translated by DigiChina reveals that a broad range of companies will likely face national security reviews, including those sending important data abroad. Companies holding data on more than a million people and wanting to send information abroad will also face reviews. Any reasonable-sized company operating in and out of China could be swept up in this review process.

As part of the security reviews, companies must submit the contract between themselves and the foreign partner receiving the data and complete a self-assessment. This includes laying out why data is being transferred out of China, the types of information being sent, and the risks of doing so. All of this combined could create some uncertainty for companies doing business in China, Gong says. They will need to consider reshuffling their current business, management, and IT structure and the associated costs.

While the PIPL is likely to force Chinese domestic companies to improve how they handle data it will also have an impact on broader data rules around the world; there are key distinctions between it, GDPR, and US approaches to privacythe retaliatory blacklist in particular. Theyre purely political provisions, says Lee. These provisions are unseen in any other global privacy proposals.

The biggest impact of Chinas new privacy lawand its protectionist, political spinmay be its influence on other countries that are still developing their own data protection policies, or rewriting them for a digital age. We have concerns that other countries in Asia may follow the Chinese approach of having those data localization measures in their privacy law, Lee says. We are already seeing, for example, India and Vietnams privacy drafts have some measures like this.


More Great WIRED Stories

Tech

113 Absolute Best Black Friday Deals (2021): Amazon, Walmart, Target

Published

on

Image may contain Electronics Computer Hardware Hardware Computer Computer Keyboard and Keyboard

Razor Huntsman Mini Keyboard

Photograph: Razer

Amazon, Best Buy

This is the cheapest price we’ve seen on what we consider the best small gaming keyboard. It’s a 60 percent keyboard, which means it has 60 percent of the keys normally found on a regular-sized keyboard. The Numpad and arrow keys are chopped off, and you’re left with the bare essentials. The Razer Huntsman Mini is my favorite of this size for gaming. It feels every bit as responsive and quick as a full-sized keyboard, but it takes up a lot less desk space.

Amazon, Best Buy

If you’re confused about all the different gaming subscriptions needed to get the most out of your PlayStation or Xbox, we break down all the differences here. PS Plus lets you play multiplayer games online, but you also get a few free games per month, and you can keep them as long as you’re a subscriber. If you have a PS5, the PS Plus Collection gives you 20 of the best PS4 games so you can play catch-up.

Steelseries Arctis 1 Wireless gaming headset

SteelSeries Arctis 1 Wireless.

Photograph: Steelseries

SteelSeries (PlayStation), SteelSeries (Xbox)

The SteelSeries Arctis 1 (8/10, WIRED Recommends) is one of the best wireless gaming headsetsaround if you like chatting with your friends while gaming on your Xbox or PlayStation. They’re comfortable, last 19 hours on a single charge, and the mic outputs crystal-clear voice. The audio is pretty great too.

The Oculus Quest 2 (9/10, WIRED Recommends) is the best VR headset for most people. It’s super simple to use, you get a higher resolution than on its predecessor, and the library of games and apps you can access keeps increasing (Beat Saber remains a favorite). This isn’t a deal, but you can use the free Target gift card on anything at the retailer.

Amazon, Best Buy ($300)

We have yet to try this router, but it has good reviews around the web, and the purported speeds will be a serious boon for any gamer who loves fast-paced multiplayer games. There’s support for the latest Wi-Fi 6 standard too, and you can access many of the router’s settings through Netgear’s Android or iOS app.

Amazon (Expired)

Xbox Game Pass Ultimate is one of the best deals in gaming right now. If you have an Xbox or PC, you get access to hundreds of games you can download and install, along with games from the EA Play library. You also get the ability to play online multiplayer, and Microsoft’s new game streaming service, xCloud, so you can play some games on your tablet or smartphone (the service is in beta). Some titles rotate in and out, and most of Microsoft’s first-party Xbox Game Studios titles appear as soon as they launch, like Halo Infinite.If you have a PC, the standard Game Pass three-month membership is $15 ($15 off).

Ebikes and E-Scooter Deals

Read our Best Ebikes guide for details and other options.

Image may contain Transportation Vehicle Scooter Tool

Apollo Ghost.

Photograph: Apollo

Our guide to the best e-scooters is forthcoming, but the Apollo Ghost is one of our favorites (8/10, WIRED Recommends). The dual-motor design means it’s insanely powerful (maybe too powerful), but you don’t need to hit the throttle. This much power is very helpful for steep terrains. It also has pretty solid range (under 20 miles). The downside is that it weighs 64 pounds. This deal throws in the new Apollo Air for free; it’s not as powerful, and its range is much shorter, but it’s lightweight and rides pretty wellhandy for any newcomers joining your rides.

Want an ebike but hate the prices? The Propella (8/10, WIRED Recommends) is our pick if your budget is tight, and it’s even better with this deal. It has reputable components, like a Samsung battery and Shimano disc brakes, and it ships directly to you.

WIRED reviewer Matt Jancer says you’re getting a lot for your money with the Freedom 2, so this deal makes it a sweeter package. It has strong acceleration, doesn’t weigh 64 pounds (just 39), has a built-in headlight and taillight, and an alarm with a key fob.

Lectric Ebikes XP 2.0

Lectric’s folding XP Ebike.

Photograph: Lectric

Ebikes are big. If you don’t have a ton of space, a folding ebike is the way to go. This one from Lectric Ebikes is one of the most affordable around (7/10, WIRED Recommends), and this deal nets you three free accessories. It’s heavy at 63 pounds, so this might not be a good option for anyone with a walkup, but it’s speedy, it comes with a lot of accessories, and it has solid suspension.

Photography Deals

Brevite Jumper camera backpack

Brevite The Jumper Camera Bag.

Photograph: Brevite

Moment, Brevite

This is our top camera backpack for most people in our Best Camera Bags guide. It’s relatively small, yet can still fit a DSLR or mirrorless camera, additional lenses, and a small tripod in the side pocket (with a loop to secure it). There’s a luggage pass-through strap, a padded laptop storage area, and a compartment up top for everything else. The best part is it comes in a ton of fun colors.

B&H, Wandrd (Enter Code BF5OFF for Extra 5 Percent off)

I took this backpack on my road trip around Iceland, and it couldn’t have been more perfect. It might be too big to count as a personal item, but as a carry-on, you can convert it to a duffel or leave it as a backpack. Pair it with two of Wandrd’s Essential Camera Cubes ($278 total), and you can fit a ton of equipment and have space for clothes and other gear. You can learn more about it in our Best Camera Bags guide.

B&H, Wandrd (Enter Code BF5OFF for Extra 5 Percent off)

This 50-liter bag is so spacious it can fit all your important photo gear in the removable camera cube, plus anything else you need to bring on a hiking trip. The back padding, shoulder straps, and waist straps are thick and soft, making the whole thing incredibly comfortable to wear.

Continue Reading

Tech

Emerging tech in security and risk management to better protect the modern enterprise

Published

on

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more


With growing agreement that the traditional enterprise perimeter and security architecture are dead, an array of security and risk management technologies have recently emerged that are worth considering in the enterprise, according to Gartner senior director and analyst Ruggero Contu.

The rapid pace of digital transformation, the move to cloud, and the distribution of the workforce mean that standard security controls are not as effective as in the past, Contu said during the research firms Security & Risk Management Summit Americas virtual conference this month.

Most businesses report theyve faced security struggles while trying to adapt to the accelerated technology changes of the past two years. A recent report by Forrester, commissioned by cyber vendor Tenable, found that 74% of companies attribute recent cyberattacks to vulnerabilities in technology put in place during the pandemic.

Of course, the irony is that the adoption of new technology also offers a solution for many of these issues. With a massive global shortage of cybersecurity talent and skills, tools and automation designed for the new digital world are essential for meeting the security challenge.

8 emerging technologies to watch

When it comes to emerging technologies in security and risk management, Contu focused on eight areas: confidential computing; decentralized identity; passwordless authentication; secure access service edge (SASE); cloud infrastructure entitlement management (CIEM); cyber physical systems security; digital risk protection services; and external attack surface management.

Many of these technologies are geared toward meeting the new requirements of multicloud and hybrid computing, Contu said. These emerging technologies also align to what Gartner has termed the security mesh architecture, where security is more dynamic, adaptable, and integrated to serve the needs of digitally transformed enterprises, he said.

Confidential computing

To process data, that data must be decrypted, opening a potential for unauthorized access or tampering. There is thus a risk of exposure for data that is in use.

How it works: Confidential computing mitigates the risk of exposure when data gets decrypted while in use. It does this through using a hardware-based enclave or trusted execution environment that isolates and protects the data during processing.

To keep in mind: The performance of the cloud systems may be impacted, and there could be higher cost for increased infrastructure-as-a-service instances. Hardware-based approaches are also not bulletproof, as evidenced by the Spectre and Meltdown processor vulnerabilities.

Decentralized identity

Ensuring privacy and compliance require a way to not only control identities, but also control the data associated with those identities. Identity and access management has also faced issues around security and scalability in the midst of rapid digital transformation. The use of centralized identity stores poses security and privacy risks.

How it works: Decentralized identity provides a distributed identity model, leveraging technologies such as blockchain to distribute the storing of identities and related data across a large number of systems.

To keep in mind: Decentralized identity and even blockchain itself are still relatively new technologies and remain fairly untested at this point, Contu said. Enterprises should require proof of concepts from vendors before investing in this technology.

Passwordless authentication

Infamously, passwords have severe limitations ranging from the widespread use of weak passwords, to phishing and social engineering attacks aimed at stealing passwords, to potential compromises of stored passwords. Compromised passwords are responsible for 81% of hacking-related breaches, Verizon has reported.

How it works: Passwordless authentication replaces the use of passwords with the use of alternative authentication methods such as smart cards, biometrics, and tokens.

To keep in mind: The issue of credential theft can still be an issue with passwordless authentication if the vendor stores credentials in a central repository cyber criminals can still attack that repository. The cost is also likely to be higher, in particular for methods that require additional hardware such as biometric readers or smart card readers.

Secure access service edge (SASE)

While still relatively new, secure access service edge (SASE) has gotten significant traction in the market because its a very powerful approach to improving security, Contu said. The term was first coined by Gartner analysts in 2019. SASE offers a more dynamic and decentralized security architecture than existing network security architectures, and it accounts for the increasing number of users, devices, applications, and data that are located outside the enterprise perimeter.

How it works: SASE offers a flexible and anywhere, anytime approach to providing secure remote access by delivering multiple capabilities, including secure web gateway for protecting devices from web-based threats; cloud access security broker (CASB), which serves as an intermediary between users and cloud providers to ensure enforcement of security policies; next-generation firewalls; and zero-trust network access, which considers context such as identity, location, and device health before granting remote access to applications.

To keep in mind: In many cases, adopting SASE will mean migrating to new vendors and products, which can bring challenges around cost and management of the new products. Still, the overall benefit [of SASE] is very high, as demonstrated by the interest in the market, Contu said.

Cloud infrastructure entitlement management (CIEM)

Management of identities and their entitlements, such as access privileges, is notoriously difficult. Doing so in multicloud and hybrid environments adds a further level of complication. Threat actors are known to exploit these weaknesses in order to infiltrate and compromise cloud services.

How it works: Cloud infrastructure entitlements management, or CIEM, is a tool for monitoring and managing cloud identities and permissions. This can include detection of anomalies in account entitlements such as accumulation of privileges, risky dormant accounts, and unnecessary permissions.

To keep in mind: CIEM is starting to combine with other cloud security tools, and is only expected to remain as a standalone tool in the short term. Over the longer term, CIEM will likely be available as part of identity governance and administration (IGA), privileged access management (PAM), and cloud-native application protection platform (CNAPP) offerings.

Cyber physical systems security

The concept of cyber physical systems security recognizes that cyber threats and vulnerabilities now extend outside of IT infrastructure alone, and can impact the increasingly IT- and IoT-connected physical infrastructure, as well. With the increasing convergence of IT, operational technology (OT), and other physical systems, new security approaches and solutions are required.

How it works: Cyber physical systems security offers a set of capabilities to enable organizations to securely manage their increasingly interconnected environments particularly in terms of bringing better visibility of assets and systems, both known and unknown. Along with providing greater visibility, cyber physical systems security brings the ability to correlate inventories with available vulnerability data, enabling organizations to prioritize their mitigation efforts around those vulnerabilities. Other capabilities can include anomaly detection and secure remote access. Cyber physical systems security ultimately spans IoT, industrial IoT, and OT, as well as concepts such as smart cities.

To keep in mind: Regardless of how much money an enterprise invests in cyber physical systems security, the approach will fail unless there is strong collaboration between IT and OT teams.

Digital risk protection services

With digital transformation come a growing number of digital assets and enterprises need protection and visibility for these digital assets, which may not be provided by traditional security controls.

How it works: Digital risk protection services can provide brand protection, data leakage protection, and services to protect against account takeover and fraud campaigns. The services offer visibility into the open web, social media, and dark web, to uncover threats such as fraudulent/infringing web domains and mobile apps. Other services can include protection against social media account takeovers or phishing scams.

To keep in mind: Digital risk protection services are starting to converge with other technologies such as external attack surface management.

External attack surface management

Internet-facing exposure of enterprise assets and systems can bring major risks, security and otherwise.

How it works: External attack surface management, or EASM, focuses on identifying all internet-facing assets, assess for vulnerabilities, and then managing any vulnerabilities that are uncovered. For instance, this might include misconfigured public cloud services, servers with inadvertently open ports, or third parties with poor security posture that represents a potential risk.

To keep in mind: EASM tools are currently in the midst of consolidation, including with digital risk protection services.

Fragmentation fatigue

Ultimately, while these eight technology categories all bring potentially useful advancements in security and risk management for enterprises, theyre also contributing to an already highly fragmented security market, Contu said.

This market fragmentation has now created significant fatigue within the enterprises and all the CISOs we talk to, he said. This fatigue is pushing security professionals to consider a solution set platform more and more, rather than standalone solutions.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading

Tech

‘Howard the Duck’ Is Even Worse Than You Remember

Published

on

One of the most bizarre movies of the 1980s was Howard the Duck, based on the minor comic book character of same name. TV writer Andrea Kail was aware of the movie’s awful reputation, but was still surprised at how bad it was.

“I pretty much watched the entire thing with my jaw on the floor,” Kail says in Episode 494 of the Geek’s Guide to the Galaxy podcast. “It was insanely terrible in every possible way.”

Geek’s Guide to the Galaxy host David Barr Kirtley remembers loving Howard the Duck when he watched it as an 8-year-old, but agrees that the movie is a train wreck. “It’s a really weird combination of a kid’s movie, an Animal House-style sex comedy, and a horror movie,” he says. “Some of those things could go together, but the kids and the sex comedy part doesn’t work together.”

Howard the Duck was produced by George Lucas, hot off the success of the original Star Wars trilogy. Humor writer Tom Gerencer says that fame had clearly gone to the director’s head. “[Howard the Duck] works as a comic,” he says, “but then thinking that you could take that and it would work as a live-action movie just takes the kind of egomania you only get after you just made the biggest-selling movie of all time and you think, ‘I can do anything.’”

Science fiction author Matthew Kressel was appalled by Howard the Duck, but notes that the film does have its defenders. “I know some people love this movie,” he says. “If you go on the Gen X Reddit forum, every now and then they do, ‘What was your favorite movie of the ’80s?’ and Howard the Duck came up. Some people are like, ‘I love Howard the Duck! Oh yeah, it was so funny.’”

Listen to the complete interview with Andrea Kail, Tom Gerencer, and Matthew Kressel in Episode 494 of Geek’s Guide to the Galaxy (above). And check out some highlights from the discussion below.

Tom Gerencer on Weird Science:

“I still love it as a story of two nerds who desperately want the wrong thing and then almost learn to want the right thing. Having said that, I do want to get into the politics. I feel like every movie from the ’80s that we discuss, we spend 10 minutes excusing the casual racism and sexism. ‘Well of course they killed puppies in this movie. Back then that’s what we did. We killed puppies.’ I think after a while I start to feel like I’m doing something wrong by saying that every time. … Every kid in my class endlessly quoted the [jazz club] scene, and we thought it was great. And watching it as a grown-up I was cringing through the whole thing. I was just like, ‘Ugh, this is horrible.’”

David Barr Kirtley on Innerspace:

“The character arc, I think, is supposed to be that Dennis Quaid is confident but not caring—and that’s why he has this whole fight with Meg Ryan at the beginning—and Martin Short is caring but not confident. They form this team, and then over the course of the movie Dennis Quaid teaches Martin Short to be more confident and Martin Short teaches Dennis Quaid to be more caring. And it sort of does that in terms of Martin Short’s character development, but doesn’t really do anything with Dennis Quaid’s character development. And I think that’s the biggest missing hole in this movie for me, is that then he gets back together with Meg Ryan at the end, and they get married, and it’s like, ‘Well wait, none of their relationship issues were addressed or resolved or even really mentioned in this whole movie.’”

Matthew Kressel on Escape from New York:

“I think the setup of the film is great. I love this idea of: ‘Crime is so bad, let’s just wall off Manhattan and put all the criminals in there and let them fend for themselves.’ … You know the scene in the film where they’re like, ‘Oh, this is Broadway! Why are you driving down Broadway?’ And everyone’s just throwing stuff at their car. This actually would happen if you drove down certain streets in the city. I remember people throwing stuff at our car, like fireworks, and of course there were the squeegee men who would put stuff on your windshield, then clean it off and ask for $5. The city was pretty bad. So I love it that John Carpenter is like, ‘Yeah, we’re going to just take this to the extreme. The city’s so bad it’s now a prison colony.’”

Andrea Kail on Night of the Comet:

“I think I did see it in the theater, and I was—I’m fairly sure—the same age as the characters at the time. It really hit me exactly where it should. I knew those characters because I was those characters—selfish, self-involved, rebellious against parents. There’s the scene where she goes, ‘The stores are open. What do you want to do?’ And they go shopping. Everything about it was exactly who I was. … And watching it again, it held up to me. There are some quibbles about the ridiculousness of the science, but just as an adventure story it moves really well, the characters are fun, and it’s funny. The scene in the shopping mall with the evil stock boys is fantastic.”


More Great WIRED Stories

Go Back to Top. Skip To: Start of Article.

Continue Reading

Trending

%d bloggers like this: