b-dayyy shared this overview from the Linux Security site: Strong encryption is imperative to securing sensitive data and protecting individuals' privacy online, yet governments around the world refuse to recognize this, and are continually aiming to break encryption in an effort to increase the power of their law enforcement agencies... This fear of strong, unbroken encryption is not only unfounded -- it is dangerous. Encryption with built-in backdoors which provide special access for select groups not only has the potential to be abused by law enforcement and government agencies by allowing them to eavesdrop on potentially any digital conversation, it could also be easily exploited by threat actors and criminals.

U.S. Attorney General William Barr and U.S. senators are currently pushing for legislation that would force technology companies to build backdoors into their products, but technology companies are fighting back full force. Apple and Facebook have spoken out against the introduction of encryption backdoors, warning that it would introduce massive security and privacy threats and would serve as an incentive for users to choose devices from overseas. Apple's user privacy manager Erik Neuenschwander states, "We've been unable to identify any way to create a backdoor that would work only for the good guys." Facebook has taken a more defiant stance on the issue, adamantly saying that it would not provide access to encrypted messages in Facebook and WhatsApp.

Senator Lindsey Graham has responded to this resistance authoritatively, advising the technology giants to "get on with it", and stating that the Senate will ultimately "impose its will" on privacy advocates and technologists. However, Graham's statement appears unrealistic, and several lawmakers have indicated that Congress won't make much progress on this front in 2020...

Encryption is an essential component of digital security that should be embraced, not feared. In any scenario, unencrypted data is subject to prying eyes. Strong, unbroken encryption is vital in protecting privacy and securing data both in transit and in storage, and backdoors would leave sensitive data vulnerable to tampering and theft.

Ring isn't the only place where Amazon employees have been fired for accessing user data. Amazon itself also fired several employees this week "after they leaked private customer data to an undisclosed third-party," reports Gizmodo.

They note that Amazon also fired more data-leaking employees at the end of 2018. An Amazon spokesperson confirmed the news with multiple outlets after several customers received notifications from the company warning that their e-mail addresses and phone numbers had been leaked "to a third-party in violation of our policies," per a screenshot shared by TechCrunch. The email goes on to say that the Amazon employee -- singular -- responsible has since been identified and fired. However, a later company statement appears to imply there were multiple Amazon defectors behind the leak:

"The individuals responsible for this incident have been terminated and we are supporting law enforcement in their prosecution," an Amazon spokesperson told Gizmodo via email.... It all makes for an embarrassing start to the new year given Amazon's myriad customer data breaches that wrapped up 2019.

In one case, the Wall Street Journal found evidence of several Amazon employees hawking customer data to sellers in exchange for bribes.

An anonymous reader quotes a report from Wired: Facebook Pages give public figures, businesses, and other entities a presence on Facebook that isn't tied to an individual profile. The accounts behind those pages are anonymous unless a Page owner opts to make the admins public. You can't see, for example, the names of the people who post to Facebook on WIRED's behalf. But a bug that was live from Thursday evening until Friday morning allowed anyone to easily reveal the accounts running a Page, essentially doxing anyone who posted to one. All software has flaws, and Facebook quickly pushed a fix for this one -- but not before word got around on message boards like 4chan, where people posted screenshots that doxed the accounts behind prominent pages. All it took to exploit the bug was opening a target page and checking the edit history of a post. Facebook mistakenly displayed the account or accounts that made edits to each post, rather than just the edits themselves.

Facebook says the bug was the result of a code update that it pushed Thursday evening. Facebook points out that no information beyond a name and public profile link were available, but that information isn't supposed to appear in the edit history at all. And for people, say, running anti-regime Pages under a repressive government, making even that much information public is plenty alarming.

Insecure storage systems being used by hundreds of hospitals, medical offices and imaging centers are exposing over 1 billion medical images of patients across the world. "Yet despite warnings from security researchers who have spent weeks alerting hospitals and doctors' offices to the problem, many have ignored their warnings and continue to expose their patients' private health information," writes Zack Whittaker from TechCrunch. From the report: "It seems to get worse every day," said Dirk Schrader, who led the research at Germany-based security firm Greenbone Networks, which has been monitoring the number of exposed servers for the past year. The problem is well-documented. Greenbone found 24 million patient exams storing more than 720 million medical images in September, which first unearthed the scale of the problem as reported by ProPublica. Two months later, the number of exposed servers had increased by more than half, to 35 million patient exams, exposing 1.19 billion scans and representing a considerable violation of patient privacy.

A decades-old file format and industry standard known as DICOM was designed to make it easier for medical practitioners to store medical images in a single file and share them with other medical practices. DICOM images can be viewed using any of the free-to-use apps, as would any radiologist. DICOM images are typically stored in a picture archiving and communications system, known as a PACS server, allowing for easy storage and sharing. But many doctors' offices disregard security best practices and connect their PACS server directly to the internet without a password. These unprotected servers not only expose medical imaging but also patient personal health information. Many patient scans include cover sheets baked into the DICOM file, including the patient's name, date of birth and sensitive information about their diagnoses. In some cases, hospitals use a patient's Social Security number to identify patients in these systems.