AIB criticised for monitoring customers’ social media accounts

14 May 2018

AIB ATM. Image: John and Penny/Shutterstock

AIB says viewing social media accounts helps it understand customer behaviour.

The national civil society group campaigning for a Yes vote in the upcoming Irish referendum on the Eighth Amendment fell victim to a cyberattack last week. DDoS attacks meant the Together For Yes fundraising page as well as Amnesty International’s went down for a period of a half hour and 45 minutes, respectively. The DDoS attacks originated in Ireland.

Also last week, Ryanair made a major move with its infrastructure as it announced it would be closing the majority of its data centres over the next three years. The airline, which carries 130m passengers annually, will be going all in with AWS in terms of its IT system.

Ryanair CTO John Hurley said: “By rebuilding core applications, converting data into actionable insights and creating intelligent applications, we are putting the solutions in place to continue our leadership in the travel industry.”

Meanwhile, MacOS users of the popular encrypted messaging service Signal were last week advised to disable app notifications for privacy reasons. Researcher Alec Muffett found that so-called ‘disappearing messages’ were showing up as notifications. Patrick Wardle, a Mac security expert, found the data was still being stored inside the OS – but there’s a simple fix.

Moving on to this week, from AIB’s social media spying to a major email security problem, catch up on your enterprise news here.

Is AIB watching you?

The AIB group has been accused of spying on customer social media accounts, according to a report in The Irish IndependentThe lender is apparently combing through Twitter, Facebook and other social media accounts for comments about its service. Customers are now required to sign a consent form, which gives permission for tasks such as credit checks to be carried out, as well as allowing the bank to look at social media profiles.

Mortgage broker Karl Deeter said: “I’m confident that people would not be comfortable knowing that the bank can play Big Brother with their social media information.” A spokesperson said it was in line with common practice, dubbing it “regular social listening” and adding that it never analyses the individual accounts of customers.

PGP encryption is seriously vulnerable

Pretty Good Privacy (PGP) is a method of data encryption often added to programs involved in the sending and receiving of email messages. German newspaper Süddeutsche Zeitung released details of the vulnerability prior to an embargo, and the EFF had advised immediately disabling email tools that automatically decrypted PGP.

Sebastian Schinzel of the Munster University of Applied Sciences had been examining the problem. The issue concerned email programs that failed to properly look for decryption errors before following links in emails that contained HTML code.

There had been concern previously that the issue affected the core protocol of PGP, but that looks not to be the case. A website explaining the issue has been set up, and it advises users to disable HTML renderings in emails sent via PGP – this will blockade the biggest opportunity for the vulnerability to be exploited.

MIT researchers use cryptography to protect genomic study participants

Researchers from MIT and Stanford University have developed a new system for protecting the privacy of people who contribute their genomic data to large-scale biomedical studies. At the core of the new system is a technique known as secret sharing, which divides sensitive information among a multitude of servers.

As long as one server is trustworthy, the researchers claim the system is secure and all servers would need to be hacked to extract data. The researchers successfully reproduced three genome-wide studies involving 23,00 individual genomes. The system should scale efficiently to 1m genomes, while protecting the private medical information of study subjects.

Apple pulls apps abusing location services data collection

GDPR is just under two weeks away, and historically privacy-focused Apple is kicking things into high gear when it comes to compliance on the App Store. According to Sophos, Apple is evaluating the privacy policies of developers, kicking them off the platform until they cut out any features that are in violation of Apple’s location data policies.

Apple wants app developers to offer better explanations to users about how their data will be used; until then, apps will be pulled.

Google to warn users when they are chatting with Duplex AI

Google’s new Duplex AI system lets AI mimic a human voice to make appointments. However, the experimental system has been on the receiving end of scrutiny since it was debuted at Google I/O.

The company said that Duplex would have “disclosure built-in”, which will involve a verbal announcement to the person that they are speaking to an AI system when trying to book a blow-dry or a medical appointment, for example.

Google said: “We are designing this feature with disclosure built-in, and we’ll make sure the system is appropriately identified.”

AIB ATM. Image: John and Penny/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects