At a glance.
- Is Buenos Aires’ government surveillance system targeting the innocent?
- Rollbar suffers customer data breach.
- Minnesota job seekers targeted by hackers.
Is Buenos Aires’ government surveillance system targeting the innocent?
The government of Buenos Aires is quite upfront about its use of a biometrics-based surveillance system to patrol over 75% of the area of the Argentine capital. However, since the facial recognition network launched in 2019, upwards of 140 database errors have led to unjustified arrests or police checks. The system was shut down in 2020 when the pandemic ramped up, and last year rights activists successfully sued the city government to have the system put out of service. But the city government is pushing to have it reinstated, saying it's a necessary security tool.
Wired offers a look at the current debate. The surveillance network is intended to be used only to track the country’s most wanted fugitives – about 40,000 individuals – but an investigation conducted by Judge Andrés Gallardo proved otherwise. “There was definitely more to it than tracking fugitives,” Gallardo stated. “...the number of personal data requested by the city was almost 10 million. The government could never explain why so much data was requested that did not belong to fugitives.” The individuals targeted in those requests include Vice President Cristina Fernández de Kirchner and President Alberto Fernández, along with other politicians, human rights activists, and journalists.
However, the city’s now-former security minister Marcelo D'Alessandro insists all of the searches were justified. He explains, “This is about investigative procedures, about identity checks…No one, really no one, is searched by facial recognition without a court order.” When asked about the vice president’s requested data, he responded, “The vice president has a lot of criminal cases where she is accused, and the justice tells us with official documents to consult and validate the identity.”
Prosecutor Sergio Rodríguez, whose office is part of the Ibero-American Prosecutors Against Corruption Network, says the group is looking into the city’s surveillance system. "Maybe our research here in Argentina can work as a warning for other countries. Shouldn't the state have more protection for sensitive data? Shouldn't it have a more effective alert system if too much data is retrieved? We should all, all over the world, work to look for prevention systems." (It’s worth noting that the data of the Wired writer and photographer responsible for this article were found among the data recently requested by the Buenos Aires surveillance system.)
Rollbar suffers customer data breach.
Rollbar, a US-based software bug-tracking company whose clients include household names like Salesforce, Uber, and Pizza Hut, says it experienced a data breach last month that exposed its customers’ access tokens. Rollbar detected the intrusion when it discovered that a service account was used to log into the company’s cloud-based bug monitoring platform. In a data breach notification letter, the company states, "The party first tried to launch computer resources, and after that failed for lack of permission, they accessed the data warehouse and ran searches that suggested they were interested in Bitcoin wallets or other cloud credentials." As Bleeping Computer reports, Rollbar deactivated the account in question, and an investigation revealed that the intruders had had access to the company’s systems for three days. During that time the hackers accessed customer usernames, email addresses, account names, project information, and project access tokens, which allow users to interact with Rollbar projects. Rollbar has enlisted the services of a third-party forensic consultant and the investigation is ongoing.
Minnesota job seekers targeted by hackers.
The US state of Minnesota has disclosed that its interactive jobs board was attacked earlier this week, the Star Tribune reports. Employment officials are warning job seekers that used the MinnesotaWorks.net site that their personal data might have been stolen by hackers. Officials from the Minnesota Department of Employment and Economic Development (DEED) released a statement saying, "A recent data security incident may have resulted in unauthorized access of jobseekers' contact information such as physical addresses, email addresses and phone numbers. The officials explain they received reports of "suspicious communications" from individuals fraudulently claiming to be an approved employer on the state's MinnesotaWorks.net website. DEED warned that the hackers might be hoping to convince targets to hand over additional private info, and recipients of the emails have been urged not to respond. The hacker’s access to the site has been revoked and impacted individuals have been notified, but the exact number of compromised users has not been disclosed.