Business' Systems for Responding to Law Enforcement May Be Vulnerable, PEPR Told
SANTA CLARA, Calif. -- Companies’ processes for responding to law enforcement requests could constitute a security vulnerability with privacy implications, Lukas Bundonis, a senior privacy engineer at Netflix, said at the USENIX Privacy Engineering Practice and Respect (PEPR) conference Monday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Bundonis, who spoke in a personal capacity, said this was a key takeaway from the Salt Typhoon data hack, where Chinese threat actors exploited U.S. lawful interception infrastructure to gather metadata, including on calls and IP addresses.
"Law enforcement response infrastructure is a unique threat vector" that most global threat actors try to exploit as "the top of their ... crown jewels,” he said. "If you have it, they're going to come for it, and it's not just a security risk. It's a privacy risk, too."