🛡️Was our data safe?🛡️
A legal and technical investigation into the safety and security of Lebanon's Covid-response apps by @SMEX members @LucieDoumanian @kataya_abd
@Lqassem @0x7D6E6867 and @lqassem!
⏰ Today at 12:30 PM Beirut time, Room 1 - stage
#BreadandNet
A legal and technical investigation into the safety and security of Lebanon's Covid-response apps by @SMEX members @LucieDoumanian @kataya_abd
@Lqassem @0x7D6E6867 and @lqassem!
⏰ Today at 12:30 PM Beirut time, Room 1 - stage
#BreadandNet
Through the #Watchdog project, we analyzed numerous applications in Lebanon and abroad to ensure their safety and security. Our aim was to push private companies to protect people’s data. @kataya_abd
For example, when pharmaceuticals company Pharmaline assisted in securing #SputnikV vaccines in Lebanon, we found that people were asked to sign a consent form to use their data for commercial purposes at a later time.
The same thing happened with @impact_gov. Our analysis revealed that their servers were based in Germany, without clarifying why. — @kataya_abd
@impact_gov @kataya_abd "We use open source tools in our technical analysis (mobile security framework) since it provides us with an idea of the overall cyber security of a certain app. It helps us track any breaches to security on platforms that collect data." @0x7D6E6867
"If we can't physically access the servers where data is collected, then we can't ensure it's safe. This data must be isolated and must remain subject to Lebanese laws, not European ones (i.e. Germany), especially considering the confidentiality of this data." Ragheb
"In our analysis, we didn't only refer to the Lebanese E-Transactions Law, but we also ensured that @impact_gov adheres to the GDPR standards." @Lqassem
"Cybersecurity is a systematic process. It requires attention and development at every stage, from downloading the app to the transfer of data collected on servers. We need to be very clear about how to approach the implementation of digital apps at such a large scale." Abed
"In Lebanon, there are still debates about whether hacking databases is considered a cybercrime or not. We need to catch up. We need an actual law that would protect people's personal information." @kataya_abd
"Unfortunately, there is no legal coverage to oversee data processing between official bodies in Lebanon, such as voters' data. We need more cooperation between ministries." @Lqassem
"We need a legal reference to digital security that would allow us to efficiently resolve some of the challenges to safeguarding data." @kataya_abd
The #Watchdog process is based on first conducting a technical and legal analysis of an application, and then sharing our findings with internet users. At the same time, we pressure service providers and apps to make amends to any vulnerability to data security." @kataya_abd
Some recommendation from Senior Policy Advisor @Lqassem:
- update the outdated 2018 Electronic Transactions and Personal Data Law
- add more articles on the right to privacy
- update the outdated 2018 Electronic Transactions and Personal Data Law
- add more articles on the right to privacy
@Lqassem + restrict apps' access permissions to other apps on your devices
+ implement guidelines for sound practice by telecommunication services and apps in Lebanon @0x7D6E6867
+ we need independent oversight to audit digital practices
@kataya_abd
+ implement guidelines for sound practice by telecommunication services and apps in Lebanon @0x7D6E6867
+ we need independent oversight to audit digital practices
@kataya_abd
• • •
Missing some Tweet in this thread? You can try to
force a refresh
