CNN Investigates ‘Airbnb’s Hidden Camera Problem’
Nearly seven years later, CNN launched their own investigation of “Airbnb’s hidden camera problem”.
CNN: “Across North America, police have seized thousands of images from hidden cameras at Airbnb rentals, including people’s most intimate moments… It’s more than just a few reported cases. And Airbnb knows it’s a problem. In this deposition reviewed by CNN, an Airbnb rep said 35,000 customer support tickets about security cameras or recording devices had been documented over a decade. [The deposition estimates “about” 35,000 tickets “within the scope of the security camera and recording devices policy.”]
Airbnb told CNN a single complaint can involve multiple tickets.
CNN actually obtained the audio recording of an Airbnb host in Maine admitting to police that he’d photographed a couple having sex using a camera hidden in a clock — and also photographed other couples. And one Airbnb guest told CNN he’d only learned he’d been recorded “because police called him, months later, after another guest found the camera” — with police discovering cameras in every single room in the house, concealed inside smoke detectors. “Part of the challenge is that the technology has gotten so advanced, with these cameras so small that you can’t even see them,” CNN says.
But even though recording someone without consent is illegal in every state, CNN also found that in this case and others, Airbnb “does not contact law enforcement once hidden cameras are discovered — even if children are involved.” Their reporter argues that Airbnb “not only fails to protect its guests — it works to keep complaints out of the courts and away from the public.”
They spoke to two Florida attorneys who said trying to sue Airbnb if something goes wrong is extremely difficult — since its Terms of Service require users to assume every risk themselves. “The person going to rent the property agrees that if something happens while they’re staying at this accommodation, they’re actually prohibited from suing Airbnb,” says one of the attorneys. “They must go a different route, which is a binding arbitration.” (When CNN asked if this was about controlling publicity, the two lawyers answered “absolutely” and “100%”.) And when claims are settled, CNN adds, “Airbnb has required guests to sign confidentiality agreements — which CNN obtained — that keep some details of legal cases private.”
Responding to the story, Airbnb seemed to acknowledge guests have been secretly recorded by hosts, by calling such occurrences “exceptionally rare… When we do receive an allegation, we take appropriate, swift action, which can include removing hosts and listings that violate the policy.
“Airbnb’s trust and safety policies lead the vacation rental industry…”
Read more of this story at Slashdot.
Does the Crowdstrike Outage Prove the Dangers of a Cashless Society?
He’s part of those arguing “the chaos caused by the global IT outage last week underlines the risk of moving towards a cashless society,” writes the Observer:
Authorities in China and the US have fined businesses for not accepting cash. Delnevo said the U.K. should have a law requiring all businesses to take cash. Martin Quinn, campaign director for the PCA, said using cash allowed for anonymity. “I don’t want my data sold on, and I don’t want banks, credit card companies and even online retailers to know every facet of my life,” he said. Budgeting by using cash is also easier for some, he added.
The article includes some interesting statistics from a U.K. bank trade association. “The number of people who never use cash, or use it less than once a month, reached 23.1 million in 2021, but declined to 21.6m last year.”
The GMB [general trade] Union said the outage reinforced what it had been saying for years: that “cash is a vital part of how our communities operate”. “When you take cash out of the system, people have nothing to fall back on, impacting on how they do the everyday basics.”
Read more of this story at Slashdot.
In SolarWinds Case, US Judge Rejects SEC Oversight of Cybersecurity Controls
Slashdot reader krakman shares this report from the Washington Post:
“The SEC’s rationale, under which the statute must be construed to broadly cover all systems public companies use to safeguard their valuable assets, would have sweeping ramifications,” [judge] Engelmayer wrote in a 107-page decision. “It could empower the agency to regulate background checks used in hiring nighttime security guards, the selection of padlocks for storage sheds, safety measures at water parks on whose reliability the asset of customer goodwill depended, and the lengths and configurations of passwords required to access company computers,” he wrote. The federal judge also dismissed SEC claims that SolarWinds’ disclosures after it learned its customers had been affected improperly covered up the gravity of the breach…
In an era when deeply damaging hacking campaigns have become commonplace, the suit alarmed business leaders, some security executives and even former government officials, as expressed in friend-of-the-court briefs asking that it be thrown out. They argued that adding liability for misstatements would discourage hacking victims from sharing what they know with customers, investors and safety authorities. Austin-based SolarWinds said it was pleased that the judge “largely granted our motion to dismiss the SEC’s claims,” adding in a statement that it was “grateful for the support we have received thus far across the industry, from our customers, from cybersecurity professionals, and from veteran government officials who echoed our concerns.”
The article notes that as far back as 2018, “an engineer warned in an internal presentation that a hacker could use the company’s virtual private network from an unauthorized device and upload malicious code. Brown did not pass that information along to top executives, the judge wrote, and hackers later used that exact technique.”
Engelmayer did not dismiss the case entirely, allowing the SEC to try to show that SolarWinds and top security executive Timothy Brown committed securities fraud by not warning in a public “security statement” before the hack that it knew it was highly vulnerable to attacks.
The SEC “plausibly alleges that SolarWinds and Brown made sustained public misrepresentations, indeed many amounting to flat falsehoods, in the Security Statement about the adequacy of its access controls,” Engelmayer wrote. “Given the centrality of cybersecurity to SolarWinds’ business model as a company pitching sophisticated software products to customers for whom computer security was paramount, these misrepresentations were undeniably material.”
Read more of this story at Slashdot.
CrowdStrike Stock Tanks 15%, Set For Worst Day Since 2022
The CrowdStrike selloff is “an overreaction to a temporary setback,” Rosenblatt analyst Catharine Trebnick wrote in a note to clients Friday. It’s a “compelling buying opportunity” as it “creates a window for investors to buy into a high-quality, growth-oriented cybersecurity company at a discounted valuation,” Trebnick continued. To her point, CrowdStrike stock’s relative valuation, according to its price-to-earnings ratio (P/E), which compares its market value to its projected profits over the next four quarters, fell Friday to its lowest number since April. Still, CrowdStrike’s P/E of about 70 is very high for a company of its size, meaning investors will need to express significant confidence in the business’ ability to grow earnings, a challenge if Friday’s incident were to impact CrowdStrike’s client base.
Read more of this story at Slashdot.