Information Technology

Late last week, the government tabled the Commonwealth Ombudsman’s report on agency access to stored communications and telecommunications data for the 2018-19 financial year, and while the Ombudsman was upbeat about most agencies getting better, all agencies fell foul of sticking to the letter of the law in some way.
The irony is that the agencies inspected form the law enforcement arm at federal and state levels. The agencies looked at were Australian Criminal Intelligence Commission, Australian Federal Police (AFP), Crime and Corruption Commission Queensland, Department of Home Affairs, Independent Commissioner Against Corruption for South Australia, New South Wales Police, Queensland Police, Tasmania Police, Victoria Police, and Western Australia Police.
“We identified instances at all inspections in 2018-19 where agencies had accessed telecommunications data without proper authority. As such, the disclosure of the data was unauthorised,” the report [PDF] said in the section dedicated to telco data inspections.
Problems with the authorisations ranged from “administrative error”, such as in incorrect number or time period on a notice, to authorisation being made by those without authority to do so, failing to send written notices as required by law, and relying on oral notices.
“At all agencies, we identified instances where carriers had provided data that was not authorised because it was outside the parameters of the authorisation. This included instances where the carrier provided data that exceeded the time period authorised, or provided a different type of data than was authorised,” the report said.
The Ombudsman said although “many agencies” could identify and quarantine unauthorised data, at around half of the agencies, the inspections found further instances of unauthorised data.
Called out for an elevated level of criticism was Tasmania Police, which the Ombudsman said did not have a “well-developed compliance culture”.

“This was indicated by a large number of issues across several of its processes, including limited progress in addressing our previous inspection findings and significant variances in the level of awareness of requirements under the Act,” the report said.
“We considered that the required improvements could not be implemented without fundamental changes to the way Tasmania Police approaches compliance.”
In the telco data section, Tasmania Police received two recommendation and 10 suggestions, with failures in gaining consent to access data, a lack of record keeping on when communications data is destroyed, failing to destroy data when required, and data being destroyed without proper approval.
“At both the 2017-18 and 2018-19 inspections, we identified that all stored communications a particular carrier provided to Tasmania Police were received by a staff member who was not authorised to receive them,” the report stated.
The inspections also found Tasmania Police had an “ineligible issuing authority” around stored communication warrants.
“We were not satisfied that Tasmania Police had taken appropriate remedial action to manage the unlawfully accessed stored communications or that there was sufficient awareness within Tasmania Police of the existence of these invalid warrants,” the Ombudsman said.
Further, the inspections showed Tasmania Police failed to provide its annual report for 2017-18 to the Minister for Home Affairs, as required.
Previous instances of the report have seen the Department of Home Affairs dressed down for failing to handle stored communications data properly. In this instance, Home Affairs walked away with 11 suggestions in total.
“Over previous inspection periods we identified, and the department has disclosed, serious compliance issues relating to its use of stored communications powers. However, the scale and seriousness of these issues decreased as the department developed and implemented measures to improve its compliance,” the report said.
The department disclosed 74 instances of an unauthorised officer making authorisations for data, and 54 instances where received data was outside the period of the authorisations.
“In each instance, the department’s telecommunications data request system inputted the end time for authorisations as 00:00, rather than 23:59, which meant the period of the authorisation ended at the beginning of the day rather than the end,” the report said.
“While the department sought to address this through manual annotations on the authorisations, in some instances telecommunications data disclosed was dated after the end time of the authorisation and therefore outside of what was authorised,” the report said.
The AFP were handed three recommendations and 33 suggestions as the agency continued to issue successive foreign preservation notices, failed to gain consent of victims in one instance, failed to destroy data, and directed telcos to perform actions that were not required or did not have legal authority to perform.
The report said there were several instances where it could not be confirmed whether authorised officers had made “required considerations” prior to authorisation due to a lack of documentation. It also passed on multiple requests from foreign law enforcement without checking whether the request was permitted in Australia.
“We also identified that the AFP had made two foreign prospective authorisations (one of which had been extended) in the absence of the Attorney-General having made an authorisation … despite this being required before a foreign prospective authorisation can be made,” the report said.
“In our 2019-20 inspection, we found that the AFP was not able to account for the use and disclosure of the information it obtained under one of these authorisations and suggested that it do so.”
The AFP also received a number of stored communications warrants from a member of the Administrative Appeals Tribunal (AAT) that was not authorised to do so. This was a common issue amongst the agencies inspected, as were the issues of warrant templates not being in a prescribed form, and having incorrect wording in affidavits.
Victoria Police was also found to have authorised officers making requests without proper consideration, nor proper training or reference materials. The police force also does not have a system capable of quarantining unauthorised data. Consequently, Victoria Police received four recommendations and nine suggestions.
During the period covered by the report, NSW Police led the way with over 98,000 uses of its powers for historic records, followed by Victoria Police with 82,700, Queensland Police used the powers almost 25,300 times, the AFP used its powers for historic records 19,550 times.
For prospective records, Victoria Police used its powers almost 9,700 times, the AFP was next with 3,700 uses, followed by Queensland Police on 3,430.
Of those records, the Commonwealth Ombudsman only needed to look at 155 records from the AFP, 125 from Victoria Police, and 92 from Tasmania Police to find issues on which to base its report.
Updated at 12:14pm AEDT, 9 February 2021: Clarified number of agencies inspected was ten. Twenty agencies in total have access to stored communications and telecommunications in Australia.
Related Coverage More

Two of the largest social media platforms have asked that the Australian government consider implementing many of the elements present in Europe’s General Data Protection Regulation (GDPR) when refreshing the country’s 33-year old Privacy Act.
In a submission [PDF] to the Attorney-General’s review of the Privacy Act 1988, Facebook called for “effective privacy and data protection” as part of a “globally harmonised framework”. It believes failing to do runs the risk of creating a “splinternet”, where some countries or regions of the world adopt approaches to privacy and data protection that are mutually exclusive to other regimes.  
From 2017: How Europe’s GDPR will affect Australian organisations
To avoid this risk, Facebook has recommended that Australian privacy laws be reformed to make them more aligned with the “best practice privacy frameworks of Australia’s main trading partners and leading digital economies in the world”.
“Ensuring alignment with global norms enhances Australia’s global competitiveness and this type of regulatory harmonisation reduces unnecessary compliance costs and leads to increases in productivity,” it wrote.
Some alignments include changing “personal information” within the Act to “personal data” as defined in the GDPR; adopting “multiple flexible legal bases for using or disclosing data”, similar to the EU process; and implementing the right to erasure.
Facebook also claimed it is in “strong support” of a notification process that gives individuals a clear understanding of how their data is collected and how it will be used.

Let’s not forget: How Cambridge Analytica used your Facebook data to help elect Trump
Snap Inc agrees with Facebook’s argument to align the Privacy Act with the GDPR, recommending the Attorney-General’s Department “review endeavours to pursue a principles-based and proportionate approach in its revisions to the Act, drawing on the strengths of, and the lessons learned from, the [GDPR] in Europe”.
Of concern to Snap is that the Privacy Act does not currently contain a controller/processor distinction. Under the EU’s rules, controllers are responsible for determining the means and purposes of data processing, and processors act on behalf of the instructions of controllers.
“This distinction between controllers and processors increases accountability between parties,” Snap says in its submission [PDF].
“To increase the flexibility, and thus efficiency, of Australia’s privacy legislation we recommend aligning with the definitions of controllers and processors as defined in the EU [GDPR].”
Controller/processor notions are present in privacy laws outside of Europe, such as India, Japan, and Brazil.
Snap said, from the outset, its privacy principles have aligned with those of the GDPR. It has asked the Australian government to follow the GDPR closely, in particular, its principles-based approach.
“The GDPR already covers a number of the areas that this consultation seeks to address, including transparency and proportionality,” Snap wrote.
“Consequently, we would urge the Attorney-General’s Department to, as far as possible, mirror the principles-based approach of the GDPR which provides sufficient flexibility for businesses to decide how they will comply with the standards set by the Regulation as well as sufficient flexibility for data protection authorities to apply the rules in a smart, contextual way.
“We would also urge against any undermining of the delicate balance of interests carefully struck during the GDPR negotiations.”
On consent, Snap said consent alone is not an effective way to manage personal information as it places a lot of responsibility on users, which can result in consent fatigue.
“The legislator should consider legitimate interest as a basis for processing, combined with the requirement for controllers to conduct legitimate interest assessments. Legitimate interests place the burden on controllers, and require them to think critically about the data they process. This creates an accountability framework, and also offers users a more seamless user experience, without jeopardising their privacy,” it wrote.
This makes consent more meaningful, Snap believes.
Facebook, however, said the current definition of consent in the Act is sufficient and provides sufficient flexibility for consumers and businesses.
Agreeing with Google, Snap also believes 13 should be the age at which parental consent is no longer required. While Facebook did not provide comment on the age of consent, in its submission, it pointed to “Messenger Kids”, which is a video and chat app specifically for those under the age of 13, as being an environment where children can “develop digital literacy and safe online behaviours” and be “empowered”.
Facebook has previously warned the looming changes to phone giant Apple’s operating system could negatively impact its advertising revenue, with Mark Zuckerberg arguing that Apple’s changes are aimed at benefiting iMessage and harm small businesses. It will also harm one of Facebook’s recipe to success — tracking-based ad targeting.
Snap also took concern with the iOS 14 changes, saying they present a risk of interruption to demand after they’re implemented, but the company said it’s prepared for the changes.
During the company’s Q4 earnings call, CEO Evan Spiegel said the policy changes Apple is making will impact Snap’s ability to “effectively measure and optimise advertising outside of Snapchat”.
“The reality is we admire Apple, and we believe that they are trying to do the right thing for their customers,” CNBC quotes Snap chief business officer Jeremi Gorman as saying. “Their focus on protecting privacy is aligned with our values and the way we’ve built our business from the very beginning. Overall, we feel really well prepared for these changes, but changes to this ecosystem are usually disruptive and the outcome is uncertain.”
MORE FROM THE PRIVACY ACT REVIEW More

[embedded content]
An unidentified hacker has accessed the computer systems for the water treatment facility in the city of Oldsmar, Florida, and has modified chemical levels to dangerous parameters.
News of the attack was disclosed today in a press conference by city officials.

ZDNet Recommends

The intrusion took place on Friday, February 5, when the hacker accessed a computer system that was set up to allow for the remote control of water treatment operations.
The hacker first accessed this system at 8 am, in the morning, and then again for a second and more prolonged intrusion at 1:30 pm, in the afternoon.
This second intrusion lasted for about five minutes and was detected right away by an operator who was monitoring the system and saw the hacker move the mouse cursor on the screen and access software responsible for water treatment.
Hacker modified lye levels
“Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It’s also used to control water acidity and remove metals from drinking water in the water treatment plant,” said Oldsmar Sheriff Bob Gualtieri.
“The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million. This is obviously a significant and potentially dangerous increase.”

Oldsmar city staff said that no tainted water was delivered to local residents as the attack was caught in time before any lye levels could be deployed.
According to Sheriff Gualtieri, the hacker disconnected as soon as they modified the lye levels, and a human operator set the chemical level back to normal right away.
Officials didn’t attribute the attack to any specific hacker group or entity. The timing of the attack is also of note as the city of Oldsmar is located near the Tampa urban center, which hosted the Super Bowl LV game on Sunday.
Not the first time
This is the second incident of its kind where a hacker has accessed a water treatment facility and modified chemical levels.
A similar incident was reported back in 2015-2016 at an unnamed water treatment facility, but investigators said the intruders didn’t seem to know what they were doing, making random changes, and investigators classified the intrusion as an accident rather than an intentional attack.
Another set of attacks took place earlier this year, but without as dire consequences. In the spring and summer of 2020, Israeli officials reported attacks against local water treatment facilities, water pumps, and agricultural irrigation systems.
Tel Aviv officials, which blamed the attacks on the Iranian government, said hackers tried to access the management panels of several types of smart water management systems and asked local organizations to change their passwords.
None of the attacks were successful, officials and local media reported at the time. More

Although fewer of us are working out of airports, hotels, and coffee shops in these pandemic days, many of us are working outside of our employer’s facilities. This, along with the ever-increasing levels of cybercrime and hacking, is inspiring many people to install VPNs.
In a home environment, VPNs not only secure your connection from home to whatever online service you’re connecting to, but they also secure your connection from others on your Wi-Fi network. If you have confidential information you don’t want to share with roommates, or you’d prefer your teenager doesn’t have access to corporate, health, lifestyle, or financial information, a VPN will keep the connection from your computer, phone, or tablet secure from the prying eyes of the young digital natives in your midst.
In this article, we’ll present a few general installation and configuration guidelines. Then we’ll walk you, step-by-step, through the installation of four popular VPNs, one for each platform. We’ll be demonstrating how to install and setup NordVPN on iOS, IPVanish on MacOS, ExpressVPN on Windows 10, and Surfshark on Android.

Some quick tips
First and foremost, you must understand that your experience with a VPN will differ from others, especially those of us doing reviews. Every Internet connection performs differently, so even though we explored what VPNs are fastest, keep in mind that where you’re connecting from and what you’re connecting to will differ from the experience of other users. When choosing a VPN, make sure to take advantage of the trial time or the money-back guarantee. Definitely test before committing.
Second, you’ll need to decide if you want your VPN to always be on or only turn on when you tell it. If you want your VPN to be active from the moment the device boots up, make that selection in the preferences for your VPN application. If you want your VPN to be active only on occasion, turn off the enable-on-startup option for the VPN you’ve chosen.
Most modern VPN services have what’s called a Kill Switch. Some apps turn this on by default. Others have an option buried in preferences to enable it. What a kill switch does is disable your network connection if the VPN software fails. I generally recommend turning this on, because if you’re using a VPN, you want it to prevent others from seeing your data. You don’t want to take the chance that if it fails, your data will suddenly be unprotected.

NordVPN
As with all iOS apps, when it’s time to install a VPN on your iPhone or iPad, you’ll need to go to the App Store and find the application. For our iOS install example, we’ve chosen NordVPN. NordVPN scored our top slot in average aggregate scores among a field of nearly a dozen VPNs. It was one of the fastest VPNs, and its score was consistent across most testers on the Internet.
View Now at NordVPN
Also:

Now let’s look at the steps you’ll take installing a VPN on iOS:
When doing an iOS install, first launch the App Store and search for the VPN you want.
When you find the VPN you want, hit Get.
Next, authorize the download using Touch ID, Face ID, or your Apple password.
Once the app downloads, go ahead and launch it.
Most iOS VPN apps are similar from here. You may be asked permission to allow the app to send you alerts. I’d recommend approving this, because if your VPN has something important to tell you (usually about your connection), you probably want to know.
iOS also requires you to approve adding VPN functionality into the operating system. You’ll need to give the VPN approval, and also, probably, turn it on in the Settings panel.
Finally, decide whether you want the VPN to launch automatically when you boot up your phone.
If you want to see this process with NordVPN, take a look at the gallery below. We show you screenshot-by-screenshot steps for setting up an iOS VPN.

IPVanish
Unlike iOS, few popular VPNs are available in the MacOS app store. Instead, you’ll need to go to the VPN’s website and download the app, open the archive, and install it manually. For our Mac install example, we’ve chosen IPVanish. While IPVanish didn’t score near the top in terms of overall aggregate performance, we liked its relatively low ping time and quick time to make a connection. We also like the depth of control and options IPVanish offers, along with a very slick performance chart that constantly updates.
View Now at IPVanish
Also: IPVanish review: VPN delivers a wealth of options and browsing controls
Now let’s look at the steps you’ll take installing a VPN on a Mac:
When doing a Mac install, go to the VPN’s website. You may need to purchase or request a trial, and you may need to create an account.
Download the VPN’s installer.
Launch the installer or double-click the archive file. You’ll probably need to give MacOS permission to open it.
Installation may require you to run an installer or copy the application into your Applications folder. Do whichever fits your circumstances.
Most Mac VPN apps are similar from here. You may be asked for various permissions, including permission to run an app downloaded from the Internet and permission to install certain features. If you’re trying to install an app from a known VPN provider, go ahead and approve those requests.
Finally, decide whether you want the VPN to launch automatically when you boot up your Mac.
If you want to see this process with IPVanish, take a look at the gallery below. We show you screenshot-by-screenshot steps for setting up a Mac VPN.

ExpressVPN
As with Mac, few popular VPNs are available in the Microsoft Store. Once again, you’ll need to go to the VPN’s website and download the app, open the archive, and install it manually. For our Windows install example, we’ve chosen ExpressVPN. ExpressVPN was near the top in terms of overall aggregate performance, we liked its wide selection of device support. 
View Now at ExpressVPN
CNET: ExpressVPN review: This speedy VPN is worth the price
Now let’s look at the steps you’ll take installing a VPN on Windows:
When doing a Windows install, go to the VPN’s website. You may need to purchase or request a trial, and you may need to create an account.
Download the VPN’s installer. I prefer to download the installer file and then run it, rather than run it directly. I like being able to keep a copy of my installer files.
Launch the installer or double-click the archive file. You’ll probably need to give Windows permission to open it.
Most Windows VPN apps are similar from here. You may be asked by Windows Device Guard for various permissions, including permission to install certain features and send and receive data. If you’re trying to install an app from a known VPN provider, go ahead and approve those requests.
Finally, decide whether you want the VPN to launch automatically when you boot up Windows.
If you want to see this process with ExpressVPN, take a look at the gallery below. We show you screenshot-by-screenshot steps for setting up a Windows VPN.

Surfshark
Although you can certainly sideload some Android apps, you’re definitely safest (especially with VPNs) when you install a VPN from the Google Play store. For our Android install example, we’ve chosen Surfshark. Surfshark was a middle-of-the-road performer in our average aggregate scores among a field of nearly a dozen VPNs, but was rated as blazing fast by CNET’s review. This is why we always recommend you test to see how a VPN performs for you.
View Now at Surfshark
CNET: Surfshark VPN review: Competitive pricing and blazing speeds from this upstart service
Now let’s look at the steps you’ll take installing a VPN on Android:
When doing an Android install, first launch the Google Play store and search for the VPN you want.
When you find the VPN you want, tap Install.
Once the app downloads, go ahead and launch it.
Most Android VPN apps are similar from here. Android isn’t as fussy about permissions as iOS, but it does ask its fair share. You’ll need to give the VPN approval as requested during install and first operation.
Finally, decide whether you want the VPN to launch automatically when you boot up your phone.
If you want to see this process with Surfshark, take a look at the gallery below. We show you screenshot-by-screenshot steps for setting up an Android VPN.

And there you go. You’ve seen it’s pretty easy to set up a VPN for all four of the major platforms. Yes, I know I didn’t include Linux, but let’s face it: If you’re already running Linux, you don’t need me to tell you how to install a VPN (or anything else for that matter).
 Are you running a VPN? What service are you using, on what platforms? Let us know in the comments below.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Singapore is in the midst of rolling out tools and measures to plug several “IT weaknesses” highlighted in a report, including weak controls and inadequate reviews of privileged user activities. The report also stresses the need to mitigate new risks and vulnerabilities brought about by the accelerated rate of digital transformation amidst the global pandemic. 
Efforts already were underway to address the IT loopholes over the past year, with automation tools taking centrestage, according to the latest report by the Public Accounts Committee. These measures had been planned since last year, when the committee had chided the public sector for recurring IT lapses In its 2020 report. It then had also pointed to a lack of good standard operating procedures in user access rights management, with the logging and review of privileged user activities carried out manually. 

The committee added that controls over third-party vendors and partners could be beefed up. “Given the increasing pace of digitalisation and outsourcing of IT operations in the public sector, IT-related risks such as data security and cybersecurity risks will remain key risks for the government,” it noted in its report released Monday.
Efforts to plug the gaps were led by the Smart Nation and Digital Government Group (SNDGG), which underscored the importance of human supervision, changes in processes, and the adherence of these new processes alongside the implementation of automation and technological tools. 
The government agency said it was developing a centralised tool that would include the automation of the removal of user accounts that were no longer in use, which currently still needed to be checked manually despite the implementation of a new application that alerted agencies of staff movement and role changes. This platform had been deployed across 38 agencies since October 2019. 
Development of the centralised tool was targeted for completion by end-2021, after which agencies would integrate all existing systems with the centralised platform over the next three years. This would be deployed across high-priority systems by December 2023 and all remaining systems by December 2024, according to the SNDGG.
Another tool to aid in the review of privileged users’ activities also was slated to be deployed on high-priority systems by December 2022, following a pilot — launched last April — involving 15 government agencies. SNDGG reported that it was “refining” detection rules to monitor different types of logs, including operating systems, databases, networks, applications, and security as well as logic to improve the efficiencies of the detection system. Implementation would be progressively scaled up to all agencies from January 2021. 

Steps also had been taken to beef up organisational structures processes, which aimed to facilitate greater ownership so IT lapses would be addressed. In the area of data and cybersecurity, for instance, an agency’s chief security officer and chief data officer were required to report major cybersecurity and data issues directly to the agency’s head. 
In addition, all government agencies would tap audit and incident data to predict potential governance risks to IT systems. An initial batch of agencies were expected to begin a pilot for this in the first quarter of 2021, with deployment across the sector targeted for the second quarter. 
According to the Public Accounts Committee, new processes also had been put in place across the public sector to facilitate a “more coordinated and effective response” to data incidents. These included the establishment of the Government Data Security Contact Centre last April as an avenue for members of the public to report data incidents involving public agencies. 
From March 2021, all public agencies also would be required to conduct annual cyber and data security incident exercises.
Moving forward, the Public Accounts Committee noted that the accelerated digital transformation brought about by the COVID-19 pandemic could introduce risks and vulnerabilities. It said the SNDGG was probed about such risks and how the agency was mitigating them. 
In response, the smart nation group said it currently was setting up a government-wide “ICT and Smart System” enterprise risk management system, which would comprise a central office, risk owners, and integration of the framework with each agency’s own enterprise risk management processes. 
The SNDGG had identified 10 potential risks, but noted that most had been or were in the process of being addressed with ongoing efforts, including strengthening of agencies’ management of data security and cybersecurity risks as well as managing human capital risk. 
The Singapore government in February 2020 said it would invest SG$1 billion to beef up its cyber and data security systems, noting that this was essential as its agencies increasingly adopted technologies such as artificial intelligence, cloud, and Internet of Things. To be spent over the next three years, the funds would go towards readying the country to deal with cyber threats as digitisation efforts intensified. 
RELATED COVERAGE More

Image: Microsoft
Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) that will notify companies when their employees are being targeted by nation-state threat actors.

The feature was added on Saturday to the Microsoft 365 roadmap website.
The idea behind the feature is not new. Since 2016, Microsoft began tracking nation-state hacking groups and the attacks they orchestrate against Microsoft email accounts.
If a user is targeted or compromised in one of these attacks, Microsoft sends them an email about the attack, along with basic advice they need to take to re-secure their inbox and devices.
Microsoft said in 2019 that it usually notifies around 10,000 users per year of nation-state attacks.
But the problem with this notification procedure is that it relies on users reading their email and taking action, which doesn’t always happen. Users don’t read their emails daily, or it might sometimes take hours before the user reaches the notification in crowded inboxes, a time during which attackers could use to steal sensitive documents.
For organizations who are customers of Microsoft’s Office 365 service, the OS maker now plans to add these notifications inside the dashboard of Microsoft Defender for Office 365, the cloud-based security platform that scans a company’s Office 365 accounts for threats.

This way, the notification will also appear for system administrators and security teams, who can act on it right away by calling the affected employees personally, resetting email account passwords, resetting other internal passwords, or by initiating a broader security audit.
The OS maker expects to have this feature ready by the end of the month.
Besides Microsoft, which does this for Microsoft Outlook email accounts, similar alerts for nation-state attacks are also available for Yahoo accounts, public Gmail accounts, and G Suite accounts. Facebook also warns users of nation-state attacks against its social media accounts. More

Image: Joshua C. Greenberg, MD, Mahmoud R. Altawil, MD,Gurjit Singh, MD
The new magnetic circular array introduced in iPhone 12 smartphones last year to support the MagSafe charging technology can disrupt implantable cardioverter-defibrillator (ICD) medical devices.
The warning comes from three cardiac electrophysiology doctors from the Henry Ford Heart and Vascular Institute at the Henry Ford Hospital in Detroit, Michigan.
In a letter published in a medical journal [PDF] last month, doctors warned that the new iPhone magnets could potentially “inhibit lifesaving therapy in a patient, particularly when the phone is carried in an upper chest pocket.”
These magnets, arranged in a circle, play a role in aligning the iPhone with a MagSafe charger for wireless charging operations.
Research published in 2009 has previously shown that any type of magnet, radio, or electronic equipment that generates a magnetic field stronger than 10 gauss can trigger internal systems inside ICD devices and stop their operations.
The Henry Ford Hospital doctors said they carried out tests with the new iPhone 12, released last year, and found that the new magnets are strong enough to trigger these switches.
“Once the iPhone was brought close to the ICD over the left chest area, immediate suspension of ICD therapies was noted and persisted for the duration of the test (Figure 1). This result was reproduced multiple times with different positions of the phone over the pocket,” the doctors said.

“Contemporary studies [1, 2] have shown minimal risk of electromagnetic interference from ICDs and older-generation smartphones not having a magnetic array.”
The new warning comes to supersede an Apple support page published last year on the same topic.
In that page, Apple estimated that even if iPhone 12 models contained more magnets, the new models were “not expected to pose a greater risk of magnetic interference to medical devices than prior iPhone models.”
The tech giant did advise users of implanted pacemakers and defibrillators that in order to “avoid any potential interactions,” they should keep their iPhones and MagSafe chargers at a safe distance from their implants of more than 12 inches (30 cm).
Furthermore, Apple said that if users suspected that their iPhone or any MagSafe accessories are interfering with their medical devices, they should stop using their iPhone or MagSafe accessories right away. More

TikTok, the video-sharing social network, drove a lot of interest from consumers last year. It also piqued their interest in Virtual Private Networks (VPNs), according to new research.
The research by Brooklyn, NY-based security advisors Security.org found that interest in VPNs was directly correlated with newsworthy events.

ZDNet Recommends

The company measured the amount of web traffic in a day compared to the average web traffic of a week prior to the date and correlated this with significant events during 2020.
VPN technology is used for various reasons. It can be used to create a secure channel to communicate with the workplace protecting sensitive business information, to bypass government restrictions, or to hide activity from Internet Service Providers amongst others.
Almost one in 10 US adult VPN users cite whistleblowing, activism, or bypassing government or organization restrictions as a reason for use of VPN technology.
Security.org’s research showed that interest in VPN technology tends to increase significantly whenever there is a newsworthy event that impacts travel, or internet usage, or impacts working from home environments.
Security.org
On March 22020, the first deaths due to COVID-19 were reported, leading to an increase in VPN interest of 99 percent compared with average web traffic the week before..

On March 24 2020 when the postponement of the Tokyo 2020 Olympics was announced, there was a 78 percent increase in consumers’ VPN interest.
This was due to people looking to secure their at-home networks for the possibility of stay-at-home orders and working from home due to the pandemic.
On August 13, average consumer interest in VPNs increased by 74 percent when President Trump proposed a ban on TikTok in August 2020. Interest also spiked by 34% on September 20th – the day the TikTok ban was said to start.
When internet censorship is threatened, average consumer interest in VPNs increases, and consumers flock to buy routers – like the GL.iNet Beryl router which has VPN software built in to the router.
A VPN will allow people to access the internet in countries where restrictions are in place. Countries with levels of internet censorship can bypass firewalls to get to otherwise-restricted content.
As restrictions on free content continue to grow, I think that more and more of us will switch to VPN technology. We can then ensure that we have the freedom to access the content we want to and to communicate as if there were no restrictions at all – wherever we happen to live. More