Daily Digest (5/22)

ND Coronavirus App Caught Sharing Data With NYC Location Firm; Judge: Police Just Turning on Cellphone Qualifies as a Search; Data From 40M Wishbone App Users Leaked Online; States Suspending Public-Records Access Over COVID-19. Click “Read more” below.

ND Coronavirus App Caught Sharing Data With NYC Location Firm

The North Dakota Department of Health’s Care19 app was discovered sending COVID-tracing data to a location-tracking company, an apparent violation of the app’s privacy policy.

Developed by ProudCrowd, the Care19 app sent data to Foursquare, which is based in New York, Mashable reported Thursday. The discovery was made and first published by the makers of the Jumbo privacy-focused app.

The app’s privacy policy appears to prohibit data-sharing, however.

“This location data is private to you and is stored securely on ProudCrowd, LLC servers,” read the policy, according to Mashable. “It will not be shared with anyone including government entities or third parties, unless you consent or ProudCrowd is compelled under federal regulations.”

Tim Brookins, Care19’s developer, acknowledged the company’s agreement with Foursquare but told The Washington Post, “We will be working with our state partners to be more explicit in our privacy policy.”

Foursquare itself told the newspaper that it discarded the location data it received via Care19 and did not monetize it.

Still, Jumbo CEO Pierre Valade said contact-tracing apps “do present unique privacy concerns,” Mashable reports. “Absolutely, we need to be vigilant.”

Sources (external links):

Judge: Police Just Turning on Cellphone Qualifies as a Search

A federal judge in Washington state ruled this week that the FBI’s viewing of a man’s cellphone after Seattle police did when he was first arrested violated his Fourth Amendment rights.

U.S. District Judge John Coughenour in Seattle determined Monday that when police first viewed Joseph Sam’s phone at his arrest in May 2019 and the FBI looking at it again later were two separate incidents, Ars Technica reports.

Police can conduct searches without a warrant under special circumstances, Coughenour wrote, and looking at the phone’s lock screen might have been permissible, as it “took place either incident to a lawful arrest or as part of the police’s efforts to inventory the personal effects” of the person arrested.

Sam, eventually indicted on charges related to robbery and assault, was using a Motorola smartphone at his arrest.

An officer on the scene, he said, pressed the power button to bring up the phone’s lock screen. But in February, the FBI also turned on the phone to take a photograph of the screen.

In a filing, Sam’s lawyer argued that evidence obtained by the FBI required a warrant. Coughenour agreed.

“Here, the FBI physically intruded on Mr. Sam’s personal effect when the FBI powered on his phone to take a picture of the phone’s lock screen,” the judge ruled.

That qualified as a “search” under the Fourth Amendment, he said, determining that the move was unconstitutional.

Sources (external links):

Data From 40M Wishbone App Users Leaked Online

Personal details of 40 million Wishbone app users have been leaked onto a hacking forum and were being offered as a free download, ZDNet reports.

Wishbone allows users compare two items in simple voting polls. The exposed data included usernames, emails, cellphone numbers and hashed passwords.

The data was being advertised across multiple hacking forums and being sold for as much as $,8000, according to ads seen by ZDNet.

Mammoth Media, which owns Wishbone, told ZDNet: “Protecting data is of the utmost importance. We are investigating this matter.”

The data apparently was obtained in a hack earlier this year, according to the report, and it remained unclear whether the individual who placed the ads was the actual attacker.

In 2017, data for 2.2 million Wishbone users was leaked.

Source (external link):

States Suspending Public-Records Access Over COVID-19

States are suspending or amending access to public records because of coronavirus.

Some governors, under the guise of emergency action, are ordering changes to public-records compliance during the pandemic, The Markup reports.

Other states and municipalities have made legislative changes, including New Jersey, where the legislature recently amended its open-records law.

An analyst with an association of state municipalities told NJ.com that officials “need the flexibility during emergencies to be able to run government and respond to the emergency at hand.”

But the Reporters Committee for Freedom of the Press recently found that several agencies were telling those seeking public records to expect delays throughout the pandemic.

Government-transparency advocates argue that access to public records is even more critical during a crisis.

Source (external link):

— By DPN Staff