Month: July 2020

Groups Suing Police for Transparency on Stingray Surveillance Use

By Jackson Chen

More advocacy groups are suing law-enforcement agencies to get more information about their surveillance use of cell-site simulator technology.

The California-based Oakland Privacy citizens group in June accused the City of Vallejo of allegedly breaking the state’s privacy law in allowing its police department to spend $766,018 for a cell-site simulator device, also known as Stingrays.

The group’s court action noted that the city should have first approved a usage policy in a public setting — and that the posted policy on the city’s website just days after the purchase violated state requirements for getting a warrant prior to the device’s use.

“If we prevail, I hope it’ll set a good precedent,” Michael Katz-Lacabe, Oakland Privacy’s research director, told Digital Privacy News. “I see this as a warning shot to cities to take implementation of their policies that are complying with state law very seriously.”

Continue reading “Groups Suing Police for Transparency on Stingray Surveillance Use”

UK Government Admits Failing to Assess ‘Test and Trace’ Privacy Risks Properly

By Robert Bateman

The U.K. government has admitted that its COVID-19 “test and trace” program was begun in May without an appropriate “data-protection impact assessment” (DPIA) in place, with experts telling Digital Privacy News that the omission represented a serious breach of privacy law.

The revelation came in a July 15 letter from the government’s legal department, shared with Digital Privacy News via a news release from U.K. campaigning organization the Open Rights Group.

A DPIA is required under U.K. law before commencing any project carrying a high risk to individual privacy. The government claimed to have conducted several DPIAs covering aspects of the program but admitted it should have completed an overarching assessment before it launched on May 28.

Continue reading “UK Government Admits Failing to Assess ‘Test and Trace’ Privacy Risks Properly”

Why China’s New ‘Security Law’ Is a Dangerous Threat to Privacy in Hong Kong

By Patrick McShane

First of a series.

Last month, China imposed a sweeping new “security law” on Hong Kong — threatening the personal privacy of more than 7.5 million citizens and sending shivers throughout the global business community, which includes more than 1,500 U.S. companies. 

In this series of weekly reports, Digital Privacy News examines the ramifications of Beijing’s actions — beginning with today’s discussion of the historical events leading to China’s decision.

Twenty-three years ago this summer, the former British colony of Hong Kong was returned to Chinese sovereignty.

However, this extraordinary international event — popularly described as “The Hong Kong Handover” — only came about after more than a dozen years of often acrimonious negotiations between London and Beijing. 

Continue reading “Why China’s New ‘Security Law’ Is a Dangerous Threat to Privacy in Hong Kong”

COVID Forcing Small Businesses to Address Privacy Issues

By Joanne Cleaver

One of the first things Stephanie Genkin did as a new certified financial planner was establish her business-financial accounts separate from her personal accounts. 

That’s a proactive step she fears some last-minute entrepreneurs might overlook in the scramble to earn extra income to get through the economic crisis induced by the coronavirus pandemic. 

“No matter what deal you get for your personal finances, don’t mix that with business,” the Brooklyn-based planner told Digital Privacy News.

That goes for credit cards, bank accounts and, currently, loans through U.S. government programs intended to aid households and small businesses.

Continue reading “COVID Forcing Small Businesses to Address Privacy Issues”

Q&A: Psychologist Elaine Kasket

How Your Death Affects Your Privacy

By Bree Brouwer

Speaker and psychologist Elaine Kasket is a longtime scholar of death in the digital age.

Her recent book — “All the Ghosts in the Machine: The Digital Afterlife of Your Personal Data” — addresses modern privacy challenges from birth to beyond death.

Kasket told Digital Privacy News that privacy proponents should know everything possible about their digital afterlife and how to manage it.

Continue reading “Q&A: Psychologist Elaine Kasket”
Filed under:

EU Strikes Down Privacy Shield, With Major Implications for UK Economy

By Robert Bateman

The world of digital privacy was shaken this month, when the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield framework, which allows certain businesses to freely transfer personal information from the E.U. to the U.S.

The E.U. court ruled July 16 in Luxembourg that U.S. surveillance laws violated the privacy of European citizens. International data transfers to the U.S. can still take place, however, subject to standard contractual clauses to protect personal information, written by the European Commission.

Experts on both sides of the Atlantic told Digital Privacy News that the U.K., which has similarly intrusive surveillance laws to the United States, could be disproportionately affected by the decision.

Continue reading “EU Strikes Down Privacy Shield, With Major Implications for UK Economy”

Facebook Touts Messenger Rooms as Zoom Alternative, But Experts Question Claims

By Aishwarya Jagani

Facebook recently debuted its Messenger Rooms group video-chat service, touting it as a safer alternative to the Zoom’s embattled video-conferencing platform, but experts tell Digital Privacy News that’s not the case.

“In terms of privacy, I would consider FBMR to be slightly higher-risk than Microsoft Teams and definitely better than Zoom, but on a par with Google Meet,” said U.K. privacy expert Rowenna Fielding.

“Both Facebook and Google’s business model is based on harvesting people’s data to profile them for microtargeting of advertising,” she explained, “whereas Microsoft doesn’t data-mine enterprise products — and Zoom has clarified that they don’t data-mine user content at all.”

Fielding, head of individuals’ rights and freedoms at the data-protection consultancy Protecture in Bristol, was just as ambivalent about Messenger’s security features.

Continue reading “Facebook Touts Messenger Rooms as Zoom Alternative, But Experts Question Claims”

Researchers Wary of Census Bureau’s Plan to Use ‘Differential Privacy’ in 2020 Count

By Tammy Joyner

As a demographer, Alexis Santos relies heavily on census data to track public-health disparities, especially in communities of color.

But a proposed change by the U.S. Census Bureau designed to further safeguard the confidentiality of its data threatens to upend the work of Santos and other researchers.

The bureau wants to use a new algorithm called differential privacy, beginning with this year’s census.

“Differential privacy is more concrete,” Maria Filippelli, a public-interest technology fellow at the New America think tank in Washington, told Digital Privacy News. “It’s more technical.

“In the end, a set of mathematical equations or algorithms will process the data, so that it’s more secure,” she said.

Continue reading “Researchers Wary of Census Bureau’s Plan to Use ‘Differential Privacy’ in 2020 Count”

The US Hasn’t Passed a Strong Data-Privacy Law in 20 Years. It’s Not Getting Easier

By Charles McDermid

Two most-recent privacy bills introduced to Congress indicate an increasingly partisan approach to surveillance technology, adding yet another stumbling block for U.S. lawmakers who have not passed a significant federal data-protection law in two decades, experts told Digital Privacy News. 

More than a dozen privacy bills now are before Congress, including the additions last month of the Democratic-backed Facial Recognition and Biometric Technology Moratorium Act of 2020 and the Lawful Access to Encrypted Data Act, which was put forth by Republicans. 

In the past, bipartisanship had emerged around national surveillance issues — such as the USA Freedom Act of 2015, which updated parts of the Patriot Act — but privacy advocates now worry that today’s polarized political arena could worsen the legislative logjam.

The U.S. remains one of the last developed countries that does not have any national consumer privacy or data-security laws, or its own federal data-protection agency.

Continue reading “The US Hasn’t Passed a Strong Data-Privacy Law in 20 Years. It’s Not Getting Easier”

Electronic Warrants Aid Police, But Post-Arrest Privacy Is Not Assured

By Samantha Stone

It was a birthday celebration. Or was it a post-divorce party? Either way, the evening ended with flashing lights in the rear-view mirror.

Highway patrol officers asked the driver for a blood sample. She was within her legal rights to refuse. Authorities then scrambled for a warrant to take her blood without consent.

“In the old days, if you refused, they were just out of luck,” attorney Paul Burglin, dean of the National College for DUI  Defense in Montgomery, Ala., told Digital Privacy News.

Or, they ended up in court.

“There were cases in Arizona where the cops were sticking a needle in suspects in the back of the patrol car,” Burglin said. “They were holding people down in California and forcibly taking a sample.”

Continue reading “Electronic Warrants Aid Police, But Post-Arrest Privacy Is Not Assured”

Q&A: Data-Protection Expert Emmanuel Pernot-Leplay

‘Each of These Laws Bears High Stakes for Global Economics, Politics and Our Daily Lives’

By Charles McDermid

Emmanuel Pernot-Leplay is making a career in the space where global privacy laws collide.

The 32-year-old from Paris graduated from law schools in France and China before earning a Ph.D. in comparative data-protection law at Shanghai Jiao Tong University, focusing on the U.S., China and the European Union. 

For the last two years, Pernot-Leplay has worked as a consultant at Deloitte Cyber Risk in Paris, advising clients on data-privacy compliance. This month, he starts a new position as a postdoctoral researcher in technology law at Tilburg University in the Netherlands.

“I first studied theories on the diffusion of laws and the movement of policies across jurisdictions to build the framework I use for comparing laws globally,” he said this week. 

Continue reading “Q&A: Data-Protection Expert Emmanuel Pernot-Leplay”
Filed under:

Churches Grappling With Online Giving, Data Issues From COVID

By Joanne Cleaver 

Digital giving has been heaven-sent for churches, which have been forced to pivot from on-site to online worship and community in the COVID-19 pandemic.

But in the process of shifting from cash in the collection plate to digital platforms, privacy has not always been a top consideration.

Churches are catching up as they abandon potluck privacy to the more stringent standards required by formalized digital transactions that are subject to financial regulations.

“Churches have rich information about members, from dates of birth to marriage status — information that advertisers would pay a premium to access,” Walle Mafolasire, founder of Givelify, a digital-giving platform for churches and nonprofits based in Indianapolis, told Digital Privacy News.

Continue reading “Churches Grappling With Online Giving, Data Issues From COVID”

College Athletes Returning to Campus with Temp Checks and Contact-Tracing

By Samantha Cleaver

When student athletes at the University of Louisville returned to campus the first week of June, they were met with drive-up coronavirus testing at the campus stadium.

Besides testing, the University of Louisville campus had put other protections in place, such as allowing only small groups of athletes to return, opening training sites with limited occupancy and encouraging social-distancing and wearing masks.

So far, the athletic department at Louisville has not provided any results from the testing they’ve done, Kenny Klein, senior associate athletic director, told Digital Privacy News.

The sample size has been small, and because so few students were on campus, individuals could be identified through reporting.

As student athletes continue to return to colleges, they are the first wave of university students to experience COVID-19 testing, and the privacy measures that come with it.

Continue reading “College Athletes Returning to Campus with Temp Checks and Contact-Tracing”

Facebook Hires Firm in Hack to Help FBI Find Child Predator

By Nora Macaluso

Last of two parts.

In two recent cases, law enforcement joined with social media to track, arrest and charge criminal suspects. The moves raise many privacy concerns, experts say. This report examines the ramifications of Facebook’s hiring of a cybersecurity firm to help the FBI find a child predator.

Facebook’s hiring of a cybersecurity firm in 2017 to help it and the FBI hack into Tails, the popular Linux-based operating system used for secure communications, to track down a child predator has some experts concerned about potential privacy ramifications.

Others say the incident was a one-off, the result of an unusual set of circumstances unlikely to recur.

Either way, the idea of a major technology company helping to expose one of its users was likely unprecedented. 

“This story raises the likelihood that prosecutors, both at the federal and state levels, are experimenting with techniques they don’t understand the implications of,” said Alan Butler, interim executive director and general counsel at the Washington-based Electronic Privacy Information Center (EPIC).

Vice.com’s Motherboard site reported in June that Facebook had worked with a third party to develop a tool to hack into Tails and identify the IP address of Buster Hernandez, a California man who used the platform to threaten and extort teenage girls.

Continue reading “Facebook Hires Firm in Hack to Help FBI Find Child Predator”

Law Enforcement Using Social Media to Track Criminal Suspects

By Jeff Benson

First of two parts.

Law enforcement recently tapped social media to find, arrest and charge two criminal suspects. The actions raise many privacy concerns, experts say. This report details how the FBI leveraged social media data to find a suspect in the torching of two Philadelphia police vehicles during the recent social-justice protests.

The police car sat outside Philadelphia City Hall on May 30, its windows smashed, its side emblazoned with graffiti. The nationwide protests against George Floyd’s death that month were in full swing.

A demonstrator approached with a flaming shard from a shattered barricade in her hand. She set the police sedan alight, and then did the same to an agency SUV.

The woman, though masked and goggled, had several distinguishing characteristics: a peace sign on her arm and a blue shirt that read “Keep the immigrants, deport the racists.”

Those identifying markers, coupled with her online activity, were the clues the FBI needed to identify her as Lore-Elisabeth Blumenthal and arrest her. She’s awaiting trial on arson charges. If convicted, she faces up to 80 years in prison.

Continue reading “Law Enforcement Using Social Media to Track Criminal Suspects”

Tech Makes ‘Farm Living’ Easier, But Not Without Privacy Risks

By Christopher Adams

When considering digital privacy, farming isn’t the first thing that comes to mind. Agricultural methods still are thought of as legacy ones, but technology has changed that.

From sensors, satellites and drones to operations software and mobile apps, high-tech is being used to feed the globe. But like everything else connected in the IoT world, privacy concerns invariably show up at the doorstep.

“This is an issue that I’ve been talking about for a long time now,” Roger Royse, a partner in the California law firm of Haynes and Boone, told Digital Privacy News.

Continue reading “Tech Makes ‘Farm Living’ Easier, But Not Without Privacy Risks”

Q&A: Carnegie Mellon’s Aleecia M. McDonald

Social Media Privacy Is Not an Oxymoron

By Maureen Nkatha

In 2018, Cambridge Analytica exploited the private information of more than 50 million Facebook users to influence the 2016 presidential election.

This data breach and many others have prompted advocacy for tighter regulations.

Aleecia M. McDonald, an assistant professor at Carnegie Mellon University’s Information Networking Institute, says social media companies must protect users by allowing them to download their data, by disclosing what information has been “shared,” by letting them bar third-party access to their data and by providing ways to delete information completely.

Continue reading “Q&A: Carnegie Mellon’s Aleecia M. McDonald”
Filed under:

Mactaggart: Changing Privacy Rights in Calif. Far From Over

By Terry Collins

California privacy advocate Alastair Mactaggart’s two goals recently leaped major hurdles, but he admits more obstacles still must be jumped to reach the next finish line.

Last month, his Californians for Consumer Privacy (CCP), obtained 931,000 signatures — eclipsing the 685,000 needed — to get his latest initiative, the California Privacy Rights Act (CPRA), on the November ballot.

The initiative would further strengthen the California Consumer Privacy Act (CCPA), which Mactaggart also began and is being enforced statewide.

Still, he believes the law isn’t tough enough.

If voters approve the latest initiative, CPRA would create a so-called California Privacy Protection Agency (CPPA), which would be outside the purview of the California attorney general’s office.

But CPRA wouldn’t take effect until 2023 — and, similar to CCPA, the latter initiative would be applied to data collected in 2022.

Get all of that?

Continue reading “Mactaggart: Changing Privacy Rights in Calif. Far From Over”

DuckDuckGo Seeks to Assure Online Privacy in Times of Uncertainty

By Gregory Austin

Internet privacy company DuckDuckGo Inc. has invested in more than 2,000 billboards across the United States and in Europe to inform internet users of their privacy options.

People are becoming increasingly uncomfortable and creeped-out online, Kamyl Bazbaz, the company’s vice president of communications, told Digital Privacy News. They feel restricted to many untrustworthy companies that have overrun the internet.

“Nobody has to choose” between privacy and extensive online access, Bazbaz said. “Privacy online should be simple and accessible to everyone — period.”

The billboards, the cost of which Bazbaz declined to disclose, reflect this sentiment and come amid great unrest.

Continue reading “DuckDuckGo Seeks to Assure Online Privacy in Times of Uncertainty”

Facebook’s German Court Loss Opens New Front Against Privacy Violations

By Robert Bateman

Germany’s top court last month confirmed a decision by the nation’s Federal Cartel Office restricting how Facebook combines personal information across its platforms — including WhatsApp and Instagram — and collects data using tracking technologies.

The case shows how competition law can be used to curb big tech’s data-harvesting operations, opening a second front against privacy violations — alongside the E.U.’s General Data Protection Regulation (GDPR).

Continue reading “Facebook’s German Court Loss Opens New Front Against Privacy Violations”