Month: August 2020

Q&A: HIBP’s Troy Hunt

The Public Needs to Know Where Their Data Has Been

By Emilie Rodriguez

The Adobe data breach occurred in October 2013, the largest known at the time. Hackers exposed user account information, created a source code leak, and stole nearly 3 million encrypted customer credit card records.

An estimated 38 million users were affected.

After the incident, Troy Hunt, an Australian internet security professional, started the website “Have I Been Pwned” (HIBP).

Continue reading “Q&A: HIBP’s Troy Hunt”
Filed under:

Health-Data Rules Still Under Fire Months After HHS Decision

By David Tobenkin

Data stakeholders in the health care industry continue to express privacy concerns over two new U.S. Department of Health and Human Services (HHS) rules for sharing sensitive, private patient information by providers.

“We remain gravely concerned that patient privacy will still be at risk when health care information is transferred outside the protections of federal patient privacy laws,” said Matt Eyles, president and CEO of America’s Health Insurance Plans (AHIP), after the rules were issued in March.

“Individually identifiable health care information can readily be bought and sold on the open market and combined with other personal health data by unknown and potentially bad actors.

Continue reading “Health-Data Rules Still Under Fire Months After HHS Decision”

Public PPP Loan Data Strips Anonymity From Private Firms

By Joanne Cleaver

Fuse Financial Partners received a $150,000 potentially forgivable loan through the Paycheck Protection Program (PPP), created by Congress as part of the federal CARES Act.

And the whole world knows about it.

David Worrell, the firm’s managing partner, used the money as Congress intended: to continuing paying his 10 employees.

Continue reading “Public PPP Loan Data Strips Anonymity From Private Firms”

UK Pays AI Firm to Trawl Voters’ Twitter Data

By Robert Bateman

The U.K. government paid the artificial intelligence firm Faculty $524,000 to trawl and analyze the Twitter activity of the nation’s voters, according to an investigation by the campaign group Big Brother Watch.

The probe, disclosed by The Guardian on Aug. 10, revealed that Faculty was contracted to provide “topic analysis of social media” and gauge public response to the government’s handling of the COVID-19 crisis.

Continue reading “UK Pays AI Firm to Trawl Voters’ Twitter Data”

Distrust From Beijing Law Extends to Free COVID Testing Program

Protesters mark up advertising signs in Hong Kong.

By Patrick McShane

Last of a series.

China imposed a sweeping “national security law” on Hong Kong in June — threatening the personal privacy of nearly 7.6 million citizens and sending shivers throughout the global business community, including over 1,500 U.S. companies.

Digital Privacy News has been examining the ramifications of Beijing’s decision. Today’s report discusses how Hong Kong residents remain wary of Beijing’s plan for free mass COVID-19 testing.

Free COVID-19 test?  No, thanks.

Mistrust in the Hong Kong government among citizens now is so strong that even the offer of a free COVID-19 test is getting precious few takers.

Continue reading “Distrust From Beijing Law Extends to Free COVID Testing Program”

Q&A: Sen. Ron Wyden, D-Ore.

Privacy and Encryption Make Us Safer

By Jeff Benson

Last of two parts.

Sen. Ron Wyden is well aware that Washington isn’t monolithic.

The legislator works in a capital city stacked with regulatory bodies and law-enforcement agencies with their own agendas.

In today’s Digital Privacy News interview, the senior senator from Oregon discusses pushing the Federal Trade Commission (FTC) to crack down on shady data brokers, the debate over creating encryption backdoors for the FBI — and why government agencies shouldn’t be able to buy personal data they’d otherwise need a warrant to get.

Continue reading “Q&A: Sen. Ron Wyden, D-Ore.”
Filed under:

Q&A: Sen. Ron Wyden, D-Ore.

‘There Really Is an Opportunity to Pass Meaningful Privacy Legislation’

By Jeff Benson

First of two parts.

Sen. Ron Wyden moved from the U.S. House of Representatives to the Senate in 1996 on the most analog of agendas: He was a big proponent of wood products, an industry that forested Oregon dominated.

Yet his move coincided with the advent of the digital age.

Before his House term ended, he crafted what became known as Section 230, which gave websites the power to moderate user-generated content while protecting them from libel laws applicable to newspapers.

The law helped turn internet companies into big business.

Now, Wyden is grappling with how to keep Big Tech from abusing citizens’ privacy.

Last year, he introduced the Mind Your Own Business Act, which would hold big-tech companies responsible for protecting users’ personal data — and impose criminal penalties for CEOs who lie to Congress or regulators about privacy.

Continue reading “Q&A: Sen. Ron Wyden, D-Ore.”
Filed under:

GOP Using ‘Smart Badges’ at Convention, Raising Privacy Flags

By Joanne Cleaver 

Tagged so they can be bagged.

Participants in the Republican National Convention next week will wear electronic “smart badges” that document their movements to speed contact-tracing should anyone subsequently develop COVID-19.

Some elements of the scaled-down convention will be held in Charlotte, N.C., Monday through Thursday. Attendees will be assigned badges that communicate with one another to document where the badge-wearers are, and who they move close to, within the confines of the location. 

Continue reading “GOP Using ‘Smart Badges’ at Convention, Raising Privacy Flags”

UK Court Spurns Police in First Legal Test of Face Recognition

By Robert Bateman

A landmark legal challenge to the use of facial-recognition technology has succeeded, with the U.K.’s Court of Appeal ruling this month that police in South Wales used automated facial recognition in violation of fundamental human rights.

Edward Bridges, a Cardiff resident supported by a human-rights group, Liberty, argued that the police had not adequately assessed how facial-recognition technology could violate individual “rights and freedoms” nor considered how the technology could be biased along racial and gender lines.

The Court of Appeal made its unanimous ruling Aug. 11. The South Wales Police has accepted the verdict and will not appeal to the Supreme Court.

Continue reading “UK Court Spurns Police in First Legal Test of Face Recognition”

National ID Cards Pose Inherent Privacy Dangers in Hong Kong

By Patrick McShane

Fourth of a series.

In June, China imposed a sweeping new “national security law” on Hong Kong — threatening the personal privacy of nearly 7.6 million citizens and sending shivers throughout the global business community, including over 1,500 U.S. companies.

In these weekly reports, Digital Privacy News examines the ramifications of Beijing’s decision. Today’s report details how mandatory national ID cards can be abused to spy on Hong Kong citizens.

Not many Americans even think about being legally required to carry a national ID card at all times — but they’d probably be surprised at how many other nations have this requirement.

All the standard authoritarian regimes long have mandated national ID cards: Russia, China, North Korea, Cuba, Saudi Arabia, Iran, Iraq, Kuwait. But, so do several more “liberal” societies — Spain, Portugal, Greece and Luxembourg.

Continue reading “National ID Cards Pose Inherent Privacy Dangers in Hong Kong”

Bill to Ban ‘Fake News’ in Brazil Under Bitter Attack Across Globe

By Sakshi Udavant

Brazilian senators have passed a bill that bars what the government considers “fake news” — and privacy advocates worldwide have bitterly attacked the legislation as threatening freedom of expression and the right to privacy.

“This measure will target every viral sharing as suspect and will potentially endanger users that forward content for different reasons,” Thiago Oliva and Nathalie Fragoso, heads of research at InternetLab, an independent research center in Brazil, told Digital Privacy News in a joint statement.

“The risk is also present that social movements and activists end up being targeted if a court requests the data associated with their messages,” they continued. “The bill does not limit data requests to cases of evident intention to fraud or disinform.

“The current drafting could be interpreted in ways that require the messaging apps to retain data from all conversations, given that any message can become viral after being sent and forwarded,” they said.

Continue reading “Bill to Ban ‘Fake News’ in Brazil Under Bitter Attack Across Globe”

Q&A: STOP’s Liz O’Sullivan

Surveillance Disproportionately Affects Vulnerable Communities 

By Jeff Benson

Last year, with help from the nonprofit Urban Justice Center in New York, privacy advocates formed the Surveillance Technology Oversight Project (STOP). Their goal was to litigate against oversurveillance and push legislation that protects the rights of marginalized communities, who often are most affected by that surveillance.

STOP Technology Director Liz O’Sullivan told Digital Privacy News that government surveillance was a hallmark of the New York City Police Department (NYPD), which has used it to target Muslim Americans after the 9/11 attacks and could now quiet Black Lives Matter protests.

Continue reading “Q&A: STOP’s Liz O’Sullivan”

EEOC Says ADA Bars Employee Antibody Testing, For Now

By Myrle Croasdale

Employers can check employees’ temperatures, and they can require a COVID-19 virus test. Both as a condition for returning to work.

But what they can’t do, at least for now, is ask them to submit to a COVID antibody test.

In June, the U.S. Equal Employment Opportunity Commission (EEOC) determined that under the Americans with Disabilities Act (ADA), an antibody test was a medical examination and that employees with these antibodies did not present a direct threat to others at work.

“The ADA at this time does not allow employers to require antibody testing before allowing employees to re-enter the workplace,” the EEOC announcement said.

The ADA governs disability-related inquiries and medical exams and prohibits employers from excluding employees with a disability from the workplace for health and safety reasons unless the employee’s health poses a direct threat to others.

“An antibody test at this time does not meet the ADA’s ‘job-related and consistent with business necessity’ standard for medical examinations,” the commission stated.

The key here, some experts told Digital Privacy News, is the “direct threat” issue.

Continue reading “EEOC Says ADA Bars Employee Antibody Testing, For Now”

Leaked Data Fears Rise With Used Police Body Cameras and Phones

By Jason Collins

This is the age of the camera phone, where everything is recorded. But with this change in social etiquette, a new issue of digital privacy arrives.

If someone takes a video of you, for instance, do they own that footage? Also, if someone buys a used camera — and photos still are on it — who owns that digital information? 

Police use body cameras regularly, capturing routine events and nearby people who may have not given consent. Their faces simply are included because of proximity.

But what happens when officers lose a camera — or one is misplaced or not properly decommissioned before it is sold? 

This summer, a Twitter user, @d0tslash, purchased an older Axon body camera that had been used by the military police at Fort Huachuca in Arizona. When he opened it, he discovered a microSD card and could access all the footage — video and audio.

Continue reading “Leaked Data Fears Rise With Used Police Body Cameras and Phones”

NY Tenants Fight Off Smart-Home Tech, But Laws Lag Behind

“We never asked for it,” Fabian Rogers says of face technology in the Brooklyn, N.Y., apartment complex where he lives.

By Mary Pieper

In the fall of 2018, Fabian Rogers and his fellow tenants in the Atlantic Plaza Towers apartment complex in Brooklyn learned their landlord wanted to install a facial-recognition system for the locks in the building.

“We never asked for it,” Rogers told Digital Privacy News.

Rogers, 25, a community advocate who has lived at Atlantic Plaza since he was 10, said the tenants already felt like they were being constantly watched.

The Nelson Management Group, which owned and operated the complex since 2007, had installed surveillance cameras “in almost every nook and cranny of the building,” he said.

But the latest proposed security measure, in particular, raised alarms. Tenants had all kinds of questions about the facial-recognition technology, Rogers said.

Continue reading “NY Tenants Fight Off Smart-Home Tech, But Laws Lag Behind”

China Law Makes ‘White Terror’ a New Reality in Hong Kong

By Patrick McShane

Third of a series.

In June, China imposed a sweeping new “national security law” on Hong Kong — threatening the personal privacy of nearly 7.6 million citizens and sending shivers throughout the global business community, including over 1,500 U.S. companies.

In these weekly reports, Digital Privacy News examines the ramifications of Beijing’s action. Today’s report discusses how the new law affects the daily lives of Hong Kong residents.

Life has drastically changed for Hong Kong’s nearly 7.6 million people, including its 90,000 American citizens, in the six weeks since Beijing imposed its sweeping “national security law.”

The law has snatched away the privacy in virtually every aspect of citizens’ lives, from education and entertainment to career advancement — even physical safety.

As a result, a growing “white terror” of political persecution has descended on the city.

Until recently, Hong Kong possessed what The Economist magazine in London called “a flawed democracy.”

But now, with the implementation of the security law, many feel that the city has become a police state.

“Overnight”, Lee Cheuk-yan, a Shanghai-born, former Hong Kong city legislator told reporters last month, “Hong Kong has gone from rule of law to rule by fear.”

In societies that are not fully free, political pressures can be implanted into a population with such subtility that early on, it’s almost impossible to perceive.

But it soon becomes as fearsome as sighting a shark fin during an ocean swim.

Continue reading “China Law Makes ‘White Terror’ a New Reality in Hong Kong”

Rating Big Tech CEOs’ Answers to Congress on Digital Privacy

By Jeff Benson

Four of the most successful businessmen in history — Facebook’s Mark Zuckerberg, Amazon’s Jeff Bezos, Apple’s Tim Cook, and Alphabet’s Sundar Pichai — testified last month before Congress about potentially anticompetitive practices.

Their July 29 session before the House Judiciary Subcommittee on Antitrust, Commercial and Administrative Law came as part of the panel’s yearlong investigation of whether these technology giants were in fact monopolies using their market size to steal from, subsume or eliminate competitors. 

Continue reading “Rating Big Tech CEOs’ Answers to Congress on Digital Privacy”

Q&A: Better Identity Coalition’s Jeremy Grant

Your Social Security Number Isn’t a Secret

By Lisa Rabasca Roepe

After roughly half of Americans’ Social Security numbers were compromised in the 2017 Equifax breach, Jeremy Grant, founder of the industry group, the Better Identity Coalition, proposed a way to stop identity theft.

His plan: Tell banks and credit agencies to stop using Social Security numbers to authenticate individual identity.

Instead, government agencies, such as state motor-vehicle departments or the Social Security Administration, could confirm a person’s identity — at the individual’s request. 

Continue reading “Q&A: Better Identity Coalition’s Jeremy Grant”
Filed under:

Cannabis Sales Rising — and so Are Questions About Privacy, Security

By Rob Sabo

Retail marijuana is big business, with retail pot sales expecting to approach $30 billion by 2023.

By comparison, the entire U.S. market for organic fruits and vegetables was $5.8 billion last year.

Cannabis has been decriminalized in 27 U.S. states — and adult-use recreational marijuana is available for purchase in 12 of them.

Both recreational cannabis users and medical marijuana customers must provide a government-issued identification card to prove they are at least 21 or have a prescription to access dispensaries.

Continue reading “Cannabis Sales Rising — and so Are Questions About Privacy, Security”

Does Randonautica Take Your Data for an Adventure, Too?

By Rachel Looker

It’s not often I get into my car and not know where I’m going. 

Channeling my inner Gen Zer and TikToker, I downloaded the Randonautica app on my cellphone, letting fate — or randomly generated coordinates — decide where to go. 

The Randonautica app, launched earlier this year, was created by Randonaut LLC, which — according to its terms of use — is based in Papillion, Neb.

The app is described on its website as a “quantumly generated, choose-your-own adventure reality game” for users to explore the world around them by visiting randomly generated points.

Before a user goes randonauting, however, they are encouraged to set a purpose or “intention” for something they hope to find on a trip.

Intentions may range from a certain emotion to a color or to any abstract concept or symbol. The user then shares their location through the app and travels to the provided coordinates.

Continue reading “Does Randonautica Take Your Data for an Adventure, Too?”