Daily Digest (8/21)

Dem Senators Introduce Bill to Extend Nationwide Restrictions on Facial Recognition; Ex-Uber Security Chief Charged With Concealing Hack from US Agencies; Mich. College Tracks Students With Flawed App; Weather Channel Agrees to Change Practices in Settlement. Click “Continue reading” below.

Dem Senators Introduce Bill to Extend Nationwide Restrictions on Facial Recognition

Democratic Sens. Jeff Merkley, Ore., and Bernie Sanders, Vt., proposed legislation Thursday to extend nationwide restrictions on collecting facial-recognition data currently in effect in Illinois.

The National Biometric Information Privacy Act would extend two parts of the Illinois Biometric Information Privacy Act (BIPA): limiting how people’s biometric data is collected and giving individuals the right to sue companies that violate the terms, ThreatPost.com reports. 

The bill also would require companies to obtain written consent before recording anyone’s biometric data. 

The senators’ proposal comes as police departments nationwide are under fire for use of face technology during the recent Black Lives Matter protests.

“We can’t let companies scoop up or profit from people’s faces and fingerprints without their consent,” Merkley said in a statement. “We have to fight against a ‘Big-Brother’ surveillance state that eradicates our privacy and our control of our own information, be it a threat from the government or from private companies.”

Sources (all external links:)

Ex-Uber Security Chief Charged With Concealing Hack from US Agencies

Uber’s former security chief was charged Thursday with trying to conceal from federal investigators a hacking incident in 2016 that exposed the email addresses and cellphone numbers of 57 million drivers.

The criminal charges were filed against Joe Sullivan, 52, in U.S. District Court in San Francisco, The New York Times reports, and allegedly are the first against an executive in response to a company’s security incident.

The charges show a distinction between failing to protect the computer network and failing to tell authorities about a breach, according to the report.

“When a company like Uber gets hacked, we expect good corporate citizenship, we expect prompt disclosure to the employee and consumer victims in that hack,” U.S. Attorney David Anderson told the Times.

“In this case, what we saw was the exact opposite of good corporate behavior.”

Sullivan was fired in 2017 when his handling of the data breach was discovered. He could face up to eight years in prison if convicted.


Mich. College Tracks Students With Flawed App 

Albion College, a small liberal arts school in Michigan, now requires students to download and install a contact-tracing app called Aura, allegedly to help manage a COVID-19 outbreak on campus.

But the Aura app actually is designed to track students’ real-time locations around the clock — and students cannot opt out, TechCrunch reports.

Students who turned off their locations could be suspended or removed from campus, Albion said in its initial announcement.

But parents, alarmed by privacy concerns, have started a petition to make the app optional.

According to TechCrunch, Aura updates the school when a student tests positive for COVID. It also has a contract-tracing feature that alerts students when they have come in close proximity to someone with the virus.

But upon rolling out the app, two security vulnerabilities were discovered, though they had been fixed. One allowed access to Aura’s back-end servers. 


Weather Channel Agrees to Change Practices in Settlement

The owners of the Weather Channel mobile app, TWC Product and Technology LLC, and the company’s owner IBM Corp., will change how it informs users about its location-tracking practices and sale of personal data.

The changes come in a settlement with the Los Angeles city attorney’s office, stemming from a lawsuit last year alleging that app users were misled when they agreed to share their location information in exchange for personalized forecasts and alerts, The Associated Press reports. 

Los Angeles City Attorney Mike Feuer claimed that users were unaware that their personal data would be sold to third parties.

The app’s disclosure screens initially were revised after the lawsuit was filed. Future changes, to be monitored by the city attorney’s office, also are planned.

“Users will now clearly know that they have the choice to provide access to their locations,” Feuer told a Wednesday news conference. “It shows that we don’t have to sacrifice our privacy for things of value.”

IBM bought the app along with the digital assets of the Weather Co. in 2015 for $2 billion, AP reports. 


By DPN Staff