Daily Digest (8/27)

Macy’s Sued Over Facial-Recognition Use; Unredacted Documents Show Internal Emails Questioning Google Privacy Settings; Thailand to Block Access to Websites That Violate Law; Russian National Arrested in Conspiracy to Hack Nev. Company. Click “Continue reading” below.

Macy’s Sued Over Facial-Recognition Use 

Macy’s has been sued in federal court in Illinois over its alleged use of facial-recognition software sold by Clearview AI. 

The class-action lawsuit alleged that the department-store retailer violated the Illinois Biometric Information Privacy Act — which requires written consent before biometric data is collected, CPO Magazine reports.

The action was filed earlier this month in U.S. District Court for the Northern District of Illinois in Chicago.

Macy’s and other large retailers have been revealed to be working with Clearview AI after the technology company experienced a data leak in February, exposing their client list of law-enforcement agencies and retailers. 

Before the leak, Macy’s claimed that Clearview only provided its software to law enforcement. 

The lawsuit claimed that Macy’s was actively profiting from the data by using biometric technology for marketing purposes and security. It seeks $1,000 for each incident of negligent violation and $5,000 for each intentional violation.

If approved, the action would also require Macy’s to delete any stored biometric identifiers and to stop using the facial-recognition software, according to CPO Magazine.

Sources (all external links):

Unredacted Documents Show Internal Emails Questioning Google Privacy Settings

Newly unsealed and unredacted documents from a consumer fraud suit in Arizona have revealed that Google employees questioned the company’s location and privacy settings. 

In 2018, The Associated Press reported that many Google services, on both Android devices and iPhones, were storing location data even if the user had turned on privacy settings, Ars Technica reports.

“There are a number of different ways that Google may use location to improve people’s experience, including: location history, web and app activity, and through device-level location services,” a Google spokesperson told AP at the time.

“We provide clear descriptions of these tools, and robust controls so people can turn them on or off and delete their histories at any time.”

However, Arizona sued Google in May for violating the state’s Consumer Fraud Act after Attorney General Mark Brnovich’s office launched its own investigation into the privacy settings following the AP report. 

The suit, which had been previously redacted, has been unsealed and unredacted. It showed several employee emails and chat logs, where workers agreed with the AP report and questioned the company’s settings. 

“I agree with the article,” one employee wrote. “‘Location off’ should mean location off, not except for this case or that case.”

Source: 

Thailand to Block Access to Websites That Violate Law

Thailand said Wednesday that it would act against online content that broke its laws.

In a news conference, Minister of Digital Economy and Society Buddhipongse Punnakanta said that any web address deemed to contain illegal material would receive a court order to block access in Thailand, The Associated Press reports.

The company would be given 15 days to comply or face legal action, he said.

“We are protecting our sovereignty, which may not mean protecting physical borders in the traditional sense but rather, as I said yesterday, that we are protecting our cyber sovereignty,” Buddhipongse told reporters in Bangkok.

Buddhipongse’s announcement comes after Thai authorities asked Facebook to block the “Royalist Marketplace” site, a group set up by Pavin Chachavalpongpun.

He is a 49-year-old Thai academic who lives in Japan. His site hosts open discussions and criticism about the country’s monarchy.

Facebook blocked access to the site Monday from within Thailand, but it remained accessible in other countries, AP reports. 

Pavin responded by setting up a similar Facebook group that had more than 700,000 members by Wednesday. 

Facebook told AP that it planned to legally challenge the government’s request.

Source: 

Russian National Arrested in Conspiracy to Hack Nev. Company 

A Russian national was arrested over the weekend and charged with trying to recruit an employee from a Nevada company to infect its corporate network so attackers could gain access to the firm’s information. 

Egor Kriuchkov was arrested Aug. 22, the Justice Department said. He allegedly sought to steal data from the network of the Nevada company, and publish it, Dark Reading reports.

Kriuchkov had demanded ransom for the company’s data, according to Dark Reading. 

In a Tuesday news release, the DOJ alleged that Kriuchkov met with the employee several times while visiting with a Russian passport and tourist visa.

He is accused of promising to pay the employee $1 million after they infected the company’s network with malware.  

Kriuchkov was charged with one count of conspiracy to intentionally cause damage to a protected computer and faces a maximum penalty of five years in prison and a $250,000 fine.

Sources: 

By DPN Staff