Month: September 2020

Q&A: Technologist Cory Doctorow

‘We Can Pass Laws That Make Being Anti-Privacy Unprofitable’

By Jeff Benson

Second of three parts.

Technologist and author Cory Doctorow doesn’t buy the argument that we can’t regulate Big Tech because they’ll move overseas.

In today’s Digital Privacy News interview, the second of three parts, he said that U.S. laws allowed monopolies to expand across the globe, that changing those rules were “politically difficult” and that companies only cared about privacy if they could profit from it.

Continue reading “Q&A: Technologist Cory Doctorow”

European Court Spurns Challenge to UK Government Surveillance

By Robert Bateman

The European Court of Human Rights (ECHR) struck a severe blow to privacy advocates this month when it rejected a legal challenge to the U.K. government’s surveillance activities on procedural grounds.

The case was brought by advocacy groups, who argued that the government’s cellphone-hacking and surveillance violated European human-rights law.

The court ruled Sept. 3 that the case was inadmissible because the advocates had not exhausted the U.K.’s domestic legal procedures.

Continue reading “European Court Spurns Challenge to UK Government Surveillance”

Q&A: British Author Cory Doctorow

Breaking Up Monopolies Unleashes Innovation, Competition

By Jeff Benson

First of three parts.

Cory Doctorow is one of the world’s most prolific tech and science fiction writers.

In between releasing his second graphic novel, “Poesy the Monster Slayer,” in July and a sequel to “Little Brother” (due out in October), Doctorow managed to fit in a 27,000-word treatise on breaking up tech monopolies.

Published on OneZero late last month (and available for free to read), “How to Destroy Surveillance Capitalism” argues that the government needs to step up its antitrust efforts or else Facebook, Google and their ilk will invade people’s privacy with impunity.

In the first of a three-part interview, Doctorow told Digital Privacy News that breaking up monopolies helped tech grow, that Facebook won’t stop hoarding data on its own — and provided questions that really should be asked about Big Tech.

Continue reading “Q&A: British Author Cory Doctorow”

Review: ‘The Social Dilemma’

True Confessions But No Real Answers

By Kelvin Childs

“The Social Dilemma,” a Netflix documentary-drama by director Jeff Orlowski, shows the common ground that undergirds a society relentlessly being fractured with each “like,” tweet and click on social media.

Orlowski, 34, is behind such hit nature documentaries as “Chasing Ice” (2012) and “Chasing Coral” (2017).

In “Social,” Orlowski parades numerous former founders, executives and engineers from the likes of Facebook, Instagram, Twitter, Google, Apple, Uber and Firefox as if they are at a confessional — sounding the alarm about the Frankenstein they all had a hand in creating.

Yet, they disingenuously declare that no one’s fingerprints in particular are on the weapons they claim were formed from their work.

Tellingly, “Social” has no current representatives of the companies speaking to how — or, whether — they’ve course-corrected.

Facebook CEO Mark Zuckerberg appears in news footage evading congressional questions on his company’s responsibility and asserting that it can set things right with its algorithms.

But these former insiders and some outside critics, in rebuttal to Zuckerberg, say it can’t be done.

Continue reading “Review: ‘The Social Dilemma’”

Health Guidelines Seek to Protect Data Not Covered by HIPAA Law

By Myrle Croasdale

The “Wild West” of unprotected personal health data may be nearing an end.

Two organizations, the eHealth Initiative (eHI) and the Center for Democracy and Technology (CDT), have proposed voluntary privacy standards to protect consumer-generated health information not covered by the Health Insurance Portability and Accountability Act (HIPAA).

“With the rise of wearable devices, wellness apps and other online services, huge amounts of information reflecting users’ health are being created and held by entities that are not bound by HIPAA regulations,” Alexandra Reeve Givens, CDT’s president and CEO, told Digital Privacy News.

“We hope this framework serves as a first step to providing greater privacy rights and protections for consumers.”

Along with setting privacy standards, the draft framework recommends a self-regulatory enforcement model to hold participating organizations accountable.

Privacy experts, however, questioned the effectiveness of such an approach. 

Continue reading “Health Guidelines Seek to Protect Data Not Covered by HIPAA Law”

‘Heart-Breaking and Terrorizing’

Beijing Moves to Control Hong Kong Education by Intimidation, Censorship

Hong Kong police chase a 12-year-old girl this month before she was tackled and charged with violating COVID social-distancing rules.

By Patrick McShane

China imposed a sweeping new “national security law” on Hong Kong in June — threatening the personal privacy of nearly 7.6 million citizens and sending shivers throughout the global business community, including over 1,500 U.S. companies.

In these occasional reports, Digital Privacy News examines the ramifications of Beijing’s decision. Today’s report detail’s China’s efforts to revamp Hong Kong’s education system.

Much of the international media’s focus on Hong Kong has been on how China has taken over the political structure in the city.

But the Chinese Communist Party (CCP) also is working to take control of the city’s education system as well — from kindergarten and primary-school stage, through to the university level.

Continue reading “‘Heart-Breaking and Terrorizing’”

Google Faces $2.5B Lawsuit Over YouTube and Children’s Data

By Robert Bateman

Google faces a $2.5 billion class-action lawsuit in the U.K., over allegations that its YouTube video-sharing platform is “breaching millions of young peoples’ privacy and data rights.” 

The case is on behalf of an estimated 5 million children under 13 across England and Wales, according to a Sept.14 news release from the case’s legal team.

If successful, it would be the first class-action lawsuit against a tech company in Europe. 

Google, which acquired YouTube in 2006, is accused of violating U.K. law, which states that children under 13 are unable to consent to the collection of their personal information.

“They’re using this data to capture the attention of our children,” Duncan McCann, the representative claimant in the case, told Digital Privacy News. 

He has three children aged 13 or under, and McCann said he was concerned about how Google used their personal information on YouTube.

Continue reading “Google Faces $2.5B Lawsuit Over YouTube and Children’s Data”

‘Trusted Technology Partner’?

Privacy Experts Alarmed at Oracle’s Role in Proposed TikTok Deal

By Charles McDermid

The impact of the White House’s decision to ban TikTok and WeChat that began Sunday remained unclear, but global privacy experts were alarmed that Oracle Corp. could still become the “trusted technology partner” of the Chinese owner of the two widely popular apps.

They told Digital Privacy News that the possible deal marked the start of a global era of data localization, as nations scrambled to keep citizens’ personal data within their own borders. 

“It’s easier for a government to request data stored on its territory, provided that its laws authorize it,” said Emmanuel Pernot-Leplay, a researcher in data-protection law at Tilburg University in the Netherlands. “It’s much more difficult when it has to make a request for such data when they are stored abroad.

Continue reading “‘Trusted Technology Partner’?”

Q&A: University of Texas’ Murat Kantarcioglu

Online Voting Is Not Safe

By Patrick W. Dunne

With the concerns surrounding a U.S. Postal Service slowdown and voter suppression, discussions continue to grow about online voting for the 2020 election.

But many cybersecurity experts are skeptical, including Murat Kantarcioglu, a professor of computer science at the University of Texas at Dallas.

Kantarcioglu, who holds a doctorate in computer science from Perdue University, told Digital Privacy News that online voting lacked a meaningful method of self-auditing, which eroded trust in the system. 

Continue reading “Q&A: University of Texas’ Murat Kantarcioglu”

Workers, Homeowner Associations Square Off Over Rules in Pandemic

By Joanne Cleaver 

A home-based doggy boarding business nearly cost Dianna Sells her house.  

Sells didn’t realize that her retirement business of taking in sedate older dogs for short periods violated the rules and regulations of the homeowners association (HOA) in which her house is situated in Round Rock, Texas.

After all, her yard is big, the geriatric dogs were quiet — and many of her clients were neighbors. 

Then someone — Sells told Digital Privacy News she still doesn’t know who — complained to the association’s board.

Continue reading “Workers, Homeowner Associations Square Off Over Rules in Pandemic”

Back to School, Back to Crime?

Schools See Rise in Cyberthreats With Online Learning

By Samantha Cleaver

This fall, back to school means back on defense.

Schools in Haywood County, N.C., started remote learning last month. They then closed abruptly because of a cyberattack.

Later in the month, Palm Springs Unified Schools in California, also virtual, reported having to clear a hacking attack. The district addressed it with teacher, student and parent training.

This is the landscape for schools for the 2020-21 year. With networks branching out into households, and hackers well aware of the value of education data, phishing and ransomware attacks are expected to be a common occurrence, experts told Digital Privacy News.

Continue reading “Back to School, Back to Crime?”

The Security Flaw That Almost Knocked Apple Off Its Perch

By Felix Okendo

A flaw discovered this spring within Apple Inc.’s “Sign in With Apple” feature by an India-based developer brought him $100,000 through the company’s Security Bounty Program, part of an industry genre known as “bug-bounty programs.”

“Bug-bounty programs are likely becoming an important best practice for a widening swath of industries,” Graham Dufault, senior director for public policy at ACT-The App Association in Washington, told Digital Privacy News.

Such programs offer rewards to researchers for discovering and reporting bugs in software and hardware. In most cases, the flaws are related to vulnerabilities and exploits in the products — and companies pay well for the discoveries.

Continue reading “The Security Flaw That Almost Knocked Apple Off Its Perch”

UK Officials Reveal Proposals for Digital Identity Framework

By Robert Bateman

The U.K. government is developing a nationwide “digital identity” framework that would enable it to identify individuals across various public services.

Several news outlets have characterized the scheme as a plan to assign a so-called “digital ID card” to every citizen, a move that would concern many privacy advocates.

The U.K.’s proposals are still unclear, but they do not appear to involve a physical ID card. The government claims the framework would reduce fraud and check individual identities more easily.

Continue reading “UK Officials Reveal Proposals for Digital Identity Framework”

Q&A: Delegate Eleanor Holmes Norton, D-D.C.

Bill Seeks to Limit Use of Police Cameras

By Mukund Rathi 

Congresswoman Eleanor Holmes Norton, D-D.C., introduced the Federal Police Camera and Accountability Act in June 2019.

It was incorporated into the George Floyd Justice in Policing Act that recently passed the House of Representatives.

The bill regulates federal law-enforcement’s use of body and dashboard cameras.

Generally, it requires them to activate cameras when interacting with the public and to disclose videos on appropriate requests.

The legislation would affect the more than 30 federal law-enforcement agencies working in Washington.

Continue reading “Q&A: Delegate Eleanor Holmes Norton, D-D.C.”

Using Subpoenas in COVID Raise Privacy, Overpolicing Questions

By Tammy Joyner

Last of two parts.

The seven-month-old COVID-19 pandemic has raised a thorny ethical issue: When is it necessary to override a person’s privacy? And is policing obstinate behavior during a pandemic ethical?

“There’s very much this tension between individual privacy and protecting the public,” Kelly Hills, a bioethicist and co-principal of the Rogue Bioethics consultancy in Lowell, Mass., told Digital Privacy News. “We’re still working out what it means to do public-health ethics.”

Americans total 4% of the world’s population but account for nearly one in four of the world’s coronavirus cases — and a little more than one in five of the deaths globally, according to the Johns Hopkins Coronavirus Resource Center.

Continue reading “Using Subpoenas in COVID Raise Privacy, Overpolicing Questions”

NY Suburb Turns to Subpoenas to Stop Parties During Pandemic

By Tammy Joyner

First of two parts.

Tracking a killer is exhaustive work, especially when witnesses won’t cooperate.

Partygoers in the tony New York suburb of Rockland County recently found that out the hard way.

After being stonewalled, Rockland public-health officials in July served a group of obstinate revelers with subpoenas that carried a $2,000-a-day fine.

Rockland County contact-tracers, or disease detectives, had learned that some residents had contracted COVID-19 after attending a party of as many as 100 20-somethings in mid-June.

Continue reading “NY Suburb Turns to Subpoenas to Stop Parties During Pandemic”

Hacking-for-Hire Growing Bigger, Refined — and Far Too Common

By Nora Macaluso

Hacking-for-hire is becoming a bigger and more sophisticated tool in corporate espionage — and the market for such services is likely to continue, even as reports of high-profile, targeted attacks come to light, experts told Digital Privacy News.

Hacking-for-hire has become “more than just cracking a database and selling the information,” said Robert Siciliano, chief security architect at Protect Now in Boston. “Hacking today is a service, like hiring a lawyer or an accountant.”

Citizen Lab, a Toronto-based research laboratory focused on the intersection of digital technologies, human rights and global security, recently exposed a massive hacking operation targeting individuals and high-profile institutions worldwide.

Continue reading “Hacking-for-Hire Growing Bigger, Refined — and Far Too Common”

Saskatchewan Law Against Domestic Violence Raises Privacy Concerns

By David Gargaro

Saskatchewan has the highest rates of domestic violence per capita of all the 10 Canadian provinces — 1,066 incidents reported to police per 100,000 people in 2018, for instance — and officials recently took steps to curb such actions.

In June, Saskatchewan was the first province to enact the Interpersonal Violence Disclosure Protocol Act, also known as Clare’s Law.

Municipal police can now disclose information about an individual’s history of violent or abusive behavior to help protect potential future victims of domestic abuse.

Continue reading “Saskatchewan Law Against Domestic Violence Raises Privacy Concerns”

Q&A: The Markup’s Nabiha Syed

Privacy Has Its Roots in Outrage

By C.J. Thompson

Nabiha Syed is a media attorney and president of The Markup, an independent news website dedicated to illuminating concerning privacy issues.

“Part of our mission is to help people understand exactly how their privacy is being affected by technology,” she told Digital Privacy News.

The need for new privacy laws and regulation are primary components of a landscape that has never been more complex, cluttered — and, in many ways — cloaked.

But Syed remains encouraged by the current wave of public activism, as it is exactly what’s needed to provoke meaningful privacy protections. 

Continue reading “Q&A: The Markup’s Nabiha Syed”
Filed under:

What Happened? Capital One Breach

Tipster’s Email Begins Saga That Ultimately Brings $80M Fine

By Najmeh Tima

“What Happened?” is an occasional feature by Digital Privacy News that looks back on some of the tech industry’s biggest data breaches last year.

Capital One Bank last month agreed to pay an $80 million fine over a data breach last year that affected more than 100 million credit-card applications — and about 106 million people worldwide.

The Aug. 6 announcement by the U.S. Comptroller of the Currency nearly closes a grueling saga that began with a tipster’s email on July 17, 2019, that a hacker had stolen troves of customer data through an “improperly configured firewall” — eventually costing Capital One as much as $150 million.

The alleged hacker, Paige Adele Thompson, 33, of Seattle, has been charged with sharing files with online platforms that she had claimed to possess.

One file she allegedly shared was associated with Capital One.

Continue reading “What Happened? Capital One Breach”