Month: April 2021

Wanted: Your Respiratory Data, But Not Without Privacy Risks

By Asa Hiken

In through the nose, out through the mouth — and into the hands of private companies. 

This could be the new fate of your breath. 

So it appears from an incipient trend in consumer tech, in which companies are creating products that target the collection of respiratory data. 

For instance, at the all-virtual 2021 Consumer Electronics Show in January, the Industrial Technology Research Institute (ITRI) showcased a clothing textile that tracked a wearer’s respiratory rate — along with other physiological conditions.

Continue reading “Wanted: Your Respiratory Data, But Not Without Privacy Risks”

‘Facebook Cross-Pollinates With Everything’ — Including Workplace

By Joanne Cleaver

Last of two parts.

Facebook’s Workplace platform has raised privacy concerns on many levels because of the parent company’s reputation for collecting and protecting data. The report examines how Workplace fits into Facebook’s ecosystem.

Facebook says that what happens in its Workplace collaboration platform stays there. 

Still, one privacy and data-security analyst said he was far from surprised when the research he conducted in his professional capacity — on a separate, employer-owned, secured computer — apparently sparked ads in his personal Facebook news feed, inviting him to learn more about Workplace. 

And, as far is it goes, Workplace’s policies and practices are in line with such competitors as Slack and Asana, said Raúl Castañón-Martínez, a senior research analyst with 451 Research, a division S&P Global Market Intelligence. 

Continue reading “‘Facebook Cross-Pollinates With Everything’ — Including Workplace”

Too Close for Comfort

Facebook Workplace Has Users Worried About Privacy, Just Like With Facebook

By Joanne Cleaver 

First of two parts.

Facebook’s Workplace collaboration platform has raised privacy fears because of the parent company’s reputation for collecting and protecting data. This report examines the data-privacy issues surrounding Workplace.

The terrific thing about Facebook Workplace is that it looks, feels and operates like the Facebook used by hundreds of millions of consumers. 

But the privacy-eroding thing about Workplace is that it looks, feels and operates like the Facebook used by hundreds of millions of consumers.

It’s precisely because the Workplace platform is modeled after Facebook, which undermines the privacy of individuals trying to keep their work and personal accounts and communications separate, said Justin Antonipillai, founder and CEO of Wirewheel in Arlington, Va.

Wirewheel equips companies with workforce and enterprise privacy tools.

Continue reading “Too Close for Comfort”

UK Court Allows Hacked Phone Messages to Be Used as Evidence

By Robert Bateman

A U.K. court has ruled that prosecutors may submit evidence gathered by French and Dutch police through hacking defendants’ phones, in a judgment that has critical implications for the interpretation of the country’s surveillance laws.

The Court of Appeal’s judgment, delivered in February, related to data exfiltrated from EncroChat devices — subscription-only mobile phones used for encrypted communications.

The Feb. 5 ruling could open the door to more trials based on evidence obtained from EncroChat devices. But some legal experts told Digital Privacy News that the case had implications for the privacy of lawful EncroChat users.

Anthony Eskander, a lawyer with U.K. law firm Church Court Chambers, said it was necessary to consider “both sides of the argument.”

“On the one hand, certain characters use advanced technological developments to facilitate the conduct of criminal activity, with the primary objective of reducing the chance of discovery by law enforcement,” Eskander said.

Continue reading “UK Court Allows Hacked Phone Messages to Be Used as Evidence”

Q&A: Researchers Sarah Lageson, Elizabeth Webster and Juan Sandoval

Disclosing Criminal Records on the Internet Creates ‘Digital Punishment’

By Mukund Rathi

First of three parts.

The digitization and release of public criminal records on the internet is “increasingly disconnected from a criminal justice purpose of public notification or agency watchdogging.”

That’s according to a study by Sarah Lageson, assistant professor at the Rutgers University School of Criminal Justice; Elizabeth Webster, assistant professor at Loyola University Chicago, and Juan Sandoval, doctoral student at the University of California Irvine. 

Lageson holds a Ph.D. in sociology from the University of Minnesota. Webster’s doctorate is from the Rutgers School of Criminal Justice — and Sandoval previously was a probation and parole officer in New Mexico.

The study, released in January, examined 200 public governmental websites of law enforcement, criminal courts, corrections and other repositories in all 50 states. It found a “remarkable quantity” of personally identifiable information (PII) on accused and convicted people.

For example, all states disclose data on currently incarcerated people and nearly half of law-enforcement agencies disclose mugshots. 

Continue reading “Q&A: Researchers Sarah Lageson, Elizabeth Webster and Juan Sandoval”

EU AI Proposals May Not Protect Human Rights, Experts Warn

By Robert Bateman

The EU is organizing the world’s first comprehensive legal framework to regulate the development and use of AI systems, but some experts have argued that the rules do not go far enough.

The proposed regulation, presented in draft form Wednesday by the European Commission, takes aim at biometric surveillance, “social-credit” systems and other controversial implementations of AI that do not conform with “EU values.” 

The regulation would impose fines of up to 6% of annual turnover for companies that infringe its rules.

Yet some privacy and public policy experts told Digital Privacy News that, in its current form, the new law could fail to protect Europeans from many AI-driven harms.

Continue reading “EU AI Proposals May Not Protect Human Rights, Experts Warn”

Controlling the Game

New Predictive Policing Tools Employing Surveillance, Raising Privacy Fears

By Jackson Chen

After debuting more than a decade ago as a way to stop crime before it happens, predictive policing methods are shifting toward a more surveillance-based model that could lead to greater privacy concerns, experts told Digital Privacy News.

One of the earliest instances of predictive policing showed up in 2011, when the Santa Cruz Police Department in California adopted such a program after a six-month pilot period.

The program was modeled after an earthquake-aftershock tool and was used to determine where future crimes would occur based on prior agency data.

Since then, many vendors — Geolitica, CivicScape, ShotSpotter Connect, even IBM — are being used by 152 departments across the U.S., according to the Electronic Frontier Foundation’s Atlas of Surveillance tool that tracks which technologies police agencies use.

Continue reading “Controlling the Game”

Beijing Moves to Censor, Control Hong Kong’s Art and Culture

A Hong Kong riot officer with his knee near the neck of a protester during 2019 National Day demonstrations. The prize-winning photo was part of a global contest exhibit that was assailed by Chinese authorities. Credit: Nicolas Asfouri, Agence France-Presse. 

By Patrick McShane

In these occasional reports, Digital Privacy News examines the fallout of China’s “national security law” on Hong Kong.

In the nine months since the “national security law” was passed in June, Beijing has taken control over Hong Kong’s 33,000-strong police force.

It also has gained complete command over the city’s once-respected Education Department and its one million students and 100,000 teachers.

And with a rigid — “must sign or resign” — loyalty oath, China has successively intimidated its 180,000-member civil service department.

Now, the Chinese Communist Party (CCP) will take over Hong Kong’s vibrant arts and cultural scene.

Continue reading “Beijing Moves to Censor, Control Hong Kong’s Art and Culture”

Experts Condemn Facebook’s Under-13 Instagram Plan

By Robert Bateman

U.K. children’s rights advocates have written to Facebook CEO Mark Zuckerberg, urging him to scrap a version of Instagram that reportedly is in development for children under 13.

The letter, dated April 15, was signed by children’s safety and privacy experts, claiming Instagram “exploits young people’s fear of missing out and desire for peer approval” and challenges children’s “privacy and wellbeing.”

Facebook’s plans were first revealed in an internal memo disclosed last month by Buzzfeed News.

“Instagram has, over and again, proved that it makes improvements only when the public clamor reaches a level that seriously damages trust in the company, after a tragic incident, or to stave off threatened regulation,” said Sonia Livingstone, professor of social psychology at the London School of Economics and Political Science.

Continue reading “Experts Condemn Facebook’s Under-13 Instagram Plan”

Q&A: Lorrie Cranor of Carnegie Mellon University

‘Most People Value Their Privacy a Lot’

By C.J. Thompson 

Lorrie Cranor is a longtime champion of privacy and security issues.

A professor of computer science, engineering and public policy at Carnegie Mellon University, she also serves as director of the university’s CyLab Usable Privacy and Security Laboratory and is co-director of the MSIT privacy engineering masters’ program.

For more than two decades, Cranor’s research has illuminated usable — consumer-friendly — privacy and security technologies and methodologies.

Cranor, whose doctorate is from Washington University in St. Louis, served as chief technologist for the Federal Trade Commission in 2016.

She and CyLab researchers recently designed the blue “opt-out” icon now used on many websites to alert consumers how to decline the sale of their data. It resulted from amendments to the California Consumer Privacy Act (CCPA) in March.

Continue reading “Q&A: Lorrie Cranor of Carnegie Mellon University”

‘Giving It Out Like Candy’

Calif. Bill Seeks to Stop Police From Unbridled License-Plate Data Collection

An image from the user guide for the Law Enforcement Archival Reporting Network (LEARN) system, Vigilant Solutions’ platform for law enforcement officers who access license-plate data.

By Fiona Tang

California legislators are considering a bill that would limit law enforcement’s retention of data obtained through automated license plate readers (ALPRs), hoping to quell alarms from privacy advocates after a state agency found widespread abuse among police.

Democratic State Sen. Scott Wiener introduced the License Plate Privacy Act in January after the California State Auditor released a report earlier last year revealing negligent misuse of ALPR data by authorities.

The activities, the report said, marked severe violations of an existing privacy law, S.B. 34, which had been on the books since January 2016.

“What we are seeing is agencies will maintain massive amounts of data in perpetuity — data that has nothing to do with any kind of investigation or suspected crime — and they are giving it out like candy, to basically any agency, even sometimes non-governmental agencies, anywhere in the country,” Wiener said last month in presenting the bill to the Senate Judiciary Committee.

Continue reading “‘Giving It Out Like Candy’”

MyLife’s ‘Reputation’ Practices Under Scrutiny From DOJ, FTC

By Rachel Looker 

If you haven’t recently Googled yourself, it might be time you did.

A routine search could bring up a result with your name and a “free background report” at MyLife.com.

Clicking it takes you to a page with your age, current and previous addresses, religious views, marital status, net worth, political affiliation and many other personal details.

A graphic that resembles a speedometer indicates your “reputation score” based on “background details, personal reviews and social media posts,” according to MyLife’s website.

The gauge indicates how high or low your score is versus the national average.

Each profile contains other personal details, including court and arrest records that can be viewed on the website, some of which only are accessible via a premium, paid membership.

Continue reading “MyLife’s ‘Reputation’ Practices Under Scrutiny From DOJ, FTC”

UK Considering Face-Data Scheme for Pubs, Raising Privacy Fears

By Robert Bateman

A government-sponsored plan in the U.K. could allow pubs and other venues to identify customers using facial-recognition technology — and some academics and advocates are worried about the implications for privacy and civil liberties.

The proposed scheme, which is being developed by British tech companies iProov and Mvine using a $103,000 government grant, has been touted as a means to ease COVID-19 restrictions without the use of so-called “vaccine passports.”

But iProov assured Digital Privacy News that subjects’ privacy would be protected. Still, the plans have drawn the ire of privacy advocates, who say it would violate individual privacy and other civil rights.

“There is no legitimate justification for including facial recognition or any other biometric applications in vaccine passport schemes,” said Ella Jakubowska, policy officer at European Digital Rights (EDRi), based in Brussels.

Continue reading “UK Considering Face-Data Scheme for Pubs, Raising Privacy Fears”

‘A Terrible Idea’

Amazon Expands Contactless ‘Palm’ Technology During Pandemic

By Fiona Tang

Amazon.com is opening new physical retail stores so customers can make purchases by scanning their palms, a step that researchers said capitalized on consumers’ concerns about hygiene during the COVID-19 pandemic.

The technology, called Amazon One, debuted in September at an Amazon Go store in Seattle. Officials touted the technology as welcomed during the pandemic but declined to comment further to Digital Privacy News.

It uses a “biometric identification system” that includes a hand scanner that can identify a customer based on such characteristics as “lines and creases in the user’s palm, veins, bones, soft tissue or other structures beneath the epidermis of the skin,” according to a patent Amazon filed in December 2019.

To sign up for Amazon One, a customer inserts a credit card and positions their palm above the scanner. The scanner then generates a “unique palm signature” and connects the customer’s card information to their palm.

Continue reading “‘A Terrible Idea’”

Q&A: HIBP’s Troy Hunt

Huge Facebook Leak Brings the ‘Ability to Send More Targeted Phishing Emails’

By Rachel Looker 

Facebook made headlines this month after news that a data leak exposed the personal information of more than 533 million users.  

First reported April 3 by Business Insider, the leak included cellphone numbers, names, locations, birthdates and some email addresses for users in over 100 countries.  

But Facebook said hackers obtained the data before September 2019 by “scraping” it from the platform through misuse of its contact importer tool. 

“This feature was designed to help people easily find their friends to connect with on our services using their contact lists,” Facebook said in an April 6 blog post.

The platform said the contact importer had been updated to prevent software from imitating the app and uploading large sets of phone numbers to see if any matched a Facebook user.  

Continue reading “Q&A: HIBP’s Troy Hunt”

‘We Don’t Hide the Cameras’

Retailers Balance Privacy While Foiling Thieves as COVID-Related Crime Rises

An alleged shoplifter caught on surveillance video at the Homestyles Gallery craft mall in North Carolina before Christmas. The video was posted to social media. Credit: Homestyles Gallery

By Joanne Cleaver 

Angie Smith noticed the red-haired woman who meandered into Homestyles Gallery, an accessories and craft mall in suburban Charlotte, N.C., days before Christmas.

But busy with customers, Smith didn’t realize until hours later that the woman had sashayed out with $700 in handcrafted jewelry from an artisan’s booth within the store. 

The incident was caught on surveillance tape: The COVID-masked woman glancing around, opening a glass case, sweeping jewelry into a tote bag and trotting off-screen. 

“We’ve had small losses before but nothing like this,” Smith, the mall’s co-owner, told Digital Privacy News. 

Infuriated at the woman’s brazen theft, she posted a clip of the video to the shop’s Facebook page — touching off a minor storm of citizen detectives determined to help a popular local business recover from a petty crime.

Continue reading “‘We Don’t Hide the Cameras’”

What Happened? Nintendo

Data Hacked to Buy Fortnite Currency

By Najmeh Tima

“What Happened?” is an occasional feature by Digital Privacy News that looks back on some of the tech industry’s biggest data breaches last year.

Nintendo has experienced several hacks in recent years — but one of its biggest came last year, when the personal identifiable information (PII) of 300,000 users was leaked in a scheme to buy Fortnite cryptocurrency.

“People have lost their life savings, have had counterfeit passports and other identity cards created using their information,” Nick Espinosa, an Illinois intelligence analyst, told Digital Privacy News, “which can then get them into legal trouble if the identity thief commits a crime while impersonating them.”

Ben Goodman, senior vice president of ForgeRock, a digital identity-platform provider in San Francisco, noted that the leaked PII could have been used in other malicious ways.

“The loss of the PII itself may weaponize a bad actor for further hacking,” he said, “to steal identities, reset passwords and take over accounts for other sites or impersonate an individual.

Continue reading “What Happened? Nintendo”

Experts Fear Civil Rights Rollback in Ruling on Border Data Searches

By Nora Macaluso

A recent federal court ruling allowing U.S. Border Patrol agents to search travelers’ cellphones and laptops at will has privacy advocates worried about a civil rights rollback.

The U.S. Court of Appeals for the First Circuit in Boston found in February that warrantless searches did not violate the U.S. Constitution.

The court, in reversing a 2019 decision, said the “volume” of travelers crossing U.S. borders made warrantless searches “essential” to border protection.

Requiring warrants would “hamstring the agencies’ efforts to prevent border-related crime and protect this country from national security threats,” the court said in its Feb. 9 decision.

Continue reading “Experts Fear Civil Rights Rollback in Ruling on Border Data Searches”

‘Gutting Privacy Rights’

UK Data-Law Plans Draw Advocates’ Ire

By Robert Bateman

The U.K. government has signaled its intention to diverge from the EU standards on data-protection and privacy law, claiming that a “less-European approach” could help drive economic growth.

But some experts told Digital Privacy News that the government’s proposals could weaken individual rights and could put EU trade at risk.

Since the U.K. fully transitioned out of the EU in January, it has been able to make changes to EU law, including the General Data Protection Regulation (GDPR), which passed in 2016.

According to Reuters, U.K. Culture Secretary Oliver Dowden said he hoped the country could “hold on to many of the strengths of GDPR in terms of giving people security about their data,” but focus “less on the burdens of the rules imposed on individual businesses.”

Continue reading “‘Gutting Privacy Rights’”

Q&A: Colin J. Bennett, University of Victoria

‘Just Because People Say Data Analytics Win Elections Doesn’t Mean It’s True’

By Vaughn Cockayne

Colin J. Bennett is a professor of political science at the University of Victoria in Canada. He is a fellow of the university’s Surveillance Studies Centre.

His research focuses on the use of surveillance policy at the domestic and international levels. His most recent research has been into the use of data analytics during elections and how it has affected worldwide democracies.

His books include “The Governance of Privacy” (2006) and “The Privacy Advocates: Resisting the Spread of Surveillance” (2008).

Bennett, who holds a doctorate from the University of Illinois at Urbana-Champaign, told Digital Privacy News that exporting “data-driven” political campaign strategies to other countries is a threat that should be resisted.

Continue reading “Q&A: Colin J. Bennett, University of Victoria”