Month: April 2021

Q&A: Lorrie Cranor of Carnegie Mellon University

‘Most People Value Their Privacy a Lot’

By C.J. Thompson 

Lorrie Cranor is a longtime champion of privacy and security issues.

A professor of computer science, engineering and public policy at Carnegie Mellon University, she also serves as director of the university’s CyLab Usable Privacy and Security Laboratory and is co-director of the MSIT privacy engineering masters’ program.

For more than two decades, Cranor’s research has illuminated usable — consumer-friendly — privacy and security technologies and methodologies.

Cranor, whose doctorate is from Washington University in St. Louis, served as chief technologist for the Federal Trade Commission in 2016.

She and CyLab researchers recently designed the blue “opt-out” icon now used on many websites to alert consumers how to decline the sale of their data. It resulted from amendments to the California Consumer Privacy Act (CCPA) in March.

Continue reading “Q&A: Lorrie Cranor of Carnegie Mellon University”

‘Giving It Out Like Candy’

Calif. Bill Seeks to Stop Police From Unbridled License-Plate Data Collection

An image from the user guide for the Law Enforcement Archival Reporting Network (LEARN) system, Vigilant Solutions’ platform for law enforcement officers who access license-plate data.

By Fiona Tang

California legislators are considering a bill that would limit law enforcement’s retention of data obtained through automated license plate readers (ALPRs), hoping to quell alarms from privacy advocates after a state agency found widespread abuse among police.

Democratic State Sen. Scott Wiener introduced the License Plate Privacy Act in January after the California State Auditor released a report earlier last year revealing negligent misuse of ALPR data by authorities.

The activities, the report said, marked severe violations of an existing privacy law, S.B. 34, which had been on the books since January 2016.

“What we are seeing is agencies will maintain massive amounts of data in perpetuity — data that has nothing to do with any kind of investigation or suspected crime — and they are giving it out like candy, to basically any agency, even sometimes non-governmental agencies, anywhere in the country,” Wiener said last month in presenting the bill to the Senate Judiciary Committee.

Continue reading “‘Giving It Out Like Candy’”

MyLife’s ‘Reputation’ Practices Under Scrutiny From DOJ, FTC

By Rachel Looker 

If you haven’t recently Googled yourself, it might be time you did.

A routine search could bring up a result with your name and a “free background report” at

Clicking it takes you to a page with your age, current and previous addresses, religious views, marital status, net worth, political affiliation and many other personal details.

A graphic that resembles a speedometer indicates your “reputation score” based on “background details, personal reviews and social media posts,” according to MyLife’s website.

The gauge indicates how high or low your score is versus the national average.

Each profile contains other personal details, including court and arrest records that can be viewed on the website, some of which only are accessible via a premium, paid membership.

Continue reading “MyLife’s ‘Reputation’ Practices Under Scrutiny From DOJ, FTC”

UK Considering Face-Data Scheme for Pubs, Raising Privacy Fears

By Robert Bateman

A government-sponsored plan in the U.K. could allow pubs and other venues to identify customers using facial-recognition technology — and some academics and advocates are worried about the implications for privacy and civil liberties.

The proposed scheme, which is being developed by British tech companies iProov and Mvine using a $103,000 government grant, has been touted as a means to ease COVID-19 restrictions without the use of so-called “vaccine passports.”

But iProov assured Digital Privacy News that subjects’ privacy would be protected. Still, the plans have drawn the ire of privacy advocates, who say it would violate individual privacy and other civil rights.

“There is no legitimate justification for including facial recognition or any other biometric applications in vaccine passport schemes,” said Ella Jakubowska, policy officer at European Digital Rights (EDRi), based in Brussels.

Continue reading “UK Considering Face-Data Scheme for Pubs, Raising Privacy Fears”

‘A Terrible Idea’

Amazon Expands Contactless ‘Palm’ Technology During Pandemic

By Fiona Tang is opening new physical retail stores so customers can make purchases by scanning their palms, a step that researchers said capitalized on consumers’ concerns about hygiene during the COVID-19 pandemic.

The technology, called Amazon One, debuted in September at an Amazon Go store in Seattle. Officials touted the technology as welcomed during the pandemic but declined to comment further to Digital Privacy News.

It uses a “biometric identification system” that includes a hand scanner that can identify a customer based on such characteristics as “lines and creases in the user’s palm, veins, bones, soft tissue or other structures beneath the epidermis of the skin,” according to a patent Amazon filed in December 2019.

To sign up for Amazon One, a customer inserts a credit card and positions their palm above the scanner. The scanner then generates a “unique palm signature” and connects the customer’s card information to their palm.

Continue reading “‘A Terrible Idea’”

Q&A: HIBP’s Troy Hunt

Huge Facebook Leak Brings the ‘Ability to Send More Targeted Phishing Emails’

By Rachel Looker 

Facebook made headlines this month after news that a data leak exposed the personal information of more than 533 million users.  

First reported April 3 by Business Insider, the leak included cellphone numbers, names, locations, birthdates and some email addresses for users in over 100 countries.  

But Facebook said hackers obtained the data before September 2019 by “scraping” it from the platform through misuse of its contact importer tool. 

“This feature was designed to help people easily find their friends to connect with on our services using their contact lists,” Facebook said in an April 6 blog post.

The platform said the contact importer had been updated to prevent software from imitating the app and uploading large sets of phone numbers to see if any matched a Facebook user.  

Continue reading “Q&A: HIBP’s Troy Hunt”

‘We Don’t Hide the Cameras’

Retailers Balance Privacy While Foiling Thieves as COVID-Related Crime Rises

An alleged shoplifter caught on surveillance video at the Homestyles Gallery craft mall in North Carolina before Christmas. The video was posted to social media. Credit: Homestyles Gallery

By Joanne Cleaver 

Angie Smith noticed the red-haired woman who meandered into Homestyles Gallery, an accessories and craft mall in suburban Charlotte, N.C., days before Christmas.

But busy with customers, Smith didn’t realize until hours later that the woman had sashayed out with $700 in handcrafted jewelry from an artisan’s booth within the store. 

The incident was caught on surveillance tape: The COVID-masked woman glancing around, opening a glass case, sweeping jewelry into a tote bag and trotting off-screen. 

“We’ve had small losses before but nothing like this,” Smith, the mall’s co-owner, told Digital Privacy News. 

Infuriated at the woman’s brazen theft, she posted a clip of the video to the shop’s Facebook page — touching off a minor storm of citizen detectives determined to help a popular local business recover from a petty crime.

Continue reading “‘We Don’t Hide the Cameras’”

What Happened? Nintendo

Data Hacked to Buy Fortnite Currency

By Najmeh Tima

“What Happened?” is an occasional feature by Digital Privacy News that looks back on some of the tech industry’s biggest data breaches last year.

Nintendo has experienced several hacks in recent years — but one of its biggest came last year, when the personal identifiable information (PII) of 300,000 users was leaked in a scheme to buy Fortnite cryptocurrency.

“People have lost their life savings, have had counterfeit passports and other identity cards created using their information,” Nick Espinosa, an Illinois intelligence analyst, told Digital Privacy News, “which can then get them into legal trouble if the identity thief commits a crime while impersonating them.”

Ben Goodman, senior vice president of ForgeRock, a digital identity-platform provider in San Francisco, noted that the leaked PII could have been used in other malicious ways.

“The loss of the PII itself may weaponize a bad actor for further hacking,” he said, “to steal identities, reset passwords and take over accounts for other sites or impersonate an individual.

Continue reading “What Happened? Nintendo”

Experts Fear Civil Rights Rollback in Ruling on Border Data Searches

By Nora Macaluso

A recent federal court ruling allowing U.S. Border Patrol agents to search travelers’ cellphones and laptops at will has privacy advocates worried about a civil rights rollback.

The U.S. Court of Appeals for the First Circuit in Boston found in February that warrantless searches did not violate the U.S. Constitution.

The court, in reversing a 2019 decision, said the “volume” of travelers crossing U.S. borders made warrantless searches “essential” to border protection.

Requiring warrants would “hamstring the agencies’ efforts to prevent border-related crime and protect this country from national security threats,” the court said in its Feb. 9 decision.

Continue reading “Experts Fear Civil Rights Rollback in Ruling on Border Data Searches”

‘Gutting Privacy Rights’

UK Data-Law Plans Draw Advocates’ Ire

By Robert Bateman

The U.K. government has signaled its intention to diverge from the EU standards on data-protection and privacy law, claiming that a “less-European approach” could help drive economic growth.

But some experts told Digital Privacy News that the government’s proposals could weaken individual rights and could put EU trade at risk.

Since the U.K. fully transitioned out of the EU in January, it has been able to make changes to EU law, including the General Data Protection Regulation (GDPR), which passed in 2016.

According to Reuters, U.K. Culture Secretary Oliver Dowden said he hoped the country could “hold on to many of the strengths of GDPR in terms of giving people security about their data,” but focus “less on the burdens of the rules imposed on individual businesses.”

Continue reading “‘Gutting Privacy Rights’”

Q&A: Colin J. Bennett, University of Victoria

‘Just Because People Say Data Analytics Win Elections Doesn’t Mean It’s True’

By Vaughn Cockayne

Colin J. Bennett is a professor of political science at the University of Victoria in Canada. He is a fellow of the university’s Surveillance Studies Centre.

His research focuses on the use of surveillance policy at the domestic and international levels. His most recent research has been into the use of data analytics during elections and how it has affected worldwide democracies.

His books include “The Governance of Privacy” (2006) and “The Privacy Advocates: Resisting the Spread of Surveillance” (2008).

Bennett, who holds a doctorate from the University of Illinois at Urbana-Champaign, told Digital Privacy News that exporting “data-driven” political campaign strategies to other countries is a threat that should be resisted.

Continue reading “Q&A: Colin J. Bennett, University of Victoria”

Apple Faces French Privacy Complaint Over Tracking

By Robert Bateman

Apple Inc. faces an investigation by the French privacy regulator after a coalition of French startups alleged that the company was violating EU data-protection law.

France Digitale, an advocacy group comprising nearly 2,000 French businesses, contend that Apple tracked user behavior on iPhones and iPads by default, violating EU privacy laws, including the General Data Protection Regulation (GDPR), which took effect in 2018.

Apple officials retorted that the group’s allegations, filed in a March 8 complaint to the Commission Nationale de l’informatique et des Libertés (CNIL), as “patently false.”

Continue reading “Apple Faces French Privacy Complaint Over Tracking”

‘Terribly Sad’

Will China Make Cameras Compulsory in Hong Kong Classrooms?

By Patrick McShane

In these occasional reports, Digital Privacy News examines the fallout from China’s “national security law” on Hong Kong.

The first push to place surveillance cameras inside Hong Kong classrooms came last summer.

The issue originated during a government discussion on education, when one of the city’s pro-Beijing legislators, Tommy Cheung, suggested that closed-circuit TV cameras be installed inside classrooms to check whether teachers were making “non-patriotic” or “subversive” remarks during lessons.

Another lawmaker, Martin Liao, also a deputy to China’s National People’s Congress, said: “If some teachers have ulterior political motives and hope to bring (anti-China) politics into schools, their untrue claims made in classrooms could deeply impact students negatively.

“We should take the initiative to identify the horses that spoil the whole herd,” Liao said.

However, the controversial topic seemed to fade away over the autumn and winter months, as Hong Kong battled COVID-19 and the ensuing global economic downturn.

Continue reading “‘Terribly Sad’”