Smart Mirrors Handy, Fun — But Are a Data-Gathering Bonanza

By Rob Sabo

In 2017, luxury retailer Neiman Marcus introduced smart-mirror technology to its makeup counters and fitting rooms, following a path blazed by Ralph Lauren and Mango and later joined by Macy’s, J.C. Penney and other industry leaders.

Smart-mirror technology provides consumers with 360-degree views of outfits or cosmetics without trying them on.

They also are a data-gathering bonanza, experts told Digital Privacy News.

“The retail sector, especially luxury brands, are investing in smart mirrors because they get direct access to a user’s body,” said Veronica Miller, cybersecurity expert at VPN Overview in the Netherlands.

Continue reading “Smart Mirrors Handy, Fun — But Are a Data-Gathering Bonanza”

‘Working From Home Can Be Deadly’

COVID Pushes Up HIPAA Violations Last Year to Second-Straight Record

By Myrle Croasdale

U.S. health care data-privacy violations soared 26% last year, federal data show, setting a record high for the second-straight year.

Breaches involving 500 patient records or more reached 647 in 2020, versus 512 incidents in the year before, according to the U.S. Office for Civil Rights (OCR).

Year-over increases had been gradual until the past two years, the data showed. Hacking and IT incidents accounted for the majority of the reported violations, according to OCR.

Part of the U.S. Department of Health and Human Services, OCR enforces privacy rules created by the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996.   

Continue reading “‘Working From Home Can Be Deadly’”

Privacy Advocates Outraged by UK Supermarket’s Face Cameras

By Robert Bateman

U.K. supermarket chain the Southern Co-op is using facial-recognition technology to address shoplifting, a move that privacy advocates argued violated shoppers’ privacy rights.

The supermarket has been using facial-recognition cameras, provided by the security firm Facewatch, in 18 of its stores across the south of England since 2018, a company spokesperson told Digital Privacy News.

The cameras scan the faces of anyone walking into the store and retains biometric data derived from the facial images of people suspected of having committed a crime.

“To see a supposedly ethical company secretly using rights-abusive tech like facial recognition on its customers in the U.K. is deeply chilling,” said Silkie Carlo, director of U.K. privacy advocacy group Big Brother Watch.

Continue reading “Privacy Advocates Outraged by UK Supermarket’s Face Cameras”

Q&A: Author Janna Malamud Smith

‘People Are Giving Up a Lot of Autonomy’

By Samantha Stone  

Last of two parts. 

In 1997, psychotherapist Janna Malamud Smith published “Private Matters: In Defense of the Personal Life.” 

She used examples from history and literature to explore the concept of privacy and to describe why we need it. 

There’s also a dose of insight from Smith the therapist, who notes how the drive to heal can push private matters voluntarily into the public sphere. 

In the last of a two-part interview, Smith, 69, told Digital Privacy News how relinquishing privacy could invite harm.

Continue reading “Q&A: Author Janna Malamud Smith”

Q&A: Author Janna Malamud Smith

Without Privacy, ‘You Don’t Have the Space to Make the Choices You Want to Make’ 

By Samantha Stone  

First of two parts. 

Long before smartphones, Facebook or airport security agents peering inside duffel bags, Janna Malamud Smith wrote about privacy as necessary to human well-being. 

But what does privacy look like — and how much is enough?  

Smith’s book, “Private Matters: In Defense of the Personal Life,” was first published in 1997. 

It explores privacy from the perspective of a psychotherapist — and, not incidentally, the daughter of a high-profile literary figure. 

Continue reading “Q&A: Author Janna Malamud Smith”

Ransomware Attacks Up, But Victims Not Reporting to Police

By Patrick W. Dunne

Ransomware attacks were the most-observed cyberthreat last year — in part because of COVID-19 and more employees working from home — but many victims did not report the attacks to authorities, mostly out of fear of reprisal, experts told Digital Privacy News.

“We got about 2,700 ransomware cases in 2019,” said Keith Wojcieszek, a former U.S. Secret Service agent and managing director of the cyber risk practice at Kroll, the New York cybersecurity firm that recently released survey findings on the issue.

“That number increased by 100% in 2020,” he added. “COVID-19 and work-from-home orders played a huge role in ransomware’s prevalence.”

Ransomware attacks computer systems and locks data with encryption. Hackers then demand payments to release the information — often sending news releases to media outlets or stock exchanges, “shaming” victims should they not pay.

Continue reading “Ransomware Attacks Up, But Victims Not Reporting to Police”

New FAA Drone Rules Raise Fears Among Operators, Hobbyists

By Christopher Adams

The Federal Aviation Administration (FAA) recently announced final rules governing the use of unmanned aircraft systems (UAS), implementing changes to the agency’s Remote ID requirement and establishing policies regarding small, unmanned aircraft flying over people and operating at night.

While unmanned aerial vehicle (UAV) commercial operators and hobbyists had been eager for these rules to become final — and the new ID regulation seems to be welcomed by the drone community — the changes have initiated some privacy concerns, experts told Digital Privacy News. 

The most alarming is the public availability of a drone operator’s location, which is under widespread attack by privacy advocates, as it could endanger the physical safety of UAV pilots.

“Now, the bigger implication for operators comes in the neighborhood of privacy — and this is a very serious concern,” said Ryan Latourette, director of regulatory affairs at Great Lakes Drone Co., based in Stevensville, Mich.

Continue reading “New FAA Drone Rules Raise Fears Among Operators, Hobbyists”

Baltimore Grounds Police ‘Spy Planes’ as Court Battle Looms

By Hamil R. Harris

Privacy advocates are praising a decision by Baltimore city officials to deny funding to a controversial police aerial surveillance program — effectively killing the alleged crime-fighting weapon — but a federal court will decide the ultimate fate of the effort next month.

The five-member Baltimore City Board of Estimates voted unanimously last Wednesday to not renew the city’s contract with Ohio-based Persistent Surveillance Systems (PSS) because Baltimore Police Department officials said it was not conclusive that the program was effective.

“There is no doubt that Baltimore continues to suffer from a violence epidemic,” Democratic Baltimore Mayor Brandon Scott told Digital Privacy News in a statement.

“However, unproven experiments and gimmicks designed to simply appease communities in the short term will not provide our residents with the coordinated strategy nor trauma-responsive care that they need and deserve.”

Continue reading “Baltimore Grounds Police ‘Spy Planes’ as Court Battle Looms”

Clearview’s Biometric Database Ruled ‘Illegal’ in Canada, EU

By Robert Bateman

Clearview AI’s biometric database was declared unlawful in Canada earlier this month, just a week after a similar decision by German regulators.

The New York-based tech firm has amassed a vast collection of more than three billion facial images by scraping publicly available data.

Clearview’s algorithmic software derives “faceprints” from these images, creating a trove of biometric information that is searchable by the company’s clients, including U.S. law-enforcement agencies.

In a Feb. 3 news release, announcing the outcome of a yearlong investigation, Canada’s Office of the Privacy Commissioner (OPC) concluded that Clearview’s practices represented “mass surveillance” and were “illegal.” 

Continue reading “Clearview’s Biometric Database Ruled ‘Illegal’ in Canada, EU”

Q&A: Ames Grawert, Brennan Center for Justice

We Must Be ‘Serious About Giving People a Second Chance’

By Mary Pieper

Ames Grawert is senior counsel and the John L. Neu justice counsel at the Brennan Center for Justice at the New York University Law School.

He is a coauthor of a recent study, “Conviction, Imprisonment and Lost Earnings: How Involvement with the Criminal Justice System Deepens Inequality.” 

The study describes how criminal convictions negatively affect an individual’s finances for a lifetime because of the stigma that prevents them from finding quality jobs.

Grawert told Digital Privacy News that those who have been convicted in the past must have the opportunity to make a new start.

Continue reading “Q&A: Ames Grawert, Brennan Center for Justice”

GDPR Fines Up 40% Last Year

By Robert Bateman

Penalties for breaching EU data-protection laws have increased by nearly 40% over the past 12 months, suggesting that the bloc is taking a tougher stance on privacy violations within its borders. 

But some experts told Digital Privacy News that the EU had some way to go before Europeans’ rights were protected adequately.

“Much of the talk before the General Data Protection Regulation (GDPR) took effect was about a penalty regime that allowed regulators to issue fines in the millions — and, in some cases, billions — of euros,” said Edward Machin, privacy and cybersecurity lawyer at Ropes and Gray in London.

“Those expecting large penalties straight out of the gate were disappointed, however, and the first 18 months of the GDPR’s life largely passed without event.

Continue reading “GDPR Fines Up 40% Last Year”

Parents Allege Bias in Proctoring Technology

By Vaughn Cockayne

When Rafiq Kalam Id-Din II realized the extent of the use of proctoring technology at universities that he considered racially biased and invasive, he knew — as an educator, parent and person of color — he could no longer stay silent.

“This abrupt move to online caught everyone off guard,” Kalam Id-Din, who lives in Brooklyn, N.Y., told Digital Privacy News. “Because in the pursuit of efficiency, people gave up true efficacy and empathy.”

Kalam Id-Din is the founder and managing partner of the Ember Charter Schools for Mindful Education, Innovation and Transformation in Brooklyn.

He is among 2,000 parents who joined recently with Fight for the Future, a Boston nonprofit digital-rights activist group, to call on McGraw Hill to end its relationship with the software maker, Proctorio.

Continue reading “Parents Allege Bias in Proctoring Technology”

Experts: Amazon Pharmacy Poses Risks Due to Holes in HIPAA

By Maria Marabito

Amazon has launched its online pharmacy, Amazon Pharmacy, but experts told Digital Privacy News that the service could jeopardize user privacy — as federal HIPAA protections might fall short in safeguarding sensitive health information.

“Nothing requires Amazon to keep medical information private in the true sense of the word, because HIPAA authorizes broad sharing of data between health care entities and their business associates,” said Twila Brase, a registered nurse who is president and cofounder of the Citizens’ Council for Health Freedom (CCHF) in St. Paul, Minn.

“Thus, the promise of HIPAA is security after and during the data transfer.”

But Amazon said in its privacy policy that it must comply with the Health Insurance Portability and Accountability Act because it involved protected health information.

Continue reading “Experts: Amazon Pharmacy Poses Risks Due to Holes in HIPAA”

Q&A: Blogger Bruce Schneier

‘There Is No Appetite to Curtail Surveillance Capitalism’

By Jackson Chen

Last of two parts.

Bruce Schneier has penned an extensive collection of his musings on topics ranging from cryptography to encryption to digital-security issues to mass surveillance.

In “Data and Goliath” (2015) Schneier offered an extensive look at how governments and companies conduct mass surveillance and how it affects peoples’ daily lives.

In the last of a two-part interview, Schneier, 58, told Digital Privacy News that tech monopolies must be broken up to give customers better choices.

This interview was edited for length and clarity.

Continue reading “Q&A: Blogger Bruce Schneier”

Q&A: Author Bruce Schneier

‘We Need to Think of Privacy as a Right and Not as Property’

By Jackson Chen

First of two parts.

Privacy is an essential part of how people act freely, according to Bruce Schneier, a security technologist who works with Harvard University, the Electronic Frontier Foundation, the Tor Project and others.

Schneier, 58, has been writing about security issues since 2004 — and, despite the rapid technological leaps since then, he remains current on crucial privacy issues.

In the years since, private companies have grown accustomed to gathering consumer data, while governments are finally starting to look at privacy regulation.

In the first of a two-part interview, Schneier told Digital Privacy News that one key principle must be understood by these organizations: Privacy is not property but a human right. 

Continue reading “Q&A: Author Bruce Schneier”

WhatsApp Reportedly Facing $60.7M EU Privacy Fine

By Robert Bateman

WhatsApp faces a fine of up to $60.7 million for breaching EU privacy rules in a penalty that could be among the largest ever issued, but some privacy experts say that the fine still is too lenient.

The EU General Data Protection Regulation (GDPR), in effect since 2018, requires companies to clearly disclose how they share personal data.

According to news reports, the draft fine relates to WhatsApp’s alleged failure to meet these requirements when explaining how its messenger app shares data with Facebook, which acquired the company in 2014.

“The current alleged proposed penalty is around 375 minutes’ worth of revenue for Facebook,” said Alexander Hanff, CEO of the Swedish consultancy Think Privacy. “It is little more than a rounding error in the grand scheme of things.”

Continue reading “WhatsApp Reportedly Facing $60.7M EU Privacy Fine”

Data Privacy Day 2021

Amazon Severely Misclassifies Digital Privacy News Writer in CCPA Data

By Fiona Tang

In October, I filed a California Consumer Privacy Act (CCPA) request — seeking my data from Amazon.com.

Six days after my Oct. 11 query, the tech giant emailed me, “Your personal data is ready to download.”

Amazon’s data revealed that I had been categorized as a female, 45 to 55 years old — who was married, worked in sales-service and had children aged 7 to 9.

My annual income, according to Amazon’s data, was $100,000 to $150,000 (if only I earned that much money).

But in reality, I am a 29-year-old woman, working in civic technology — single and without children. The only attribute that Amazon had accurately predicted was my gender.

Continue reading “Data Privacy Day 2021”

‘It’s Too Much’

Chinese Firm Hits New Low, Literally Placing Bugs Under Workers’ Bottoms

By Patrick McShane

A high-tech firm in the eastern Chinese city of Hangzhou recently gave free seat cushions to its office staff to help make them more comfortable.

Initially, the staff of Hebo Technology felt it was a thoughtful gesture from company management. But soon enough, employees discovered that the comfortable new seat pads were in fact “smart cushions.”

They were being used by managers at the biotech medical company to tell them exactly when their workers were sitting at their desks — and when they were not.

Earlier this month, Hebo staff began complaining about their bosses’ trickery on Chinese social media.

Continue reading “‘It’s Too Much’”

Experts Worried Over India’s Plan for Public WiFi Hotspots

By Aishwarya Jagani

A plan approved last month to set up a national network of public WiFi hotspots throughout India has raised widespread concerns from privacy and cybersecurity experts.

“I have no doubt that government agencies are also going to have full access (to this data), which could breach citizens’ data privacy — and this can be considered a risk to data security,” Viney Kumar, a New Delhi cybersecurity expert, told Digital Privacy News.

“While this is a great initiative, there are many risks associated with it,” he added. “If this isn’t rolled out in a planned, phased and secured manner then this may turn out to be a disaster as well.”

Eric Cole, a cybersecurity consultant and CEO at Secure Anchor Consulting in Ashburn, Va., said: “The biggest challenge with public WiFi is that it, by default, is typically unencrypted.”

Continue reading “Experts Worried Over India’s Plan for Public WiFi Hotspots”

Q&A: Zimbabwe’s Kuda Hove

‘There Are No Safeguards to People’s Right to Privacy’

By Maureen Nkatha

With no active law on how private data that is collected should be stored or handled, human-rights activists and privacy experts in Zimbabwe are questioning just how ready the country is for facial-recognition technology. 

The country’s Freedom of Information Act was enforced starting last July, providing citizens and media the right to access information. However, the law does not clearly outline how data collection is handled.

Kuda Hove, a policy officer at Privacy International, told Digital Privacy News that surveillance in Zimbabwe went beyond investigating crimes and was now used as a political tool against those speaking against President Emmerson Mnangagwa’s ruling party.

Hove, who holds a Bachelor of Laws degree from the University of South Africa, also led the Information and Communication Technology (ICT)’s policy and legal work at the Zimbabwean chapter of the Media Institute of Southern Africa.

Continue reading “Q&A: Zimbabwe’s Kuda Hove”