By Robert Bateman
Facebook has released a “Corporate Human Rights Policy” on how the company manages privacy, freedom of expression, discrimination and other matters across its platforms.
But experts told Digital Privacy News that the policy failed to address core issues with Facebook’s business model, such as targeted advertising and algorithmic decision-making.
For instance, Facebook promises in the policy — published in March — to commit to U.N. human rights standards, “protect privacy” and publish annual reports on its human rights impact.
“The new Corporate Human Rights Policy, which Facebook promises to continually build as a living document, lacks discussion of the company’s primary profit center — advertising — or its business development plans,” said Peter Micek, general counsel at the global human rights organization Access Now.
Continue reading “Experts: Facebook’s Human Rights Policy Lacks Key Commitments”
‘Different Agencies Shouldn’t Be Releasing Criminal Record Data’
By Mukund Rathi
Last of three parts. (First part here. Second part here.)
Even if criminal records legally are expunged, the data may remain online.
This affects individual rights, according to a study released in January by Sarah Lageson, assistant professor at the Rutgers University School of Criminal Justice; Elizabeth Webster, assistant professor at Loyola University Chicago, and Juan Sandoval, doctoral student at the University of California Irvine.
In this final interview, the researchers told Digital Privacy News of technological solutions and legal reforms that could protect privacy while respecting First Amendment protections of free speech and freedom of the press.
Continue reading “Q&A: Researchers Juan Sandoval, Elizabeth Webster and Sarah Lageson”
By Aishwarya Jagani
As India moves forward with its much-awaited Personal Data Protection Bill (PDPB), privacy critics fear that “backdoor clauses” could allow the government access to data without consent and could create a feckless oversight board whose members would serve the whim of officials.
“The two biggest flaws are the lack of independence of the Data Protection Authority and the several ‘backdoor clauses’ contained within the PDPB,” Rohin Garg of the Internet Freedom Foundation (IFF), a privacy-rights organization in New Delhi, told Digital Privacy News.
Even B.N. Srikrishna, a retired India Supreme Court judge who led the committee that drafted the first version of the bill in 2018, attacked exemptions legislators since have added, telling Digital Privacy News that the bill now could “slide into an Orwellian state.”
Continue reading “Privacy Critics Attack ‘Backdoor Clauses’ in Proposed India Data Bill”
France, Belgium Battle EU on Key Law
By Robert Bateman
Privacy and protecting data are core values of the European Union — but recent legal cases involving privacy and surveillance have pitted EU institutions against national governments, most recently those of France and Belgium.
Some activists and academics warned Digital Privacy News that these tensions threatened to undermine the bloc’s commitment to privacy as a fundamental right.
“After years of advancement of rights-centric proposals, such as the GDPR (General Data Protection Regulation, which passed in 2016), the current trend in the EU is towards the limitation of rights,” said Estelle Massé, a senior policy analyst in Brussels for Access Now, a global human rights organization.
Continue reading “Privacy vs. Surveillance”
China’s Digital Currency Gambit Intensifies Privacy Fears Amid Challenge to US Dollar
By Charles McDermid
China is racing to roll out a government-backed digital currency, aiming to compete with rising Fintech stars, expand the state’s mass surveillance — and potentially dethrone the U.S. dollar as the king of global currencies for the first time since World War II.
The launch of the electronic yuan — known officially as the Digital Currency Electronic Payment (DCEP) or more generally as a central bank digital currency (CBDC) — went into its second phase this month.
Global media cited the move as China’s goal to have the cyberpayment technology in place for the 2022 Winter Olympics in Beijing and Hebei province in northern China.
In the shorter term, however, state banks promoted the e-yuan ahead of a national shopping festival Wednesday.
Continue reading “Enter the E-Yuan”
By Jackson Chen
Florida legislators failed to pass a comprehensive privacy law Friday, as the issue of guaranteeing citizens a private right of action against offenders proved to be a major sticking point between the state’s two chambers.
“We started an important conversation about data privacy for Floridians this session and took strong first steps toward common-sense changes,” Republican Rep. Fiona McFarland, who introduced the bill in February to the Florida House of Representatives, said on Twitter over the weekend.
“Although we ran out of time in the 60-day session, the fight for data rights is far from over!”
This year’s session of the Florida Legislature, which began March 3, ended Friday. The Sunshine State, the nation’s third most populous, would have been the latest to enact consumer protections against Big Data’s ability to harvest personal information, following California and Virginia.
Continue reading “Stymied Over Right of Action, Fla. Lawmakers Fail to Pass Privacy Bill”
‘The Public Is Getting Bad Data’
By Mukund Rathi
Second of three parts. (First part here.)
While criminal defendants are entitled to the presumption of innocence before trials, many state governments disclose their records digitally — undermining a key constitutional protection.
This is one of many concerns raised in a January study by Elizabeth Webster, assistant professor at Loyola University Chicago; Sarah Lageson, assistant professor at the Rutgers University School of Criminal Justice, and Juan Sandoval, doctoral student at the University of California Irvine.
In this second interview, the authors told Digital Privacy News that although criminal-record disclosures benefit data brokers and other special interests, they also contribute to a “reverse sunshine effect.”
Continue reading “Q&A: Researchers Elizabeth Webster, Juan Sandoval and Sarah Lageson”
By Asa Hiken
In through the nose, out through the mouth — and into the hands of private companies.
This could be the new fate of your breath.
So it appears from an incipient trend in consumer tech, in which companies are creating products that target the collection of respiratory data.
For instance, at the all-virtual 2021 Consumer Electronics Show in January, the Industrial Technology Research Institute (ITRI) showcased a clothing textile that tracked a wearer’s respiratory rate — along with other physiological conditions.
Continue reading “Wanted: Your Respiratory Data, But Not Without Privacy Risks”
By Joanne Cleaver
Last of two parts.
Facebook’s Workplace platform has raised privacy concerns on many levels because of the parent company’s reputation for collecting and protecting data. The report examines how Workplace fits into Facebook’s ecosystem.
Facebook says that what happens in its Workplace collaboration platform stays there.
Still, one privacy and data-security analyst said he was far from surprised when the research he conducted in his professional capacity — on a separate, employer-owned, secured computer — apparently sparked ads in his personal Facebook news feed, inviting him to learn more about Workplace.
And, as far is it goes, Workplace’s policies and practices are in line with such competitors as Slack and Asana, said Raúl Castañón-Martínez, a senior research analyst with 451 Research, a division S&P Global Market Intelligence.
Continue reading “‘Facebook Cross-Pollinates With Everything’ — Including Workplace”
Facebook Workplace Has Users Worried About Privacy, Just Like With Facebook
By Joanne Cleaver
First of two parts.
Facebook’s Workplace collaboration platform has raised privacy fears because of the parent company’s reputation for collecting and protecting data. This report examines the data-privacy issues surrounding Workplace.
The terrific thing about Facebook Workplace is that it looks, feels and operates like the Facebook used by hundreds of millions of consumers.
But the privacy-eroding thing about Workplace is that it looks, feels and operates like the Facebook used by hundreds of millions of consumers.
It’s precisely because the Workplace platform is modeled after Facebook, which undermines the privacy of individuals trying to keep their work and personal accounts and communications separate, said Justin Antonipillai, founder and CEO of Wirewheel in Arlington, Va.
Wirewheel equips companies with workforce and enterprise privacy tools.
Continue reading “Too Close for Comfort”
By Robert Bateman
A U.K. court has ruled that prosecutors may submit evidence gathered by French and Dutch police through hacking defendants’ phones, in a judgment that has critical implications for the interpretation of the country’s surveillance laws.
The Court of Appeal’s judgment, delivered in February, related to data exfiltrated from EncroChat devices — subscription-only mobile phones used for encrypted communications.
The Feb. 5 ruling could open the door to more trials based on evidence obtained from EncroChat devices. But some legal experts told Digital Privacy News that the case had implications for the privacy of lawful EncroChat users.
Anthony Eskander, a lawyer with U.K. law firm Church Court Chambers, said it was necessary to consider “both sides of the argument.”
“On the one hand, certain characters use advanced technological developments to facilitate the conduct of criminal activity, with the primary objective of reducing the chance of discovery by law enforcement,” Eskander said.
Continue reading “UK Court Allows Hacked Phone Messages to Be Used as Evidence”
Disclosing Criminal Records on the Internet Creates ‘Digital Punishment’
By Mukund Rathi
First of three parts.
The digitization and release of public criminal records on the internet is “increasingly disconnected from a criminal justice purpose of public notification or agency watchdogging.”
That’s according to a study by Sarah Lageson, assistant professor at the Rutgers University School of Criminal Justice; Elizabeth Webster, assistant professor at Loyola University Chicago, and Juan Sandoval, doctoral student at the University of California Irvine.
Lageson holds a Ph.D. in sociology from the University of Minnesota. Webster’s doctorate is from the Rutgers School of Criminal Justice — and Sandoval previously was a probation and parole officer in New Mexico.
The study, released in January, examined 200 public governmental websites of law enforcement, criminal courts, corrections and other repositories in all 50 states. It found a “remarkable quantity” of personally identifiable information (PII) on accused and convicted people.
For example, all states disclose data on currently incarcerated people and nearly half of law-enforcement agencies disclose mugshots.
Continue reading “Q&A: Researchers Sarah Lageson, Elizabeth Webster and Juan Sandoval”
By Robert Bateman
The EU is organizing the world’s first comprehensive legal framework to regulate the development and use of AI systems, but some experts have argued that the rules do not go far enough.
The proposed regulation, presented in draft form Wednesday by the European Commission, takes aim at biometric surveillance, “social-credit” systems and other controversial implementations of AI that do not conform with “EU values.”
The regulation would impose fines of up to 6% of annual turnover for companies that infringe its rules.
Yet some privacy and public policy experts told Digital Privacy News that, in its current form, the new law could fail to protect Europeans from many AI-driven harms.
Continue reading “EU AI Proposals May Not Protect Human Rights, Experts Warn”
New Predictive Policing Tools Employing Surveillance, Raising Privacy Fears
By Jackson Chen
After debuting more than a decade ago as a way to stop crime before it happens, predictive policing methods are shifting toward a more surveillance-based model that could lead to greater privacy concerns, experts told Digital Privacy News.
One of the earliest instances of predictive policing showed up in 2011, when the Santa Cruz Police Department in California adopted such a program after a six-month pilot period.
The program was modeled after an earthquake-aftershock tool and was used to determine where future crimes would occur based on prior agency data.
Since then, many vendors — Geolitica, CivicScape, ShotSpotter Connect, even IBM — are being used by 152 departments across the U.S., according to the Electronic Frontier Foundation’s Atlas of Surveillance tool that tracks which technologies police agencies use.
Continue reading “Controlling the Game”
A Hong Kong riot officer with his knee near the neck of a protester during 2019 National Day demonstrations. The prize-winning photo was part of a global contest exhibit that was assailed by Chinese authorities. Credit: Nicolas Asfouri, Agence France-Presse.
By Patrick McShane
In these occasional reports, Digital Privacy News examines the fallout of China’s “national security law” on Hong Kong.
In the nine months since the “national security law” was passed in June, Beijing has taken control over Hong Kong’s 33,000-strong police force.
It also has gained complete command over the city’s once-respected Education Department and its one million students and 100,000 teachers.
And with a rigid — “must sign or resign” — loyalty oath, China has successively intimidated its 180,000-member civil service department.
Now, the Chinese Communist Party (CCP) will take over Hong Kong’s vibrant arts and cultural scene.
Continue reading “Beijing Moves to Censor, Control Hong Kong’s Art and Culture”
By Robert Bateman
U.K. children’s rights advocates have written to Facebook CEO Mark Zuckerberg, urging him to scrap a version of Instagram that reportedly is in development for children under 13.
The letter, dated April 15, was signed by children’s safety and privacy experts, claiming Instagram “exploits young people’s fear of missing out and desire for peer approval” and challenges children’s “privacy and wellbeing.”
Facebook’s plans were first revealed in an internal memo disclosed last month by Buzzfeed News.
“Instagram has, over and again, proved that it makes improvements only when the public clamor reaches a level that seriously damages trust in the company, after a tragic incident, or to stave off threatened regulation,” said Sonia Livingstone, professor of social psychology at the London School of Economics and Political Science.
Continue reading “Experts Condemn Facebook’s Under-13 Instagram Plan”
‘Most People Value Their Privacy a Lot’
By C.J. Thompson
Lorrie Cranor is a longtime champion of privacy and security issues.
A professor of computer science, engineering and public policy at Carnegie Mellon University, she also serves as director of the university’s CyLab Usable Privacy and Security Laboratory and is co-director of the MSIT privacy engineering masters’ program.
For more than two decades, Cranor’s research has illuminated usable — consumer-friendly — privacy and security technologies and methodologies.
Cranor, whose doctorate is from Washington University in St. Louis, served as chief technologist for the Federal Trade Commission in 2016.
She and CyLab researchers recently designed the blue “opt-out” icon now used on many websites to alert consumers how to decline the sale of their data. It resulted from amendments to the California Consumer Privacy Act (CCPA) in March.
Continue reading “Q&A: Lorrie Cranor of Carnegie Mellon University”
Calif. Bill Seeks to Stop Police From Unbridled License-Plate Data Collection
An image from the user guide for the Law Enforcement Archival Reporting Network (LEARN) system, Vigilant Solutions’ platform for law enforcement officers who access license-plate data.
By Fiona Tang
California legislators are considering a bill that would limit law enforcement’s retention of data obtained through automated license plate readers (ALPRs), hoping to quell alarms from privacy advocates after a state agency found widespread abuse among police.
Democratic State Sen. Scott Wiener introduced the License Plate Privacy Act in January after the California State Auditor released a report earlier last year revealing negligent misuse of ALPR data by authorities.
The activities, the report said, marked severe violations of an existing privacy law, S.B. 34, which had been on the books since January 2016.
“What we are seeing is agencies will maintain massive amounts of data in perpetuity — data that has nothing to do with any kind of investigation or suspected crime — and they are giving it out like candy, to basically any agency, even sometimes non-governmental agencies, anywhere in the country,” Wiener said last month in presenting the bill to the Senate Judiciary Committee.
Continue reading “‘Giving It Out Like Candy’”
By Rachel Looker
If you haven’t recently Googled yourself, it might be time you did.
A routine search could bring up a result with your name and a “free background report” at MyLife.com.
Clicking it takes you to a page with your age, current and previous addresses, religious views, marital status, net worth, political affiliation and many other personal details.
A graphic that resembles a speedometer indicates your “reputation score” based on “background details, personal reviews and social media posts,” according to MyLife’s website.
The gauge indicates how high or low your score is versus the national average.
Each profile contains other personal details, including court and arrest records that can be viewed on the website, some of which only are accessible via a premium, paid membership.
Continue reading “MyLife’s ‘Reputation’ Practices Under Scrutiny From DOJ, FTC”
By Robert Bateman
A government-sponsored plan in the U.K. could allow pubs and other venues to identify customers using facial-recognition technology — and some academics and advocates are worried about the implications for privacy and civil liberties.
The proposed scheme, which is being developed by British tech companies iProov and Mvine using a $103,000 government grant, has been touted as a means to ease COVID-19 restrictions without the use of so-called “vaccine passports.”
But iProov assured Digital Privacy News that subjects’ privacy would be protected. Still, the plans have drawn the ire of privacy advocates, who say it would violate individual privacy and other civil rights.
“There is no legitimate justification for including facial recognition or any other biometric applications in vaccine passport schemes,” said Ella Jakubowska, policy officer at European Digital Rights (EDRi), based in Brussels.
Continue reading “UK Considering Face-Data Scheme for Pubs, Raising Privacy Fears”