Privacy News August 9: StopShotspotter Week of Action and more
Stop Shotspotter's week of action, Amazon buys Roomba (what could possibly go wrong? ), and dozens of links.
Tell ShotSpotter: Stop selling surveillance
MPower Change on New Mode (act.newmode.net)
Yesterday, the Stop Shotspotter coalition kicked off a National Week of Action against ShotSpotter, an audio surveillance company that is deployed in Black, Brown, and poor neighborhoods around the country and targets them for more policing.
ShotSpotter technology regularly sends police, falsely expecting to find gunshots, into the Black, brown, and poor communities where your microphones are embedded. Instead of preventing gun violence, ShotSpotter tech profits from it....
ShotSpotter makes everyone in our communities less safe by increasing the number of heightened and harmful interactions with police. Majority Black, brown, and poor communities are already impacted by racist violence by police, and ShotSpotter technology helps further it....
Independent research has found that police deployments in response to ShotSpotter alerts fail to result in any evidence of a gun crime about 90% of the time. But we know that ShotSpotter has never released any detailed data or peer-reviewed analyses of its technology’s benefits.
TAKE ACTION: Sign the petition!
FIND OUT MORE: On Thursday, August 11th at 4:30 pm Pacific (7:30 pm Eastern), The People’s Earnings Call, with organizers from campaigns across the country, to talk about how ShotSpotter business financially impacts our communities.
Amazon bought the company that makes the Roomba. Antitrust researchers and data-privacy experts say it’s ‘the most dangerous, threatening acquisition in the company’s history’
Katherine Tangalakis-Lippert on Insider (businessinsider.com)
Yeah really. Great headline! Khari Johnson's Amazon’s iRobot Deal Would Give It Maps Inside Millions of Homes gives the context:
Combined with other recent acquisition targets, Amazon could wind up with a comprehensive look at what’s happening inside people’s homes. The ecommerce giant acquired video doorbell company Ring in 2018 and Wi-Fi router-maker Eero a year later. Speakers and other devices with AI assistant Alexa can now control thousands of smart home devices, including Roomba vacuums. And Amazon plans to acquire primary care chain One Medical in a $3.49 billion all-cash deal, which if approved would put the health data of millions in its keeping.
“People tend to think of Amazon as an online seller company, but really Amazon is a surveillance company. That is the core of its business model, and that’s what drives its monopoly power and profit,” says Evan Greer, director of the nonprofit digital rights organization Fight for the Future. “Amazon wants to have its hands everywhere, and acquiring a company that’s essentially built on mapping the inside of people’s homes seems like a natural extension of the surveillance reach that Amazon already has.”
- Amazon finally found a way inside of your home with iRobot, Jennifer Pattison Tuohy, The Verge (theverge.com)
- Amazon’s Roomba Acquisition Seems Really Not Great!, Vivian Kane, The Mary Sue (themarysue.com)
- Amazon’s $1.7 billion purchase of Roomba maker iRobot sparks privacy fears: ‘Homes were your last data sanctuary’ James Rogers on MarketWatch (marketwatch.com)
- Amazon’s Roomba Deal Is Really About Mapping Your Home, Alex Webb, Bloomberg Businessweek (bloomberg.com)
- Amazon to Buy Maker of the Roomba for $1.7 Billion, Remy Tumin, New York Times (nytimes.com)
- iRobot and Its Roombas Could Give Amazon a Window Into Your Home, Max Eddy, PC Magazine (pcmag.com)
Privacy after Roe
Nebraska Cops Subpoenaed A Teen’s Facebook DMs So They Could Prosecute Her For Having An Abortion
Emily Baker-White and Sara Emerson on Forbes (forbes.com)
A Nebraska teenager is facing criminal charges alleging she aborted a fetus in violation of state law, after authorities obtained her Facebook messages using a search warrant. As Peter Salter reports in Norfolk mother and daughter accused of illegal abortion, burning and burying body in the Lincoln Journal-Star, the teen and her mother were originally charged with removing, concealing or abandoning a dead human body. After that, though, the detective served a search warrant on Facebook and got access to messages between the two of them allegedly describing her plans for a self-managed abortion.
Companies generally have to comply with valid warrants if they are able to. But as Surveillance Technology Oversight Project (STOP) points out in S.T.O.P. Condemns Meta For Helping Nebraska Prosecute Teen For Abortion, Facebook's made a technology choice here that makes it easy for them to provid this information:
“Facebook’s failure to encrypt users’ data is indefensible,” said Surveillance Technology Oversight Project Executive Director Albert Fox Cahn. “Meta touts its privacy, but it still hasn’t done what’s needed to protect Facebook Messenger or WhatsApp. Facebook could have stopped this warrant if they simply encrypted the data. And Facebook and other companies should be fighting these warrants in court. In post-Roe America, this sort of privacy malpractice is criminal.”
Phones Know Who Went to an Abortion Clinic. Whom Will They Tell?, Patience Haggin on WSJ (wsj.com)
Federal Privacy Legislation
FIND OUT MORE: Wednesday at 11:00 am Pacific time (2:00 pm Eastern) Prof Daniel Solove leads an all-star set of speakers to discuss the American Data Privacy and Protection Act (ADPPA). Register here!
Evaluating the American Data Privacy and Protection Act
Alan Butler and Caitriona Fitzgerald on Tech Policy Press (techpolicy.press)
EPIC Privacy's Executive Director and Deputy Director make the case for preventing states from passing strong consumer privacy protections.
Many privacy and consumer protection organizations, including EPIC, have advocated for decades that Congress should enact comprehensive privacy legislation that sets a federal “floor” and allows the states to go further without restriction. However, no such bill has passed or even advanced to a committee vote in either chamber in more than two decades.... The ADPPA is the first privacy bill in twenty years to garner broad bipartisan support and have a real chance at becoming law. That is due, in part, to a key compromise struck in the bill: it includes a private right of action with certain restrictions, as well as a ceiling preemption provision with certain carveouts.
Note that others have used stronger language to describe the restrictions on the private right of action. ACLU, for example calls the private right of action "deficient in a wide range of respects," and concludes "the private right of action is unlikely to serve either as an effective vehicle for rights enforcement or as a motivator to comply with the law in order to avoid the risk of liability." Senate Commerce Committee staffers say the bill “makes it harder for women to seek redress when their sensitive health data has been used against them” and would force women to “jump through arbitrary, drawn-out hoops” to sue over privacy violations. So opinions differ on how good this "compromise" is for consumers. Analyzing the American Data Privacy and Protection Act’s Private Right of Action, by Shelby Dolen and David Stauss on Byte Back, goes into a lot more detail on the private right of action.
Butler and Fitzgerald also compare ADPPA to the Californa Consumer Privacy Act:
We believe that the ADPPA is stronger in several key areas then California’s CCPA, that it would provide roughly equivalent protections in most circumstances, and that the few areas where the CCPA is stronger could be addressed through minor amendments to the ADPPA. Crucially, the ADPPA would also extend privacy protections to more than 330 million people living in the U.S., whereas the CCPA only directly protects California’s 39 million residents.
Of course as Omer Tene pointed out on Twitter, groups like ACLU and Color of Change criticized California's privacy law as not going far enough to protect the interests of maraginlized groups – and many immigrant rights organizations criticized it as well. So "roughly equivalent" is not actually high praise. I'll have more to say about comparisons between ADPPA and California's privacy law in an upcoming post.
- San Diego City Council Supports Rep. Jacobs ‘My Body, My Data’ Act to Protect Reproductive Health Data, Elizabeth Ireland on Times of San Diego (timesofsandiego.com)
- What Microsoft, IBM and others won as the privacy bill evolved, Ben Brody, Hirsh Chitkara on Protocol (protocol.com)
- Corporate lobbying could imperil sweeping data privacy bill, Karl Evers-Hillstrom on The Hill (thehill.com)
The Radical Scope of Tesla’s Data Horde, Mark Harris on IEEE Spectrum (spectrum.ieee.org)
Facial recognition smartwatches to be used to monitor foreign offenders in UK, Nicola Kelly on The Guardian (theguardian.com)
226 complaints lodged against deceptive cookie banners, on noyb.eu (noyb.eu)
What Are Privacy Coins and Are They Legal?, Robert Stevens on CoinDesk (coindesk.com)
Hold-outs targeted in batch of EU cookie consent complaints, Natasha Lomas on TechCrunch (techcrunch.com)
Will Europe Force a Facebook Blackout?, on WIRED UK (wired.co.uk)
Are You Ready for 2023? New Privacy Laws To Take Effect Next Year, Christine Chong on JD Supra (jdsupra.com)
Our complaints against Acxiom, Criteo, Equifax, Experian, Oracle, Quantcast, Tapad, on Privacy International (privacyinternational.org)
San Diego Citizens Wrest Control of Surveillance Tech Away From Police Dell Cameron on Gizmodo (gizmodo.com)
Student privacy laws remain the same, but children are now the product, Joel Schwarz and Emily Cherkin, on The Hill (thehill.com)
From America to Zimbabwe: 3 global data privacy trends to be aware of right now, Kendra Clark on The Drum (thedrum.com)
The UK Online Safety Bill Attacks Free Speech and Encryption, Joe Mullin on Electronic Frontier Foundation (eff.org)
Centre targeting early 2023 approval for new privacy bill ,Reuters, on DH News Service (deccanherald.com)
Data Protection Bill wasn’t perfect but new one shouldn’t be opaque, Raman Jit Singh Chima and Namrata Maheshwari on Times of India (timesofindia.indiatimes.com)
India cannot afford to lack a robust data protection law for too long, Saikiran Kannan on India Today (indiatoday.in)
Image credit: Stop Shotspotter social media toolkit.