Large language models, iCloud encryption, Twitter privacy issues, state privacy legislation, and much much more!
But first, a shameless plug: on Tuesday (December 13) at 9 am Pacific/noon Eastern, please join me and RI Labs for Flocking to Mastodon? Here's what you need to know!
Are you heading to Mastodon as a Twitter alternative or curious about what it is and how it works? Or want to share your own experiences?
Join RI Labs Leadership Circle Member & Founder of the Nexus of Privacy, Jon Pincus, in a conversation about navigating Mastodon with an RI Lens. As a long-time user of the platform, Jon will share his experiences, practical tips and challenges to help you enter this world with eyes wide open. Bring your questions, ideas & opinions.
And now, on to the links.
Abeba Birhane and Deborah Raji on WIRED (wired.com)
Two leading AI Ethics researchers look at the potentially-serious consequences when large language models fall short.
The release of large language models like ChatGPT (a question-answering chatbot) and Galactica (a tool for scientific writing) has revived an old conversation about what these models can do. Their capabilities have been presented as extraordinary, mind-blowing, autonomous; fascinated evangelists have claimed that these models contain “humanity’s scientific knowledge,” are approaching artificial general intelligence (AGI), and even resemble consciousness. However, such hype is not much more than a distraction from the actual harm perpetuated by these systems. People get hurt from the very practical ways such models fall short in deployment, and these failures are the result of their builders’ choices—decisions we must hold them accountable for.
- The Internet’s New Favorite AI Proposes Torturing Iranians and Surveilling Mosques, Sam Biddle on The Intercept (theintercept.com)
Joe Mullin, Electronic Frontier Foundation (eff.org)
Apple will provide full end-to-end encryption on iCloud, including backups tand photos. It is indeed a big victory for EFF and the other privacy organizations who have been advocating for this – and for users as well. EFF writes:
Apple’s on-device encryption is strong, but some especially sensitive iCloud data, such as photos and backups, has continued to be vulnerable to government demands and hackers. Users who opt in to Apple’s new proposed feature, which the company calls Advanced Data Protection for iCloud, will be protected even if there is a data breach in the cloud, a government demand, or a breach from within Apple (such as a rogue employee). Apple said today that the feature will be available to U.S. users by the end of the year, and will roll out to the rest of the world in “early 2023.”
Not only that, Apple annonced that its dropping its plans to install client-side scanning software. They had originally announced this in August 2021, but put it on hold the next month in response to widespread criticism from privacy and security researchers and digital rights groups (incliuding protests and a petition from EFF). Now, it's official that theToday’s announcement makes it official.
- Apple advances user security with powerful new data protections, Apple (apple.com): the official announcement, which also introduces iMessage Contact Key Verification, Security Keys for Apple ID,
- Apple makes it easier to keep your data secret from hackers, cops, and even Apple, Sara Morrison on Vox (vox.com)
- Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next, Lily Hay Newman on Wired (wired.com)
- Apple’s New Encryption Policy Is a Huge Boon for Crypto, David Z. Morris on CoinDesk (coindesk.com)
- Everyone Will Be Able to Encrypt Their iCloud Backups Soon, Kevin Hurler on Gizmodo (gizmodo.com)
- Apple announces new security and privacy measures amid spike in cyber attacks, Johana Bhuiyan on The Guardian (theguardian.com)
- Apple is laser-focused on the privacy of data and end-user experience as it builds out A.I. ambitions, Kylie Robison on Fortune (fortune.com)
- FBI Calls Apple’s Enhanced iCloud Encryption ‘Deeply Concerning’ as Privacy Groups Hail It As a Victory for Users, Sami Fathi on MacRumors (macrumors.com)
- Apple rolls out end-to-end encryption for iCloud backups, Sergiu Gatlan on BleepingComputer (bleepingcomputer.com)
- Privacy changes set Apple at odds with UK government over online safety bill, Alex Hern on The Guardian (theguardian.com)
- Apple rolls out more encryption of iCloud data, Olafimihan Oshin on The Hill (thehill.com)
When Elon Musk bought Twitter, he also bought a treasure trove of internet traffic data from websites like Reddit, NYTimes.com, Amazon.com, studentaid.gov (Department of Education’s Free Application for Federal Student Aid), and the website of Democratic Congressional Campaign Committee (dccc.org)....
The vast majority of these entities have not enabled Twitter's Restricted Data Usage (RDU) feature to set legal guardrails around what Twitter can do with that web traffic data.
- Amazon, FBI.gov, and 70k Other Sites Send Your Data to Elon’s Twitter, Thomas Germain on Gizmodo (gizmodo.com)
Natasha Lomas on TechCrunch (techcrunch.com)
Elon Musk’s desire to stir conspiratorial shit up by giving select outsiders aligned with his conservative agenda access to Twitter systems could land him in serious doodoo with regulators.
State privacy legislation
Kendra Clark on The Drum (thedrum.com)
For the advertising and publishing ecosystem, California's new regulatory enforcement will create new challenges for managing consumer data privacy.
Molly Arranz on JD Supra (jdsupra.com)
With the holidays upon us, companies are assessing year-end to-do’s and considering what 2023 will bring.
Katherine Chaves on JD Supra (jdsupra.com)
A growing trend across privacy legislation is requiring company websites to respond to universal opt-out mechanisms, also known as “Global Privacy Control.” If ignored, a business exposes itself to liabilities that can result in legal and financial consequences.
Shelby Brown on CNET (cnet.com)
Payment apps like Venmo and CashApp are convenient, but you should be aware of the privacy risks.
Vincent Gabrielle on CT Insider (ctinsider.com)
With the holiday season here, advocates are warning that certain toys have major privacy issues.
India Requires Internet Services to Collect and Store Vast Amount of Customer Data, Building a Path to Mass Surveillance
Karen Gullo on Electronic Frontier Foundation (eff.org)
Privacy and online free expression are once again under threat in India, thanks to vaguely worded cybersecurity directions—promulgated by India’s Computer Emergency Response Team (CERT-In) earlier this year—that impose draconian mass surveillance obligations on internet services, threatening...
Rae Hodge on CNET (cnet.com)
You can give your online privacy a major boost by taking five minutes to adjust a few settings in Chrome, Safari, Firefox, Edge or Brave.
on International Association of Privacy Professionals (iapp.org)
IAPP Editorial Director Jedidiah Bracy speaks with EU AI Act Co-rapporteur and Romanian MEP Dragoș Tudorache about the state of play of the proposed legislation
Julia Angwin on The Markup (themarkup.org)
A conversation with Danielle Citron
EU Watchdog Finds Commission Failed to Protect Human Rights From its Surveillance Aid to African Countries
on Privacy International (privacyinternational.org)
The decision by the EU’s oversight body follows a year-long inquiry prompted by complaints outlining how EU bodies and agencies are cooperating with governments around the world to increase their surveillance powers filed b
Thomas Germain on Gizmodo (gizmodo.com)
EU privacy regulators declared that Meta can’t force users to agree to data collection.
Jessica Davis on InformationWeek (informationweek.com)
Data clean rooms offer a way for organizations to collaborate with and share data in a protected environment that preserves privacy and governance. Here’s why they are on the rise now.
Carol Venezia on CIO (cio.com)
Protecting data from theft and improper use is now the concern of the entire C-suite, as it’s crucial organizations are aware of the repercussions of data breaches and failure to comply with regulations.
Vincent Manancourt on POLITICO (politico.eu)
Claimants have to prove the information about them is ‘manifestly inaccurate.’
Chris Armstrong on Crooked Timber (crookedtimber.org)
Another day, another exhortation to join an “ecosystem” that’s anything but.
Zephyr Teachout on The American Prospect (prospect.org)
A review of Karen Levy's Data Driven: Truckers, Technology, and the New Workplace Surveillance, which details the extreme forms of surveillance imposed on long-haul truckers, robbing them of their power.
on EPIC - Electronic Privacy Information Center (epic.org)
EPIC's amicus brief in the Section 230 case.
Adam Zewe on Massachusetts Institute of Technology News (news.mit.edu)
MIT researchers developed a method that enables users to search for information in a remote database privately, without revealing the information they are seeking to the server, that is about 30 times faster than other techniques.
Taylor Hatmaker on TechCrunch (techcrunch.com)
Cinder launches software for companies grappling with some of the internet’s most complex, dangerous challenges.
ABC News on ABC News (abcnews.go.com)
Lensa is transforming selfies into virtual avatars that many have shared online.
on International Association of Privacy Professionals (iapp.org)
The privacy community is remembering Brazilian data protection scholar Danilo Doneda for his contributions to the field.
Rose Eveleth on Vox (vox.com)
They see facial recognition, smart diapers, and surveillance devices as inevitable evolutions. They’re not.
Alexander Martin on The Record by Recorded Future (therecord.media)
The UK’s data protection regulator published the details of more than two dozen data protection incidents in which it reprimanded organizations.
Jim Nash on BiometricUpdate.com (biometricupdate.com)
Court action in the U.S. state of Illinois continues to chip away at the definition of what constitutes a viable biometric information privacy lawsuit.
Eric Johansson on Verdict (verdict.co.uk)
The edtech industry ballooned during the pandemic, but analysts now predict the sector will become the next target for privacy regulators.
Luca Bertuzzi on EURACTIV (euractiv.com)
Damian Tommasino on Dark Reading (darkreading.com)
Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Eleni Stamatoukou on Balkan Insight (balkaninsight.com)
Political parties in parliament confront one another over government’s attempt to put a lid on the Predator spyware scandal by passing a new bill on communications privacy.
Shira Ovide on The Washington Post (washingtonpost.com)
What are the rules of the road for the A.I. age, where anything you share online might train a computer system that puts an innocent person in jail?
Isabel Rubio on Ediciones EL PAÍS S.L. (english.elpais.com)
Researchers have found that, despite its statements to the contrary, the company collects personal information from its app usage data
Hannah Jackson on Global News (globalnews.ca)
The ministry said in over 95 per cent of cases, only names and/or phone numbers were impacted in the breach.
Christopher Burgess on Security Boulevard (securityboulevard.com)
TikTok has a problem. Researchers continue to turn up oddities with respect to the storage of user data/information. The timing, of course, is precarious.
- TikTok pledges to comply with Dutch & European data privacy rules, says state secretary, NL Times (nltimes.nl)
TrustArc Privacy Intelligence on TrustArc Privacy Blog (trustarc.com)
TrustArc’s privacy experts explain how the rules for EU international data transfers changed after the Schrems II decision, including several updates to standard contractual clauses (SCCs).
Nathan Morales on JD Supra (jdsupra.com)
If you manage a company that collects and otherwise processes personal data (which is just about every company, these days), you may need to protect...
Divya Chandrababu on Hindustan Times (hindustantimes.com)
According to their website, 126 facial recognition systems have been installed across various states.
9News Staff on 9News (9news.com.au)
The details of more than 130,000 Telstra customers have been published online due an internal error.
Elisa Braun on POLITICO (politico.eu)
Explosion of online data provides private security companies unprecedented access to personal information.
Luca Bertuzzi on EURACTIV (euractiv.com)
The EU Council formalised its position on the European digital identity at the Telecom Council meeting on Tuesday (6 December).