A lot of links for your weekend reading pleasure!
Ed Hasbrouck on Papers Please (papersplease.org)
Hasbrouck looks at the integrated and largely-invisible surveillance infrastructure in airports today and the convergence of interests between government agencies, airlines, and airports.
During the pandemic, largely unnoticed, the dystopian surveillance-by design airport of the future that we’ve been worried and warning about for many years has become, in many places, the airport of today....
A characteristic feature of almost all new or newly-renovated major airports in the U.S. and around the world is that they are designed and built on the assumption that all passengers’ movements within the airport will be tracked at all times, and that all phases of “passenger processing” will be carried out automatically using facial recognition, as shown in this video from a technology vendor, Airport of the Future.
- Hasbrouck's recent presentation at CCRC-IP-Asia
- MAGICAL, Part 1, Wendy Grossman on net.wars (pelicancrossing.net), a first-person experience from a long-time privacy expert – and some additional perspectives from Hasbrouck
Geoffrey A. Fowler on The Washington Post (washingtonpost.com)
Speakingn of which, sixteen major domestic airports are testing facial-recognition tech to verify IDs – and the TSA hopes to expand the pilot to airports all across the country next year. What could possibly go wrong?
The TSA says facial recognition, which has been banned by cities such as San Francisco, helps improve security and possibly also efficiency. But it’s also bringing an unproven tech, with civil rights ramifications we still just don’t understand, to one of the most stressful parts of travel....
the TSA hasn’t actually released hard data about how often its system falsely identifies people, through incorrect positive or negative matches. Some of that might come to light next year when the TSA has to make its case to the Department of Homeland Security to convert airports all over the United States into facial recognition systems.
“I am worried that the TSA will give a green light to technology that is more likely to falsely accuse black and brown and nonbinary travelers and other groups that have historically faced more facial recognition errors,” said [Alfred Fox] Cahn of STOP.
As Fowler notes, you don't have to participate: you can tell the officer that you do not want their photo taken, and they'll turn off camera. There are supposed to be signs around informing you of your rights, although we'll see how prominent they are. As Hasbrouck says in The airport of the future is the airport of today
“Opting out” is, in these new airports and terminals, a largely theoretical option available only to those travelers who already know their rights (without being given notice of them), who figure out how to assert them (again without notice), and who are willing to put up with additional questioning, search, and/or delay.
Amanda Hoover on WIRED (wired.com)
According to Spotify, "Spotify Wrapped is all about celebrating the endless ways that millions of creators and fans connect through audio each and every day." It does that based on all the data it tracks about its users and what they're listening to.
“This is a particularly shining example of the fact that Spotify’s business model is based on surveillance,” says Evan Greer, director of the digital rights advocacy group Fight for the Future. “Spotify has done an amazing job of marketing surveillance as fun and getting people to not only participate in their own surveillance, but celebrate it and share it and brag about it to the world.”
Unfortunately, the Wired article leaves out another big proble. Spotify Wrapped was originally developed by Jewel Ham as an intern there, and she's never gotten credit for it. Yes, data privacy is a huge issue ... but it's not the only issue! Whizy Kim's The Intern Who Created Spotify Wrapped’s Story Format Never Got Her Due on Refinery 29 and Keyaira Boone's A Black Howard Alumna Claims She Was Influential In Creating Key Spotify Wrapped Features Without Credit on Essence have more.
Paul Mozur, Claire Fu and Amy Chang Chien in the New York Times (nytimes.com)
After a weekend of protests, the authorities in China are using the country’s all-seeing surveillance apparatus to find those bold enough to defy them.
Ronan Farrow on The New Yorker (newyorker.com)
When Roman Gressier, an American reporter working in El Salvador, found out that he and his colleagues were being surveilled, he feared persecution due to his sexual identity and worried for his sources’ safety. In a lawsuit filed today in federal court in San Jose, Gressier will become the first U.S. citizen whose phone was infected by Pegasus to sue NSO Group for damages, according to lawyers representing him at the Knight First Amendment Institute at Columbia University.
ALSO: Why We’re Suing NSO Group, Jameel Jaffer on Knight First Amendment Institute (knightcolumbia.org)
The Irish Times (irishtimes.com)
The Government needs to think again about plans to introduce this new technology in policing, giving its patchy record and privacy fears
Øyvind Kaldestad on Forbrukerrådet (forbrukerradet.no)
Many companies use deceptive design to hold on to customers, increase sales, or acquire personal data. In many cases, this is illegal, the Norwegian Consumer Council says.
Grace Browne on WIRED (wired.com)
Using the tech giant’s new telehealth service will mean trusting it with your private data.
Sean Hollister on The Verge (theverge.com)
The cameras have a flaw that Eufy insisted would be impossible
Human Rights Watch (hrw.org)
The Hungarian government’s misuse of personal data during the 2022 national elections campaign undermined privacy and further tilted an already uneven playing field in favor of the ruling party, Fidesz.
ALSO: Orbán used Hungarians’ COVID data to boost election campaign, report says, Louis Westendarp on POLITICO (politico.eu)
Richard Vaughan on inews.co.uk (inews.co.uk)
The Government has tabled amendments to strengthen powers to ‘scan and intercept’ end-to-end encrypted messages
Natasha Lomas on TechCrunch (techcrunch.com)
European Union regulators have fired another warning shot at Elon Musk over his erratic piloting of Twitter since his takeover last month.
Jude Karabus on The Register (theregister.com)
Redmond disputes report that ‘it is not possible to use without transferring personal data to the USA’
Hugh Grant-Chapman, Hannah Quay-de la Vallee on Center for Democracy and Technology (cdt.org)
Government agencies rely on a wide range of data to effectively deliver services to the populations with which they engage. Civic-minded advocates frequently argue that the public benefits of this data can be better harnessed by making it available for public access. Recent years, however, have also…
Schrems: “Decision undermines key element of GDPR.”
Pranay Parab on Lifehacker (lifehacker.com)
Reduce tracking and improve your privacy with these lesser-known browsers.
Scott Ikeda on CPO Magazine (cpomagazine.com)
Though the fine is not one of the largest issued by CNIL (or for general GDPR violations across the bloc), the case is noteworthy in that Discord is mostly being taken to task for not providing default or built-in security options rather than the fallout of a specific data breach.
Sara Lebow on Insider Intelligence (insiderintelligence.com)
Apple’s AppTrackingTransparency, Google’s cookie deprecation, and the impending threat of regulation are challenging data collection. Trust in social platforms is declining. As consumers shy from sharing information, marketers need to meet customers where they’re comfortable. That means finding crea…
Invasion of Privacy Lawsuits Will Be On The Rise In California Where Employers Use Monitoring/Tracking Technology
Dan Forman on JD Supra (jdsupra.com)
Employee monitoring and tracking technologies implemented to ensure remote employee productivity for remote work during the COVID-19 pandemic need to...
Leah Callon-Butler on CoinDesk (coindesk.com)
Financial privacy is useful for dissidents in extreme situations. But nobody should have to justify keeping their personal lives private, says our columnist.
Business Wire on Yahoo (yahoo.com)
Nine out of ten apps collect personal data from users without their consent, a clear violation of the European Union’s General Data Protection Regulation (GDPR) and the ePrivacy Directive. This is the result of an analysis of 250 apps in the EU apps market, conducted by privacy tech company Usercentrics.
Mike Schneider, The Associated Press on Federal Times (federaltimes.com)
Differential privacy algorithms add intentional errors to data to obscure the identity of any given participant.
Michael Novinson on bankinfosecurity.com
A multitude of state privacy laws taking effect in 2023 has forced organizations to revamp their compliance programs to incorporate the disparate requirements, says
on Future of Privacy Forum (fpf.org)
On November 9, 2022, FPF, along with the Ada Lovelace Institute (Ada), organized a closed roundtable in Brussels where experts met to discuss the lessons that can be drawn from General Data Protection Regulation (GDPR) enforcement precedents when deciding on the scope and obligations of the European…
Natalie Alms on FCW (fcw.com)
GSA is taking comments on a Federal Register notice detailing new fraud prevention and identity verification efforts through Dec. 21.
Clement Lecigne on Google (blog.google)
The Threat Analysis Group shares new information on the commercial spyware vendor Variston.
Chiara Castro on TechRadar pro (techradar.com)
Twitter 2.0 is taking shape and privacy experts are worried
As US, UK Embrace ‘Age Verify Everyone!’ French Data Protection Agency Says Age Verification Is Unreliable And Violates Privacy Rights
Mike Masnick on Techdirt (techdirt.com)
We keep seeing it show up in a variety of places: laws to “protect the children” that, fundamentally begin with age verification to figure out who is a child (and then layering in a ton…
Author links open overlay panelLucaBelliaEnvelopeYasminCurzibEnvelopeWalter B.GasparcPersonEnvelope on ScienceDirect (sciencedirect.com)
Brazil has recently moved forward on two important developments in its regulatory framework for artificial intelligence: the creation of a national AI…
Aidan Macnab on Canadian Lawyer (canadianlawyermag.com)
Case centred on whether Transportation Safety Board could give in camera submissions on disclosure
Kristen Dalli on ConsumerAffairs (consumeraffairs.com)
Many of the biggest gifts this holiday season require a WiFi connection, which calls into question companies’ privacy policies for each gadget or device. P
Manish Singh on TechCrunch (techcrunch.com)
The compliance is a remarkable illustration of the data Telegram stores on its users and can be made to disclose by authorities.
Sebastian Klovig Skelton, on ComputerWeekly.com (computerweekly.com)
German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US.
Cybersecurity on The Hill (thehill.com)
One issue does bring millions of Americans of all political persuasions together: the need for stronger privacy and security protections for our personal information.
Virginia’s Consumer Data Protection Act Is Not the Commonwealth’s Only Privacy and Data Protection Law — Nor Is It the Nation’s First
Ketan Bhirud on JD Supra (jdsupra.com)
Virginia’s new Consumer Data Protection Act will take effect on January 1, 2023, adding new consumer privacy rights, a broader interpretation of...
Ben Patterson on TechHive (techhive.com)
Eufy cams have been uploading video thumbnails to the cloud without telling users, according to a security researcher.
CRN Team on CRN - India (crn.in)
University of Chicago recently published a study describing a new kind of attack called “downcoding,” demonstrating the vulnerability of a deidentified data set and sending a warning that these data transformations should not be considered sufficient to protect individuals’ privacy
on Center for Digital Democracy (democraticmedia.org)
Sarah E. Needleman, Alexander Saeedy on MarketWatch (marketwatch.com)
TikTok Chief Executive Shou Chew said the video-sharing platform is taking greater steps to keep user data secure and that it needs to invest more in protecting young people from getting exposed to harmful content.
Alessandro Mascellino on Infosecurity Magazine (infosecurity-magazine.com)
The higher penalties and extended powers will become effective after the bill receives royal assent.
ALSO: First patch to the privacy laws in Australia: increased penalties for global companies, Mandi Jacobson on JD Supra (jdsupra.com)
Carrie Pallardy on InformationWeek (informationweek.com)
Google agreed to pay a significant amount in a settlement for violating consumer privacy laws. Could this settlement and Meta’s latest fine be the beginning of a new future for data privacy?
Ad Age Studio 30 on Ad Age (adage.com)
Execs from Uber, Wavemaker and Meta discussed the challenges and opportunities of the new privacy landscape at The Female Quotient during Advertising Week.
Justin Hendry on InnovationAus.com (innovationaus.com)
Australia’s privacy watchdog has launched an investigation into the Medibank data breach that compromised the personal details of 9.7 million customers, on the same day the would-be hackers posted the full trove of data on the dark web. The Office of the Australian Information Commissioner (OAIC) an…
Got any shopping apps on your phone? Privacy analysts say you may be sharing too much information with those companies.
Gary Guthrie on ConsumerAffairs (consumeraffairs.com)
Now that we’re at the height of the holiday shopping season, researchers at privacy protection company Incogni thought it would be interesting to analyze t
PR Newswire on Yahoo Finance (finance.yahoo.com)
More U.S. drivers are open to opting into usage-based insurance (UBI) programs to save on their auto insurance premiums, yet more widespread acceptance of telematics programs and UBI remains elusive due to privacy concerns, according to a new study from the Insurance Research Council (IRC).