Killer robots, a new deadline for Real ID, effective privacy organizing, security cameras with a data leak, Mastodon, and more!
Khari Johnson, WIRED (wired.com)
Last week, San Francisco's Board of Supervisors voted 8-3 to give police the right to kill a criminal suspect with a teleoperated robot if they believe there is an imminent threat of death to police or members of the public. As Johnson reports
The new administrative code requires a police chief to authorize use of deadly force involving a robot and to first consider de-escalation or an alternative use of force. But some civil liberties groups, San Francisco residents, and experts on police violence fear allowing killer robots on city streets. They say the policy change normalizes militarized policing and could lead to the intimidation or death of vulnerable people historically discriminated against by law enforcement, such as those with mental health problems, homeless people, and communities of color.
The final vote is tomorrow.
TAKE ACTION! Demand the San Francisco Board of Supervisors vote against police robots to kill using Black Lives Matter's handy web form.
Edwad Hasbrouck on Papers Please (papersplease.org)
Department of Homeland Security (DHS) has pushed back the requirment to use a "Real ID" license for boarding domestic flights to May 7, 2025.
"The change announced today — only the most recent in a seemingly endlessseries of postponedempty REAL-ID threats — again postpones, but does not withdraw, the DHS threat to start preventing people without ID from traveling by airline within the US."
When I was discussing this with a Congressional staffer before Thanksgiving, I mentioned that I've been involved in activism against Real ID for over 20 years – back in 2005, Stop Real ID Now was one of the first privacy activism campaigns to use social networks, and there was such a flurry of last-minute comments that it overwhelmed the Federal Register's fax machines. In Real ID requirement for air travel delayed, again on the Washington Post, Luz Lazo reports that as of a fwe months ago, only 49% of state-issued IDs are Real-ID compliant. Mine most emphatically is not!
ALSO: DHS Announces Extension of REAL ID Full Enforcement Deadline | Homeland Security, Department of Homeland Security (dhs.gov)
Max von Hippel, Tech Workers Coalition (techworkerscoalition.org)
In October, Northeastern University installed motion sensors installed under all the desks in the Interdisciplinary Science & Engineering Complex (ISEC) at Northeastern University – without letting students know in advance, let alone getting IRB approval or students' consent. Von Hippel writes:
"The alleged reason for the sensors was to conduct a study on desk usage. Reader, we have assigned desks, and we use a key-card to get into the room, so, they already know how and when we use our desks. Most likely the sensors were installed as part of a coordinated effort to push us out of our existing work-space, or to make us share our desks with other students via a hotelling system, an en-vogue new cost-saving measure that’s terrible for research."
Unsprurpsingly, students pushed back. Von Hippel's Twitter thread has a good timeline. Students removed all the sensors and turned them into a public art piece. Eventually, the university backed down.
ALSO: ‘NO’: Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them, Edward Ongweso Jr on VICE Motherboard (vice.com)
Maria Diaz on ZDNET (zdnet.com)
Eufy's home page tells customers they can "keep privacy in their own hands" ... but no. Security researcher Paul Moore has discovered that Eufy uploads video thumbnails and photos of the faces of people detected in the video to the cloud – even when the option to use cloud storage was disabled. Not only that, it turns out that anybody could potentially access a Eufy camera without authentication or encryption by using VLC remotely. Yikes.
ALSO: Anker’s Eufy security cameras hit with new privacy brouhaha, Ben Patterson on TechHive (techhive.com)
Dan Goodin, Ars Technica (arstechnica.com)
A good look at the security issues related to Mastodon, with perspectives from a range of experts – including me! Goodin discusses the impact of Mastodon not having a security team, the lack of any security auditing, the recent misconfiguration vulnerability in multiple instances that allowed for the downloading and deleting of all files stored on the server and replacing every user’s profile picture, and other issues as well.
“On personal security, there aren't a lot of protections against harassment,” said Jon Pincus of the Nexus of Privacy. “Many instances aren't well-moderated (including mastodon.social, which [Mastodon creator] Eugen [Rochko] runs). Even well-moderated instances can be overwhelmed by determined attacks.”
Obviously, I'm still using Mastodon despite the security issues. I see it pretty much the same way as Kevin Beaumont, a security professional and admin for the cyberplace.social instance Goodin also quotes:
“My take is the same as Twitter. Don’t write anything on social media you wouldn’t write in public. Much like Twitter handles direct messages without encryption, Mastodon messages aren’t encrypted either.”
Jon Pincus, The Nexus of Privacy (privacy.thenexus.today)
There are a lot of reasons people might not want their posts on a social network to be indexed by search engines. Too bad Mastodon's "opt out" doesn't actually opt you out.
Alex Hern on The Guardian (theguardian.com)
Campaigners concerned that ‘same racist technology used to repress Uyghurs is being marketed in Britain’
Timnit Gebru on WIRED (wired.com)
This philosophy—supported by tech figures like Sam Bankman-Fried—fuels the AI research agenda, creating a harmful system in the name of saving humanity
Billy Perrigo on Time (time.com)
Whittaker spoke to TIME about the state of the tech landscape, where Signal is going next and the crypto meltdown.
on Garante Privacy (gpdp.it)
David Zipper on The Verge (theverge.com)
Autonomous trucks are probably further out than we think.
on Privacy International (privacyinternational.org)
Since early 2021, PI have been investigating and challenging the latest stride in the UK’s cruel migration policies: the roll-out of GPS ankle tags to monitor migrants released on immigration bail, a dehumanising,
IANS on Business Standard (business-standard.com)
The Delhi government recently told the High Court that one major reason behind its 2017 decision is to save and secure students from sexual abuse and bullying
Adam Schwartz and Cindy Cohn on Electronic Frontier Foundation (eff.org)
A company harvested your personal data, but failed to take basic steps to secure it. So thieves stole it. Now you’ve lost control of your data, and you’re at greater risk of identity theft. But when you sue the negligent company, they say you haven’t really been injured, so you don’t belong in...
Scott Ikeda on CPO Magazine (cpomagazine.com)
Though the fine is not one of the largest issued by CNIL (or for general GDPR violations across the bloc), the case is noteworthy in that Discord is mostly being taken to task for not providing default or built-in security options rather than the fallout of a specific data breach.
Sara Lebow on Insider Intelligence (insiderintelligence.com)
Apple’s AppTrackingTransparency, Google’s cookie deprecation, and the impending threat of regulation are challenging data collection. Trust in social platforms is declining. As consumers shy from sharing information, marketers need to meet customers where they’re comfortable.
Øyvind Kaldestad on Forbrukerrådet (forbrukerradet.no)
Many companies use deceptive design to hold on to customers, increase sales, or acquire personal data. In many cases, this is illegal, the Norwegian Consumer Council says.
Caitlin Hamilton on Techonomy (techonomy.com)
As EU and U.S. leaders meet in Washington at a joint Trade and Technology Council, there is great need for a proposed “transatlantic accord on artificial intelligence.” But the two sides have differing agendas, and agreement is uncertain.
on Center for Digital Democracy (democraticmedia.org)
Hugh Grant-Chapman, Hannah Quay-de la Vallee on Center for Democracy and Technology (cdt.org)
Government agencies rely on a wide range of data to effectively deliver services to the populations with which they engage. Civic-minded advocates frequently argue that the public benefits of this data can be better harnessed by making it available for public access. Recent years, however, have also…
International Coalition of Rights Groups Call on Internet Infrastructure Providers to Avoid Content Policing
Paige Collings on Electronic Frontier Foundation (eff.org)
San Francisco—Internet infrastructure services—the heart of a secure and resilient internet where free speech and expression flows—should continue to focus their energy on making the web an essential resource for users and, with rare exceptions, avoid content policing. Such intervention often...
Rory Mir on Electronic Frontier Foundation (eff.org)
The recent chaos at Twitter is a reminder that when you rely on a social media platform, you’re putting your voice, your privacy, and your safety in the hands of the people who run that system. Many people are looking to Mastodon as a backup or replacement for Twitter, and this guide will walk you t…
on International Association of Privacy Professionals (iapp.org)
IAPP Editorial Director Jedidiah Bracy speaks with EU AI Act Co-rapporteur and Romanian MEP Dragoș Tudorache about the state of play of the proposed legislation
Jim Nash on BiometricUpdate.com (biometricupdate.com)
Three proposed U.S. class actions involving alleged biometric privacy violations are churning between Chicago and New Orleans.
Bonnie Henry on The National Law Review (natlawreview.com)
The rise in remote work has brought with it a rise in employee monitoring. Between 2019 and 2021, the percentage of employees working primarily from home tripled. As “produ
Cheryl Winokur Munk on CNBC (cnbc.com)
Fitness trackers and apps from Google’s Fitbit to Apple Watch and Strava help stay on top of health and wellness, but secure personal data before sporting them.
Dave Johnson on Insider (businessinsider.com)
You can reject most or all spam messages in Facebook Messenger automatically by adjusting your privacy settings.
Sergiu Gatlan on BleepingComputer (bleepingcomputer.com)
Brave Software announced that, as part of a global beta program, it is now displaying “privacy-preserving ads” in-between results shown by its web search engine to select users.
Staff Writer on iTnews (itnews.com.au)
And prospect of penalties.
India Requires Internet Services to Collect and Store Vast Amount of Customer Data, Building a Path to Mass Surveillance
Karen Gullo on Electronic Frontier Foundation (eff.org)
Privacy and online free expression are once again under threat in India, thanks to vaguely worded cybersecurity directions—promulgated by India’s Computer Emergency Response Team (CERT-In) earlier this year—that impose draconian mass surveillance obligations on internet services, threatening...
Jennifer J. Hennessy on The National Law Review (natlawreview.com)
Proposed changes to the federal substance use disorder law will increase provider efficiency and alignment with the Health Insurance Portability and Accountability Act (HIPAA).
Jessica Lyons Hardcastle on The Register (theregister.com)
Your tax dollars at work