Lots of privacy news this holiday weekend! But first, in honor of the Fourth, here's Baratunde Thurston reading Frederick Douglass' "What to the Slave is the Fourth of July."
And now on to the links ...
Alessandro Mascellino on Biometric Update (biometricupdate.com)
A new report from the Government Accountability Office (GAO) paints a bleak picture of federal government usage of outside facial recognition systems:
GAO says that out of 13 agencies it recommended should implement mechanisms to track non-federal facial recognition systems used by employees and assess their associated risks, only three have implemented systems, and even they have not performed risk assessments.
Dell Cameron's Congress Surprised to Learn Biometric Surveillance Rampant, Unchecked on Gizmodo has more on last Wednesday's Science Space & Technology Committee's Subcommittee on Investigations and Oversight hearing on Privacy in the Age of Biometrics, noting that "House lawmakers, at times, seemed unfamiliar with not only the laws and procedures relevant to the government’s use of biometric data, but the widespread use of face recognition by federal employees on an ad-hoc basis, absent any hint of federal oversight."
ALSO: NY is Ignoring the Ban on Facial Recognition in Schools, Juan Miguel and Daniel Schwartz, New York Civil Liberties Union
on NYTimes (nytimes.com)
Last month, over 50 civil rights groups urged Google to stop collecting location data because of the risk to people getting abortions. Last weed Alphabet Workers Union demanded that the company delete any personal data that law enforcement could try to use to prosecute those who are getting abortions. Google's announcement on Friday doesn't go anywhere near that far, but at least it's something:
Some of the places people visit — including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others — can be particularly personal. Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.
Of course, Location History is only one of the many different kinds of data Google tracks that puts people at risk; the announcement says nothing about search history. And even for location data, there are all kinds of problems. Kate Bertash notes that Google products are notoriously terrible at telling when something is actually an abortion clinic, Ali Alkhatib describes why they really need to delete the data for an entire week around the vist, and as Evan Greer points out even having the list of "sensitive sites" is potentially also a problem.
Still, it's encouraging – and it shows that the pressure is strong enough that it has an effect.
SEE ALSO: Overturning Roe could change how digital advertisers use location data. Can they regulate themselves?, Kate Kaye on Protocol (protocol.com)
Online Abortion Pill Provider Hey Jane Used Tracking Tools That Sent Visitor Data to Meta, Google, and Others
Jon Keegan and Dara Kerr on The Markup (themarkup.org)
The latest in The Markup's excellent series looking at web trackers with their Blacklight project. This time, it's Hey Jane, a site that lets connect with medical providers and order "fast, safe and affordable abortion pills." Unfortunately ...
[A]n analysis of Hey Jane’s website with The Markup’s Blacklight privacy inspector tool showed the site employed a series of online trackers that follow users across the internet. The trackers notified Google, Facebook’s parent company Meta, payments processor Stripe, and four analytics firms when users visited its site.
The Markup also found personally identifying information of customers in the data powering Hey Jane’s reviews section, including one reviewer’s Instagram handle and the hometowns of others. The reviews were served by a third-party service called Reviews.io.
That's bad! Hey Jane 's has now removed almost all of their trackers (although Google Analytics is still there), and removed the reviews from their site.
- Facebook Is Receiving Sensitive Medical Information from Hospital Websites, Todd Feathers, Simon Fondrie-Teitler, Angie Waller, and Surya Mattu on The Markup
- Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients, Grace Oldham and Dhruv Mehrotra on Reveal (revealnews.org)
ArriveCan app might still be used after the pandemic: public safety minister, Chris Campbell, on CTV News (windsor.ctvnews.ca)
Data privacy concerns make the post-Roe era uncharted territory, Juliana Kim on WJCT News (news.wjct.org)
‘Voiceprints’ Roil Companies as Biometrics Litigation Skyrockets, Samantha Hawkins on Request a Free Demo (news.bloomberglaw.com)
EFF to File Amicus Brief in First U.S. Case Challenging Dragnet Keyword Warrant, Jennifer Lynch and Andrew Crocker on Electronic Frontier Foundation (eff.org)
PRESS RELEASE: Leading Privacy Scholars and Advocates Join EPIC’s Advisory Board, EPIC - Electronic Privacy Information Center (epic.org)
Federal government will help states punish abortion — using our phones, Riana Pfefferkorn, The Hill (thehill.com)
Abortion Ruling Puts User Data Privacy in Focus. Here’s What to Know. Meghan Bobrowsky on WSJ (wsj.com)
The Mounting Threats to Sensitive Data After Roe v. Wade, Marianne Kolbasuk McGee on healthcareinfosecurity.com
Period Tracking Apps Used By Millions Of Women Are Sharing Incredibly Sensitive Data With Facebook, Megha Rajagopalan on BuzzFeed News (buzzfeednews.com)
TikTok Sued by Dutch Parents Group, App Accused of Violating Child Privacy With Data Collection, Scott Ikeda on CPO Magazine (cpomagazine.com)
Top EU Judge Says Mass Snooping Is Illegal, Jennifer Baker on CPO Magazine (cpomagazine.com)
TikTok responds to data privacy concerns raised by Republican senators, Elliot Lewis on NBC News (nbcnews.com)
Disruptive Legislation Triggers the Need to Reassess the Collection of Employee Data, Risa B. Boerner on CPO Magazine (cpomagazine.com)