‘My Data Request’ lists guides to get data about you

GDPR is right around the corner, so it’s time to prepare your personal data requests. If you live in the European Union, tech companies have to comply with personal data requests after May 25th. And there’s a handy website that helps you do just that. My Data Request lists dozens of tech companies and tells you how you can contact them. The website also links to the privacy policy of each service and tells you what to do even if you don’t live in the EU. Some companies, such as Facebook, LinkedIn, Twitter, Google, Tinder and Snapchat have made that easy as they have created a page on their website to download a zip archive with all your personal data. But it’s worth nothing that your archive doesn’t necessarily include all data about you. For instance, Facebook tracks your web and location history as much as possible. But you won’t
Continue reading "‘My Data Request’ lists guides to get data about you"

Does Google’s Duplex violate two-party consent laws?

Google’s Duplex, which calls businesses on your behalf and imitates a real human, ums and ahs included, has sparked a bit of controversy among privacy advocates. Doesn’t Google recording a person’s voice and sending it to a data center for analysis violate two-party consent law, which requires everyone in a conversation to agree to being recorded? The answer isn’t immediately clear, and Google’s silence isn’t helping. Let’s take California’s law as the example, since that’s the state where Google is based and where it used the system. Penal Code section 632 forbids recording any “confidential communication” (defined more or less as any non-public conversation) without the consent of all parties. (The Reporters Committee for the Freedom of the Press has a good state-by-state guide to these laws.) Google has provided very little in the way of details about how Duplex actually works, so attempting to answer this question
Continue reading "Does Google’s Duplex violate two-party consent laws?"

EU parliament pushes for Zuckerberg hearing to be live streamed

There’s confusion about whether a meeting between Facebook founder Mark Zuckerberg and the European Union’s parliament — which is due to take place next Tuesday — will go ahead as planned or not. The meeting was confirmed by the EU parliament’s president this week, and is the latest stop on Zuckerberg’s contrition tour, following the Cambridge Analytics data misuse story that blew up into a major public scandal in mid March.  However the discussion with MEPs that Facebook agreed to was due to take place behind closed doors. A private format that’s not only ripe with irony but was also unpalatable to a large number of MEPs. It even drew criticism from some in the EU’s unelected executive body, the European Commission, which further angered parliamentarians. Now, as the FT reports, MEPs appear to have forced the parliament’s president, Antonio Tajani, to agree to livestreaming the event. Guy Verhofstadt — the
Continue reading "EU parliament pushes for Zuckerberg hearing to be live streamed"

LocationSmart didn’t just sell mobile phone locations, it leaked them

What’s worse than companies selling the real-time locations of cell phones wholesale? Failing to take security precautions that prevent people from abusing the service. LocationSmart did both, as numerous sources indicated this week. The company is adjacent to a hack of Securus, a company in the lucrative business of prison inmate communication; LocationSmart was the partner that allowed the former to provide mobile device locations in real time to law enforcement and others. There are perfectly good reasons and methods for establishing customer location, but this isn’t one of them. Police and FBI and the like are supposed to go directly to carriers for this kind of information. But paperwork is such a hassle! If carriers let LocationSmart, a separate company, access that data, and LocationSmart sells it to someone else (Securus), and that someone else sells it to law enforcement, much less paperwork required! That’s what Securus told
Continue reading "LocationSmart didn’t just sell mobile phone locations, it leaked them"

Zuckerberg will meet with European parliament in private next week

Who says privacy is dead? Facebook’s founder Mark Zuckerberg has agreed to take European parliamentarians’ questions about how his platform impacts the privacy of hundreds of millions of European citizens — but only behind closed doors. Where no one except a handful of carefully chosen MEPs will bear witness to what’s said. The private meeting will take place on May 22 at 17.45CET in Brussels. After which the president of the European Parliament, Antonio Tajani, will hold a press conference to furnish the media with his version of events. It’s just a shame that journalists are being blocked from being able to report on what actually goes on in the room. And that members of the public won’t be able to form their own opinions about how Facebook’s founder responds to pressing questions about what Zuckerberg’s platform is doing to their privacy and their fundamental rights. Because the doors
⤵
Continue reading "Zuckerberg will meet with European parliament in private next week"

Bannon and Cambridge Analytica planned suppression of black voters, whistleblower tells Senate

Appearing before the Senate Judiciary committee today as part of the ongoing investigation of Cambridge Analytica and various forms of meddling in the 2016 elections, former employee and whistleblower Christopher Wylie said that the company and its then-VP Steve Bannon were pursuing voter suppression tactics aimed at black Americans. Although Wylie insisted that he himself did not take part in these programs, he testified to their existence. “One of the things that provoked me to leave was discussions about ‘voter disengagement’ and the idea of targeting African Americans,” he said. “I didn’t participate on any voter suppression programs, so I can’t comment on the specifics of those programs.” “I can comment on their existence, and I can comment more generally on my understanding of what they were doing,” he explained under questioning from Sen. Kamala Harris (D-CA). “If it suited the client’s objective, the firm [SCL, Cambridge Analytica’s parent
Continue reading "Bannon and Cambridge Analytica planned suppression of black voters, whistleblower tells Senate"

Facebook faces fresh criticism over ad targeting of sensitive interests

Is Facebook trampling over laws that regulate the processing of sensitive categories of personal data by failing to ask people for their explicit consent before it makes sensitive inferences about their sex life, religion or political beliefs? Or is the company merely treading uncomfortably and unethically close to the line of the law? An investigation by the Guardian and the Danish Broadcasting Corporation has found that Facebook’s platform allows advertisers to target users based on interests related to political beliefs, sexuality and religion — all categories that are marked out as sensitive information under current European data protection law. And indeed under the incoming GDPR, which will apply across the bloc from May 25. The joint investigation found Facebook’s platform had made sensitive inferences about users — allowing advertisers to target people based on inferred interests including communism, social democrats, Hinduism and Christianity. All of which would be classed
Continue reading "Facebook faces fresh criticism over ad targeting of sensitive interests"

Senate votes today on rollback of net neutrality rollback

Today’s the big day for the Senate’s big push to undo the FCC’s “Restoring Internet Freedom” order nullifying 2015’s net neutrality rules. A vote is scheduled for this afternoon on whether to repeal that order, though as of this writing the coalition is still one vote shy of making it happen. The vote is an application of the Congressional Review Act, which as you might guess from the name allows Congress to review and if necessary undo recent regulations enacted by federal agencies. It’s been seldom used for decades but the current administration has been very free with it as a method of squelching rules passed in the twilight of the Obama era. Today Senate Democrats strike back with the same weapon. A simple majority is required, but right now only a single Republican Senator, Maine’s Susan Collins, has courageously stepped across the aisle to join the Democrat-led effort. One
Continue reading "Senate votes today on rollback of net neutrality rollback"

Zuckerberg again snubs UK parliament over call to testify

Facebook has once again eschewed a direct request from the UK parliament for its CEO, Mark Zuckerberg, to testify to a committee investigating online disinformation — without rustling up so much as a fig-leaf-sized excuse to explain why the founder of one of the world’s most used technology platforms can’t squeeze a video call into his busy schedule and spare UK politicians’ blushes. Which tells you pretty much all you need to know about where the balance of power lies in the global game of (essentially unregulated) U.S. tech platforms giants vs (essentially powerless) foreign political jurisdictions. At the end of an 18-page letter sent to the DCMS committee yesterday — in which Facebook’s UK head of public policy, Rebecca Stimson, provides a point-by-point response to the almost 40 questions the committee said had not been adequately addressed by CTO Mike Schroepfer in a prior hearing last month — Facebook
Continue reading "Zuckerberg again snubs UK parliament over call to testify"

Anyone could download Cambridge researchers’ 4-million-user Facebook dataset for years

A dataset of over 3 million Facebook users and a variety of their personal details collected by Cambridge researchers was available for anyone to download for some four years, New Scientist reports. It’s likely only one of many places where such huge sets of personal data collected during a period of permissive Facebook access terms have been obtainable. The data were collected as part of a personality test, myPersonality, which according to its own wiki (now taken down) was operational from 2007 to 2012, but new data was added as late as August of 2016. It started as a side project by the Cambridge Psychometrics Centre’s David Stillwell (now deputy director there), but graduated to a more organized research effort later. The project “has close academic links,” the site explains, “however, it is a standalone business.” (Presumably for liability purposes; the group never charged for access to the data.
Continue reading "Anyone could download Cambridge researchers’ 4-million-user Facebook dataset for years"

Facebook suspends ~200 suspicious apps out of “thousands” reviewed so far

Did you just notice a Facebook app has gone AWOL? After reviewing “thousands” of apps on its platform following a major data misuse scandal that blew up in March, Facebook has announced it’s suspended around 200 apps — pending what it describes as a “thorough investigation” into whether or not their developers misused Facebook user data. The action is part of a still ongoing audit of third party applications running on the platform announced by Facebook in the wake of the Cambridge Analytica data misuse scandal where a third party developer used quiz apps to extract and pass Facebook user data to the consultancy for political ad targeting purposes. CEO Mark Zuckerberg announced the app audit on March 21, writing that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we
Continue reading "Facebook suspends ~200 suspicious apps out of “thousands” reviewed so far"

What we can learn from the 3,500 Russian Facebook ads meant to stir up U.S. politics

On Thursday, Democrats on the House Intelligence Committee released a massive new trove of Russian government-funded Facebook political ads targeted at American voters. While we’d seen a cross section of the ads before through prior releases from the committee, the breadth of ideological manipulation is on full display across the more than 3,500 newly released ads — and that doesn’t even count still unreleased unpaid content that shared the same divisive aims.

After viewing the ads, which stretch from 2015 to late 2017, some clear trends emerged.

Russia focused on black Americans

Many, many of these ads targeted
Continue reading "What we can learn from the 3,500 Russian Facebook ads meant to stir up U.S. politics"

Net neutrality will officially die on June 11

After months of tension and a variety of smaller milestones, the FCC order voiding 2015’s net neutrality rules and instating its own, much weaker ones will finally take effect on June 11, the agency’s chairman Ajit Pai said today. Although the rule was approved in December, entered into the Federal Register in February, and under ordinary circumstances would have taken effect in April, “Restoring Internet Freedom” had one extra step that needed to be taken. The Office of Management and Budget needed to take a look at the rule because it changed how the industry reported information to the government, and under the Paperwork Reduction Act that authority had to approve the final version. That approval was granted on May 2, the FCC explained in a news release, and June 11 was picked as the effective date “to give providers time to comply with the transparency requirement.” The Congressional
Continue reading "Net neutrality will officially die on June 11"

Signal for Mac users should disable notifications to keep their messages secure

If you’re using Signal for secure messaging, here’s something to be aware of. The app is one of the best-regarded encrypted messaging tools out there, but Mac owners who use Signal might inadvertently be putting their privacy at risk. As Motherboard reports, security researcher Alec Muffett discovered that Signal messages sent to a Mac can persist in the notifications center, even if you have the app’s settings tuned to delete them.

That fact suggests that otherwise private messages live on in the operating system, which is something other researchers are looking into at the moment.

Brexit data transfer gaps a risk for UK startups, MPs told

The uncertainty facing digital businesses as a result of Brexit was front and center during a committee session in the UK parliament today, with experts including the UK’s information commissioner responding to MPs’ questions about how and even whether data will continue to flow between the UK and the European Union once the country has departed the bloc — in just under a year’s time, per the current schedule. The risks for UK startups vs tech giants were also flagged, with concerns voiced that larger businesses are better placed to weather Brexit-based uncertainty thanks to greater resources at their disposal to plug data transfer gaps resulting from the political upheaval. Information commissioner Elizabeth Denham emphasized the overriding importance of the UK data protection bill being passed. Though that’s really just the baby step where the Brexit negotiations are concerned. Parliamentarians have another vote on the bill this afternoon, during its
Continue reading "Brexit data transfer gaps a risk for UK startups, MPs told"

iOS will soon disable USB connection if left locked for a week

In a move seemingly designed specifically to frustrate law enforcement, Apple is adding a security feature to iOS that totally disables data being sent over USB if the device isn’t unlocked for a period of 7 days. This spoils many methods for exploiting that connection to coax information out of the device without the user’s consent. The feature, called USB Restricted Mode, was first noticed by Elcomsoft researchers looking through the iOS 11.4 code. It disables USB data (it will still charge) if the phone is left locked for a week, re-enabling it if it’s unlocked normally. Normally when an iPhone is plugged into another device, whether it’s the owner’s computer or another, there is an interchange of data where the phone and computer figure out if they recognize each other, if they’re authorized to send or back up data, and so on. This connection can be taken advantage
Continue reading "iOS will soon disable USB connection if left locked for a week"

Twitter has an unlaunched “Secret” encrypted messages feature

Buried inside Twitter’s Android app is a “Secret conversation” option that if launched would allow users to send encrypted direct messages. The feature could make Twitter a better a home for sensitive communications that often end up on encrypted messaging apps like Signal, Telegram, or WhatsApp. The encyrpted DMs option was first spotted inside the Twitter for Android application package (APK) by Jane Manchun Wong. APKs often contain code for unlaunched features that companies are quietly testing or will soon make available. A Twitter spokesperson declined to comment on the record. It’s unclear how long it might be before Twitter officially launches the feature, but at least we know it’s been built. The appearance of encrypted DMs comes 18 months after whistleblower Edward Snowden asked Twitter CEO Jack Dorsey for the feature, which Dorsey said was “reasonable and something we’ll think about”. Twitter has gone from “thinking about” the feature
Continue reading "Twitter has an unlaunched “Secret” encrypted messages feature"

We love augmented reality, but let’s fix things that could become big problems

Augmented Reality (AR) is still in its infancy and has a very promising youth and adulthood ahead. It has already become one of the most exciting, dynamic, and pervasive technologies ever developed. Every day someone is creating a novel way to reshape the real world with a new digital innovation.

Over the past couple of decades, the Internet and smartphone revolutions have transformed our lives, and AR has the potential to be that

Ready Player One
Continue reading "We love augmented reality, but let’s fix things that could become big problems"

UK watchdog orders Cambridge Analytica to give up data in US voter test case

Another big development in the personal data misuse saga attached to the controversial Trump campaign-linked UK-based political consultancy, Cambridge Analytica — which could lead to fresh light being shed on how the company and its multiple affiliates acquired and processed US citizens’ personal data to build profiles on millions of voters for political targeting purposes. The UK’s data watchdog, the ICO, has today announced that it’s served an enforcement notice on Cambridge Analytica affiliate SCL Elections, under the UK’s 1998 Data Protection Act. The company has been ordered to give up all the data it holds on one US academic within 30 days — with the ICO warning that: “Failure to do so is a criminal offence, punishable in the courts by an unlimited fine.” The notice follows a subject access request (SAR) filed in January last year by US-based academic, David Carroll after he became suspicious about how
Continue reading "UK watchdog orders Cambridge Analytica to give up data in US voter test case"

Unroll.me to close to EU users saying it can’t comply with GDPR

Put on your best unsurprised face: Unroll.me, a company that has, for years, used the premise of ‘free’ but not very useful ’email management’ services to gain access to people’s email inboxes in order to data-mine the contents for competitive intelligence — and controversially flog the gleaned commercial insights to the likes of Uber — is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25. In a section on its website about the regional service shutdown, the company writes that “unfortunately we can no longer support users from the EU as of the 23rd of May”, before asking whether a visitor lives in the EU or not. Clicking ‘no’ doesn’t seem to do anything but clicking ‘yes’ brings up another info screen where Unroll.me writes that this is its “last month in
🤔
Continue reading "Unroll.me to close to EU users saying it can’t comply with GDPR"