Facebook suspends analytics firm Crimson Hexagon over data use concerns

As part of its ongoing mission to close the barn doors after the cows have got out, Facebook has suspended the accounts of British data analytics firm Crimson Hexagon over concerns that it may be improperly handling user data. The ominously named company has for years used official APIs to siphon public posts from Facebook, Instagram, Twitter and other sources online, collating and analyzing for various purposes, such as to gauge public opinion on a political candidate or issue. It has clients around the world, serving Russia and Turkey as well as the U.S. and United Kingdom. Facebook, it seems, was not fully aware of the extent of Crimson Hexagon’s use of user data, however, including in several government contracts which it didn’t have the opportunity to evaluate before they took effect. The possibility that the company is not complying with its data use rules, specifically that they may
Continue reading "Facebook suspends analytics firm Crimson Hexagon over data use concerns"

Healthcare data breach in Singapore affected 1.5M patients, targeted the prime minister

In what’s believed to be the biggest data breach in Singapore’s history, 1.5 million members of the country’s largest healthcare group have had their personal data compromised. The breach affected SingHealth, Singapore’s biggest network of healthcare facilities. Data obtained in the breach includes names, addresses, gender, race, date of birth and patients’ national identification numbers. Around 160,000 of the 1.5 million patients also had their outpatient medical information accessed by unauthorized individuals. All patients affected by the hack had visited SingHealth clinics between May 1, 2015 and July 4, 2018, Singapore newspaper The Straits Times reports. “Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System confirmed that this was a deliberate, targeted and well-planned cyberattack,” a press release from Singapore’s Ministry of Health stated. “It was not the work of casual hackers or criminal gangs.” The hackers appear to have accessed
Continue reading "Healthcare data breach in Singapore affected 1.5M patients, targeted the prime minister"

British Airways shows everyone how not to GDPR

Let’s all take a minute to appreciate the view in the British Airways social media cockpit, where staffers at the coalface of the airline’s Twitter account have presided over a wildly unusual ‘interpretation’ of Europe’s new data protection rules. One that, er, suggests quite the opposite of GDPR compliance… Given the company’s social media staff have been caught encouraging customers to post personal data such as their address and passport number into a public forum — and here’s the anti-privacy cherry! — claiming it’s necessary for GDPR compliance! Insert your own [facepalm of choice]…

Mustafa Al-Bassam, the UCL information security PhD student who flagged the company’s social media fail in the

Continue reading "British Airways shows everyone how not to GDPR"

Uber hires first chief privacy officer

Uber has hired its first chief privacy officer, as well as a former TomTom executive in charge, ensuring the ride-hailing company complies with the EU’s data protection laws. The new hires, which were announced to Uber employees in an internal email, aim to help the company strengthen its privacy standards and data protections. Ruby Zefo, who was hired as chief privacy officer, will be based in San Francisco and is expected to start August 6, according to an email sent to Uber employees Wednesday. Zefo led Intel’s global privacy and security legal team. She also serves on the board of directors for the International Association of Privacy Professionals. Zefo’s appointment is part of the company’s recent mission to move past an embarrassing data breach, as well as other weak privacy practices employed by former CEO Travis Kalanick, who resigned last year after a string of scandals. In April, Uber expanded a
Continue reading "Uber hires first chief privacy officer"

It’s official: Brexit campaign broke the law — with social media’s help

The UK’s Electoral Commission has published the results of a near nine-month-long investigation into Brexit referendum spending and has found that the official Vote Leave campaign broke the law by breaching election campaign spending limits. Vote Leave broke the law including by channeling money to a Canadian data firm, AggregateIQ, to use for targeting political advertising on Facebook’s platform, via undeclared joint working with another Brexit campaign, BeLeave, it found. Aggregate IQ remains the subject of a separate joint investigation by privacy watchdogs in Canada and British Columbia. The Electoral Commission’s investigation found evidence that BeLeave spent more than £675,000 with AggregateIQ under a common arrangement with Vote Leave. Yet the two campaigns had failed to disclose on their referendum spending returns that they had a common plan. As the designated lead leave campaign, Vote Leave had a £7M spending limit under UK law. But via its joint spending with BeLeave
Continue reading "It’s official: Brexit campaign broke the law — with social media’s help"

Reminder: Other people’s lives are not fodder for your feeds

#PlaneBae You should cringe when you read that hashtag. Because it’s a reminder that people are being socially engineered by technology platforms to objectify and spy on each other for voyeuristic pleasure and profit. The short version of the story attached to the cringeworthy hashtag is this: Earlier this month an individual, called Rosey Blair, spent all the hours of a plane flight using her smartphone and social media feeds to invade the privacy of her seat neighbors — publicly gossiping about the lives of two strangers. Her speculation was set against a backdrop of rearview creepshots, with a few barely there scribbles added to blot out actual facial features. Even as an entire privacy invading narrative was being spun unknowingly around them. #PlanePrivacyInvasion would be a more fitting hashtag. Or #MoralVacuumAt35000ft And yet our youthful surveillance society started with a far loftier idea associated with it: Citizen journalism. Once
Continue reading "Reminder: Other people’s lives are not fodder for your feeds"

ACLU calls for a moratorium on government use of facial recognition technologies

Technology executives are pleading with the government to give them guidance on how to use facial recognition technologies, and now the American Civil Liberties Union is weighing in. On the heels of a Microsoft statement asking for the federal government to weigh in on the technology, the ACLU has called for a moratorium on the use of the technology by government agencies. “Congress should take immediate action to put the brakes on this technology with a moratorium on its use, given that it has not been fully debated and its use has never been explicitly authorized,” said Neema Singh Guliani, ACLU legislative counsel, in a statement. “And companies like Microsoft, Amazon, and others should be heeding the calls from the public, employees, and shareholders to stop selling face surveillance technology to governments.” In May the ACLU released a report on Amazon’s sale of facial recognition technology to different law enforcement
Continue reading "ACLU calls for a moratorium on government use of facial recognition technologies"

As facial recognition technology becomes pervasive, Microsoft (yes, Microsoft) issues a call for regulation

Technology companies have a privacy problem. They’re terribly good at invading ours and terribly negligent at protecting their own. And with the push by technologists to map, identify and index our physical as well as virtual presence with biometrics like face and fingerprint scanning, the increasing digital surveillance of our physical world is causing some of the companies that stand to benefit the most to call out to government to provide some guidelines on how they can use the incredibly powerful tools they’ve created. That’s what’s behind today’s call from Microsoft President Brad Smith for government to start thinking about how to oversee the facial recognition technology that’s now at the disposal of companies like Microsoft, Google, Apple and government security and surveillance services across the country and around the world. In what companies have framed as a quest to create “better,” more efficient and more targeted services for consumers,
Continue reading "As facial recognition technology becomes pervasive, Microsoft (yes, Microsoft) issues a call for regulation"

Landmark California privacy bill heads to Governor’s desk

A data privacy bill in California is just a signature away from becoming law over the strenuous objections of many tech companies that rely on surreptitious data collection for their livelihood. The California Consumer Privacy Act of 2018 has passed through the state legislative organs and will now head to the desk of Governor Jerry Brown to be enacted. The law puts in place a variety of powerful protections against consumers having their data collected and sold without their knowledge. You can read the full bill here, but the basic improvements are as follows:
  • Businesses must disclose what information it collects, what business purpose it does so for, and any third parties it shares that data with.
  • Businesses would be required to comply with official consumer requests to delete that data.
  • Consumers can opt out of their data being sold, and businesses can’t retaliate by changing the price or
    Continue reading "Landmark California privacy bill heads to Governor’s desk"

Yet another massive Facebook fail: Quiz app leaked data on ~120M users for years

Facebook knows the historical app audit it’s conducting in the wake of the Cambridge Analytica data misuse scandal is going to result in a tsunami of skeletons tumbling out of its closet. It’s already suspended around 200 apps as a result of the audit — which remains ongoing, with no formal timeline announced for when the process (and any associated investigations that flow from it) will be concluded. CEO Mark Zuckerberg announced the audit on March 21, writing then that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity”. But you do have to question how much the audit exercise is, first and foremost, intended to function as PR damage limitation for Facebook’s brand — given the company’s relaxed
Continue reading "Yet another massive Facebook fail: Quiz app leaked data on ~120M users for years"

Study calls out ‘dark patterns’ in Facebook and Google that push users towards less privacy

More scrutiny than ever is in place on the tech industry, and while high-profile cases like Mark Zuckerberg’s appearance in front of lawmakers garner headlines, there are subtler forces at work. This study from a Norway watchdog group eloquently and painstakingly describes the ways that companies like Facebook and Google push their users towards making choices that negatively affect their own privacy. It was spurred, like many other new inquiries, by Europe’s GDPR, which has caused no small amount of consternation among companies for whom collecting and leveraging user data is their main source of income.

The report (PDF) goes into detail on exactly how these companies create an illusion of control over your data while simultaneously nudging you towards making choices that limit that control. Although the companies and their products will be quick to point out that they are in compliance with the requirements

Continue reading "Study calls out ‘dark patterns’ in Facebook and Google that push users towards less privacy"

Microsoft’s facial recognition just got better at identifying people with dark skin

Microsoft’s facial recognition tools just made some significant technological strides, though the timing probably couldn’t be worse. On Tuesday, the company revealed in a blog post that its Face API, part of Azure Cognitive Services, can now identify men and women with darker skin far more successfully than previous iterations of the technology. The updates particularly improve the system’s recognition capabilities for women with darker skin tones, reducing error rates for darker-skinned men and women by as much as 20 times and reducing error rates for all women by nine times. Microsoft stated that it was able to “significantly reduce accuracy differences across the demographics” by expanding facial recognition training data sets, initiating new data collection around the variables of skin tone, gender and age and improving its gender classification system by “focusing specifically on getting better results for all skin tones.” “The higher error rates on females with
Continue reading "Microsoft’s facial recognition just got better at identifying people with dark skin"

Digital campaigning vs democracy: UK election regulator calls for urgent law changes

A report by the UK’s Electoral Commission has called for urgent changes in the law to increase transparency about how digital tools are being used for political campaigning, warning that an atmosphere of mistrust is threatening the democratic process. The oversight body, which also regulates campaign spending, has spent the past year examining how digital campaigning was used in the UK’s 2016 EU referendum and 2017 general election — as well as researching public opinion to get voters’ views on digital campaigning issues. Among the changes the Commission wants to see is greater clarity around election spending to try to prevent foreign entities pouring money into domestic campaigns, and beefed up financial regulations including bigger penalties for breaking election spending rules. It also has an ongoing investigation into whether pro-Brexit campaigns — including the official Vote Leave campaign — broke spending rules. And last week the BBC reported on a leaked
Continue reading "Digital campaigning vs democracy: UK election regulator calls for urgent law changes"

AT&T collaborates on NSA spying through a web of secretive buildings in the U.S.

A new report from the Intercept sheds light on the NSA’s close relationship with communications provider AT&T. The Intercept identified eight facilities across the U.S. that function as hubs for AT&T’s efforts to collaborate with the intelligence agency. The site first identified one potential hub of this kind in 2017 in lower Manhattan. The report reveals that eight AT&T data facilities in the U.S. are regarded are high value sites to the NSA for giving the agency direct “backbone” access to raw data that passes through, including emails, web browsing, social media and any other form of unencrypted online activity. The NSA uses the web of eight AT&T hubs for a surveillance operation code named FAIRVIEW, a program previously reported by the New York Times. The program, first established in 1985, “involves tapping into international telecommunications cables, routers, and switches” and only coordinates directly with AT&T and not
Continue reading "AT&T collaborates on NSA spying through a web of secretive buildings in the U.S."

Google adds a search feature to account settings to ease use

Google has announced a refresh of the Google Accounts user interface. The changes are intended to make it easier for users to navigate settings and review data the company has associated with an account — including information relating to devices, payment methods, purchases, subscriptions, reservations, contacts and other personal info. The update also makes security and privacy options more prominent, according to Google. “To help you better understand and take control of your Google Account, we’ve made all your privacy options easy to review with our new intuitive, user-tested design,” it writes. “You can now more easily find your Activity controls in the Data & Personalization tab and choose what types of activity data are saved in your account to make Google work better for you. “There, you’ll also find the recently updated Privacy Checkup that helps you review your privacy settings and explains how they shape your experience across
Continue reading "Google adds a search feature to account settings to ease use"

Blockchain browser Brave starts opt-in testing of on-device ad targeting

Brave, an ad-blocking web browser with a blockchain-based twist, has started trials of ads that reward viewers for watching them — the next step in its ambitious push towards a consent-based, pro-privacy overhaul of online advertising. Brave’s Basic Attention Token (BAT) is the underlying micropayments mechanism it’s using to fuel the model. The startup was founded in 2015 by former Mozilla CEO Brendan Eich, and had a hugely successful initial coin offering last year. In a blog post announcing the opt-in trial yesterday, Brave says it’s started “voluntary testing” of the ad model before it scales up to additional user trials. These first tests involve around 250 “pre-packaged ads” being shown to trial volunteers via a dedicated version of the Brave browser that’s both loaded with the ads and capable of tracking users’ browsing behavior. The startup signed up Dow Jones Media Group as a partner for the
Continue reading "Blockchain browser Brave starts opt-in testing of on-device ad targeting"

Keepsafe launches a privacy-focused mobile browser

Keepsafe, the company behind the private photo app of the same name, is expanding its product lineup today with the release of a mobile web browser. Co-founder and CEO Zouhair Belkoura argued that all of Keepsafe’s products (which also include a VPN app and a private phone number generator) are united not just by a focus on privacy, but by a determination to make those features simple and easy-to-understand — in contrast to what Belkoura described as “how security is designed in techland,” with lots of jargon and complicated settings. Plus, when it comes to your online activity, Belkoura said there are different levels of privacy. There’s the question of the government and large tech companies accessing our personal data, which he argued people care about intellectually, but “they don’t really care about it emotionally.” Then there’s “the nosy neighbor problem,” which Belkoura suggested is something people
Keepsafe browser tabs
Continue reading "Keepsafe launches a privacy-focused mobile browser"

Verizon stops selling customer location to two data brokers after one is caught leaking it

Verizon is cutting off access to its mobile customers’ real-time locations to two third-party data brokers “to prevent misuse of that information going forward.” The company announced the decision in a letter sent to Senator Ron Wyden (D-OR), who along with others helped reveal improper usage and poor security at these location brokers. It is not, however, getting out of the location-sharing business altogether. Verizon sold bulk access to its customers’ locations to the brokers in question, LocationSmart and Zumigo, which then turned around and resold that data to dozens of other companies. This isn’t necessarily bad — there are tons of times when location is necessary to provide a service the customer asks for, and supposedly that customer would have to okay the sharing of that data. (Disclosure: Verizon owns Oath, which owns TechCrunch. This does not affect our coverage.) That doesn’t seem to have
Continue reading "Verizon stops selling customer location to two data brokers after one is caught leaking it"

Verizon stops selling customer location to two data brokers after one is caught leaking it

Verizon is cutting off access to its mobile customers’ real-time locations to two third-party data brokers “to prevent misuse of that information going forward.” The company announced the decision in a letter sent to Senator Ron Wyden (D-OR), who along with others helped reveal improper usage and poor security at these location brokers. It is not, however, getting out of the location-sharing business altogether. Verizon sold bulk access to its customers’ locations to the brokers in question, LocationSmart and Zumigo, which then turned around and resold that data to dozens of other companies. This isn’t necessarily bad — there are tons of times when location is necessary to provide a service the customer asks for, and supposedly that customer would have to okay the sharing of that data. (Disclosure: Verizon owns Oath, which owns TechCrunch. This does not affect our coverage.) That doesn’t seem to have
Continue reading "Verizon stops selling customer location to two data brokers after one is caught leaking it"

UK report warns DeepMind Health could gain ‘excessive monopoly power’

DeepMind’s foray into digital health services continues to raise concerns. The latest worries are voiced by a panel of external reviewers appointed by the Google-owned AI company to report on its operations after its initial data-sharing arrangements with the U.K.’s National Health Service (NHS) ran into a major public controversy in 2016. The DeepMind Health Independent Reviewers’ 2018 report flags a series of risks and concerns, as they see it, including the potential for DeepMind Health to be able to “exert excessive monopoly power” as a result of the data access and streaming infrastructure that’s bundled with provision of the Streams app — and which, contractually, positions DeepMind as the access-controlling intermediary between the structured health data and any other third parties that might, in the future, want to offer their own digital assistance solutions to the Trust. While the underlying FHIR (aka, fast healthcare interoperability resource) deployed
Continue reading "UK report warns DeepMind Health could gain ‘excessive monopoly power’"