"The Open Technology Institute (OTI) has responded to GCHQ/NCSC's article on 'Principles for a More Informed Exceptional Access Debate' with an 'Open Letter to GCHQ on the Threats Posed by the Ghost Proposal'. 'Exceptional access' is the law enforcement term for accessing encrypted messages -- the so-called government backdoor into end-to-end encryption services. 'Going dark' is the term law enforcement uses to describe its inability to access encrypted messages between subjects of interest that increasingly use encryption. 'Ghost proposal' is OTI's term for GCHQ's proposed method to prevent going dark.... The authors then propose possible methods of gaining access while conforming to the principles. Encrypted cloud backups are conceptually easy: "If those backups are encrypted, maybe we can do password guessing on big machines," suggest the authors. It would be focused and could be given judicial oversight and legitimacy relatively easy. Of more interest, however, is the proposed possible route into encrypted chats in real time. "It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who's who and which devices are involved -- they're usually involved in introducing the parties to a chat or call. You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication." This is the so-called 'ghost user' solution. The authors state very clearly that this does not interfere with encryption. "We're not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we're normally talking about suppressing a notification on a target's device, and only on the device of the target and possibly those they communicate with." In its open letter (PDF) to GCHQ, the OTI acknowledges that vendors' encryption algorithms will not be manipulated, but suggest that implementing the ghost user will create significant other problems. For example, while the encryption itself does not need to be redeveloped, the method of authenticating users (the check codes to ensure that the chat is between expected users) will have to be rewritten. Susan Landau points out that the ghost proposal "involves changing how the encryption keys are negotiated in order to accommodate the silent listener, creating a much more complex protocol -- raising the risk of an error." On top of this, GCHQ's own principal of transparency over when the option is invoked will demonstrate that it is being invoked -- meaning that users of encryption (for very legitimate purposes such as journalism, conversations between vulnerable people, and more) will never know, nor be able to trust, that their conversations are genuinely confidential."
Inside GCHQ's Proposed Backdoor Into End-to-End Encryption
Security Week, 3 June 2019

"Visa applicants to the United States are required to submit any information about social media accounts they have used in the past five years under a State Department policy that started on Friday. Such account information would give the government access to photos, locations, dates of birth, dates of milestones and other personal data commonly shared on social media. “We already request certain contact information, travel history, family member information, and previous addresses from all visa applicants,” the State Department said in a statement. “We are constantly working to find mechanisms to improve our screening processes to protect U.S. citizens, while supporting legitimate travel to the United States.”.... “This seems to be part and parcel of the same effort to have an extraordinary broad surveillance of citizens and noncitizens,” Elora Mukherjee, director of the Immigrants’ Rights Clinic at Columbia Law School, said on Sunday of the latest development. “Given the scope of the surveillance efforts, it is hard to find a rational basis for the broad surveillance the Department of State and the Department of Homeland Security have been doing for almost two years.” The added requirement could dissuade visa applicants, who may see it as a psychological barrier to enter the United States. “This is a dangerous and problematic proposal, which does nothing to protect security concerns but raises significant privacy concerns and First Amendment issues for citizens and immigrants,” Hina Shamsi, the director of the American Civil Liberties Union’s National Security Project, said on Sunday. “Research shows that this kind of monitoring has chilling effects, meaning that people are less likely to speak freely and connect with each other in online communities that are now essential to modern life.” The social media web today is a map of our contacts, associations, habits and preferences. This kind of requirement will result in suspicion of surveillance of travelers and their networks of friends, families and business associates, Ms. Shamsi said, adding that the government had failed to explain how it would use this information."
U.S. Requiring Social Media Information From Visa Applicants
New York Times, 2 June 2019

"NSA whistleblower Edward Snowden said Thursday that people in systems of power have exploited the human desire to connect in order to create systems of mass surveillance. Snowden appeared at Dalhousie University in Halifax, Nova Scotia via livestream from Moscow to give a keynote address for the Canadian university's Open Dialogue Series. Right now, he said, humanity is in a sort of "atomic moment" in the field of computer science. "We're in the midst of the greatest redistribution of power since the Industrial Revolution, and this is happening because technology has provided a new capability," Snowden said. "It's related to influence that reaches everyone in every place," he said. "It has no regard for borders. Its reach is unlimited, if you will, but its safeguards are not." Without such defenses, technology is able to affect human behavior.... Institutions can "monitor and record private activities of people on a scale that's broad enough that we can say it's close to all-powerful," said Snowden. They do this through "new platforms and algorithms," through which "they're able to shift our behavior. In some cases they're able to predict our decisions—and also nudge them—to different outcomes. And they do this by exploiting the human need for belonging."... "And now," he added, "these institutions, which are both commercial and governmental, have built upon that and... have structuralized that and entrenched it to where it has become now the most effective means of social control in the history of our species." "Maybe you've heard about it," Snowden said. "This is mass surveillance." Listen to Snowden's full remarks below. (He begins speaking around the 25-minute mark.)"
Edward Snowden: With Technology, Institutions Have Made 'Most Effective Means of Social Control in the History of Our Species'
Common Dreams, 31 May 2019

"The world’s lawmakers have a duty to protect children from being turned into “voodoo dolls” by the “surveillance capitalism” of major high-tech companies, says the Canadian chair of the international grand committee on big data, privacy and democracy. Conservative MP Bob Zimmer offered that summary as the multinational group of legislators wrapped its third and final day of hearings on Parliament Hill on Wednesday. The committee is examining the role of internet giants in safeguarding privacy and democratic rights. Over three days, the MPs have grilled representatives from Facebook, Amazon and other tech titans, and they lamented the fact the household names that head those and other organizations ignored requests to testify. They were replaced by lower-level officials who, in some cases, declined to answer questions because they said they didn’t have the big-picture knowledge of their celebrity bosses. Zimmer said the hearings have been useful as he watches his own four children, aged 15 to 21, “getting more and more addicted to these phones.” “When you see from surveillance capitalism, the whole drive, the whole business model is to keep them glued to that phone despite the bad health that that brings to those children – our kids. It’s all for a buck,” said Zimmer. “We’re responsible to do something about that. We care about our kids. We don’t want to see them turned into voodoo dolls, to be controlled by the almighty dollar and capitalism.” Liberal and New Democrat MPs on the committee shared that view in a rare show of domestic political unity. That was evident across international lines as well. British MP Damian Collins, the committee co-chair, said the hearings have shown how the companies were “unwilling to answer direct questions about how they gather data and how they use it.” That includes testimony by witnesses who couldn’t explain how Facebook and Amazon interact, or how data from the LinkedIn networking site and Microsoft (which bought it in 2016) are integrated, said Collins. “I don’t understand why companies are unwilling to talk openly about the tools they put in place. People may consent to use these tools but do they understand the extent of the data they’re sharing when they do,” said Collins. The privacy implications of one popular online tool came under scrutiny during Wednesday’s testimony. A security executive for the internet-browser company Mozilla said he was shocked by the recordings of his family that were collected and retained by Amazon’s popular Alexa voice-activated interactive speakers. Alan Davidson, Mozilla’s vice-president of global policy, trust and security, said the Amazon Echo, the hardware that runs the Alexa service, is a wonderful product but when he recently examined what his family had recorded and stored, he found the archive included conversations among his young children. “I was shocked, honestly, and my family was shocked to see these recordings of our young children from years ago that are in the cloud and stored about us. It’s not to say that something was done wrong, or unlawfully,” Davidson said. “But users have no idea – they have no idea this data is out there and they don’t know how it’s going to be used in the future either.”"
Big data committee wraps up third and final day of hearings on Parliament Hill
Globe and Mail, 30 May 2019

"Next week, a school district in western New York will become the first in the United States to pilot a facial recognition system on its students and faculty. On Monday, June 3, the Lockport City School District will light up its Aegis system as part of a pilot project that will make it broadly operational by Sept. 1, 2019. The district has eight schools.The Lockport pilot comes amid increased scrutiny of facial recognition’s efficacy across the US, including growing civil rights concerns and worries that the tech may serve to further entrench societal biases. Earlier this month, San Francisco banned police from using facial recognition, and similar bills in the US hope to do the same. Amazon has endured persistent pressure — including from its own shareholders — for its aggressive salesmanship of its facial Rekognition system to law enforcement agencies. Rep. Alexandria Ocasio-Cortez expressed concern that facial recognition could be used as a form of social control in a congressional hearing on the technology last week....After Lockport’s initial announcement, the New York Civil Liberties Union investigated the effort and wrote letters to the New York State Education Department, asking it to intervene and block the project. “This is opening the floodgates,“ Stefanie Coyle, education counsel for NYCLU, told BuzzFeed News in an interview. “San Francisco banned this tech, and it’s this major city closest to all the people who understand this tech the best. Why in the world would we want this to come to New York, and in a place where there are children?”
The First Public Schools In The US Will Start Using Facial Recognition Next Week
Buzzfeed, 29 May 2019

"It’s 3 a.m. Do you know what your iPhone is doing? Mine has been alarmingly busy. Even though the screen is off and I’m snoring, apps are beaming out lots of information about me to companies I’ve never heard of. Your iPhone probably is doing the same — and Apple could be doing more to stop it. On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with. And all night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address -— once every five minutes." Our data has a secret life in many of the devices we use every day, from talking Alexa speakers to smart TVs. But we’ve got a giant blind spot when it comes to the data companies probing our phones. You might assume you can count on Apple to sweat all the privacy details. After all, it touted in a recent ad, “What happens on your iPhone stays on your iPhone.” My investigation suggests otherwise. IPhone apps I discovered tracking me by passing information to third parties — just while I was asleep — include Microsoft OneDrive, Intuit’s Mint, Nike, Spotify, The Washington Post and IBM’s the Weather Channel. One app, the crime-alert service Citizen, shared personally identifiable information in violation of its published privacy policy. And your iPhone doesn’t only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T. “This is your data. Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?” says Patrick Jackson, a former National Security Agency researcher who is chief technology officer for Disconnect. He hooked my iPhone into special software so we could examine the traffic. “I know the value of data, and I don’t want mine in any hands where it doesn’t need to be,” he told me. In a world of data brokers, Jackson is the data breaker. He developed an app called Privacy Pro that identifies and blocks many trackers. If you’re a little bit techie, I recommend trying the free iOS version to glimpse the secret life of your iPhone. Yes, trackers are a problem on phones running Google’s Android, too. Google won’t even let Disconnect’s tracker-protection software into its Play Store. .... Jackson’s biggest concern is transparency: If we don’t know where our data is going, how can we ever hope to keep it private?... Privacy policies don’t necessarily provide protection. Citizen, the app for location-based crime reports, published that it wouldn’t share “your name or other personally identifying information.” Yet when I ran my test, I found it repeatedly sent my phone number, email and exact GPS coordinates to the tracker Amplitude....The problem is, the more places personal data flies, the harder it becomes to hold companies accountable for bad behavior — including inevitable breaches....What disappoints me is that the data free-for-all I discovered is happening on an iPhone. Isn’t Apple supposed to be better at privacy?"
It’s the middle of the night. Do you know who your iPhone is talking to?
Washington Post, 28 May 2019

"For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services. But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case. Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard. It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs. The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders. Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history,” more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor. “The government has refused to take responsibility, or even to answer the most basic questions,” Mr. Rid said. “Congressional oversight appears to be failing. The American people deserve an answer.”" The N.S.A. and F.B.I. declined to comment. Since that leak, foreign intelligence agencies and rogue actors have used EternalBlue to spread malware that has paralyzed hospitals, airports, rail and shipping operators, A.T.M.s and factories that produce critical vaccines. Now the tool is hitting the United States where it is most vulnerable, in local governments with aging digital infrastructure and fewer resources to defend themselves. Before it leaked, EternalBlue was one of the most useful exploits in the N.S.A.’s cyberarsenal. According to three former N.S.A. operators who spoke on the condition of anonymity, analysts spent almost a year finding a flaw in Microsoft’s software and writing the code to target it. Initially, they referred to it as EternalBluescreen because it often crashed computers — a risk that could tip off their targets. But it went on to become a reliable tool used in countless intelligence-gathering and counterterrorism missions. EternalBlue was so valuable, former N.S.A. employees said, that the agency never seriously considered alerting Microsoft about the vulnerabilities, and held on to it for more than five years before the breach forced its hand.... Today, Baltimore remains handicapped as city officials refuse to pay, though workarounds have restored some services. Without EternalBlue, the damage would not have been so vast, experts said. The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could. North Korea was the first nation to co-opt the tool, for an attack in 2017 — called WannaCry — that paralyzed the British health care system, German railroads and some 200,000 organizations around the world. Next was Russia, which used the weapon in an attack — called NotPetya — that was aimed at Ukraine but spread across major companies doing business in the country. The assault cost FedEx more than $400 million and Merck, the pharmaceutical giant, $670 million.".... Until a decade or so ago, the most powerful cyberweapons belonged almost exclusively to intelligence agencies — N.S.A. officials used the term “NOBUS,” for “nobody but us,” for vulnerabilities only the agency had the sophistication to exploit. But that advantage has hugely eroded, not only because of the leaks, but because anyone can grab a cyberweapon’s code once it’s used in the wild. Some F.B.I. and Homeland Security officials, speaking privately, said more accountability at the N.S.A. was needed. A former F.B.I. official likened the situation to a government failing to lock up a warehouse of automatic weapons."
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
New York Times, 25 May 2019

"The maker of vehicle license plate readers used extensively by the US government and cities to identify and track citizens and immigrants has been hacked. Its internal files were pilfered, and are presently being offered for free on the dark web to download. Tennessee-based Perceptics prides itself as "the sole provider of stationary LPRs [license plate readers] installed at all land border crossing lanes for POV [privately owned vehicle] traffic in the United States, Canada, and for the most critical lanes in Mexico." In fact, Perceptics recently announced, in a pact with Unisys Federal Systems, it had landed "a key contract by US Customs and Border Protection to replace existing LPR technology, and to install Perceptics next generation License Plate Readers (LPRs) at 43 US Border Patrol check point lanes in Texas, New Mexico, Arizona, and California." On Thursday this week, however, an individual using the pseudonym "Boris Bullet-Dodger" contacted The Register, alerting us to the hack, and provided a list of files exfiltrated from Perceptics' corporate network as proof. We're assuming this is the same "Boris" involved in the CityComp hack last month. Boris declined to answer our questions. The file names and accompanying directories – numbering almost 65,000 – fit with the focus of the surveillance technology biz. They include .xlsx files named for locations and zip codes, .jpg files with names that refer to "driver" and "scene," .docx files associated with presumed government clients like ICE, and date-and-time stamped .jpgs and .mp4 files. And there many other types of files: .htm, .html, .txt, .doc, .asp, .tdb, .mdb, .json, .rtf, .xls, and .tif among others. Many of the image files, we're guessing, are license plate captures."
Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online
The Register, 23 May 2019

"The use of "dystopian" new facial recognition technology by British police is to be challenged in the courts for the first time. Liberty, the human rights group, has launched a case against South Wales police, the UK force which has pioneered technology capable of mapping faces and comparing them to a database in real time. Supporters claim facial recognition technology will boost the safety of citizens and could help police catch criminals and potential terrorists. Critics have labelled it "Orwellian" and say police have not been transparent about how it will use people's data."
Police use of 'Orwellian' facial recognition technology faces UK legal challenge
Telegraph, 21 May 2019

"UK Home Secretary Sajid Javid has announced an Espionage Bill, charging ahead with new laws intended to criminalise any British copycats of Edward Snowden – and allowing a future crackdown on Huawei. The bill, said Javid, "will bring together new and modernised powers, giving our security services the legal authority they need" to tackle foreign spies operating on UK soil. "The areas this work will consider includes whether we follow allies in adopting a form of foreign agent registration and how we update our Official Secrets Acts for the 21st century," the Home Secretary said at New Scotland Yard earlier today. He also called for new treason laws, which he said would be aimed at people who "betray" Britain, whether at home or abroad. Announced during a wide-ranging speech delivered to police and spy agency personnel at the Metropolitan Police's London HQ, few details were given about the proposed Espionage Bill's contents. Much more, however, can be found in a Law Commission consultation dating back to 2015, titled Protection of Official Data, and discussing what was then considered a potential future Espionage Bill. Although it was supposed to be published back in 2017, having been closed to new submissions years ago, the commission's final report on that bill has been stuck in limbo for the last two years. Now, it seems, we know why. Most of the commission's full consultation (a 326-page PDF accessible via the link above) is concerned with what the British state calls "unauthorised disclosures", as well as a truly obscene section (between PDF pages 146-149) discussing legal ways and means of letting state prosecutors carry out "authorised checks" on juries sitting in national security and terrorism cases. These, it is stated, should be done with a view to throwing out any jurors who might return the wrong verdict by sympathising with the accused."
UK's planned Espionage Act will crack down on Snowden-style Brit whistleblowers, suspected backdoored gear (cough, Huawei)
The Register, 20 May 2019

"Civil Liberties Activists trying to inspire alarm about the authoritarian potential of facial recognition technology often point to China, where some police departments use systems that can spot suspects who show their faces in public. A report from Georgetown researchers on Thursday suggests Americans should also focus their concern closer to home. The report says agencies in Chicago and Detroit have bought real-time facial recognition systems. Chicago claims it has not used its system; Detroit says it is not using its system currently. But no federal or state law would prevent use of the technology. According to contracts obtained by the Georgetown researchers, the two cities purchased software from a South Carolina company, DataWorks Plus, that equips police with the ability to identify faces from surveillance footage in real time. A description on the company’s website says the technology, called FaceWatch Plus, “provides continuous screening and monitoring of live video streams.” DataWorks confirmed the existence of the systems, but did not elaborate further. Facial recognition has long been used on static images to identify arrested suspects and detect driver’s license fraud, among other things. But using the technology with real-time video is less common. It has become practical only through recent advances in AI and computer vision, although it remains significantly less accurate than facial recognition under controlled circumstances. Privacy advocates say ongoing use of the technology in this way would redefine the traditional anonymity of public spaces. “Historically we haven’t had to regulate privacy in public because it’s been too expensive for any entity to track our whereabouts,” says Evan Selinger, a professor at the Rochester Institute of Technology. “This is a game changer.”"
Cities Are Adopting Real-Time Facial Surveillance Systems
Technocracy News and Trends, 20 May 2019

"Among the mega-corporations that surveil you, your cellphone carrier has always been one of the keenest monitors, in constant contact with the one small device you keep on you at almost every moment. A confidential Facebook document reviewed by The Intercept shows that the social network courts carriers, along with phone makers — some 100 different companies in 50 countries — by offering the use of even more surveillance data, pulled straight from your smartphone by Facebook itself. Offered to select Facebook partners, the data includes not just technical information about Facebook members’ devices and use of Wi-Fi and cellular networks, but also their past locations, interests, and even their social groups. This data is sourced not just from the company’s main iOS and Android apps, but from Instagram and Messenger as well. The data has been used by Facebook partners to assess their standing against competitors, including customers lost to and won from them, but also for more controversial uses like racially targeted ads. Some experts are particularly alarmed that Facebook has marketed the use of the information — and appears to have helped directly facilitate its use, along with other Facebook data — for the purpose of screening customers on the basis of likely creditworthiness. Such use could potentially run afoul of federal law, which tightly governs credit assessments. Facebook said it does not provide creditworthiness services and that the data it provides to cellphone carriers and makers does not go beyond what it was already collecting for other uses. Facebook’s cellphone partnerships are particularly worrisome because of the extensive surveillance powers already enjoyed by carriers like AT&T and T-Mobile: Just as your internet service provider is capable of watching the data that bounces between your home and the wider world, telecommunications companies have a privileged vantage point from which they can glean a great deal of information about how, when, and where you’re using your phone. AT&T, for example, states plainly in its privacy policy that it collects and stores information “about the websites you visit and the mobile applications you use on our networks.” Paired with carriers’ calling and texting oversight, that accounts for just about everything you’d do on your smartphone."
Thanks to Facebook, Your Cellphone Company Is Watching You More Closely Than Ever
The Intercept, 20 May 2019

"Cars produced today are essentially smartphones with wheels. For drivers, this has meant many new features: automatic braking, turn-by-turn directions, infotainment. But for all the things we’re getting out of our connected vehicles, carmakers are getting much, much more: They’re constantly collecting data from our vehicles. Today’s cars are equipped with telematics, in the form of an always-on wireless transmitter that constantly sends vehicle performance and maintenance data to the manufacturer. Modern cars collect as much as 25 gigabytes of data per hour, the consulting firm McKinsey estimates, and it’s about much more than performance and maintenance. Cars not only know how much we weigh but also track how much weight we gain. They know how fast we drive, where we live, how many children we have — even financial information. Connect a phone to a car, and it knows who we call and who we text. But who owns and, ultimately, controls that data? And what are carmakers doing with it? The issue of ownership is murky. Drivers usually sign away their rights to data in a small-print clause buried in the ownership or lease agreement. It’s not unlike buying a smartphone. The difference is that most consumers have no idea vehicles collect data. We know our smartphones, Nests and Alexas collect data, and we’ve come to accept an implicit contract: We trade personal information for convenience. With cars, we have no such expectation."
Your Car Knows When You Gain Weight
New York Times, 20 May 2019

"Google has been quietly keeping track of nearly every single online purchase you’ve ever made, thanks to purchase receipts sent to your personal Gmail account, according to a new report today from CNBC. Even stranger: this information is made available to you via a private web tool that’s been active for an indeterminate amount of time.....Google, like Facebook, knows an immense amount of information about you, your personal habits, and, yes, what you buy on the internet. And like the social network it dominates the online advertising industry alongside, Google gets this information mostly through background data collection using methods and tools its users may not be fully aware of, like Gmail purchase receipts."
Google has been tracking nearly everything you buy online — see for yourself with this tool
The Verge, 17 May 2019

"Google tracks a lot of what you buy, even if you purchased it elsewhere, like in a store or from Amazon. Last week, CEO Sundar Pichai wrote a New York Times op-ed that said “privacy cannot be a luxury good.” But behind the scenes, Google is still collecting a lot of personal information from the services you use, such as Gmail, and some of it can’t be easily deleted. A page called “Purchases ” shows an accurate list of many — though not all — of the things I’ve bought dating back to at least 2012. I made these purchases using online services or apps such as Amazon, DoorDash or Seamless, or in stores such as Macy’s, but never directly through Google. But because the digital receipts went to my Gmail account, Google has a list of info about my buying habits. Google even knows about things I long forgot I’d purchased... "
Google uses Gmail to track a history of things you buy — and it’s hard to delete
CNBC, 17 May 2019

"As San Francisco’s Board of Supervisors prepared to vote Tuesday on an ordinance forbidding city agencies to use facial recognition technology, some proponents of the measure were uncertain if they had the necessary support. Two of the legislators who were for it had called in sick. But Brian Hofer, a paralegal who had drafted the ordinance, seemed unfazed. Sitting in the back of a chamber in City Hall, he wrote and rewrote a draft of a post for Twitter in which he would proclaim victory after the ban passed.... Mr. Hofer is little known outside California, but his anti-surveillance measures have been making waves in the state. He successfully pressed the Northern California cities of Richmond and Berkeley, which have sanctuary policies, to end their contracts with tech companies like Amazon and Vigilant Solutions that do business with Immigration and Customs Enforcement. In Santa Clara County, in Oakland and elsewhere, he has secured transparency laws around surveillance technology. His campaigns are just beginning. In Berkeley and Oakland, Mr. Hofer is pushing for more facial recognition bans. He has two additional privacy proposals winding their way through the state’s legislative process, focused on reining in surveillance technology. And he is establishing a nonprofit, Secure Justice, that will grapple with technology issues. “My primary concern is when the state abuses its power, and because of the age we live in, it’s probably going to occur through technology and data mining,” Mr. Hofer said. “That’s where I see the most potential harm occurring. So I just wanted to jump right in.”... Mr. Hofer started to hold technology accountable in 2014 when he heard about a new surveillance system in Oakland. The system, the Domain Awareness Center, was designed to aggregate data from security cameras, license plate readers, gunshot detectors and other technology....Mr. Hofer took on a range of anti-surveillance initiatives. He began drafting legislation that would force cities to be transparent about the surveillance systems they deployed, or to cut technological ties with ICE. He said he did not consider himself anti-tech and was just trying to prevent the authorities from abusing the power of technology. The facial recognition bans are Mr. Hofer’s latest cause, partly because he sees an opportunity to cut off the technology before it becomes widespread and entrenched, he said. “On balance, it’s such a dramatic shift in power that for the first time, aggressively, I want to say this is where we draw the line,” said Mr. Hofer, who worked with the American Civil Liberties Union and others to push the San Francisco ordinance through.Last Thanksgiving, Mr. Hofer experienced the surveillance technology he has been examining firsthand. Police officers in Contra Costa County, using an automated license plate reader tool, pulled him over and accused him of stealing the rental car he was driving. Mr. Hofer said he had recognized the tool — it was made by Vigilant Solutions, a target of his sanctuary city ordinances. “It showed me the real-world consequences of these sometimes speculative, hypothetical arguments that I’ve been making,” he said. Eventually, the officers realized that the car had been stolen months earlier and that, when it was recovered, its plates were not removed from a list of stolen vehicles, Mr. Hofer said. He was released and is suing the Contra Costa County sheriff’s department, claiming civil rights violations. On Tuesday, Catherine Stefani was the lone supervisor to vote against the ban, which passed 8 to 1. The legislation was “well intentioned” but required more work before it could be put into effect, she said. She worried that city departments would need to hire new staff to manage the transparency requirements and that the ordinance would create budget problems. After the vote, Mr. Hofer and other supporters huddled in the hallway to debrief. He sent his victory tweet, crediting Mr. Peskin for championing the ban and noting that it was the first of its kind. Matt Cagle, an attorney with the A.C.L.U. who worked with Mr. Hofer on the ordinance, said he had already received phone calls from regulators across the country who were curious about it. “The desire not to be tracked when you walk down the street or watch-listed by a secret algorithm, these are shared values across the United States,” Mr. Cagle said. “We fully expect this vote and this ordinance to inspire other communities to take control of these important decisions.”
The Man Behind San Francisco’s Facial Recognition Ban Is Working on More. Way More.
New York Times, 15 May 2019

"An Israeli firm accused of supplying tools for spying on human-rights activists and journalists now faces claims that its technology can use a security hole in WhatsApp, the messaging app used by 1.5 billion people, to break into the digital communications of iPhone and Android phone users. Security researchers said they had found so-called spyware — designed to take advantage of the WhatsApp flaw — that bears the characteristics of technology from the company, the NSO Group. WhatsApp engineers worked around the clock to patch the vulnerability and released a patch on Monday. They encouraged customers to update their apps as quickly as possible.....The spyware was used to break into the phone of a London lawyer who has been involved in lawsuits that accused the company of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists, the researchers said. There may have been other targets, they said. Digital attackers could use the vulnerability to insert malicious code and steal data from an Android phone or an iPhone simply by placing a WhatsApp call, even if the victim did not pick up the call. As WhatsApp’s engineers examined the vulnerability, they concluded that it was similar to other tools from the NSO Group, because of its digital footprint. The lawyer, who spoke on the condition of anonymity because he feared retribution, said he had grown suspicious that his phone had been hacked when he started missing WhatsApp video calls from Norwegian telephone numbers at odd hours. The lawyer contacted Citizen Lab at the Munk School of Global Affairs at the University of Toronto, which has helped uncover the use of NSO Group products in attacks on journalists, dissidents and activists. Ten days ago, as Citizen Lab was looking into the incident, engineers at WhatsApp discovered what they described as abnormal voice calling activity on their systems, said a WhatsApp employee familiar with the investigation, who spoke on the condition of anonymity because the investigation was continuing. WhatsApp alerted human-rights organizations about the threat and learned from Citizen Lab that the vulnerability had been used to target the lawyer. WhatsApp said it had alerted the Justice Department to the attack. The WhatsApp flaw was first reported Monday by The Financial Times. The products of the NSO Group, which operated in secret for years, were found in 2016 as part of a spying campaign on the iPhone of a now-jailed human-rights activist in the United Arab Emirates through undisclosed Apple security vulnerabilities. Since then, the NSO Group’s spyware has been found on the iPhones of journalists, dissidents and even nutritionists. The company has long advertised that its products are sold to government agencies solely for fighting terrorism and aiding law enforcement investigations. The NSO Group said in a statement on Monday that its spyware was strictly licensed to government agencies and that it would investigate any “credible allegations of misuse.” The company said it would not be involved in identifying a target for its technology, including the lawyer at the center of the latest accusations. NSO’s response is consistent with previous responses from the Israeli firm, which claims to have an in-house ethics committee that decides whether or not to sell to countries based on their human-rights records. But increasingly, NSO’s spyware has been discovered in use by governments with questionable human-rights records like the United Arab Emirates, Saudi Arabia and Mexico. The Israeli company sold a stake to Novalpina, a British private equity firm, in a leveraged buyout deal last year that valued it at nearly $1 billion."
Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists|
New York Times, 13 May 2019

"A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said. WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function. The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack. WhatsApp is too early into its own investigations of the vulnerability to estimate how many phones were targeted using this method, a person familiar with the issue said. As late as Sunday, as WhatsApp engineers raced to close the loophole, a UK-based human rights lawyer’s phone was targeted using the same method. Researchers at the University of Toronto’s Citizen Lab said they believed that the spyware attack on Sunday was linked to the same vulnerability that WhatsApp was trying to patch. NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data. NSO advertises its products to Middle Eastern and Western intelligence agencies, and says Pegasus is intended for governments to fight terrorism and crime. NSO was recently valued at $1bn in a leveraged buyout that involved the UK private equity fund Novalpina Capital. In the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones.... Amnesty International, which identified an attempt to hack into the phone of one its researchers, is backing a group of Israeli citizens and civil rights group in a filing in Tel Aviv asking the ministry of defence to cancel NSO’s export licence. “NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” said Danna Ingleton, deputy director of Amnesty Tech. “The Israeli ministry of defence has ignored mounting evidence linking NSO Group to attacks on human rights defenders. As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International’s staff and that of other activists, journalists and dissidents around the world is at risk."”
WhatsApp voice calls used to inject Israeli spyware on phones
Financial Times, 13 May 2019

"In a very short time, China’s surveillance capability has become immensely sophisticated and now extends beyond keeping tabs on political dissidents to developing a system for monitoring the behavior of the entire population. You could, in fact, argue that the technologies that once promised to be a liberating force are now just as easily deployed to stifle dissent, entrench authoritarianism and shame and prosecute those the Orwellian government of President Xi Jinping deems out of line..... While we once hoped the internet would deliver us freedom of expression, the ability to communicate freely across borders and even be a channel for dissenting views, we now see the very opposite is occurring. Worse, the Chinese model is now being exported. Wired magazine has reported that China is “exporting its techno-dystopian model to other counties … Since January 2017, Freedom House counted 38 countries where Chinese firms have built internet infrastructure, and 18 countries using AI surveillance developed by the Chinese.” The scale of China’s domestic surveillance apparatus is extraordinary. The country is in the process of developing a “social credit” system which has been described as Big Brother, Black Mirror and every dystopian future sci-fi writers have ever dreamed up all rolled into one, and which is due to be operational next year. The social credit system will enable the government and others to access details of people’s behavior, rate them and make them publicly available. The potential to “name and shame” people for minor lapses such as late-paying of bills is obvious but so is the way such ratings could also be employed to deny citizens employment or to justify detaining them for political reasons. Both in the west and in China, the use of the internet to track individuals is facilitating oppression and paving the way towards authoritarianism. The scale of China’s domestic surveillance apparatus is extraordinary. The country is in the process of developing a “social credit” system which has been described as Big Brother, Black Mirror and every dystopian future sci-fi writers have ever dreamed up all rolled into one, and which is due to be operational next year....What is happening in Orwellian China today is a warning to us in the west that the freedoms we have so blithely taken for granted are already being compromised...."
Is Chinese-style surveillance coming to the west?
Guardian, 7 May 2019

"Apple CEO Tim Cook is calling out fellow tech industry titans for violating users’ privacy rights and expressing concern about he much time iPhone customers and their children are spending using Apple products. Cook also mentioned Facebook and Google after criticizing sites that sell people’s data, saying such sites can obtain more information in secret than a ‘peeping Tom.’ His highly-critical comments were made during an exclusive ABC News interview with Diane Sawyer that aired on Friday. ....Cook previously denounced Facebook and other tech companies for hoarding ‘industrial’ amounts of users’ private data during a privacy conference at the European Parliament in Brussels in October.  He characterized the issue of online privacy as a ‘crisis’ on Friday. ‘Privacy in itself has become a crisis. I think it’s a crisis,’ he said."
Apple CEO Tim Cook slams ‘Peeping Tom’ website
Infosurhoy, 7 May 2019

"Apple CEO Tim Cook called online privacy a "crisis" in an interview with ABC News, reaffirming the company's stance on privacy as companies like Facebook and Google have come under increased scrutiny regarding their handling of consumer data. "Privacy in itself has become a crisis," Cook told ABC's Diane Sawyer. "It's of that proportion — a crisis." Unlike companies such as Google and Facebook, Apple's business isn't focused on advertising, and therefore it does not benefit from collecting data to improve ad targeting. "You are not our product," he said. "Our products are iPhones and iPads. We treasure your data. We wanna help you keep it private and keep it safe." Cook cited the vast amount of personal information available online when explaining why privacy has become such an important issue to address. "The people who track on the internet know a lot more about you than if somebody's looking in your window," he said. "A lot more." "
Apple CEO Tim Cook says digital privacy 'has become a crisis'
Business Insider, 4 May 2019

"The intelligence community’s annual transparency report revealed a spike in the number of warrantless searches of Americans’ data in 2018. The data, published Tuesday by the Office of the Director of National Intelligence (ODNI), revealed a 28% rise in the number of targeted search terms used to query massive databases of collected Americans’ communications. Some 9,637 warrantless search queries of the contents of Americans’ calls, text messages, emails and other communications were conducted by the NSA during 2018, up from 7,512 searches on the year prior, the report said....The NSA conducts these searches under its so-called Section 702 powers, reauthorized in 2018 despite heated opposition by a bipartisan group of pro-privacy senators. These powers allow the NSA to collect intelligence on foreigners living overseas by tapping into the phone networks and undersea cables owned by U.S. phone companies. The powers also allow the government to obtain data in secret from U.S. tech companies. But the massive data collection effort also inadvertently vacuums up Americans’ data, who are typically protected from unwarranted searches under the Fourth Amendment. The report also noted a 27% increase in the number of foreigners whose communications were targeted by the NSA during the year. In total, an estimated 164,770 foreign individuals or groups were targeted with search terms used by the NSA to monitor their communications, up from 129,080 on the year prior. It’s the largest year-over-year leap in foreign surveillance to date. The report also said the NSA collected at most 434.2 million phone records on Americans, down from 534.3 million records on the year earlier. The government said the figures likely had duplicates. The phone records collection program was the first classified NSA program disclosed by whistleblower Edward Snowden, which revealed a secret court order compelling Verizon — which owns TechCrunch — to turn over daily phone records on millions of Americans. The program was later curtailed following the introduction of the Freedom Act. Earlier this month, the NSA reportedly asked the White House to end the program altogether, citing legal troubles. Despite the apparent rollback of the program, the NSA still reported 164,770 queries of Americans’ phone records, more than a five-fold increase on the year earlier. Last week, the Trump administration revealed it had been denied 30 surveillance applications by the Foreign Intelligence Surveillance Court, a specialist closed-door court that grants the government authority to spy inside the U.S., where surveillance is typically prohibited. Since figures were made available in 2015 following the Edward Snowden disclosures, the number of denials has trended upwards."
NSA says warrantless searches of Americans’ data rose in 2018
TechCrunch, 30 April 2019

"In a blow to consumers' privacy, the addresses and demographic details of more than 80 million US households were exposed on an unsecured database stored on the cloud, independent security researchers have found. The details included names, ages and genders as well as income levels and marital status. The researchers, led by Noam Rotem and Ran Locar, were unable to identify the owner of the database, which until Monday was online and required no password to access. Some of the information was coded, like gender, marital status and income level. Names, ages and addresses were not coded. The data didn't include payment information or Social Security numbers. The 80 million households affected make up well over half of the households in the US, according to Statista.... It's one more example of a widespread problem with cloud data storage, which has revolutionized how we store valuable information. Many organizations don't have the expertise to secure the data they keep on internet-connected servers, resulting in repeated exposures of sensitive data. Earlier in April, a researcher revealed that patient information from drug addiction treatment centers was exposed on an unsecured database. Another researcher found a giant cache of Facebook user data stored by third-party companies on another database that was publicly visible.... The cache of demographic information included data about adults aged 40 and older. Many people listed are elderly, which Rotem said could put them at risk from scammers tempted to use the information to try to defraud them."
Cloud database removed after exposing details on 80 million US households
Cnet, 29 April 2019

"Eyeing that can of soda in the supermarket cooler? Or maybe you're craving a pint of ice cream? A camera could be watching you. But it's not there to see if you're stealing. These cameras want to get to know you and what you're buying. It's a new technology being trotted out to retailers, where cameras try to guess your age, gender or mood as you walk by. The intent is to use the information to show you targeted real-time ads on in-store video screens. Companies are pitching retailers to bring the technology into their physical stores as a way to better compete with online rivals like Amazon that are already armed with troves of information on their customers and their buying habits. With store cameras, you may not even realize you are being watched unless you happen to notice the penny-sized lenses. And that has raised concerns over privacy. "The creepy factor here is definitely a 10 out of 10," said Pam Dixon, the executive director of the World Privacy Forum, a nonprofit that researches privacy issues....Jon Reily, vice president of commerce strategy at consultancy Publicis.Sapient, said retailers risk offending customers who may be shown ads that are aimed at a different gender or age group. Nonetheless, he expects the embedded cameras to be widely used in the next four years as the technology gets more accurate, costs less and shoppers become used to it. For now, he said, "we are still on the creepy side of the scale."
Kroger, Walgreens testing cameras that guess your age, sex
Associated Press, 23 April 2019

"The US immigration system was designed to track who comes into the country, not who leaves. For more than two decades, authorities have been trying to find an effective way to keep tabs on departing foreigners—and those who overstay their visas. US Customs and Border Protection (CBP) now says it’s found a solution: facial recognition. It expects to be able to scan 97% of commercial passengers within the next four years, according to a report released by the Department of Homeland Security today.... Critics say this CBP use of artificial intelligence is an invasion to privacy. They worry about how the information could be used. CBP says the images are encrypted and that it only keeps them for a brief period of time."
The US wants to scan the faces of all air passengers leaving the country
Quartz, 17 April 2019

"If you're one of the millions of people with a Google account, you have a Google Maps Timeline. It might be blank — it's tied to the Location History setting that caused more confusion than needed because of its name, and it checks in periodically on every mobile device tied to your account once you've agreed and opted in. For some people, this is helpful for things like calculating mileage, for others, it may be a cool thing to see where you've been. For law enforcement, though, it's become a way to cast a very wide net when looking to see just who might have been around during a crime according to an eye-opening piece by the New York Times. It's not a foolproof way to catch the bad guys and a lot of the details about how officials can use the information is a bit cryptic. But a recent case in Phoenix sheds a little light on how the service is being used, or abused, depending on your point of view. Google, like every company in the U.S., has to provide any information that is accompanied by a lawful subpoena. The company has a fairly good history of fighting these subpoenas, but in the end, a lot of data gets handed over when requested. Google's database of where you've been, internally known as Sensorvault, helps the company show you location based interests and ads. A new breed of warrant, which the NYT aptly calls geofence warrants, taps into the Sensovault database in a way that would make the framers of the fourth amendment shiver. Law enforcement can take the location and time of a crime and have Google tell them who was in the area. Google has a novel way to attempt to anonymize the data — the company provides a set of tokens that portray an account that police can track and then ask for more precise and identifying data for the ones that fit the scope of an investigation based on other evidence, such as video or eye-witnesses. The case profiled by the Times shows how this can backfire — a man who lent his car to a person who committed a crime and was unlucky enough to be in the vicinity when it was committed was arrested and spent a week in jail as a suspect in a murder case."
Police are using the Google Maps Timeline to collect location information for cases
Android Central, 14 April 2019

"Sneezes and homophones – words that sound like other words – are tripping smart speakers into allowing strangers to hear recordings of your private conversations. These strangers live an eerie existence, a little like the Stasi agent in the movie The Lives of Others. They're contracted to work for the device manufacturer – machine learning data analysts – and the snippets they hear were never intended for third-party consumption. Bloomberg has unearthed the secrets of Amazon's analysts in Romania, reporting on their work for the first time. "A global team reviews audio clips in an effort to help the voice-activated assistant respond to commands," the newswire wrote. Amazon has not previously acknowledged the existence of this process, or the level of human intervention. The Register asked Apple, Microsoft and Google, which all have smart search assistants, for a statement on the extent of human involvement in reviewing these recordings – and their retention policies. None would disclose the information by the time of publication."
As Alexa's secret human army is revealed, we ask: Who else has been listening in on you?
Register, 11 April 2019

"China has quite the reputation for monitoring its citizens, and it feels like various parts of the country are constantly figuring out new ways to use gadgets to that end — RFID chips in cars, facial recognition sunglasses, and location-tracking uniforms for students each made headlines in the past year. Now, you can add sanitation workers with GPS-equipped tracking bracelets to the list. On April 3rd, news broke that sanitation workers in Nanjing, China’s Hexi district were being required to wear GPS-tracking smart bracelets to not only monitor their location at all times, but audibly prod them if they stopped moving for more than 20 minutes. Just one day later, the South China Morning Post reports, public pressure had mounted to the point that the local sanitation company decided to walk things back a bit — but only by removing the most obnoxious part of the system. Now, the bracelets will no longer say “please continue working” if a worker decides to stay in one place, but they’ll reportedly still track workers just the same."
These Chinese sanitation workers have to wear location-tracking bracelets now
The Verge, 6 April 2019

"The European Commission is onboard with new road-safety regulations that will mandate that vehicles are equipped with life-saving tech, which it says could have as much impact as laws forcing car makers to install seat belts. The new laws would require auto-makers to equip new vehicles with cameras and sensors to control speed, assist drivers with lane keeping and reversing, and monitor drowsiness and distractions from smartphones.  The laws would also mandate that cars, vans, trucks and buses are equipped with an aircraft-like 'blackbox' to retain data about accidents after they occur.  Safety features covered under the proposal are already available in many luxury models from the likes of Tesla and BMW, but the rules would force manufacturers to include them in cheaper vehicles, too.... As per The Guardian, despite Brexit, the UK intends to adopt the EU regulations if they're approved, which is likely to happen at the European Parliament in September. The speed limiter, known as intelligent speed adaption (ISA), relies on GPS and online maps to restrict the speed of a vehicle to the road speed limit.... The cameras would also detect if a driver is distracted, monitoring for example whether they're looking at a smartphone rather than keeping their eyes on the road."
Mandatory speed limiters for all cars: Europe just agreed to change driving forever
ZDNet, 27 March 2019

"Speed limiting technology looks set to become mandatory for all vehicles sold in Europe from 2022, after new rules were provisionally agreed by the EU. The Department for Transport said the system would also apply in the UK, despite Brexit. The idea that cars will be fitted with speed limiters - or to put it more accurately, "intelligent speed assistance" - is likely to upset a lot of drivers. Many of us are happy to break limits when it suits us and don't like the idea of Big Brother stepping in... Under the ISA system, cars receive information via GPS and a digital map, telling the vehicle what the speed limit is. This can be combined with a video camera capable of recognising road signs.....Safety measures approved by the European Commission included intelligent speed assistance (ISA), advanced emergency braking and lane-keeping technology.... Under the ISA system, cars receive information via GPS and a digital map, telling the vehicle what the speed limit is. This can be combined with a video camera capable of recognising road signs. It's already coming into use. Ford, Mercedes-Benz, Peugeot-Citroen, Renault and Volvo already have models available with some of the ISA technology fitted."
Road safety: UK set to adopt vehicle speed limiters
BBC Online, 27 March 2019

"About 1,600 people have been secretly filmed in motel rooms in South Korea, with the footage live-streamed online for paying customers to watch, police said Wednesday. Two men have been arrested and another pair investigated in connection with the scandal, which involved 42 rooms in 30 accommodations in 10 cities around the country. Police said there was no indication the businesses were complicit in the scheme. In South Korea, small hotels of the type involved in this case are generally referred to as motels or inns. Cameras were hidden inside digital TV boxes, wall sockets and hairdryer holders and the footage was streamed online, the Cyber Investigation Department at the National Police Agency said in a statement. The site had more than 4,000 members, 97 of whom paid a $44.95 monthly fee to access extra features, such as the ability to replay certain live streams. Between November 2018 and this month, police said, the service brought in upward of $6,000. "There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet," police said. South Korea has a serious problem with spy cameras and illicit filming. In 2017, more than 6,400 cases of illegal filming were reported to police, compared to around 2,400 in 2012. Last year, tens of thousands of women took to the streets of Seoul and other cities to protest against the practice and demand action, under the slogan "My Life is Not Your Porn." In response, Seoul launched a special squad of women inspectors who have been conducting regular inspections of the city's 20,000 or so public toilets to search for spy cameras, though some critics have denounced the move as a superficial response to a societal issue."
Hundreds of motel guests were secretly filmed and live-streamed online
CNN, 21 March 2019

"Tim Berners-Lee is credited with creating the World Wide Web March 12, 1989, which means this week it hits its 30th birthday. Monday, the eve of the anniversary, Berners-Lee spoke to a group of reporters, according to AFP, discussing the flaws surrounding his invention, such as misinformation, scams and cybercrime, and the struggle for control over personal data. "You should have complete control of your data. It's not oil. It's not a commodity," Berners-Lee told reporters at CERN, according to AFP. Berners-Lee predicted a grim reality if the public becomes disengaged in the battle for privacy protection. "There is a possible future you can imagine (in which) your browser keeps track of everything that you buy," Berners-Lee warns. He continues by saying in this situation, browsers will hold more information than Amazon. In response to the growing personal data concern, where information could be bought or sold without consent from the owner, Berners-Lee spearheaded the Solid project. “Solid empowers users and organizations to separate their data from the applications that use it. It allows people to look at the same data with different apps at the same time. It opens brand new avenues for creativity, problem-solving, and commerce,” according to project’s website. Users will be able to decide, according to AFP, key factors like where and how they would share their own data. However, during Berners-Lee’s Monday talk with reporters, he expressed the most sensitive of data, like genetic information, would need help from legislation for robust protection. "Sometimes it has to be legislation which says personal data, you know, genetic data, should never be used," Berners-Lee says."
The Web Turns 30, and Its Inventor Strives to Protect Your Personal Data
ECN, 13 March 2019

"Philadelphia is the first major U.S. city to ban cashless stores, placing it at the forefront of a debate that pits retail innovation against lawmakers trying to protect all citizens’ access to the marketplace. Starting in July, Philadelphia’s new law will require most retail stores to accept cash. A New York City councilman is pushing similar legislation there, and New Jersey’s legislature recently passed a bill banning cashless stores statewide. A spokesman for New Jersey Gov. Phil Murphy, a Democrat, declined to comment..."
Philadelphia Is First U.S. City to Ban Cashless Stores
Wall St Journal, 7 March 2019

"The National Security Agency is preparing to potentially abandon a controversial surveillance program exposed by former intelligence contractor Edward Snowden, the agency’s director indicated. Paul Nakasone, head of both the NSA and U.S. Cyber Command, vaguely discussed the future of the government’s once-secretive system for obtaining and analyzing domestic telephone records, or metadata, in light of a senior congressional aide recently claiming that it was quietly suspended. “We are in a deliberative process right now,” Mr. Nakasone said Wednesday at the RSA security conference in San Francisco, attendees reported. “We’ll work very, very closely with the administration and Congress to make recommendations on what authority should be reauthorized.” Following the terrorist attacks of Sept. 11, 2001, the NSA began secretly ordering U.S. telecommunication companies to give the government copies of metadata detailing effectively every call and text placed over domestic networks. The efforts were made public through documents leaked to the media by Mr. Snowden in 2013 prior to being significantly reformed through legislation passed by Congress in 2015, the USA Freedom Act, slated to sunset at the end of the year. Luke Murry, a national security adviser to House Minority Leader Kevin McCarthy, California Republican, said during an interview last week that the NSA stopped using the system six months earlier and that it is not guaranteed to be reauthorized by Congress before expiring. NSA representatives previously declined to comment on Mr. Murry’s remarks. Mr. Nakasone said he was “aware” of related reporting on Wednesday but neither confirmed nor denied whether the surveillance program is currently operational, The Daily Beast reported. The Justice Department brought criminal charges against Mr. Snowden, 35, shortly after he identified himself as the source of leaked NSA documents published by news outlets in 2013. He was charged while traveling abroad, granted political asylum by Russia and has not returned."
NSA in 'deliberate process' over future of surveillance program, says spy chief
Washington Times, 7 March 2019

"Is technological progress bad for human autonomy? That’s the question posed by Shoshana Zuboff in “The Age of Surveillance Capitalism,” a book that recounts the ways in which corporations and governments are using technology to influence our behavior. Zuboff is just the latest to chime in on “totalitarian technology” (or “total tech”), a term that describes devices and algorithms by which individuals forfeit their privacy and autonomy for the benefit of either themselves or some third party. In the United States, total tech can be sorted into three different categories, or “spheres” of life: consumer services, the workplace, and government and politics. Total tech is pervasive in the increasingly data-driven world of retail. Many shopping apps tap into your phone’s GPS to access your location, allowing retailers to send you advertisements the moment you’re walking past their storefront. Personalized pricing enables retailers to charge you the exact maximum that you would be willing to pay for a given product. Your personal data isn’t safe at home, either: Digital assistants like Amazon Alexa store your query history, meaning they know everything from your unique shopping history to your travel patterns to your music preferences. Employers are also using total tech to track and monitor their workers. A growing number of companies use biometric time cards that scan an employee’s fingerprint, hand shape, retina, or iris. UPS outfits its trucks with sensors that track the opening and closing of doors, the engine of the vehicle, and the clicking of seat belts. Amazon is patenting an electronic wristband that would be used to track hand movements—making sure, for instance, that a warehouse worker stays busy moving boxes. Global freelancing platform Upwork runs a digital “Work Diary” program that counts keystrokes and takes screenshots of workers’ monitors. Uptake of total tech has been particularly striking in government and politics. The New Orleans Police Department runs a “predictive policing” program that uses Big Data to compile a heat list of potential criminal offenders. The TSA operates its own total tech program, called Quiet Skies, which monitors and flags travelers based on “suspicious” behavior patterns. Travelers can land themselves on the Quiet Skies list by changing their clothes in the restroom, being the last person to board their flight, or even inspecting their reflection in a terminal window. More nefariously, software developed at Stanford University enables anyone to manipulate video footage in real time. Now, anyone with a grudge could alter the facial expressions of a prominent politician making a speech, and then dub in new audio that completely changes the speech’s contents. Abroad, China is the poster child for extreme total tech programs. By 2020, China’s “social credit system” will monitor the behavior of each and every citizen, keeping tabs on everything from speeding tickets to social media posts critical of the state. Everyone will then be assigned their own unique “sincerity score”; a high score will be a requirement for anyone hoping to get the best housing, install the fastest Internet speeds, put their kids into the most prestigious schools, and land the most lucrative jobs."
The Rise Of Totalitarian Technology
Forbes, 6 March 2019

"The Mail Cover Program allows postal employees to photograph and send to federal law enforcement organizations (FBI, DHS, Secret Service, etc.) the front and back of every piece of mail the Post Office processes. It also retains the information digitally and provides it to any government agency that wants it—without a warrant. In 2015, the USPS Inspector General issued a report saying that, “Agencies must demonstrate a reasonable basis for requesting mail covers, send hard copies of request forms to the Criminal Investigative Service Center for processing, and treat mail covers as restricted and confidential…A mail cover should not be used as a routine investigative tool. Insufficient controls over the mail cover program could hinder the Postal Inspection Service’s ability to conduct effective investigations, lead to public concerns over privacy of mail, and harm the Postal Service’s brand.” Not only were the admonitions ignored, the mail cover program actually expanded after the report’s release. Indeed, in the months after that report was issued, there were 6,000 requests for mail cover collection. Only 10 were rejected, according to the Feb. 2019 edition of Prison Legal News (P.34-35) . I have some personal experience with the Mail Cover Program. I served 23 months in prison for blowing the whistle on the CIA’s illegal torture program. After having been locked up for two months, I decided to commission a card from a very artistically-inclined prisoner for my wife’s 40th birthday. I sent it about two weeks early, but she never received it. Finally, about four months later, the card was delivered back to me with a yellow “Return to Sender – Address Not Known” sticker on it. But underneath that sticker was a second yellow sticker. That one read, “Do Not Deliver. Hold For Supervisor. Cover Program.” Why was I under Postal Service Surveillance? I have no idea. I had had my day in court. The case was over. But remember, the Postal Service doesn’t have to answer to anybody – my attorneys, my judge, even its own Inspector General. It doesn’t need a warrant to spy on me (or my family) and it doesn’t have to answer even to a member of Congress who might inquire as to why the spying was happening in the first place. The problem is not just the sinister nature of a government agency (or quasi-government agency) spying on individuals with no probable cause or due process, although those are serious problems. It’s that the program is handled so poorly and so haphazardly that in some cases surveillance was initiated against individuals for no apparent law enforcement reason and that surveillance was initiated by Postal Service employees not even authorized to do so. Again, there is no recourse because the people under surveillance don’t even know that any of this is happening. Perhaps an even more disturbing aspect of the program is the fact that between 2000 and 2012, the Postal Service initiated an average of 8,000 mail cover requests per year. But in 2013, that number jumped to 49,000. Why? Nobody knows and the Postal Service doesn’t have to say. The question, though, is not how many cases are opened under the Mail Cover Program or even how many requests there are for the information. The real question is, “How is this constitutional?” Perhaps a secondary question is, “Why hasn’t anybody challenged the program in the courts?” In general, Americans don’t–or at least haven’t–objected to a gradual loss of civil liberties and constitutional rights. That has to stop. When even the Post Office is spying on you, you know the republic is in trouble."
JOHN KIRIAKOU: Neither Rain, Sleet, nor Snow Will Stop the Post Office From Spying on You
Consortium News, 28 February 2019

"A U.N. human rights expert has published a draft list of questions to measure countries’ privacy safeguards, a first step toward ranking the governments that are potentially doing the most snooping on their own citizens. Cannataci’s role investigating digital privacy was created by the council in 2015 after Edward Snowden’s revelations about U.S. surveillance, and he has strongly criticized surveillance activities by the United States and other countries. As the first person in the job, Cannataci set out an action plan for tackling the task and said he planned to take a methodical approach to monitoring surveillance and privacy laws to help him to decide which countries to investigate..... The last question asks: “Does your country have a police and/or intelligence service which systematically profiles and maintains surveillance on large segments of the population in a manner comparable to that of the STASI in the 1955-1990 GDR (East Germany)?” Any country answering “yes” to that would forfeit 1,000 points and should abolish its system and start again, he wrote."
How much does your government spy on you? U.N. may rank the snoopers
Reuters, 28 February 2019

"If you shop at Westfield, you’ve probably been scanned and recorded by dozens of hidden cameras built into the centres’ digital advertising billboards. The semi-camouflaged cameras can determine not only your age and gender but your mood, cueing up tailored advertisements within seconds, thanks to facial detection technology. Westfield’s Smartscreen network was developed by the French software firm Quividi back in 2015. Their discreet cameras capture blurry images of shoppers and apply statistical analysis to identify audience demographics. And once the billboards have your attention they hit record, sharing your reaction with advertisers. Quividi says their billboards can distinguish shoppers’ gender with 90% precision, five categories of mood from “very happy to very unhappy” and customers’ age within a five-year bracket. Surveillance fears grow after Taylor Swift uses face recognition tech on fans. Mood is a particularly valuable insight for advertisers, revealing shoppers’ general sentiment towards a brand and how they feel in particular stores at certain times of the day. Unlike gender and age, mood is harder to determine, sitting at around 80% accuracy. There are now more than 1,600 billboards installed into 41 Westfield centres across Australia and New Zealand. Scentre Group, Westfield Australia’s parent company, emphasises that all data collected is anonymous and that they are using facial detection, not facial recognition technology (FRT). This means generic information such as a shopper’s age and gender is collected rather than the technology using photo-matching databases to identify who customers are. A spokesperson would not confirm whether or not Westfield would consider using FRT in the future. Retail companies are increasingly turning to facial detection and facial recognition software to attract and engage a distracted audience. Quividi’s host of international clients include Telstra, 7-Eleven, Coca-Cola, oOH Media and HSBC bank. Terry Hartmann, vice president of Cognitec Asia Pacific, the company that develops “market-leading face recognition technologies for customers and government agencies around the world”, says using facial detection commercially is no different to Facebook’s manipulation of users’ online search history for targeted advertising. “You’re not identifying who that person is, you’re just identifying the characteristics of that person. That’s no different to Facebook popping up ads you might be interested in and social media picking up people based on their clicking habits or the shopping that they’ve done.” While facial detection could be considered relatively benign, it is a step closer to the more problematic FRT. Dr Dong Xu is the chair in computer engineering at the University of Sydney. He says that under optimum lighting and using high-quality photo data bases, FRT is more accurate than humans at identifying faces and can now recognise an individual from millions of photographs."
Are you being scanned? How facial recognition technology follows you, even as you shop
Guardian, 24 February 2019

"Now there is one more place where cameras could start watching you — from 30,000 feet. Newer seat-back entertainment systems on some airplanes operated by American Airlines, United Airlines and Singapore Airlines have cameras, and it’s likely they are also on planes used by other carriers. American, United and Singapore all said Friday that they have never activated the cameras and have no plans to use them. However, companies that make the entertainment systems are installing cameras to offer future options such as seat-to-seat video conferencing, according to an American Airlines spokesman. A passenger on a Singapore flight posted a photo of the seat-back display last week, and the tweet was shared several hundred times and drew media notice. Buzzfeed first reported that the cameras are also on some American planes. A United spokeswoman repeatedly told a reporter Friday that none of its entertainment systems had cameras before apologizing and saying that some did. Delta did not respond to repeated questions about some of its entertainment systems, which appear to be identical to those on American and United. The airlines stressed that they didn’t add the cameras — manufacturers embedded them in the entertainment systems. American’s systems are made by Panasonic, while Singapore uses Panasonic and Thales, according to airline representatives. Neither Panasonic nor Thales responded immediately for comment."
There Are Seat-Back Cameras On Some American And United Air Flights Now
Associated Press, 23 February 2019

"The Chinese government blocked 17.5 million would-be plane passengers from buying tickets last year as a punishment for offences including the failure to pay fines, it emerged. Some 5.5 million people were also barred from travelling by train under a controversial “social credit” system which the ruling Communist Party claims will improve public behaviour. The penalties are part of efforts by president Xi Jinping‘s government to use data-processing and other technology to tighten control on society. Human rights activists warn the system is too rigid and may lead to people being unfairly blacklisted without their knowledge, while US vice-president Mike Pence last year denounced it as “an Orwellian system premised on controlling virtually every facet of human life”."
China blocks 17.5 million plane tickets for people without enough 'social credit'
Independent, 22 February 2019

"It was a crowded primary field and Tony Evers, running for governor, was eager to win the support of officials gathered at a Wisconsin state Democratic party meeting, so the candidate did all the usual things: he read the room, he shook hands, he networked. Then he put an electronic fence around everyone there. The digital fence enabled Evers’ team to push ads onto the iPhones and Androids of all those attending the meeting. Not only that, but because the technology pulled the unique identification numbers off the phones, a data broker could use the digital signatures to follow the devices home. Once there, the campaign could use so-called cross-device tracking technology to find associated laptops, desktops and other devices to push even more ads. Welcome to the new frontier of campaign tech — a loosely regulated world in which simply downloading a weather app or game, connecting to Wi-Fi at a coffee shop or powering up a home router can allow a data broker to monitor your movements with ease, then compile the location information and sell it to a political candidate who can use it to surround you with messages. “We can put a pin on a building, and if you are in that building, we are going to get you,” said Democratic strategist Dane Strother, who advised Evers. And they can get you even if you aren’t in the building anymore, but were simply there at some point in the last six months. Campaigns don’t match the names of voters with the personal information they scoop up — although that could be possible in many cases. Instead, they use the information to micro-target ads to appear on phones and other devices based on individual profiles that show where a voter goes, whether a gun range, a Whole Foods or a town hall debate over Medicare. The spots would show up in all the digital places a person normally sees ads — whether on Facebook or an internet browser such as Chrome. As a result, if you have been to a political rally, a town hall, or just fit a demographic a campaign is after, chances are good your movements are being tracked with unnerving accuracy by data vendors on the payroll of campaigns. The information gathering can quickly invade even the most private of moments. Antiabortion groups, for example, used the technology to track women who entered waiting rooms of abortion clinics in more than a half dozen cities. RealOptions, a California-based network of so-called pregnancy crisis centers, along with a partner organization, had hired a firm to track cell phones in and around clinic lobbies and push ads touting alternatives to abortion. Even after the women left the clinics, the ads continued for a month. That effort ended in 2017 under pressure from Massachusetts authorities, who warned it violated the state’s consumer protection laws. But such crackdowns are rare. Data brokers and their political clients operate in an environment in which technology moves much faster than Congress or state legislatures, which are under pressure from Silicon Valley not to strengthen privacy laws. The RealOptions case turned out to be a harbinger for a new generation of political campaigning built around tracking and monitoring even the most private moments of people’s lives. “It is Orwellian,” said Los Angeles City Attorney Mike Feuer, whose office last month filed a lawsuit against the makers of the Weather Channel app, alleging that the app surreptitiously monitors where users live, work and visit 24-hours a day and sells the information to data brokers. The apps on iPhones and Androids are the most prolific spies of user whereabouts and whatabouts. But they aren’t the only ones. Take televisions. In the 2016 election, campaigns began targeting satellite-television ads to particular households. That technology was credited with helping Sen. Bernie Sanders target voters to eke out a surprise victory over Hillary Clinton in Michigan’s presidential primary. Now, a person’s television may be telling candidates a lot more than many people would care to share. Some newer smart-television systems, including units made by Vizio, can monitor everything a person watches and send the information to data brokers. Campaigns can buy that information and use it to beam ads that either complement a narrative broadcast by such networks as FOX News or MSNBC — or counter-program against it. Or a campaign might look for frequent watchers of a particular program — bass fishing championships, perhaps, or maybe “The Bachelor.” Campaigns have long targeted viewers of particular programs as likely to support their positions and have bought ads to air during those shows. Now, however, knowing that a person watches a specific program, a campaign can beam ads to the person’s television that would show up the next time the device is turned on, even if the viewer was watching some other show. Feuer said he was surprised to learn from a reporter that political consulting firms are an eager market for tracking information. “It means suddenly a campaign knows whether you are going to a doctor, an Alcoholics Anonymous meeting, where you worship and who knows what else,” Feuer said. At a time foreign agents are commandeering American campaign tools and using them to sow confusion and distrust among voters, Feuer said, the shift toward more tracking and monitoring is particularly concerning.... Just as the antiabortion organizations did around clinics, political campaigns large and small are building “geo-fences” around locations from which they can fetch the unique identifying information of the smartphones of nearly everyone who attended an event. “I don’t think a lot of people are aware their location data is being sent to whomever,” said Justin Croxton, a managing partner at Propellant Media, an Atlanta-area digital firm that works with political campaigns. “The good news is a lot of those people can opt out,” Croxton said. Privacy advocates, however, say opting out can be nearly impossible, as most device users are not even aware of which apps and phone settings are causing them to be surreptitiously monitored, much less in position to understand the intricacies of disabling all the tracking technology. “It is often embedded in apps you would not expect to be spying on you,” said Sean O’Brien, a technology and privacy scholar at Yale Law School. “There is a question of how much people know is being grabbed from an ethical standpoint, even if from a legal standpoint you have technically agreed to this without knowing it.” Once a data broker has identifying information from one device in hand, they can quickly capture information about other, associated devices, such as routers, laptops and smart televisions. Data brokers collect so much location information off phones that they can track a person’s whereabouts months into the past.... The fences can also be used to narrowly target messages into small geographic areas. “If we are sending out a piece of fundraising mail, we will fence the homes where it is being sent for an entire week before,” McShane said. Alternatively, McShane said, his firm might use a fence to build an “echo chamber” for an advocacy group lobbying politicians. Fences can be built around the homes, workplaces, and hangouts of legislators and their families, enabling a campaign to bombard their devices with a message and leave the impression that a group’s campaign is much bigger in scope than it actually is. There is also now a tool to grab a phone’s ID number as its user approaches a digital billboard, so that a custom-tailored message can be transmitted. Which political campaigns and other clients receive all that tracking information can’t be traced. A group of computer scientists at UC Berkeley monitoring tens of thousands of apps has tried. Serge Egelman, research director of the Usable Security & Privacy Group at UC Berkeley’s International Computer Science Institute, said his team can unearth which opaque data brokerages are amassing information, but not which political campaigns or interest groups buy it from them. “There are a lot of industries buying this data for things that most people are not expecting,” Egelman said. Some might be trying to get you to purchase a Volvo, while others aim to manipulate your vote. But none disclose what they know about you and how. “That is the fundamental problem,” Egelman said. “People can’t find that out.”"
Your phone and TV are tracking you, and political campaigns are listening in
Los Angeles Times, 20 February 2019

"Google has acknowledged that it made an error in not disclosing that one of its home alarm products contained a microphone. Product specifications for the Nest Guard, available since 2017, had made no mention of the listening device. But earlier this month, the firm said a software update would make Nest Guard voice-controlled. On Twitter, concerned Nest owners were told the microphone "has not been used up to this point”. Business Insider was first to report the development. The Nest Guard is one component in the Nest Secure range of home security products. The system includes various sensors that can be monitored remotely by the user. Nest Guard is an all-in-one alarm, keypad, and motion sensor but, despite being announced well over a year ago, the word “microphone” was only added to the product’s specification this month. The change coincided with the announcement that it was now compatible with Google Assistant."
Google admits error over hidden microphone
BBC, 20 February 2019

"A Chinese surveillance firm is tracking the movements of more than 2.5 million people in the far-western Xinjiang region, according to a data leak flagged by a Dutch internet expert. An online database containing names, ID card numbers, birth dates and location data was left unprotected for months by Shenzhen-based facial-recognition technology company SenseNets Technology Ltd, according to Victor Gevers, co-founder of non-profit organization GDI.Foundation, who first noted the vulnerability in a series of social media posts last week. Exposed data also showed about 6.7 million location data points linked to the people which were gathered within 24 hours, tagged with descriptions such as “mosque”, “hotel,” “internet cafe” and other places where surveillance cameras were likely to be found. “It was fully open and anyone without authentication had full administrative rights. You could go in the database and create, read, update and delete anything,” said Gevers.  China has faced an outcry from activists, scholars, foreign governments and U.N. rights experts over what they call mass detentions and strict surveillance of the mostly Muslim Uighur minority and other Muslim groups who call Xinjiang home.(tinyurl.com/y9zzouss). According to its website, SenseNets works with China’s police across several cities. Its Shenzhen-listed parent company NetPosa Technologies Ltd has offices in a majority of Chinese provinces and regions, including Xinjiang."
China surveillance firm tracking millions in Xinjiang: researcher
Reuters, 17 February 2019

"Some apps may track your activity over time, even when you tell them to forget the past. And there's nothing you can do about it. Roughly 17,000 Android apps collect identifying information that creates a permanent record of the activity on your device, according to research from the International Computer Science Institute that was shared with CNET. The data collection appears to violate the search giant's policy on collecting data that can be used to target users for advertising in most cases, the researchers said. The apps can track you by linking your Advertising ID -- a unique but resettable number used to tailor advertising -- with other identifiers on your phone that are difficult or impossible to change. Those IDs are the device's unique signatures: the MAC address, IMEI and Android ID. Less than a third of the apps that collect identifiers take only the Advertising ID, as recommended by Google's best practices for developers. "Privacy disappears" when apps collect those persistent identifiers, said Serge Egelman, who led the research. He said his team, which reported the findings to Google in September, observed most of the apps sending identifying information to advertising services, an apparent violation of Google's policies. The company's policies allow developers to collect the identifiers but forbid them from combining the Advertising ID with hardware IDs without explicit consent of the user, or from using the identifiers that can't be reset, to target ads. What's more, Google's best practices for developers recommend collecting only the Advertising ID. The behavior fits into the tech industry's long history of creating privacy measures that websites and app developers quickly learn to bypass. Adobe, for instance, was forced to address Flash cookies in 2011 after complaints that the snippets of software could survive in your web browser even after you cleared all your cookies. Similar complaints arose in 2014 over Verizon's and AT&T's use of so-called "supercookies," which tracked users across multiple devices and couldn't be cleared. In 2012, Microsoft accused Google of circumventing its P3P web privacy standard, which let users of the Internet Explorer browser set their preferences for cookies....Data collected by mobile apps has provoked even broader scrutiny because of the explosion of smartphones and tablets. In January, Facebook and Google were both found to have used a developer tool to circumvent Apple's privacy rules and build iOS apps that collect user information. Facebook's Cambridge Analytica scandal in 2018 and other privacy controversies have sparked greater scrutiny over how data is being collected and used.... Egelman's team, which previously found around 6,000 children's apps improperly collecting data, said Thursday that big-name apps for adults are sending permanent identifiers to advertising services. The apps included included Angry Birds Classic, the popular smartphone game, as well as Audiobooks by Audible and Flipboard. Clean Master, Battery Doctor and Cheetah Keyboard, all utilities developed by Cheetah Mobile, were also found to send permanent info to advertising networks. All of these apps have been installed on at least 100 million devices. Clean Master, a phone utility that includes antivirus and phone optimization services, has been installed on 1 billion devices.... A Cheetah Mobile spokesman said in an email that its apps send a device's Android ID to a company that helps it track installations of its products. The information isn't used for targeted ads, and the company complies with all relevant Google policies and laws, the spokesman said. He added that the version of Battery Doctor tested by the researchers was out of date; Cheetah Mobile updated the app in 2018 to no longer collect the IMEI....The data collection identified by Egelman and his team is similar to an issue that got Uber in trouble with Apple in 2015. According to The New York Times, Apple CEO Tim Cook was furious to learn that Uber was collecting iOS users' hardware identifiers against Apple's policies and threatened to remove the Uber app from the App Store.... The researchers configured a version of Android that let them track which identifiers an app collected and then ran thousands of apps on the modified software. Egelman said that changing your Advertising ID should serve the same function as clearing out your web browsing data. When you clear cookies, websites you visited in the past won't recognize you. That stops them from building up data about you over time. But you can't reset other identifiers, like the MAC address and IMEI. The MAC address is a unique identifier that your device broadcasts to internet connections like Wi-Fi routers. The IMEI is an identifier for your specific device. Both identifiers can sometimes be used to prevent stolen phones from accessing a cellular network. The Android ID is another identifier that's unique to each device. It can be reset, but only if you run a factory reset of your device."
These Android apps have been tracking you, even when you say stop
CNet, 14 February 2019

"As Amazon.com Inc. and Google work to place their smart speakers at the center of the internet-connected home, both technology giants are expanding the amount of data they gather about customers who use their voice software to control other gadgets. For several years, Amazon and Google have collected data every time someone used a smart speaker to turn on a light or lock a door. Now they’re asking smart-home gadget makers such as Logitech and Hunter Fan Co. to send a continuous stream of information. In other words, after you connect a light fixture to Alexa, Amazon wants to know every time the light is turned on or off, regardless of whether you asked Alexa to toggle the switch. Televisions must report the channel they’re set to. Smart locks must keep the company apprised whether or not the front door bolt is engaged. This information may seem mundane compared with smartphone geolocation software that follows you around or the trove of personal data Facebook Inc. vacuums up based on your activity. But even gadgets as simple as light bulbs could enable tech companies to fill in blanks about their customers and use the data for marketing purposes. Having already amassed a digital record of activity in public spaces, critics say, tech companies are now bent on establishing a beachhead in the home. “You can learn the behaviors of a household based on their patterns,” says Brad Russell, who tracks smart home products for researcher Parks Associates Inc. “One of the most foundational things is occupancy. There’s a lot they could do with that.”.... Smart speakers are among the fastest growing categories of consumer electronics, led by Amazon’s Echo and Google’s Home devices. That’s pushed the companies and their Alexa and Assistant software deeper into debates about the tradeoffs between useful services and the harvesting of personal data."
Your Smart Light Can Tell Amazon and Google When You Go to Bed
Bloomberg, 13 February 2019

"... one of the stories we were able to report using the Snowden documents, one that received less attention that it should have, is an active NSA program to collect the online sex activities, including browsing records of porn site and sex chats, of people regarded by the U.S. Government as radical or radicalizing in order to use their online sex habits to destroy their reputations. This is what and who the NSA, CIA and FBI are and long have been. If [Amazon's Jeff] Bezos were the political victim of surveillance state abuses, it would be scandalous and dangerous. It would also be deeply ironic. That’s because Amazon, the company that has made Bezos the planet’s richest human being, is a critical partner for the U.S. Government in building an ever-more invasive, militarized and sprawling surveillance state. Indeed, one of the largest components of Amazon’s business, and thus one of the most important sources of Bezos’ vast wealth and power, is working with the Pentagon and the NSA to empower the U.S. Government with more potent and more sophisticated weapons, including surveillance weapons. In December, 2017, Amazon boasted that it had perfected new face-recognition software for crowds, which it called Rekognition. It explained that the product is intended, in large part, for use by governments and police forces around the world. The ACLU quickly warned that the product is “dangerous” and that Amazon “is actively helping governments deploy it.” “Powered by artificial intelligence,” wrote the ACLU, “Rekognition can identify, track, and analyze people in real time and recognize up to 100 people in a single image. It can quickly scan information it collects against databases featuring tens of millions of faces.” The group warned: “Amazon’s Rekognition raises profound civil liberties and civil rights concerns.” In a separate advisory, the ACLU said of this face-recognition software that Amazon’s “marketing materials read like a user manual for the type of authoritarian surveillance you can currently see in China.” BuzzFeed obtained documents showing details of Amazon’s work in implementing the technology with the Orlando Police Department, ones that “reveal the accelerated pace at which law enforcement is embracing facial recognition tools with limited training and little to no oversight from regulators or the public.”Numerous lawmakers, including Congress’ leading privacy advocates, wrote a letter in July, 2018, expressing grave concerns about how this software and similar mass-face-recognition programs would be used by government and law enforcement agencies. They posed a series of questions based on their concern that “this technology comes with inherent risks, including the compromising of Americans’ right to privacy, as well as racial and gender bias.” In a separate article about Amazon’s privacy threats, the ACLU explained that the group “and other civil rights groups have repeatedly warned that face surveillance poses an unprecedented threat to civil liberties and civil rights that must be stopped before it becomes widespread.” Amazon’s extensive relationship with the NSA, FBI, Pentagon and other surveillance agencies in the west is multi-faceted, highly lucrative and rapidly growing. Last March, the Intercept reported on a new app that Amazon developers and British police forces have jointly developed to use on the public in police work, just “the latest example of third parties aiding, automating, and in some cases, replacing, the functions of law enforcement agencies — and raises privacy questions about Amazon’s role as an intermediary.”...Then there are the serious privacy dangers posed by Amazon’s “Ring” camera products, revealed in the Intercept last month by Sam Biddle. As he reported, Amazon’s Ring, intended to be a home security system, has “a history of lax, sloppy oversight when it comes to deciding who has access to some of the most precious, intimate data belonging to any person: a live, high-definition feed from around — and perhaps inside — their house.”... Bezos’ relationship with the military and intelligence wings of the U.S. Government is hard to overstate. Just last October, his company, Blue Origin, won a $500 million contract from the U.S. Air Force to help develop military rockets and spy satellites. Bezos personally thanked them in a tweet, proclaiming how “proud” he is “to serve the national security space community.”.... Then there’s the patent Amazon obtained last October, as reported by the Intercept, “that would allow its virtual assistant Alexa to decipher a user’s physical characteristics and emotional state based on their voice.” In particular, it would enable anyone using the product to determine a person’s accent and likely place of origin: “The algorithm would also consider a customer’s physical location — based on their IP address, primary shipping address, and browser settings — to help determine their accent.”... Bezos’ relationship with the military and spying agencies of the U.S. Government, and law enforcement agencies around the world, predates his purchase of the Washington Post and has become a central prong of Amazon’s business growth. Back in 2014, Amazon secured a massive contract with the CIA when the spy agency agreed to pay it $600 million for computing cloud software. As the Atlantic noted at the time, Amazon’s software “will begin servicing all 17 agencies that make up the intelligence community.”... Jeff Bezos is as entitled as anyone else to his personal privacy. The threats from the National Enquirer are grotesque. If Bezos’ preemptive self-publishing of his private sex material reduces the unwarranted shame and stigma around adult consensual sexual activities, that will be a societal good. But Bezos, given how much he works and profits to destroy the privacy of everyone else (to say nothing of the labor abuses of his company), is about the least sympathetic victim imaginable of privacy invasion. In the past, hard-core surveillance cheerleaders in Congress such as Dianne Feinstein, Pete Hoekstra, and Jane Harman became overnight, indignant privacy advocates when they learned that the surveillance state apparatus they long cheered had been turned against them. Perhaps being a victim of privacy invasion will help Jeff Bezos realize the evils of what his company is enabling. Only time will tell. As of now, one of the world’s greatest privacy invaders just had his privacy invaded. As the ACLU put it: “Amazon is building the tools for authoritarian surveillance that advocates, activists, community leaders, politicians, and experts have repeatedly warned against.'”
Jeff Bezos Protests the Invasion of His Privacy, as Amazon Builds a Sprawling Surveillance State for Everyone Else
The Intercept, 8 February 2019