Privacy Kit

Subscribe
Archives
March 1, 2020

A Clear View | The Cat Herder, Volume 3, Issue 7

The listening devices keep on listening. Who's using facial recognition? Anyone who can get a free tr
 
March 1 · Issue #71 · View online
The Cat Herder
The listening devices keep on listening. Who’s using facial recognition? Anyone who can get a free trial account from Clearview AI.
😼

Microphones have been around for well over a century. They can record.
The internet and the client-server model of computing have been around for quite a while. Half a century or so.
The joining of these dots continues.
Law professionals banned from working at home near Alexa devices | Business Post
www.businesspost.ie – Share
One of Ireland’s largest law firms has banned staff from working from home in rooms with smart speaker systems, following concerns about leaks
—
In fact it is already
In fact it is already
A few weeks back a story about a company called Clearview AI broke in The New York Times. We mentioned it in this newsletter two weeks ago. There was a lot of follow-up coverage and interest in the company and its capabilities.
On the 18th February RTE Radio One’s Drivetime had a segment about the story, and facial recognition more generally. In this segment Philip Boucher Hayes says “I asked An Garda Siochana had they been approached by Clearview and had they used the app on trial. They said that they had no relationship with this company and haven’t deployed any such technology.”
About a week after that segment was broadcast, Clearview AI’s client list was stolen. On Friday BuzzFeed reported that “Clearview AI has expanded to at least 26 countries outside the US, engaging national law enforcement agencies, government bodies, and police forces in Australia, Belgium, Brazil, Canada, Denmark, Finland, France, Ireland, India, Italy, Latvia, Lithuania, Malta, the Netherlands, Norway, Portugal, Serbia, Slovenia, Spain, Sweden, Switzerland, and the United Kingdom.”
Later on Friday BuzzFeed added some more detail in a second story: “Ireland’s national police service also had registered users who ran searches under Clearview dozens of times in recent months, according to the data. Both this organisation and North Yorkshire Police did not respond to requests for comment in time for publication.”
Truly a mystery.
More:
‘Apple Just Disabled Clearview AI’s iPhone App For Breaking Its Rules On Distribution’, BuzzFeed
‘Here’s the File Clearview AI Has Been Keeping on Me, and Probably on You Too’, Motherboard
‘We Found Clearview AI’s Shady Face Recognition App’, Gizmodo
‘YouTube demands Clearview AI stop scraping its videos for facial recognition database’, The Verge
‘Google, YouTube, Venmo and LinkedIn send cease-and-desist letters to facial recognition app that helps law enforcement’, CBS
‘Facebook and LinkedIn are latest to demand Clearview stop scraping images for facial recognition tech’, The Verge
The government may have ended but the not-at-all-subtle attempts to force ever more people into the state’s biometric database continue.
Simon McGarr
Simon McGarr
@Tupp_Ed
The DPC found requiring a PSC to access rights (like childcare payments here) was unlawful.

In response the Dept of Children, with bad grace, said it would provide an alternative method, in Jan.

It didn’t.
Still hasn’t. https://t.co/JTRqeFonkI
8:52 PM - 28 Feb 2020
A court in France upheld the CNIL’s concerns over a facial recognition trial carried out in two schools, one in Nice and one in Marseille. The CNIL had held that using a facial recognition system in this way quite obviously failed the necessity and proportionality test.
In Ireland we await the report on the second strand of the DPC’s investigation into the Department of Employment Affairs and Social Protection’s casually-assembled-without-so-much-as-a-business-csae biometric database. Necessity and proportionality will no doubt feature heavily.
—
The EDPB’s eighteenth plenary session adopted four documents:
  • The EDPB’s contribution to the Article 97 review of the GDPR
  • Guidelines on transfers of personal data between EEA and non-EEA public authorities and bodies
  • A statement on the privacy implications of mergers
  • A letter to HODA Holistic Data Activation
There are links to all of these here.
—
“Facebook has confirmed that the Election Day Reminder feature will not be activated during any EU elections pending a response to the DPC addressing the concerns raised.” The DPC announced - several weeks after the event - that it had required Facebook to take a number of remedial actions before launching its Election Day Reminder feature across Europe.
  • Remember folks, anonymisation is effectively impossible nowadays, and anyone who claims they can anonymise personal data should be treated with scepticism. “The data being sent to companies’ servers is anonymized, tied to unique identifiers specific to users’ devices. But extensive research has shown that such data can usually be easily "de-anonymized” by connecting a few known data points about a person.“ writes Aaron Brown in his examination of how the most popular web browsers handle personal data, for Business Insider.
  • "Facebook’s tracking pixels and social plugins — aka the share/like buttons that pepper the mainstream web — have created a vast tracking infrastructure which silently informs the tech giant of Internet users’ activity, even when a person hasn’t interacted with any Facebook-branded buttons.” ‘Facebook’s latest ‘transparency’ tool doesn’t offer much — so we went digging’, Natasha Lomas, Techcrunch
  • Writing for C|Net, Alfred Ng looks at how a location-tracking company whose software is already deployed in prisons is looking to move into schools. “this type of dragnet surveillance raises privacy concerns, with every device being tracked and followed on a constant basis, not just the ones related to potential threats. Parents may consider buying a tracker for their own child. But it’s another thing if the tracking is being implemented across the board at schools, requiring parents to opt out if they don’t want their kids tracked.”
  • The Markup launched with an investigation by Maddy Varner and Aaron Sankin into the use of algorithms to determine pricing in the insurance industry in the US. “"Allstate argued regulators should approve the algorithm it was proposing because the variables inside of it comply with state law—which is akin to telling city inspectors that they have to approve a house, no matter how it’s constructed, because all the bricks, wires and pipes would individually be up to code.”
  • The Irish Supreme Court referred Graham Dwyer’s appeal to the CJEU. In the light of this and particularly the Chief Justice’s comments about the lawfulness of and requirement for a system of general retention of phone data, it’s worth reading Charlie Savage’s piece ‘N.S.A. Phone Program Cost $100 Million, but Produced Only Two Unique Leads’ in The New York Times. “the high expense and low utility of the call records collected sheds new light on the National Security Agency’s decision in 2019 to shutter the program amid recurring technical headaches, halting a counterterrorism effort that has touched off disputes about privacy and the rule of law since the Sept. 11, 2001, attacks.”
——
Endnotes & Credits
  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland

The listening devices keep on listening. Who’s using facial recognition? Anyone who can get a free trial account from Clearview AI.

😼

Microphones have been around for well over a century. They can record.

The internet and the client-server model of computing have been around for quite a while. Half a century or so.

The joining of these dots continues.

One of Ireland’s largest law firms has banned staff from working from home in rooms with smart speaker systems, following concerns about leaks

—

A few weeks back a story about a company called Clearview AI broke in The New York Times. We mentioned it in this newsletter two weeks ago. There was a lot of follow-up coverage and interest in the company and its capabilities.

On the 18th February RTE Radio One’s Drivetime had a segment about the story, and facial recognition more generally. In this segment Philip Boucher Hayes says “I asked An Garda Siochana had they been approached by Clearview and had they used the app on trial. They said that they had no relationship with this company and haven’t deployed any such technology.”

About a week after that segment was broadcast, Clearview AI’s client list was stolen. On Friday BuzzFeed reported that “Clearview AI has expanded to at least 26 countries outside the US, engaging national law enforcement agencies, government bodies, and police forces in Australia, Belgium, Brazil, Canada, Denmark, Finland, France, Ireland, India, Italy, Latvia, Lithuania, Malta, the Netherlands, Norway, Portugal, Serbia, Slovenia, Spain, Sweden, Switzerland, and the United Kingdom.”

Later on Friday BuzzFeed added some more detail in a second story: “Ireland’s national police service also had registered users who ran searches under Clearview dozens of times in recent months, according to the data. Both this organisation and North Yorkshire Police did not respond to requests for comment in time for publication.”

Truly a mystery.

More:

‘Apple Just Disabled Clearview AI’s iPhone App For Breaking Its Rules On Distribution’, BuzzFeed

‘Here’s the File Clearview AI Has Been Keeping on Me, and Probably on You Too’, Motherboard

‘We Found Clearview AI’s Shady Face Recognition App’, Gizmodo

‘YouTube demands Clearview AI stop scraping its videos for facial recognition database’, The Verge

‘Google, YouTube, Venmo and LinkedIn send cease-and-desist letters to facial recognition app that helps law enforcement’, CBS

‘Facebook and LinkedIn are latest to demand Clearview stop scraping images for facial recognition tech’, The Verge

The government may have ended but the not-at-all-subtle attempts to force ever more people into the state’s biometric database continue.

The DPC found requiring a PSC to access rights (like childcare payments here) was unlawful.

In response the Dept of Children, with bad grace, said it would provide an alternative method, in Jan.

It didn’t.
Still hasn’t. pic.twitter.com/JTRqeFonkI

— Simon McGarr @Tupp_ed@mastodon.ie (@Tupp_Ed) February 28, 2020

A court in France upheld the CNIL’s concerns over a facial recognition trial carried out in two schools, one in Nice and one in Marseille. The CNIL had held that using a facial recognition system in this way quite obviously failed the necessity and proportionality test.

In Ireland we await the report on the second strand of the DPC’s investigation into the Department of Employment Affairs and Social Protection’s casually-assembled-without-so-much-as-a-business-csae biometric database. Necessity and proportionality will no doubt feature heavily.

—

The EDPB’s eighteenth plenary session adopted four documents:

  • The EDPB’s contribution to the Article 97 review of the GDPR
  • Guidelines on transfers of personal data between EEA and non-EEA public authorities and bodies
  • A statement on the privacy implications of mergers
  • A letter to HODA Holistic Data Activation

There are links to all of these here.

—

“Facebook has confirmed that the Election Day Reminder feature will not be activated during any EU elections pending a response to the DPC addressing the concerns raised.” The DPC announced - several weeks after the event - that it had required Facebook to take a number of remedial actions before launching its Election Day Reminder feature across Europe.

  • Remember folks, anonymisation is effectively impossible nowadays, and anyone who claims they can anonymise personal data should be treated with scepticism. “The data being sent to companies’ servers is anonymized, tied to unique identifiers specific to users’ devices. But extensive research has shown that such data can usually be easily "de-anonymized” by connecting a few known data points about a person.“ writes Aaron Brown in his examination of how the most popular web browsers handle personal data, for Business Insider.
  • "Facebook’s tracking pixels and social plugins — aka the share/like buttons that pepper the mainstream web — have created a vast tracking infrastructure which silently informs the tech giant of Internet users’ activity, even when a person hasn’t interacted with any Facebook-branded buttons.” ‘Facebook’s latest ‘transparency’ tool doesn’t offer much — so we went digging’, Natasha Lomas, Techcrunch
  • Writing for C|Net, Alfred Ng looks at how a location-tracking company whose software is already deployed in prisons is looking to move into schools. “this type of dragnet surveillance raises privacy concerns, with every device being tracked and followed on a constant basis, not just the ones related to potential threats. Parents may consider buying a tracker for their own child. But it’s another thing if the tracking is being implemented across the board at schools, requiring parents to opt out if they don’t want their kids tracked.”
  • The Markup launched with an investigation by Maddy Varner and Aaron Sankin into the use of algorithms to determine pricing in the insurance industry in the US. “"Allstate argued regulators should approve the algorithm it was proposing because the variables inside of it comply with state law—which is akin to telling city inspectors that they have to approve a house, no matter how it’s constructed, because all the bricks, wires and pipes would individually be up to code.”
  • The Irish Supreme Court referred Graham Dwyer’s appeal to the CJEU. In the light of this and particularly the Chief Justice’s comments about the lawfulness of and requirement for a system of general retention of phone data, it’s worth reading Charlie Savage’s piece ‘N.S.A. Phone Program Cost $100 Million, but Produced Only Two Unique Leads’ in The New York Times. “the high expense and low utility of the call records collected sheds new light on the National Security Agency’s decision in 2019 to shutter the program amid recurring technical headaches, halting a counterterrorism effort that has touched off disputes about privacy and the rule of law since the Sept. 11, 2001, attacks.”

——

Endnotes & Credits

  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.

Don't miss what's next. Subscribe to Privacy Kit:
X
Powered by Buttondown, the easiest way to start and grow your newsletter.