March 8, 2020

"an irreparable error" | The Cat Herder, Volume 3, Issue 8

The Clearview AI story seems endless and bottomless. In regulatorville some fines are issued and a pu   March 8 · Issue #72 · View online The Clearview AI story seems endless and bottomless. In regulatorville some fines are issued and a public spat continues. 😼 Why unfettered access to facial recognition tools with no safeguards whatsoever is a bad thing is illustrated by this week’s reporting on Clearview AI. Before Clearview Became a Police Tool, It Was a Secret Plaything of the Rich - The New York Times www.nytimes.com – Share Investors and clients of the facial recognition start-up freely used the app on dates and at parties — and to spy on the public. Clearview AI: We Are ‘Working to Acquire All U.S. Mugshots’ From Past 15 Years onezero.medium.com – Share Clearview AI worked to build a national database of every mug shot taken in the United States during the past 15 years, according to an email obtained by OneZero through a public records request… The Facial Recognition Company That Scraped Facebook And Instagram Photos Is Developing Surveillance Cameras www.buzzfeednews.com – Share Clearview AI is operating a sister entity called Insight Camera that’s been experimenting with live facial recognition, according to documents seen by BuzzFeed News and companies that have used it. Of course it could Virgin Media breach 'linked customers to porn' - BBC News www.bbc.com – Share Researchers say a breached Virgin Media database contained more details than the company suggested. — “China is requiring people to use an app so they can be assigned a color code — green, yellow or red — that indicates their health status. However, the app appears to send personal data to police, in a troubling precedent for automated social control.” In Coronavirus Fight, China Gives Citizens a Color Code, With Red Flags - The New York Times www.nytimes.com – Share The enforcement notice appeals process begins. The processing of millions of people’s biometric data continues. Minister claims Data Protection Commission erred in findings on Public Services Card www.irishtimes.com – Share Report said no legal basis for people to need card for anything other than obtaining welfare payments The Dutch Data Protection Authority fined the tennis association KNLTB €525,000 for selling the personal data of members to two sponsors. — The Polish Data Protection Authority fined a school 20,000 Zloty (~€4,650) for using biometric data to grant access to a school canteen. — The ICO fined Cathay Pacific £500,000 for a data breach which exposed about 9.5 million people’s personal data. — The Swedish Data Protection Authority has opened an investigation into the use of Clearview AI by Swedish authorities. Google Translate — The Norwegian Data Protection Authority fined the Norwegian roads authority 4 million kroner (~€385,000) for excessive retention of personal data collected from tolls. (PDF, in Norwegian) — The DPC prosecuted Three and Mizzoni’s Pizza & Pasta Company for sending SMS spam. (Contrary to what the headline on the story says, neither of the companies was fined. This is explained in the story.) — Meanwhile Helen Dixon and Ulrich Kelber continued publicly testing the boundaries of the cooperation and consistency mechanism. German anger at Helen Dixon's defence of Ireland's record on tech multinational investigations www.independent.ie – Share Germany’s federal commissioner for data protection, Ulrich Kelber, has reacted angrily to comments made by Ireland’s data regulator, Helen Dixon, in which she defended Ireland’s record on tech multinational investigations. “It will be an irreparable error to allow GMI to collect up this genetic data and hold it as a corporate, private asset, selling access to it for profit. If there is to be a research benefit from genetic data, it is critical that we do not allow the privatisation of the critical private data of individuals.” Simon McGarr in The Journal on the huge, glaring, government-funded problems with Genomics Medicine Ireland’s activities. “In some cases, the $1 trillion company has maneuvered to access valuable patient data without handing over any money. It does so through contracts that promise hospitals and universities early access to its predictive algorithms in exchange for data.” Writing for Business Insider, Aaron Holmes looks at Google’s thirst for health data, and the ensuing lawsuits. This Twitter thread by Alexander Martin of Sky on the first full year report of the Investigatory Powers Commissioner’s Office, the UK’s surveillance watchdog. “Despite knowing (!!) that an address had been flagged up as the location of someone uploading indecent images of children to the internet because of [a] typo, the police decided to visit it anyway to establish if there was any connection to the suspect.” “In it, they demanded records of all devices using Google services that had been near the woman’s home when the burglary was thought to have taken place. The first batch of data would not include any identifying information. Police would sift through it for devices that seemed suspicious and ask Google for the names of their users … There have been very few court challenges to Google geofence warrants, mainly because the warrants are done in secret and defense lawyers may not realize the tool was used to identify their clients.” Jon Schuppe for NBC on the consequences for innocent individuals of the use of geofence warrants by US law enforcement. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

The Clearview AI story seems endless and bottomless. In regulatorville some fines are issued and a public spat continues.

😼

Why unfettered access to facial recognition tools with no safeguards whatsoever is a bad thing is illustrated by this week’s reporting on Clearview AI.

Investors and clients of the facial recognition start-up freely used the app on dates and at parties — and to spy on the public.

Clearview AI worked to build a national database of every mug shot taken in the United States during the past 15 years, according to an email obtained by OneZero through a public records request…

Clearview AI is operating a sister entity called Insight Camera that’s been experimenting with live facial recognition, according to documents seen by BuzzFeed News and companies that have used it.

Researchers say a breached Virgin Media database contained more details than the company suggested.

—

“China is requiring people to use an app so they can be assigned a color code — green, yellow or red — that indicates their health status. However, the app appears to send personal data to police, in a troubling precedent for automated social control.”

The enforcement notice appeals process begins. The processing of millions of people’s biometric data continues.

Report said no legal basis for people to need card for anything other than obtaining welfare payments

The Dutch Data Protection Authority fined the tennis association KNLTB €525,000 for selling the personal data of members to two sponsors.

—

The Polish Data Protection Authority fined a school 20,000 Zloty (~€4,650) for using biometric data to grant access to a school canteen.

—

The ICO fined Cathay Pacific £500,000 for a data breach which exposed about 9.5 million people’s personal data.

—

The Swedish Data Protection Authority has opened an investigation into the use of Clearview AI by Swedish authorities.

Google Translate

—

The Norwegian Data Protection Authority fined the Norwegian roads authority 4 million kroner (~€385,000) for excessive retention of personal data collected from tolls. (PDF, in Norwegian)

—

The DPC prosecuted Three and Mizzoni’s Pizza & Pasta Company for sending SMS spam.

(Contrary to what the headline on the story says, neither of the companies was fined. This is explained in the story.)

—

Meanwhile Helen Dixon and Ulrich Kelber continued publicly testing the boundaries of the cooperation and consistency mechanism.

Germany’s federal commissioner for data protection, Ulrich Kelber, has reacted angrily to comments made by Ireland’s data regulator, Helen Dixon, in which she defended Ireland’s record on tech multinational investigations.

• “It will be an irreparable error to allow GMI to collect up this genetic data and hold it as a corporate, private asset, selling access to it for profit. If there is to be a research benefit from genetic data, it is critical that we do not allow the privatisation of the critical private data of individuals.” Simon McGarr in The Journal on the huge, glaring, government-funded problems with Genomics Medicine Ireland’s activities.
• “In some cases, the $1 trillion company has maneuvered to access valuable patient data without handing over any money. It does so through contracts that promise hospitals and universities early access to its predictive algorithms in exchange for data.” Writing for Business Insider, Aaron Holmes looks at Google’s thirst for health data, and the ensuing lawsuits.
• This Twitter thread by Alexander Martin of Sky on the first full year report of the Investigatory Powers Commissioner’s Office, the UK’s surveillance watchdog. “Despite knowing (!!) that an address had been flagged up as the location of someone uploading indecent images of children to the internet because of [a] typo, the police decided to visit it anyway to establish if there was any connection to the suspect.”
• “In it, they demanded records of all devices using Google services that had been near the woman’s home when the burglary was thought to have taken place. The first batch of data would not include any identifying information. Police would sift through it for devices that seemed suspicious and ask Google for the names of their users … There have been very few court challenges to Google geofence warrants, mainly because the warrants are done in secret and defense lawyers may not realize the tool was used to identify their clients.” Jon Schuppe for NBC on the consequences for innocent individuals of the use of geofence warrants by US law enforcement.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.