Fone Fun | The Cat Herder, Volume 2, Issue 22

A busy enough week for regulatory activity and we see how the entire infrastructure of a city can eas   June 16 · Issue #38 · View online A busy enough week for regulatory activity and we see how the entire infrastructure of a city can easily be used as a means of surveillance. 😼 Fone. Fun. Shop. What a laff, eh? Police forensics contractor 'sent phones to Fone Fun Shop' | UK news | The Guardian www.theguardian.com – Share Digital evidence lab Sytech loses accreditation after former employee raised concerns Yes they did. Some researchers collected some pictures of some people’s faces at a university. The project was reviewed by the university’s Institutional Review Board and approved. That sounds like a process which is working as intended, right? However, there wasn’t anything in this process to act as a safeguard against the researchers just lying about what they were going to do with the data collected. Schoenfeld explained that the investigation revealed that the Duke study’s data was “neither collected nor made available to the public consistent with the terms of the study that had been approved by the Institutional Review Board.” A Duke study recorded thousands of students’ faces. Now they’re being used all over the world - The Chronicle www.dukechronicle.com – Share Researchers employed the surveillance footage data to test and improve facial recognition technology. The data has been linked to the Chinese government’s surveillance of ethnic minorities. It will. It probably is already. For informed consent using beacons, you have to first know that the beacons exist. Then, you have to know which places use them, but venues and stores don’t put up signs or inform their customers. You can download an app like Beacon Scanner and scan for beacons when you enter a store. But even if you detect the beacons, you don’t know who is collecting the data. Let’s say you visit Target; it might be collecting data from you, but it might rent its beacons out to other businesses, allowing them to monitor your location.  In Stores, Secret Bluetooth Surveillance Tracks Your Every Move - The New York Times www.nytimes.com – Share As you shop, “beacons” are watching you, using hidden technology in your phone. The Spanish Data Protection Authority, the AEPD, has fined La Liga €250,000 for an app which accessed microphones on devices and cross-referenced this with location data. Lack of transparency and an inability for users to withdraw consent were cited as primary concerns. ‘La Liga Handed $280,000 GDPR Fine For 'Spying’ On Fans Watching Pirated Streams’, Forbes — The Danish Data Protection Authority has recommended a fine of around €200,000 (1,500,000 DKK) be issued to a retailer for failure to delete the personal data of customers when it was no longer required for the purpose for which it had been collected i.e. not adhering to the principle of storage limitation. — Back in April the Italian Data Protection Authority, the Garante, fined a retailer €2,018,000 for multiple offences. Based on pre-GDPR law the infractions included processing of personal data for marketing purposes without consent and international transfers to a third country without adequate safeguards. Original (in Italian) Translation (Google Translate) — The Swedish Data Protection Authority has opened an investigation into the adequacy and completeness of Spotify’s responses to subject access requests. — The Information Commissioner’s Office in the UK has apparently said its cookie consent notice isn’t up to scratch and the notice will be updated shortly. Which is a tad awkward. “…  the giant tech companies can make a credible claim to be the defenders of privacy, just like a dragon can truthfully boast that it is good at protecting its hoard of gold. Nobody spends more money securing user data, or does it more effectively, than Facebook and Google. The question we need to ask is not whether our data is safe, but why there is suddenly so much of it that needs protecting. The problem with the dragon, after all, is not its stockpile stewardship, but its appetite.” From Maciej Ceglowski‘s latest essay, 'The New Wilderness’. “Hong Kong’s tech-savvy protesters are going digitally dark as they try to avoid surveillance and potential future prosecutions, disabling location tracking on their phones, buying train tickets with cash and purging their social media conversations” writes Elaine Yu. In The New York Times Paul Mozur and Alexandra Stevenson also cover the Hong Kong protests and how they’ve been shaped by the authorities’ use of the surveillance architecture that is common to many modern cities and indeed modern life (messaging apps, facial recognition databases, transit tracking), and the protestors’ attempts to evade this surveillance. “On Wednesday, several protesters shouted at bystanders taking photos and selfies, asking those who were not wearing press passes to take pictures only of people wearing masks. Later, a scuffle broke out between protesters and bystanders who were taking photos on a bridge over the main protest area.” “I quit AdTech because of these thoughts. I couldn’t, in good conscience, work in an industry that I felt was actively making the world worse. Pervasive tracking is fundamentally encouraged by these systems and power structures. Tracking is bad, because even if you don’t have anything to hide now, you may find that your past activities make you a target under a future political system.” Tom Lockwood provides a detailed explanation of how adtech works and how Google and Facebook, current owners of the majority of the casinos, and all the other companies involved have no incentive to decrease the amount of tracking and surveillance the entire industry now requires in order to function. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

A busy enough week for regulatory activity and we see how the entire infrastructure of a city can easily be used as a means of surveillance.

😼

Fone. Fun. Shop. What a laff, eh?

Digital evidence lab Sytech loses accreditation after former employee raised concerns

Some researchers collected some pictures of some people’s faces at a university. The project was reviewed by the university’s Institutional Review Board and approved. That sounds like a process which is working as intended, right?

However, there wasn’t anything in this process to act as a safeguard against the researchers just lying about what they were going to do with the data collected.

Researchers employed the surveillance footage data to test and improve facial recognition technology. The data has been linked to the Chinese government’s surveillance of ethnic minorities.

As you shop, “beacons” are watching you, using hidden technology in your phone.

The Spanish Data Protection Authority, the AEPD, has fined La Liga €250,000 for an app which accessed microphones on devices and cross-referenced this with location data. Lack of transparency and an inability for users to withdraw consent were cited as primary concerns.

‘La Liga Handed $280,000 GDPR Fine For 'Spying’ On Fans Watching Pirated Streams’, Forbes

—

The Danish Data Protection Authority has recommended a fine of around €200,000 (1,500,000 DKK) be issued to a retailer for failure to delete the personal data of customers when it was no longer required for the purpose for which it had been collected i.e. not adhering to the principle of storage limitation.

—

Back in April the Italian Data Protection Authority, the Garante, fined a retailer €2,018,000 for multiple offences. Based on pre-GDPR law the infractions included processing of personal data for marketing purposes without consent and international transfers to a third country without adequate safeguards.

Original (in Italian)

Translation (Google Translate)

—

The Swedish Data Protection Authority has opened an investigation into the adequacy and completeness of Spotify’s responses to subject access requests.

—

The Information Commissioner’s Office in the UK has apparently said its cookie consent notice isn’t up to scratch and the notice will be updated shortly. Which is a tad awkward.

• “…  the giant tech companies can make a credible claim to be the defenders of privacy, just like a dragon can truthfully boast that it is good at protecting its hoard of gold. Nobody spends more money securing user data, or does it more effectively, than Facebook and Google. The question we need to ask is not whether our data is safe, but why there is suddenly so much of it that needs protecting. The problem with the dragon, after all, is not its stockpile stewardship, but its appetite.” From Maciej Ceglowski‘s latest essay, 'The New Wilderness’.
• “Hong Kong’s tech-savvy protesters are going digitally dark as they try to avoid surveillance and potential future prosecutions, disabling location tracking on their phones, buying train tickets with cash and purging their social media conversations” writes Elaine Yu.
• In The New York Times Paul Mozur and Alexandra Stevenson also cover the Hong Kong protests and how they’ve been shaped by the authorities’ use of the surveillance architecture that is common to many modern cities and indeed modern life (messaging apps, facial recognition databases, transit tracking), and the protestors’ attempts to evade this surveillance. “On Wednesday, several protesters shouted at bystanders taking photos and selfies, asking those who were not wearing press passes to take pictures only of people wearing masks. Later, a scuffle broke out between protesters and bystanders who were taking photos on a bridge over the main protest area.”
• “I quit AdTech because of these thoughts. I couldn’t, in good conscience, work in an industry that I felt was actively making the world worse. Pervasive tracking is fundamentally encouraged by these systems and power structures. Tracking is bad, because even if you don’t have anything to hide now, you may find that your past activities make you a target under a future political system.” Tom Lockwood provides a detailed explanation of how adtech works and how Google and Facebook, current owners of the majority of the casinos, and all the other companies involved have no incentive to decrease the amount of tracking and surveillance the entire industry now requires in order to function.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.