August 14, 2022
Forensic Kop Shop | The Cat Herder, Volume 5, Issue 31
| |
| August 14 · Issue #193 · View online |
|
|
It feels as if it must be at least a fortnight since we’ve had some good old-fashioned underhanded Facebook shenanigans but those guys always come up with the goods. The EU Commissioner for breaking encryption comes out in defence of her proposal to break encryption. The interesting branding decisions of Forensic Science Ireland. 😼
|
|
|
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) joined the criticism on 29 July, arguing in a joint opinion that the Commission’s proposal “may present more risks to individuals, and, by extension, to society at large than to the criminals pursued for CSAM.”
|
In her rebuttal to the criticism issued in a blog post on Sunday, EU Commissioner for Home Affairs Ylva Johansson said the Better Internet for Kids strategy is “well-reasoned, legally solid and entirely necessary to fight the scourge of child sexual abuse online.”
|
“I am proud of this proposal. It is proportionate and has checks and balances that are rigorous and fair,” the Commissioner wrote.
|
“This legislation is the very best of what the European Union can do,” she concluded.
|
Brussels defends its online child sexual abuse law as 'legally solid' following privacy criticism | Euronews
The Commission’s proposal would require social media platforms and online communications providers to scan all content, even encrypted content, for Child Sexual Abuse Material (CSAM).
|
|
|
During the week there was an item on Morning Ireland on RTÉ Radio One about the security of what is described in the accompanying story on the RTÉ website as Ireland’s “crime-solving DNA database”. The assertion that a database can solve crimes is peculiar in and of itself but we’ll let that slide for now with just a quick nod to Arthur C. Clarke’s Third Law, “Any sufficiently advanced technology is indistinguishable from magic”. |
After listening to the item it was only natural to go and have a quick look at the data protection information published by Forensic Science Ireland. It’s available here. Curiously FSI appears to have two Data Protection Officers, one named in the footer of every page on the website and a different one named in its privacy statement. However, what was most intriguing was the the Forensic KOP Shop Application - what is and isn’t capitalised seems to be somewhat changeable - which I was previously entirely unaware of. |
|
|
|
|
Some unusual branding choices have been made here in both the naming and art style. Or perhaps that’s just me. I was not expecting a tool which is used for the investigation of serious crime to have a name which could have been an unsuccessful spin-off from the popular Police Academy film franchise. Nor was I expecting the login page to look as if I was about to gain access to some Junior Cert chemistry lessons.
|
Anyway, there’s your silly season story from this newsletter. If you’re interested in reading the 2021 Annual Report of the DNA Database System Oversight Committee then you can find it here [PDF]. |
|
|
This marks one of the first instances of a person’s Facebook activity being used to incriminate her in a state where abortion access is restricted — a scenario that has remained largely hypothetical in the weeks following the US Supreme Court’s decision to overturn Roe v. Wade. Nebraska currently outlaws abortions beyond 20 weeks. On Monday, Republican lawmakers in the state failed to secure enough vote to decrease that window to 12 weeks.
|
Facebook Gave Nebraska Cops A Teen’s DMs. They Used Them To Prosecute Her For Having An Abortion.
A Nebraska teenager is facing criminal charges alleging she aborted a fetus in violation of state law, after authorities obtained her Facebook messages using a search warrant.
|
|
|
|
This case out of Nebraska goes to show you that when it comes to abortion surveillance, deleting friends and neighbors who would call the cops on you out of your life is more urgent than deleting say, period tracking apps.
|
|
|
|
|
|
Also this week from the innovation department of the artists formerly known as Facebook:
|
Links to external websites are rendered inside the Instagram app, instead of using the built-in Safari. This allows Instagram to monitor everything happening on external websites, without the consent from the user, nor the website provider. The Instagram app injects their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn’t do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers.
|
iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser · Felix Krause
The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser. This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.
|
|
|
|
Why is this a big deal?
Instagram & Facebook actively work around the new App Tracking Transparency System which was designed to prevent exactly this kind of abuse, to keep tracking users outside their ecosystem https://t.co/KNO72eGh9m
|
|
|
|
|
|
|
|
“On Tuesday, the [Federal Trade Commission] issued an Advance Notice of Proposed Rulemaking, asking for comment on how businesses track and use consumer data and whether it should create rules to govern them.”
|
Finally some movement on this, you think to yourself.
|
But wait. “The rule-making process averages about five years from start to finish.”
|
|
|
On a related note and also in the US, if a new section added to the National Defense Authorization Act last month makes it into law then the Office for the Director of National intelligence will be asked to assess the “foreign weaponization” of adtech data. If this section makes it into the final version — which the Senate also has to pass — the Office for the Director of National Intelligence (ODNI) will have 60 days after the Act becomes law to produce a risk assessment. The assessment will look into “the counterintelligence risks of, and the exposure of intelligence community personnel to, tracking by foreign adversaries through advertising technology data,” the Act states.
|
|
|
|
|
|
|
-
“How is it that the government hasn’t stepped in to force companies to end the practice of spying? Worse, how is it that the government abets spying – for example, by reinforcing the risible fiction that clicking "I agree” on a meandering, multi-thousand word garbage legalese novella constitutes “consent”? It’s because the project of mass state surveillance depends on mass commercial surveillance. Remember the Snowden revelations? Remember how they started with #Prism, a program whereby Big Tech had secretly colluded with the NSA to conduct illegal, mass surveillance?“ From ‘The FTC takes aim at commercial surveillance’ by Cory Doctorow.
-
"In this Insight, we set out to: 1. Provide an accessible explanation of who writes high-level policy documents, what their status and purpose is, and what they are used for across the system. 2. Make the raw text of all the documents navigable, by pulling together the commitments & recommendations, from across the documents, in their own words, by topic. 3. Provide a succinct summary in our own words of the overarching aims, goals, and strategies, broken down by theme and by topic. We do this by focusing on the policy developments for ‘health data’ specifically, primarily because this is the ‘type’ of data that is currently most obviously in the spotlight, and because it is clear that there is a desire to use a wider range of ‘data’ for health research and analysis purposes. However, the themes and strategies highlighted are applicable to all ‘types’ of data.” From ‘An Overview of UK Data Policy Developments’ by Jess Morley for the Bennett Institute For Applied Data Science.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
It feels as if it must be at least a fortnight since we’ve had some good old-fashioned underhanded Facebook shenanigans but those guys always come up with the goods. The EU Commissioner for breaking encryption comes out in defence of her proposal to break encryption. The interesting branding decisions of Forensic Science Ireland.
😼
The Commission’s proposal would require social media platforms and online communications providers to scan all content, even encrypted content, for Child Sexual Abuse Material (CSAM).
During the week there was an item on Morning Ireland on RTÉ Radio One about the security of what is described in the accompanying story on the RTÉ website as Ireland’s “crime-solving DNA database”. The assertion that a database can solve crimes is peculiar in and of itself but we’ll let that slide for now with just a quick nod to Arthur C. Clarke’s Third Law, “Any sufficiently advanced technology is indistinguishable from magic”.
After listening to the item it was only natural to go and have a quick look at the data protection information published by Forensic Science Ireland. It’s available here. Curiously FSI appears to have two Data Protection Officers, one named in the footer of every page on the website and a different one named in its privacy statement. However, what was most intriguing was the the Forensic KOP Shop Application - what is and isn’t capitalised seems to be somewhat changeable - which I was previously entirely unaware of.
One quick search later and there it was.
Some unusual branding choices have been made here in both the naming and art style. Or perhaps that’s just me. I was not expecting a tool which is used for the investigation of serious crime to have a name which could have been an unsuccessful spin-off from the popular Police Academy film franchise. Nor was I expecting the login page to look as if I was about to gain access to some Junior Cert chemistry lessons.
Anyway, there’s your silly season story from this newsletter. If you’re interested in reading the 2021 Annual Report of the DNA Database System Oversight Committee then you can find it here [PDF].
A Nebraska teenager is facing criminal charges alleging she aborted a fetus in violation of state law, after authorities obtained her Facebook messages using a search warrant.
—
Also this week from the innovation department of the artists formerly known as Facebook:
The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser. This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.
‘FTC starts process to address commercial surveillance and data abuse’
Finally some movement on this, you think to yourself.
But wait. “The rule-making process averages about five years from start to finish.”
—
On a related note and also in the US, if a new section added to the National Defense Authorization Act last month makes it into law then the Office for the Director of National intelligence will be asked to assess the “foreign weaponization” of adtech data.
‘ODNI to Investigate National Security Risk of Adtech’
—
The DPC has until the first week in September to issue its final decision “on a complaint against Instagram’s handling of children’s data in the European Union”.
-
“How is it that the government hasn’t stepped in to force companies to end the practice of spying? Worse, how is it that the government abets spying – for example, by reinforcing the risible fiction that clicking "I agree” on a meandering, multi-thousand word garbage legalese novella constitutes “consent”? It’s because the project of mass state surveillance depends on mass commercial surveillance. Remember the Snowden revelations? Remember how they started with #Prism, a program whereby Big Tech had secretly colluded with the NSA to conduct illegal, mass surveillance?“ From ‘The FTC takes aim at commercial surveillance’ by Cory Doctorow.
-
"In this Insight, we set out to: 1. Provide an accessible explanation of who writes high-level policy documents, what their status and purpose is, and what they are used for across the system. 2. Make the raw text of all the documents navigable, by pulling together the commitments & recommendations, from across the documents, in their own words, by topic. 3. Provide a succinct summary in our own words of the overarching aims, goals, and strategies, broken down by theme and by topic. We do this by focusing on the policy developments for ‘health data’ specifically, primarily because this is the ‘type’ of data that is currently most obviously in the spotlight, and because it is clear that there is a desire to use a wider range of ‘data’ for health research and analysis purposes. However, the themes and strategies highlighted are applicable to all ‘types’ of data.” From ‘An Overview of UK Data Policy Developments’ by Jess Morley for the Bennett Institute For Applied Data Science.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
