Google Goes Bing. Or Bzzt. | The Cat Herder, Volume 5, Issue 33

Whistleblowing. Data breaches. Committees. Cosmetics. Is a scan a search? 😼   August 28 · Issue #195 · View online Whistleblowing. Data breaches. Committees. Cosmetics. Is a scan a search? 😼 Dan Hon @hondanhon 2022 is when you try to log in to your U.S. Health Insurance provider and data breach notifications take up nearly 50% of the full screen height browser window. https://t.co/iJ34TT9Tt3 10:43 PM - 22 Aug 2022 The Irish Times reports that Garda requests for personal data to what used to be called the Facebook family of companies has “increased from an average of five a month to 21 a month since the second half of 2020”. Sharp increase in Garda attempts to obtain social media users’ private information – The Irish Times www.irishtimes.com – Share Number of Garda requests to Meta, which owns Facebook, Instagram and WhatsApp, increased significantly during the pandemic → archived version Bing. Bzzt. Bip. Bert Hubert 🇺🇦 @bert_hu_bert I made a very very simple tool that makes some noise every time your computer sends data to Google. Here a demo on the official Dutch government jobs site. The noise starts while typing the domain name already. Code, currently Linux only: https://t.co/ZjKeOSfYff https://t.co/dEr8ktIGdo 10:32 PM - 21 Aug 2022 — After Peiter ‘Mudge’ Zatko’s revelations about Twitter’s (lack of) security practices a number of regulators on this side of the Atlantic have expressed an interest in finding out more from the company Elon Musk is furiously trying to wriggle out of buying. Irish Data Protection Commission in discussions with Twitter over security risk claims www.thejournal.ie – Share The Irish DPC is the watchdog for Twitter in Europe as the company has its regional headquarters in Dublin. French data regulator investigating Twitter security allegations – POLITICO www.politico.eu – Share France’s CNIL said it’s ‘studying’ the complaint filed by whistleblower Peiter Zatko, Twitter’s former head of security. The Irish Times even treats us to the tantalising prospect of some of Leinster House’s finest quizzing Mudge in a committee session. Peiter Zatko, Twitter’s former head of security, is also willing to appear before an Oireachtas committee and meet data commissioner Helen Dixon about his allegations, his legal team said. Data commissioner Helen Dixon ‘has important role’ in Twitter whistleblower’s allegations, lawyers say – The Irish Times www.irishtimes.com – Share Peiter Zatko, former head of security of social media giant, is willing to appear before an Oireachtas committee For some analysis of the whistleblower complaint itself this Twitter thread from Zach Edwards is a good place to start. For an impression of what this Oireachtas committee could look like*, I give you one of the greatest photos ever taken of a committee hearing, from May 1998 on Capitol Hill. Click to embiggen That image is taken from ‘A disaster foretold — and ignored’ which ran in the Washington Post in June 2015. (→ archived version) *should it happen it will not look like this, sadly We’ve really heard very little about how educational institutions in Ireland have deployed edtech during the pandemic. Aspects of it can be, as in this case, extremely instrusive, U.S. district court Judge J. Philip Calabrese on Monday decided in Ogletree’s favor: Room scans are unconstitutional. “Mr. Ogletree’s privacy interest in his home outweighs Cleveland State’s interests in scanning his room. Accordingly, the Court determines that Cleveland State’s practice of conducting room scans is unreasonable under the Fourth Amendment,” Judge Calbrese concluded. Scanning students' rooms during remote tests is unconstitutional, judge rules text.npr.org – Share The remote-proctored exam that colleges began using widely during the pandemic saw a first big legal test of its own — one that concluded in a ruling applauded by digital privacy advocates. Another interesting and far broader point is made by the judge, though in this case while dismissing the argument made by the university that there is a distinction between a scan and a search: “Rooms scans go where people otherwise would not, at least not without a warrant or an invitation. Nor does it follow that room scans are not searches because the technology is ‘in general public use,’” Judge Calabrese said. Just because a technology is available and ‘in general public use’ doesn’t mean every particular use to which that technology is directed will be lawful, or fair, or apparent to the individual(s) concerned. Sephora has agreed to pay a settlement of $1.2 million in California as it “failed to disclose to consumers that it was selling their personal information, that it failed to process user requests to opt out of sale via user-enabled global privacy controls in violation of the CCPA, and that it did not cure these violations within the 30-day period currently allowed by the CCPA” “California’s enforcement action, and requiring companies to allow consumers to opt-out of the sale of their data, is a positive move for the state’s consumers — "and for all of us,” EFF Senior Legislative Activist Hayley Tsukayama told The Register.“Respecting consumer choices about data is more important than ever, given the way information flows through the opaque data ecosystem,” Tsukayama said. “A lot of information — even what cosmetics we’re buying — can reveal sensitive things about our health.” From ‘Sephora to pay $1.2m to settle California privacy law claims’ by Jessica Lyons Hardcastle for The Register. “The key point here is there is no comprehensive federal privacy law in the U.S. — so the litigation is certainly facing a hostile environment to make a privacy case — hence the complaint references multiple federal, constitutional, tort and state laws, alleging violations of the Federal Electronic Communications Privacy Act, the Constitution of the State of California, the California Invasion of Privacy Act, as well as competition law, and the common law.” From ‘Oracle’s ‘surveillance machine’ targeted in US privacy class action’ by Natasha Lomas for Techcrunch. “Many of the things that we take for granted today once seemed impossible, from eight-hour shifts to weekends, universal suffrage, the right to education, the right to safe water—all kinds of things that today are part of our everyday humdrum one day seemed impossible and idealistic. And companies want to make us feel disempowered, as if there is nothing we can do about the world around us. But one reason that should make us feel like we might have power is how much money these companies put into lobbying. They put so many millions into pushing for what they want because they know themselves to be fragile. A company like Facebook depends on personal data, and regulation or resistance can completely change (and potentially obliterate) their company. When Apple gave people a little bit more control over their data, an easier way to say “no” to data collection, Facebook’s stock dropped 25 percent in one day—the steepest drop in the history of US companies. That shows you just how vulnerable they are.” From an interview with Carissa Véliz by Lowry Pressly for Public Books. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Whistleblowing. Data breaches. Committees. Cosmetics. Is a scan a search?

😼

The Irish Times reports that Garda requests for personal data to what used to be called the Facebook family of companies has “increased from an average of five a month to 21 a month since the second half of 2020”.

Number of Garda requests to Meta, which owns Facebook, Instagram and WhatsApp, increased significantly during the pandemic

→ archived version

Bing. Bzzt. Bip.

—

After Peiter ‘Mudge’ Zatko’s revelations about Twitter’s (lack of) security practices a number of regulators on this side of the Atlantic have expressed an interest in finding out more from the company Elon Musk is furiously trying to wriggle out of buying.

The Irish DPC is the watchdog for Twitter in Europe as the company has its regional headquarters in Dublin.

France’s CNIL said it’s ‘studying’ the complaint filed by whistleblower Peiter Zatko, Twitter’s former head of security.

The Irish Times even treats us to the tantalising prospect of some of Leinster House’s finest quizzing Mudge in a committee session.

Peiter Zatko, former head of security of social media giant, is willing to appear before an Oireachtas committee

For some analysis of the whistleblower complaint itself this Twitter thread from Zach Edwards is a good place to start.

For an impression of what this Oireachtas committee could look like*, I give you one of the greatest photos ever taken of a committee hearing, from May 1998 on Capitol Hill.

That image is taken from ‘A disaster foretold — and ignored’ which ran in the Washington Post in June 2015. (→ archived version)

*should it happen it will not look like this, sadly

We’ve really heard very little about how educational institutions in Ireland have deployed edtech during the pandemic. Aspects of it can be, as in this case, extremely instrusive,

The remote-proctored exam that colleges began using widely during the pandemic saw a first big legal test of its own — one that concluded in a ruling applauded by digital privacy advocates.

Another interesting and far broader point is made by the judge, though in this case while dismissing the argument made by the university that there is a distinction between a scan and a search:

Just because a technology is available and ‘in general public use’ doesn’t mean every particular use to which that technology is directed will be lawful, or fair, or apparent to the individual(s) concerned.

Sephora has agreed to pay a settlement of $1.2 million in California as it “failed to disclose to consumers that it was selling their personal information, that it failed to process user requests to opt out of sale via user-enabled global privacy controls in violation of the CCPA, and that it did not cure these violations within the 30-day period currently allowed by the CCPA”

• “California’s enforcement action, and requiring companies to allow consumers to opt-out of the sale of their data, is a positive move for the state’s consumers — "and for all of us,” EFF Senior Legislative Activist Hayley Tsukayama told The Register.“Respecting consumer choices about data is more important than ever, given the way information flows through the opaque data ecosystem,” Tsukayama said. “A lot of information — even what cosmetics we’re buying — can reveal sensitive things about our health.” From ‘Sephora to pay $1.2m to settle California privacy law claims’ by Jessica Lyons Hardcastle for The Register.
• “The key point here is there is no comprehensive federal privacy law in the U.S. — so the litigation is certainly facing a hostile environment to make a privacy case — hence the complaint references multiple federal, constitutional, tort and state laws, alleging violations of the Federal Electronic Communications Privacy Act, the Constitution of the State of California, the California Invasion of Privacy Act, as well as competition law, and the common law.” From ‘Oracle’s ‘surveillance machine’ targeted in US privacy class action’ by Natasha Lomas for Techcrunch.
• “Many of the things that we take for granted today once seemed impossible, from eight-hour shifts to weekends, universal suffrage, the right to education, the right to safe water—all kinds of things that today are part of our everyday humdrum one day seemed impossible and idealistic. And companies want to make us feel disempowered, as if there is nothing we can do about the world around us. But one reason that should make us feel like we might have power is how much money these companies put into lobbying. They put so many millions into pushing for what they want because they know themselves to be fragile. A company like Facebook depends on personal data, and regulation or resistance can completely change (and potentially obliterate) their company. When Apple gave people a little bit more control over their data, an easier way to say “no” to data collection, Facebook’s stock dropped 25 percent in one day—the steepest drop in the history of US companies. That shows you just how vulnerable they are.” From an interview with Carissa Véliz by Lowry Pressly for Public Books.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.