May 15, 2022
Leaky Forms | The Cat Herder, Volume 5, Issue 18
| |
| May 15 · Issue #180 · View online |
|
|
Surveillance on wheels. Surveillance in the skies. Surveillance in the online form you didn’t finish filling out. Surveillance across all your messages. Surveillance by the postman. 😼
|
|
|
When Apple proposed and then paused a plan to have its iPhones and other devices scan user photos for child sexual abuse images last year (see Volume 4, Issue 34) it’s unlikely that many people expected the European Commission would pop up less than a year later with an even more extreme surveillance proposal which would ditch fundamental rights in the name of protecting children. But here we are. |
The most extreme obligations would apply to communications services like WhatsApp, Signal, and Facebook Messenger. If a company in this group receives a “detection order” from the EU they would be required to scan select users’ messages to look for known child sexual abuse material as well as previously unseen CSAM and any messages that may constitute “grooming” or the “solicitation of children.” These last two categories of content would require the use of machine vision tools and AI systems to analyze the context of pictures and text messages.
|
New EU rules would require chat apps to scan private messages for child abuse - The Verge
The EU has proposed new legislation that would require chat apps like WhatsApp and Facebook Messenger to selectively scan the private conversations of users for child sexual abuse material and “grooming” behavior. The proposal has been strongly criticized by privacy experts.
|
The prospect of apps having to incorporate CSAM detection technology developed by a state agency has, unsurprisingly, caused alarm among a number of security, privacy and digital rights watchers. Although alarm isn’t limited to that one component; Pirate Party MEP, Patrick Breyer — a particularly vocal critic — dubs the entire proposal “mass surveillance” and “fundamental rights terrorism” on account of the cavalcade of risks he says it presents, from mandating age verification to eroding privacy and confidentiality of messaging and cloud storage for personal photos.
|
Europe’s CSAM scanning plan unpicked – TechCrunch
The European Union has formally presented its proposal to move from a situation in which some tech platforms voluntarily scan for child sexual abuse material (CSAM) to something more systematic — publishing draft legislation that will create a framework which could obligate digital services to use automated technologies to detect and report existing or new […]
|
|
|
|
It is potentially going to do this on encrypted messages that should be private. It won’t be good, and it won’t be smart, and it will make mistakes.
But what’s terrifying is that once you open up “machines reading your text messages” for any purpose, there are no limits.
|
|
|
|
|
|
|
Remember, this proposal isn't just about detecting hashed images; it includes profiling of text and longitudinal conversations within its scope, and builds an infrastructure that cannot be put back in the box.
|
|
|
|
|
|
“As companies continue to make public roadways their testing grounds for these vehicles, everyone should understand them for what they are—rolling surveillance devices that expand existing widespread spying technologies,” said Chris Gilliard, Visiting Research Fellow at Harvard Kennedy School Shorenstein Center. “Law enforcement agencies already have access to automated license plate readers, geofence warrants, Ring Doorbell footage, as well as the ability to purchase location data. This practice will extend the reach of an already pervasive web of surveillance.”
|
San Francisco Police Are Using Driverless Cars as Mobile Surveillance Cameras
“Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads,” an internal training document states.
|
|
|
Going out and buying a load of surveillance gear before a law permitting you to use it has been deemed to be necessary and proportionate seems like an unwise use of money. Unless you’ve been assured of the outcome of the legislative process. Which isn’t really the way the legislative process is supposed to work.
|
Privacy fears over Garda purchase of 11 drones for training ahead of digital recording bill
Irish Council for Civil Liberties raises concerns over widespread use of technology to ‘monitor population’
|
|
|
If you’re in Ireland it could be worth asking the person who delivers your post whether or not they’re spying on your home next time you see them.
|
Olga Cronin, the ICCL’s tech and human rights officer, said that it was “really worrying and really troubling” that An Post was using delivery staff to capture data on people’s homes. She described the practice as “deeply inappropriate”. “It is clear that An Post personnel are being used to collect data about our homes and to feed it back to GeoDirectory and they, in turn, are selling it to organisations for profit but also on the premise that they are going to boost the profits of the people they are selling it to,” she said.
|
Civil liberties group concerned about use of An Post staff to collect data
ICCL shares more detail with watchdog in complaint over address database firm
|
|
|
|
|
|
|
-
“When you sign up for a newsletter, make a hotel reservation, or check out online, you probably take for granted that if you mistype your email address three times or change your mind and X out of the page, it doesn’t matter. Nothing actually happens until you hit the Submit button, right? Well, maybe not. As with so many assumptions about the web, this isn’t always the case, according to new research: A surprising number of websites are collecting some or all of your data as you type it into a digital form.” From ‘Some Top 100,000 Websites Collect Everything You Type—Before You Hit Submit’ by Lily Hay Newman for Wired.
-
“Angwin: Can you tell us about your latest finding on a Facebook pixel technique called automatic advanced matching? Acar: Automatic advanced matching is a feature of the Facebook pixel that more accurately matches online visitors and their activities to Facebook users. When this feature is enabled, the pixel extracts and hashes personal data that’s entered into forms, such as an email address, phone number, name, date of birth, etc. Facebook then uses those (hashed) identifiers to link your Facebook profile to your website visits and activities.” From Julia Angwin‘s interview with Gunes Acar, one of the authors of the study above in the most recent issue of her 'Hello World’ newsletter.
- From August of last year, since an unworkable system to protect children through indiscriminate mass surveillance has surfaced again. “We were so disturbed that we took a step we hadn’t seen before in computer science literature: We warned against our own system design, urging further research on how to mitigate the serious downsides. We’d planned to discuss paths forward at an academic conference this month. That dialogue never happened. The week before our presentation, Apple announced it would deploy its nearly identical system on iCloud Photos, which exists on more than 1.5 billion devices. Apple’s motivation, like ours, was to protect children. And its system was technically more efficient and capable than ours. But we were baffled to see that Apple had few answers for the hard questions we’d surfaced.” From ‘We built a system like Apple’s to flag child sexual abuse material — and concluded the tech was dangerous’ by Jonathan Mayer and Anunay Kulshrestha for the Washington Post.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Surveillance on wheels. Surveillance in the skies. Surveillance in the online form you didn’t finish filling out. Surveillance across all your messages. Surveillance by the postman.
😼
When Apple proposed and then paused a plan to have its iPhones and other devices scan user photos for child sexual abuse images last year (see Volume 4, Issue 34) it’s unlikely that many people expected the European Commission would pop up less than a year later with an even more extreme surveillance proposal which would ditch fundamental rights in the name of protecting children. But here we are.
The EU has proposed new legislation that would require chat apps like WhatsApp and Facebook Messenger to selectively scan the private conversations of users for child sexual abuse material and “grooming” behavior. The proposal has been strongly criticized by privacy experts.
The European Union has formally presented its proposal to move from a situation in which some tech platforms voluntarily scan for child sexual abuse material (CSAM) to something more systematic — publishing draft legislation that will create a framework which could obligate digital services to use automated technologies to detect and report existing or new […]
“Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads,” an internal training document states.
Going out and buying a load of surveillance gear before a law permitting you to use it has been deemed to be necessary and proportionate seems like an unwise use of money. Unless you’ve been assured of the outcome of the legislative process. Which isn’t really the way the legislative process is supposed to work.
Irish Council for Civil Liberties raises concerns over widespread use of technology to ‘monitor population’
If you’re in Ireland it could be worth asking the person who delivers your post whether or not they’re spying on your home next time you see them.
ICCL shares more detail with watchdog in complaint over address database firm
The EDPB published its annual report. Press release | Link to full report [PDF]
-
“When you sign up for a newsletter, make a hotel reservation, or check out online, you probably take for granted that if you mistype your email address three times or change your mind and X out of the page, it doesn’t matter. Nothing actually happens until you hit the Submit button, right? Well, maybe not. As with so many assumptions about the web, this isn’t always the case, according to new research: A surprising number of websites are collecting some or all of your data as you type it into a digital form.” From ‘Some Top 100,000 Websites Collect Everything You Type—Before You Hit Submit’ by Lily Hay Newman for Wired.
-
“Angwin: Can you tell us about your latest finding on a Facebook pixel technique called automatic advanced matching? Acar: Automatic advanced matching is a feature of the Facebook pixel that more accurately matches online visitors and their activities to Facebook users. When this feature is enabled, the pixel extracts and hashes personal data that’s entered into forms, such as an email address, phone number, name, date of birth, etc. Facebook then uses those (hashed) identifiers to link your Facebook profile to your website visits and activities.” From Julia Angwin‘s interview with Gunes Acar, one of the authors of the study above in the most recent issue of her 'Hello World’ newsletter.
- From August of last year, since an unworkable system to protect children through indiscriminate mass surveillance has surfaced again. “We were so disturbed that we took a step we hadn’t seen before in computer science literature: We warned against our own system design, urging further research on how to mitigate the serious downsides. We’d planned to discuss paths forward at an academic conference this month. That dialogue never happened. The week before our presentation, Apple announced it would deploy its nearly identical system on iCloud Photos, which exists on more than 1.5 billion devices. Apple’s motivation, like ours, was to protect children. And its system was technically more efficient and capable than ours. But we were baffled to see that Apple had few answers for the hard questions we’d surfaced.” From ‘We built a system like Apple’s to flag child sexual abuse material — and concluded the tech was dangerous’ by Jonathan Mayer and Anunay Kulshrestha for the Washington Post.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
