Privacy Kit

Subscribe
Archives
May 12, 2019

Never Say Never | The Cat Herder, Volume 2, Issue 17

The big platforms continue to get religion on privacy. The big platforms continue to confuse informat
 
May 12 · Issue #33 · View online
The Cat Herder
The big platforms continue to get religion on privacy. The big platforms continue to confuse information security with privacy. To Google and Facebook privacy now appears to mean you sharing all your personal data with them while they promise to (probably) not let anyone else look at it. But they’re going to keep collecting more and more of it. For your benefit, naturally.
😼

Ooops. Google may have been talking a good game on privacy this past week but it’s clear that ‘collect it all and figure out what to do with it later’ remains their instinct.
“That data will never be used for ads personalisation,” said Mr Chandra, before being corrected by a member of Google’s public relations team. “We can never say never,” he added hastily, “but the commitment we are making is, it is not being used.”
‘Google Face Match brings privacy debate into the home’, Financial Times, 7th May 2019
CarolineJMolloy
CarolineJMolloy
@carolinejmolloy
It doesn’t take much imagination to see how this plays out:

“You haven’t done your daily mile. Your ill health is your own fault. We’re scrapping your free NHS treatment”

“You’ve walked 200m. You’re obviously fit for work. We’re cutting your benefits”
https://t.co/1xTJBjqBjy
10:37 AM - 7 May 2019
‘Call for poor and disabled to be given NHS fitness trackers’, Guardian, 5th May 2019
Just gonna lay these out here alongside each other.
July 2018, Ireland.
Details of the new contract, published on the eTenders website on Thursday, reveal the €9.41 million contract for the cards was awarded to DLRS Ltd, a company owned by Smurfit Kappa, and Idemia, formerly known as Morpho.
The consortium is trading as Security Card Concepts.
‘‘Augmented identity’ firm gets €9m contract for public services cards’, Irish Times, 5th July 2019
May 2019, Kenya.
And just last week, the Kenyan Parliament voted to ban IDEMIA from conducting business in the country for at least ten years. 
The ban hasn’t deterred the government, which announced that the Huduma Namba exercise will continue in spite of parliamentary blacklisting. Still, this vote has cast even greater scrutiny on the secretive process by which IDEMIAwas awarded the government tender. Earlier this year, MPs criticized the government for circumventing Parliament’s Budget and Appropriations Committee and pushing the initiative into law through a Miscellaneous Amendment Act. 
‘Kenya’s Controversial Biometric Project Is Shrouded in Secrecy’, Coda, 3rd May 2019
Danish data protection authority Datatilsynet has ordered a bus company to explain, by July 15, how it will amend its IT systems to allow for compliance with the right to rectification (correction) under GDPR and provide a timetable for the implementation of the changes.
‘Danish Bus Company Ordered To Amend IT Systems To Allow For Right To Rectification’, JDSupra, 7th May 2019
—
The Spanish Data Protection Authority AEPD issued a technical note [PDF, Spanish] which states that Google’s Android OS shares data with Facebook even when data collection for ad purposes is switched off.
—
Turkey’s Personal Data Protection Authority (KVKK) issued a 1,650,000 Turkish lira ($270,000) administrative fine against social media platform Facebook over data breach and failure to report the issue to authorities.
‘Turkish watchdog fines Facebook over data breach’, Daily Sabah, 10th May 2019
Wait, there’s more! Amazon not only records and stores the audio from its home surveillance devices, it also keeps transcripts.
Amazon Alexa transcripts live on, even after you delete voice records - CNET
www.cnet.com – Share
You can delete voice recordings so Amazon can’t listen to your conversations with Alexa anymore, but text records are a different story.
In addition to “all data leaks eventually”, this is pithy advice worth remembering.
“Here’s what I tell all of our business executives and consumers: ‘Delete’ is never really ‘delete,’” said Theresa Payton, a former White House chief information officer and founder of cybersecurity company Fortalice. “Delete just means that you can’t see it anymore.”
—
This is why we have purpose limitation.
Millions of people uploaded photos to the Ever app. Then the company used them to develop facial recognition tools.
www.nbcnews.com – Share
Ever trains its facial recognition system with user photos and then offers to sell that technology to private companies, law enforcement and the military through Ever AI.
  • “Today, however, that culture of dynamism is at risk. The surveillance business model has eroded user trust to such a point that it is impeding our ability to innovate.” As debate over a possible federal privacy law for the United States continues, Maciej Ceglowski appeared before the Senate Committee on Banking, Housing, and Urban Development. His opening statement is here [PDF].
  • “the general public is only just unraveling the myriad ways that devices like the Echo are recording our lives without our permission or sharing our personal data with strangers. The most recent controversy over Alexa merely scratches the surface of how a world full of always-on microphones is an utter privacy nightmare.” Adam Clark Estes has a look at (some of) ‘The Terrible Truth About Alexa’.
  • ‘We Need To Talk, AI’ is a comic essay on artificial intelligence by Julia Schneider and Lena Kadriye Ziyal and it is excellent.
——
Endnotes & Credits
  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
Barring a disaster we’ll be in your inbox again next weekend.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland

The big platforms continue to get religion on privacy. The big platforms continue to confuse information security with privacy. To Google and Facebook privacy now appears to mean you sharing all your personal data with them while they promise to (probably) not let anyone else look at it. But they’re going to keep collecting more and more of it. For your benefit, naturally.

😼

Ooops. Google may have been talking a good game on privacy this past week but it’s clear that ‘collect it all and figure out what to do with it later’ remains their instinct.

‘Google Face Match brings privacy debate into the home’, Financial Times, 7th May 2019

It doesn’t take much imagination to see how this plays out:

“You haven’t done your daily mile. Your ill health is your own fault. We’re scrapping your free NHS treatment”

“You’ve walked 200m. You’re obviously fit for work. We’re cutting your benefits”https://t.co/1xTJBjqBjy

— CarolineJMolloy (@carolinejmolloy) May 7, 2019

‘Call for poor and disabled to be given NHS fitness trackers’, Guardian, 5th May 2019

Just gonna lay these out here alongside each other.

July 2018, Ireland.

‘‘Augmented identity’ firm gets €9m contract for public services cards’, Irish Times, 5th July 2019

May 2019, Kenya.

‘Kenya’s Controversial Biometric Project Is Shrouded in Secrecy’, Coda, 3rd May 2019

‘Danish Bus Company Ordered To Amend IT Systems To Allow For Right To Rectification’, JDSupra, 7th May 2019

—

The Spanish Data Protection Authority AEPD issued a technical note [PDF, Spanish] which states that Google’s Android OS shares data with Facebook even when data collection for ad purposes is switched off.

—

‘Turkish watchdog fines Facebook over data breach’, Daily Sabah, 10th May 2019

Wait, there’s more! Amazon not only records and stores the audio from its home surveillance devices, it also keeps transcripts.

You can delete voice recordings so Amazon can’t listen to your conversations with Alexa anymore, but text records are a different story.

In addition to “all data leaks eventually”, this is pithy advice worth remembering.

—

This is why we have purpose limitation.

Ever trains its facial recognition system with user photos and then offers to sell that technology to private companies, law enforcement and the military through Ever AI.

  • “Today, however, that culture of dynamism is at risk. The surveillance business model has eroded user trust to such a point that it is impeding our ability to innovate.” As debate over a possible federal privacy law for the United States continues, Maciej Ceglowski appeared before the Senate Committee on Banking, Housing, and Urban Development. His opening statement is here [PDF].
  • “the general public is only just unraveling the myriad ways that devices like the Echo are recording our lives without our permission or sharing our personal data with strangers. The most recent controversy over Alexa merely scratches the surface of how a world full of always-on microphones is an utter privacy nightmare.” Adam Clark Estes has a look at (some of) ‘The Terrible Truth About Alexa’.
  • ‘We Need To Talk, AI’ is a comic essay on artificial intelligence by Julia Schneider and Lena Kadriye Ziyal and it is excellent.

——

Endnotes & Credits

  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.

Don't miss what's next. Subscribe to Privacy Kit:
X
Powered by Buttondown, the easiest way to start and grow your newsletter.