"not designed for privacy" | The Cat Herder, Volume 5, Issue 42

Bank Holiday edition. Surveillance advertising business models are incompatible with privacy and data   October 31 · Issue #204 · View online Bank Holiday edition. Surveillance advertising business models are incompatible with privacy and data protection. Even Google staff know this. 😼 Adam Cherry @_adamcherry_ EXC: Downing Street accidentally published a hospital patient's private medical info to the No.10 Flickr account. Full name, DOB, full address, and medical symptoms all fully visible. You could even see the patient had a "normal urethra". https://t.co/5qhHal6uVl 5:14 PM - 28 Oct 2022 Hot on the heels of last week’s entry in this section about the Irish Department of Justice’s plans to force broad and vague facial recognition powers for the police into legislation with no parliamentary scrutiny comes a report from the UK. Pete Fussey, from the University of Essex, was hired by the Met to audit their previous LFR trials, and produced a critical report. The Met claimed a 70% success rate by 2020; Fussey said it was only 19%. Fussey said: “Live facial recognition is a powerful and intrusive technology that has real implications for the rights of individuals. “That the court of appeal explicitly stated in 2020 that South Wales police uses of this technology was ‘unlawful’ makes it difficult to argue this technology should be used. “Current regulation and oversight structures do not have the scope to protect people’s rights from misuses of this technology.” UK police use of live facial recognition unlawful and unethical, report finds | Facial recognition | The Guardian www.theguardian.com – Share Study says deployment of technology in public by Met and South Wales police failed to meet standards Based on past behaviour this is unlikely to have any impact on the Irish State’s misguided, intrusive and probably unlawful plans. It has already happened here But the reluctance to go digital extends beyond the health care system. After numerous scandals over leaks and other mistakes, many Japanese distrust the government’s handling of data. They’re also wary about government overreach, partly a legacy of authoritarian regimes before and during World War II. Japan steps up push to get public buy-in to digital IDs | AP News apnews.com – Share TOKYO (AP) — Japan has stepped up its push to catch up on digitization by telling a reluctant public they have to sign up for digital IDs or possibly lose access to their public health insurance. As the naming implies, the initiative is about assigning numbers to people, similar to Social Security numbers in the U.S. He’s not wrong. The UK Home Office will not be pleased at the High Court inviting more people affected by this scandalous breach of their rights to bring actions against it. TJ McIntyre @tjmcintyre Privacy lawyer? Read this now. You may never see a more jaw-dropping court order. https://t.co/UbM9RgDThN 9:17 PM - 25 Oct 2022 the Defendant shall use all reasonable endeavours to bring to the attention of each person (whether by letter, email, text or message or to known addresses or numbers or otherwise) whom the Defendant believes was subject to a search and / or seizure of a mobile phone, in writing: (i) the Judgment; (ii) this Order; (iii) the statement: “If you have not taken legal advice on your position, you are strongly advised to do so now”. Order dated 14 October 2022 (sealed by the court on 18 October 2022) (accessible version) - GOV.UK www.gov.uk – Share The Dutch data protection authority, Autoriteit Persoonsgegevens, said a draft bill on money laundering would “open the door to unprecedented mass surveillance.” Under the proposal, all bank transactions of Dutch account holders would be monitored by algorithms in one centralized database. “This represents a far-reaching breach of the protection and confidentiality of customer data. The proposed system essentially amounts to a banking dragnet,” the AP said. IAPP: ‘Dutch DPA says money laundering bill would cause ‘unprecedented mass surveillance’ — The ICO fined an outsourcing company named Interserve £4.4 million for failing to “process personal data in a manner that ensured appropriate security of the personal data using appropriate technical and organisational measures as required by Article 5(1)(f) and Article 32 GDPR.” The company was a victim of a successful phishing attack and the personal data of up to 113,000 of its employees was exposed. — The ICO also published two short reports on the use of biometrics: ‘Biometrics: insight’ and ‘Biometrics: foresight’. “What is most striking about the AirTag example is how foreseeable these issues were. It’s not that the AirTag was misused in any surprising or imaginative way. When an AirTag is used for stalking, it is being used exactly according to its design. Some dual uses of technology are surprising. Gunpowder was originally designed for medicinal purposes — who would have thought it might change war forever? But tracking technologies are designed to track — and tracking is surveillance, and surveillance amounts to control. Human beings are social beings, which means that most of the time what we are most interested in is other people. We should hardly be surprised when tracking technology is employed to track people, the most salient element of most people’s lives.” From ‘Digitalization, Surveillance, Colonialism’ by Carissa Veliz in Liberties Journal. “Such AI systems ‘function’, if we can use the word, by claiming to be able to ‘read the tea leaves’ of one or more biometric signals, such as heart rate, eye movements, facial expression, skin moisture, gait tracking, vocal tone etc, and perform emotion detection or sentiment analysis to predict how the person is feeling — presumably after being trained on a bunch of visual data of faces frowning, faces smiling etc (but you can immediately see the problem with trying to assign individual facial expressions to absolute emotional states — because no two people, and often no two emotional states, are the same; hence hello pseudoscience!).” From ‘UK watchdog warns against AI for emotional analysis, dubs ‘immature’ biometrics a bias risk’ by Natasha Lomas for Techcrunch. “One common critique was that the arm of Google that generates the bulk of its revenue by targeting search and display ads views privacy as an obstacle to the company’s success."Our data infrastructure is not designed for privacy,” one Googler said in one of the excerpts that van Keulen included in her order. “Privacy is not the priority for most people in ads,” another Googler said. "There are core stakeholders at the company who think that privacy is impossible or too hard to do and therefore not worth it,” says a third.” From ‘Googlers voice stinging critique of company’s actions on privacy in previously unreported internal interviews made public by US judge’ by Mike Smith for mlex. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Bank Holiday edition. Surveillance advertising business models are incompatible with privacy and data protection. Even Google staff know this.

😼

Hot on the heels of last week’s entry in this section about the Irish Department of Justice’s plans to force broad and vague facial recognition powers for the police into legislation with no parliamentary scrutiny comes a report from the UK.

Study says deployment of technology in public by Met and South Wales police failed to meet standards

Based on past behaviour this is unlikely to have any impact on the Irish State’s misguided, intrusive and probably unlawful plans.

TOKYO (AP) — Japan has stepped up its push to catch up on digitization by telling a reluctant public they have to sign up for digital IDs or possibly lose access to their public health insurance. As the naming implies, the initiative is about assigning numbers to people, similar to Social Security numbers in the U.S.

He’s not wrong. The UK Home Office will not be pleased at the High Court inviting more people affected by this scandalous breach of their rights to bring actions against it.

IAPP: ‘Dutch DPA says money laundering bill would cause ‘unprecedented mass surveillance’

—

The ICO fined an outsourcing company named Interserve £4.4 million for failing to “process personal data in a manner that ensured appropriate security of the personal data using appropriate technical and organisational measures as required by Article 5(1)(f) and Article 32 GDPR.” The company was a victim of a successful phishing attack and the personal data of up to 113,000 of its employees was exposed.

—

The ICO also published two short reports on the use of biometrics: ‘Biometrics: insight’ and ‘Biometrics: foresight’.

• “What is most striking about the AirTag example is how foreseeable these issues were. It’s not that the AirTag was misused in any surprising or imaginative way. When an AirTag is used for stalking, it is being used exactly according to its design. Some dual uses of technology are surprising. Gunpowder was originally designed for medicinal purposes — who would have thought it might change war forever? But tracking technologies are designed to track — and tracking is surveillance, and surveillance amounts to control. Human beings are social beings, which means that most of the time what we are most interested in is other people. We should hardly be surprised when tracking technology is employed to track people, the most salient element of most people’s lives.” From ‘Digitalization, Surveillance, Colonialism’ by Carissa Veliz in Liberties Journal.
• “Such AI systems ‘function’, if we can use the word, by claiming to be able to ‘read the tea leaves’ of one or more biometric signals, such as heart rate, eye movements, facial expression, skin moisture, gait tracking, vocal tone etc, and perform emotion detection or sentiment analysis to predict how the person is feeling — presumably after being trained on a bunch of visual data of faces frowning, faces smiling etc (but you can immediately see the problem with trying to assign individual facial expressions to absolute emotional states — because no two people, and often no two emotional states, are the same; hence hello pseudoscience!).” From ‘UK watchdog warns against AI for emotional analysis, dubs ‘immature’ biometrics a bias risk’ by Natasha Lomas for Techcrunch.
• “One common critique was that the arm of Google that generates the bulk of its revenue by targeting search and display ads views privacy as an obstacle to the company’s success."Our data infrastructure is not designed for privacy,” one Googler said in one of the excerpts that van Keulen included in her order. “Privacy is not the priority for most people in ads,” another Googler said. "There are core stakeholders at the company who think that privacy is impossible or too hard to do and therefore not worth it,” says a third.” From ‘Googlers voice stinging critique of company’s actions on privacy in previously unreported internal interviews made public by US judge’ by Mike Smith for mlex.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.