Privacy Kit

Subscribe
Archives
March 24, 2019

Not Smart | The Cat Herder, Volume 2, Issue 11

Yes, there was another Facebook incident during the week so we'll get it out of the way here. Notable
 
March 24 · Issue #27 · View online
The Cat Herder
Yes, there was another Facebook incident during the week so we’ll get it out of the way here. Notable not only for the scale - hundreds of millions of passwords were involved - but also the predictable evasiveness of Facebook’s response. A blog post titled “Keeping passwords secure” was what emerged from Menlo Park after Brian Krebs broke the story. This post detailed how passwords had not been kept secure. No information was provided on why Facebook waited until March to disclose this personal data breach which had been discovered in January.
😼

There was mention of the interplay between the GDPR and the right to freedom of expression on Friday at the excellent #Infolaw2019 Conference organised by FP Logue Solicitors. The interplay between the GDPR and the seal of confession wasn’t covered.
Anger over pupils' 'sins' listed on artwork at Mass, claims it breaches 'GDPR and seal of confession' - Independent.ie
www.independent.ie – Share
A school is discontinuing the practice of having students write their sins on artwork for display at Mass amid claims it breaches privacy, GDPR and the seal of confession.
In a similar vein …
rubot 泰山
rubot 泰山
@rubot
Was at a confirmation there and the priest said no one was to take selfies due to GDPR. It's a new world.
1:28 PM - 21 Mar 2019
Yes it will.
Yes it will.
Matt Cagle
Matt Cagle
@Matt_Cagle
It’s time to retire the term “smart city.”

It is not “smart” to fill a community w/sensors aimlessly stockpiling residents’ info into databases that police, or even ICE, may seek to exploit.

Let’s call these proposals what they often are: surveillance. https://t.co/v44E4iqTe6
12:26 AM - 23 Mar 2019
It’s already happening here, most obviously in Limerick. Despite often being established with civic-minded goals, many if not most of these projects seem to end up defaulting to disproportionate surveillance of citizens and indiscriminate, unsupervised and frequently undisclosed data sharing with a wide range of third parties.
As we’ve seen recently in Limerick (see Reverse GDPR | The Cat Herder, Volume 2, Issue 6), once the technology is available there is a good chance it will be purchased and installed without any consideration being given to whether the deployment is legal.
San Francisco may install thousands of devices with the capacity to record video and audio and provide wireless service on street lights citywide … Nathan Sheard, EFF’s grassroots advocacy organizer … suggested San Francisco should follow Oakland’s example and establish a privacy advisory commission, a panel of independent experts on surveillance technology. Otherwise, he said, the tech privacy concerns “will either not be thought out as thoroughly as they should be or the vendors will then become that privacy expert.”
‘SF considers ‘sweeping smart city’ installation of devices with cameras, microphones’, San Francisco Examiner
If you stand under a street lamp almost anywhere in San Diego, odds are good that it will be doing more than just emitting that familiar urban glow in the night. It’s likely watching you and tracking your movement, and a whole lot more.
‘Thousands of San Diego street lights are equipped with sensors and cameras. Here’s what they record.’, San Diego Union Tribune
On June 27, 2012, three years after the devastating Human Rights Watch report, IBM issued a short news release announcing an agreement with Davao to upgrade its police command center in order to “further enhance public safety operations in the city.” IBM’s installation, known as the Intelligent Operations Center, promised to enhance authorities’ ability to monitor residents in real time with cutting-edge video analytics, multichannel communications technology, and GPS-enabled patrol vehicles.
‘Inside The Video Surveillance Program IBM Built For Philippine Strongman Rodrigo Duterte’, The Intercept
Related
If you install Citizen, and check it enough, chances are the app will ask you if you’re able to safely stream from a nearby scene. This results in a lot of footage of smoke, and of police cars parked outside of buildings. Occasionally there’s something more gripping or morbid: someone trapped on the other side of an elevator door, waiting to be freed; a raccoon running around a store; a mangled car; a sheet over a body.
‘All the Crime, All the Time: How Citizen Works’, New York Times
Information about people believed to be “at risk” of becoming criminals or victims of harm is shared between civilian agencies and police and is added to the database when a person is being evaluated for a rapid intervention intended to lower their risk levels. Interventions can range from a door knock and a chat to forced hospitalization or arrest.
‘Police in Canada Are Tracking People’s ‘Negative’ Behavior In a ‘Risk’ Database’, Motherboard
Matt Cagle, a lawyer for the American Civil Liberties Union of Northern California, has called for an end to facial recognition in policing. He said these police reports prove that the use of this tech is “unnecessary.”
“The investigation of petty crimes does not justify the creation of a massive facial recognition database like this one,” he said.
‘Facial recognition overkill: How deputies cracked a $12 shoplifting case’, CNET
Public sector privacy pratfalls
Public sector privacy pratfalls
All but three of the European Union member states’ government websites are littered with undisclosed adtech trackers from Google and other firms, with many piggy-backing on third-party scripts, according to an analysis of almost 200,000 webpages.
Public disgrace: 82% of EU govt websites stalked by Google adtech cookies – report • The Register
www.theregister.co.uk – Share
Karlin Lillington also covered this report for The Irish Times.
The free, popular ShareThis social sharing tool is actually a Trojan horse that releases a multitude of trackers, according to the report. The HSE used the tool, which on average sent a visitor’s data to 25 different adtech companies. Surprise: free has a hidden cost.
In fairness to the HSE, it has removed the ShareThis tool from its pages since the Cookiebot report was published on Monday.
Volvo to install cameras in new cars to reduce road deaths | The Guardian
www.theguardian.com – Share
The Swedish carmaker says the cameras will detect early signs of intoxication.
No word on where the data from these cameras will go, who will have access to it, what the retention policy will be, which third parties the data will be shared with and so on. It’ll be interesting to see if Volvo publish the DPIA for this. Because they’ll definitely have done a DPIA before announcing this, won’t they?
Since the newsletter probably won’t appear next weekend due to travel commitments here’s a bumper selection of reading.
  • Doc Searls has a look at the numbers - and the sources of those numbers - in ‘Is ad blocking past 2 billion worldwide?’
  • The current edition of The Economist (March 23rd - 29th) has a few pieces on European regulation of the social surveillance companies. There’s even a mention of Facebook crossing the regulatory streams, a turn of phrase we used back in February.
  • The Opinion of Advocate General Szpunar in the Planet49 case.
  • Fast Company have a series of pieces on privacy called The Privacy Divide which is worth a look.
  • “Facial recognition is not a benign extension of existing surveillance technologies - it’s rocket fuel” says Mark Higgins in The Seattle Times.
  • Commissioned by the Information Commissioner’s Office in the UK, Ofcom published research into consumers’ attitudes towards and awareness of personal data used in online advertising.
—-
Endnotes & Credits
  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
This newsletter won’t appear next weekend. See you in April.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland

Yes, there was another Facebook incident during the week so we’ll get it out of the way here. Notable not only for the scale - hundreds of millions of passwords were involved - but also the predictable evasiveness of Facebook’s response. A blog post titled “Keeping passwords secure” was what emerged from Menlo Park after Brian Krebs broke the story. This post detailed how passwords had not been kept secure. No information was provided on why Facebook waited until March to disclose this personal data breach which had been discovered in January.

😼

There was mention of the interplay between the GDPR and the right to freedom of expression on Friday at the excellent #Infolaw2019 Conference organised by FP Logue Solicitors. The interplay between the GDPR and the seal of confession wasn’t covered.

A school is discontinuing the practice of having students write their sins on artwork for display at Mass amid claims it breaches privacy, GDPR and the seal of confession.

In a similar vein …

https://twitter.com/rubot/status/1108721994047148037

It’s time to retire the term “smart city.”

It is not “smart” to fill a community w/sensors aimlessly stockpiling residents’ info into databases that police, or even ICE, may seek to exploit.

Let’s call these proposals what they often are: surveillance. https://t.co/v44E4iqTe6

— Matt Cagle (@Matt_Cagle) March 23, 2019

It’s already happening here, most obviously in Limerick. Despite often being established with civic-minded goals, many if not most of these projects seem to end up defaulting to disproportionate surveillance of citizens and indiscriminate, unsupervised and frequently undisclosed data sharing with a wide range of third parties.

As we’ve seen recently in Limerick (see Reverse GDPR | The Cat Herder, Volume 2, Issue 6), once the technology is available there is a good chance it will be purchased and installed without any consideration being given to whether the deployment is legal.

‘SF considers ‘sweeping smart city’ installation of devices with cameras, microphones’, San Francisco Examiner

‘Thousands of San Diego street lights are equipped with sensors and cameras. Here’s what they record.’, San Diego Union Tribune

‘Inside The Video Surveillance Program IBM Built For Philippine Strongman Rodrigo Duterte’, The Intercept

Related

‘All the Crime, All the Time: How Citizen Works’, New York Times

‘Police in Canada Are Tracking People’s ‘Negative’ Behavior In a ‘Risk’ Database’, Motherboard

‘Facial recognition overkill: How deputies cracked a $12 shoplifting case’, CNET

Karlin Lillington also covered this report for The Irish Times.

The Swedish carmaker says the cameras will detect early signs of intoxication.

No word on where the data from these cameras will go, who will have access to it, what the retention policy will be, which third parties the data will be shared with and so on. It’ll be interesting to see if Volvo publish the DPIA for this. Because they’ll definitely have done a DPIA before announcing this, won’t they?

Since the newsletter probably won’t appear next weekend due to travel commitments here’s a bumper selection of reading.

  • Doc Searls has a look at the numbers - and the sources of those numbers - in ‘Is ad blocking past 2 billion worldwide?’
  • The current edition of The Economist (March 23rd - 29th) has a few pieces on European regulation of the social surveillance companies. There’s even a mention of Facebook crossing the regulatory streams, a turn of phrase we used back in February.
  • The Opinion of Advocate General Szpunar in the Planet49 case.
  • Fast Company have a series of pieces on privacy called The Privacy Divide which is worth a look.
  • “Facial recognition is not a benign extension of existing surveillance technologies - it’s rocket fuel” says Mark Higgins in The Seattle Times.
  • Commissioned by the Information Commissioner’s Office in the UK, Ofcom published research into consumers’ attitudes towards and awareness of personal data used in online advertising.

—-

Endnotes & Credits

  • The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
  • As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
  • The image used in the header is by Krystian Tambur on Unsplash.
  • Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
  • Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

This newsletter won’t appear next weekend. See you in April.

If you know someone who might enjoy this newsletter do please forward it on to them.

Don't miss what's next. Subscribe to Privacy Kit:
X
Powered by Buttondown, the easiest way to start and grow your newsletter.