"significant deficits in terms of logic and consistency" | The Cat Herder, Volume 3, Issue 1

Happy New Year one and all. Reviewing last year's newsletters showed a few broad themes which ran thr   January 12 · Issue #65 · View online Happy New Year one and all. Reviewing last year’s newsletters showed a few broad themes which ran through the year. Locally, the Irish state’s ill-conceived and illegally implemented biometric database and the peculiar decision of the state’s investment arm to throw a lot of money at a privately owned DNA harvesting company. Internationally, alarm over the deployment of facial recognition and other surveillance technologies by the Chinese state in Xinjiang and in the latter half of the year in Hong Kong was accompanied by the silent and rapid creep of such technologies into consumer devices in the West, spearheaded by Amazon’s Ring. A slow realisation dawned about internet-connected devices with embedded speakers and cameras: they record. Those recordings can be accessed by the staff of the device manufacturers. Data protection authorities across Europe sanctioned data controllers large and small, with a notable exception. Visible enforcement action by the Data Protection Commission of Ireland was, with the exception of an enforcement notice issued in early December regarding the Public Services Card, seemingly absent, to the growing frustration of counterparts in the rest of the EU. Guess what? Nothing’s changed. 😼 No real need for any commentary on this one as the headline says it all. Seriously. Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why? www.theregister.co.uk – Share — The same goes for this one. Profiling on a vast scale Airbnb Claims Its AI Can Predict Whether Guests Are Psychopaths futurism.com – Share Airbnb uses an AI-powered tool to rate guests’ likelihood of exhibiting “untrustworthy” traits, such as narcissism, Machiavellianism, and even psychopathy. It never ends The Department of Employment Affairs and Social Protection filed an appeal in the Circuit Court against the Data Protection Commission’s enforcement notice regarding the Public Services Card. As Karlin Lillington points out, the appeal is not against any of the findings of the Data Protection Commission’s report into the lawful basis for and transparency around the card and its underlying database. If the courts ultimately side with the department purely on the basis of a legal loophole, rather than the concrete finding of facts, we can all look on the crass cynicism of the Government ministers who made this determination – contravening and ignoring the actual rights and protections that its own citizens are now afforded under EU law – and despair. Cianan Brennan in the Examiner tried to “make sense of the long and winding PSC saga”. A thankless task, as sense has long since left the building. The Minister for Employment Affairs and Social Protection made some media appearances recently. The card came up for discussion, naturally. On The Tonight Show on Virgin Media last week several of the same exhausted talking points which bear no relation to reality were repeated. Elizabeth Farries of the ICCL sets those straight in this thread on Twitter: Elizabeth Farries @e_farries Thread. @ICCLtweet joined #TonightVMTV yesterday to discuss the #PublicServicesCard. The Minister also appeared and said it's "difficult to have a conversation with people when they don’t even know the facts.” Respectfully, we know the facts. https://t.co/tWfkzRRwYS 5:34 PM - 9 Jan 2020 Hopping from DEASP to the Department of Children and Youth Affairs, the only body apart from DEASP itself which appears to be still using the card, in contravention of the Commission’s instructions, we find that: The Department of Children and Youth Affairs was given expert advice not to use the PSC as the registration mechanism for the National Childcare Scheme. This advice was not taken and the scheme went ahead with the PSC option the only one available to parents, accompanied with a promise that a paper-based registration alternative would be provided this month. The Department of Children and Youth Affairs still does not know when the paper-based registration alternative for the National Childcare Scheme will be available. Cianan Brennan @ciananbrennan The pain of dealing with Government departments, an occasional series. #1,457,932 Asked Dept Children when postal option for childcare scheme is going live, as it's supposed to be this month. Straightforward I thought. Well no, it isn't as it turns out https://t.co/aba6EbIezY 6:14 PM - 10 Jan 2020 They definitely did. The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls, were simply accessed by Microsoft workers through a web app running in Google’s Chrome browser, on their personal laptops, over the Chinese internet, according to the contractor. Skype audio graded by workers in China with 'no security measures' | Technology | The Guardian www.theguardian.com – Share Exclusive: former Microsoft contractor says he was emailed login after minimal vetting — If a data slurping beast spots an opportunity to profile you in order to shovel possibly relevant ads in your direction then it will take that opportunity. Spotify will use everything it knows about you to target podcast ads - The Verge www.theverge.com – Share Spotify announced its new podcast ad insertion technology Streaming Ad Insertion, which will put ads into podcasts in real time based on listeners’ demographics and interests. When we left off at the end of last year the listening devices were still listening. Now they’re listening to you singing in the shower. Kohler puts an Alexa-enabled smart speaker in a showerhead - The Verge www.theverge.com – Share Kohler has announced the Moxie Showerhead at CES 2020: a showerhead with a detachable Bluetooth and Alexa-enabled smart speaker. Prices start at $99, and the speaker lasts for five to seven hours on a single charge. It could, it really could. New Year Honours: Government apologises after addresses published - BBC News www.bbc.com – Share The Cabinet Office says it is “looking into” how addresses of New Year Honour recipients were published online. Those big headline-grabbing fines the ICO announced last July - £183 million for British Airways and £99 million for Marriott - may be melting away. As a lot of folks pointed out at the time, these weren’t fines, they were notices of intent to fine. They haven’t crystallised into actual fines in the statutory six months and in both cases an extension has been agreed. + ‘ICO agrees delay over GDPR fines with both BA and Marriott’, Mischon de Reya + ‘Will Marriott and British Airways Ever Pay Those Huge Proposed Data Breach Fines?’, Skift — The ICO did fine DSG Retail Limited (that’s Currys PC World, Dixons, Carphone Warehouse and others to you and me) £500,000 for security failing which left the personal data of 14 million people exposed. — The Belgian Data Protection Authority “published a decision of 17 December 2019 of its litigation chamber in a case that relates entirely to cookies and that may have an impact on the way in which website operators approach cookie consent.” The French government can go ahead with plans to trawl social media to detect tax avoidance, the constitutional court has ruled. The new rules, part of a broader law on tax changes passed by the lower house of parliament, greatly increases the state’s online surveillance powers by letting it collect masses of public data, as part of a three-year online monitoring experiment. French government to scan social media for evidence of tax evasion www.internationalinvestment.net – Share The French government can go ahead with plans to trawl social media to detect tax avoidance, the constitutional court has ruled. The new rules, part of a broader… — Chinese companies have made every submission to the UN for international standards on surveillance technology in the past three years, according to documents reviewed by the Financial Times. + ‘China shows its dominance in surveillance technology’, FT (€) “Now, after the California legislature instituted a three-year ban on police use of mobile facial recognition technology, one of the nation’s most overhyped and least well-understood policing tools has been switched off.” DJ Pangburn on ‘San Diego’s massive, 7-year experiment with facial recognition’ for Fast Company. Coverage of the annual Consumer Electronics Show in Las Vegas shows that a certain number of vendors are doing their damnedest to cram facial recognition into every possible device and gadget. “facial recognition’s spread marches on. Over the last decade, anything you can think of – toothbrushes, televisions, cars, refrigerators and even beds – has been connected to the internet. Within the next 10 years, facial recognition companies hope to do the same with their technology” says Alfred Ng in C|net. “regulators in other countries are speaking out about their doubts. Hamburg’s data protection authority says that the current “one-stop-shop” system, in which many major investigations are carried out by authorities in Dublin or Luxembourg, creates serious bottlenecks and an "unsatisfactory” situation for millions of web users.“ Nicholas Vinocur covers the pace of enforcement for Politico. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Happy New Year one and all. Reviewing last year’s newsletters showed a few broad themes which ran through the year. Locally, the Irish state’s ill-conceived and illegally implemented biometric database and the peculiar decision of the state’s investment arm to throw a lot of money at a privately owned DNA harvesting company. Internationally, alarm over the deployment of facial recognition and other surveillance technologies by the Chinese state in Xinjiang and in the latter half of the year in Hong Kong was accompanied by the silent and rapid creep of such technologies into consumer devices in the West, spearheaded by Amazon’s Ring. A slow realisation dawned about internet-connected devices with embedded speakers and cameras: they record. Those recordings can be accessed by the staff of the device manufacturers. Data protection authorities across Europe sanctioned data controllers large and small, with a notable exception. Visible enforcement action by the Data Protection Commission of Ireland was, with the exception of an enforcement notice issued in early December regarding the Public Services Card, seemingly absent, to the growing frustration of counterparts in the rest of the EU.

Guess what? Nothing’s changed.

😼

No real need for any commentary on this one as the headline says it all. Seriously.

—

The same goes for this one. Profiling on a vast scale

Airbnb uses an AI-powered tool to rate guests’ likelihood of exhibiting “untrustworthy” traits, such as narcissism, Machiavellianism, and even psychopathy.

The Department of Employment Affairs and Social Protection filed an appeal in the Circuit Court against the Data Protection Commission’s enforcement notice regarding the Public Services Card.

As Karlin Lillington points out, the appeal is not against any of the findings of the Data Protection Commission’s report into the lawful basis for and transparency around the card and its underlying database.

Cianan Brennan in the Examiner tried to “make sense of the long and winding PSC saga”. A thankless task, as sense has long since left the building.

The Minister for Employment Affairs and Social Protection made some media appearances recently. The card came up for discussion, naturally. On The Tonight Show on Virgin Media last week several of the same exhausted talking points which bear no relation to reality were repeated. Elizabeth Farries of the ICCL sets those straight in this thread on Twitter:

Hopping from DEASP to the Department of Children and Youth Affairs, the only body apart from DEASP itself which appears to be still using the card, in contravention of the Commission’s instructions, we find that:

• The Department of Children and Youth Affairs was given expert advice not to use the PSC as the registration mechanism for the National Childcare Scheme.
• This advice was not taken and the scheme went ahead with the PSC option the only one available to parents, accompanied with a promise that a paper-based registration alternative would be provided this month.
• The Department of Children and Youth Affairs still does not know when the paper-based registration alternative for the National Childcare Scheme will be available.

Exclusive: former Microsoft contractor says he was emailed login after minimal vetting

—

If a data slurping beast spots an opportunity to profile you in order to shovel possibly relevant ads in your direction then it will take that opportunity.

Spotify announced its new podcast ad insertion technology Streaming Ad Insertion, which will put ads into podcasts in real time based on listeners’ demographics and interests.

When we left off at the end of last year the listening devices were still listening. Now they’re listening to you singing in the shower.

Kohler has announced the Moxie Showerhead at CES 2020: a showerhead with a detachable Bluetooth and Alexa-enabled smart speaker. Prices start at $99, and the speaker lasts for five to seven hours on a single charge.

The Cabinet Office says it is “looking into” how addresses of New Year Honour recipients were published online.

Those big headline-grabbing fines the ICO announced last July - £183 million for British Airways and £99 million for Marriott - may be melting away. As a lot of folks pointed out at the time, these weren’t fines, they were notices of intent to fine. They haven’t crystallised into actual fines in the statutory six months and in both cases an extension has been agreed.

+ ‘ICO agrees delay over GDPR fines with both BA and Marriott’, Mischon de Reya

+ ‘Will Marriott and British Airways Ever Pay Those Huge Proposed Data Breach Fines?’, Skift

—

The ICO did fine DSG Retail Limited (that’s Currys PC World, Dixons, Carphone Warehouse and others to you and me) £500,000 for security failing which left the personal data of 14 million people exposed.

—

The Belgian Data Protection Authority “published a decision of 17 December 2019 of its litigation chamber in a case that relates entirely to cookies and that may have an impact on the way in which website operators approach cookie consent.”

The French government can go ahead with plans to trawl social media to detect tax avoidance, the constitutional court has ruled. The new rules, part of a broader…

—

Chinese companies have made every submission to the UN for international standards on surveillance technology in the past three years, according to documents reviewed by the Financial Times.

+ ‘China shows its dominance in surveillance technology’, FT (€)

• “Now, after the California legislature instituted a three-year ban on police use of mobile facial recognition technology, one of the nation’s most overhyped and least well-understood policing tools has been switched off.” DJ Pangburn on ‘San Diego’s massive, 7-year experiment with facial recognition’ for Fast Company.
• Coverage of the annual Consumer Electronics Show in Las Vegas shows that a certain number of vendors are doing their damnedest to cram facial recognition into every possible device and gadget. “facial recognition’s spread marches on. Over the last decade, anything you can think of – toothbrushes, televisions, cars, refrigerators and even beds – has been connected to the internet. Within the next 10 years, facial recognition companies hope to do the same with their technology” says Alfred Ng in C|net.
• “regulators in other countries are speaking out about their doubts. Hamburg’s data protection authority says that the current “one-stop-shop” system, in which many major investigations are carried out by authorities in Dublin or Luxembourg, creates serious bottlenecks and an "unsatisfactory” situation for millions of web users.“ Nicholas Vinocur covers the pace of enforcement for Politico.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.