August 3, 2020
Speedrun | The Cat Herder, Volume 3, Issue 29
| |
| August 3 · Issue #93 · View online |
|
|
😼
|
|
|
Nonetheless, John Azar, a vice-chair of the Met’s independent advisory group on race, but speaking as chair of the Kingston race and equality council, said: “This is very disturbing. If the Met has been seen to be promoting this software within its ranks and racial profiling, how can these [BAME] communities see the Met as acting on their behalf? I think this is dangerous territory.”
|
|
Met uses software that can be deployed to see if ethnic groups 'specialise' in areas of crime | Police | The Guardian
|
|
|
For anyone unfamiliar with the concept, a speedrun in video game parlance is, to use Wikipedia’s definition, “a play-through, or a recording thereof, of a whole video game or a selected part of it (such as a single level), performed with the intention of completing it as fast as possible”. |
Since the last issue of this newsletter the Department of Employment Affairs and Social Protection has performed a speedrun through its playbook for responding to data protection crises. Crises which are always of the department’s own making, crises which could have been avoided by simply abiding by the law.
|
What follows below are mere highlights of the week that was, since the amount of confusion and chaos created rapidly expanded to a size which could not be accommodated in this newsletter.
|
Last Sunday The Business Post published a story stating that “Gardaí, customs officers and immigration officials are carrying out checks at airports to see if passengers are claiming the pandemic unemployment payment or jobseeker’s payment”. |
The Tánaiste (a former minister in the department in question, lest we forget) was on the telly at lunchtime the same day. When asked about the department halting payments to people who left the country he said the department gets information from the airports and if somebody “is not genuinely seeking work or is not genuinely living in the country any more their payment can be stopped”.
|
In a statement late on the evening of Sunday the department told The Irish Times that “since 7th July, 104 cases of pandemic unemployment payment have been stopped as a result of work done in the airports”. Interestingly, the 7th July is several days before the poorly thought out statutory instrument which may have been introduced in an attempt to give some retrospective justification to the measure was signed on the 10th. |
By the following day the department had started editing its own website, presumably in an attempt to make their rules correspond with the Tánaiste’s comments.
|
We note that while the application form for the Covid Pandemic Unemployment payment makes no reference to disqualification of entitlement to the payment during absences from the State, or to a requirement for claimants to be Genuinely Seeking Employment (GSE), the Department’s website in relation to the payment now includes reference to such criteria.
|
Also on Tuesday the minister - very wisely - turned down an invitation to go on Liveline. Her department had not answered any of the questions put to it by Liveline when the programme began. Here’s the blurb for the segment from the RTE website, which is worth listening to in full |
Roman Shortall was stopped in the airport on June 13th 2020 by inspectors and Gardai. The Gardai told him they had been seconded to the special investigations unit in the Department of Social Protection. Roman maintains that the Department had no legal basis to ask everyone in the airport queue for their personal details. His wife’s child benefit payments were stopped as a result of the check. Ciaran Cooney was back on Liveline today. Like, Roman Shortall, he understood that the Gardai who approached him in the airport were performing immigration checks, not working on behalf of the Department of Social Protection as was the case.
|
Later the same day The Irish Times reported on a woman who had her payment stopped because she’d left the State, even though she hadn’t, and hadn’t even gone to the port she was due to depart from. How the department acquired this information remains a mystery. |
|
|
|
|
|
The Dept of Social Protection says the concerns now being raised by Deputy Commissioner Doyle have not been brought to the attention of the Department...
|
|
|
|
The tactic of denying awareness of any concerns unless they have been “brought to the attention of the Department” was used repeatedly during the still not concluded Public Services Card omnishambles.
|
This could be seen most recently in the aggressively undiplomatic response to a letter from the the UN Special Rapporteur on Extreme Poverty and Human Rights earlier this year.
|
The Department of Social Protection, meanwhile, claimed Prof Alston “issued his letter without notice, in the final weeks of his tenure as Special Rapporteur, and without any fact checking or engagement with the Department”. In a statement, the Department noted: “If offered the opportunity the Department would have been pleased to correct the numerous inaccuracies in the allegations that he reports.”
|
|
|
The Special Rapporteur pointed out at the time that not a single one of the inaccuracies alleged by the department had been brought to his attention since. He invited Simon Coveney to do so. This has not happened.
|
By the end of the week the department had assumed a familiar stance. It had a “firm legal basis” to do what it had been doing. It cited legislation which it claimed provided this legal basis. |
|
|
|
Something DEASP (and others) have yet to grasp is that a legislative provision that might be relevant isn’t necessarily an adequate legal basis. It might be, might not. And you can’t use domestic legislation to get around EU law, otherwise sure they’d all be at it.
|
|
|
|
It had also geared itself up for yet another battle with what it now seems to regard as its ancient enemy, the Data Protection Commission.
|
“The Department of Social Protection is in ongoing engagement with the Data Protection Commission in relation to this matter. "As there are a number of legal and technical matters involved, the department will be addressing these matters directly with the Data Protection Commission.”
|
The department is clearly manouevring to position this as a matter which can be dealt with behind closed doors. The transparency and accountability requirements of data protection law say otherwise and hopefully the DPC gives this approach short shrift.
|
It is disheartening but not very surprising that the optimism with which most people in the data protection field had greeted the HSE’s comprehensive DPIA for the Covid Tracker app, the hope that this heralded a new law-abiding and rights-respecting direction for state data processing projects has been undone within a matter of weeks by none other than the Department of Employment Affairs and Social Protection.
|
This department, coincidentally, confirmed to The Times during the week that it would be continuing with its appeal against an enforcement notice issued by the DPC concerning the Public Services Card. Thereby continuing to undermine the independent regulator and tie up its extremely limited resources. |
|
|
In a report published Monday, the US National Institute of Standards and Technology found that face masks were thwarting even the most advanced facial recognition algorithms. Error rates varied from 5% to 50%, depending on an algorithm’s capabilities.
|
Face masks are thwarting even the best facial recognition algorithms, study finds - CNET
Researchers from NIST found that face masks are causing facial recognition algorithms to fail as much as 50% of the time.
|
Time to start playing the world’s tiniest violin for the vendors and purchasers of these systems, which weren’t all that accurate to start with and are frequently deployed illegally with no heed paid to necessity and proportionality. For a local example, see Issue 2, Baby-snatching in Dublin 8, from earlier this year. |
|
|
The Department of Employment Affairs and Social Protection could learn a thing or two from this approach.
|
Jay Stanley, the ACLU senior policy analyst who co-authored the blog post, told Reuters that the right response to civil liberties concerns about surveillance technology “is not to start using it in secret.” It is “to stop using the technology altogether. We are glad Rite Aid seems to have ultimately recognized this.”
|
Rite Aid deployed facial recognition systems in hundreds of U.S. stores
Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government
|
|
|
The legal news subscription service MLex has reported (in a subscriber-only update) that British Airways’ parent company, IAG, appears to be expecting a fine under the General Data Protection Regulation (GDPR) from the Information Commissioner’s Office (ICO), but which it thinks may be at least 90% lower than ICO initially intended.
|
|
|
|
|
Max Schrems and the DPC have been corresponding via their solicitors after the Schrems II judgment.
|
Following the CJEU’s judgment on EU-US data transfers by Facebook, we requested that the Irish DPC take action. The DPC’s first response indicates that it is unwilling to commit to a clear time frame to reach a decision, despite it having been seven years and five court rulings since our original complaint was filed.
|
|
|
|
|
The Slovenian DPA issued a statement reiterating the inadequate legal basis for the operation of the Slovenian contact tracing app. |
|
|
The Danish DPA recommended the Arp-Hansen Hotel Group be fined 1.1 million kroner (~€148,000) for failing to delete the personal data of about 500,000 data subjects.
|
|
|
-
“But as the boundaries between private and public health become more permanently blurred, we may feel differently about the trade-offs we are being asked to make. We may become less tolerant of behavioral tracking if individual lifestyle choices are constantly monitored for the sake of the collective good. Potential technologies to help us manage a post-pandemic future, from workplace surveillance tools to permanent digital health passports, may severely test our value systems. That could lead to strong disagreement along cultural and political lines about which technologies should and should not be leveraged.” Stephanie Hankey on ‘The Behavioral Data Debate We Need’ for Project Syndicate.
-
“Scientists and genealogists say the GEDmatch breach — which exposed more than a million additional profiles to law enforcement officials — offers an important window into what can go wrong when those responsible for storing genetic information fail to take necessary precautions.” ‘Why a Data Breach at a Genealogy Site Has Privacy Experts Worried’ by Heather Murphy in The New York Times.
-
“Ogury leverages every web page browsed by the user. Every product the user has viewed, regardless of site. All research performed by the user online, via urls, etc. All bookmarks made by the user. All apps downloaded by the user. All the usage on the apps. All social media consumed,” another document provided to people inside the technology and advertising industries and obtained by Motherboard reads.“ A peek inside the wild west of tracking, collecting and sharing data in apps by Joseph Cox for VICE.
-
"All governments step beyond the rule of law at times, often inadvertently, sometimes from excessive zeal, occasionally blatantly. When a government responds to being called out by rewriting the facts, we should all be concerned.” Liam Herrick of the Irish Council for Civil Liberties in The Business Post, ‘We should all be worried about the government’s social welfare travel ban’.
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Bank Holiday edition. The Sideshow Bob Rake Department is back with a bang. It’s been almost two years since that term was first used in this newsletter. How time flies.
😼
For anyone unfamiliar with the concept, a speedrun in video game parlance is, to use Wikipedia’s definition, “a play-through, or a recording thereof, of a whole video game or a selected part of it (such as a single level), performed with the intention of completing it as fast as possible”.
Since the last issue of this newsletter the Department of Employment Affairs and Social Protection has performed a speedrun through its playbook for responding to data protection crises. Crises which are always of the department’s own making, crises which could have been avoided by simply abiding by the law.
What follows below are mere highlights of the week that was, since the amount of confusion and chaos created rapidly expanded to a size which could not be accommodated in this newsletter.
Last Sunday The Business Post published a story stating that “Gardaí, customs officers and immigration officials are carrying out checks at airports to see if passengers are claiming the pandemic unemployment payment or jobseeker’s payment”.
The Tánaiste (a former minister in the department in question, lest we forget) was on the telly at lunchtime the same day. When asked about the department halting payments to people who left the country he said the department gets information from the airports and if somebody “is not genuinely seeking work or is not genuinely living in the country any more their payment can be stopped”.
In a statement late on the evening of Sunday the department told The Irish Times that “since 7th July, 104 cases of pandemic unemployment payment have been stopped as a result of work done in the airports”. Interestingly, the 7th July is several days before the poorly thought out statutory instrument which may have been introduced in an attempt to give some retrospective justification to the measure was signed on the 10th.
By the following day the department had started editing its own website, presumably in an attempt to make their rules correspond with the Tánaiste’s comments.
On Tuesday 28th FLAC wrote to Minister Humphreys. This letter, among other things, highlighted the changes which had been made to the website
Also on Tuesday the minister - very wisely - turned down an invitation to go on Liveline. Her department had not answered any of the questions put to it by Liveline when the programme began. Here’s the blurb for the segment from the RTE website, which is worth listening to in full
Later the same day The Irish Times reported on a woman who had her payment stopped because she’d left the State, even though she hadn’t, and hadn’t even gone to the port she was due to depart from. How the department acquired this information remains a mystery.
On Thursday the DPC issued a strongly worded statement saying it had “serious doubts” about the legality of what had been going on.
The tactic of denying awareness of any concerns unless they have been “brought to the attention of the Department” was used repeatedly during the still not concluded Public Services Card omnishambles.
This could be seen most recently in the aggressively undiplomatic response to a letter from the the UN Special Rapporteur on Extreme Poverty and Human Rights earlier this year.
Newstalk: ‘Irish Government made 'very big push’ to delay letter about Public Services Card, UN expert says’, April 23rd 2020
The Special Rapporteur pointed out at the time that not a single one of the inaccuracies alleged by the department had been brought to his attention since. He invited Simon Coveney to do so. This has not happened.
By the end of the week the department had assumed a familiar stance. It had a “firm legal basis” to do what it had been doing. It cited legislation which it claimed provided this legal basis.
It had also geared itself up for yet another battle with what it now seems to regard as its ancient enemy, the Data Protection Commission.
The department is clearly manouevring to position this as a matter which can be dealt with behind closed doors. The transparency and accountability requirements of data protection law say otherwise and hopefully the DPC gives this approach short shrift.
It is disheartening but not very surprising that the optimism with which most people in the data protection field had greeted the HSE’s comprehensive DPIA for the Covid Tracker app, the hope that this heralded a new law-abiding and rights-respecting direction for state data processing projects has been undone within a matter of weeks by none other than the Department of Employment Affairs and Social Protection.
This department, coincidentally, confirmed to The Times during the week that it would be continuing with its appeal against an enforcement notice issued by the DPC concerning the Public Services Card. Thereby continuing to undermine the independent regulator and tie up its extremely limited resources.
Researchers from NIST found that face masks are causing facial recognition algorithms to fail as much as 50% of the time.
Time to start playing the world’s tiniest violin for the vendors and purchasers of these systems, which weren’t all that accurate to start with and are frequently deployed illegally with no heed paid to necessity and proportionality. For a local example, see Issue 2, Baby-snatching in Dublin 8, from earlier this year.
The Department of Employment Affairs and Social Protection could learn a thing or two from this approach.
Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government
Jon Baines / Mishcon de Reya: ‘British Airways hints at massive reduction in proposed GDPR fine’
…
Max Schrems and the DPC have been corresponding via their solicitors after the Schrems II judgment.
noyb: ‘DPC has no clear time line on enforcing CJEU judgment’
…
The Slovenian DPA issued a statement reiterating the inadequate legal basis for the operation of the Slovenian contact tracing app.
…
The Danish DPA recommended the Arp-Hansen Hotel Group be fined 1.1 million kroner (~€148,000) for failing to delete the personal data of about 500,000 data subjects.
Press release: Original, in Danish | English, Google Translate
-
“But as the boundaries between private and public health become more permanently blurred, we may feel differently about the trade-offs we are being asked to make. We may become less tolerant of behavioral tracking if individual lifestyle choices are constantly monitored for the sake of the collective good. Potential technologies to help us manage a post-pandemic future, from workplace surveillance tools to permanent digital health passports, may severely test our value systems. That could lead to strong disagreement along cultural and political lines about which technologies should and should not be leveraged.” Stephanie Hankey on ‘The Behavioral Data Debate We Need’ for Project Syndicate.
-
“Scientists and genealogists say the GEDmatch breach — which exposed more than a million additional profiles to law enforcement officials — offers an important window into what can go wrong when those responsible for storing genetic information fail to take necessary precautions.” ‘Why a Data Breach at a Genealogy Site Has Privacy Experts Worried’ by Heather Murphy in The New York Times.
-
“Ogury leverages every web page browsed by the user. Every product the user has viewed, regardless of site. All research performed by the user online, via urls, etc. All bookmarks made by the user. All apps downloaded by the user. All the usage on the apps. All social media consumed,” another document provided to people inside the technology and advertising industries and obtained by Motherboard reads.“ A peek inside the wild west of tracking, collecting and sharing data in apps by Joseph Cox for VICE.
-
"All governments step beyond the rule of law at times, often inadvertently, sometimes from excessive zeal, occasionally blatantly. When a government responds to being called out by rewriting the facts, we should all be concerned.” Liam Herrick of the Irish Council for Civil Liberties in The Business Post, ‘We should all be worried about the government’s social welfare travel ban’.
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
