Streetlights | The Cat Herder, Volume 3, Issue 25
|
The encryption debate which never entirely goes away is back, the HSE gets a C+ and discussions on facial recognition continue.
😼
In the analog world every police officer does not have a special key in their pocket which allows them to open each and every lock in the world. Such a thing does not exist.
Nor does an “electronic key” which breaks encryption, as described in this article in the Irish Examiner headlined ‘Gardaí to get 'electronic key’ to intercept criminal gangs’ encrypted messages’. If encryption is weakened to allow access for some, it is weakened for all. Which renders insecure everything which is currently (somewhat) secure.
The article in the Examiner discusses the recent infiltration of Encrochat by French and Dutch law enforcement and quotes Europol as saying this had sent “shockwaves through organised crime across Europe”. The article neglects to mention that all this had happened without a magical electronic key, or the introduction of any new laws ¯\_(ツ)_/¯
Back in January 1991 a chap called Senator Joe Biden added a paragraph to a US Senate bill which would have given law enforcement agencies the ability to access the “plaintext contents of voice, data, and other communications”. This didn’t happen then, nor has it happened subsequently.
This tedious debate is now entering its fourth decade and as more and more commerce and human activity comes to rely on encrypted data transit and storage the likelihood of such a law being introduced diminishes. But that has not stopped law enforcement and security authorities from hopefully briefing about the possibility.
—
Maybe, just maybe if you’re the CEO of a large company which sells surveillance services you shouldn’t be doing this.
Guardian: ‘CEO of exam monitoring software Proctorio apologises for posting student’s chat logs on Reddit’
No sign of the HSE Covid Tracker app in the Apple and Google stores yet, nor have any significant changes been made to the website except a shift of domain, from covidtracker.ie to covidtracker.gov.ie.
The Irish Council for Civil Liberties and Digital Rights Ireland did up a scorecard. The app and its trappings were awarded a C+. The press release is here, the scorecard itself is here (PDF) and some coverage from The Irish Times is here.
As mentioned in last week’s newsletter, this attitude towards outside scrutiny from a state body is in itself extremely welcome and hopefully will continue.
—
Over in the UK something close to the exact opposite is happening.
Wired: ‘Government faces court over NHS Test and Trace privacy failings’
Voice of San Diego: ‘Police Used Smart Streetlight Footage to Investigate Protesters’
An overview of what these streetlights are capable of by The San Diego Union Tribune was mentioned in Volume 2, Issue 11 of this newsletter, back in March of last year.
VICE: ‘Detroit Police Chief: Facial Recognition Software Misidentifies 96% of the Time’
—
Back over on this side of the Atlantic the European Data Protection Supervisor has called for a moratorium on the use of facial recognition (and more) in public spaces.
Euractiv: ‘EU data watchdog to ‘convince’ Commission to ban automated recognition tech’
EUobserver: Facial-recognition moratorium back on EU agenda
The DPC opened an inquiry into the collection of personal data concerning child benefit payments by the Department of Employment Affairs and Social Protection.
—
The Baden-Württemberg DPA fined AOK Baden-Württemberg, a sweepstakes provider €1,240,000 for breaches of Article 32 of the GDPR, security of processing.
Press release (in German)
—
The Berlin DPA published the results of a quick compliance assessment of video conferencing services. “the following services are marked "red”: Cisco WebEx; Google Meet; GoToMeeting; Microsoft Teams; Skype; Skype for Business; Zoom"
—
The Danish DPA opened an inquiry into TikTok’s handling of children’s personal data. This came one day after TikTok announced it would be moving its main establishment to Dublin at the end of this month.
—
The Dutch DPA has said it is opposed to legislation which will compel mobile operators to share data with the public health institute RIVM and Statistics Netherlands in order to track the movements of people.
—
Finally, in some extremely unsurprising regulator news, all the privacy commissioners in Canada have opened an investigation into the extraordinarily levels of surveillance by the Tim Hortons app. This was covered here a couple of weeks back.
- “It’s commonly said that in the digital world, data is power. This simple view might apply to a company collecting data through an app or a website, such as a supermarket, but doesn’t faithfully capture the source of power of the firms controlling the hardware and software platforms these apps and websites run on. Using privacy technologies, such as “federated” or “edge” computing, Apple and Google can understand and intervene in the world, while truthfully saying they never saw anybody’s personal data.” Michael Veale on the immense power owning the operating systems of our pocket rectangles has granted Apple and Google. Given stark historical context recently by them merely shrugging and saying “fine, do it yourselves and come back to us when it doesn’t work” when hit with demands for special treatment from two of the world’s former imperial powers.
- “Much of the COVID-19 crisis response, including the disparate impact of the disease on African Americans and people who have been economically and politically abandoned, shows us the limitations, failures and potential harms of Silicon Valley promises. The consequences have been devastating. The inescapable truth is that the fragility and inequality of our social, political and economic systems have been laid bare. We cannot automate the tough decisions, the redistributions of power and the everyday behavior it will take to make just societies. We will not compute our way out of these crises to the better future we want.” Safiya Noble on ‘The Loss Of Public Goods To Big Tech’.
Endnotes & Credits
- The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
- As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
- The image used in the header is by Krystian Tambur on Unsplash.
- Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
- Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.