October 25, 2021
The Cat Herder
| |
| October 25 · Issue #154 · View online |
|
|
Bank Holiday edition. Which also happens to be a bit of an inadvertent - but short - facial recognition special edition thanks to North Ayrshire Council. 😼
|
|
|
|
|
Imagine organizing a breakfast briefing on information security and sending not one, not two, not three, but four emails to all invitees with their names and addresses copied in for all to see.
The fourth one was an attempt to cancel the event, too
https://t.co/H3aPT6Tmfc
|
|
|
|
|
|
|
|
Pay with your face arrived in schools in Scotland.
|
A group of nine schools in the UK have started using facial recognition to verify children’s payments for school meals. The schools in North Ayrshire in Scotland claim that using the technology is faster and more hygienic than taking payments using cards or fingerprint scanners, but privacy advocates warn that the move is normalizing biometric surveillance. As reported by the FT, North Ayrshire council claims that 97 percent of children or parents consented to be enrolled. But some parents said they were not sure if children fully understood what they were signing up for, and were influenced by peer pressure.
|
UK schools are using facial recognition to take pupils’ lunch money - The Verge
A group of nine schools in North Ayrshire in Scotland have started using facial recognition on pupils to verify payments for food. The company installing the technology says it’s faster and more hygienic.
|
Rather timidly the ICO swung into action.
|
An ICO spokesperson said organisations using facial recognition technology must comply with data protection law before, during and after its use, adding: “Data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so. “Organisations should consider using a different approach if the same goal can be achieved in a less intrusive manner. We are aware of the introduction, and will be making inquiries with North Ayrshire council.”
|
ICO to step in after schools use facial recognition to speed up lunch queue | Facial recognition | The Guardian
Privacy campaigners raise concerns after nine schools in North Ayrshire scan faces of pupils to take payments
|
Tech Monitor did a deeper dive into the significance of this move which is well worth a read.
|
Paul Bernal, professor of information technology at the University of East Anglia, says there are two main risks of using facial recognition in schools: data security and the normalisation of facial recognition. On the first, he said that biometric data is permanent and as such it needs to be held completely securely to avoid its compromise and fraudulent use. “Do the companies, schools, and even councils have the ability to keep it securely?” asks Bernal. “Anyone who’s worked in schools knows that the IT is always breaking down. Can the companies be trusted? They will be looking to monetise their data – that’s the nature of the beast.” On the risk of normalising facial recognition, Bernal says that once children get used to giving up their biometric data, they lose the sense of its value and facial recognition becomes the norm for any kind of check: “which means a surveillance regime that just grows and grows.”
|
Facial recognition in schools: Are we ready for it? - Tech Monitor
Facial recognition software is being deployed in schools in Scotland. Experts fear more surveillance technology could follow.
|
|
|
A few things happened elsewhere in the world which have relevance for Ireland. As with “Huduma Namba” last week, “RENAPER” doesn’t translate directly to either “Public Services Card” or “MyGovID” but the similarities are striking.
|
The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.
|
|
|
|
|
The Court of Appeal of Brussels upheld a decision by the Belgian DPA that data subjects have the right under Article 16 GDPR for their name to be spelled correctly [with appropriate diacritics] when processed by a bank’s computer systems.
|
Court of Appeal of Brussels - 2019/AR/1006 - GDPRhub
The Court of Appeal of Brussels held that data subjects have the right under Article 16 GDPR for their name to be spelled correctly when processed by a bank’s computer systems.
|
|
|
It seems the HSE and the unnamed Belgian bank both used roughly the same argument: ‘Yeah, we should do this but it’s hard and we don’t wanna do it.’ This was accepted by the DPC, whereas it was not accepted by the Belgian DPA and the Brussels Court of Appeal.
|
That famous consistency in decision-making across European DPAs working out just fine yet again.
|
|
|
In Slovenia the courts also upheld a decision of the Slovenian DPA, in this case that the right of erasure does not extend to baptismal records held by the Catholic Church since these records have the characteristics of archival material. The processing by was deemed to be necessary for archival purposes. |
|
|
The EDPB announced it was launching its first coordinated action under the Coordinated Enforcement Framework set up last October. The chose topic is the use of Cloud based service by the public sector.
|
In a coordinated action, the EDPB prioritizes a certain topic for supervisory authorities to work on at the national level. The results of these national actions are then bundled and analysed, generating deeper insight into the topic and allowing for targeted follow-up on both the national and the EU level.
|
|
|
The final version of the guidelines are available here [direct link to PDF]. |
|
|
|
|
|
|
-
‘In a slide titled “Dystopian Sci-Fi,” the men showed posters for the movies “The Terminator,” “RoboCop,” “Blade Runner,” and “Minority Report” and the TV show “Black Mirror.” Ray said facial-recognition regulation happened in the “specific cultural context” of dystopian science fiction, and chided people who, he said, interpret science fiction literally. “It’s important that we pause and reflect that dystopian sci-fi isn’t how law enforcement uses our technology,” he added. “There aren’t killer robot bees flying around.”’ From ‘I attended a top surveillance conference in Washington, a bizarre experience in which industry insiders lamented being under attack’ by Caroline Haskins for Business Insider.
-
“Elizabeth Laird, the director of equity in civic technology at the Center for Democracy and Technology, argued the federal law was never intended to mandate student “tracking” through artificial intelligence. In fact, the statute includes a disclaimer stating it shouldn’t be “construed to require the tracking of internet use by any identifiable minor or adult user.” … Gaggle’s keywords could also have a disproportionate impact on LGBTQ children. In three-dozen incident reports, Gaggle flagged keywords related to sexual orientation including “gay, and “lesbian.” On at least one occasion, school officials outed an LGBTQ student to their parents, according to a Minneapolis high school student newspaper article.” From ‘Gaggle Surveils Millions of Kids in the Name of Safety. Targeted Families Argue it’s ‘Not That Smart’ by Mark Keierleber for The74.
-
“Facial recognition technology has a very distinctive affordance — which is, if it works well, it identities __who a stranger is.__ That’s a major game-changer in terms of power dynamics. Historically free association has largely been safeguarded because the transaction costs of identifying strangers were protected by a natural default state of obscurity — meaning, there’s only so many names and faces we can recall. There’s a biological limit to that. And we didn’t have technologies that could radically reduce transaction costs of determining who someone is. We’ve experienced nothing like face recognition before, which is why there are major gaps in the law.” Evan Selinger in an interview with Clive Thompson, 'How To Recognize When Tech Is Leading Us Down a ‘Slippery Slope’.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Bank Holiday edition. Which also happens to be a bit of an inadvertent - but short - facial recognition special edition thanks to North Ayrshire Council.
😼
The full story is here: ‘NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let’s talk cyber’ event’.
Pay with your face arrived in schools in Scotland.
A group of nine schools in North Ayrshire in Scotland have started using facial recognition on pupils to verify payments for food. The company installing the technology says it’s faster and more hygienic.
Rather timidly the ICO swung into action.
Privacy campaigners raise concerns after nine schools in North Ayrshire scan faces of pupils to take payments
Tech Monitor did a deeper dive into the significance of this move which is well worth a read.
Facial recognition software is being deployed in schools in Scotland. Experts fear more surveillance technology could follow.
A few things happened elsewhere in the world which have relevance for Ireland. As with “Huduma Namba” last week, “RENAPER” doesn’t translate directly to either “Public Services Card” or “MyGovID” but the similarities are striking.
The Record: ‘Hacker steals government ID database for Argentina’s entire population’
—
The Court of Appeal of Brussels upheld a decision by the Belgian DPA that data subjects have the right under Article 16 GDPR for their name to be spelled correctly [with appropriate diacritics] when processed by a bank’s computer systems.
The Court of Appeal of Brussels held that data subjects have the right under Article 16 GDPR for their name to be spelled correctly when processed by a bank’s computer systems.
In Ireland the DPC looked into a remarkably similar complaint about the HSE’s computer systems and, after eight months, decided “an individual’s right to have their records rectified “is not an absolute right” and “depends on the circumstances in each individual case”.
It seems the HSE and the unnamed Belgian bank both used roughly the same argument: ‘Yeah, we should do this but it’s hard and we don’t wanna do it.’ This was accepted by the DPC, whereas it was not accepted by the Belgian DPA and the Brussels Court of Appeal.
That famous consistency in decision-making across European DPAs working out just fine yet again.
—
In Slovenia the courts also upheld a decision of the Slovenian DPA, in this case that the right of erasure does not extend to baptismal records held by the Catholic Church since these records have the characteristics of archival material. The processing by was deemed to be necessary for archival purposes.
The EDPB announced it was launching its first coordinated action under the Coordinated Enforcement Framework set up last October. The chose topic is the use of Cloud based service by the public sector.
—
After a public consultation period the EDPB adopted its ‘Guidelines 10/2020 on restrictions under Article 23 GDPR’.
The final version of the guidelines are available here [direct link to PDF].
—
The DPC had its decision to impose a fine of €450,000 on Twitter confirmed by the Dublin Circuit Court.
-
‘In a slide titled “Dystopian Sci-Fi,” the men showed posters for the movies “The Terminator,” “RoboCop,” “Blade Runner,” and “Minority Report” and the TV show “Black Mirror.” Ray said facial-recognition regulation happened in the “specific cultural context” of dystopian science fiction, and chided people who, he said, interpret science fiction literally. “It’s important that we pause and reflect that dystopian sci-fi isn’t how law enforcement uses our technology,” he added. “There aren’t killer robot bees flying around.”’ From ‘I attended a top surveillance conference in Washington, a bizarre experience in which industry insiders lamented being under attack’ by Caroline Haskins for Business Insider.
-
“Elizabeth Laird, the director of equity in civic technology at the Center for Democracy and Technology, argued the federal law was never intended to mandate student “tracking” through artificial intelligence. In fact, the statute includes a disclaimer stating it shouldn’t be “construed to require the tracking of internet use by any identifiable minor or adult user.” … Gaggle’s keywords could also have a disproportionate impact on LGBTQ children. In three-dozen incident reports, Gaggle flagged keywords related to sexual orientation including “gay, and “lesbian.” On at least one occasion, school officials outed an LGBTQ student to their parents, according to a Minneapolis high school student newspaper article.” From ‘Gaggle Surveils Millions of Kids in the Name of Safety. Targeted Families Argue it’s ‘Not That Smart’ by Mark Keierleber for The74.
-
“Facial recognition technology has a very distinctive affordance — which is, if it works well, it identities __who a stranger is.__ That’s a major game-changer in terms of power dynamics. Historically free association has largely been safeguarded because the transaction costs of identifying strangers were protected by a natural default state of obscurity — meaning, there’s only so many names and faces we can recall. There’s a biological limit to that. And we didn’t have technologies that could radically reduce transaction costs of determining who someone is. We’ve experienced nothing like face recognition before, which is why there are major gaps in the law.” Evan Selinger in an interview with Clive Thompson, 'How To Recognize When Tech Is Leading Us Down a ‘Slippery Slope’.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
