November 14, 2021
"top of the list of most-used passwords" | The Cat Herder, Volume 4, Issue 44
| |
| November 14 · Issue #157 · View online |
|
|
A breach and a small fine, a breach and a large fine, the Department of Children’s difficulties with meeting its obligations continue, net-zero human rights abuse targets. 😼
|
|
|
“I don’t know why they would record their sessions,” one source said.
|
Charity lost video recordings of sessions with 120 domestic violence perpetrators
The nature of the breach was greeted with incredulity by sources within the outreach sector, who questioned why such sessions would be recorded at …
|
A crucial and all too frequently overlooked question data controllers must ask themselves is “Do we need to process this personal data?” This question should be answered before any personal data has been processed. It’s mildly surprising (and very fortunate for the data controller) that the DPC investigation in this case was limited to the integrity and confidentiality principle and the technical and organisational measures taken to ensure security of processing, and didn’t examine the necessity of the processing.
|
|
|
Former Israeli soldiers told the Post about a smartphone technology called “Blue Wolf,” which takes photos of Palestinians and stores them in a large-scale database. Once an image is captured, Blue Wolf matches that picture to a person in its database, and as the Post describes, soldiers’ phones will then flash a specific color that signifies if that individual should be arrested, detained, or left undisturbed. The Post notes that the Israeli army has been filling up the database with thousands of images of Palestinians over the past two years, and it even held “competitions” that rewarded soldiers for taking the most photos of people. The database is essentially a “Facebook for Palestinians,” a former soldier told the Post. But even in the context of the extreme security measures, the former soldiers who spoke to the Post found the facial recognition system alarming. “I wouldn’t feel comfortable if they used it in the mall in [my hometown], let’s put it that way,” a former soldier told the Post. “People worry about fingerprinting, but this is that several times over.”
|
The Israeli army is using facial recognition to track Palestinians, former soldiers reveal - The Verge
According to former Israeli soldiers, the country’s military uses smartphone technology to track and identify Palestinians across the West Bank. The surveillance database houses thousands of photos of Palestinians that soldiers allegedly “competed” to take.
|
|
|
Professor Sampson said it was reasonable to expect suppliers of surveillance tech to behave ethically: “We are exhorting companies to set net-zero carbon targets - is it too much to ask them to set net-zero human rights abuse targets?”
|
Councils and police must 'weigh CCTV firms' human rights records' - BBC News
Surveillance camera watchdog’s call follows MPs’ plea for a ban on tech used in Uyghur camps.
|
In a surprising turn of events it seems some councillors in Limerick have begun to question whether spending large sums of money on surveillance technology does in fact curb crime or anti-social behaviour. Quick tip for councillors right across the country: there is no magic technology solution available off the shelf which provides the solution to large, complex problems. Such as crime and anti-social behaviour.
|
|
|
|
Once again, massively expensive systems appear to achieve little apart from subjecting swathes of the population to constant surveillance. https://t.co/OComcdIuPg
|
|
|
|
|
|
The Minister for Children, Equality, Disability, Integration and Youth Roderic O'Gorman is bringing proposals to Cabinet next week for a redress scheme for those affected by the Mother and Baby Homes.
|
|
|
The action plan also emphasises previous promises to ensure survivors have access to the information collected by the commission which is now in the control of the Department of Children. More work will be put into improving General Data Protection Regulations (GDPR) to give survivors better access to personal health information in the Commission’s files. The Government will also continue to progress information and tracing legislation to allow for better exchange of information between adoptees and their biological families. This will include new provisions for sharing important health information.
|
|
|
Secondly, and far more importantly, the problems the department is encountering which have led to it failing to meet its obligations in full have nothing to do with the General Data Protection Regulation. As the Clann Project say in their statement on the announcement
|
The government and numerous agencies continue to misinterpret GDPR, withholding basic identity information from people without legal basis and without demonstrating the necessity and proportionality of doing so.
|
It isn’t really within the government’s remit to ‘improve’ an EU Regulation which was first proposed in January 2012 and became law over five years ago. It is, however, absolutely within the government’s remit to instruct its departments and agencies to meet their obligations under the GDPR. Which is not happening.
|
|
|
The Irish state’s biometric identity register got an unflattering shoutout in this analysis from Human Rights Watch of the EU’s proposals to regulate AI systems .
|
The Irish Council for Civil Liberties, a human rights organization, has criticized the DEASP for collecting more personal data than necessary to perform identity checks. It is unclear, for example, why the DEASP collects and analyzes facial images when less invasive means of checking people’s identity, such as authenticating their passport and proof of address, should ordinarily suffice. Conditioning access to benefits on facial recognition checks also heightens the risk of discrimination. A 2019 study by the US National Institute for Science and Technology (NIST), a United States government laboratory that has conducted one of the most comprehensive global studies of facial recognition algorithms, has found that facial identification is less accurate for darker-skinned women than for white men. When government agencies use this technology to conduct law enforcement investigations, NIST has warned that these inaccuracies could lead to false accusations. DEASP has not published any information about the accuracy rates of its software.
|
How the EU’s Flawed Artificial Intelligence Regulation Endangers the Social Safety Net: Questions and Answers | Human Rights Watch
The European Union’s plan to regulate artificial intelligence is ill-equipped to protect people from flawed algorithms that deprive them of lifesaving benefits and discriminate against vulnerable populations, Human Rights Watch said in report on the regulation released today. The European Parliament should amend the regulation to better protect people’s rights to social security and an adequate standard of living.
|
|
|
|
|
|
|
Coincidentally the CNIL published a guide to GDPR compliance for charitable and other associations during the week. Available only in French. |
|
|
The Dutch DPA fined the airline Transavia €400,000 for information security failings which allowed a hacker to access the airline’s systems in 2019 and download the personal data of more than 83,000 people. |
Ms Mur said, ‘It is very serious that a hacker was able to access the personal data of millions of people by breaking into the system with a very simple password. One that for years has been at the top of the list of most-used passwords, like “123456”, “Welcome” and “password”.’
|
|
|
-
“The difficulty with technology is that it is almost impossible to opt out once it has arrived. In instituting the logic of surveillance, Big Tech offers a compelling proposition: protect yourself by gathering with the like-minded. You ride a streetcar through a city and brush up against people of all types. But, when you arrive home, you can log on to a social network and warn others like you about signs of abnormality, crime, and misdeeds. All you need is a comfortable salary, a house with a porch, and a doorbell with a little camera hidden inside. It might not have been your neighbourhood before, but you have the power to defend it, to make it yours, to make sure it stays yours.” From ‘Porch Cameras and Facebook Groups Are Turning Streets into Surveillance States’ by Navneet Alang for The Walrus.
-
“A lot of these data brokers’ existence depends on people not knowing too much about them because they’re universally unpopular,” Cyphers said. “Veraset refuses to reveal even how they get their data or which apps they purchase it from, and I think that’s because if anyone realized the app you’re using … also opts you into having your location data sold on the open market, people would be angry and creeped out.” He noted that Veraset’s location data includes sequences of code, known as “advertising identifiers,” that can be used to pinpoint individual phones. Researchers have also shown that such data can be easily “de-anonymized” and linked to a specific person. Both Apple and Google announced changes earlier this year that would allow people to block their ID numbers from being used for tracking.“ From ‘Data broker shared billions of phone location records with D.C. government as part of covid-tracking effort’ by Drew Harwell for The Washinton Post (possibly paywalled).
-
"“Computers are evil,” said this oracle (aka Beverly Woodward, a professor from Brandeis University). Technology will victimize people, she predicted. Their private medical information, for example, will be hacked and used for nefarious purposes like blackmail. Such an unconscionable misdeed, she said, was taking place right then in 1997 in Massachusetts … We live in an age, Sweeney says, in which “every democratic value is basically up for grabs by what technology design allows or doesn’t allow.” It’s this intersection that compels her.” From an interview with Latanya Sweeney by Sara Ivry for Ms. Magazine.
-
“The MOVE Ireland case is a good example of ‘meat and potatoes’ data protection decision making. The controller is a small, well-meaning organisation. The breach was relatively limited, and appears from the record to have had minimal actual impact to the data subjects. The fine was impactful to the controller, but certainly not headline-grabbing. There’s nothing flashy about this decision at all — and that’s why it’s so important. The concerns raised by The Commissioner are points that each and every data controller and processor should be considering as part of their BAU (business as usual) processes. No one is immune from obligations to implement effective TOMs (technical or organisational measures), or regularly check and re-assess their risks and practices.” From ‘In the matter of MOVE Ireland’ by Carey Lening on the Castlebridge blog.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
A breach and a small fine, a breach and a large fine, the Department of Children’s difficulties with meeting its obligations continue, net-zero human rights abuse targets.
😼
The nature of the breach was greeted with incredulity by sources within the outreach sector, who questioned why such sessions would be recorded at …
A crucial and all too frequently overlooked question data controllers must ask themselves is “Do we need to process this personal data?” This question should be answered before any personal data has been processed.
It’s mildly surprising (and very fortunate for the data controller) that the DPC investigation in this case was limited to the integrity and confidentiality principle and the technical and organisational measures taken to ensure security of processing, and didn’t examine the necessity of the processing.
According to former Israeli soldiers, the country’s military uses smartphone technology to track and identify Palestinians across the West Bank. The surveillance database houses thousands of photos of Palestinians that soldiers allegedly “competed” to take.
Surveillance camera watchdog’s call follows MPs’ plea for a ban on tech used in Uyghur camps.
In a surprising turn of events it seems some councillors in Limerick have begun to question whether spending large sums of money on surveillance technology does in fact curb crime or anti-social behaviour. Quick tip for councillors right across the country: there is no magic technology solution available off the shelf which provides the solution to large, complex problems. Such as crime and anti-social behaviour.
The Minister for Children, Equality, Disability, Integration and Youth Roderic O'Gorman is bringing proposals to Cabinet next week for a redress scheme for those affected by the Mother and Baby Homes.
This article in the Irish Independent was presumably assembled from briefing notes provided by the Department of Children.
Firstly, the name of the legislation is incorrect. It’s a Regulation, not “Regulations”. An EU Regulation is not remotely analagous to a domestic Statutory Instrument.
Secondly, and far more importantly, the problems the department is encountering which have led to it failing to meet its obligations in full have nothing to do with the General Data Protection Regulation. As the Clann Project say in their statement on the announcement
It isn’t really within the government’s remit to ‘improve’ an EU Regulation which was first proposed in January 2012 and became law over five years ago. It is, however, absolutely within the government’s remit to instruct its departments and agencies to meet their obligations under the GDPR. Which is not happening.
—
The Irish state’s biometric identity register got an unflattering shoutout in this analysis from Human Rights Watch of the EU’s proposals to regulate AI systems .
The European Union’s plan to regulate artificial intelligence is ill-equipped to protect people from flawed algorithms that deprive them of lifesaving benefits and discriminate against vulnerable populations, Human Rights Watch said in report on the regulation released today. The European Parliament should amend the regulation to better protect people’s rights to social security and an adequate standard of living.
As mentioned above, the DPC published ‘Decision IN-20-7-1 in the matter of MOVE Ireland’ (direct link to PDF).
—
Coincidentally the CNIL published a guide to GDPR compliance for charitable and other associations during the week. Available only in French.
—
The Dutch DPA fined the airline Transavia €400,000 for information security failings which allowed a hacker to access the airline’s systems in 2019 and download the personal data of more than 83,000 people.
-
“The difficulty with technology is that it is almost impossible to opt out once it has arrived. In instituting the logic of surveillance, Big Tech offers a compelling proposition: protect yourself by gathering with the like-minded. You ride a streetcar through a city and brush up against people of all types. But, when you arrive home, you can log on to a social network and warn others like you about signs of abnormality, crime, and misdeeds. All you need is a comfortable salary, a house with a porch, and a doorbell with a little camera hidden inside. It might not have been your neighbourhood before, but you have the power to defend it, to make it yours, to make sure it stays yours.” From ‘Porch Cameras and Facebook Groups Are Turning Streets into Surveillance States’ by Navneet Alang for The Walrus.
-
“A lot of these data brokers’ existence depends on people not knowing too much about them because they’re universally unpopular,” Cyphers said. “Veraset refuses to reveal even how they get their data or which apps they purchase it from, and I think that’s because if anyone realized the app you’re using … also opts you into having your location data sold on the open market, people would be angry and creeped out.” He noted that Veraset’s location data includes sequences of code, known as “advertising identifiers,” that can be used to pinpoint individual phones. Researchers have also shown that such data can be easily “de-anonymized” and linked to a specific person. Both Apple and Google announced changes earlier this year that would allow people to block their ID numbers from being used for tracking.“ From ‘Data broker shared billions of phone location records with D.C. government as part of covid-tracking effort’ by Drew Harwell for The Washinton Post (possibly paywalled).
-
"“Computers are evil,” said this oracle (aka Beverly Woodward, a professor from Brandeis University). Technology will victimize people, she predicted. Their private medical information, for example, will be hacked and used for nefarious purposes like blackmail. Such an unconscionable misdeed, she said, was taking place right then in 1997 in Massachusetts … We live in an age, Sweeney says, in which “every democratic value is basically up for grabs by what technology design allows or doesn’t allow.” It’s this intersection that compels her.” From an interview with Latanya Sweeney by Sara Ivry for Ms. Magazine.
-
“The MOVE Ireland case is a good example of ‘meat and potatoes’ data protection decision making. The controller is a small, well-meaning organisation. The breach was relatively limited, and appears from the record to have had minimal actual impact to the data subjects. The fine was impactful to the controller, but certainly not headline-grabbing. There’s nothing flashy about this decision at all — and that’s why it’s so important. The concerns raised by The Commissioner are points that each and every data controller and processor should be considering as part of their BAU (business as usual) processes. No one is immune from obligations to implement effective TOMs (technical or organisational measures), or regularly check and re-assess their risks and practices.” From ‘In the matter of MOVE Ireland’ by Carey Lening on the Castlebridge blog.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
