"very pedantic academics" | The Cat Herder, Volume 4, Issue 30

Apple announced a thing so large it dwarfed all the rest of the week's news. In far less surprising n   August 8 · Issue #143 · View online Apple announced a thing so large it dwarfed all the rest of the week’s news. In far less surprising news there are no lengths Facebook will not go to in order to put more targeted ads in front of you. 😼 Nearly 1 in 3 home sellers say they secretly use hidden cameras during showings to hear what buyers and real estate agents are saying, a survey says www.businessinsider.com – Share Nearly 1 in 3 home sellers uses hidden cameras during showings for reasons like getting information for negotiations, a LendingTree survey says. – The report cites that Facebook has confirmed it is building a team of artificial intelligence researchers to “study ways of analyzing encrypted data without decrypting it.” While it is still early in development, the research could enable Facebook to use users’ encrypted WhatsApp messages and then utilize that information for targeted advertising. Facebook Reportedly Researching Ways to Use Encrypted WhatsApp Messages for Targeted Advertisements - MacRumors www.macrumors.com – Share Facebook is researching ways to analyze encrypted data, such as WhatsApp messages, without actually decrypting the information, according to a new… It seems nobody *did* see this one coming Towards the end of last week Apple announced ‘Expanded Protections for Children’. This announcement took a majority of the infosec community entirely by surprise. Consequently there are a lot of opinions, some more nuanced than others. Some confusion over what exactly the system will do at launch and what safeguards will be in place remains. So here’s a selection of opinions because I haven’t had a chance to look at the system in any detail yet myself. It is worth remembering when reading these that the system will launch first in the US. How Apple will square what appears to be population wide scanning of communications and accessing of information on users’ devices with European data protection and privacy laws remains to be seen. Apple is taking steps to combat child sex abuse materials (CSAM), including implementing technology that will detect known-CSAM uploaded to iCloud; an iMessage feature that will alert parents if their child sends or receives an image with nudity; and a block if someone tries to search for CSAM-related terms on Siri or Search. The changes, which Apple says will be released in the US later this year, were first leaked via a tweet thread by a Johns Hopkins University cryptography professor who heard about them from a colleague. Apple has since confirmed the reports. Apple debuts new 'child  protection' features; advocates call out possible unintended risks blog.avast.com – Share Privacy advocates worry that Apple’s new features created to combat child sexual abuse materials may have serious unintended consequences. Rachel Coldicutt @rachelcoldicutt It seems v similar to the Google-Apple contact tracing infra: high-handed, delivered with a lack of consultation, difficult to scrutinise, lacking in levers for democratic enquiry/redress. 8:24 AM - 8 Aug 2021 Louie Mantia, Jr. @Mantia I haven’t worked at Apple in 10 years and *I* feel bad about this. I feel bad that I contributed even the most trivial visual details, that in the aggregate work to gain customers’ trust. Now Apple seeks to erode that trust? I feel bad for contributing to it. 10:22 PM - 6 Aug 2021 More: Sarah Jamie Lewis, Twitter thread: “Clearly a rubicon moment for privacy and end-to-end encryption. I worry if Apple faces anything other than existential annihilation for proposing continual surveillance of private messages then it won’t be long before other providers feel the pressure to do the same.” Alex Stamos, Twitter thread: “Apple’s child safety protections announcement hurt the effort to find a policy balance on safety and privacy aspects of e2e encrypted comms products” Matthew Green, Twitter thread: “Yesterday we were gradually headed towards a future where less and less of our information had to be under the control and review of anyone but ourselves. For the first time since the 1990s we were taking our privacy back. Today we’re on a different path.” Matthew Green, Twitter thread: “Regardless of what Apple’s long term plans are, they’ve sent a very clear signal. In their (very influential) opinion, it is safe to build systems that scan users’ phones for prohibited content. That’s the message they’re sending to governments, competing services, China, you.” Derek Powazek, Twitter thread: “This was inevitable the moment the big tech cos started hosting your photos on their servers. Every reputable photo sharing site you’ve ever used has done the same thing. You just didn’t notice unless you traded child porn.” John Gruber: ‘An overview of Apple’s three new “Child Safety” initiatives, what critics are getting wrong, and the completely legitimate slippery slope concerns from experts’ India McKinney and Erica Portnoy for the EFF: “If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its messaging system.” There are many ways for data controllers to try and meet their transparency obligations i.e. telling people what’s being done with their personal data and why. This is certainly not one of the more traditional ways. Simon McGarr @Tupp_Ed Interesting- I’ve been shown a letter a client received from the Dept of Social Welfare. It goes straight from Dear X to yours sincerely with no text in between. But it does have a large footnote, obliquely telling the recipient their data is being used. 2:00 PM - 2 Aug 2021 The Commission is also concerned that the proposed transaction would further strengthen Facebook’s market position in the online display advertising market by increasing the already significant amount of data available to Facebook for personalisation of the ads it displays. The European Commission announced it was launching an “in-depth investigation” of Facebook’s proposed acquisition of Kustomer. “Under the pretence of finding the best diet for us and protecting our health, fad-diet companies are only collecting more and more data about us, without providing us proper information about what happens with the data and who they share it with … What we now know is that the data you share with them does not stay between you and those companies. Either because of poor technical insight, or because they are actively sharing it with third parties, your data ends up in the hands of large platforms and other marketing companies. And they usually do so without telling you – at no point in our journey with these sites did we see a cookie banner, pop-up or statement that would notify you of your activity being tracked and information being shared in this way – and without obtaining your consent to the sharing of your sensitive data.” From ‘An unhealthy diet of targeted ads: an investigation in to how the diet industry exploits our data’, an investigation by Privacy International. “Michael Veale, a lecturer in law at University College London, said that beyond influencing independent academics, there are other motives for firms such as Google to fund policy research. “By funding very pedantic academics in an area to investigate the nuances of economics online, you can heighten the amount of perceived uncertainty in things that are currently taken for granted in regulatory spheres,” he told the New Statesman.” From ‘How Google quietly funds Europe’s leading tech policy institutes’ by Laurie Clarke, Oscar Williams and Katharine Swindells for the New Statesman. “So keep that in mind as you are designing laws, and systems, and institutions, which involve the lives and the opportunities and, yes, the data of people who weren’t born with the privileges you were. Because you have more power than you know, and you have that power because it has been taken away from others. You have the privilege to ignore the imbalances of power that exist around you. You also have the choice to be complicit in them. That is your choice. It always is.” From ‘On data rights, immigration, privilege, power, and the shit life throws at you – Hi, I’m Heather Burns’. By Heather Burns, obviously enough. Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

Apple announced a thing so large it dwarfed all the rest of the week’s news. In far less surprising news there are no lengths Facebook will not go to in order to put more targeted ads in front of you.

😼

Nearly 1 in 3 home sellers uses hidden cameras during showings for reasons like getting information for negotiations, a LendingTree survey says.

–

Facebook is researching ways to analyze encrypted data, such as WhatsApp messages, without actually decrypting the information, according to a new…

Towards the end of last week Apple announced ‘Expanded Protections for Children’. This announcement took a majority of the infosec community entirely by surprise. Consequently there are a lot of opinions, some more nuanced than others. Some confusion over what exactly the system will do at launch and what safeguards will be in place remains. So here’s a selection of opinions because I haven’t had a chance to look at the system in any detail yet myself. It is worth remembering when reading these that the system will launch first in the US. How Apple will square what appears to be population wide scanning of communications and accessing of information on users’ devices with European data protection and privacy laws remains to be seen.

Privacy advocates worry that Apple’s new features created to combat child sexual abuse materials may have serious unintended consequences.

More:

Sarah Jamie Lewis, Twitter thread: “Clearly a rubicon moment for privacy and end-to-end encryption. I worry if Apple faces anything other than existential annihilation for proposing continual surveillance of private messages then it won’t be long before other providers feel the pressure to do the same.”

Alex Stamos, Twitter thread: “Apple’s child safety protections announcement hurt the effort to find a policy balance on safety and privacy aspects of e2e encrypted comms products”

Matthew Green, Twitter thread: “Yesterday we were gradually headed towards a future where less and less of our information had to be under the control and review of anyone but ourselves. For the first time since the 1990s we were taking our privacy back. Today we’re on a different path.”

Matthew Green, Twitter thread: “Regardless of what Apple’s long term plans are, they’ve sent a very clear signal. In their (very influential) opinion, it is safe to build systems that scan users’ phones for prohibited content. That’s the message they’re sending to governments, competing services, China, you.”

Derek Powazek, Twitter thread: “This was inevitable the moment the big tech cos started hosting your photos on their servers. Every reputable photo sharing site you’ve ever used has done the same thing. You just didn’t notice unless you traded child porn.”

John Gruber: ‘An overview of Apple’s three new “Child Safety” initiatives, what critics are getting wrong, and the completely legitimate slippery slope concerns from experts’

India McKinney and Erica Portnoy for the EFF: “If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its messaging system.”

There are many ways for data controllers to try and meet their transparency obligations i.e. telling people what’s being done with their personal data and why. This is certainly not one of the more traditional ways.

The European Commission announced it was launching an “in-depth investigation” of Facebook’s proposed acquisition of Kustomer.

• “Under the pretence of finding the best diet for us and protecting our health, fad-diet companies are only collecting more and more data about us, without providing us proper information about what happens with the data and who they share it with … What we now know is that the data you share with them does not stay between you and those companies. Either because of poor technical insight, or because they are actively sharing it with third parties, your data ends up in the hands of large platforms and other marketing companies. And they usually do so without telling you – at no point in our journey with these sites did we see a cookie banner, pop-up or statement that would notify you of your activity being tracked and information being shared in this way – and without obtaining your consent to the sharing of your sensitive data.” From ‘An unhealthy diet of targeted ads: an investigation in to how the diet industry exploits our data’, an investigation by Privacy International.
• “Michael Veale, a lecturer in law at University College London, said that beyond influencing independent academics, there are other motives for firms such as Google to fund policy research. “By funding very pedantic academics in an area to investigate the nuances of economics online, you can heighten the amount of perceived uncertainty in things that are currently taken for granted in regulatory spheres,” he told the New Statesman.” From ‘How Google quietly funds Europe’s leading tech policy institutes’ by Laurie Clarke, Oscar Williams and Katharine Swindells for the New Statesman.
• “So keep that in mind as you are designing laws, and systems, and institutions, which involve the lives and the opportunities and, yes, the data of people who weren’t born with the privileges you were. Because you have more power than you know, and you have that power because it has been taken away from others. You have the privilege to ignore the imbalances of power that exist around you. You also have the choice to be complicit in them. That is your choice. It always is.” From ‘On data rights, immigration, privilege, power, and the shit life throws at you – Hi, I’m Heather Burns’. By Heather Burns, obviously enough.

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.