Winged Monkey Privacy Protest | The Cat Herder, Volume 2, Issue 38

The week in Mandatory But Not Compulsory things. Yet another attempt to break encryption. Being quite   October 6 · Issue #54 · View online The week in Mandatory But Not Compulsory things. Yet another attempt to break encryption. Being quite evil. 😼 The US Attorney General, the UK Home Secretary, the acting US Homeland Security Secretary, and the Australian Minister for Home Affairs want Facebook to backdoor encryption. Attorney General Bill Barr Will Ask Zuckerberg To Halt Plans For End-To-End Encryption Across Facebook's Apps www.buzzfeednews.com – Share “We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety.” Separately, the US and the UK have signed what they describe as a “Landmark Cross-Border Data Access Agreement to Combat Criminals and Terrorists Online”. Good luck to the UK in trying to get a post-Brexit adequacy decision from the European Commission in the wake of that. — According to several sources who allegedly worked on the project, a contracting agency named Randstad sent teams to Atlanta explicitly to target homeless people and those with dark skin, often without saying they were working for Google, and without letting on that they were actually recording people’s faces. It’s a long time since “Don’t be evil” jokes stopped being in any way funny. Google contractors reportedly targeted homeless people for Pixel 4 facial recognition - The Verge www.theverge.com – Share In July, Google admitted it has employees pounding the pavement in a variety of US cities, looking for people willing to sell their facial data for a $5 gift certificate. But the New York Daily News reports that a Google contractor may be using some questionable methods to get those facial scans, including targeting groups of homeless people and tricking college students who didn’t know they were being recorded. The week in things. Things the Irish state does not know about the Public Services Card project - how much it has cost. the purposes for which 4, 027, 222 cards were issued (“My Department does not hold a record of the specific reasons relating to the issuing of a PSC”.) the outcome (and associated costs) of what now looks like an inevitable investigation by the Data Protection Commission into the use of MyGovID as the only means individuals can use to register for the new National Childcare Scheme. A surprising thing the Irish state does appear to know as part of the Public Services Card project - The Public Accounts Committee heard in correspondence that “the Department of Employment Affair and Social Protection has details with regard to 900,000 people, including every State pensioner in the country, on every time they use public transport and every trip they take.” A thing Minister Donohoe does not appear to understand, related to the Public Services Card - what the Data Protection Commission’s role is (it is not “an important organisation for the management of information”. It is an independent public authority established “to protect the fundamental rights and freedoms of natural persons in relation to processing” of personal data. — Officials in France appear to have taken inspiration from the determination of Irish officials to press ahead with the creation of an illegal biometric database and are making their own, whether people like it or not. The Public Services Card also gets a mention in this Washington Post piece as “a classic case of function creep.” The peculiar and rights-infringing behaviour of certain Irish government departments over the past few years will doubtless become case studies in how to get data protection horrendously, expensively wrong. Emmanuel Macron Wants to Scan Your Face - The Washington Post www.washingtonpost.com – Share European leaders want to use biometric data to create digital IDs that save money. Tougher rules are needed to avoid a drift into Big Brother territory. More ‘How facial recognition is taking over a French city’, Politico ‘France Set to Roll Out Nationwide Facial Recognition ID Program’, Bloomberg ‘We are hurtling towards a surveillance state’: the rise of facial recognition technology’, The Guardian They did, they really did. As the former privacy director of the Global System for Mobile Communications Association (GSMA), Mr Walshe said, he had the means to ensure he was not ignored - but others in a similar situation might not. “I will make a formal complaint both to the ICO [Information Commissioner’s Office] and to the Data Protection Commissioner of Ireland because it’s very clear that individuals need a much simpler process by which they can exercise their rights.” he said. Google’s automated processes get something wrong, Google fixes it, it breaks again, Google fixes it without explanation. Google faces winged-monkey privacy protest - BBC News www.bbc.com – Share The search giant has repeatedly confused a British data protection expert with a dead Wizard of Oz actor. This is an amusing story with a serious point. Individuals without Pat’s detailed knowledge and experience are not being properly empowered to exercise their rights and should not, after failing to reach a resolution with a giant data controller, have to revert to yet another set of arcane and opaque processes in the form of complaints to supervisory authorities. It probably will. Tax and PII records of 20 million Russians stored without encryption, leaked online | ZDNet www.zdnet.com – Share Sensitive data was available to anyone with a browser. The latest edition of the European Data Protection Supervisor’s newsletter which came out during the week. “This decision is significant not only for the millions of consumers affected by Google’s activity but also for the collective action landscape more broadly. The Court of Appeal has confirmed our view that representative actions are essential for holding corporate giants to account. In doing so it has established an avenue to redress for consumers.” The judgment in Lloyd v Google, commentary from Mishcon de Reya, and news coverage of the case. The ECJ judgment in the Planet 49 case, and this commentary by Natasha Lomas in TechCrunch. No pre-ticked cookie consent boxes from now on. Go forth and let a few website owners know. —— Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. Barring a disaster we’ll be in your inbox again next weekend. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

The week in Mandatory But Not Compulsory things. Yet another attempt to break encryption. Being quite evil.

😼

The US Attorney General, the UK Home Secretary, the acting US Homeland Security Secretary, and the Australian Minister for Home Affairs want Facebook to backdoor encryption.

“We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety.”

Separately, the US and the UK have signed what they describe as a “Landmark Cross-Border Data Access Agreement to Combat Criminals and Terrorists Online”. Good luck to the UK in trying to get a post-Brexit adequacy decision from the European Commission in the wake of that.

—

It’s a long time since “Don’t be evil” jokes stopped being in any way funny.

In July, Google admitted it has employees pounding the pavement in a variety of US cities, looking for people willing to sell their facial data for a $5 gift certificate. But the New York Daily News reports that a Google contractor may be using some questionable methods to get those facial scans, including targeting groups of homeless people and tricking college students who didn’t know they were being recorded.

The week in things.

Things the Irish state does not know about the Public Services Card project -

• how much it has cost.
• the purposes for which 4, 027, 222 cards were issued (“My Department does not hold a record of the specific reasons relating to the issuing of a PSC”.)
• the outcome (and associated costs) of what now looks like an inevitable investigation by the Data Protection Commission into the use of MyGovID as the only means individuals can use to register for the new National Childcare Scheme.

A surprising thing the Irish state does appear to know as part of the Public Services Card project -

• The Public Accounts Committee heard in correspondence that “the Department of Employment Affair and Social Protection has details with regard to 900,000 people, including every State pensioner in the country, on every time they use public transport and every trip they take.”

A thing Minister Donohoe does not appear to understand, related to the Public Services Card -

• what the Data Protection Commission’s role is (it is not “an important organisation for the management of information”. It is an independent public authority established “to protect the fundamental rights and freedoms of natural persons in relation to processing” of personal data.

—

Officials in France appear to have taken inspiration from the determination of Irish officials to press ahead with the creation of an illegal biometric database and are making their own, whether people like it or not. The Public Services Card also gets a mention in this Washington Post piece as “a classic case of function creep.” The peculiar and rights-infringing behaviour of certain Irish government departments over the past few years will doubtless become case studies in how to get data protection horrendously, expensively wrong.

European leaders want to use biometric data to create digital IDs that save money. Tougher rules are needed to avoid a drift into Big Brother territory.

More

‘How facial recognition is taking over a French city’, Politico

‘France Set to Roll Out Nationwide Facial Recognition ID Program’, Bloomberg

‘We are hurtling towards a surveillance state’: the rise of facial recognition technology’, The Guardian

Google’s automated processes get something wrong, Google fixes it, it breaks again, Google fixes it without explanation.

The search giant has repeatedly confused a British data protection expert with a dead Wizard of Oz actor.

This is an amusing story with a serious point. Individuals without Pat’s detailed knowledge and experience are not being properly empowered to exercise their rights and should not, after failing to reach a resolution with a giant data controller, have to revert to yet another set of arcane and opaque processes in the form of complaints to supervisory authorities.

Sensitive data was available to anyone with a browser.

• The latest edition of the European Data Protection Supervisor’s newsletter which came out during the week.
• “This decision is significant not only for the millions of consumers affected by Google’s activity but also for the collective action landscape more broadly. The Court of Appeal has confirmed our view that representative actions are essential for holding corporate giants to account. In doing so it has established an avenue to redress for consumers.” The judgment in Lloyd v Google, commentary from Mishcon de Reya, and news coverage of the case.
• The ECJ judgment in the Planet 49 case, and this commentary by Natasha Lomas in TechCrunch. No pre-ticked cookie consent boxes from now on. Go forth and let a few website owners know.

——

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

Barring a disaster we’ll be in your inbox again next weekend.

If you know someone who might enjoy this newsletter do please forward it on to them.