Tag Archives: Privacy
Many companies use data they collect about you to make the online services and connected devices you use that much more convenient. But that vast trove of personal information can also come with a number of risks like hacking.
The complexities of how companies can best navigate this reality was the focus of a round table discussion at Fortune’s Brainstorm Tech conference in Aspen, Colo. on Tuesday.
Terry Myerson, executive vice president at Microsoft and former leader of its Windows and devices group, talked about his company’s efforts to replace passwords with biometrics, the use of fingerprints and eye readers instead of passwords. But he quickly pointed out the privacy concerns about using biometrics while another participant pointed out, ominously, that many peoples’ fingerprints are already available online.
Hal Lawton, president of Macy’s, said his company is “using AI to look for behaviors” online that may signal security concerns. But Cliff Justice, a partner at consulting firm KPMG, mentioned that sophisticated hackers are now starting to use AI to power their attacks.
“It’s a marathon. It’s a race,” Lawton said. “An arms race,” agreed Kirsten Wolberg, chief technology and operations officer of digital signature firm DocuSign.
“We are constantly struggling as companies to make sure we have the best experience for customers and at the same time ensure their security,” said Nat Natarajan, chief technology and product officer at Ancestry.com.
(Reuters) – Litigation funding provider IMF Bentham Ltd (IMF.AX) said on Tuesday it was funding a representative complaint against social networking website Facebook Inc (FB.O) over alleged breaches of the Australian Privacy Principles.
The company said it would fund the complaint made to the Australian Information Commissioner against Facebook Australia, Facebook Inc and Facebook Ireland. The complaint is being handled by Sydney-based law firm Johnson Winter & Slattery.
The Australian Information Commissioner has also commenced a separate investigation into the matter, IMF Bentham said, adding a class action may follow depending on the Commissioner’s findings.
Facebook has come under intense scrutiny after it admitted in March to making mistakes in letting 50 million users’ data get into the hands of political consultancy Cambridge Analytica.
The company lost more than $ 50 billion in market value in the week after the allegations emerged that Cambridge Analytica improperly accessed data to build profiles on American voters and influence the 2016 presidential election.
Facebook had said in April that a little more than 311,000 Australian users may have had their information improperly shared with Cambridge Analytica. (bit.ly/2Ejpktb)
Facebook’s Australian arm was not immediately available for a comment.
Reporting by Ambar Warrick in Bengaluru; Editing by Himani Sarkar
This article first appeared in Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.
There was an important, close, widely watched Supreme Court decision last week that could have big implications for parts of the tech industry for decades to come. No, not the 5-4 ruling allowing states to require sales tax collection from e-commerce sites in the South Dakota v. Wayfair case. (Though if that’s your bag, The Economist had a good analysis.)
Instead, it’s the 5-4 decision in Carpenter v. United States that’s also worth examining deeply.
Carpenter in this case is “Little Tim” Carpenter, who was convicted as the alleged organizer of a crime spree where a gang of crooks stole bags of brand new smartphones at gunpoint from more than half a dozen Radio Shack and T-Mobile stores in and around Detroit. In 2011, Carpenter was nabbed, in part, because the police had subpoenaed records from his cellphone provider that included somewhat crude but voluminous realtime location data covering 127 days. And Carpenter was around the robbed stores at the times of the robberies, the records showed.
Typically, the Supreme Court has allowed police to collect almost any kind of information generated by third parties, such as bank records or a list of phone numbers called, with just a subpoena. It’s known as the third party doctrine. You knew the bank or the phone company was collecting that data, so you had no “reasonable expectation” of privacy. Something more like papers you kept in a locked drawer in your desk required a full search warrant, with a showing of probable cause that evidence of a crime might be found.
Maybe you can see where Chief Justice John Roberts took this analysis in Carpenter’s case. The level and amount of detail that companies are collecting about us has exploded. Where once the phone could simply tell the police who you called and for how long, now they have a precise and comprehensive map of everyplace you’ve been, not to mention every web site you visited. “This case is not about ‘using a phone’ or a person’s movement at a particular time,” Roberts wrote. “It is about a detailed chronicle of a person’s physical presence compiled every day, every moment, over several years.”
A bevy of tech companies, ranging from big players like Apple (aapl), Google (googl), and Microsoft (msft), to smaller cloud-related outfits such as Dropbox (dbx), Evernote, and Airbnb, had written a brief for the court arguing that the rules of the third party doctrine “make little sense” when applied to the new kinds of digital online data now being collected. Urging the court to rethink its view of when people have a reasonable expectation of privacy, they noted digital devices and apps unavoidably generate deeply personal data:
That made sense to Roberts and a majority of the court. New Justice Neil Gorsuch dissented, but only because he thought the majority should go even further and practically dump the whole third party doctrine. Expect more knotty conflicts over digital data privacy, not just among Supreme Court justices, but with lawmakers, regulators and law enforcers across the country.
Apple didn’t need to do anything to meet the stringent requirements of the new EU law, called General Data Protection Regulation (GDPR), which came into force on May 25 – it already practised such good privacy hygiene that its existing precautions already passed the new obligations. However, it took the opportunity to comprehensively rethink its privacy standards, as the new privacy page reveals on the Apple website.
I mean, it’s no surprise that Apple should take privacy seriously. It’s forbiddingly secretive about its products and internal workings and it has long proclaimed that it believes that privacy is ‘a fundamental human right’.
To make this work, there’s plenty it doesn’t know about us. For each Apple Pay transaction, Apple doesn’t track who you’re paying and has no idea who you’re paying for. FaceTime conversations, iMessage threads and so on are end-to-end encrypted. Apple had asked itself why it would need to know who was saying what to whom and concluded it was none of its business.
Even journeys made on Apple Maps are encrypted so that nobody getting hold of information could work out where you go regularly or whatever. It does this by, among other things, dropping the first and last 500 or so yards from each journey once it’s completed to blur the details. And though some data is held for a time, it’s deleted after 30 days or so.
And before these new changes, Apple had recently introduced a recognisable page which warned you when data was being collected, so you were always in the loop. It’s a stark contrast to most other companies and is made easier by the fact that Apple, as it might say, owns all the pieces of the jigsaw from hardware to software.
Anyway, Apple’s response to GDPR is interesting, and sets a standard which others must strive to meet. What’s more, though it only needs to make sure its GDPR response applies to European users, Apple has said it’s going to roll it out worldwide.
First up, Apple has made it easy to find out exactly what data of yours is on its servers, from purchase history to photos on iCloud to emails and so on. With a few clicks you can download everything (apart from TV shows you’ve bought on Apple TV, for instance). If some sections turn out to be many gigabytes in size, it’ll split them into more manageable bites.
But the more interesting bits come next. First of all, if any of your data is inaccurate, you can request a correction.
You can also delete your account, if you wish. That’s not new. But there’s a new, less drastic course of action you can take where you deactivate your Apple ID account temporarily.
Why would you do this? Well, if you’re going away for a few months, perhaps or, (and please whisper this in the earshot of Apple fans), if you’ve bought an Android phone and so all that Apple data is no longer needed, once you’ve transferred it to your new phone. But, hey, maybe you’ll go back to Apple when the next, irresistible iPhone is released.
If that’s a possibility, then the temporary suspension, called deactivation, may appeal.
But bear in mind that you won’t be able to download iBooks you’ve bought from Apple while the account is deactivated. Nor can you use services which require your Apple ID like Messages and FaceTime. If you have a repair scheduled at an Apple Store, say, that will stay active but upcoming appointments in an Apple Store will be canceled.
If you pay for iCloud storage, that will continue until the next billing period after which you must review whether to keep paying or not.
Your data is not deleted but nobody, and here’s an important thing, not even Apple, can access it.
With this in mind, you’re sent a reactivation code. Lose it and, well, you’re in trouble because even Apple can’t get it back. So you can’t save it in an iMessage or Apple email. You need somewhere else safe to keep this code. All deactivations are verified, which can take up to seven days.
The Privacy section is live now and provides tools which range from useful to downright fascinating. It’s done with the obsessive detail you might expect from Apple. If you’re in the EU, you can access the new tools now and they’ll be rolled out to all users around the world in the coming months.
If you enjoyed this story, you might also like these:
BERLIN (Reuters) – German lawmakers will question a senior Facebook Inc manager about data privacy in the wake of revelations that the personal information of millions of users wrongly ended up in the hands of political consultancy Cambridge Analytica.
Lawmakers in the Bundestag lower house of parliament will grill Joel Kaplan, Facebook’s vice president for global public policy, during a closed-door session on Friday morning.
The meeting mirrors the appearance of Facebook’s Chief Executive Mark Zuckerberg before a U.S. Congressional joint hearing on April 10-11 over the scandal engulfing the world’s largest social network.
The 87 million Facebook users affected included nearly three million Europeans and Zuckerberg is also under pressure from EU lawmakers to come to Europe to shed light on the data breach.
“Facebook needs to show more openness and transparency when dealing with user data,” said Nadine Schoen, deputy leader of Chancellor Angela Merkel’s conservative bloc in the Bundestag.
She said Facebook needed to do more than just pay lip service and it remained to be seen how serious the company was about really improving user rights.
“It is not enough to exchange the gray T-shirt and jeans for suit and tie,” she said in reference to Zuckerberg’s appearance in the U.S. Congress.
The senior lawmaker said that Facebook so far was giving the impression that it only wanted to save its business model.
“For example, the company is already rowing back in the supposedly world-wide announced implementation of the General Data Protection Regulation,” Schoen warned, referring to privacy rules that will enter force in the European Union next month.
“We no longer need excuses, but facts,” she said.
German Justice Minister Katarina Barley last month summoned executives of the firm, including European public affairs chief Richard Allan.
Misuse of data by Facebook means it will in future be bound by stricter regulations and the threat of tougher penalties for further privacy violations, Barley said after the meeting.
Reporting by Michael Nienaber; Editing by Douglas Busvine
In an interview with NBC’s Today show, Facebook COO Sheryl Sandberg said that users who wished to entirely stop the social media platform from making money from their personal data would have to pay for the privilege, if the option were to be made available.
“Could you come up with a tool that said, ‘I do not want Facebook to use my personal profile data to target me for advertising.’?” Sandberg was asked by Today’s Savannah Guthrie. “Could you have an opt-out button – ‘Please don’t use my profile data for advertising’?”
“We have different forms of opt-out,” Sandberg replied. “We don’t have an opt-out at the highest level. That would be a paid product.”
There’s no indication that Facebook actually plans to introduce such an option, but Sandberg’s admission makes explicit that Facebook’s revenue depends almost entirely on monitoring its users’ taste and behavior. Taking that option away would require replacing ad sales with subscription revenue.
Get Data Sheet, Fortune’s technology newsletter.
In the same interview, Sandberg pushed back against the often-repeated but suddenly fast-spreading notion that user data is Facebook’s primary product – though on largely semantic grounds.
“That’s not true . . . we don’t sell data, ever. We do not give personal data to advertisers. People come on to Facebook, they want to do targeted ads, and that’s really important for small business . . . We take those ads, we show them, and we don’t pass any individual information back to the advertiser.”
That kind of protection, of course, benefits Facebook’s bottom line by maintaining its control over ad targeting. Facebook has taken action to change various features and policies that enabled outside actors, including partners of the election firm Cambridge Analytica, to collect large amounts of personal profile data. For now, researchers and developers can still use a variety of methods to automatically harvest large amounts of public data from Facebook.
In the same interview, Sandberg acknowledged that Facebook should have notified as many as 87 million users impacted by the improper access of data by Cambridge Analytica and its partners, and that the company may discover other, similar breaches.
The U.S. government’s Supreme Court battle with Microsoft Corp over whether technology companies can be forced to hand over data stored overseas could be nearing its end, after federal prosecutors asked that the case be dismissed.
President Donald Trump on March 22 signed a provision into law making it clear that U.S. judges can issue warrants for such data, while giving companies an avenue to object if the request conflicts with foreign law.
“This case is now moot,” the U.S. Department of Justice said, citing the newly passed legislation, in a 16-page court filing on Friday that requested the dismissal.
The Supreme Court on Feb. 27 heard arguments in the case, which had been one of the most closely watched of the high court’s current term. Some justices urged Congress to pass a law to resolve the matter.
Microsoft and the Justice Department had been locked in a dispute over how U.S. prosecutors seek access to data held on overseas computer servers owned by American companies. The case involved Microsoft’s challenge to a domestic warrant issued by a U.S. judge for emails stored on a Microsoft server in Dublin relating to a drug-trafficking investigation.
The bipartisan new law, known as the Cloud Act, was supported by Microsoft, other major technology companies and the Trump administration. But civil liberties groups opposed it, saying it lacked sufficient privacy protections.
Microsoft, which has 100 data centers in 40 countries, was the first American company to challenge a domestic search warrant seeking data held outside the United States. The Microsoft customer whose emails were sought told the company he was based in Ireland when he signed up for his account.
A representative for Microsoft did not immediately return requests for comment on the Justice Department’s filing.
Reporting by Lawrence Hurley and Alex Dobuzinskis; Additional reporting by Dustin Volz; Editing by Will Dunham and Jonathan Oatis
Privacy watchdogs think a damning leaked document about Facebook targeting insecure teens could help usher in new era in privacy protections. The post Get Ready for the Next Big Privacy Backlash Against Facebook appeared first on WIRED.
Do you know what your internet service provider is doing with your data? You probably know that it can see the sites you’re visiting, but have you ever thought about whether it’s selling that information to advertisers? Anti-regulation officials are planning to make sure your ISP never has to tell you.
Everyone—from children to adults, new hires to CEOs—engages in and consumes social media on a daily basis. Whether you’re an active user or …