Tag Archives: Privacy
Grüezi from the snow-coated Swiss Alps, in whose fir-studded, canvas blanc landscape the World Economic Forum recently transpired.
An inescapable theme at this year’s summit was data privacy. The topic happens, ironically, to play counterpoint to another central theme—that datavore dubbed “artificial intelligence,” as Adam Lashinsky, this newsletter’s regular, weekday author, noted in an earlier column (and elsewhere).
The two concepts are inversely related, a Yin and Yang. Businesses are looking to fill their bellies with as much information as possible, extracting insights that might give them an edge over the competition. Indeed, data-guzzling machine learning processes promise to amplify businesses’ ability to predict, personalize, and produce. But in the wake of a seemingly endless string of data abuses and breaches, another set of stakeholders has grown increasingly vocal about implementing some, let’s call them “dietary restrictions.” Our appetites need limits, they say; left unchecked, the fast-and-loose practices feeding today’s algorithmic models threaten to undermine the autonomy of consumers and citizens everywhere.
The subject of data stewardship clearly occupied the minds of the most powerful politicians in attendance. In the main hall of the forum, two heads of state shared their concerns on Wednesday. Japanese Prime Minister Shinzo Abe said the topic will be one of two primary agenda items for the G20 Summit he is hosting in Osaka in June. (The other is climate change.) Later, German Chancellor Angela Merkel urged Europe to find an approach to data governance distinct from the U.S.’s style, where corporations dominate, as well as the Chinese one, where the state seeks total control.
While policy-makers leaned, unsurprisingly, toward lawmaking, some members of the business set countered their notions with alternative views. Jack Ma, Alibaba’s founder, cautioned against regulation, arguing that it restricts innovation. During a panel on digital trust I moderated on Thursday, Rod Beckstrom, the former CEO of ICANN, an Internet governance group, argued that Europe went astray when it adopted the General Data Protection Regulation, or GDPR, last year, and he advised against the U.S. pursuing a similar path. Instead, Beckstrom proposed adding a privacy-specific amendment to the U.S. Constitution, one separate from the Fourth Amendment’s guard against warrantless searches and seizures. A provocative, if quixotic, idea.
By all measures, the disruptive, data-centric forces of the so-called fourth industrial revolution appear to be outpacing the world’s ability to control them. As I departed Davos, a conference-sponsored shuttle in which I was seated careened into a taxi cab, smashing up both vehicles. (No major injuries were sustained, so far as I could tell; though two passengers visited the hospital out of an abundance of caution.) While waiting in the cold for police to arrive and draw up a report, I was struck by how perfectly the incident encapsulated the conversations I had been observing all week.
We are all strapped, inextricably, to a mass of machinery, hurtling toward collision. Now what must be done is to minimize the damage.
Dumpster diving. A huge trove of data spilled onto the web and has been helpfully uploaded to HaveIBeenPwned, a leaked password-checking database for consumers, by security researcher Troy Hunt, the site’s proprietor. The leak, dubbed “Collection #1,” contains nearly 773 million unique email addresses and more than 21 million unique passwords—making it Hunt’s largest-ever upload. It’s unclear where exactly the data originated, although the anonymous person(s) who posted them online claim they came from many different sources. Best use the opportunity to clean up your password hygiene.
Be yourself. Facebook is still combatting disinformation. Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said the media giant booted two Russian operations—including one involving Sputnik, a Moscow-based news agency—off Facebook and Instagram on Thursday. Facebook suspended hundreds of accounts and pages that he said engaged in “coordinated inauthentic behavior.” He noted that the fight against fakers is “an ongoing challenge.”
Chinese finger trap. Federal prosecutors are probing Huawei for allegedly stealing intellectual property from U.S. companies, including components from a T-Mobile phone-testing robot called “Tappy,” reports the Wall Street Journal. The investigation is “at an advanced stage and could lead to an indictment soon,” the Journal’s unnamed sources said. Add this development to the mess of controversies entangling the Chinese company.
Demand a recount. The Financial Times said it discovered evidence of “huge fraud” in the Democratic Republic of Congo’s December presidential election. The paper claims that its own independent tally of votes, based on data leaked by an unnamed source close to Martin Fayulu, the contest’s loser (but actual winner?), exposes the fraud. The report corroborates the view of the Catholic Church, which earlier denounced the election’s “results” after conducting its own audit.
Look; don’t touch. A California judge recently ruled that police officers are not authorized, even in possession of a search warrant, to force suspects to unlock their phones using biometrics, like a fingerprint or facial scan, Forbes reports. Judges had already ruled that passcodes were protected against such coercion, meaning people could refuse to supply them, thereby preventing self-incrimination. The judge, who called the original law enforcement request “overbroad,” wrote, “If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device.”
Just your friendly neighborhood NSA.
Share today’s Cyber Saturday with a friend:
Looking for previous Data Sheets? Click here
Many companies use data they collect about you to make the online services and connected devices you use that much more convenient. But that vast trove of personal information can also come with a number of risks like hacking.
The complexities of how companies can best navigate this reality was the focus of a round table discussion at Fortune’s Brainstorm Tech conference in Aspen, Colo. on Tuesday.
Terry Myerson, executive vice president at Microsoft and former leader of its Windows and devices group, talked about his company’s efforts to replace passwords with biometrics, the use of fingerprints and eye readers instead of passwords. But he quickly pointed out the privacy concerns about using biometrics while another participant pointed out, ominously, that many peoples’ fingerprints are already available online.
Hal Lawton, president of Macy’s, said his company is “using AI to look for behaviors” online that may signal security concerns. But Cliff Justice, a partner at consulting firm KPMG, mentioned that sophisticated hackers are now starting to use AI to power their attacks.
“It’s a marathon. It’s a race,” Lawton said. “An arms race,” agreed Kirsten Wolberg, chief technology and operations officer of digital signature firm DocuSign.
“We are constantly struggling as companies to make sure we have the best experience for customers and at the same time ensure their security,” said Nat Natarajan, chief technology and product officer at Ancestry.com.
(Reuters) – Litigation funding provider IMF Bentham Ltd (IMF.AX) said on Tuesday it was funding a representative complaint against social networking website Facebook Inc (FB.O) over alleged breaches of the Australian Privacy Principles.
The company said it would fund the complaint made to the Australian Information Commissioner against Facebook Australia, Facebook Inc and Facebook Ireland. The complaint is being handled by Sydney-based law firm Johnson Winter & Slattery.
The Australian Information Commissioner has also commenced a separate investigation into the matter, IMF Bentham said, adding a class action may follow depending on the Commissioner’s findings.
Facebook has come under intense scrutiny after it admitted in March to making mistakes in letting 50 million users’ data get into the hands of political consultancy Cambridge Analytica.
The company lost more than $ 50 billion in market value in the week after the allegations emerged that Cambridge Analytica improperly accessed data to build profiles on American voters and influence the 2016 presidential election.
Facebook had said in April that a little more than 311,000 Australian users may have had their information improperly shared with Cambridge Analytica. (bit.ly/2Ejpktb)
Facebook’s Australian arm was not immediately available for a comment.
Reporting by Ambar Warrick in Bengaluru; Editing by Himani Sarkar
This article first appeared in Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.
There was an important, close, widely watched Supreme Court decision last week that could have big implications for parts of the tech industry for decades to come. No, not the 5-4 ruling allowing states to require sales tax collection from e-commerce sites in the South Dakota v. Wayfair case. (Though if that’s your bag, The Economist had a good analysis.)
Instead, it’s the 5-4 decision in Carpenter v. United States that’s also worth examining deeply.
Carpenter in this case is “Little Tim” Carpenter, who was convicted as the alleged organizer of a crime spree where a gang of crooks stole bags of brand new smartphones at gunpoint from more than half a dozen Radio Shack and T-Mobile stores in and around Detroit. In 2011, Carpenter was nabbed, in part, because the police had subpoenaed records from his cellphone provider that included somewhat crude but voluminous realtime location data covering 127 days. And Carpenter was around the robbed stores at the times of the robberies, the records showed.
Typically, the Supreme Court has allowed police to collect almost any kind of information generated by third parties, such as bank records or a list of phone numbers called, with just a subpoena. It’s known as the third party doctrine. You knew the bank or the phone company was collecting that data, so you had no “reasonable expectation” of privacy. Something more like papers you kept in a locked drawer in your desk required a full search warrant, with a showing of probable cause that evidence of a crime might be found.
Maybe you can see where Chief Justice John Roberts took this analysis in Carpenter’s case. The level and amount of detail that companies are collecting about us has exploded. Where once the phone could simply tell the police who you called and for how long, now they have a precise and comprehensive map of everyplace you’ve been, not to mention every web site you visited. “This case is not about ‘using a phone’ or a person’s movement at a particular time,” Roberts wrote. “It is about a detailed chronicle of a person’s physical presence compiled every day, every moment, over several years.”
A bevy of tech companies, ranging from big players like Apple (aapl), Google (googl), and Microsoft (msft), to smaller cloud-related outfits such as Dropbox (dbx), Evernote, and Airbnb, had written a brief for the court arguing that the rules of the third party doctrine “make little sense” when applied to the new kinds of digital online data now being collected. Urging the court to rethink its view of when people have a reasonable expectation of privacy, they noted digital devices and apps unavoidably generate deeply personal data:
That made sense to Roberts and a majority of the court. New Justice Neil Gorsuch dissented, but only because he thought the majority should go even further and practically dump the whole third party doctrine. Expect more knotty conflicts over digital data privacy, not just among Supreme Court justices, but with lawmakers, regulators and law enforcers across the country.
Apple didn’t need to do anything to meet the stringent requirements of the new EU law, called General Data Protection Regulation (GDPR), which came into force on May 25 – it already practised such good privacy hygiene that its existing precautions already passed the new obligations. However, it took the opportunity to comprehensively rethink its privacy standards, as the new privacy page reveals on the Apple website.
I mean, it’s no surprise that Apple should take privacy seriously. It’s forbiddingly secretive about its products and internal workings and it has long proclaimed that it believes that privacy is ‘a fundamental human right’.
To make this work, there’s plenty it doesn’t know about us. For each Apple Pay transaction, Apple doesn’t track who you’re paying and has no idea who you’re paying for. FaceTime conversations, iMessage threads and so on are end-to-end encrypted. Apple had asked itself why it would need to know who was saying what to whom and concluded it was none of its business.
Even journeys made on Apple Maps are encrypted so that nobody getting hold of information could work out where you go regularly or whatever. It does this by, among other things, dropping the first and last 500 or so yards from each journey once it’s completed to blur the details. And though some data is held for a time, it’s deleted after 30 days or so.
And before these new changes, Apple had recently introduced a recognisable page which warned you when data was being collected, so you were always in the loop. It’s a stark contrast to most other companies and is made easier by the fact that Apple, as it might say, owns all the pieces of the jigsaw from hardware to software.
Anyway, Apple’s response to GDPR is interesting, and sets a standard which others must strive to meet. What’s more, though it only needs to make sure its GDPR response applies to European users, Apple has said it’s going to roll it out worldwide.
First up, Apple has made it easy to find out exactly what data of yours is on its servers, from purchase history to photos on iCloud to emails and so on. With a few clicks you can download everything (apart from TV shows you’ve bought on Apple TV, for instance). If some sections turn out to be many gigabytes in size, it’ll split them into more manageable bites.
But the more interesting bits come next. First of all, if any of your data is inaccurate, you can request a correction.
You can also delete your account, if you wish. That’s not new. But there’s a new, less drastic course of action you can take where you deactivate your Apple ID account temporarily.
Why would you do this? Well, if you’re going away for a few months, perhaps or, (and please whisper this in the earshot of Apple fans), if you’ve bought an Android phone and so all that Apple data is no longer needed, once you’ve transferred it to your new phone. But, hey, maybe you’ll go back to Apple when the next, irresistible iPhone is released.
If that’s a possibility, then the temporary suspension, called deactivation, may appeal.
But bear in mind that you won’t be able to download iBooks you’ve bought from Apple while the account is deactivated. Nor can you use services which require your Apple ID like Messages and FaceTime. If you have a repair scheduled at an Apple Store, say, that will stay active but upcoming appointments in an Apple Store will be canceled.
If you pay for iCloud storage, that will continue until the next billing period after which you must review whether to keep paying or not.
Your data is not deleted but nobody, and here’s an important thing, not even Apple, can access it.
With this in mind, you’re sent a reactivation code. Lose it and, well, you’re in trouble because even Apple can’t get it back. So you can’t save it in an iMessage or Apple email. You need somewhere else safe to keep this code. All deactivations are verified, which can take up to seven days.
The Privacy section is live now and provides tools which range from useful to downright fascinating. It’s done with the obsessive detail you might expect from Apple. If you’re in the EU, you can access the new tools now and they’ll be rolled out to all users around the world in the coming months.
If you enjoyed this story, you might also like these:
BERLIN (Reuters) – German lawmakers will question a senior Facebook Inc manager about data privacy in the wake of revelations that the personal information of millions of users wrongly ended up in the hands of political consultancy Cambridge Analytica.
Lawmakers in the Bundestag lower house of parliament will grill Joel Kaplan, Facebook’s vice president for global public policy, during a closed-door session on Friday morning.
The meeting mirrors the appearance of Facebook’s Chief Executive Mark Zuckerberg before a U.S. Congressional joint hearing on April 10-11 over the scandal engulfing the world’s largest social network.
The 87 million Facebook users affected included nearly three million Europeans and Zuckerberg is also under pressure from EU lawmakers to come to Europe to shed light on the data breach.
“Facebook needs to show more openness and transparency when dealing with user data,” said Nadine Schoen, deputy leader of Chancellor Angela Merkel’s conservative bloc in the Bundestag.
She said Facebook needed to do more than just pay lip service and it remained to be seen how serious the company was about really improving user rights.
“It is not enough to exchange the gray T-shirt and jeans for suit and tie,” she said in reference to Zuckerberg’s appearance in the U.S. Congress.
The senior lawmaker said that Facebook so far was giving the impression that it only wanted to save its business model.
“For example, the company is already rowing back in the supposedly world-wide announced implementation of the General Data Protection Regulation,” Schoen warned, referring to privacy rules that will enter force in the European Union next month.
“We no longer need excuses, but facts,” she said.
German Justice Minister Katarina Barley last month summoned executives of the firm, including European public affairs chief Richard Allan.
Misuse of data by Facebook means it will in future be bound by stricter regulations and the threat of tougher penalties for further privacy violations, Barley said after the meeting.
Reporting by Michael Nienaber; Editing by Douglas Busvine
In an interview with NBC’s Today show, Facebook COO Sheryl Sandberg said that users who wished to entirely stop the social media platform from making money from their personal data would have to pay for the privilege, if the option were to be made available.
“Could you come up with a tool that said, ‘I do not want Facebook to use my personal profile data to target me for advertising.’?” Sandberg was asked by Today’s Savannah Guthrie. “Could you have an opt-out button – ‘Please don’t use my profile data for advertising’?”
“We have different forms of opt-out,” Sandberg replied. “We don’t have an opt-out at the highest level. That would be a paid product.”
There’s no indication that Facebook actually plans to introduce such an option, but Sandberg’s admission makes explicit that Facebook’s revenue depends almost entirely on monitoring its users’ taste and behavior. Taking that option away would require replacing ad sales with subscription revenue.
Get Data Sheet, Fortune’s technology newsletter.
In the same interview, Sandberg pushed back against the often-repeated but suddenly fast-spreading notion that user data is Facebook’s primary product – though on largely semantic grounds.
“That’s not true . . . we don’t sell data, ever. We do not give personal data to advertisers. People come on to Facebook, they want to do targeted ads, and that’s really important for small business . . . We take those ads, we show them, and we don’t pass any individual information back to the advertiser.”
That kind of protection, of course, benefits Facebook’s bottom line by maintaining its control over ad targeting. Facebook has taken action to change various features and policies that enabled outside actors, including partners of the election firm Cambridge Analytica, to collect large amounts of personal profile data. For now, researchers and developers can still use a variety of methods to automatically harvest large amounts of public data from Facebook.
In the same interview, Sandberg acknowledged that Facebook should have notified as many as 87 million users impacted by the improper access of data by Cambridge Analytica and its partners, and that the company may discover other, similar breaches.
The U.S. government’s Supreme Court battle with Microsoft Corp over whether technology companies can be forced to hand over data stored overseas could be nearing its end, after federal prosecutors asked that the case be dismissed.
President Donald Trump on March 22 signed a provision into law making it clear that U.S. judges can issue warrants for such data, while giving companies an avenue to object if the request conflicts with foreign law.
“This case is now moot,” the U.S. Department of Justice said, citing the newly passed legislation, in a 16-page court filing on Friday that requested the dismissal.
The Supreme Court on Feb. 27 heard arguments in the case, which had been one of the most closely watched of the high court’s current term. Some justices urged Congress to pass a law to resolve the matter.
Microsoft and the Justice Department had been locked in a dispute over how U.S. prosecutors seek access to data held on overseas computer servers owned by American companies. The case involved Microsoft’s challenge to a domestic warrant issued by a U.S. judge for emails stored on a Microsoft server in Dublin relating to a drug-trafficking investigation.
The bipartisan new law, known as the Cloud Act, was supported by Microsoft, other major technology companies and the Trump administration. But civil liberties groups opposed it, saying it lacked sufficient privacy protections.
Microsoft, which has 100 data centers in 40 countries, was the first American company to challenge a domestic search warrant seeking data held outside the United States. The Microsoft customer whose emails were sought told the company he was based in Ireland when he signed up for his account.
A representative for Microsoft did not immediately return requests for comment on the Justice Department’s filing.
Reporting by Lawrence Hurley and Alex Dobuzinskis; Additional reporting by Dustin Volz; Editing by Will Dunham and Jonathan Oatis
Privacy watchdogs think a damning leaked document about Facebook targeting insecure teens could help usher in new era in privacy protections. The post Get Ready for the Next Big Privacy Backlash Against Facebook appeared first on WIRED.