Privacy Weekly Episode 4

Welcome To Episode Four

šŸ‘‹ Welcome to new visitors and readers of my weekly privacy newsletter.

šŸ‘‹ Welcome back for those of you who've come back for more!

Another week, another round up of interesting news stories with a privacy twist. Including Google expanding from the digital world to the real world (see the stories about Fitbit and the smart city) and a creepy halloween!

If you like what you see in this episode, please subscribe! I'll only use your Email address to send newsletters, and won't sell it to third parties.

Google Buys Fitbit And Gets Conditional Approval To Build Smart City In Toronto

Google announced that it's going to buy the wearable devices company Fitbit. The deal makes sense for Google for the following reasons:

  1. It can expand into wearables to counter Apple's smartwatch success. This will help Android compete against Apple's iOS.
  2. Google gets great hardware and popular products.
  3. Google gets into activity and health data and products. This is likely to be big business in future. Apple has been hitting headlines by saving peoples lives.

In a different deal, Google's parent company Alphabet (via their company Sidewalk Labs) got conditional approval to build a smart city in Toronto. It's a watered down version of the original plans the company had, but they'll take it anyway.

What is a smart city: A smart city uses the latest networking, sensory and AI technology. It can improve tracking of all kinds of events and cruically people. There are potentially lots of benefits to make running of a city more effective and efficient.

Why these two events matter from a privacy perspective: Google is essentially a data company. They already control a large part of the digital world which monitors all kinds of activities of its end users (you and me). Now they are moving into the physical world which also has the potential for extra monitoring (think: where you walk, where you drive, what you buy, etc.). How will that impact privacy in the long term?

Links: Google, The Verge, HackRead, Toronto Sun

Edward Snowden Says Not So Nice Things About Facebook

Edward Snowden, the man infamous for sharing top secret NSA and GCHQ government documents and now living in Moscow, says that it's a mistake to think that the NSA is a bigger threat to privacy than big tech companies. He says that's because the whole purpose of Facebook is to collect as much personal data as possible, and to exploit that data as much as they can, regardless of consequences. He's not just saying this about Facebook either because he says Google does the same.

What else is he saying:

  • Massive government surveillance wouldn't be possible without the major tech companies.
  • The more tech companies know about us, the more power they have over us.
  • People are only protected via the Fourth Amendment from the government, not companies like Facebook.
  • The US should have software liability laws, similar to consumer product liability regulations that hold executives to account.

Why is he saying this? Snowden is promoting his book 'Permanent Record'. These comments are part of his book promotion.

Finally, Snowden says that people actually care about their privacy (in response to the common perception that people don't care about their privacy), it's just that they feel powerless to change it [the current state of privacy affairs].

Links: Vox, The Guardian

Ring Doorbells Busy During Halloween

Halloween is a long standing tradition with kids going out and asking for sweets and candy at houses in their neighbourhood. Nothing new there!

But, one thing that has changed of late, with an impact on privacy, is the rise in popularity of Ring doorbells. These are smart doorbells with cameras and tracking software.

This Halloween Ring has been showing some creepy (pardon the pun) videos of kids trick or treating. The creepy part is how easy and open they are about sharing videos of these moments which involve minors.

Ring (owned by Amazon) did not respond to questions from Mashable as to whether they received consent in sharing these videos of people (including minors).

Why it matters: Technology is creeping into many parts of our lives. Should a home owner, or Ring for that matter, be able to publically share 'always on video' of other people (who have not committed a crime)?

Links: Mashable

The ACLU Sues The FBI, DEA And DoJ Over Use Of Facial Recognition Technology

The American Civil Liberties Union (ACLU) has sued the FBI, DEA and DoJ over their use of facial recognition technology.

What they hope to achieve: The ACLU wants to better understand how facial recognition technology is used by the agencies. This includes how they use and audit the software, how they communicate with technology providers and what guidelines and safeguards are in place.

Zoom out: Using advanced facial recognition software could help US agencies in protecting citizens, protecting borders and catching criminals. But at what price? Should law abiding citizens be subject to facial recognition monitoring on a regular basis? And who will be ensuring that the agencies don't go too far?

Another aspect to think about is the accuracy of the technology. Currently, it's not perfect and it may match innocent people to profiles of criminals or terrorists. And it turns out the error rates increase for minorities.

Bottom line: It's not about the technology as such, it's about how it's used and to what extent it can be used. How much will this impact your privacy?

Links: Washington Post, ACLU

Facebook 'Agrees' To Paying Fine To UK

As a result of the Cambridge Analytica scandal, Facebook was fined by the Information Commissioner's Office (ICO - UK Data Protection Authority). The value of the fine was based on the pre-GDPR privacy regulations, at Ā£500,000.

Now, Facebook has agreed that it will pay the fine. In doing so, it has not accepted liability of the incident.

Why it matters: Under GDPR (EU data protection regulation), the fine could have been much higher (up to 4% of global revenue in a worst case scenario for Facebook). Facebook had initially fought the fine, but have now accepted it. They've dragged their heals on this one even though there were many lapses in protection of it's users' personal data.

Links: BBC

Lawsuit Reveals Lax Security At Equifax As Reason For Data Breach

As reported by CPOMagazine, the huge personal data breach at Equifax was caused by extremely lax security. The security lapses included:

  • Using the user and password combination admin/admin, for an administration account on a portal used to manage customer credit disputes (which is a commonly used user and password combination).
  • Lack of encryption of personal data, even on public facing servers (which are subject to higher risk of attacks).

Interestingly, shareholders are blaming the company for not disclosing how bad they were (at securing their data). This could impact other companies because they could get sued in future if they also have lax security.

Links: CPOMagazine, Yahoo