A privacy news aggregator brought to you by the team at DP.News - "Informing You Without Watching you."

News Crawler!

• The Catalog of Carceral Surveillance: Monitoring Online Purchases of Inmates’ Family and Friends
  September 7, 2021

  Securus is one of the prison telecommunications companies notable for overcharging inmates for the privilege of communication with their loved ones.

  In their patent application, Securus provides the following example of how prisons might use this invasive and dangerous technology.

  The flowchart submitted with the patent describing how the e-commerce surveillance system would work.

  Surely Securus isn’t suggesting that prison wardens would hack the accounts of people who make phone calls to prisons.

  And not many people would willingly give a prison administrator access to their Amazon or other online shopping account.

• Video Briefing Wednesday: EFF and Partners Will Deliver to Apple Petitions with 50,000 Signatures Demanding End to Phone Scanning Program
  September 3, 2021

  The iPhone scanning harms privacy for all iCloud photo users, continuously scanning user photos to compare them to a secret government-created database of child abuse images.

  The parental notification scanner uses on-device machine learning to scan messages, then informs a third party, which breaks the promise of end-to-end encryption.

  Acknowledging the outcry by customers and activists against the program, Apple said it’s gathering more feedback and making improvements before launching the scanning features.

  EFF, Fight for the Future, and OpenMedia gathered signatures for the petitions that will be emailed to Apple on September 8.

  Schneier and Mullin will discuss how Apple’s program opens the door to other surveillance.

• Without Changes, Council of Europe’s Draft Police Surveillance Treaty is a Pernicious Influence on Latam Legal Privacy Frameworks
  September 3, 2021

  Article 7 of the Protocol is among the most troubling provisions, raising privacy concerns regarding police cross-border access to subscriber data.

  Why does subscriber data matter?

  First, this provision can serve as an influence to drive down standards in the region for accessing subscriber information (and unveiling a user’s identity).

  Levelling Down Subscriber Information ProtectionsCountries in the region have adopted varying degrees of privacy safeguards in criminal investigations.

  Other countries, like Argentina, do not have legal rules or case law specifically addressing law enforcement access to subscriber information.

• Victory! Federal Trade Commission Bans Stalkerware Company from Conducting Business
  September 1, 2021

  In a major victory in our campaign to stop stalkerware, the Federal Trade Commission (FTC) today banned the Android app company Support King and its CEO Scott Zuckerman, developers of SpyFone, from the surveillance business.

  The stalkerware app secretly “harvested and shared data on people’s physical movements, phone use and online activities through a hidden device hack,” according to the FTC.

  The app sold real-time access to surveillance, allowing stalkers and domestic abusers to track potential targets of their violence.

  Stalkerware, a type of commercially-available surveillance software, is installed on phones without device users’ knowledge or consent to secretly spy on them.

  Among its early achievements are an effort to create an industry-wide definition of stalkerware, encouraging research into the proliferation of stalkerware, and convincing anti-virus companies to detect and report the presence of stalkerware as malicious or unwanted programs.

• Protecting Student Privacy and Ensuring Equitable Algorithmic Systems in Education
  August 31, 2021

  As the technology and data used in education continue to evolve, discrimination and bias have taken on new forms, including in the use of algorithms.

  Moreover, data used to train algorithms may itself implicitly embed biases.

  Remote proctoring software used to monitor students taking exams online often uses algorithmic technology to detect students’ gaze, movements, or sounds in the room.

  To combat these harms, CDT is calling on ED to begin working to address the discriminatory effects of some algorithmic systems.

  The scope of the guidance or rules — if any — should be appropriately tailored to the harms algorithmic systems pose.

• Victory! Lawsuit Proceeds Against Clearview’s Face Surveillance
  August 30, 2021

  So EFF supports laws that ban government use of this dangerous technology, and laws requiring corporations to get written opt-in consent from a person before collecting their faceprint.

  Clearview’s faceprinting violates the Illinois Biometric Information Privacy Act (BIPA), which requires opt-in consent to obtain someone’s faceprint.

  In both Illinois and federal court, Clearview argues that the First Amendment bars these BIPA claims.

  This is a significant victory for our privacy over Clearview’s profits.

  Applying intermediate scrutiny, the court upheld the application of BIPA’s opt-in consent requirement to Clearview’s faceprinting.

• EFF to Council of Europe: Flawed Cross Border Police Surveillance Treaty Needs Fixing—Here Are Our Recommendations to Strengthen Privacy and Data Protections Across the World
  August 30, 2021

  Civil society groups, data protection officials, and defense attorneys were sidelined during the process, and the draft Protocol reflects this deeply flawed and lopsided process.

  EFF and partners urge PACE to use our recommendations to adopt new Protocol amendments to protect privacy and human rights across the globe.

  Mischaracterizing the Intrusive Nature of Subscriber Data Access PowersOne of the draft’s biggest flaws is its treatment, in Article 7, of subscriber data, the most sought-after information by law enforcement investigators.

  As the text currently stands, countries must decide whether to adopt Article 7 or not when implementing the draft Protocol.

  Or even better, we would like to see a general obligation compelling independent supervision on every cross-border subscriber data request.

• Apple’s Plan to Scan Photos in Messages Turns Young People Into Privacy Pawns
  August 27, 2021

  One of the plans—scanning photos sent to and from child accounts in Messages—breaks Apple’s promise to offer end-to-end encryption in messaging.

  But scanning and flagging Messages images will, unfortunately, create serious potential for danger to children and partners in abusive households.

  Children Need In-App Abuse Reporting Tools InsteadThe Messages photo scanning feature has three limitations meant to protect users.

  A person in an abusive household, regardless of age, could be coerced to use a “child” account, opening Messages users up to tech-enabled abuse that’s more often found in stalkerware.

  The more our technology surveils young people, the harder it becomes to advocate for privacy anywhere else.

• The All-Seeing "i": Apple Just Declared War on Your Privacy
  August 26, 2021

  You might have noticed that I haven’t mentioned which problem it is that Apple is purporting to solve.

  Apple’s new system, regardless of how anyone tries to justify it, will permanently redefine what belongs to you, and what belongs to them.

  The task Apple intends its new surveillance system to perform—preventing their cloud systems from being used to store digital contraband, in this case unlawful images uploaded by their customers—is traditionally performed by searching their systems.

  As long as you keep that material off their servers, and so keep Apple out of the headlines, Apple doesn’t care.

  Apple dispatched its SVP-for-Software Ken doll to speak with the Journal not to protect the company's users, but to reassure the company's investors.

• Jewel v. NSA: Americans (Still) Deserve Their Day in Court
  August 17, 2021

  With little explanation, the Ninth Circuit today affirmed the district court’s decision dismissing our landmark challenge to the US government’s mass communications surveillance, Jewel v. NSA.

  Today’s decision renders government mass surveillance programs essentially unreviewable by U.S. courts, since no individual will be able to prove with the certainty the Ninth Circuit required that they were particularly spied upon.

  Though we filed our our landmark Jewel v. NSA case in 2008, no court has yet ruled on the merits – whether the mass spying on the Internet and phone communications of millions of Americans violates U.S. constitutional and statutory law.

  But we remain determined to ensure that the network we all increasingly rely on in our daily lives—for communicating with our families, working, participating in community and political activities, shopping, and browsing—is not also an instrument subjecting all of our actions to NSA mass surveillance.

  We are evaluating the options for moving the case forward so that Americans can indeed have their day in court.

• Why Apple’s iOS 15 will scan iPhone photos and messages
  August 13, 2021

  Apple’s child protection measures, explainedIn early August, Apple announced that the new technology to scan photos for CSAM will be installed on users’ devices with the upcoming iOS 15 and macOS Monterey updates.

  Scanning photos uploaded to iCloud in order to spot CSAM would make sense and be consistent with Apple’s competitors.

  “A thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor”Additionally, Apple says that only photos you choose to upload to iCloud Photos are scanned.

  If you disable iCloud Photos, then your pictures won’t be scanned.

  Update, August 13, 4:55 pm: Updated to include new information about Apple’s messaging around its CSAM scanning technology.

• Facebook’s Attack on Research is Everyone's Problem
  August 12, 2021

  Taken as a whole, Facebook’s sordid war on Ad Observer and accountability is a perfect illustration of how the company warps the narrative around user rights.

  What is Ad Observer?

  In aggregate, however, the information shared by thousands of Ad Observer users revealed how advertisers use the platform’s surveillance-based ad targeting tools.

  An Innovation-Killing PretextFacebook has shown that it can’t be trusted to present the facts about Ad Observer in good faith.

  This is the idea that companies should be obligated to protect the user information they collect.

• New report shows how one TECNO phone can be putting people’s privacy and security at risk
  August 10, 2021

  Privacy International research released today shows that the brand new TECNO Y2 phone is being sold with outdated versions of the Android operating system.

  What this means is that the privacy and security of people using TECNO’s Y2 phones can be at risk.

  “TECNO users deserve better.

  They deserve devices that are secure, rather than ones that put their privacy and security at risk.

  TECNO should stop putting users’ privacy and security at risk.” Caitlin Bishop, Privacy International, Project lead of PI’s work on low-cost technology.

• How one TECNO phone is putting users' privacy and security at risk
  August 9, 2021

  In the TECNO Y2’s case, the phone contains a number of football-related pre-installed apps and themes for the phone.

  Flick shoot is a football game available on Google Play, but the application is actually a wallpaper called ‘Fingersoccer’.

  However, because this TECNO phone has the app pre-installed, the app comes pre-approved, and users are not given the opportunity to deny such access.

  Irremovable BloatwareAnother problem with pre-installed apps - frequently called bloatware - is that they can take up valuable space on a device.

  For instance, some of the pre-installed apps and wallpapers on the TECNO Y2 are on the system partition.

• Here’s how police can get your data — even if you aren’t suspected of a crime
  July 31, 2021

  But you don’t have to be an alleged insurrectionist for law enforcement to get data about you from another company.

  Law enforcement can and does purchase location data from data brokers, for instance.

  And while location data companies claim that their data has been de-identified, experts say it’s often possible to re-identify individuals.

  This could change if something like the Fourth Amendment Is Not for Sale Act, which bans law enforcement from purchasing commercially available data, were to become law.

  If you’re charged with a crime and that data is used as evidence against you, then you’ll know.

• HIPAA, the health privacy law, explained
  July 30, 2021

  The perception that HIPAA is solely a health privacy law that everyone is subject to has become so common that there’s now a Twitter account to document it.

  What HIPAA doesn’t doIt’s important to note that medical privacy didn’t begin with HIPAA, and it’s not the only health privacy law out there.

  Closing the health privacy law gapSo HIPAA isn’t the all-inclusive health privacy law so many people assume it is, but that mass assumption suggests that such a law is both wanted and needed.

  “People are fairly protective of their health information,” Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center (EPIC), told Recode.

  It’s one of what will likely be several consumer privacy bills introduced this session, any one of which could give Americans better health privacy protections.

• Venmo Is Ditching Its Public Feed. But It Still Needs To Do More.
  July 21, 2021

  The global view was accessed via a globe icon on the feed page that showed a stream of random strangers’ public payments when you clicked on it.

  However, this doesn’t mean there’s no more public transactions — there’s just no central feed in the app.

  If you navigate to someone’s profile who isn’t your friend, you’ll still be able to see their public transactions.

  Following BuzzFeed News’ report, Venmo made it possible to change your Friends List to private or friends only.

  A representative for Venmo pointed to the company’s public blog post in response to a request for comment.

• WhatsApp Is Suing The Indian Government To Protect People’s Privacy
  July 14, 2021

  Since 2016, messages and files sent through WhatsApp have been encrypted, which means that nobody except the sender and the receiver can see their contents.

  WhatsApp has long said this is important for people’s privacy.

  Digital rights organizations like Access Now, the Electronic Frontier Foundation, and Mozilla have supported WhatsApp’s fight to maintain end-to-end encryption.

  India’s recently enacted IT rules require messaging platforms like WhatsApp to trace content back to senders.

  Last month, India ordered Twitter, Facebook Instagram, and YouTube to block content critical of the government’s handling of the coronavirus pandemic.

• We Found Joe Biden’s Secret Venmo. Here’s Why That’s A Privacy Nightmare For Everyone.
  June 19, 2021

  After BuzzFeed News reached out to the White House for this story, all the friends on the president’s Venmo account were removed.

  After this story was published, a Venmo spokesperson told BuzzFeed News: “The safety and privacy of all Venmo users and their information is always a top priority, and we take this responsibility very seriously.

  While many critics have focused on how the app makes all transactions public by default, Venmo’s friend lists are arguably a larger privacy issue.

  Several former Venmo employees told BuzzFeed News that Venmo’s public transaction feed and friend lists were integral to the app’s early design.

  Using the public friend list, for example, a motivated fan was able to figure out who won a season of The Bachelor.

• There Are No Laws Restricting “Stingray” Use. This New Bill Would Help.
  June 17, 2021

  Dubbed the Cell-Site Simulator Warrant Act of 2021, the bill would require law enforcement agencies to get a warrant establishing probable cause to investigate criminal activity before using a stingray in almost all cases.

  Because of this, when a stingray is used in a populated area, it can collect information about bystanders, not just a target.

  Law enforcement would also be allowed to use them in emergency situations with the potential for loss of life.

  In the past, law enforcement agencies have sometimes taken advantage of the lack of regulation surrounding stingrays.

  Police in Annapolis once used a stingray to catch someone who stole $56.77 worth of chicken wings and sandwiches.