"Informing You Without Watching you."
[email protected]  @digitalprivacy

Techcrunch, Wed 12/01:
US government agencies bought Chinese surveillance tech despite federal ban – TechCrunch

At least three U.S. federal agencies, including the military, have purchased China-made video surveillance equipment banned from use in the federal government.

Purchasing records seen by TechCrunch and video surveillance news site IPVM show the agencies collectively spent thousands of dollars on purchasing video surveillance equipment manufactured by Lorex, a wholly-owned subsidiary of Dahua Technology.

The U.S. says Beijing relies on technology manufactured in part by Dahua to supply the surveillance equipment to surveil the Uighur population.

After the ban came into effect, purchasing records show the agencies bought Lorex equipment from federal contractors.

Section 889 also prohibits federal contractors from selling banned electronics to federal agencies.

Read full article here:
(warning: ads & trackers)

The Verge, Wed 12/01:
Qualcomm’s new always-on smartphone camera is a privacy nightmare

It can also suppress private information or notifications from popping up if you’re looking at the phone with someone else.

But while those features may sound neat and perhaps even convenient, I’m not convinced that having an always-on camera is worth the tradeoff in privacy concerns.

The always-on camera features are discussed at hour three of Qualcomm’s four-hour presentation introducing the Snapdragon Gen 1 system-on-chip.

Qualcomm is framing the always-on camera as similar to the always-on microphones that have been in our phones for years.

An always-on camera is a step beyond the always-on microphones already in our phonesIt’s true that smart home products already have features like this.

Read full article here:
(warning: ads & trackers), Tue 11/30:
Smartwatches for children are a privacy and security nightmare

Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions.

Web antivirus team, which looked into Elari Kidphone 4G, Wokka Lokka Q50, Elari FixiTime Lite, and Smart Baby Watch Q19.

WebMediocre casesIn the case of the Elari FixiTime Lite ($50) and the Smart Baby Watch Q19 ($25), the situation is mixed.

Elari FixiTime Lite transmits sensitive data such as GPS coordinates, voicemails, and photos using the unencrypted (HTTP) data transfer protocol.

Bleeping Computer has contacted Elari and Wokka Lokka to comment on the above, but we have not heard back yet.

Read full article here:
(warning: ads & trackers), Tue 11/30:
Federal Trade Commission Should Make Privacy Rules Against ISP Data Collection, Experts Say

Specifically, according to Alan Butler, president of the Electronic Privacy Information Center, unnecessary ISP data collection “demands action” from the FTC.

Butler said FTC privacy regulations would be a “temporary solution,” but there must be a separate federal agency that regulates privacy in the United States.

“Funding for an FTC privacy bureau in the reconciliation bill is an important step forward,” he said.

The law at play for an FTC privacy authorityThe FTC’s ability to regulate privacy would be governed by the Magnuson-Moss Warranty-Federal Trade Commission Improvement Act.

Issuing privacy rules from the FTC would hard, he says, because the FTC must clear substantial hurdles before it can enforce any privacy rules.

Read full article here:
(warning: ads & trackers)

National Law Review, Mon 11/29:
Supreme Court Declines to Hear Challenge to Massachusetts Privacy Law

Monday, November 29, 2021Last week, the Supreme Court declined to hear a challenge to a Massachusetts data privacy law that prohibits secret audio recordings.

As a result, the statute remains unchanged as well as a First Circuit panel opinion from December 2020 that the public can secretly record police (notwithstanding that the Massachusetts statute otherwise bars all surreptitious recordings).

Following the statute’s passage, the Massachusetts Supreme Court twice ruled—once in 1976 and again in 2001—that the statute does not exempt the recording of the audio of a person who had no “reasonable expectation of privacy” in what was recorded.

2020), however, affirmed a district court ruling that the Massachusetts statute violates the First Amendment by prohibiting the secret, nonconsensual audio recording of police officers discharging their official duties in public spaces.

Project Veritas had argued in its petition to the Supreme Court that the First Circuit should have gone farther by throwing out the entire law on constitutional grounds.

Read full article here:
(warning: ads & trackers), Mon 11/29:
Google Commits To More Oversight Of Its Privacy Sandbox By The UK’s Competition Watchdog

On Friday, the Competition and Markets Authority (CMA), the UK’s top antitrust regulator, published a 125-page document outlining the next phase of its ongoing antitrust investigation into Google’s Privacy Sandbox.

The document contains an updated set of commitments from Google designed to prevent the company from developing its Privacy Sandbox proposals in ways that impede competition.

Google also agreed to be more transparent about how Privacy Sandbox proposals are implemented and not develop or implement the proposals in the Privacy Sandbox without regulatory approval.

For instance, it wasn’t clear how technology developed within the Privacy Sandbox and Google’s non-discrimination obligations would be monitored by regulators and the industry at large.

Although Google’s Privacy Sandbox is under the microscope right now, the entire ad tech industry is on notice.

Read full article here:
(warning: ads & trackers), Wed 11/24:
New data reveals Americans' support for federal privacy legislation | News

Additional findings include the fact that voters find common ground on privacy legislation.

Virtually all Democrat ( 95.4%), independent ( 92.0%) and Republican ( 89.3%) voters surveyed report that it is “very or somewhat important” for congress to pass federal privacy legislation.

In addition to widespread bipartisan support, there is near universal agreement across age, race and gender that passing new data privacy legislation is important.

For 40% of Americans, the desire for data privacy regulations is greater now than in the past.

“These findings make clear that an overwhelming majority of Americans want congress to pass nationwide privacy legislation that protects all Americans, no matter where they live,” said Stuart Ingis, adviser to the Privacy for America coalition.

Read full article here:
(warning: ads & trackers), Wed 11/24:
Mass surveillance fuels oppression of Uighurs and Palestinians

For many readers, the scenario brings to mind China’s mass human rights violations against millions of Uighurs and other Turkic Muslim people.

To one of us – a researcher on China for Human Rights Watch – the Israeli Blue Wolf system is eerily familiar.

International human rights laws require that governments’ collection, use and storage of personal data meet the standards of legality, proportionality and necessity.

They should also penalise companies that sell these surveillance systems proven to have facilitated severe human rights abuses.

The US government has placed export controls on some Chinese surveillance companies, and recently, on the NSO Group.

Read full article here:
(warning: ads & trackers), Wed 11/24:
Right to privacy is a fundamental human right: Shireen Mazari

Photo collage showing Human Rights Minister Shireen Mazari (L), Founder and CEO of Katalyst Labs Jehan Ara and the Director IT of the Ministry of IT and Technology Bilal Abbasi (C), and Chairperson of NADRA Tariq Malik (R)— DRF/ TwitterMinister for Human Rights Shireen Mazari on Wednesday said that the "right to privacy is a fundamental human right, but the right needs to be balanced with other competing rights."

She was speaking during a panel discussion on “privacy from a human rights perspective”, which was part of the 8th annual National Data Privacy Conference organised by the Digital Rights Foundation (DRF).

It should be separate from the government that can hold the state and powerful actors accountable.”Drafting the data protection legislationAnother panel discussion that took place during the conference centred around data protection legislation.

Speaking on the occasion, Abbasi said that the IT ministry has been working on the Personal Data Protection Bill since 2017, but the first draft was "not as human rights friendly."

"Data protection law in Pakistan is [crucial] to ensuring the standardisation of data privacy practices in the country as an important part of the “social contract between citizens and the government”.

Read full article here:
(warning: ads & trackers)

Hindu Business Line (India), Wed 11/24:
Isn’t right to privacy a fundamental right?

Unfortunately, the drafters of the Data Protection Bill appear to have forgotten this.

This is not to say that India does not need a Data Protection Bill.

The handling, access to and rights over such data require a different kind of skillset and mindset, which a privacy regulator tasked with primarily looking at personal data might lack.

On the other hand, the draft Bill also overlooks many of the benefits of having open access to non-personal data.

The Data Protection Bill is only the start of a long and complex journey.

Read full article here:
(warning: ads & trackers)

techradar, Wed 11/24:
Telegram ordered to block access to privacy channels

A Portuguese court has reportedly ordered Telegram to block access to more than a dozen piracy-related channels with millions of members in total.

TorrentFreak shares that the Portuguese court was acting on a complaint filed by Visapress , which represents several newspaper and magazine publishers, and the Portuguese film industry association, GEDIPE.

Although an encrypted instant messaging app , Telegram enables users to create channels using which they can send messages to all their members.

“Changing the name of the groups and chats is a simple way that their administrators have to bypass the court order but Telegram knows this.

In my opinion, this decision obliges them to remove or block access to these groups and chats,” Eugénio told TorrentFreak.

Read full article here:
(warning: ads & trackers), Wed 11/24:
California Privacy Protection Agency Rulemaking Begins and Heightened Privacy Focus Continues

In the meantime, the AG’s Office has been providing the CPPA with administrative support as the agency gets off the ground.

In the meantime, the AG’s Office has been providing the CPPA with administrative support as the agency gets off the ground.

Separately, the governor also signed a bill that adds “genetic information” to the definition of personal information in California’s data-breach law.

In particular, the distinction between personal information and sensitive personal information may affect how information should be collected and stored.

In particular, the distinction between personal information and sensitive personal information may affect how information should be collected and stored.

Read full article here:
(warning: ads & trackers)

The Tribune (India), Wed 11/24:
Dissent over privacy law

FOUR years after the Supreme Court ruled in a landmark judgment that privacy is a fundamental right, Indian lawmakers have taken a significant step towards providing a privacy and data protection law for the citizens.

The JPC argued that social media firms must be held responsible for the content from unverified accounts on their platforms.

Some members have said the report has failed to provide safeguards — such as parliamentary oversight — in Section 35 to prevent its misuse.

Concern has also been expressed over Section 12, which pertains to processing personal data for provision of a service to an individual.

The possibility of the exemptions in the privacy law being misused by the government or its agencies is real.

Read full article here:
(warning: ads & trackers), Tue 11/23:
Apple Files Lawsuit Against Israeli Surveillance Company NSO Group

Apple has filed a lawsuit against Israeli surveillance- for- hire company NSO Group over its Pegasus spyware that has been used to target Apple devices.

The permanent injunction that Apple is seeking would prohibit NSO Group from using any Apple servers, devices, hardware, software, or other applications.

The company is also seeking an unspecified amount in damages from NSO Group, which Apple said it would give to cybersecurity researchers.

A denial of access to Apple products and services would mark a huge, potentially business-shattering blow for NSO Group in the U.S. which has become notorious for surveillance software capable of attacking Apple devices.

And Apple’s not the only one taking shots at NSO Group.

Read full article here:
(warning: ads & trackers)

Politico (Europe), Tue 11/23:
French Uber drivers protest stalling of privacy complaints

PARIS — French Uber drivers are increasingly frustrated with European regulators for failing to address their privacy complaints against the U.S. ride-hailing company.

A group of about 50 drivers on Tuesday participated in a demonstration in front of the French data protection authority's building in Paris’ upmarket seventh district to pressure the French privacy regulator into dealing with their grievances.

Drivers have accused Uber of flouting European privacy rules for the last couple of years, but their complaints have stalled because of the General Data Protection Regulation's one-stop-shop mechanism.

During Tuesday's protest, drivers referred to an April decision by an Amsterdam court that required Uber to reinstate drivers disconnected from the platform by robot technology.

In July, the Italian privacy regulator fined Glovo-owned Foodinho €2.6 million for its algorithmic management systems.

Read full article here:
(warning: ads & trackers)

CTV News (Ontario, Canada), Tue 11/23:
Health ministry wrong to not release northern Ont. abortion info, privacy commission rules

Sudbury -Ontario's Information and Privacy Commissioner has ruled a decision by the health ministry to not reveal abortion statistics for communities in northern Ontario was wrong.

The case centres on a media request for the data, covering abortions performed in 2017 and 2018 in Thunder Bay, Temiskaming, Algoma, Cochrane, Kenora, Manitoulin, Sudbury, Rainy River, Parry Sound and Nipissing.

All information that would identify individual persons or facilities was excluded from the request.

"The ministry noted that its practice was to release de-identified data on abortion services at the provincial level," said the transcript of the appeal.

In this case, information being sought was limited to the number of abortions performed in 2017 and 2018 in six of the 10 districts in northern Ontario.

Read full article here:
(warning: ads & trackers)

The Guardian, Tue 11/23:
Apple sues Israeli spyware firm NSO Group for surveillance of users

Apple has launched a lawsuit against NSO Group, the Israeli spyware company that was recently blacklisted by the Biden administration for acting “contrary to the foreign policy and national security interests of the US”.

In its complaint, Apple said that NSO’s signature spyware, called Pegasus, had been used to “attack a small number of Apple users worldwide with malicious malware and spyware”.

“At Apple, we are always working to defend out users against even the most complex cyberattacks.

It is also significant because the company has elected to target the maker of the spyware – NSO – and not the company’s government clients.

Apple is not the first US technology company to file a lawsuit against NSO.

Read full article here:
(warning: ads & trackers)

LA Times, Tue 11/23:
Is your Christmas present spying on you? How to assess gifts’ privacy risks

Others may feel that the convenience offered by smart products outweighs the potential loss of privacy if things go wrong.

You may lose crucial features, though, if you turn a smart device into a dumb one.

Companies also collect personal data under the guise of product registration.

Publicly traded manufacturers like Roku tell analysts exactly what their plans are for squeezing cash out of their customers’ personal information.

Another question is whether the gift might be shared with children, inadvertently exposing them to privacy risks.

Read full article here:
(warning: ads & trackers)

Techcrunch, Tue 11/23:
Facebook’s lead EU privacy supervisor hit with corruption complaint – TechCrunch

European privacy campaign group noyb has filed the criminal complaint against the Irish DPC, which is Facebook’s lead regulator in the EU for data protection.

“The right to be heard was made conditional on us signing an agreement, to the benefit of the DPC and Facebook.

Legally there is no difference between demanding an unlawful agreement or a bottle of wine.”All of which looks exceptionally awkward for the Irish regulator.

Which is what noyb is suggesting may be about to happen vis-a-vis this particular Facebook complaint saga.

The WhatsApp GDPR complaint is just the tip, of course.

Read full article here:
(warning: ads & trackers)

Reuters, Tue 11/23:
U.S. lawmakers call for privacy legislation after Reuters report on Amazon lobbying

"Amazon shamefully launched a campaign to squash privacy legislation while its devices listen to and watch our lives," U.S.

Senator Richard Blumenthal, a Connecticut Democrat who has been involved in bipartisan negotiations on privacy legislation, wrote Friday on Twitter.

No major federal privacy legislation has passed Congress in years because members have been deadlocked on the issue.

"Congress needs to prove Amazon wrong, and pass legislation that finally stops massive corporations from abusing and exploiting our personal data," Wyden said.

The company reiterated its statement for the previous Reuters report, saying it prefers federal privacy legislation to a "patchwork" of state regulations.

Read full article here:
(warning: ads & trackers)

EFF, Tue 11/23:
Manifest V3: Open Web Politics in Sheep's Clothing

The security and privacy claims that Google has made about web extensions may or may not be addressed with Manifest V3.

Splitting would mean taking a strong stand against Manifest V3 as an alternative and supporting web extensions developers’ innovation in user privacy controls.

Mozilla’s acknowledgement that MV3 doesn’t meet web extension developers’ needs shows that MV3 is not yet ready for prime time.

Privacy SandStormSince the announcement of Manifest V3, Google has announced several controversial “Privacy Sandbox” proposals for privacy mechanisms for Chrome.

Some very valid concerns and asks have been raised with the W3C Web Extensions Community Group that would help to propel the web extensions realm back to a better place.

Read full article here:
(It's EFF - safe to visit)

EFF, Mon 11/22:
Police Aerial Surveillance Endangers Our Ability to Protest

The California Highway Patrol directed aerial surveillance, mostly done by helicopters, over protests in Berkeley, Oakland, Palo Alto, Placerville, Riverside, Sacramento, San Francisco, and San Luis Obispo.

Dragnet aerial surveillance is often unconstitutional.

The U.S. government has been spying on protest movements for as long as there have been protest movements.

Fortunately, the ACLU of Northern California has already exposed CHPs aerial surveillance against the protests for Black lives.

Aerial surveillance of protests must stop.

Read full article here:
(It's EFF - safe to visit)

Reuters, Mon 11/22:
U.S. FTC recommended lawsuit against Amazon over privacy breaches at Ring - the Information

If you are a California consumer, you have the right, at any time, to direct a business that sells your personal information to third parties to not sell your personal information.

This right is referred to as the right to opt-out.

You may exercise your right to opt-out of the sale of your personal information through by clicking here .

Additionally, in the event you opt-out under CCPA, but do not opt out of interest-based advertising more generally, you may still receive advertisements tailored to your interests based upon your Personal Information.

For more information about the First and Third Party Cookies used please follow this link

Read full article here:
(warning: ads & trackers), Mon 11/22:
We’re Making the Facebook Papers Public. Here’s Why and How

Today, we see a strong public need can be served by making as many of the documents public as possible, as quickly as possible.

His research focuses on empirically measuring the security and privacy of technology systems and their intersections with society.

His research focuses on empirically measuring the security and privacy of technology systems and their intersections with society.

Ethan directs the UMass Initiative for Digital Public Infrastructure, focused on reimagining the internet as a tool for civic engagement.

We plan to update the top of this article with instructions on how to access the Facebook Papers in the coming days.

Read full article here:
(warning: ads & trackers)