Author: Tom McBrien

In China, “[a] new system uses software to dictate [COVID-19] quarantines — and appears to send personal data to police, in a troubling precedent for automated social control.” (N.Y. Times)

The CDC is struggling to track coronavirus outbreak partially because it doesn’t have enough data from airlines. Airline companies say it’s because customers are booking through Expedia, etc., who don’t normally share info w/ airlines for business reasons. (Wash. Post)

Leaked data from a financial data broker show that large companies are purchasing millions of Americans’ credit card data and may be able to tie it to specific individuals. (Vice)

“Amazon keeps records of every motion detected by its Ring doorbells, as well as the exact time they are logged down to the millisecond.” (BBC)

Clean Master, a popular antivirus app, has a very broad privacy policy. It was kicked off of the Google Play store because it was extracting extremely detailed tracking of users’ browsing. (Forbes)

(Compiled by Student Fellow Tom McBrien)

Two school districts in South Carolina have replaced metal detectors with millimeter wave body scanners. This yet another privacy concern in the school context, after universities have begun attempting to track students using Bluetooth beacons and WiFi MAC addresses.

Smithsonian released nearly 3 million images into the public domain under the Creative Commons Zero license. Our own Michael Weinberg was involved in the effort.

Clearview AI, the controversial facial-recognition company, announced that its entire client list was stolen.

The Indiana Supreme Court ruled that removing a GPS tracking device from your car does not constitute a theft.

EA banned Kurt0411, a popular FIFA player, from its platforms due to “serious and repeated violations.” Interestingly, Kurt0411’s behavior does not appear to match the specific behaviors listed on EA’s website eligible for a ban.

Google’s research has suggested that its efforts to anonymize patient data are not foolproof.

Amazon has opened GoGrocery (the cashier-less grocery store) in Seattle.

The Privacy and Civil Liberties Oversight Board (PCLOB) released a report on the NSA call detail records program, finding the program led to only a single significant investigation between 2015 and 2019.
The USA Freedom Act is up for reauthorization this year. Expect groups to push to amend Section 215.

The Intercept received leaked reports showing EU Police planning to build a European-wide facial recognition database.

The Brave web browser, that purports to be “privacy focused” has been released.

The Markup, a new publication “investigating how technology influences our society” has begun releasing articles.

(Compiled by Student Fellow Jacob Apkon)

The European Commission published its data strategy. The proposal emphasizes the development of rules for access and re-use of industrial and commercial data, as well as building a single data market and developing EU data storage and processing infrastructure. The Commission also released an update on its proposed policies on Business-to-government data sharing, which centers around the idea of EU-wide legislation on “the use of private sector data by the public sector for the common good”.

A simultaneously released digital strategy draws out plans to build “common European data spaces,” — large aggregations of data accessible by members at both sectoral and cross-sector levels. The commission also plans to develop an act that will govern free-of-cost union-wide sharing of high value public sector data. The latest version of the EU’s AI strategy abandons the idea of a total ban on facial recognition technology, which was previously under consideration. 

New criticism of Amazon Ring highlights lack of evidence that the the technology helps reduce crime. In other news related to Amazon’s camera-equipped doorbell, a recent privacy policy update by Ring is criticized for focusing on third party partnerships while not addressing problematic practices of sharing data with law enforcement agencies.

Facebook will Settle Illinois Facial Recognition Suit. The company is said to have violated an Illinois biometric privacy law by harvesting facial data for Tag Suggestions from the photos of millions of users in the state without their permission.

ISPs sue Maine, claiming that Web-privacy law violates their First Amendment rights.

A second security breach of the Likud party app exposes personal data of individual voters. Also in Israel, ATM users are asked to take an election poll in order to withdraw money.

New York City’s council has voted to ban cashless businesses over privacy and bias concerns.

(compiled by Student Fellow Margarita Boyarskaya)

The Department of Justice unsealed indictments against four officers of China’s People’s Liberation Army (PLA), charging them with carrying out the 2017 hack against consumer credit bureau Equifax. The indictments allege that the officers, who were members of the PLA’s 54th Research Institute, “conspired with each other to hack into Equifax’s computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information of approximately 145 million American victims.”

Kashmir Hill, a technology reporter for the New York Times, conducted an interview with Hoan Ton-That, the founder of Clearview AI, a technology company providing law enforcement agencies with facial recognition software. Ton-That discussed the company’s policy regarding selling the software, claiming that “[Clearview AI’s] philosophy is basically, if it’s a U.S. based — or like a democracy or an ally of the U.S. — we will consider it. But like, no China, no Russia or anything that wouldn’t be good. So if it’s a country where it’s just governed terribly or whatever, I don’t know if we’d feel comfortable selling to certain countries.” Additionally, he claimed that at this stage Clearview AI is not looking to offer the software on the consumer market.Relatedly, CNN tested Clearview AI software in a piece featuring PRG member Jake Goldenfein.

Researchers affiliated with Roboflow discovered widespread problems with the labeling (and mislabeling) of cars, pedestrians and cyclists in a popular dataset used to build autonomous cars.

The Washington Post reported that Crypto AG, an encryption company based in Switzerland, has been owned and controlled for decades by the CIA and German intelligence.

US government officials have reportedly told the Wall Street Journal that Huawei built backdoors into mobile phone networks it maintains and sells. These new disclosures come after Britain approved a plan allowing Huawei to build the country’s 5G network, despite urging by the US to the contrary.
The New York Times reported on the many organizational problems which plagued the Iowa Democratic caucuses beyond the Shadow Inc. reporting app.

The Federal Trade Commission ordered five major tech companies (Alphabet, Amazon, Apple, Facebook and Microsoft) to provide information about their acquisitions in the past 10 years which were not previously reported to antitrust agencies.

The British government introduced a plan which would give Ofcom, the country’s media regulator, new powers to regulate internet content. Although the details of the proposal have not been released, the aim appears to be to combat “harmful content such as violence, terrorism, cyber-bullying and child abuse.” (BBC/NYT)

The Scottish Parliament’s Justice Sub-Committee on Policing released a report concluding that “current live facial recognition technology is not fit for use by Police Scotland.” Among other things, the report cites biases against women and ethnic minorities as causes for concern. (BBC)

Israel’s Ministry of Justice has begun to investigate the massive leak of voters’ data via an election campaign app used by the Likud party. The data includes the names, ID numbers and addresses of all Israeli voters. (JP/Haaretz/NYT)

Compiled by Student Fellow Stav Zeitouni.

• Facebook and Twitter announced new policies for how they plan to handle deepfake videos and falsified content. 

• In an interview with CBS, the CEO of controversial facial recognition company, Clearview AI, argued that his company is allowed to scrape billions of social media profiles due to First Amendment rights. The scraped data is used to help police departments around the country identify individuals.
• Senator Lindsay Graham will introduce a bill, the EARN IT Act, that purports to combat the online exploitation of children, but in reality works to end strong encryption practices. It would amend Section 230 of the Communications Decency Act and give Attorney General William Barr the authority to shape “best practices” for tech companies.
• Experian announced that 100% of the U.S. population has been assigned a Unique Patient Identifier.
• The U.S. Army is looking to develop technology that utilizes biometric data in order to give soldiers the ability to classify and identify individuals, including through walls and ceilings.
• The Iowa Caucus suffered from widespread chaos and confusion on Monday due to the Democratic Party’s introduction of a new smartphone app that malfunctioned when volunteers attempted to use it.

U.K. allows Huawei to given permission to build noncritical parts of the 5G Network, despite U.S. security concerns.

Avast, a free antivirus software company, is accused of selling users’ location and browsing data  that includes “Every search. Every click. Every buy. On every site.”

Facebook’s new “Off-Facebook activity” function allows users to see the data Facebook has been collecting on its users outside of its social media platform.

Amazon engineer urges the firm to shut down Amazon Ring immediately over privacy concerns.

Study shows that machine learning can recognize people by their dancing styles with “astounding accuracy.”

Twitter has sent Clearview a cease-and-desist letter requesting deletion of any collected data from its platform.

LinkedIn was given more time to file a petition for certiorari challenging the Ninth Circuit’s ruling that held HiQ Labs Inc. not liable for scraping on its website.

(compiled by student fellow Grace Huang)

The UK rolled out new child privacy standards for any app, device, or online service that processes personal data.

Earlier this week, the New York Times reported about a company called Clearview AI whose powerful facial recognition app “goes far beyond anything ever constructed by the United States government or Silicon Valley giants.” 

Officials in Suzhou, a city in Eastern China, has begun using facial recognition to identify and publicly shame citizens who were pajamas in public. 

As Mitch McConnell prepared to draft rules of impeachment, he restricted access of the press to Senators. Justified it by saying it protects Senators’ privacy. 

Apple was not encrypting backups because of requests from the FBI asking them not to do so.

(compiled by student fellow Tom McBrien)

The NBER put out a series of reports about algorithmic studies on the share of a teachers’ value-added effect on their students’ student achievement. NBER researchers re-did the analysis of teacher effect on different outcomes such as student height growth and found equally strong correlations.

The EU initiated a new antitrust probe around Google and Facebook’s data collection.

The Senate is holding a hearing today to discuss privacy bills in Congress.

The Intercept released new reporting on Ring — the Amazon-owned video doorbell company. The journalism outlet is reporting that Ring has internal planning documents about using AI paired with its devices to create AI-enabled “neighborhood watchlists.” Ring denies all of the allegations.

The New York Times reported this week that Chinese scientists are attempting to combine DNA and facial recognition databases so that DNA samples can be used to reconstruct facial features.

The Intercept reported that the proficiency test for fingerprint scanners is an extremely low bar to pass with a high rate of false positives.

Just before Thanksgiving, Google fired four senior engineers, possibly because of their internal activism. They have filed a complaint with NLRB.

Brian Krebs showed iPhone 11 Pros have been transmitting location data even when turned off.

Facebook deleted the Facebook accounts of employees of NSO, the Israeli spyware firm hacked WhatsApp to track human rights activists, journalists, political dissidents, and others. This week, NSO filed a lawsuit against Facebook in Israel for deleting user accounts.

There was a suit filed in Israel against the Ministry of Justice’s “Cyber Department.” Normally, there’s a voluntary model in which the Department requests that Facebook/Google remove content and points out where terms of service have been violated (hate crimes, elections influencing, etc.). The new suit alleges that this procedure lacks process, violating constitutional and administrative norms.

Two days ago, a federal court said people who have been victims of a Facebook data breach are not allowed to bring a class action suit for damages against the internet company , but they may sue to force Facebook to adopt better practices.

(Compiled by student fellow Tom McBrien.)

The New York City Automated Decision Systems Task Force released their final report this week. Some members of the task force took to Twitter after its release to raise concerns about some of the viewpoints underrepresented in the report. This summer the AI Now institute published comments from many of the committee members on the report.

Senate Democratic leaders released a set of privacy principles and high-level guidelines for potential future legislation.

The Supreme Court agreed to hear Oracle v. Google, the multibillion-dollar copyright case on whether the interfaces in the Java programming language are fair use.

Researchers at the Duke Kunshan University have released a dataset for use in training machine learning systems to detect violence.

(Compiled by Student Fellow David Stein.)

According to the Intercept, the NYPD maintained until very recently a fingerprint database gathered from people charged as juveniles, in violation of state law.

Microsoft has announced that it will extend California’s privacy protections under the new California Consumer Privacy Act to the rest of the United States.

Following a Wall Street Journal article which revealed “Project Nightingale”, Alphabet (Google’s parent company) announced that it has partnered with Ascension, the second largest healthcare system in the United States. This will provide the company access to the health information of millions of patients across 21 states. In response, the Office for Civil Rights in the Department of Health and Human Services initiated an investigation to ensure that the partnership is in compliance with HIPAA. There is similarly a question as to the implications this partnership would have for Google’s plans to acquire FitBit.

A Federal District Court in Massachusetts ruled earlier this week that searches of electronic devices at the border without reasonable suspicion violate the Fourth Amendment.

A recent New York Times opinion piece offered the idea of a public option in AI to facilitate competitive entrance to the market.

The New York Times reported on the Trump administration’s push for new rules that will limit the scientific research the EPA can use to determine public health regulations. In particular, the article details “a new draft of the Environmental Protection Agency proposal, titled Strengthening Transparency in Regulatory Science, [which] would require that scientists disclose all of their raw data, including confidential medical records, before the agency could consider an academic study’s conclusions.” This measure would significantly impact regulation which is based on research results gathered from, for example, health records subject to confidentiality agreements. The draft, if it is adopted, could also apply retroactively to regulation currently in place.

Manual Override, an exhibit currently showing at the Shed at Hudson Yards, showcases works by artists engaging with and critiquing emerging technology.

(Compiled by student fellow Stav Zeitouni)