Category: Uncategorized

The Machine Learning algorithms Amazon has been using to screen applicant’s resumes generated gender biases. This is the most recent in a line of cases of algorithm generated biases. Amazon’s system has taught itself that male candidates were preferable to female and therefore started to sort for particular terms used mostly by male applicants.

More on Amazon: the company has patented new features for its personal assistant device, Alexa, which would allow it to identify when the user is sick and suggest treatment based on voice recognition.

Google has officially filed an appeal for the European Commission decision to fine the company $5B for illegal antitrust practices involving Android devices and the company’s search engine. On another note, earlier this week the company has announced that it is shutting down its social media platform Google+ due to a bug which allowed apps to access information that was not public.

The Subcommittee on Information Technology of the House Committee on Oversight and Government Reform has published a report about the growing impact of Artificial Intelligence on U.S. policy. The report finds, amongst others, that AI is an immature technology that will affect the workforce in yet unknown ways, that it uses massive amounts of data which may invade privacy or perpetuate biases and that it has potential to disrupt every sector of society.

The National Telecommunications and Information Administration, U.S. Department of Commerce has published a request for comments regarding the ways to advance consumer privacy while protecting prosperity and innovation. The NTIA mentioned several outcomes for the desired approaches, including transparency, control, reasonable minimization, security, access and correction, risk management and accountability.

The United States Government Accountability Office has published a report about the Department of Defense’s cybersecurity threats. According to the report, using relatively simple tools and techniques testers were able to take control of systems and largely operate undetected, pointing at different cyber vulnerabilities in the weapons systems.

Finally, during a warranted house search in Ohio, the FBI has instructed a citizen to put his face in front of his iPhone in order to unlock it, sparking a debate about the constitutionality of ordering a citizen to unlock their iPhone using face-detection.

Tomer Kenneth compiled this week’s roundup.

Uber agreed to pay $148 million in settlement for 2016 data breach (Washington Post).  

French data protection authority issued some of the first formal guidance on blockchain and the GDPR (Tweet by Michele Finck, Study).

Spotify and Ancestry can tell you your “music DNA” from your actual DNA (QZ).  

Brian Acton, WhatsApp founder, described why he left Facebook, stating “I sold my users’ privacy… I live with that every day.” In a Forbes article, Brian Acton discussed how his privacy views differ from Facebook’s, in particular relating to targeting in advertising.

Additionally, the Instagram founders who sold the company to Facebook in 2012 have stepped down (Bloomberg).

Users were upset when Google started automatically logging users into Chrome (ZDNet, Mashable).

The NY Times is trying to figure out if the spam-like comments on FCC net neutrality are linked to Russia (MediaPost).

Twitter announced a policy banning dehumanizing speech and opening it up to a two week comment period (Wired).

The MarkUp got a $20 Million grant from Craigslist founder to focus on tech related investigative news (TechCrunch).

Cassi Carley compiled this week’s roundup.

A little-known data firm that created 48 million user profiles by scraping data from sites like Facebook, LinkedIn and Zillow had been storing its profiles on Amazon cloud storage without password protection, leaving it open for anyone to download.

“In a brief per curiam decision, the [Supreme Court] dismissed United States v. Microsoft Corp., which asked whether the company was required to comply with a warrant for emails stored overseas, as moot in light of the recent passage of a federal statute affecting the central issue in the case.” (from SCOTUSblog)

A judge has found that a class action suit challenging Facebook’s facial recognition under an Illinois statute can move forward.

While Mark Zuckerberg’s testimony drew widespread attention, Wired documented Facebook’s efforts to roll back state privacy laws.

Senator Ted Cruz wrote an Op-Ed for Fox News asserting that Facebook has been suppressing conservative speech.

A bipartisan data privacy bill was introduced in the Senate that, among other things, would require companies to notify users within 72 hours of a data bread.

The U.S. District Court for the District of Columbia issued a decision in Sandvig v. Sessions. The case pitted the First Amendment against data privacy concerns, and the decision has garnered interest and some criticism.

Facebook says it will not apply  some GDPR protections to US citizens.

The Wall Street Journal reported on efforts to incorporate facial recognition technology into surveillance and police body cameras.

The United States Department of Education issued a letter to Agora Charter Schools telling them that they cannot require parents to use an online service that would require them to waive their rights under FERPA.

FISA section 702 was extended.

Times of India reports that the Indian Supreme Court “said apprehensions of profiling of citizens on the basis of Aadhaar data is a serious issue that needs examination”

Emiliano Falcon and Eli Siems contributed

A recent Op-Ed in the New York Times assailed the academic community for being asleep at the wheel on the critical study of algorithms and technology more broadly. Meanwhile NYU officially launched the AInow Institute for the study of the social implications of AI.

News from the Internet of things: an app-integrated remote control sex toy was secretly recording audio and usage data; the FDA approved digital “Smart Pills.”

Some facebook users have noted that the site’s “people you might know” feature has gotten strikingly– and sometimes inexplicably– accurate. It seems that the company uses “shadow profiles” that are “built from the inboxes and smartphones of other Facebook users”.

Rhizome Artbase is accepting proposals for papers, presentations, and scholarship on the ethics of archiving the web.  

Less than a month after it went on sale, Apple’s Face ID, the newest feature of the iPhone X, got hacked by a Vietnamese security company. They used a 3D printed mask to fool the camera. Apple declined to comment, and some people are skeptical about the threat.

News Roundup, April 26

By Eli Siems

U.K. Parliament concluded an inquiry into algorithmic decision-making. James Davenport contributed.

“Buzzfeed is building a team of writers to sell you stuff you didn’t know you wanted,” mainly by producing familiar lists and slideshows about products and linking to partners like Amazon.com. They hope users will share these ads on social media as they would any other Buzzfeed piece.

Unroll Me, a service that unsubsribes users from mailing lists, has been scanning people’s inboxes for items like Lyft receipts and selling that data to interested parties.

A new class-action suit alleges that the Bose Connect app secretly gathers a broad swath of user data that the headphone company then share with third parties.

Lambda Legal has filed suit against Puerto Rico and Idaho for policies forbidding transgender people from changing the gender on their birth certificates.

A German court ordered Facebook to stop mining users’ WhatsApp data because the company had failed to obtain genuine user consent.

PRG NEWS ROUNDUP: APRIL 12

by Caroline Alewaerts

A research from New York University and Michigan State University reveals that smartphone fingerprint sensors may not be as secure as we think. The researchers managed to digitally create fake fingerprints (“MasterPrints”) that could match real fingerprints up to 65% of the time. Although not tested in real-life conditions, the research still raises question as to the security of smartphones that rely on fingerprints.

Germany is about to introduce a new law designed to regulate hate speech on social media platforms. The draft law will require social media networks, such as Facebook, Twitter, etc., to remove illegal content within 24 hours of receiving a notification. Under this new legislation, failure to comply with this obligation will expose the social media company to fines up to € 50 millions ($ 53 millions).

Burger King launched a controversial TV ad this Wednesday that takes control of your Google home device. In the commercial, the actor asks “O.K. Google, what is the Whopper burger?”, which automatically activates the Google home device located near the TV and starts reciting the burger ingredients from Wikipedia. Burger King did not contact nor obtain Google’s approval before launching the ad, and it seems that, by Wednesday afternoon, Google home devices had stopped reacting to the ad. Some argue that this kind of ‘hijacking’ of smart home speakers may constitute an unauthorized access prohibited under the Computer Fraud and Abuse Act.

Kartik Prasad

Information Privacy Law

Professor Ira Rubinstein

April 12, 2017

Transparency Reports and the FREEDOM Act.

The Snowden revelations showcased how Sections 215 and 702 was abused by the NSA in bulk collection of phone metadata. The FREEDOM Act (the Act) sought to curtail this practice by banning the NSA from directly collecting the metadata. Now, its role is limited to approaching service providers using Reasonable Articulable Suspicion approved selectors, as opposed to simply gathering all the metadata itself. This article, through the emergence of the latest transparency reports, will showcase how despite the banning of bulk collection, the same is still achievable today. This is because the Act only shifts the burden of collection onto the service providers, while the law silently permits the government to collect the same from such providers.

The Act also imposes transparency requirements on the Foreign Intelligence Surveillance Court, which otherwise has a long (and notorious) history of secrecy. The FISC is now required to start publishing its decisions thanks to the Act. Interestingly, pursuant to the FREEDOM Act, many data companies have started issuing their own transparency reports.  These are published for such companies to be more transparent with their customers about disclosures made to the government. More pertinently, these transparency reports show a number of subpoenas and gag orders relating to the disclosure of these subpoenas.

There is ample legislation allowing the FBI and other government agencies to issue subpoenas to service providers, requiring them to hand over their information. What is important is that with regard to phone metadata, old precedent of the Supreme Court does not accord any 4^th Amendment protection to it. This is because information that is given to third parties, such as phone operators and banks, do not entail a reasonable expectation of privacy (See Smith v. Maryland and U.S. v. Miller. While circuit courts have questioned the applicability of such a doctrine in modern times, the fact remains that the Court has not overturned it enforcement agencies can continue to use it to their advantage.

The transparency reports showcase how these subpoenas can be overbroad, and can be used to achieve what was sought to be banned through the passage of the Act. Recently, Signal, a messaging app, was served a subpoena to hand over its records relating to a targeted customer of its app by the FBI. Unsurprisingly, this subpoena came with a gag order. However, Signal does not have a log of the data it collects of the communications by its customers and could not provide them with what they were looking for. However, they fought the gag order and had it successfully lifted on account of it being overbroad. Apart from Signal, there seems to be a growing trend of tech giants such as Yahoo and Google disclosing such NSLs. This only indicates that they were successful in getting these lifted.

However, there is a larger issue from the facts above. It is clear that passing the burden of collection onto third party service providers does not seem to have been done with an intention of preserving privacy. To the contrary, it seems to have been engineered by the government to legitimise its exposed and questionable information collection tactics. Instead of collecting the information themselves, the government may serve the service providers with a subpoena and gain the information without any judicial oversight. This highlights a great inadequacy, which the FREEDOM Act failed to address. However, the increasing disclosure of the NSLs in transparency reports indicate the growing sentiment that the shroud of secrecy around data gathering by federal agencies can be excessive.

Sources:

https://techcrunch.com/2016/12/13/google-national-security-letters/

https://techcrunch.com/2016/06/01/usa-freedom-act-allows-yahoo-to-disclose-3-national-security-letters/

https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/