Blog

ILI Research Fellow Salome Viljoen wrote a piece for the Phenomenal World blog, critiquing ‘propertarian’ and ‘dignitarian’ approaches to data ownership. 

Google is providing data to law enforcement agencies based on keyword search warrants. Albert Fox Cahn of PRG and the Surveillance Technology Oversight Project ( S.T.O.P.) writes about the ensuing constitutional issues. 

Twitter amended policy which prevented users from posting links to a New York Post story about Hunter Biden. Company leadership explained that the platform was warning users about the “potentially unsafe” link because of a policy on the treatment of articles which are partially sourced in “hacked materials”. Facebook also limited the distribution of the article in its news feed, reportedly as part of their practice to give third-party fact-checkers time to review content. Glenn Greenwald criticizes both companies’ actions on The Intercept.

California’s Attorney General released a third set of proposed modifications to the text of California Consumer Privacy Act (CCPA).At the same time, Proposition 24 (the Consumer Personal Information Law and Agency Initiative) is on the ballot in California. Proposition 24 would expand or amend the CCPA, create the California Privacy Protection Agency, and remove the ability of businesses to fix violations before being penalized for violations.

The Knight First Amendment Institute at Columbia University concluded their Data and Democracy symposium. Session videos are available online.

Watch out for upcoming events at the NYU Law Guarini Institute for Global Legal Studies, including talks from Anupam Chander, Frank Pasquale, Lina Khan, and Daphne Keller.

(Compiled by Student Fellow Margarita Boyarskaya.)

• The House Judiciary Committee released their 449-page report on competition in digital markets, largely concluding (at least on the Democrat side) that Big Tech should be broken up.  
  
• Sue Halpern wrote an excellent piece in The New Yorker on the data collection practices of the Trump administration’s 2020 re-election campaign app, which offers thoughtful reflections on data collection and privacy generally.

(compiled by JSD Fellow Katrina Geddes)

In California, a federal court started hearing arguments in the case between Epic Games, the company that created Fortnite, and Apple and Google. Briefly, Epic Games argues that the companies’ relative app stores broke antitrust laws buy levying high commission on in-app purchases.

The US Department of Commerce published a whitepaper that helps organizations determine that sending personal data to the US is legitimate.

The background for this whitepaper is an ECJ decision from July. That decision held that requires organizations that use EU-approved data transfer mechanisms to verify, on a case-by-case basis, whether foreign legal protections concerning government access to personal data meet EU standards.

Amazon introduced a new contact-less palm reading technology, their latest way to verify users’ identity. The company explains that the technology uses configurations of veins under the skin to evaluate multiple aspects of the palm and select the most distinct identifiers on a users’ palms in order to create a palm signature. Those signatures are then encrypted and stored on a unique cloud.

New York launched its contact-tracing app, aimed to hedge the spread of Covid-19. The state related to privacy concerns, explaining that the app is anonymous, uses Bluetooth technology rather than GPS tracking, and “doesn’t give any privacy information.”
Facebook has launched a new forecasting tool that allows users to posit questions about future events and crowdsource predictions about the outcome.

Finally, the House Judiciary Committee held another hearing to discuss strengthening antitrust laws, especially with regards to tech companies. 

(compiled by JSD Fellow Tomer Kenneth)

–       Amnesty International investigation reveals that three European tech companies based in France, Sweden and the Netherlands sold digital surveillance systems to China’s public security agencies with the risk of direct use in China’s mass surveillance programs. (Amnesty International)

–       Facebook plans to permit people to claim ownership over images and moderate where those images appear across the Facebook Platform, including Instagram. Where there are multiple claims over an image, Facebook will yield to who filed first and an appeal can be made using Facebook’s IP reporting forms. (The Verge)

–       Recent lawsuit filed last week against Facebook alleges that Apple’s iOS 14 software indicates the use of iPhone cameras by Instagram to spy on people. (CNET)

–       The SCALES-OKN (Systematic Content Analysis of Litigation EventS Open Knowledge Network) team plans to build an AI powered data platform over the next three years that enables access to court records and analytics. (Scales)

–       President Trump announces that the government is looking into concrete legal steps against social media sites that are censoring conservatives online and nudged Republicans to open their own investigations into the matter. (The Washington Post)

–       John Hancock partners with Amazon to integrate Amazon Halo with John Hancock’s life insurance for its Vitality customers. (Coverager)

–       Senate Committee revisits the need for federal data privacy legislation despite past failed attempts at same. (Compliance Week)

–       Subscribe to Surveillance technology Oversight Project YouTube channel here.

(compiled by JSD Fellow Ngozi Nwanta)

• PRG’s own Albert Fox Cahn (director of the Surveillance Technology Oversight Project) has co-founded a new podcast, Surveillance and the City. Check it out here.
• On September 22 at 11am Eastern, global experts (including many PRG members) will weigh in at a town hall titled “Contextual Integrity of Contact Tracing.” Details here.
• The Surveillance Technology Oversight Project has been publishing great work lately exploring COVID-19’s effects on surveillance trends, including:
  • increasing surveillance of schoolchildren;
  • justice issues in online courts during COVID-19; and
  • contact tracing in higher education.
• Last week, Apple and Google announced a change in their mobile-phone-based contact tracing framework. Instead of providing a backbone on which government actors must create their own apps to notify people of potential exposure, the companies will now provide their own notification software.
• A few days ago, Facebook announced a new research partnership aiming to understand the impact of Facebook and Instagram on users’ political attitudes. Instead of conducting the research solely internally, Facebook has selected 17 external researchers with which it will partner. Users will be paid to stay off of their accounts throughout the election cycle, and the researchers will conduct studies to see the difference between their political attitudes and beliefs and those who continue to be users, among other research topics.

PRG 4/29 News Notes

The Israeli High Court of Justice issued a ruling that the internal service’s contact tracing must be done through means set in law by the legislature. They had not disclosed their methods previously, so the ruling strikes down their current practice. (Haaretz)

The ACLU was suing to enjoin “WAMI” program, currently a pilot program in Baltimore. The program involves surveillance planes equipped with cameras constantly flying over the city. A District Court judge denied the ACLU’s request for a temporary injunction. The ACLU is appealing the ruling. (Baltimore Magazine)

The UK is opting out of Google/Apple’s Bluetooth COVID tracing. Plans on building their own app with a private developer. (BBC)

The French government also pushed back on Apple/Google, requesting the companies disclose more info as part of API. (MacRumors.com)

The U.S. Supreme Court asked the company hiQ to respond to Linkedin’s motion to intervene in an ongoing case, which indicates that the Court is interested in/reviewing the case and may grant cert. The case concerns data scraping and could have major implications for biometrics and companies like Clearview. (MediaPost.com)

Congress put out a call for engineers to modernize governmental procedures – move to online/tech versions of systems currently done in paper, spurred by COVID-19. (Tech Congress)

The Colorado Supreme Court ruled that a search warrant requesting all contents of a cell phone was overbroad, thus violating the Fourth Amendment’s particularity doctrine. (Justia)

A large number of Americans are unable or unwilling to use Apple/Google’s COVID system. (Washington Post)

Germany changed their stance on the Apple/Google COVID initiative after resisting for a while. (DW.com)

China arrested several internet users who uploaded records of the coronavirus outbreak to Github. (QZ)

• France urged Google and Apple to ease their privacy protections because the current protocols wouldn’t permit the French contact tracing plan. (The Guardian)
• ILI Fellow Salome Viljoen wrote an op-ed with Jake Goldenfein and Ben Green about the discourse and narrative around protecting public health vs. protecting privacy, arguing that the privacy/health trade-off is a false one. (Jacobin)
• A group of privacy academics, researchers, and professionals in Europe called DP-3T has proposed a privacy-preserving contact tracing app as an alternative to PEPP-PT. The app, unlike PEPP-PT, is decentralized. (New Statesmen) (Github)
• A number of state supreme courts have adopted Facebook Live as their new way to stream proceedings and hearings. One or two have switched to YouTube. (Florida Supreme Court) (Vermont Supreme Court) (Michigan Supreme Court)
• The Microsoft policy team send out an email yesterday supporting the idea of an “open data opportunity,” trying to change their attitude toward the data they collect and how they share it with other actors. One feature that was interesting was their idea of “spectrum of open data” — trying to differentiate between non-sensitive data, commercially sensitive data, and personal data. (Youtube Explainer)

• PRG member Genevieve Fried wrote a piece with Rashida Richardson focusing on individual privacy while evaluating the merits of contact tracing ignores important qs about whether contact tracing works. It is not published yet. She has also been doing a lot of mapping work around contact tracing technology.
• Stevie Bergman posted a 5-part podcast she made at the end of last year about AI and human rights at a Princeton conference. (Soundcloud)
• Co-opting AI: A GDPR conversation featuring our own Ira Rubinstein. (Youtube)

(compiled by student fellow Tom McBrien)

On April 15, 2020, the PRG student fellows led a discussion about privacy and the ongoing coronavirus pandemic. Please see the slides here.

Zoom continues to face backlash over its privacy and security practices. In particular, concerns have been raised regarding the lack of end-to-end encryption, the prevalence of “zoombombing” (when uninvited participants join an ongoing Zoom meeting), and the fact that the company was apparently sending user information to Facebook. While many of these issues have been addressed by the company, they have also already led to at least two class actionlawsuits. In response to concerns, Zoom’s CEO has stated that the company is working on reevaluating and tweaking some features.  

HuffPost published an article highlighting the connections between Clearview AI, the facial recognition technology firm which has significant partnerships with law enforcement agencies, and the far-right movement in the United States.

A group of over 130 European scientists, technologists and experts has founded the Pan European Privacy Protecting Proximity Tracking organization. Its mission is to supply a technological solution to the COVID-19 crisis which adheres to European privacy and data protection laws and principles. The group is currently working on an app which would generate only temporary IDs and use Bluetooth technology to track interactions between individuals.

(Compiled by student fellow Stav Zeitouni)

• The CDC is collecting data on citizens’ locations and movements from cell phones, social media, and airline passenger manifests — and doing so without judicial oversight. (Daily Beast; Surveillance Technology Oversight Project)

• Zoom for Windows software has a vulnerability that allows attackers to steal users’ operating system credentials. (Ars Technica)

• Zoom uses a preinstallation script in order to install itself without the user’s final consent. Instead, a highly misleading prompt is used to gain root privileges. (Twitter)

• Cloudflare launched 1.1.1.1 for Families, a secure, fast, privacy-first DNS resolver that can block “adult” content (and malware.) However, there are concerns as to how the block-list was created and what is on this list. (Cloudflare)

• As mass surveillance proliferates in cities, some privacy activists are developing “stealth streetwear,” clothes and wearable items that help protects wearers’ anonymity.  (New Yorker)

(Compiled by Student Fellow Ginny Kozemczak)