Blog

A recent BuzzFeed News story demonstrated the relative ease with which people can be tracked around New York City, through a cross reference of public cameras accessed via EarthCam and Instagram stories geotagged to Times Square.

The European Court of Justice ruled in Google v. CNIL that Google is required to carry out a delisting (or “dereferencing”, as the Court put it) of search results on all versions of the search engine which correspond to EU member states when ordered to delist by one member state. It is important to note that the Court seemed to invite member states to consider even broader extraterritorial regulation in this vein.

Rep. Mark Takano (CA) introduced a bill that would help defendants in federal criminal trials access forensic algorithms used in probabilistic genotyping software.

ImageNet, an image database organized by nouns (modeled on the WordNet hierarchy), announced that it would remove roughly half of the images in its “person” category, in order to combat some of the biases that have become embedded in the dataset. In response, ImageNet Roulette has announced that its website would be taken off the internet on September 27, 2019.

The Department of Housing and Urban Development has announced its intention to re-work its disparate impact policies, which would likely make it much more difficult for potential complainants to prove that they’ve been victims of discrimination in housing. The proposed rule also contains a section on the use of algorithms in housing decisions, which reads, “Paragraph (c)(2) provides that, where a plaintiff identifies an offending policy or practice that relies on an algorithmic model, a defending party may defeat the claim by: (i) Identifying the inputs used in the model and showing that these inputs are not substitutes for a protected characteristic and that the model is predictive of risk or other valid objective; (ii) showing that a recognized third party, not the defendant, is responsible for creating or maintaining the model; or (iii) showing that a neutral third party has analyzed the model in question and determined it was empirically derived, its inputs are not substitutes for a protected characteristic, the model is predictive of risk or other valid objective, and is a demonstrably and statistically sound algorithm.” To submit a comment on the proposed rule, go here.

The use of facial recognition technology in public housing has received some backlash.

The FTC is still requesting comments on the effectiveness of the amendments to the Children’s Online Privacy Protection (COPPA) Rule.

Compiled by Stav Zeitouni and Tom McBrien.

Cell-site location information (CSLI), which is often used as evidence in court to connect suspects to crime, has come under more scrutiny after it was revealed that incorrect data may have played a part in more than 10,000 criminal cases in Denmark. Thirty-two individuals have already been released from prison upon showing that their convictions rested on inaccurate CSLI data.

BBC recently introduced a child wellbeing app named “Own It,” which aims to help children develop healthy online habits by monitoring their screen time, discouraging them from sharing sensitive information, and monitoring the tone of their messages. While the app has some privacy advantages over some of its peers, such as its lack of reporting features to parents, it joins a growing list of “sentiment analysis” technologies that analyze and categorize users’ moods via their online activity.

A bill introduced to New York City Council would bar the City from adding financial services chips to municipal identification cards. While the chip may have increased access to financial services for low-income New Yorkers, many feared the potential for exposing undocumented New Yorkers to immigration agencies.

A neighborhood in Loomis, California decided to install license plate surveillance technology to help the area fight crime. The technology takes a picture of the license plate of every car that enters and leaves the neighborhood, after which the pictures are stored for thirty days.

Written by Tom McBrien

PRG News Round Up – October 24

Ann Cavoukian, the former privacy commissioner of Ontario and key developer of the Privacy by Design movement, resigned from Sidewalk Labs. Cavoukian said that her resignation was intended as a “strong statement” about the treatment of data privacy in Sidewalk Labs’ plans for a smart city neighborhood in Toronto. Sidewalk Labs had recently shared that, while it was committed to de-identifying all the data it collects, it would not require, and therefore could not guarantee, that other groups participating in the project would do the same. 

Subscribers have reported that Netflix shows different images to represent titles depending on a user’s race or ethnicity. Netflix has denied such racial targeting and has insisted that they only use a user’s past viewing history to inform promotional images.  

According to a recent study in Science, it is becoming increasingly easy to identify someone in the United States based existing ancestral data voluntarily given to companies such as 23andMe. Police have been able to use long-range familial searches to identify and arrest suspects in cases. This investigatory technique is particularly successful in identifying individuals of certain ethnic backgrounds— the study found that approximately 60% of the searches for individuals of European-descent will result in a third cousin or closer match.

This news roundup was compiled by Alexia Ramirez

The Machine Learning algorithms Amazon has been using to screen applicant’s resumes generated gender biases. This is the most recent in a line of cases of algorithm generated biases. Amazon’s system has taught itself that male candidates were preferable to female and therefore started to sort for particular terms used mostly by male applicants.

More on Amazon: the company has patented new features for its personal assistant device, Alexa, which would allow it to identify when the user is sick and suggest treatment based on voice recognition.

Google has officially filed an appeal for the European Commission decision to fine the company $5B for illegal antitrust practices involving Android devices and the company’s search engine. On another note, earlier this week the company has announced that it is shutting down its social media platform Google+ due to a bug which allowed apps to access information that was not public.

The Subcommittee on Information Technology of the House Committee on Oversight and Government Reform has published a report about the growing impact of Artificial Intelligence on U.S. policy. The report finds, amongst others, that AI is an immature technology that will affect the workforce in yet unknown ways, that it uses massive amounts of data which may invade privacy or perpetuate biases and that it has potential to disrupt every sector of society.

The National Telecommunications and Information Administration, U.S. Department of Commerce has published a request for comments regarding the ways to advance consumer privacy while protecting prosperity and innovation. The NTIA mentioned several outcomes for the desired approaches, including transparency, control, reasonable minimization, security, access and correction, risk management and accountability.

The United States Government Accountability Office has published a report about the Department of Defense’s cybersecurity threats. According to the report, using relatively simple tools and techniques testers were able to take control of systems and largely operate undetected, pointing at different cyber vulnerabilities in the weapons systems.

Finally, during a warranted house search in Ohio, the FBI has instructed a citizen to put his face in front of his iPhone in order to unlock it, sparking a debate about the constitutionality of ordering a citizen to unlock their iPhone using face-detection.

Tomer Kenneth compiled this week’s roundup.

Uber agreed to pay $148 million in settlement for 2016 data breach (Washington Post).  

French data protection authority issued some of the first formal guidance on blockchain and the GDPR (Tweet by Michele Finck, Study).

Spotify and Ancestry can tell you your “music DNA” from your actual DNA (QZ).  

Brian Acton, WhatsApp founder, described why he left Facebook, stating “I sold my users’ privacy… I live with that every day.” In a Forbes article, Brian Acton discussed how his privacy views differ from Facebook’s, in particular relating to targeting in advertising.

Additionally, the Instagram founders who sold the company to Facebook in 2012 have stepped down (Bloomberg).

Users were upset when Google started automatically logging users into Chrome (ZDNet, Mashable).

The NY Times is trying to figure out if the spam-like comments on FCC net neutrality are linked to Russia (MediaPost).

Twitter announced a policy banning dehumanizing speech and opening it up to a two week comment period (Wired).

The MarkUp got a $20 Million grant from Craigslist founder to focus on tech related investigative news (TechCrunch).

Cassi Carley compiled this week’s roundup.

A little-known data firm that created 48 million user profiles by scraping data from sites like Facebook, LinkedIn and Zillow had been storing its profiles on Amazon cloud storage without password protection, leaving it open for anyone to download.

“In a brief per curiam decision, the [Supreme Court] dismissed United States v. Microsoft Corp., which asked whether the company was required to comply with a warrant for emails stored overseas, as moot in light of the recent passage of a federal statute affecting the central issue in the case.” (from SCOTUSblog)

A judge has found that a class action suit challenging Facebook’s facial recognition under an Illinois statute can move forward.

While Mark Zuckerberg’s testimony drew widespread attention, Wired documented Facebook’s efforts to roll back state privacy laws.

Senator Ted Cruz wrote an Op-Ed for Fox News asserting that Facebook has been suppressing conservative speech.

A bipartisan data privacy bill was introduced in the Senate that, among other things, would require companies to notify users within 72 hours of a data bread.

The U.S. District Court for the District of Columbia issued a decision in Sandvig v. Sessions. The case pitted the First Amendment against data privacy concerns, and the decision has garnered interest and some criticism.

Facebook says it will not apply  some GDPR protections to US citizens.

The Wall Street Journal reported on efforts to incorporate facial recognition technology into surveillance and police body cameras.

The United States Department of Education issued a letter to Agora Charter Schools telling them that they cannot require parents to use an online service that would require them to waive their rights under FERPA.

FISA section 702 was extended.

Times of India reports that the Indian Supreme Court “said apprehensions of profiling of citizens on the basis of Aadhaar data is a serious issue that needs examination”

Emiliano Falcon and Eli Siems contributed

A recent Op-Ed in the New York Times assailed the academic community for being asleep at the wheel on the critical study of algorithms and technology more broadly. Meanwhile NYU officially launched the AInow Institute for the study of the social implications of AI.

News from the Internet of things: an app-integrated remote control sex toy was secretly recording audio and usage data; the FDA approved digital “Smart Pills.”

Some facebook users have noted that the site’s “people you might know” feature has gotten strikingly– and sometimes inexplicably– accurate. It seems that the company uses “shadow profiles” that are “built from the inboxes and smartphones of other Facebook users”.

Rhizome Artbase is accepting proposals for papers, presentations, and scholarship on the ethics of archiving the web.  

Less than a month after it went on sale, Apple’s Face ID, the newest feature of the iPhone X, got hacked by a Vietnamese security company. They used a 3D printed mask to fool the camera. Apple declined to comment, and some people are skeptical about the threat.