Amazon has refused to hand over recordings from an Echo smart speaker to US police investigating a murder in Arkansas. Police issued a warrant to Amazon to turn over recordings and other information associated with the device.
Amazon twice declined to provide the police with the information they requested from the device, although it did provide account information and purchase history.
Although the Echo is known for having always-on microphones to enable its voice-controlled features, the vast majority of the recordings it makes are not saved for longer than the few seconds it takes to determine if a pre-set wake word (usually
Alexa ) has been said. Only if that wake word has been heard does the device's full complement of microphones come on and begin transmitting audio to Amazon.
However the police pursuit of the data suggests there is more of interest up for grabs than Amazon is admitting.
Amazon's reluctance to part with user information fits a familiar pattern. Tech companies often see law enforcement requests for data as invasive and damaging to an industry. It is clearly an issue for sales of a home microphone system if it is easy for
the authorities to grab recordings.
Other devices have also been good data sources for police investigations. Wristwatch-style Fitbit activity trackers have cropped up in a few cases eg for checking alibis against sleep patterns or activity.
A smart water meter has also been used in a murder case as evidence of a blood clean up operation,
Signal, an encrypted messaging apt for mobile devices had its service blocked in Egypt and UAE.
Now Signal have responded by making a new release available to those territories that should make the censors thinks twice before reaching for the block option.
The new Signal release uses a technique known as domain fronting. Many popular services and CDNs, such as Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly, and Akamai can be used to access Signal in ways that look indistinguishable from
other uncensored traffic. The idea is that to block the target traffic, the censor would also have to block those entire services. With enough large scale services acting as domain fronts, disabling Signal starts to look like disabling the internet. When
users in the two countries send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.
Signal , the messaging app that prides itself on circumventing government censorship, has a few new places where its flagship feature works. Last week it was Egypt, and now users in Cuba and Oman can send messages without fear of them being intercepted
and altered by lawmakers.
Online retailers in America will soon be required by law to disclose to state governments what purchases their customers have made.
The law seems to have been made up in US courts during a long-running legal case based around the jurisdiction of sales tax. An appeals court decision now requires out-of-state retailers to report to the Colorado state government the details of all
purchases, including what that purchase was and who bought it.
The US Supreme Court has refused to hear the case so the appeal court decision stands.
Colorado is not the only state pushing the requirement. Vermont will also make the same requirement three months after Colorado starts imposing the law. And other states including Alabama, South Dakota, Tennessee and Wyoming have approved similar rules.
The exec director of the American Catalog Mailers Association (ACMA), Hamilton Davison, is extremely concerned He said:
Consumers, particularly those who buy from catalogs and e-commerce merchants, put considerable trust in the businesses from which they make the most personal of purchases, he noted. This decision undermines this trust by requiring remote sellers to
report to state tax collectors on the buying habits of their customers, including health care products, apparel or other sensitive items.
Facebook has thwarted a dastardly plot by Admiral insurance company to try and get its hands on people's social media postings to assess
their insurance risk.
Admiral were planning to offer the possibility of discounts on car insurance for those silly enough to sign over their social media data.
Arch personal data guzzlers Facebook have refused to play ball, and has announced it would not allow the app to access people's posts, citing privacy concerns. A Facebook spokesman said:
Protecting the privacy of the people on Facebook is of utmost importance to us. We have clear guidelines that prevent information being obtained from Facebook from being used to make decisions about eligibility.
We have made sure anyone using this app is protected by our guidelines and that no Facebook user data is used to assess their eligibility. Facebook accounts will only be used for login and verification purposes. Our understanding is that Admiral will
then ask users who sign up to answer questions which will be used to assess their eligibility.
AT&T developed a product for spying on all its customers and made millions selling it to warrantless cops
AT&T's secret Hemisphere product is a database of calls and call-records on all its customers, tracking their location, movements, and interactions -- this data was then sold in secret to American police forces for investigating crimes big and
small (even Medicare fraud), on the condition that they never reveal the program's existence.
The gag order that came with the data likely incentivized police officers to lie about their investigations at trial -- something we saw happen repeatedly in the case of Stingrays, whose use was also bound by secrecy demands from their manufacturers.
Because the data was sold by AT&T and not compelled by government, all of the Hemisphere surveillance was undertaken without a warrant or judicial review (indeed, it's likely judges were never told the true story of where the data being entered into
evidence by the police really came from -- again, something that routinely happened before the existence of Stingray surveillance was revealed).
The millions given to AT&T for its customers' data came from the federal government under the granting program that also allowed city and town police forces to buy military equipment for civilian policing needs. Cities paid up to a million dollars a
year for access to AT&T's customer records.
A statement of work from 2014 shows how hush-hush AT&T wants to keep Hemisphere:
The Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence.
But those charged with a crime are entitled to know the evidence against them come trial. Adam Schwartz, staff attorney for activist group Electronic Frontier Foundation, said that means AT&T may leave investigators no choice but to construct a false
investigative narrative to hide how they use Hemisphere if they plan to prosecute anyone.
EFF is suing the US government to reveal DoJ records on the use of Hemisphere data.
The Open Rights Group has been keeping a careful eye on the Digital Economy Bill currently being debated in Parliament.
Age verification for online pornography
Compulsory age verification poses serious privacy concerns
that are not addressed within the Bill. Commercial pornographic websites may collect the exact identity details of their users, creating clear commercial opportunities for themselves.
Data collection creates inherent risks of data breaches and the lack of safeguards within the Bill creates opportunities for 'Ashley Madison' style data leaks revealing personal sexual preferences; since privacy protections are entirely absent from the
Amateur and smaller commercial websites will be unduly burdened by the Bill. Imposing the cost of age verification on them will make their existence as free and commercial entities untenable. This may also adversely affect sexual minorities by denying
them the means to freely express their sexuality.
While the Bill lacks proposals for blocking websites that do not comply for good reasons, it is proposed that payment providers will also be responsible for enforcement: hardly a bullet-proof solution. Meanwhile, online pornography will still be
available to those under 18, without age verification, elsewhere on the Internet.
It is concerning that these age verification solutions have arisen from the government's collaboration with pornographic producers who would themselves be able to raise additional revenue from the data collection itself. The Bill needs to reflect a clear
separation of commercial interests and child protection objectives.
The role of the age verification regulator needs to be defined in more detail on the face of the Bill. Such a regulatory body may lack expertise in aspects of age verification. Thus, without clearly defined duties (such as the protection and maintenance
of privacy) there is a significant risk that they will adopt superficial solutions to address complex issues.
Child protection should also be addressed from alternative perspectives. Children and young adults should receive effective education and guidance, whilst carers should be encouraged to provide protections suitable to a specific child. Such an approach
is more likely to succeed without imposing significant costs, restrictions or risks on a large number of adults.
The Open Rights Group has been keeping a careful eye on the Digital Economy Bill currently being debated in Parliament.
We have been involved in the process of open policy making on data sharing and we have summarised the concerns in a consultation response
The Bill would allow for bulk sharing of civil registration data at a request of a Department. The database will include the entire population and easily poses a risk of being misused. There is lack of corresponding safeguards that would reflect the size
of the database. The sharing of these common identifiers across government has the whiff of ID Cards by stealth. For these reasons, bulk powers should be removed or at least have strict restrictions posed on their use.
Safeguards for data sharing should be brought on to the face of the Bill instead of being buried in Codes of Practice. Currently the Bill is lacking transparency and for this reason it should reinstate Parliamentary approval for permanent data flows and
include sunset clauses.
The proposals to share the data on people's debts across government departments show limited benefits. The provisions in the Bill are not capable of cancelling or prioritising the debt. More changes to how data is handled would be necessary to ensure
that benefits are delivered.
The UK's data protection agency has announced it is looking into Facebook's plans to use WhatsApp phone numbers and customer data to
generate leads and for personalised advertisng on Facebook.
Mirroring the concerns of many Brits, the Information Commissioner's Office (ICO) has said it will monitor how WhatsApp data is shared with the Facebook. Information Commissioner Elizabeth Denham said in a statement :
We've been informed of the changes. Organisations do not need to get prior approval from the ICO to change their approaches, but they do need to stay within data protection laws. We are looking into this.
Denham said ICO planned to pull back the curtain and ensure both Facebook and WhatsApp were providing users with the requisite transparency.
Plenty of users have objected to the plans, with many choosing to opt out and not to share the details with Facebook.
Nagware makers Microsoft have come under fire from France's National Data Protection Commission (CNIL) over Windows 10 collecting too much data
CNIL has ordered Microsoft to comply with the French Data Protection Act within three months. The company has been ordered to stop collecting excessive data and tracking browsing by users without their consent .
In addition to this, the chair of CNIL has notified Microsoft that it needs to take satisfactory measures to ensure the security and confidentiality of user data . The notice comes after numerous complaints about Windows 10, and a series of
investigations by French authorities which revealed a number of failings on Microsoft's part.
The CNIL particularly notes Windows 10's telemetry 'service' which gathers information about the apps users have installed and how long each is used for. The complaint is that these data are not necessary for the operation of the service .
The company is also criticized for its lack of sufficient security -- such as the four-digit PIN used to protect payment information which does not have a limit on the number of guesses that can be made. The CNIL's list of complaints does not end there.
It also took exception to the activation of an advertising ID for tailored advertising without user consent, the lack of cookie blocking options, and the fact that data is being transferred out of Europe to the US.
The US authorities are set to add questions to immigration arrivals forms asking for IDs used on social media such as Facebook and
Twitter. Reports suggest that it is supposedly voluntary to provide such information, but it wouldn't be difficult to drop a few hints, that those not providing such info may not be granted entry, to make it more or less mandatory.
A Notice by the U.S. Customs and Border Protection (CBP) on 06/23/2016 detailed the new question:
CBP Forms I-94 (Arrival/Departure Record) and I-94W (Nonimmigrant Visa Waiver Arrival/Departure Record) are used to document a traveler's admission into the United States. These forms are filled out by aliens and are used to collect information on
citizenship, residency, passport, and contact information. The data elements collected on these forms enable the Department of Homeland Security (DHS) to perform its mission related to the screening of alien visitors for potential risks to national
security and the determination of admissibility to the United States.
DHS proposes to add the following question to ESTA and to Form I-94W:
Please enter information associated with your online presence -- Provider/Platform -- Social media identifier.
It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity
and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.
East Lothian Council has adopted the policy of using fake Facebook profiles enabling council employees to spy on
A new policy has enabled investigating officers at East Lothian Council to use false Facebook identities to befriend targets and? scour social media pages not protected by privacy settings.
The nine-page surveillance through social media policy agreed by officials has been branded beyond creepy by critics who have questioned whether it infringes privacy rights.
Human rights lawyers and civil liberties groups have blasted the move, describing it as a sign that powers normally only used by police were spreading into other areas.
Daniel Nesbitt, research director of Big Brother Watch, said the council needs to say why these tactics are necessary, why they think they are proportionate and what safeguards will be in place. He added:
For years now councils have been criticised for using heavy-handed snooping tactics, and a nine-page document simply isn't good enough.
Jason Rose, who stood for the Greens in the East Lothian constituency in last year's Westminster elections said the? policy was beyond creepy :
I cannot believe our councillors have agreed this policy. It speaks volumes that a council which is so poor at communicating with the public and does not make its meetings available to view online agrees a covert surveillance policy in such a secretive
Facebook has been fined 100,000 euros in Germany after failing to follow orders regarding clearer privacy terms and conditions for users.
The regional court of Berlin ruled that the company did not sufficiently alter the working of an intellectual property clause in its terms and conditions, despite being told to do so following a complaint filing by the Federation of German Consumer
Organizations. The entity's head, Klaus Mueller, said that Facebook keeps attempting to evade customer laws in Germany as well as in the entire continent.
In March 2012, a German court originally ruled that the company's terms and conditions were vague on the extent to which it could go with users' data and intellectual property, implying Facebook could license its users' photos and videos to third parties
for business reasons. However, the authorities' primary issue was Facebook's compliance with the US government to provide data for its mass surveillance programs. After Edward Snowden's revelations on the US government's spying programs and how the tech
industry complies, the issue has gained more gravity.
While Facebook complied with the ruling four years ago, the Berlin court now concludes that it merely changed the wording of the clause in question without changing the message that it conveyed. Meanwhile, the company defended itself saying that it had
complied with the original ruling and was issued the fine because it couldn't implement the changes quickly enough.
We've also redesigned the site look and feel, including friendlier layout on mobile devices. If your browser lacks protections, Panopticlick 2.0 will recommend installing tools that are available on your platform, such as
, in order to get better protections as you navigate the Web.