Tag: data collection

The World’s Largest Biometric Digital ID System, India’s Aadhaar, Just Suffered Its Biggest Ever Data Breach

In one fell swoop, roughly 10% of the global population appears to have had some of their most valuable personal identifiable information (PII) compromised. Yet Aadhaar continues to receive plaudits from Silicon Valley. 

An anonymous hacker claims to have breached the digital ID numbers, as well as other sensitive personal data, of around 815 million Indian citizens.

To put that number in perspective, it is more than 60% of the 1.3 billion Indian people enrolled in the government’s Aadhaar biometric digital identity program, and roughly 10% of the entire global population. Thanks to the breach — the largest single one in the country’s history, according to the Hindustan Times — the personal data of hundreds of millions of Indians are now up for grabs on the dark web, for as little as $80,000.

To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans and a facial photograph. Much of that data has apparently been compromised.

Media reports suggest that the source of the leak was the Covid-19 test data of the Indian Council of Medical Research (ICMR), which is linked to each individual’s Aadhaar number.

Keep reading

Cars are collecting data on par with Big Tech, watchdog report finds

An internet and privacy watchdog has a warning: Your car is tracking you, and it’s collecting far more information than it needs just to get you where you’re going.

Mozilla, the nonprofit that develops the Firefox browser, released a report Wednesday detailing how the policies of more than two dozen car manufacturers allow for the collection, storage and sale of a wide range of sensitive information about auto owners.

Researchers behind the report said that cars now routinely collect data on par with tech companies, offer few details on how that data is stored and used, and don’t give drivers any meaningful way to opt out.

“Cars are a humongous privacy nightmare that nobody’s seemingly paying attention to,” said Jen Caltrider, who directs Privacy Not Included, a consumer privacy guide run by Mozilla. “And they’re getting away with it. It really needs to change because it’s only going to get worse as cars get more and more connected.”

Unlike Europe, the U.S has few meaningful regulations on how companies trade and store personal data. That’s led to a bustling industry of companies that buy and sell peope’s information, often without their knowledge.

Keep reading

No Warrant, No Problem

In 1928, the late Supreme Court Justice Louis D. Brandeis characterized the values underlying the Fourth Amendment to the U.S. Constitution as embracing the uniquely American right, and the right most valued by civilized persons, which he called the right to be let alone. Today we call it the right to privacy. He also warned that the greatest dangers to privacy lurk in the slow and insidious encroachments upon it by zealots in the government.

Last week, the Biden administration’s director of National Intelligence caused me to recall Justice Brandeis’ warnings when she revealed that the 16 federal spying agencies that she nominally supervises have begun to do indirectly what the Constitution prohibits them from doing directly.

Since they cannot obtain search warrants from a judge to surveil targets without first demonstrating under oath probable cause of crime by the persons whose surveillance they seek, these zealots in the government are purchasing private data about every American adult from the corporations and entities to which we all have unwittingly surrendered it.

This constitutes computer hacking – and it is as criminal as if federal agents had directly broken into the computers of those about whom and from whom they desire personal data.

Can the government do indirectly what the Constitution prohibits it from doing directly? In a word: NO.

Here is the backstory.

Keep reading

White House to partner with social media monitoring tool

The Biden administration is about to sign a contract with Dataminr – a licensing deal for the company’s product that is used in the monitoring of social media.

This is revealed in documents published by the Defense Information Systems Agency (DISA) which will buy 30 licenses to deploy Dataminr’s First Alert V2, designed for the public sector and the scouring of 200,000 online sources and data mining, then compiling real-time news alerts for the White House, and other clients.

Dataminr is a popular tool used by news desks and others that want to monitor the internet and it’s easy to see why it would be useful to the government. Portions of the press show an unfavorable attitude towards Dataminr because it was used by police in many cities, including New York and Los Angeles, to monitor the 2020 Black Lives Matter protests and riots.

US Defense Department’s non-civilian employees already use Dataminr’s services thanks to a 2021 contract signed with the Air Force.

DISA said in June it had no plans to directly or in another way “involve” Twitter as a subcontractor. In August, this agency that handles the White House communications said it needed a contract (with Dataminr) of its own because civilians it employs cannot utilize mass surveillance of social media through that Air Force deal.

New York-based Dataminr, which is also known for its work as one of Twitter’s official partners and bills itself as an AI company, has been awarded the contract but the details, such as its duration and the overall cost of licensing have not been announced.

Meanwhile, it is speculated that Dataminr was chosen by the US administration precisely for its association with Twitter, as DISA spelled it out in the document explaining the choice of the vendor by saying it must be a certified Twitter partner.

Keep reading

Google Is Like ‘a Stranger Watching Your Child Through Their Bedroom Window’

By default, Google Chrome allows any and all tracker cookies to follow your every move online.

Google is without a doubt the largest and clearest monopoly on the planet. It dominates online searches and advertising, which in and of itself leads to automatic bias.

As noted by Google’s founders Sergey Brin and Lawrence Page in their 1998 paper, “The Anatomy of a Large-Scale Hypertextual Web Search Engine,”

“… [W]e expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of consumers.”

Google has also infiltrated many other areas of our day-to-day lives, having acquired dozens of other companies you might not realize belong to Google or its parent company, Alphabet.

Among the most well-known are YouTube, the largest video platform on the web, and Android, one of the most popular operating systems worldwide.

Google also has significant influence over urban developmenthealth care and childhood education.

Keep reading

Why Facebook May Have Your Medical Records

By now, most people are aware that if they “like” a certain page on Facebook, it gives the social media giant information about them.

“Like” a page about a particular disease, for instance, and marketers may begin to target you with related products and services.

Facebook may be collecting sensitive health data in far more insidious ways as well, however, including tracking you when you’re on hospital websites and even when you’re in a personal, password-protected health information portal like MyChart.

It does this via pixels, which may be installed without your knowledge on websites you visit. They can collect information about you as you browse the web, even if you don’t have a Facebook account.

Keep reading

How the Federal Government Buys Our Cell Phone Location Data

Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.

Where does the data come from?

Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.

That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.

Keep reading

Mental health and worship apps are found to be some of the most privacy invasive

Apps that deal with some of the most sensitive and personal data, such as that concerning a user’s mental health or religious activities, are said to rank among the worst privacy offenders.

This is the conclusion of a study conducted by the Mozilla Foundation, which singled out mental health and prayer apps as being prone to track and collect data revealing a person’s state of mind, feelings, and thoughts, and then “share” that for-profit via targeted advertising.

Mozilla’s team looked into 32 apps from this category, putting a “privacy not included” label on 29, and publishing the findings in a guide of the same name. 25 of these apps didn’t pass the foundations’ minimum security standards around password quality and handling of security updates.

PTSD Coach, developed by the US The Department of Veterans Affairs, has “strong privacy policies and security practices,” while chatbot Wysa “seems to value users’ privacy.” And the Catholic prayer app Hallow was the only one to “respond in a timely manner” to Mozilla’s emails.

Besides these technical issues, the apps singled out in the report are also said to target “vulnerable users with personalized advertisements” and track and share biometric data.

Keep reading

Scooping private data doesn’t violate Fourth Amendment if the owner can still access it, court rules

The US Ninth Circuit Court of Appeals appears to have given the government permission to order anyone’s internet account data copied and held without any cause, whenever they want, without providing any justification, according to University of California, Berkeley School of Law professor Orin Kerr’s analysis of a recent Ninth Circuit briefing that affirmed Carsten Igor Rosenow’s conviction and sentencing for sexually exploiting children in the Philippines.

In his appeal to the Ninth Circuit, Rosenow argued that he had a right to privacy in his digital data and that law enforcement requests to preserve his Yahoo! account data, which were submitted without a warrant after a tip from Yahoo!, violated the Fourth Amendment’s protection against unreasonable search and seizure.

But the Ninth Circuit rejected his argument and affirmed his conviction, saying that Yahoo!’s preservation of Rosenow’s records didn’t amount to an unreasonable seizure because the preservation requests didn’t prevent him from accessing his account and Yahoo! didn’t provide the government with access to his data without further legal process:

“A ‘seizure’ of property requires ‘some meaningful interference [by the government,] with an individual’s possessory interests in [his] property.’ Jacobsen, 466 U.S. at 113. Here, the preservation requests themselves, which applied only retrospectively, did not meaningfully interfere with Rosenow’s possessory interests in his digital data because they did not prevent Rosenow from accessing his account. Nor did they provide the government with access to any of Rosenow’s digital information without further legal process.”

The court also claimed that Rosenow had already consented to these preservation requests when he accepted Yahoo!’s terms of service:

“It also is worth noting that Rosenow consented to the ESPs [electronic service providers] honoring preservation requests from law enforcement under the ESPs’ terms of use.”

We obtained a copy of the Ninth Circuit’s briefing for you here.

Keep reading