Tag: privacy

The NYPD Is Illegally Leaking Sealed Records About Children to Tabloids

Last spring, New York City police officers stopped a 19-year-old on the subway during her commute. She was eligible for a free transfer from the bus to the subway, but the transfer failed to register at the turnstile, so she and a friend entered through the platform emergency exit door.

Police stopped them, took their names, and let her friend go. Officers told the 19-year-old she had a prior arrest — from 2018, when she was in her early teens — and began to question her.

The cops should not have known about that past arrest. A New York state law protects juvenile records in cases without any finding of guilt from access by anyone, including law enforcement, without a court order.

The arrest had occurred after an incident involving the girl’s mother that resulted in child services filing a petition against her mother for abuse and neglect, and removal of the girl from her mother’s custody. At the time of the subway encounter, she was still in foster care.

The arrest was never prosecuted and was later dismissed and sealed. Yet officers had managed to access the sealed record from their phones and question her about it.

The young woman is one of three plaintiffs who filed a class-action suit in July against the city and NYPD Commissioner Edward Caban for what they said was a practice of illegally accessing, using, and leaking sealed youth records. The suit, which was unsealed Thursday, alleges that officials routinely share those sealed records with prosecutors and the media — specifically with pro-cop tabloids that regularly publish juvenile arrest information sourced from police.

Keep reading

Big Brother Goes Digital: The Feds’ Race to Integrate Mobile IDs in America

The push to develop digital ID and expand its use in the US is receiving a boost as the country’s National Institute of Standards and Technology (NIST) is launching a new project.

NIST’s National Cybersecurity Center of Excellence (NCCoE) has teamed up with 15 large financial and state institutions, as well as tech companies, to research and develop a way of integrating Mobile Driver’s License (mDL) into financial services. But according to NIST, this is just the start and the initial focus of the program.

The agreement represents an effort to tie in yet more areas of people’s lives in their digital ID (“customer identification program requirements” is how NIST’s announcement describes the focus of this particular initiative). These schemes are often criticized by rights advocates for their potential to be used as mass surveillance tools.

Keep reading

Judge Ho rules that geofence warrants are “categorically prohibited by the Fourth Amendment” – “general, exploratory rummaging” by law enforcement is ILLEGAL

The federal Fifth Circuit Court of Appeals is maintaining its position that so-called geofence warrants, which were used to track Jan. 6, 2021, “insurrection” participants, are “categorically prohibited by the Fourth Amendment,” which protects We the People from unreasonable searches and seizures by law enforcement and other arms of the government.

Judge James C. Ho issued an opinion that while geofence warrants “are powerful tools for investigating and deterring crime,” they overtly violate the U.S. Constitution and the protections it affords to people living in this country.

“The defendants here engaged in a violent robbery – and likely would have gotten away with it, but for this new technology,” Judge Ho wrote. “So I fully recognize that our panel decision today will inevitably hamper legitimate law enforcement interests.”

“But hamstringing the government is the whole point of our Constitution. Our Founders recognized that the government will not always be comprised of publicly-spirited officers – and that even good faith actors can be overcome by the zealous pursuit of legitimate public interests.”

Justice Ho also quoted The Federalist No. 51, at 349 (J. Cooke ed. 1961) which reads in support of his ruling:

“If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary,” but “experience has taught mankind the necessity of auxiliary precautions” because of “human nature,” which makes it “necessary to control the abuses of government.”

Keep reading

California’s Digital Plates Plan Raises Privacy Fears

California is one of the US states that have introduced digital license plates, amid opposition from a number of rights advocates.

Now, there is a legislative effort to have GPS location tracking embedded in these, to all intents and purposes, devices attached to the car.

Sponsored by Democrat Assemblywoman Lori Wilson, Bill 3138 is currently making its way through the state’s legislature. It refers to “License plates and registration cards: alternative devices,” and the bill has another sponsor – Reviver.

The company was founded by Neville Boston, formerly of the Department of Motor Vehicles (DMV), and promotes itself as the first digital license plates platform. It has made its way to both this proposal, and the law the current draft builds on – AB 984 (also sponsored by Wilson) – which was signed into law two years ago.

The problem with Reviver is that it has already had a security breach that allowed hackers to track those using the company’s digital plates in real-time. It doesn’t help, either, that the company is effectively a monopoly – the only one, the Electronic Frontier Foundation (EFF) notes, “that currently has state authorization to sell digital plates in California.”

Meanwhile, the key problem with AB 3138, warns EFF, is that it “directly undoes the deal from 2022 and explicitly calls for location tracking in digital license plates for passenger cars.”

Keep reading

VPNs Vanish from Brazil’s App Store as Internet Freedom Faces Unprecedented Clampdown

In Brazil, a significant upheaval in digital privacy and access to information is unfolding, as a notable number of reputable VPN services—including NordVPN, ExpressVPN, Surfshark, and VyprVPN—have vanished from the local iOS App Store. This move is widely believed to comply with Brazilian authorities’ secret directives, reflecting a concerning trend towards online censorship.

This development is particularly alarming in light of the recent decision X made to shutdown its operations in the country. X terminated its operations after a protracted legal confrontation with Brazilian officials, who had accused the platform of insufficient efforts to combat disinformation, specifically its failure to block accounts spreading false information and hate speech. Despite the shutdown, X’s app is still accessible in Brazil.

Keep reading

Red Alert! Virtually All Of Our Personal Information, Including Social Security Numbers, Has Been Stolen And Posted Online By Hackers

Most Americans don’t even realize that virtually all of their personal information has been stolen and posted online for free.  The personal records of 2.9 billion people were stolen from a major data broker known as National Public Data earlier this year, and this month almost of the information that was stolen was posted online for anyone to freely take.  We are talking about names, addresses, phone numbers, employment histories, birth dates and Social Security numbers.  This is one of the most egregious privacy violations in the history of the world, but hardly anyone knows what has happened.  So please share this article as widely as you possibly can.

USA Today is reporting that the original theft of this data occurred “in or around April 2024″…

An enormous amount of Social Security numbers and other sensitive information for millions of people could be in the hands of a hacking group after a data breach and may have been released on an online marketplace, The Los Angeles Times reported this week.

The hacking group USDoD claimed it had allegedly stolen personal records of 2.9 billion people from National Public Data, according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, reported by Bloomberg Law. The breach was believed to have happened in or around April 2024, according to the lawsuit.

The company that this data was stolen from is a Florida-based background check company known as National Public Data.  The following is what Wikipedia has to say about this particular firm…

Jerico Pictures, Inc., doing business as National Public Data[1][2] is a data broker company that performs employee background checks. Their primary service is collecting information from public data sources, including criminal records, addresses, and employment history, and offering that information for sale.

Of course there are hordes of other data brokers out there these days.

They collect vast troves of information on as many people as they possibly can, and then they monetize that information in various ways.

Equifax, Epsilon and Acxiom are the three largest data brokers in existence today.  Each one of them brings in more than 2 billion dollars of revenue annually.

As you can see, collecting and selling our personal information is very big business.

Keep reading

California Appeals Court Limits Privacy Rights of Online Messages

A legal battle, seen as a major privacy rights issue, came down to the extent to which the Stored Communications Act (SCA) protects user data, and is now headed to the Supreme Court of California.

This comes after the California Court of Appeal ruled in the Snap, Inc. v. Superior Court case that the majority of remotely stored messages are not covered by the Act’s law designed to prevent unlawful access to stored communications – Section 2702.

The CSA is there to stop platforms that provide online communications and storage from sharing contents of users’ online accounts (messages, emails, photos…). There are some exceptions in the legislation itself, e.g., unless the government obtains a warrant, that sets the bar relatively high.

But now, it looks like Big Tech’s “standard” business model – exploiting user data for massive profits – is coming back to haunt those users in yet another way.

Namely, the California Court of Appeal has found that if providers of that stored user data already have access to it, in order to monetize this content, then that content is effectively already disclosed and CSA has no business trying to protect it.

We obtained a copy of the opinion for you here.

And if this ruling stands, then tech companies can be asked to turn over user data without a warrant – a subpoena, the civil variety included – could potentially suffice.

Keep reading

Senate Passes Kids’ “Safety” Bills Despite Privacy, Digital ID, and Censorship Concerns

Two bills combined – the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) – have passed in the US Senate in a 91-3 vote, and will now be considered by the House.

Criticism of the bills focuses mainly on the likelihood that, if and when they become law, they will help expand online digital ID verification, as well as around issues like censorship (removal and blocking of content).

Related: The 2024 Digital ID and Online Age Verification Agenda

The effort to make KOSA and COPA 2.0 happen was spearheaded by a parent group that was pushing lawmakers and tech companies’ executives to move in this direction, and their main demand was to enact new rules that would prevent cyberbullying and other harms.

And now the main sponsors, senators Richard Blumenthal, a Democrat, and Republican Marsha Blackburn are trying to dispel these concerns, suggesting these are not “speech bills” and do not (directly) impose age verification.

Further defending the bills, they say that the legislation does not mandate that internet platforms start collecting even more user data, and reject the notion it is invasive of people’s privacy.

But the problem is that although technically true, this interpretation of the bills’ impact is ultimately incorrect, as some of their provisions do encourage censorship, facilitate the introduction of digital ID for age verification, and leave the door open for mass collection of online users’ data – under specific circumstances – and end ending anonymity online.

The bills are hailed by supporters as “landmark” legislation that is the first to focus on protecting children on the internet in the last 20 years, with some lawmakers in the Senate, like majority leader, Democrat Chuck Schumer, describing the result of the vote as “a momentous day.”

Keep reading

Texas Attorney General Ken Paxton Sues General Motors for Illegally Harvesting and Selling Drivers’ Private Data to Corporate Giants, Including Insurance Companies

Texas Attorney General Ken Paxton has filed a lawsuit against General Motors (GM), alleging that the automotive giant engaged in deceptive and unlawful business practices by collecting and selling private driving data from over 1.5 million Texans without their knowledge or consent.

This lawsuit follows Paxton’s announcement in June 2024 that he had launched an investigation into several car manufacturers suspected of improperly harvesting vast amounts of data directly from vehicles.

The findings have been alarming, revealing a disturbing trend among companies leveraging invasive technologies to exploit unsuspecting consumers.

“Our investigation revealed that General Motors has engaged in egregious business practices that violated Texans’ privacy and broke the law. We will hold them accountable,” said Attorney General Paxton. “Companies are using invasive technology to violate the rights of our citizens in unthinkable ways.”

The crux of the lawsuit centers around GM’s use of technology installed in most vehicles manufactured since 2015. This technology allegedly collects, records, analyzes, and transmits detailed driving data every time a driver uses their vehicle, according to the press release.

Shockingly, GM sold this sensitive information to various third parties, including insurance companies, who used it to generate “Driving Scores” aimed at influencing insurance premiums.

“A customer’s Driving Score was based on a series of “factors” developed by General Motors that were supposedly indicative of “bad” driving behavior and included behavior such as (1) unique identifiers of a trip; (2) trip mileage; (3) hard braking and acceleration events; (4) speed events over 80 miles per hour; and (5) other behavior tracked by OnStar Vehicle Diagnostics (“OVD”). Under the Verisk Agreement, GM provided Verisk with the Driving Data necessary to determine whether a customer exhibited any “bad” driving behaviors,” according to the lawsuit.

This sensitive information includes location tracking, driving habits, personal communications within the vehicle’s system, customer ID, name, and home address.

Keep reading

Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records

Nearly 2.7 billion personal information records for people in the United States have been posted to a popular hacking forum, exposing names, addresses, and even Social Security numbers. The data allegedly comes from a company that collects and sells the data for legitimate use, but was stolen and put up for sale in April 2024.

Originally, a threat actor known as USDoD claimed to have stolen the information from National Public Data. National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

When USDoD first obtained the data, it offered to sell it for $3.5 million. The hacker claimed it contained 2.9 billion records and consisted of personal information for every person in Canada, the United Kingdom, and the United States. In the past, USDoD has been linked to another database breach, trying to sell InfraGard’s user database for $50,000 in December 2023.

On Aug. 6, a user going by the alias Fenice posted what’s believed to be the most complete version of the stolen National Public Data information for free on the Breached hacking forum. Fenice says, however, that the data breach was actually done by a different hacker than USDoD, one known as SXUL.

This isn’t the first time the data from this leak has been released, but previous posts have only included partial copies of the data. These included different numbers of records and sometimes different data. Fenice has offered the most complete version of the National Public Data information and has provided it for free.

Keep reading