Tag: privacy

Illinois changes biometric privacy law to help corporations avoid big payouts

Illinois has changed its Biometric Information Privacy Act (BIPA) to dramatically limit the financial penalties faced by companies that illegally obtain or sell biometric identifiers such as eye scans, face scans, fingerprints, and voiceprints.

The 2008 law required companies to obtain written consent for the collection or use of biometric data and allowed victims to sue for damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation. But an amendment enacted on Friday states that multiple violations related to a single person’s biometric data will be counted as only one violation.

The amendment, approved by the Illinois Legislature in May and signed by Gov. J.B. Pritzker on August 2, provides “that a private entity that more than once collects or discloses a person’s biometric identifier or biometric information from the same person in violation of the Act has committed a single violation for which the aggrieved person is entitled to, at most, one recovery.”

As Reuters reports, the “changes to the law effectively overturn a 2023 Illinois Supreme Court ruling that said companies could be held liable for each time they misused a person’s private information and not only the first time.” That ruling came in a proposed class action brought against the White Castle restaurant chain by an employee.

Keep reading

Utility company’s proposal to rat out hidden marijuana operations to police raises privacy concerns

Operators of illegal marijuana grow enterprises hidden inside rural homes in Maine don’t have to worry much about prying neighbors. But their staggering electric bills may give rise to a new snitch.

An electric utility made an unusual proposal to help law enforcement target these illicit operations, which are being investigated for ties to transnational crime. Critics, however, worry the move would violate customers’ privacy.

More than a dozen states that legalized marijuana have seen a spike in illegal marijuana grow operations that utilize massive amounts of electricity. And Maine’s Versant Power has been receiving subpoenas — sometimes for 50 locations at a time — from law enforcement, said Arrian Myrick-Stockdell, corporate counsel. It’d be far more efficient, he suggested to utility regulators, to flip the script and allow electric utilities to report their suspicions to law enforcement.

“Versant has a very high success rate in being able to identify these locations, but we have no ability to communicate with law enforcement proactively,” Myrick-Stockdell told commissioners.

Keep reading

Customs Officers Need a Warrant to Search Your Cellphone at JFK

Judge Nina Morrison of the US District Court for the Eastern District of New York (Brooklyn, Queens, Staten Island, and Long Island) has ruled that police, including officers of U.S. Customs and Border Protection (CBP), need a warrant to search your cellphone at JFK International Airport, even when you are entering or leaving the US.

This ruling is certainly a positive development. It’s a break with a line of judicial decisions that have made US borders and international airports a Fourth Amendment-free zone, even for US citizens. It’s likely to influence other judges and other courts, even though — as a ruling from a District Court rather than an appellate court — it doesn’t set a precedent that’s binding even on other judges in the same Federal judicial district.

But there are important issues that weren’t addressed in this case, and important things you need to know to exercise your rights at JFK or other airports — even if judges in future cases in the same or other judicial districts are persuaded by the ruling in this case.

Keep reading

‘Really Chilling’: Five Countries to Test European Vaccination Card

Five European Union (EU) countries in September will pilot the newly developed European Vaccination Card (EVC), which “aims to empower individuals by consolidating all their vaccination data in one easily accessible location.

The pilot program marks a step toward the continent-wide rollout of the card, according to Vaccines Today.

Belgium, GermanyGreece, Latvia and Portugal will test the new card in a variety of formats, including printed cards, mailed copies and digital versions for smartphones.

The program aims to “pave the way for other countries by harmonising vaccine terminology, developing a common syntax, ensuring adaptability across different healthcare settings, and refining EVC implementation plans,” Vaccines Today reported.

The plans will be made public in 2026, “extending the EVC system beyond the pilot phases and enabling broad adoption across all EU Member States.”

Keep reading

Senate Passes Kids’ “Safety” Bills Despite Privacy, Digital ID, and Censorship Concerns

Two bills combined – the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) – have passed in the US Senate in a 91-3 vote, and will now be considered by the House.

Criticism of the bills focuses mainly on the likelihood that, if and when they become law, they will help expand online digital ID verification, as well as around issues like censorship (removal and blocking of content).

The effort to make KOSA and COPA 2.0 happen was spearheaded by a parent group that was pushing lawmakers and tech companies’ executives to move in this direction, and their main demand was to enact new rules that would prevent cyberbullying and other harms.

And now the main sponsors, senators Richard Blumenthal, a Democrat, and Republican Marsha Blackburn are trying to dispel these concerns, suggesting these are not “speech bills” and do not (directly) impose age verification.

Further defending the bills, they say that the legislation does not mandate that internet platforms start collecting even more user data, and reject the notion it is invasive of people’s privacy.

But the problem is that although technically true, this interpretation of the bills’ impact is ultimately incorrect, as some of their provisions do encourage censorship, facilitate the introduction of digital ID for age verification, and leave the door open for mass collection of online users’ data – under specific circumstances – and end ending anonymity online.

Keep reading

FBI Director Wray Uses Trump Assassination Attempt To Criticize Private Messaging

FBI Director Christopher Wray has used a congressional hearing organized after the assassination attempt on Donald Trump to launch another attack against encryption and use that as justification for the state of the investigation.

Appearing before the House Judiciary Committee this week, Wray was supposed to speak about the FBI’s investigation into this extremely serious incident, as well as about what the committee said is “the ongoing politicization” of the agency under his and Attorney-General Merrick Garland’s direction.

But Wray turned it into blaming encrypted apps and services for the pace of the investigation. Quite extraordinarily for a person who is supposed to be highly knowledgeable about security, the FBI chief came across as oblivious to how essential encryption is for people’s online security – from their bank transactions to their communications.

Instead, he complained that it is difficult to break into accounts on encrypted platforms, that is, to break encryption – a situation that the FBI head said has “unfortunately become very commonplace.”

He went on to claim that law enforcement at all levels, federal, state, and local finds it “a real challenge.”

Reports say that the FBI had “early success” in breaking into the phone of the shooter, Thomas Matthew Crooks, using tools provided by Cellebrite. This is an Israeli company that oddly advertises its wares as “accelerating justice.”

Wray did not reveal which platforms host the accounts belonging to Crooks that the FBI says it has trouble accessing but noted that “legal process returns” are awaited to accomplish that goal.

Keep reading

The DEA Claims To Be Able To Search Your Bag Without Your Consent. But Can They?

Can federal law enforcement demand an impromptu spot-check of your bag after you pass through airport security?

Recent footage released by the Institute for Justice (I.J.) shows an officer from the Drug Enforcement Administration (DEA) attempting to do precisely that. In the video, which was recorded earlier this year, a DEA agent repeatedly attempts to search the bag of a man identified as David C., who had already passed through a Transportation Security Administration (TSA) checkpoint and was attempting to board his flight. At one point, the agent implies that he could search David’s backpack without his consent.

“I don’t consent to search, sir,” David tells the officer. “You don’t have to consent,” the officer responds, adding moments later, “I don’t care [about] your consent stuff.”

The video shows the officer offering David the choice between boarding the plane for his flight and staying with his bag. “Set your bag down and then you can walk on the plane,” the agent says. “You can do that, but you can’t take the bag.”

“Am I being detained right now?” David asks. “Not you, but your bag,” the officer replies.

David had good reason to be disquieted by the prospect of his bag being searched, even notwithstanding the fact that it contained no contraband. According to a 2016 USA Today report, the DEA annually seizes hundreds of millions of dollars from thousands of airport travelers through a controversial process called civil asset forfeiture. Civil forfeiture allows federal agents to take large quantities of cash from individuals—sometimes for years—without ever charging them with a crime.

David’s situation is, in a way, familiar to many Americans. He was in Cincinnati for a business trip, but got sick and had to rebook his flight back to New York at the last minute. On the day of his flight, he passed through TSA and entered the airport terminal as normal, but was thereafter approached by the agent, who asked him for his ID and for permission to search his bag.

When David initially declined, the agent pulled out his badge.

The officer told David that he was suspected of illicit activity because he had booked his flight shortly before it took off. “When you buy a last-minute ticket, we get alerts,” the officer explains to David. “We come out, and we talk to those people, which I’ve tried to do to you, but you wouldn’t allow me to do it.” 

David was initially skeptical that the agent had the authority to search through his bag without consent, but the officer told him, “We wouldn’t do this—and be doing this across the country—if it wasn’t legal.”

Keep reading

UN Cybercrime Draft Convention Dangerously Expands State Surveillance Powers Without Robust Privacy, Data Protection Safeguards

As we near the final negotiating session for the proposed UN Cybercrime Treaty, countries are running out of time to make much-needed improvements to the text. From July 29 to August 9, delegates in New York aim to finalize a convention that could drastically reshape global surveillance laws. The current draft favors extensive surveillance, establishes weak privacy safeguards, and defers most protections against surveillance to national laws—creating a dangerous avenue that could be exploited by countries with varying levels of human rights protections.

The risk is clear: without robust privacy and human rights safeguards in the actual treaty text, we will see increased government overreach, unchecked surveillance, and unauthorized access to sensitive data—leaving individuals vulnerable to violations, abuses, and transnational repression. And not just in one country.  Weaker safeguards in some nations can lead to widespread abuses and privacy erosion because countries are obligated to share the “fruits” of surveillance with each other. This will worsen disparities in human rights protections and create a race to the bottom, turning global cooperation into a tool for authoritarian regimes to investigate crimes that aren’t even crimes in the first place.

Countries that believe in the rule of law must stand up and either defeat the convention or dramatically limit its scope, adhering to non-negotiable red lines as outlined by over 100 NGOs. In an uncommon alliance, civil society and industry agreed earlier this year in a joint letter urging governments to withhold support for the treaty in its current form due to its critical flaws.

Keep reading

Google Plans New Content-Scanning Censorship Tech

Earlier in the year, Google filed an application to patent new methods, systems, and media for what the giant calls “identifying videos containing objectionable content” that are uploaded to a social site or video service.

For example, YouTube – though the filing doesn’t explicitly name this platform.

The patent application, which has just been published this month, is somewhat different from other automated “methods and systems” Google and other giants, notably Microsoft, already have to power their censorship apparatus; with this one, the focus is more on how AI can be added to the mix.

More and more often, various countries are introducing censorship laws where the speed at which content is removed or accounts blocked is a major requirement made of social media companies. Google could have this in mind when the patent’s purpose is said to be to improve on detecting objectionable content quickly, “for potential removal.”

No surprise here, but what should be the key question – namely, what is considered as “objectionable content” – is less of a definition and more a list that can be further expanded, variously interpreted, etc., and the list includes such items as violence, pornography, objectionable language, animal abuse, and then the cherry on top – “and/or any other type of objectionable content.”

The filing details how Google’s new system works, and we equally unsurprisingly learn that AI here means machine learning (ML) and neural networks. This technology is supposed to mimic the human brain but comes down to a series of equations, differentiated from ordinary algorithms by “learning” about what an image (or a video in this case) is, pixel by pixel.

Keep reading

EU Agencies Propose Encryption Backdoors and Cryptocurrency Surveillance

The EU is attacking encryption again, this time in a report put together by several agencies, including EU law enforcement Europol, and the European Council’s Counter-Terrorism Coordinator.

This EU’s site says that this “first report on encryption” – by what the bloc calls its Innovation Hub for Internal Security, is looking for ways to “uphold citizens’ privacy while enabling criminal investigation and prosecution.”

“The main challenge is to design solutions that would allow at the same time a lawful and targeted access to communications and that guarantees that a high level of cybersecurity, data protection and privacy,” says the report.

The objective answer to the supposed conundrum of how to achieve both goals is always the same: you can’t.

Yet the EU, various governments, and international organizations continue to push to undermine online encryption and keep framing their initiatives the same way – as both their supposed care for privacy (and importantly, security), and making law enforcement’s job much easier (saying that the goal is to “enable” that, suggests there’s no other way to investigate, which is not true.)

And, how on Earth the EU intends to “safeguard fundamental rights” (of citizens) while at the same time proposing what it does in this document, is anybody’s guess. But EU bureaucrats are “safe” from being asked these questions – at least not by legacy, corporate media.

The report’s proposals include a number of ways to break encryption, mention encryption backdoors (the sneaky euphemism is, “lawful access” to communications and data), as well as password cracking and cryptocurrency and other forms of surveillance.

The not-so-subtle abuse of language and tone continues while discrediting encryption, as services like Meta’s Messenger, Apple Private Relay, and Rich Communication Systems (RCS) protocol are dubbed, “warrant-proof encryption technologies.”

Keep reading