Tag: privacy

EU Committees Vote in Favor of Mandatory Interconnected Digital Patient Health Records for All Citizens

The EU’s next legislative goal post that opponents see as part of a big push to strip citizens of their privacy, has now reached medical histories and associated data.

Interconnecting – in effect, centralizing (and making remotely accessible) – that data is the key premise of what has now emerged as European Health Data Space (EHDS). The upcoming bill has been backed by the European Parliament (EP), its Committee on Civil Liberties, Justice and Home Affairs (LIBE), and Committee on Environment, Public Health and Food Safety (ENVI).

EP member (MEP) and lawyer Patrick Breyer, a long-time critic of this type of policy, explains that EHDS – which he voted against – would “bring together information on all medical treatments received by citizens.”

Doctors will have to submit summaries of treatments they provide to “the new data space” – with the initial proposal not containing provisions that would allow for objections or exceptions. And while access can be restricted if a patient so wishes – the actual creation of the database can’t be prevented.

And let’s just reiterate that this might concern some of the most sensitive personal medical information: “mental disorders, sexual diseases and disorders such as impotence or infertility, HIV or drug abuse therapies,” writes Breyer.

“The EU’s plan to collect and interconnect records on all medical therapies entails irresponsible risks of data theft, hacking or loss. Even the most delicate therapies can no longer be administered off record in the future,” the German Pirate Party MEP further warned, blasting the idea as the end of medical confidentiality in the EU.

He makes a particular note of the danger that those who are less both computer and politically literate – such as the elderly or those not paying enough attention to bureaucratic decisions made by the EU (that nonetheless end up defining their lives), as well as those with actual lower level of education – all especially vulnerable in a scheme like this – would simply not be fully aware of the long-term consequences.

Keep reading

Meta sues FTC, hoping to block ban on monetizing kids’ Facebook data

Meta sued the Federal Trade Commission yesterday in a lawsuit that challenges the FTC’s authority to impose new privacy obligations on the social media firm.

The complaint stems from the FTC’s May 2023 allegation that Meta-owned Facebook violated a 2020 privacy settlement and the Children’s Online Privacy Protection Act. The FTC proposed changes to the 2020 privacy order that would, among other things, prohibit Facebook from monetizing data it collects from users under 18.

Meta’s lawsuit against the FTC challenges what it calls “the structurally unconstitutional authority exercised by the FTC through its Commissioners in an administrative reopening proceeding against Meta.” It was filed against the FTC, Chair Lina Khan, and other commissioners in US District Court for the District of Columbia. Meta is seeking a preliminary injunction to stop the FTC proceeding pending resolution of the lawsuit.

Meta argues that in the FTC’s administrative proceedings, “the Commission has a dual role as prosecutor and judge in violation of the Due Process Clause.” Meta asked the court to “declare that certain fundamental aspects of the Commission’s structure violate the US Constitution, and that these violations render unlawful the FTC Proceeding against Meta.”

Meta says it should have a right to a trial by jury and that “Congress unconstitutionally has delegated to the FTC the power to assign disputes to administrative adjudication rather than litigating them before an Article III court.” The FTC should not be allowed to “unilaterally modify the terms” of the 2020 settlement, Meta said.

The FTC action “would dictate how and when Meta can design its products,” the lawsuit said.

Keep reading

Appeals Court Strikes Blow to Gun Owner Privacy Rights in Ruling Accommodating ‘Violence Researchers’

A California appeals court ruled Friday that the state may continue sharing the personal information of gun owners with “gun violence” researchers.

California’s Department of Justice had been permitted to share “identifying information of more than 4 million gun owners” collected by the state during the background check process for firearms purchases with “qualified research institutions,” ostensibly to aid in the study of gun-related accidents, suicides and violence.

The information sharing was authorized by new law, Assembly Bill 173, signed by Gov. Gavin Newsom in 2021, according to The Associated Press.

California’s DOJ was permitted to share “names, addresses, phone numbers, and any criminal records, among other things” under the new regulation.

The AP didn’t note how much of that information had already been shared with researchers, but apparently at least some sharing had occurred, since the outlet reported the state attorney general’s intention to “resume” the provision of it to unspecified researchers.

Keep reading

A Secret Phone Surveillance Program is Spying on Millions of Americans

According to a letter obtained by WIRED, a little-known surveillance program called Data Analytical Services (DAS) has been secretly collecting and analyzing more than a trillion domestic phone records within the U.S. each year. The program, which was formerly known as Hemisphere, is run by the telecom giant AT&T in coordination with federal, state and local law enforcement agencies.

The program uses a technique known as chain analysis, which targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well. This means that innocent people who have no connection to any crime can have their phone records swept up and scrutinized by the authorities.

The program allows law enforcement agencies to access the records of any calls that use AT&T’s infrastructure, which covers a large portion of the country. The records include the phone numbers, dates, times, durations and locations of the calls, as well as the names and addresses of the subscribers.

The DAS program raises serious concerns about the privacy and civil liberties of millions of Americans. It operates without any judicial oversight or public accountability and violates the Fourth Amendment, which protects people from unreasonable searches and seizures.

Keep reading

Nikki Haley Claims Posting Social Media Anonymously is a ‘National Security Threat’ – Calls for Mandatory Verification of All Social Media Users

In a now-viral video,  Nikki Haley, the former South Carolina Governor and a contender for the GOP presidential nomination has called for social media reforms that will end anonymous social media posting, citing national security concerns.

Haley proposed two significant reforms. Firstly, she insisted that social media companies should disclose their algorithms to the public. This move, according to Haley, is necessary to understand the basis of content promotion on these platforms.

“When I get into office, the first thing we have to do is social media accounts, social media companies, they have to show America their algorithms. Let us see why they’re pushing what they’re pushing,” Haley said during an interview with FOX News.

Secondly, and more controversially, Haley called for the mandatory verification of all social media users with their real names. She labeled anonymous social media posting as a “national security threat.”

“The second thing is every person on social media should be verified by their name,” Haley suggested, adding, “It’s a national security threat.”

According to Haley, this measure would eliminate the influence of foreign bots from countries like Russia, Iran, and China and foster greater accountability and civility online.

Keep reading

WA Judge Rules That Car Manufacturers Can Legally Store Your Texts and Phone Calls Without Explicit Permission

In a move concerning privacy advocates, a federal judge last week ruled against reinstating a collective lawsuit accusing four auto manufacturing giants of contravening privacy protections in Washington state. The companies were alleged to have illicitly intercepted and documented private text messages and call records of customers using their car’s inbuilt infotainment systems.

The judge based in Seattle concluded that this activity did not constitute unauthorized privacy infringements according to state regulations.

The court’s decision favors the automakers Honda, Toyota, Volkswagen, and General Motors, who find themselves as defendants in five parallel collective lawsuits revolving around this issue. A similar case against Ford had been earlier dismissed following an appeal.

The complainants from the existing four lawsuits had sought legal redress following a previous dismissal by another judge. In their judgment given Tuesday, the appellate judge asserted that the clandestine capture and logging of mobile phone usage did not violate the provisions of the Washington Privacy Act. According to the act, to be a vulnerable plaintiff, one must demonstrate a threat to “his or her business, his or her person, or his or her reputation.”

To highlight the matters in question, the plaintiffs in one of the five lawsuits launched a legal challenge against Honda in 2021, contending that starting at least in 2014, infotainment systems in Honda’s vehicles have been storing duplicates of all text messages from smartphones once they were connected to the system.

Keep reading

5 WAYS TO PREPARE FOR THE ONLINE PRIVACY CRACKDOWN

The internet is about to change. In many countries, there’s currently a coordinated legislative push to effectively outlaw encryption of user uploaded content under the guise of protecting children. This means websites or internet services (messaging apps, email, etc.) could be held criminally or civilly liable if someone used it to upload abusive material. If these bills become law, people like myself who help supply private communication services could be penalized or put into prison for simply protecting the privacy of our users. In fact, anyone who runs a website with user-uploaded content could be punished the same way. In today’s article, I’ll show you why these bills not only fail at protecting children, but also put the internet as we know it in jeopardy, as well as why we should question the organizations behind the push.

Let’s quickly recap some of the legislation.

Keep reading

Debunking the Myth of “Anonymous” Data

Today, almost everything about our lives is digitally recorded and stored somewhere. Each credit card purchase, personal medical diagnosis, and preference about music and books is recorded and then used to predict what we like and dislike, and—ultimately—who we are.

This often happens without our knowledge or consent. Personal information that corporations collect from our online behaviors sells for astonishing profits and incentivizes online actors to collect as much as possible. Every mouse click and screen swipe can be tracked and then sold to ad-tech companies and the data brokers that service them.

In an attempt to justify this pervasive surveillance ecosystem, corporations often claim to de-identify our data. This supposedly removes all personal information (such as a person’s name) from the data point (such as the fact that an unnamed person bought a particular medicine at a particular time and place). Personal data can also be aggregated, whereby data about multiple people is combined with the intention of removing personal identifying information and thereby protecting user privacy.

Sometimes companies say our personal data is “anonymized,” implying a one-way ratched where it can never be dis-aggregated and re-identified. But this is not possible—anonymous data rarely stays this way. As Professor Matt Blaze, an expert in the field of cryptography and data privacy, succinctly summarized: “something that seems anonymous, more often than not, is not anonymous, even if it’s designed with the best intentions.”

Keep reading

Odd Colorado Ruling Upholds Internet Keyword Search Warrant

What would your internet searches reveal about you if others could scrutinize and second-guess them? It’s something to think about, given that the big search engines, like Google, store search histories and make them available to the authorities. In fact, as happened in a recently decided Colorado case, police can start from search terms of interest and pressure tech companies to surrender the identities of anyone who has surfed for specified keywords. The decision is chilling for anybody who has ever pondered their online history in the hands of a stranger—or who just cares about privacy.

“Today, the Colorado Supreme Court became the first state supreme court in the country to address the constitutionality of a keyword warrant—a digital dragnet tool that allows law enforcement to identify everyone who searched the internet for a specific term or phrase,” Jennifer Lynch and Andrew Crocker of the Electronic Frontier Foundation (EFF) reported on Monday. “The case is People v. Seymour, which involved a tragic home arson that killed several people. Police didn’t have a suspect, so they used a keyword warrant to ask Google for identifying information on anyone and everyone who searched for variations on the home’s street address in the two weeks prior to the arson.”

Keep reading

The EU Could Push its Private Message Ban as Early as Next Week

The EU is getting ever closer to pushing through the legislation known among critics as “chat control” – officially, Child Sexual Abuse Regulation, CSAR – and is hoping to reach a deal on this within the bloc as early as next week.

One of those who have been consistently opposed to the controversial upcoming rules, a German member of European Parliament (MEP) and lawyer Patrick Breyer, has reacted by warning once again that regardless of some minor changes if passed, the bill would effectively spell the end of proper encryption and private messaging in the EU.

Instead, the implication is, that CSAR would usher in the era of indiscriminate mass surveillance in this part of the digital space.

Warning that a recent “minor concession” the EU member-states have managed to agree on was a bid to finally come up with a majority and push the plans over the top, Breyer, referring to the proposal as “chat control 2.0,” calls it an “unprecedented” (at least for the EU) example of mass surveillance.

The summary of the regulation is that online services that provide messaging and chat would, going forward, have to implement automatic scanning of all private text and images – looking for potential abusive content, and then let the EU know about it.

There is no shortage of controversy and misgivings here, with two clearly standing out: once in place, what can this infrastructure be used for next (if politicians decide) – and the other, how are online platforms even supposed to make it work accurately and fairly, technically speaking?

Now, we are hearing that the EU Council is looking to “soften the blow,” at least rhetorically, but saying that the scanning would at first only apply to “previously classified CSAM (child sexual abuse material)” – but then later still expand it to everything.

Keep reading