Tag: privacy

Canada’s Privacy Watchdog Not Consulted on Bill C-8, Enabling Secret Internet & Phone Shutdowns

Legislation that would allow federal ministers to secretly order telecom providers to cut off a Canadian’s phone or internet access is advancing without any input from the country’s top privacy authority.

Privacy Commissioner Philippe Dufresne told a Commons committee that his office was never asked to review Bill C-8 before it was introduced.

The bill would authorize the cabinet to compel telecom companies to block services to individuals considered a security threat, without needing a judge’s approval or any public disclosure.

“The issue never came up,” Dufresne said during testimony before the House of Commons ethics committee. He confirmed, “We are not consulted on specific pieces of legislation before they are tabled.”

Bill C-8 would allow the federal cabinet to direct a telecom provider to deny all services to a specific person, based solely on the government’s assessment of a threat. No warrant would be required. No independent body would be tasked with reviewing the decision.

Conservative MP Michael Barrett raised an alarm over what he described as a dangerous overreach. He said the bill would allow the government to quietly seize control of individuals’ communications, with no transparency and no legal checks.

“Without meaningful limits, bills like C-8 can hand the government secret powers over Canadians’ communications,” said Barrett. “It’s a serious setback for privacy and for democracy.”

He pressed Dufresne on whether Parliament should be required to conduct privacy assessments before passing legislation with such broad surveillance potential.

“Isn’t Parliament simply being asked to grant sweeping powers of surveillance to the government without a formal review?” Barrett asked.

Dufresne responded, “It’s not a legal obligation under the Privacy Act.”

While acknowledging the importance of national security, Dufresne warned that such measures must not override core privacy protections. “We need to make sure that by protecting national security, we are not doing so at the expense of privacy,” he said.

A previous version of the idea, Bill C-26, failed in an earlier Parliament after concerns over its civil liberties implications.

Keep reading

Supreme Court Won’t Hear Project Veritas Challenge to State Law Blocking Secret Recording

The Supreme Court has decided against hearing an investigative journalism organization’s First Amendment-based challenge to a decades-old Oregon law prohibiting most secret recordings of oral conversations.

Undercover journalism group Project Veritas had argued that the state’s conversational privacy statute violated the First Amendment. The U.S. Court of Appeals for the Ninth Circuit ruled 9–2 in January that the law did not violate the group’s free speech rights.

The Supreme Court dismissed the petition in Project Veritas v. Vasquez without comment in an unsigned order on Oct. 6. No justices dissented.

The respondents were sued in their official capacities. One is Nathan Vasquez, district attorney for Multnomah County, Oregon; the other is Dan Rayfield, attorney general of Oregon.

In its April 7 petition, Project Veritas described Oregon’s audio recording law as “a national outlier” because it requires that “anyone in almost any conversation [be informed] that their words are being recorded.”

This requirement “severely hampers modern investigative journalism” and undermines the First Amendment “by effectively prohibiting the use of today’s most powerful reporting tools—discreet audio recordings,” the petition states.

Keep reading

Roughly 70,000 Government ID Photos Potentially Stolen in Discord Hack

Government ID photos of around 70,000 Discord users, collected for age verification purposes, may have been stolen in a hack, the company said in an Oct. 9 update. Discord is a group chat app used largely by programmers and gamers.

Initially announced on Oct. 3, the data breach occurred on the systems of third-party vendor 5CA, which Discord uses for customer support efforts. The malicious actor aimed to extort a financial ransom from Discord, the company stated.

According to Discord, the unauthorized party “gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”

“No messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents,” the company said.

“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.”

Age-related appeals refer to instances when users were locked out of the app due to being reported as underage and then had to submit photo IDs to verify their age and unlock their accounts.

Keep reading

Google Dismisses Privacy Fears Over App ID Policy

Google has responded to growing concern over its decision to require identity verification for all Android app developers by September 2026.

The company plans to block sideloaded apps from developers who decline to verify their identity, a move that many view as a threat to both developer privacy and the health of independent app distribution outside the Play Store.

The policy will require developers to submit government-issued identification to Google.

During a video explanation, a Google employee brushed aside questions about anonymity, saying “it’s not clear when anonymity is absolutely required,” and tried to ease fears about data collection by stating “it’s not like Google’s gonna share that information with the public or anything like that.”

The company’s position was outlined across multiple formats, including a blog post, a support page, and a lengthy video featuring Google employees discussing the shift.

However, many concerns, particularly around privacy, decentralization, and the viability of third-party app stores, were left either unaddressed or downplayed.

Google’s messaging implies that the changes are aimed at improving app security.

The company claims identity checks will help weed out malicious actors, especially those distributing malware.

But there is growing unease about the level of control this policy gives Google over the Android ecosystem.

Under the proposed system, Google will have the unilateral authority to determine who is allowed to distribute apps and could effectively block any developer it suspects of wrongdoing, potentially even without a clear or transparent justification.

While the video suggests the focus is currently limited to those linked with malware, nothing in the policy guarantees that future enforcement will not extend further.

Developers flagged in error could lose their ability to share apps entirely, with no clear recourse.

Keep reading

NSW Flood Relief Data Breach: Contractor Uploads Personal Details of Thousands to ChatGPT

Thousands of flood survivors in New South Wales, Australia, have had their personal details exposed after a former contractor to the NSW Reconstruction Authority uploaded sensitive data to ChatGPT.

The breach involves the Northern Rivers Resilient Homes Program, which was created to support residents impacted by the 2022 floods.

Through the program, the government offered options such as voluntary home buybacks, financial help to rebuild, or property upgrades aimed at improving resilience.

Now, applicants who sought relief through this initiative may be dealing with the consequences of a serious privacy failure.

Central to the incident is an Excel spreadsheet containing more than 12,000 rows of data.

The document, which was uploaded to ChatGPT between March 12 and 15, is believed to include information on as many as 3,000 people.

The compromised data includes names, phone numbers, email addresses, physical addresses, and some health-related information. According to the government, the upload was carried out without authorization.

Despite taking place over six months ago, the breach was not made public until this week, during a public holiday in NSW.

The delay in disclosure is a reminder of ongoing concerns around the speed and transparency of mandatory breach notifications.

Keep reading

Indonesian Government Restores TikTok’s License After Platform Shares User Data

TikTok has handed over a broad collection of user data to Indonesian authorities, a move that cleared the way for the platform’s operations to resume in the country after a brief suspension.

The company acted under pressure from regulators following its failure to cooperate during a volatile stretch of anti-government demonstrations in late August.

According to government officials, the data shared included analytics on traffic behavior and signs of potential online gambling.

The request was triggered by a surge in livestream activity tied to the protests, which erupted after public anger over political perks collided with the fatal police killing of a motorcycle delivery driver.

Currently owned by Chinese tech giant ByteDance, TikTok is deeply embedded in Indonesia’s digital life, with over 100 million users and a rapidly growing e-commerce arm.

Authorities revoked its license last week after the platform did not supply information about user activity during the period from August 25 to 30. Police reported that some TikTok users live-streamed protest scenes and used the broadcasts to solicit digital gifts or payments from viewers.

On Monday, officials confirmed that TikTok submitted data showing the number of such livestreams and how much money they generated.

Alexander Sabar, a director general at the Ministry of Communication and Digital Affairs, said in a written message, and as reported by Bloomberg: “The summary data provided is aggregate data, not specific to a particular user, and therefore cannot be used to track or monitor individuals — including accounts broadcasting demonstrations.”

He said the ministry’s primary interest was in activity tied to online gambling and other prohibited uses of the platform.

Technology companies around the world are often cautious when responding to government data requests.

Firms such as Meta and Google typically weigh these demands against potential backlash from users and the risk of exposing proprietary systems.

Keep reading

The “Reimagined State”: Tony Blair Institute’s Blueprint for a Global Techno-Dictatorship

The Tony Blair Institute for Global Change (TBI) has unveiled its “Reimagined State” initiative, a sweeping plan to use artificial intelligence and digital technology to reshape the way governments operate and ultimately, to change how people live their lives. The stated goal is to make public services more efficient, less costly, and more effective, but the deeper implications raise serious concerns about privacy, freedoms, centralized control, and digital autocracy.

The proposal calls for AI-powered digital assistants to streamline how citizens interact with government services, AI tools to help civil servants automate casework and routine tasks, and a “National Policy Twin,” a data platform designed to simulate policy outcomes and guide decision-making.

The TBI has already implemented this alleged aid to government decision-making in Albania’s parliament. In September 2025, Prime Minister Edi Rama appointed Diella as Minister of State for Artificial Intelligence, making it the world’s first AI to hold a cabinet-level position.

But the role of the AI minister, named Diella, is not to aid in decision-making but to actually make decisions, because, as Diella said in her introductory speech, the problem of the past has not been machines but rather the poor decision-making of humans. TBI will now save us from ourselves by controlling us with technology.

TBI argues that the digital transformation of the reimagined state is necessary to solve the UK’s fiscal crisis, declining public services, and stagnant economy. Embedded within this vision, however, is a plan to make government data fully interoperable across departments and to implement a nationwide digital ID system, an infrastructure that would give the state unprecedented access to personal information.

Former UK Prime Minister Tony Blair, who leads the institute, has called digital ID an “essential part of modern digital infrastructure.” Under his plan, each citizen would be assigned a single digital identifier linking personal health, tax, welfare, and immigration records. More alarmingly, such a system could give the state the power to track citizens and exclude them from services as punishment.

Bank accounts could be frozen, access to air travel restricted, and movement monitored through electronic toll systems. Since the same global advocates are pushing for electric vehicles, the ability to charge one’s car could also be suspended. In effect, an individual’s mobility and financial access could be controlled from a central government computer system.

Policies like the Green New Deal could be enforced digitally by cutting off electricity or water once monthly limits are exceeded, or by canceling flights after a person’s air travel pollution credits run out. Critics warn that Tony Blair’s “Future of Britain” and “Reimagined State” initiatives are not mere modernization efforts but blueprints for a global technocratic system. By linking digital identity systems, central bank digital currencies, and cross-border data networks, the Tony Blair Institute (TBI) promotes a framework that could enable digital totalitarianism, where access to essential services depends on government approval. What Blair describes as “a little work of persuasion” toward modernization, is the normalization of mass surveillance and centralized control over private life.

Keep reading

Apple’s Siri accused of eavesdropping on users – Politico

French prosecutors have opened a criminal investigation into Apple over allegations that its voice assistant Siri collected and analyzed user recordings without proper consent. The probe has been entrusted to France’s cybercrime agency, the Paris prosecutor’s office has told Politico and Reuters.

The investigation follows a complaint filed in February by a French NGO, based on testimony from whistleblower Thomas Le Bonniec, a former employee of an Apple subcontractor, who says he listened to thousands of Siri recordings as part of quality-control work in 2019.

Le Bonniec reportedly worked for Globe Technical Services in Ireland, where he reviewed and annotated audio clips to help improve Siri’s accuracy. He told Politico that the material sometimes revealed “intimate moments and confidential information,” which could be used to identify users.

The whistleblower has welcomed the probe, saying it should allow “urgent questions to be answered,” including how many recordings were made since Siri’s launch and where the data is stored.

An Apple representative in France told Politico that the company “has never used Siri data to create marketing profiles, has never made it available for advertising and has never sold it to anyone for any reason whatsoever.” 

Keep reading

Tech Firms Unite in Open Letter Against EU Chat Scanning Law

With the vote approaching, the European Commission’s plan to scan private digital messages is moving toward final approval.

The regulation, called Chat Control 2.0, has gone through a year of resistance, warnings from experts, and objections from technology companies.

It is presented as a child safety measure, designed to inspect messages, photos, and videos across the EU before they are sent.

The privacy implications are immense.

Alice Weidel, co-leader of Germany’s AfD party, described the proposal as “an absolutely totalitarian project” and “a comprehensive general attack on central citizens and freedoms.”

She said the measure would install scanning software on personal devices, intercepting content before it reaches its recipient. The system would remove the protection offered by end-to-end encryption and treat every user as a potential suspect.

Weidel said the use of child safety language was “a cheap pretext” for real-time surveillance.

“Even the Stasi could only dream of such a full force,” she said, comparing the plan to intercepting and photographing every private letter for review by a government authority.

She warned that once the system exists, its function can expand to include other categories such as “politically offensive content” and “so-called hate speech.” The structure of the law allows the criteria to be adjusted through political decisions.

Technology companies have joined in opposition. Hundreds of privacy-oriented firms, including encrypted messengers, cloud storage services, and VPN providers, signed a joint letter urging EU ministers to reject the regulation.

Their message called for the protection of encryption and for an end to mandatory message scanning.

Signal has announced that it will leave the EU if forced to comply. The platform has stated that it cannot operate under a framework requiring message inspection.

The regulation creates an obligation to weaken the systems that enable private communication and turns encryption into a technical formality rather than a guarantee of privacy.

Supporters of the proposal say it will catch child abusers. Critics point out that criminal networks conduct their operations in offline settings or hidden spaces beyond the reach of such scanning.

“Criminals are already using offline or so-called dark rooms for their illegal businesses,” Weidel said.

Keep reading

The country that inspired Keir Starmer’s digital ID card fiasco: Labour’s blueprint for Britain is a ‘goldmine for hackers and scammers to steal your money’

Estonia’s digital identity system has been beset by blunders and security issues that  allow hackers to steal data and help scammers take money, we can reveal.

The digital ID system used by 1.4million people in the Baltic state country is said to be the blueprint for Keir Starmer‘s so-called Brit Card. 

Digital ID cards showing a resident’s picture, name, unique number and date of birth, and including a microchip storing more personal information, have been used in the former Soviet republic for more than 20 years.

Estonians can hold their cards in e-wallets on mobile phones and use them to vote, check on bank accounts, e-sign contracts and invoices, file tax returns, claim benefits, book medical appointments, access health records, shop online, and even collect supermarket loyalty points.

But the much-praised scheme in Estonia has suffered security lapses that have allowed fraudsters to bypass encryption systems to con victims out of their savings and leak the names and photographs of citizens.

The Daily Mail can reveal that users have also repeatedly fallen victim to phishing emails and calls from scammers who have persuaded them to disclose PIN numbers for their cards and stolen cash from their bank accounts in a grim warning of what could happen in the UK.

Official figures reveal that citizens of so-called ‘E-Stonia’ lost more than 7million euros to fraud last year with 837 ‘significant’ incidents recorded, up from 546 in 2023, although the true figure is thought to be much higher due to many cases being unreported.

Reports suggest that the amount lost to fraud in Estonia has soared since last year with a total of 7.5million euros lost in the first six months this year.

A large number of the cases reported by Estonia’s Police and Border Guard are thought to involve personal information from ID cards being stolen due to people being tricked into revealing PIN codes.

Keep reading