The Massachusetts Department of Public Health is facing a class action lawsuit after colluding with Google to repeatedly auto-install contact-tracing spyware on the smartphones of over a million Massachusetts residents without their permission or consent.
According to a class action lawsuit filed by the New Civil Liberties Alliance, a nonpartisan nonprofit civil rights organization, the Department of Public Health rolled out the contact tracing app it worked with Google to create in April 2021.
“The App causes an Android mobile device to constantly connect and exchange information with other nearby devices via Bluetooth and creates a record of such other connections. If a user opts in and reports being infected with COVID-19, an exposure notification is sent to other individuals on the infected user’s connection record,” the NCLA explains in the complaint, Wright v. Massachusetts Department of Public Health.
Initially, the app which obtains users private locations and health information was voluntarily installed.
Saudi Arabians are using a mobile app sold by both Apple and Google to snitch on their fellow citizens for dissenting against government authorities. As a result, activists and others are going to prison for more than 30 years in some cases, Business Insider reported on Friday.
On August 16, Saudi national Salma el-Shabab, a PhD student at Leeds University, was sentenced to 34 years in prison for tweets “in support of activists and members of the kingdom’s political opposition in exile,” the report said. Though the posts were made while she was in the UK, el-Shabab was nonetheless reported through the “Kollona Amn” app and immediately arrested upon returning home.
“Every day we wake up to hear news, somebody has been arrested, or somebody has been taken,” Real, a Saudi women’s-rights activist using an alias, told Insider.
Kollona Amn – which roughly translates to “We Are All Security” in Arabic – was launched by the Saudi Interior Ministry in 2017, but the last few years have seen a “dramatic” surge in court cases referencing the app, according to legal-rights activists.
The app “encourages everyday citizens to play the role of police and become active participants in their own repression. Putting the state’s eyes everywhere also creates a pervasive sense of uncertainty – there is always a potential informant in the room or following your social media accounts,” said Noura Aljizawi, a researcher at Citizen Lab, which focuses on threats to free speech online.
The Orwellian nature of the app is such that users often report on people “defensively,” fearing they could face punishment themselves for merely overhearing speech deemed offensive to the regime. In some cases, the app has also been used for “blackmail” and to “settle scores,” Insider noted.
Big Brother is tracking your location with the help of private data brokers.
According to a recent report by the Electronic Frontier Foundation (EFF), data brokers harvest location data from mobile apps and then sell it to government agencies including state and local law enforcement, ICE, the FBI, the Department of Homeland Security and the Department of Defense.
Many of the apps on a mobile device track and record location data. These include navigation apps, social media apps, and weather apps, among many others. According to EFF, once a user gives an app permission to access location data, it typically has “free rein” to share it with just about anybody. Government agencies take advantage of these loose standards to purchase troves of location data relating to millions of individuals from data brokers.
“Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service.”
There is a tangled web of companies buying and selling data in this multi-billion-dollar industry. According to the EFF report, it’s virtually impossible to determine which apps share data. But apparently, a lot of them do. Data broker Venntel, a subsidiary of Gravy Analytics, claims to collect location data from over 80,000 apps.
Despite having the technology for years, this is the first time the Royal Canadian Mounted Police admitted that they are spying on their citizens by logging into their phone cameras and phones.
After watching the trucker protests in Canada last year, it comes as no surprise that the Royal Canadian Mounted Police (RCMP) are spying on Canadians.
The RCMP admitted this for the first time:
This is the first time RCMP has even acknowledged that it has this ability, which uses malware to intrude on phones and devices, despite having had the technology for years…
…The RCMP says those tools were only used in serious cases when other, unintrusive measures were not successful.
We saw this past winter what the RCMP did to the truckers who protested the insane mandates coming down from PM Trudeau and his government.
Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.
Where does the data come from?
Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.
That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.
A new report has revealed that iPhones are vulnerable to malware attacks even when they’re turned off.
Wired reports that according to a recent study from researchers at Germany’s Technical University of Darmstadt, iPhone devices are still vulnerable to malware attacks even when powered off. When turning an iPhone off, chips inside the device still run in a low-power state making it possible to locate the lost or stolen device using the Find My app.
Now, researchers have developed a method to run malware on iPhones even when the devices appear to be powered off. The Bluetooth chip in all iPhones has no way to digitally sign or encrypt the firmware it runs, researchers have now developed a method to exploit the lack of security on the chip and run malicious firmware allowing the researchers to track the iPhone’s location or run new features.
In a recently published paper, the researchers studied the risk posed by chips running in a low-power mode that allows chips responsible for NFC, ultra-wideband, and Bluetooth to run in a more that can remain active for 24 hours after a device is turned off.
Sen. Rand Paul (R-Ky.), a fierce protector of freedom and privacy, says it is time to ban federal agencies from being able to track Americans’ behavior by buying their cell phone location data from commercial vendors.
“When the government is trying to snoop on your behavior, it’s wrong, and there should be laws against it,” Paul told the “Just the News, Not Noise” television show in an exclusive interview aired Wednesday night.
Paul’s comments came after newly released government documents revealed that the Centers for Disease Control and Prevention (CDC) tracked Americans’ compliance with pandemic lockdowns by buying and monitoring their cellphone geospatial data from commercial vendors.
Such data is collected on each American from apps they use on their smart phones and sold by third-party brokers unless a user explicitly opts out of such collection for each app. Increasingly, law enforcement and other government agencies have been acquiring the data for official work, though the CDC was the first publicly disclosed use to track private Americans’ health behavior.
The data also was bought and used by the election integrity group True the Vote to identify people suspected of illegally collecting ballots in the 2020 Georgia election, a revelation that has prompted a formal investigation by the Georgia Secretary of State’s office.
The Centers for Disease Control and Prevention (CDC) bought access to location data harvested from tens of millions of phones in the United States to perform analysis of compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation, according to CDC documents obtained by Motherboard. The documents also show that although the CDC used COVID-19 as a reason to buy access to the data more quickly, it intended to use it for more general CDC purposes.
Location data is information on a device’s location sourced from the phone, which can then show where a person lives, works, and where they went. The sort of data the CDC bought was aggregated—meaning it was designed to follow trends that emerge from the movements of groups of people—but researchers have repeatedly raised concerns with how location data can be deanonymized and used to track specific people.
The documents reveal the expansive plan the CDC had last year to use location data from a highly controversial data broker. SafeGraph, the company the CDC paid $420,000 for access to one year of data to, includes Peter Thiel and the former head of Saudi intelligence among its investors. Google banned the company from the Play Store in June.
Apps that deal with some of the most sensitive and personal data, such as that concerning a user’s mental health or religious activities, are said to rank among the worst privacy offenders.
This is the conclusion of a study conducted by the Mozilla Foundation, which singled out mental health and prayer apps as being prone to track and collect data revealing a person’s state of mind, feelings, and thoughts, and then “share” that for-profit via targeted advertising.
Mozilla’s team looked into 32 apps from this category, putting a “privacy not included” label on 29, and publishing the findings in a guide of the same name. 25 of these apps didn’t pass the foundations’ minimum security standards around password quality and handling of security updates.
PTSD Coach, developed by the US The Department of Veterans Affairs, has “strong privacy policies and security practices,” while chatbot Wysa “seems to value users’ privacy.” And the Catholic prayer app Hallow was the only one to “respond in a timely manner” to Mozilla’s emails.
Besides these technical issues, the apps singled out in the report are also said to target “vulnerable users with personalized advertisements” and track and share biometric data.